Agility Loop

Saw a couple of posts throughout the Blackberry blogosphere in relation to a product called Cellcrypt that was presented at this past WES.  Cellcrypt enables users to make secure phone calls on their Blackberry.  The calls are encrypted using AES and the product is currently undergoing FIPS 140-2 certification. I took a quick look at the tech overview on their website.  To oversimplify, Cellcrypt is essentially SSL for voice on a mobile platform.  When the client is installed, a key is generated for that phone so a key doesn't have to be installed.  Although this is certainly convenient, I wonder if it is possible to import a key or even use a smart card?  This would make this an even better solution for enterprises like DoD who already have a robust PKI. I can envision that if this works as advertised, that an enterprise could stand up the solution for their "important" mobile users.  It is not clear how the address book is managed, but as long as this is robust, why couldn't a place like DoD roll this out for the enterprise and their DoD users? Lastly, it is solutions like this that have to make you re-consider the viability of the SME-PED and other such custom secure devices.  Yes, the crypto on these devices is likely a bit more robust (and secret), but who is to say that a chip couldn't be swapped in a commercial Blackberry to enable the higher level security?  Even more so, is a solution like Cellcrypt good enough for a lot of the transactions a govt agency uses?  SSL is relied on constantly. Anyhow, love to see some more geeky details on this product.  Definitely has promise!