Skip to main content
purple hex pattern
hand typing on intercom phone

Best known for its iconic triangular-shaped conference phones, Polycom transformed business communication in the early 1990s, making it easier, more efficient, and more pleasant to collaborate with colleagues and partners around the globe. The company’s brand continues to be synonymous with quality, clarity, and convenience among IT buyers. With the market for Voice over Internet Protocol (VoIP) devices growing and a portfolio of VoIP phones spanning from the desktop to the conference room, Polycom decided to enhance its phones by giving them a unique identity, making it easier to identify them on customer and service providers’ networks while thwarting would-be counterfeiters and fraudsters. How? With digital certificates and encryption keys generated and secured by Entrust nShield® hardware security modules (HSMs).

“Our VoIP devices can authenticate themselves on a network using digital certificates,” says Marek Dutkiewicz, director of product management for Polycom. “Because the certificates are issued as part of the manufacturing process, it’s easy for our customers and partners to authenticate themselves while also stopping potential counterfeiters or ‘spoofers.’ Our success is built on Entrust nShield HSMs deployed by the Entrust professional services team.”

Polycom logo
Marek Dutkiewicz, Polycom

“Entrust provided the expertise needed to design and implement a tailored, secure VoIP solution.”

Securing VoIP

VoIP has two key advantages over traditional telecommunications technology: lower costs and the potential for integration with other IP applications. However, as with other forms of Internet-based communication, there are security concerns, such as the uncertain identity of devices and persons on the network.

Traditionally, VoIP phones used passwords for identification purposes, making definite identity verification difficult and adding to setup time for end users or service providers. Moreover, this password-based process did not protect phone manufacturers from counterfeit devices.

Digital certificates overcome some of the challenges of password-based security. Unlike passwords, digital certificates are unique identifiers that allow devices to authenticate themselves and the networks they join. For example, a device with a valid certificate can verify that it is connected to an authorized server and the authorized server can check the authenticity of the device. If digital certificates are generated and distributed securely, they cannot be forged, making spoofed or counterfeit devices easy to identify.

“If phones can be ‘spoofed,’ you run the risk of fraudulently placed and inaccurately billed calls,” explains Dutkiewicz. “Polycom is committed to delivering solutions that meet the needs of our customer and partners, and security is no exception. Using digital certificates to identify phones, we can significantly reduce security risks. We realized we needed a solution that would allow us to generate certificates and a corresponding private key, place them in the phones, and maintain the system across our manufacturing process.”

Turning to the experts

After deciding on its approach, Polycom began looking for the right solution and implementation partner. The company discussed its options with several technology vendors and solution developers, but – with one exception – none offered everything Polycom was looking for: proven technology, experience with encryption key generation and digital certificate issuance in manufacturing, and the ability to develop a secure end-to-end process. The Entrust professional services team was the exception. Its team explained how Entrust nShield HSMs secure the digital certificate issuance and key generation processes. Most importantly, the team also understood how to engineer and execute upon a solution that integrated with Polycom’s manufacturing process.

“We decided to use Entrust nShield HSMs, and to implement our solution with help from the Entrust professional services team,” says Dutkiewicz. “Entrust provided the expertise needed to design and implement a tailored, secure VoIP solution.”

Marek Dutkiewicz, Polycom

“The Entrust team helped us to develop and implement a process that protects our customers’ calls and our company from counterfeiting.”

Polycom logo

Developing an effective process

To design a process that fully met Polycom’s needs, the Entrust professional services team worked closely with Polycom’s staff. Polycom explained how it wanted certificates to work within its manufacturing process, and the Entrust professional services team detailed a system that could deliver the capabilities Polycom wanted. 

Entrust consultants developed a solution that generates keys and uses a Microsoft certificate authority (CA) to sign digital certificates at Polycom’s data center in North America. All key generation and certificate signing takes place within the HSM environment. Then the keys and certificates are transferred to the Entrust nShield HSMs in Polycom’s manufacturing facility in Thailand. There the keys and certificates are stored encrypted until they are placed into a newly manufactured VoIP phone.

“We wanted to generate keys and certificates at our data center and transfer them to the manufacturing facility and into new devices securely,” says Dutkiewicz. “Entrust delivered what we asked for and needed. The Entrust team helped us to develop and implement a process that protects our customers’ calls and our company from counterfeiting.”

Secure execution

The Entrust professional services team used nShield CodeSafe, the secure execution environment within Entrust nShield HSMs, to enable end-to-end protection of the certificate and key generation, transmission, and device insertion process. CodeSafe allows Entrust nShield HSMs to execute a variety of processes within a secured environment. To take advantage of it, the Entrust professional services team wrote code that generates phone key pairs, requests certificate signing, and transmits the encrypted package to Polycom’s manufacturing facility. The team also engineered a process that initiates an encrypted secure sockets layer (SSL) connection within the HSM at the manufacturing facility and that terminates in the newly manufactured phone. This connection enables the secure delivery of keys and certificates into the phones.

“Our Entrust nShield HSMs keep the certificates and private keys that identify phones secure, and nShield CodeSafe protects the issuing process half way around the world,” explains Dutkiewicz. “We have found the process to be a very effective and secure way to include digital certificate issuance in our manufacturing process.”

A foundation for continued success

Polycom sees its Entrust nShield HSMpowered device authentication process as delivering two key bottom-line benefits to the company: reduced risk of counterfeits and increased sales opportunities.

“No matter how authentic a counterfeit device might seem, it shouldn’t be able to fool an authorized VoIP network without a valid certificate,” observes Dutkiewicz. “Entrust nShield HSMs are the foundation to the entire process – from manufacturing to everyday use. I think of them as a bank vault, but really they are more secure than that. Most importantly, of course, they benefit our customers. Customers definitely want security without hassle in their VoIP devices. We see digital certificates helping us to drive sales and increase our market share.”

Benefits of partnering with Entrust professional services

faded gray hex background
faded gray hex background
faded gray hex background
faded gray hex background
Contact Us

Fill out the form to have one of our experts contact you to discuss how nShield HSMs can enable your digital security use cases.

Image CAPTCHA
Enter the characters shown in the image.

Organizational profile

Polycom, Inc. is the global leader in telepresence, video, and voice solutions and a visionary in unified communications (UC) solutions that empower people to connect and collaborate everywhere. In today’s economy, Polycom solutions offer a rapid ROI and help customers reduce costs, increase productivity and lower their carbon footprint. To learn more about Polycom UC solutions, visit www.hp.com/us-en/poly.html.

Download Polycom VoIP Security nShield HSM Case Study