Systems and methods for protecting information

Information

  • Patent Grant
  • 7774854
  • Patent Number
    7,774,854
  • Date Filed
    Friday, March 31, 2006
    18 years ago
  • Date Issued
    Tuesday, August 10, 2010
    14 years ago
Abstract
Systems and methods for protecting information provided to an agent via a communication network are provided. In this regard, a representative method comprises: receiving a communication via a communication network, the communication including information that is to be protected; routing the communication to an agent; recording at least a portion of the communication; identifying the information that is to be protected from the communication; and preventing unauthorized access to the information during replay of the portion of the communication.
Description
BACKGROUND

Contact centers are staffed by agents that facilitate various transactions with customers. By way of example, a customer may contact a contact center by phone, with the phone call being routed to an agent for handling. After the phone call is routed to the agent, the agent and customer can interact to facilitate a transaction. For instance, the customer may express a desire to purchase a product that is being offered for sale. Notably, various forms of information, such as product name and price, typically are communicated during this interaction. More importantly, however, more sensitive information also is communicated. In particular, personal information related to the customer, such as name and address, could be communicated. In addition, the customer's social security number and/or credit card numbers also could be communicated.


SUMMARY

In this regard, systems and methods for protecting information, which may be sensitive or secure information, provided to an agent via a communication network are provided. Such information can be provided via voice dialog, and/or derived from screen events and data, stored CRM data, stored IVR data, CTI events and data, D-channel events, chat and messenger text, and/or video. A representative embodiment of such a method comprises: receiving a communication via a communication network, the communication including information that is to be protected; routing the communication to an agent; recording at least a portion of the communication; identifying the information that is to be protected from the communication; and preventing unauthorized access to the information (via replay or other access method, such as automated analysis, and/or applying security measures or masking) of the portion of the communication.


A representative embodiment of a system comprises a communication monitoring system and a recording device. The communication monitoring system is operative to monitor a communication via a communication network and identify information contained in the communication that is to be protected. The recording device is operative to record at least a portion of the communication. Additionally, the communication monitoring system is further operative to provide instructions to the recording device responsive to identifying the information such that unauthorized access to the information is prevented of the portion of the communication that was recorded by the recording device.


Computer-readable media also are provided, a representative embodiment of which has a computer program stored thereon. The computer program comprises computer-executable instructions for performing a computer-executed method for protecting information provided to an agent via a communication network. The method comprises: receiving a communication via a communication network, the communication including information that is to be protected; identifying the information that is to be protected from the communication; recording at least a portion of the communication; preventing unauthorized access to the information such that, if it is determined that the information that is to be protected has been recorded, at least a portion of the information is rendered unintelligible to a user unless that user possesses an authorization to access the information.


Other systems, methods, features and/or advantages of this disclosure will be or may become apparent to one with skill in the art upon examination of the following drawings and detailed description. It is intended that all such additional systems, methods, features and/or advantages be included within this description and be within the scope of the present disclosure.





BRIEF DESCRIPTION

Many aspects of the disclosure can be better understood with reference to the following drawings. The components in the drawings are not necessarily to scale, emphasis instead being placed upon clearly illustrating the principles of the present disclosure. Moreover, in the drawings, like reference numerals designate corresponding parts throughout the several views. While several embodiments are described in connection with these drawings, there is no intent to limit the disclosure to the embodiment or embodiments disclosed herein. On the contrary, the intent is to cover all alternatives, modifications, and equivalents.



FIG. 1 is a schematic diagram depicting an embodiment of a system for protecting information.



FIG. 2 is a flowchart depicting functionality (or method steps) performed by an embodiment of a system for protecting information.



FIG. 3 is a schematic diagram depicting a communication and select functionality implemented by an embodiment of a system for protecting information with respect to the communication.



FIG. 4 is a schematic diagram of a computing device that can be used to implement an embodiment of a system for protecting information.





