Encryption and Converse bots

In Converse, you can protect sensitive data received from a user during a live conversation by encrypting it. This applies to:
  • Replies to questions that ask for sensitive data. The encrypted replies are held in variables for the duration of the session (conversation)
  • Transcripts of conversations (if Converse Analytics is enabled)
  • System log files
Note: Encrypting the same text with the same key will always produce a unique encrypted value.

Overview

You can choose to apply encryption to specific Question interactions. When a Question interaction requests answers that contain sensitive data then you can encrypt all replies to this question. All the other interaction types have access to the reply in the usual way. For example if a Message interaction sends text to the user like this:

To confirm, your policy number is {policyNumber}?

Then the variable policyNumber will always show the encrypted value. To include the unencrypted value in a message, you need to decrypt the value first:

To confirm, your policy number is {system.decrypt(policyNumber)}?

Setting up the encryption key

  1. Create and save the bot.
  2. Click Config and then go to the Details tab.
  3. In the Encryption Key field, enter a maximum of 32 alphanumeric (any combination of letters, numbers and punctuation). This string will be encoded as the encryption key. A longer string, for example 32 characters, will create a stronger encryption key. You do not need to remember this string or make a record of it.
    Note: The same string even if used multiple times will always provide a unique key.
The encryption key applies to all the environments to which the bot is deployed. The key will be removed when you export or import a bot. The key is never displayed anywhere in Designer.

Encrypting Question interactions

Once you have set up the encryption key for the bot, you can encrypt specific Question interactions:

  1. In a Question interaction that requests sensitive data, go to the Advanced tab.
  2. Select the Encrypt Answer checkbox. This will apply encryption to all the responses for this question.

    The checkbox is unavailable if you have not yet set up the encryption key.

    Note: You cannot track the answers to encrypted questions on the Converse Dashboard.

Updating the encryption key

The encryption key is stored securely in the EngageOne Cloud. It is not displayed anywhere in Designer, and it is not possible for Converse users to obtain the encryption key. Each encryption key is unique even if you enter the same string multiple times in the Encryption Key field.

However you can change the encryption key if you wish:

  1. Make sure that there are no live sessions. Changing the encryption key while a session is in progress may result in the loss of data already encrypted during that session.
  2. Click Config and then go to the Details tab.
  3. Click Update Key.
  4. Enter a string (maximum 32 characters) as the basis of the new encryption key and then click Save.

Removing encryption

You can remove encryption from a bot. Questions that previously encrypted their answers will no longer do so. However existing data in the logs and transcripts will remain encrypted. To remove encryption: follow the steps above for Updating the encryption key.

Passing encrypted data to third-party systems

You can use an Action interaction of type REST to passed encrypted data to another system.

You pass the data in the body of the POST call in the usual way. For example, like this:

{{policyNumber}}

To decrypt the data before sending it, use the system.decrypt() method. For example:

{{system.decrypt(policyNumber)}}

To encrypt data that is not already encrypted, use the system.encrypt(variable) method.