2

I work for an insurance broker that sometimes has to share our customer calls with the insurance company we are underwriting for.

Generally this means retrieving the call from our call recording system and send this encrypted on a CD, recorded delivery to the insurance company for them to listen to.

Is there an easier and secure solution that I can share the audio file with them via a webpage where they can stream the audio and then I can remove the audio file once this has been played?

I need the highest level of security on this as I am sharing customer information.

TildalWave
  • 10,801
  • 11
  • 46
  • 85
Lynchie
  • 123
  • 3
  • Exactly what are you trying to control? Unauthorized duplication? Unauthorized disclosure? We could advise a soundproof room for listening, with all electronic devices removed for the first instance, or compare the risks of a web server to an encrypted CD. – atk Feb 27 '14 at 14:22
  • This is a tough work and we can only support you with generalities. This really need a security expert, a security design, knowing the regulations... As I suggest you in my response, hiring a security consultant for your specific case is the best. – kiBytes Feb 27 '14 at 14:35
  • I wonder if you could do something like Netflix. Use silverlight or whatever to enforce DRM protections (so it can't be ripped) and then only publish the content you want, remove it when you want to as well... – CtrlDot Feb 27 '14 at 17:39

2 Answers2

0

Streaming over a webpage might not be a good solution. Because a web page can be accessed by multiple users at same time and if you are streaming data over it, There are chances that anyone can get access to it.

In my view a simple web solution could be using SFTP to transfer your files. But that again at the same time did not solve your problem to remove the audio file once this has been played. Because the other user will have a copy on there machine after file transfer.

But if that's not compulsory SFTP would help you.

Rajesh Dhiman
  • 105
  • 3
-1

I see this quite difficult, a simplification might be (for maximum security sharing):

  1. Build a web page over HTTPs with an user home. (User-Password protected).
  2. Get your clients generate a key pair, they store their public key in their home.
  3. For each request you cypher the audio file with its public key and you sign it with your private key.
  4. For each request you provide a link in their "audio files" in their user home so they can download the files.
  5. Make the link available for one download or an amount of time (I am not sure if this is mandatory).
  6. Give them a tool so they are able to decrypt the audio file and compare the signature.
  7. HIRE A SECURITY EXPERT so he can help you with the security stuff and he can audit your development. - This is the most important part -

Of course then you need to take care of the whole background... How you store your files, how you manage them, key management... Also you will need to educate your clients to properly manage that data.

If you need maximum security, you really need to hire a security consultant.

kiBytes
  • 3,470
  • 16
  • 26