DETAILED DESCRIPTION

As will be described in detail herein, systems and methods for protecting information provided to an agent via a communication network are provided. In this regard, such systems and methods can potentially prevent unauthorized access to information provided by a customer during interaction with an agent of call center. In some embodiments, this can be accomplished by selectively terminating recording of such communications during times when information that is to be protected is communicated to the agent. Additionally, or alternatively, responsive to such information being recorded, at least a portion of that information can be modified so that only those users who are authorized access to such information are provided with the information in an intelligible format. By way of example, some embodiments can modify the information that was recorded by deleting, obfuscating, masking and/or encrypting at least a portion of the information.


As used herein, the phrase “information that is to be protected” can be broadly defined as information that would be considered sensitive to a customer. This can include security data, which includes social security numbers and credit card information. Notably, credit card information can include credit card numbers and credit card security data, such as CVV data, which is oftentimes located on the back of a credit card.


Referring in detail to the drawings, FIG. 1 is a schematic diagram of an embodiment of a system for protecting information. As shown in FIG. 1, system 100 incorporates a communication monitoring system 102 that receives communications provided by a communications network 104. Notably, communications network 104 can be any or a combination of network types (e.g., PSTN, WAN, LAN, the Internet) for communicating various formats (e.g., analog telephone signals, Voice over Internet Protocol (VoIP)) of information.


System 100 also incorporates user workstations, in this case, an agent workstation 106 and a supervisor workstation 108. Each workstation can include a computer and a telephone. In particular, the agent workstation 106 is operative to run various applications, such as those that enable an agent to access information for interacting with a customer 110.


Additionally, system 100 incorporates a recording device 112. The recording device receives information for recording as instructed by the monitoring system 102 as will be described below.


The monitoring system is operative to receive information corresponding to communications that are received from the communication network, such as those received from a workstation and/or a customer. The monitoring system then directs the recording of the information based on a set of rules that can be stored in a database associated with the monitoring system. In particular, based on an analysis of the received communications with respect to the rules, the monitoring system can be configured to provide instructions to the recording device to control start/stop/break recording functions of the recording device. It should be noted that more than one recording device can be used in some embodiments, with the recording functions of each of the recording devices being potentially directed by the monitoring system.


Although the communications depicted in FIG. 1 are shown as being provided directly to monitoring system 102 from the communications network, the monitoring system may receive the information indirectly. By way of example, the information could be provided to the monitoring system by another component, e.g., a component that provides a copy of the communication to the monitoring system. Thus, it should be noted that systems for protecting information (such as the system 100) could include various components that are not shown in FIG. 1, e.g. servers and switches, with such various components being omitted for ease of description.


Functionality of an embodiment of a system for protecting information (such as depicted in FIG. 1) will now be described with reference to FIG. 2. As shown in FIG. 2, the functionality (or method) may be construed as beginning at block 202, where a communication is received via a communication network. Specifically, the communication includes information that is to be protected, and could correspond to a communication between a customer and an agent of a call center, for example. In block 204, the communication is routed to an agent. In block 206, at least a portion of the communication is recorded. As will be described in detail later, the portion of the communication that is recorded may or may not include at least a portion of the information that is to be protected. In block 208, the information that is to be protected is identified from the communication. Thereafter, such as depicted in block 210, unauthorized access to the information is prevented, such as during replay of the portion of the communication that was recorded.


As will be described in greater detail hereafter, various and/or combinations of methodologies may be used to ensure that information is protected. In particular, these methodologies can include, but are not limited to: analyzing a communication and selectively not recording at least a portion of the information that is to be protected; analyzing a communication and selectively recording at least a portion of the communication such that at least a portion of the information that is to be protected is not recorded; deleting at least a portion of the information that is to be protected prior to storing corresponding data in long term storage; after storing corresponding data in long term storage, deleting at least a portion of the information that is to be protected from long term storage; modifying at least a portion of the information that is to be protected such that at least a portion of the information is unintelligible to a user unless that user possesses an authorization to access the information; manually, selectively recording or not recording the communication to prevent recording of at least a portion of the information that is to be protected; and manually or automatically, tagging portion(s) of a communication to have security applied to the tagged portion(s) (such as silencing, masking, encryption, and/or immediate, e.g., real-time, or delayed overwrite or removal of the tagged portions), thereby eliminating the need to break or suspend recording and thereafter stitch segments of the communication together.


