Logging security

If your application handles sensitive information, such as credit card numbers or passwords, it may be subject to business rules to eliminate this information in log files or in recordings. For example, you might want to omit certain prompts or user response from call logs and utterance recordings.

Voice Platform offers several parameters that provide logging security to prevent sensitive data from appearing in the logs or in utterance recordings. To summarize:

  • browser.suppressUrlLogging: When set to TRUE, prevents logging of TRANSITION and EXECUTING_URL events in call logs, and Executing events in diagnostic logs generated by Voice Browser service instances. Valid values are:
    • TRUE or true
    • FALSE or false (default)

    The TRANSITION event shows the URL being fetched as a new VoiceXML page. The EXECUTING_URL event shows the URL of the VoiceXML page currently executing. (“Executing” event in diagnostic logs.)

    _SUPPRESSED appears in the log files in place of the URL value. This suppression applies for all calls that this Voice Browser service instance processes.

    You can set this parameter in a session.xml file or on the Voice Browser service Advanced tab in the Management Station.

  • Secure context: The swirec.secure_context and switts.secure_context properties suppress information in call logs, Voice Browser service diagnostic logs, waveform recordings of user utterances or DTMF input, and whole call recordings. You can also use these properties to encrypt data rather than suppress it completely.
  • Mute whole call recording only: If whole call recording is enabled, the swirec.mute_wcr and switts.mute_wcr properties can mask a user utterance with silence in the whole call recording while still logging and recording individual utterances as normal.
  • Suppress sensitive keys in grammar URIs: When you use the SWI_vars key to pass values to a grammar, these values appear in the grammar URI in the call log. However, you can suppress these values from the log by using the swirec_sensitive_query_keys parameter to list SWI_vars values you wish to hide.
  • Partial masking: You can use ECMAScript with the SWI_safeKey key to make only a substring of the recognition result available for logging and/or application use.
  • Encryption: The swirec.secure_context and switts.secure_context properties can be set so that sensitive information is encrypted and appended to the call log. This ensures that it is hidden from most users, but can still be extracted for later analysis. In diagnostic logs, data is suppressed, not encrypted.
  • WCR encryption: The server.rtp.wcr.encrypt service property or wcr_encrypt property (set in a session.xml file) are Boolean properties that can be set to 1 (true) to encrypt the whole call recordings for entire calls.

Note: To use encryption, you must generate a public RSA key and set in the application session.xml session configuration file. See Setting up encryption for details.

These logging security methods affect call logs, waveforms, and in some cases, diagnostic logs for the Voice Browser service. See Logging security in Speech Server diagnostic logs for more information on how to suppress secure information in these logs.