Richard: Why is it necessary for calls over the digital mobile network to be encrypted?

Rodolfo: Historically telephone calls were routed through large telephone companies. These companies often had national monopolies and sometimes local legislation restricted which employees could access the content of a live conversation. Now we have a proliferation of telecom companies, both small and large, and a lot more international calls passing between them. This makes it hard to be sure who might have access to a live call. In addition, the technology has changed. Calls are no longer routed through closed networks, but often join ordinary traffic on the Internet. As a result voice calls can no longer be considered secure, which is why encryption is becoming a requirement.

Richard: Who is this an issue for?

Rodolfo: It's a problem which could affect anyone, but is becoming critical for government and corporate users. These people often make calls that contain sensitive information.

When these organizations allow their employees to connect to data inside the corporate firewall, they use a VPN or other form of secure connection, where the data is encrypted. The content of a voice call may be even more sensitive than that of an email or other message. A traditional method of dealing with voice calls was to audit the security of the route taken, but this is no longer possible.

So encryption of the voice call at the source and destination is becoming a necessity.

Richard: Who are your initial target customers?

Rodolfo: Initially we are targeting those organizations that can evaluate the cost of a call being intercepted. A typical example of this type of organization would be an investment bank. If information in a call relating to an acquisition or merger were to leak, it's easy to place a value on the securing that information. Government presents a different opportunity. Their calls may not have a monetary risk, but these customers often understand the issues with intercepting calls; if only because their security branches do this all the time. We believe these will be the early adopters.

Beyond that there are also applications in all sorts of area. For example in the consumer to business space, again probably orientated towards the financial sector. Here a customer will want to be able to talk to their bank confident in the knowledge that the call can't be overheard, very much in the same way their information is secure when they use their bank's web site.

Richard: Why have you chosen S60 and Symbian OS as your initial implementation platform?

Rodolfo: Originally we decided to build our technology for both Symbian OS and Microsoft. Symbian OS and S60 became our preferred initial implementation platform for a number of reasons. Firstly, Symbian OS offers some challenges for first time developers, so we felt that by concentrating on this platform we would get ahead of our competitors. Given the volume of S60 devices shipping this is an important advantage. Secondly, our analysis suggests that Symbian OS offers a much more secure platform when compared to Windows Mobile. Symbian OS allows us to achieve a much higher level of security. In fact we have heard that one of our competitors has had to create their own version of Windows Mobile to just get close to the security we can offer on S60 devices.

In the future we do expect to address Windows Mobile as well. We have also looked at Blackberry, but there are some challenges here too.

Richard: Does this mean your technology is written in Java?

Rodolfo: No, the encryption engine is written in C and abstracted away from the platform APIs.

Richard: When you talks about the challenges of developing for Symbian OS, what do these entail for your technology?

Rodolfo: I believe Symbian OS has been primarily designed to serve the needs of handset manufactures, at least from a hardware perspective. If you are developing for Windows on a PC you can know a lot about the underlying hardware. In the Symbian world you know a lot about the OS, but getting information about the hardware is difficult because of trade secret issues. Our application taps directly into the hardware, to intercept and encrypt or decrypt each packet of voice data. Using the high level Symbian OS APIs would simply not give us the performance we needed to achieve this; we need to get into the hardware. So building for Symbian OS is tricky.

Richard: Talking of hardware, would your solution ideally need hardware based encryption to be truly secure?

Rodolfo: The need for hardware encryption is really something that is only demanded by the military. For most other application you can achieve the required security in a software implementation. You also have to remember that hardware encryption on a device like a smartphone would probably still rely on software in the device's firmware. As a result hardware encryption would provide a false sense of security as in extreme cases the firmware could be compromised. However, as we are not aiming for the security certification demanded by the military we don't see this as an issue with software encryption.

Voylent has recently released the 2.2 beta version of their encryption application for S60. It can be downloaded from www.voylent.com.