Encryption and EngageOne™ Communicate chatbots

In EngageOne™ Communicate, you can protect sensitive data received from a user during a live conversation by encrypting it. This applies to:

  • Replies to questions that ask for sensitive data. The encrypted replies are held in variables for the duration of the session (conversation).
  • Transcripts of conversations (if Analytics is enabled).
  • System log files.
Note: Encrypting the same text with the same key will always produce a unique encrypted value.

Overview

You can choose to apply encryption to specific Question interactions. When a Question interaction requests answers that contain sensitive data then you can encrypt all replies to this question. All the other interaction types have access to the reply in the usual way. For example if a Message interaction sends text to the user like this:

To confirm, your policy number is {policyNumber}?

Then the variable policyNumber will always show the encrypted value. To include the unencrypted value in a message, you need to decrypt the value first:

To confirm, your policy number is
      {system.decrypt(policyNumber)}?

Setting up the encryption key

  1. Create and save the bot.
  2. Click Bot Settings, then go to the Details tab.
  3. In the Encryption Key field, enter a maximum of 32 alphanumeric (any combination of letters, numbers and punctuation). This string will be encoded as the encryption key. A longer string, for example 32 characters, will create a stronger encryption key. You do not need to remember this string or make a record of it.
    Note: The same string, even if used multiple times, will always provide a unique key.

The encryption key applies to all the environments to which the bot is deployed. The key will be removed when you export or import a bot. The key is never displayed anywhere.

Encrypting Question interactions

Once you have set up the encryption key for the bot, you can encrypt specific Question interactions:

  1. In a Question interaction that requests sensitive data, go to the Advanced tab.
  2. Select the Encrypt Answer checkbox. This will apply encryption to all the responses for this question.

    The checkbox is unavailable if you have not yet set up the encryption key.

    Note: You cannot track the answers to encrypted questions.

Updating the encryption key

The encryption key is stored securely in the EngageOne™ Cloud. It is not displayed anywhere in Designer, and it is not possible for Communicate users to obtain the encryption key. Each encryption key is unique even if you enter the same string multiple times in the Encryption Key field.

However you can change the encryption key if you wish:

  1. Make sure that there are no live sessions. Changing the encryption key while a session is in progress may result in the loss of data already encrypted during that session.
  2. Click Bot Settings, then go to the Details tab.
  3. Click Update Key (to the right of the key).
  4. Enter a string (maximum 32 characters) as the basis of the new encryption key, then click Save.

Removing encryption

You can remove encryption from a bot. Questions that previously encrypted their answers will no longer do so. However existing data in the logs and transcripts will remain encrypted. To remove encryption, follow the steps above for Updating the encryption key.

Passing encrypted data to third-party systems

You can use an Action interaction of type REST to passed encrypted data to another system.

You pass the data in the body of the POST call in the usual way. For example, like this:

{{policyNumber}}

To decrypt the data before sending it, use the system.decrypt() method. For example:

{{system.decrypt(policyNumber)}}

To encrypt data that is not already encrypted, use the system.encrypt(variable) method.