BuddyTalk – Business Grade Security

The BT100 has taken measures to ensure that the security on both internal and external communications paths is sufficient to achieve business-grade security. For external communications, the device uses multi-level security to address security needs for all communications including message exchanges, voice commands, SIP signaling, and voice media packets. The BT100 uses HTTP2 to communicate with Amazon AVS servers and HTTPS with other AVS-related sites (e.g. for audio streaming), TLS for VoIP signaling, SRTP & ZRTP for media packet exchanges, and a TLS-based secure tunnel to communicate with the InnoCloud^TM back-end servers. It further supports an IPsec VPN tunnel network overlay for enterprise network traversal for voice and signaling traffic to ease the task of VoIP deployment.

Multi-level Security Design

In terms of internal embedded system security, the BT100 supports HTTPS-based provisioning, image upgrade with encrypted and signed firmware to prevent unauthenticated or unauthorized firmware image downloads, disables unused services and ports to prevent port scans, and uses device dependent passwords to prevent and minimize password compromise damage. For cases where device certificates are required (e.g., SIP TLS, TLS tunnel, or HTTPS with mutual authentication), the BT100 uses chained device-dependent certificates for maximum security.