Thus, the various methodologies for protecting information can be generally categorized in one of the following groups; namely, 1) those methodologies that operate to ensure that at least part of the information is not or will not be committed to long term storage, 2) those methodologies that operate to modify at least a portion of the information that is or will be committed to long term storage, and 3) those methodologies that operate to tag certain portion(s) of a communication and to apply security to the tagged portion(s).


In general, the ability to protect information corresponding to a communication can be based, at least in part, upon the occurrence of various triggers. By way of example, reference is made to the schematic diagram of FIG. 3, which depicts a communication. As shown in FIG. 3, communication 300, e.g., a telephone call, has a start and an end, with the length of the communication being indicative of the time duration of the communication. Communication 300 also exhibits a triggering event, the onset and end of which are depicted. By analyzing the communication (various methods of which will be described later), the onset of the triggering event can be identified. Responsive thereto, information corresponding to the communication between the onset and the later-identified end of the triggering event, for example, can be protected.


As mentioned above, various methodologies for protecting information can be used. In this regard, several methodologies that do not commit at least a portion of the information to long term storage will now be described in greater detail. Specifically, some embodiments are configured to determine whether information contained in a communication is to be captured for recording. Various triggers, e.g., events, can be used to facilitate such a determination. For instance, voice recognition techniques can be utilized to determine whether information will be or is being provided by the communication. In this regard, a voice recognition algorithm could determine whether one or more of various “hot words” have been communicated. Responsive to determining that one or more hot words have been communicated, capturing of information could be suspended. Such could be the case in embodiments that are configured to capture information unless recording is suspended. Alternatively, in embodiments that typically do not capture information unless prompted to do so, responsive to one or more hot words, capturing of information could be started. Succinctly, the above described a dialog focus embodiment in which voice/audio is filtered to determine whether to start recording, stop recording, suspend recording, resume recording, blank recording, scramble recording, and/or insert silence into the recording if secured information are communicated.


Additionally, or alternatively, various other events, such as desk top events monitored at an agents workstation (e.g., screen data), application events involving monitoring agent activity (e.g., application focus events and data), CRM events and data, and CTI events or CTI data, which involves monitoring of data that was captured, can be used. For example, an agent entering a specific page within an application that requires the entering of a person's social security number may trigger the system to stop recording either or both of the audio and the desktop video. In an enhancement, the text on the agent's screen may drive the voice recognition filter or dialog focus triggers.


Thus, based upon the occurrence of one or more triggers, which may be initiated triggers or timed triggers, at least a portion of the information that is to be protected will not be available for accessing because that information is not retained in a long term storage memory device. This could provide an improved level of protection for such information since not all of the information that was communicated to the agent will be available for subsequent access.


It should be noted that the use of various triggers can be used prior to committing the information that was captured to long term storage or after the information has been committed to long term storage. That is, in some embodiments, although communications could be analyzed to determine whether any triggers have occurred in real time, additionally or alternatively, such analysis could occur after the information has been captured. By way of example, such analysis could occur after the information has been placed in a buffer, but prior to the information being committed to long term storage. In such embodiments, the information in the buffer could be analyzed for triggers, and any information that should not be committed to long term storage that is found in the buffer could be deleted and/or modified. Such could also be the case when information has been committed to long term storage. That is, the information committed to long term storage could additionally or alternatively be analyzed for triggers, the discovery of which could cause the system to delete or otherwise modify any information that is to be protected. Thus, in some embodiments, monitoring systems can perform real-time processing and/or subsequent screening of information.


In at least some embodiments that delete information that has been captured, stitching can be used. In particular, a portion of a recording that preceded the deleted information can be stitched together with a portion of the recording that succeeded the information. This can result in a relatively seamless recording that can save memory capacity.


With regard to stitching, some embodiments can, for example, stitch the segments together with no gap at replay, stitch the segments together with a gap at replay (or showing a gap), stitch the segments together with alternative content at replay (such as silence or other identifiers to signify that secured information has not been recorded and/or deleted and/or is protected from replay). For example, such a system may also provide indication between the stitched sides, which can be for example, two or more sides, that would provide indication to a user that something was removed for security purposes. In some embodiments, the event identifiers may be represented with a tone or silence in case of audio, or an image or logo in the case of video/screen capture.


