VoiceXML 2.1 Development GuideHome  |  Frameset Home
  Cache Manager API  |  TOC  |  VoiceXML 2.1 Tutorials  

Security Information

Got security concerns? Who doesn't? When designing an application that contains sensitive data, questions about security will doubtlessly arise. Here, we will address the most common questions that we see developers ask so that there will be little doubt as to Voxeo's capabilities.


Session State and Encryption

The first and foremost thing to keep in mind is that our platform provides the "client user interface" or "browser" side of the IVR call. In our platforms, each call represents a unique browser instance.  For each call/browser instance, you can set cookies, append url parameters, or use any other web application session management technique.  These cookies and parameters are unique to each individual call/browser instance.

In addition, every call to and from our platform is assigned a unique session id. This session ID is a GUID (Globally Unique ID) you can also use within your web and back-end session management implementation.

We provide this GUID both as a url parameter on the first request to your web back-end, and also as a variable the ccxml/voicexml/callxml code you return from your web back-end can refer to at any time. The first request also includes the caller id and called id (or DNIS) associated with the call, as demonstrated below:

http://www.myphoneapp.com/app.jsp?
session.callerid=14075551212&session.calledid=18005558888&session.sessio
nid=a7b4f6g3d912de9ba0c9d6a3b...

As a result, you can always know what session an http request is associated with using standard web application session management techniques (cookies or web back-end generated url session parameters) or by using our browser-side session GUID and session variables.

Once session management and identification are in place, you can then use per-session PIN codes to manage access. We have customers who use both techniques, including US government and military agencies requiring the highest degrees of information security.  We advise our customers to use whichever technique best suits their application and development environment.

What about SSL?

In VoiceXML and CallXML, each SSL session is also unique to the browser instance it was initiated from.  The same is also true in CCXML.  In addition to SSL, Voxeo also supports IPSEC VPN connectivity from our IVR hosting facilities to the enterprise web server. At this layer, the information security solution does not know about sessions; however, it is a good technique to combine with session-layer encryption and management for companies desiring the highest grade of information security.

Alternatively, dedicated frame relay connections from our sites to  yours are also available.  These connections provide both information security and reliability enhancements over standard internet connections.



  ANNOTATIONS: EXISTING POSTS
jaty613
11/20/2008 9:20 AM (EST)
hello word
voxeojeff
11/20/2008 9:26 AM (EST)
Hi there jaty613,

Did you have a question about SSL, or any other internet security protocols?  We're happy to assist with any inquiries you may have, so just let us know! :-)

Best regards,
Jeff

login
  Cache Manager API  |  TOC  |  VoiceXML 2.1 Tutorials  
© 2008 Voxeo Corporation  |  Voxeo IVR  |  VoiceXML & CCXML IVR Developer Site