Services & Solutions

SIP Encrypt – Protection for SIP Trunking

  • Description
  • Integrity
  • SAFE-Gateway
  • Quiz

SIP Encrypt

Ask any business leader whether they would be concerned if their confidential business plans discussed over the phone with a colleague were wire-tapped then the resulting answer would probably be “YES!” We recommend our SIP Encrypt service to any organisation who deals with confidential or sensitive information over the telephone. This includes but is not limited to any Enterprise organisation, Businesses operating in manufacturing, Healthcare or other services handling sensitive personal information, the Financial Sector, Contact Centres and Retail. Any business taking card payments over the phone where card data is handled must comply with PCIDSS requirements and calls must be secured.

Data and Voice, Voice is Data

Every business understands the need to secure business data, and most will have invested in security appliances such as firewalls and intrusion detection systems, to build a network border and protect against business disruption events or intellectual property theft. Today’s voice networks run over the top of IP networks and this means voice is an application to protect. To speak with a specialist please complete the form below.


Customers taking advantage of our SIP Encrypt service enjoy complete peace of mind knowing that calls connected to our network are fully encrypted and eavesdrop proof. When the Internet or even private MPLS lines are used to make and receive calls, these calls are vulnerable to remote access wire-tapping unless steps have been taken to prevent this.

Voice security Solution from

Our SIP Encrypt service protects voice calls in the same way that websites use https, – ‘padlocked’ sessions to encrypt sensitive visual data. Our solution includes a security appliance which works in a similar way to an encrypting firewall or VPN concentrator. Voice calls from the PBX are sent via the appliance to our network switch, safeguarding your conversations against unilateral call recording or eavesdropping.

ISO27001 Information Security compliance

The ISO Standard for Information Security Management is ISO27001. The information security management system considers people, processes and IT Systems. Voice security is an important consideration to fit in to your Information Security policy and SIP Encrypt is the ideal best practice solution to protect calls in your business, while still allowing benefits from converged telecommunications.


The Secure Access For Enterprise – Gateway or SAFE-Gateway is a customer-site device deployed between a PBX and the WAN circuit connecting to The SAFE-Gateway encrypts all communication from the PBX to thus protecting against eaves dropping or unsolicited call recording. The SAFE Gateway is always deployed with SIP Encrypt and is available in a varity of sizes to meet customer requirements. This includes a virtualised option. The SAFE -Gateway can also be used as the on-site Session Border Controller required by some phone systems when SIP Trunking is implemented. For example: Cisco Call Manager or Avaya Aura. The SAFE Gateway is a low cost device and our Network Operations team continuously monitor the health of our deployments.

How does it work? – the technical bit.

There are two main transmission protocols used on the Internet. These are UDP and TCP. UDP is a basic service where datagrams can be routed around the internet. TCP is a bit more advanced and is used where there is a dataflow requirement between systems – for example between a website and a web browser. TCP handles re-transmissions and helps with packet loss. SIP is the call signalling protocol and its job is to to set up phone calls. The SIP protocol is fairly chatty between the server and the phone system and already has an inbuilt packet loss protection method. Each message fits nicely within a UDP frame and for this reason the use of UDP is very common with SIP. The voice part of a call with VoIP is known as media, or RTP – Real Time Transport Protocol. The RTP frames fit nicely within a UDP datagram, and for this reason UDP is commonly used to transport RTP. Unfortunately SIP/UDP is very easy to decode and once the SIP is decoded, the RTP media streams can easily be picked out. TLS – Transport Layer Security is a certificate authenticated TCP based protocol that if if used with strong cyphers, can fully encrypt the contents of a SIP Session.  A SIP session that is protected with TLS means that the keys necessary to set up an encrypted media stream can be exchanged without eavesdropping. The RTP of a voice call and be converted to SRTP – Secure Real Time Transport protocol.

SIP Session Border Controller – SIP session Border Element

The Safe-gateway sits next to the PBX. It receives a SIP over UDP (or SIP/TCP) session and protects the call by converting to SIP/TLS between the gateway and’s network. RTP is converted to SRTP using very strong cyphers. The Safegateway is a SIP session Border Controller that is always configure to encrypt SIP calls. It is possible to have a SIP Session Border Controller that carries out a slightly different function and has nothing to do with voice encryption. Although some phone systems have started to support TLS and SRTP, implementation can be very problematic and complex. Troubleshooting SIP problems over a TLS link can be very hard simply because the messages can’t be read. Our SIP Encrypt solution comes with our safe gateway because installation times are short, installations are easy, we fully monitor the device and we are a compliance driven organisation. Our Safe-gateway SBC is bundled with our SIP Encrypt service. Datasheet download


As a PCIDSS level-1 Service Provider,’s SIP-Encrypt-PCI service protects against card data theft through anti-eavesdropping technology. Our SAFE-Gateway device disables insecure transmission methods and offers customers ultimate peace of mind when connecting to our network. The PCIDSS (Payment Card Industry Data Security Standard) is a strict set of requirements specifically targeting cardholder data. It covers the processing, storage and transmission of cardholder data and specifically mandates the encryption of sensitive data. Voice calls can contain cardholder data in the transmission part and therefore voice calls must be protected.

DTMF and non voice data within a telephone call

It is common place to use the key buttons on a telephone handset to assist in routing calls. Some systems, such as payment contact centres collect key presses – or DTMF tones to collect card holder data, identify customers and match pin numbers. This type of data is very easy to collect and this data is present in the telephone call and therefore must be protected. Service activation is simple – To learn more about our SIP Encrypt service and how it integrates into your environment, please contact a member of our specialist business development team.

Test yourself on how well you understand SIP Encrypt and VoIP

RSS Tech News


Administration Office
St. Edburg's Hall
Priory Road
OX26 6BL

Phone 01869 222500

Find Us

This is a unique website which will require a more modern browser to work!

Please upgrade today!