SECFONE government
Enterprises & government offices
Secfone Industrial
Remote management solutions
Secfone Business
For business users
Secberry
Secfone for Blackberry
About MVCN
The patented MVCN-PROCEDURE is a manageable virtual closed network that enables a fully secure closed communication between devices operating by MVCN-system blocking the possibility of intrusion completely.

There are three main ways of secure communication inside MVCN:

  • the data channel is encrypted with a 448-bit Blowfish CBC-algorithm which makes the encryption/decryption process fast,
  • while the control (identification) channel uses 2048 bit RSA encryption
  • and the identification of the devices is carried out by 1024 bit RSA encryption

Communication between certain devices shall be allowed by the system of MVCN only after accomplishing the identification and authentication of the devices as well as the users by the MVCN-server. Only data needed for the authentication of devices and users shall run to the server; thereafter the system uses a peer-to-peer connection for communicating between the devices, there is no central network hub allowing potential eavesdroppers to aim a single point of attack.

MVCN-architecture
 
While the basic purpose and many of the usage scenarios are similar to virtual private networks (VPN) – i.e. an encrypted tunnel is used to secure private information transmitted over public TCP/IP networks –, the MVCN technology offers a number of benefits that make it a clear winner is certain situations.

The main difference from a VPN is that while there is a central MVCN authentication server, the encrypted data traffic does not have to flow through a central choke point, like with a VPN; on the contrary, the MVCN clients communicate directly, in a peer-to-peer (P2P-) fashion. (Strictly speaking, it is possible to use an MVCN proxy server within the MVCN network, if the MVCN clients cannot reach each other with global addresses, but it is not a requirement.)

Furthermore, all current MVCN devices include some sort of cryptographic hardware (a Trusted Platform Module or a similar, encrypted microSD card) to raise the level of security.
This architecture solves a number of problems traditionally associated with VPNs:

  • The central point (VPN router/concentrator) does not become a bottleneck or choke point;
  • The throughput of the private (encrypted) network is not dependent on the central point, it is perfectly and linearly scalable;
  • A hardware-based solution is inherently more secure than any software-only solutions.

MVCN key exchange

MVCN devices use 2048-bit RSA for server authentication/key exchange and 1024-bit RSA for peer authentication/key exchange. The data communication is encrypted with 448-bit Blowfish CBC.
 
Private keys are never shared and the TPM/cryptocard is used when negotiating the encryption keys (by default, encryption keys are changed every 5 minutes but this interval can be modified)

MVCN is a closed system regarding authentication. Keys can only be requested and granted by the MVCN server, not other peers. Keys are only kept for the length of the call and then are thrown away.

Our company has a family of MVCN-based products, optimized for different tasks. Regardless of their various designs and speeds, the essential operation of these devices is the same and perform the same role – the MVCN client – in the MVCN network.
 

Security
Downloads
Company | Navayo | Product | Principles | Downloads | Distributors | Contact | Terms of use | Privacy Policy
Secfone AG, Liechtenstein
info@secfone.com
+49 2159 9297909
Copyright © 2010 Secfone AG, Lichenstein. All rights reserved.
Websolution: Trigon Webdesign Ltd.  |  Design by Hellodesign