Cisco 7906G Administration Manual page 46

Understanding Security Features for Cisco Unified IP Phones
Table 1-3 Overview of Security Features (continued)
Feature
Manufacturing installed certificate
Secure SRST reference
Media encryption
Signaling Encryption
CAPF
Cisco Unified IP Phone 7906G and 7911G Administration Guide for Cisco Unified CallManager
1-14
Chapter 1
Description
Each Cisco Unified IP Phones 7906G and 7911G contains a
unique MIC, which is used for device authentication. The
MIC is a permanent unique proof of identity for the phone,
and allows Cisco Unified CallManager to authenticate the
phone.
After you configure a SRST reference for security and then
reset the dependent devices in Cisco Unified CallManager
Administration, the TFTP server adds the SRST certificate to
the phone cnf.xml file and sends the file to the phone. A
secure phone then uses a TLS connection to interact with the
SRST-enabled router.
Uses SRTP to ensure that the media streams between
supported devices proves secure and that only the intended
device receives and reads the data. Includes creating a media
master key pair for the devices, delivering the keys to the
devices, and securing the delivery of the keys while the keys
are in transport.
Ensures that all SCCP signaling messages that are sent
between the device and the Cisco Unified CallManager
server are encrypted.
Implements parts of the certificate generation procedure that
are too processing-intensive for the phone, and it interacts
with the phone for key generation and certificate installation.
The CAPF can be configured to request certificates from
customer-specified certificate authorities on behalf of the
phone, or it can be configured to generate certificates locally.
An Overview of the Cisco Unified IP Phone
OL-10008-01