General Dome FAQ’s

What is Koolspan Dome?

KoolSpan Dome is an exclusive deployment model that provides secure communication solutions into any on-prem workspace, even enclosed from the public internet. Within this workspace, the employees, including those working remotely, offsite or from home, can use KoolSpan’s secure communication tools (via KoolSpan Chat APP) to ensure their data are fully protected from any infiltration and malware.

Does KoolSpan Dome protect my phone from malware or hacking?

Yes. KoolSpan secures mobile communications over the air. In addition, by leveraging the exclusive KoolSpan Dome deployment model, the full protection against malware and spyware at rest on the device can be achieved.

Can KoolSpan Dome be integrated with existing infrastructures?

Yes. KoolSpan Dome is designed to be integrated with existing Enterprise or Government systems, already supporting corporate systems such as Active Directories, EMM, and MDM platforms. With KoolSpan Dome, the users can access all the corporate services (e.g., e-mail, intranet, shared network drives and security gateways to the WEB, etc.) and securely communicate through KoolSpan.

Can my data be intercepted or decrypted?

All communications via KoolSpan are end-to-end encrypted. Calls, messages, and files are encrypted by the sender and decrypted by the receiver. Moreover, KoolSpan Dome ensures the isolation of the backend system, so that neither KoolSpan nor any other unauthorized entity can access any of the exchanged contents or keys.

Does KoolSpan or anyone store calls and messages?

No. KoolSpan solution prevents any kind of storage or decryption of calls, messages and files. Messages and files are stored, encrypted, on the backend only for time necessary to the deliver to the recipient. Also, KoolSpan Dome’s deployment model, prevents external access to such backend.

How does KoolSpan Solution handle metadata? And how this is different from consumer messaging applications?

KoolSpan provides the full infrastructure to be owned and managed by the customer. This ensures direct control over metadata. Neither KoolSpan nor any other entity has access to service metadata. Differently from “consumer” messaging applications that generate business on the metadata, KoolSpan guarantees the full ownership and control of any data, including service metadata, to the customer.

Can KoolSpan Solution be used when working from home?

Yes, the user can connect with other user’s within the Dome system from everywhere, including from home. The security provided by KoolSpan solution ensures that your communication data are fully protected during your work from home.

Does KoolSpan Solution require a data connection?

Yes. KoolSpan solution is IP-Based and requires a data connection of any kind (2G or higher and Wi-Fi). However KoolSpan Dome is designed to operate without any opening to the public unsafe internet. Specifically KoolSpan Dome is compatible with any market solutions for VPN, firewall, APN.

How can I improve KoolSpan service in locations with poor network conditions?

KoolSpan solution automatically adapts to work in Low Bandwidth Mode, supporting low 2G coverage or satellite network coverage. Low Bandwidth Mode optimizes bandwidth consumption, providing reliable communications, sometimes at the expense of the audio quality.

Which kind of encryption KoolSpan supports to protect secure communications?

KoolSpan’s encryption is based on PKI authentication for peer-to-peer communications, a standards-based solution, leveraging device-unique asymmetric RSA2048 keys and certificates. Once the communication is established, a symmetric session key is derived from the PKI keys through Diffie-Hellmann algorithms and used as the seed of a chain of per-packet keys. This session key is unique and used only once. The per-packet keys are regenerated at least every 200ms and used to encrypt each VOIP packet or message segment. AES-256 in GCM mode is the symmetric algorithm used to encrypt the peer-to-peer communications. More in details:

  1. User’s PKI Key Pair is generated in the device keystore when TrustCall APP is installed on a device (RSA-2048 Algorithm)
  2. The Private Key is never exposed outside the keystore, while Public Key is shared with the system (TMS) to be provided to other users to enable the secure communications.
  3. A Symmetric Session Key is generated between users when a secure communication channel is setup (Ephemeral Diffie-Hellman-2048 Algorithm) and destroyed once the session ends
  4. A series of Symmetric Per-Packet keys are generated from the Session Key, each of one used to encrypt/decrypt a single packet in the secure communication flow (AES-GCM 256 Algorithm) and destroyed right after.