Application Security

Customer Connection

When the customer initially loads our client's website they will also pull through the Talkative scripts which are tagged keys. Using the combination of the keys and request source url the customer can then request a session token, which is a single use, customer specific, ID for this particular communication session. The Talkative scripts will then use the session token to create a secure WebSocket and SRTP connecting the customer to the appropriate agent group. All further communication between the customer and the agent is passed through either the HTTPS, secure WebSocket or SRTP via the Talkative cloud servers. The Talkative architecture offers the following security advantages:

  • The entire system and communications are based on WebSocket Secure and HTTPS protocols and ports. Visitors have no need to download plugins or use any special protocols or ports.
  • No direct connections between the Agent and the Customer are required; all communication is handled and intermediated by the Talkative web servers.
  • Sessions are encrypted using a trusted public certificate authority (CA) to ensure the authenticity of the Talkative server to both parties.
  • Unique session tokens are used for all communication prior to establishing an engagement session, which reduces the risk of an external security attack.
  • All media, including text-chat, audio, video and document transfer, is securely transferred between all parties.
  • Sensitive information, e.g. credit card details, are masked using obfuscation so the Agent cannot see sensitive information.
  • The Talkative scripts are only contained within the browsing tab. The Agents have no access to the customer's computer or any other context outside the open tab.

Agent Connection

The process of connecting an Agent to the Talkative servers and subsequently to a customer session is very similar to the above customer connection process. Once an Agent logs in to the Talkative Agent console, using a username and password, they will have a secure WebSocket and SRTP created to allow for any incoming assistance requests from customer. The Agent console communicates with the Talkative servers, constantly updating the Agent’s status and availability.

Each user of the App (Agents, Administrator etc.) is assigned with a unique user account. Each account has its own authorisation and permission level, as controlled by the administrator. Each user’s authorisation level can be aligned with the business group (i.e. Agent or Administrator). Users authenticate to the App using a username and password.

Last updated on 10th Dec 2018