Encryption Key security

To secure sensitive cardholder data, Interaction Recorder uses strong encryption key cryptography, the Advanced Encryption Standard (AES) encryption algorithm with a random 256-bit key, to encrypt both the media file and the Recording Key. Generated Recording Keys are used to encrypt and decrypt recorded media files, and are stored with each media file.

A Master Key securely protects recording keys. By default, the Master Keys are stored in the Master Key file in plain text. To secure the Master Keys, encrypt the Master Key File by creating a Master Key Password. Security of encrypted recordings is dependent on the administrator to safely secure the storage of the Master Key file and to restrict access to the file's location. If the contents of the Master Key file are lost, it is impossible to recover the recordings that are associated with those Master Keys.

Recording keys are encrypted with the most recent Master Key. If a Master Key is compromised, there is a security exposure to the recordings associated with that key. Therefore, it is recommended that Master Keys be automatically generated on a regular schedule. This procedure minimizes the potential loss by limiting the number of recordings associated with each Master Key.

After generating a new Master Key, enable Recording Encryption when you create your Initiation Policy in Interaction Recorder Policy Editor. For more information, see Using Policy Editor.