Jabber for Iphone/Android Encryption Methods Inquiry (messaging only)

RevZempoe · ‎05-23-2014

Primarily I'm concerned with the encryption methods available with Jabber for Iphone, but I figured I'd lump android in as well. My primary concern is that messaging is required to be HIPAA compliant. Can anyone point me in the direction to the documentation that explains the encryption methods for Iphone Jabber? Thanks in advance.

Jason Aarons · ‎05-24-2014

I had assumed it was SSL/TLS based on Wireshark. I've had to disable TLS via the jabber-config.xml to do lab testing/troubleshooting previously.

http://www.cisco.com/c/en/us/products/collateral/unified-communications/jabber-iphone/data_sheet_c78-690385.html

Cisco Jabber IM for iPhone lets you collaborate securely - even with colleagues outside your organization. The application uses the widely accepted Extensible Messaging and Presence Protocol (XMPP) Internet and presence IM standard that supports communication with networks outside your organization. You are ensured of communication privacy with user authentication and either 128-bit SSL or 256-bit Advanced Encryption Standard (AES) encryption.

http://www.cisco.com/c/en/us/products/unified-communications/jabber-extensible-communications-platform-xcp/jabber_faq.html

Q: How secure is Jabber XCP?
A: Jabber XCP is secure enough to support compliance regulations such as the Securities Exchange Commission (SEC) and Health Insurance Portability and Accountability (HIPAA). Jabber XCP security is used and trusted by the U.S. federal government.

It adheres to various accepted security industry standards including SSL, Transport Layer Security (TLS), HTTPS, and Simple Authentication and Security Layer (SASL). Jabber XCP is also flexible enough to be deployed in environments with highly customized security methods, means, and integration requirements.