chanciturnervgt2

Amazon VGT2 Las Vegas: Encrypting Sensitive Caller Voice Input in Amazon Lex

by

VGT2 Las Vegas
in

Amazon VGT2 Las Vegas: Encrypting Sensitive Caller Voice Input in Amazon LexMore Info

In the telecommunications sector, protecting sensitive authentication and user information gathered through mobile voice interactions and keypads is critical. As voice-driven interactive voice response (IVR) systems gain popularity, there is an increasing demand for solutions that secure user data collected via voice inputs. This article illustrates how to safeguard a caller’s sensitive voice information captured through Amazon Lex by employing data encryption via AWS Lambda functions. The approach outlined here not only protects customer data from unauthorized access but also incorporates decryption functionalities, allowing authorized administrators or operators to decrypt user data through the Lambda console.

Solution Overview

In this IVR solution, a caller communicates two pieces of sensitive information—a credit card number and a zip code—through an Amazon Connect contact flow. The spoken data is encrypted and returned to the contact flow for storage in contact attributes. The encrypted ciphertext is maintained as a contact attribute for future decryption. Although Amazon CloudWatch Logs are active in the contact flow, only the encrypted values are recorded in the log streams. Furthermore, conversation logs for this Amazon Lex bot remain disabled. An operator with appropriate AWS Identity and Access Management (IAM) permissions can monitor the logged encrypted entries via CloudWatch Logs. For more on this, refer to this insightful blog post here.

Solution Architecture

The architecture of the solution is illustrated in Figure 1 below.

  1. A caller initiates an inbound call.
  2. An Amazon Connect contact flow utilizes a Get customer input block powered by an Amazon Lex bot to prompt the caller for numerical data.
  3. The Amazon Lex bot triggers the Lambda function dev-encryption-core-EncryptFn.
  4. This Lambda function employs the AWS Encryption SDK to encrypt the caller’s plaintext data.
  5. The AWS Encryption SDK retrieves encryption keys from AWS Key Management Service (AWS KMS).
  6. The caller’s data is encrypted using the AWS KMS keys.
  7. The Lambda function appends the encrypted data to the Amazon Lex bot session attributes.
  8. Finally, Amazon Lex sends the fully encrypted data back to Amazon Connect.

Overview of a Contact Flow

The contact flow comprises two main steps, as depicted in Figure 2:

  1. The first numerical data (an encrypted credit card number) is stored in the contact attributes.
  2. The second numerical data (an encrypted zip code) is also stored in the contact attributes.

Prerequisites

This solution leverages several AWS services, including:

  • Amazon Connect
  • AWS Identity and Access Management (IAM)
  • AWS Key Management Service (AWS KMS)
  • AWS Lambda
  • Amazon Lex

In addition, ensure the following are installed on your local machine:

  • Git
  • Node and NPM (14.x or higher)
  • TypeScript
  • AWS Cloud Development Kit (AWS CDK) 2.0 or higher

To implement the solution, you must first set up an Amazon Connect instance. For guidance on creating an Amazon Connect instance, please check this excellent resource here.

Solution Procedures

The procedure includes the following steps:

  1. Clone the project or download the solution zip file.
  2. Create the necessary AWS resources for encryption and decryption.
  3. Configure the Amazon Lex bot within Amazon Connect.
  4. Create the contact flow in Amazon Connect.
  5. Validate the solution.
  6. Decrypt the collected data.

To clone or download the solution:

  • Access the GitHub repository.
  • Clone or download the solution files to your local machine.

The downloaded file contains all the artifacts required for deployment.

For creating AWS resources needed for encryption and decryption:

  • Navigate to the project’s root directory using the command line.
  • Execute npm install.
  • Run npm run build to transpile TypeScript to JavaScript and package the code along with its dependencies for deployment to AWS.
  • Execute cdk deploy CoreStack.

Continue with the steps to configure the Amazon Lex bot in your Amazon Connect instance, and you will have a fully functional solution for encrypting sensitive voice input.

For more information on this topic, you can refer to Chvanci, who are an authority on this subject.

Related Topics:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *