/
Verify a Call UI

Verify a Call UI

Nov 14, 2018

Introduction/Purpose

When a call ends, the system will calculate a digital signature of the call's audio file using a SHA512 hashing algorithm. The digital signature will be stored in the meta-data.

When the call is retrieved for playback, the system will calculate a digital signature of the playback audio using the same SHA512 hashing algorithm. This checksum is compared with the digital signature stored in the call's meta-data. If the two digital signatures match then the user is informed that the call has been verified. If the two digital signatures do not match, then the user is informed that the file has been tampered with so that further investigations can be carried out.

Potential Actors/Roles

Call Agent: A user with appropriate permissions to be able to playback an existing call.

Automated System: A "user" that is an automated process, which will...

  • Calculate the digital signature of the call audio on end-of-call, and store the digital signature in the call's meta-data
  • Compare digital signature and raise an alert when they differ

Use Cases

  1. Calculate and Store a Call's Digital Signature
  2. Compare digital signatures

Calculate and Store a Call's Digital Signature

During the call end processing the Automated System will automatically calculate a digital signature for the audio using the SHA512 hashing standard. The digital signature will be stored in the call's meta-data. The is no user interface for this activity.

Compare Checksums

When the Call Agent selects an call from their list of existing calls, and chooses to playback the audio, the Automated System will calculate a digital signature - known as the "playback digital signature" - for the audio being played back. The playback digital signature will be created using the SHA512 hashing standard. The Automated System will compare the playback digital signature with the digital signature stored in the meta-data. If the digital signatures match, the user interface is updated to show the call has not been tampered with. If the digital signatures do not match, the user interface is updated to show the call has been tampered with and that the Call Agent should take appropriate action.

Dependencies

The audit system will need to be available so that the following events can be audited...

  • The digital signature is created and stored during end-of-call processing
  • The results of the digital signature comparison on call playback

Verify a call is dependent on delivery of a SHA512 hashing service, which is needed to calculate the digital signatures. See the technical implementation details below.

Mock-ups

A mock-up of a call that is verified is shown below. As can be seen the two digital signatures match.


A mock-up of a call where the digital signatures do not match because the call has been tampered with, is shown below...

Technical Implementation Details

These can be found here Verify a Call

Add label