MiVoice Office Application Suite - Technical Manual
Encryption & Authentication
The system has the ability to be able to encrypt and digitally sign the call recordings to prevent unauthorized access and to provide an authentication check that the file has not been tampered or altered since it was generated.
The call recording files are encrypted once a call has completed using AES 256 bit industry standard techniques. The files are written to disk with a standard WAV file header but the audio contents of the recording are encrypted. Any attempts to play a recording back directly without it being unencrypted will fail. Access to the recording WAV files is then only permitted through the supported interfaces (i.e. using the website or API components) and they all adhere to the security model enforced on the system.
Encryption is enabled on all systems by default but can be disabled if required from the Servers Settings -> SERVERNAME -> Recording -> General configuration section.
The call recording files each have their own authentication header written to the database that is generated once a call has been written to disc. This is a digital signature of the original recording that can be used to verify that a file has not been changed since it was recorded. When a user plays back a recording a digital signature is generated again on the current file and compared against the original signature stored within the database. If they match then the file has not changed since it was recorded. This can be seen on the playback page as a green tick on the top right hand corner of the timeline.