As mentioned above, information pertaining to a communication can be captured for subsequent analysis and use. In this regard, such information can include audio corresponding to the communication, screen displayed to the agent that is handling the communication and various CTI and/or other status indicators present during the communication.


With respect to modification of information that is to be protected, such modification can occur in various manners, including those which involve different times for performing the modification and different types of modification. With respect to the time of modification, such modification can occur essentially contemporaneously with the capture of the information up to and including a time that the information is to be accessed and provided to a user, such as in the form of a replay of the information. Notably, if the information is to be modified for the purpose of replay, some embodiments can be configured to modify the contents of the information in long term storage responsive to access being requested. Alternatively, a copy of the information can be modified so that the copy of the information is presented to the user in a modified format, with the information in long term storage being unaltered.


Irrespective of the particular time at which the information is modified, various types of modification can be used. Generally, these types of modification include masking, obfuscating, encrypting and deleting at least a portion of the information.


With respect to the masking of information, various types of masking can be used. In particular, the type of masking utilized depends, at least in part, upon the format of the information that is to be masked. By way of example, when the information is audio content, masking can involve replacing at least a portion of the audio content with silence. However, when the information that is to be protected is included in a screen shot from an agent workstation, visual masking techniques, such as overlaying an opaque graphic, can be used to visually obscure at least a portion of the information that is to be protected.


With respect to modification by encryption, both audio content and visual content (e.g., screen shots) can be encrypted. Encryption can be accomplished by many different types of cryptography techniques, which may include, for example, one-way hashes (hashed indexes) such as SHA-1; truncation; index tokens and PADs, with the PADs being securely stored; or strong cryptography, such as Triple-DES 128-bit or AES 256-bit with associated key management processes and procedures.


It should be noted that in some embodiments, communications and/or agent activity may not only be monitored by a monitoring system for the purpose of identifying information that is to be protected, communications and/or agent activity can also be monitored by a supervisor for quality assurance purposes, for example. In such embodiments, various techniques can be employed for ensuring that information that is to be protected does not circumvent various protective schemes by being routed to a supervisor for monitoring. By way of example, in some embodiments, a supervisor may be able to monitor a communication remotely and have access to the same information to which the agent has access. In some of these embodiments, the information provided for supervisor monitoring is subsequently deleted such that no additional copies of the information are available. In other embodiments, the information provided to the supervisor for monitoring can be in a format that contains less information than is provided to the agent. By way of example, the information can be provided to the supervisor in a format that corresponds to the manner in which the information would be presented to the supervisor during a replay. As mentioned before, the information provided for such a replay could be modified to prevent unauthorized access to the information that is to be protected. Notably, however, up to all the information that has been modified for replay could be reconfigured to be provided to a user in an intelligible format. In this case, if the supervisor is authorized access to the information, the information could be provided to the supervisor for monitoring in an intelligible format.


For those embodiments that modify information for the purpose of protecting that information, such activities could be logged to provide an audit trail. Such an audit trail could be particularly useful in those embodiments that delete information so that the information is no longer accessible. By way of example, various activities associated with the recording and/or modification of information can be provided as details that are saved as data entries. These data entries can then be correlated with the recorded information. By way of example, the audit details could include, but are not limited to: capture identification of a user initiating or causing an event, the type of event that occurred, the date and time that the event occurred, the success or failure of the event, and the identity of the system/resource affected by the event. With respect to such events, such events could include, but are not limited to: a user's act of viewing captured content or metadata associated with content, a user's act of changing attributes of or adding attributes to captured content, a user's act of changing a configuration setting, failed or successful authentication activity, changes to a user account, access to a system audit log, modifications to any business rules (such as the rules used to implement recording or non-recording), and evaluation activities.


Notably, with respect to any information that is recorded, various security techniques can be used to ensure that the stored information is not tampered with or somehow altered once storage and/or modification of the information has taken place. In this regard, some embodiments can incorporate watermarking and/or fingerprinting techniques to ensure that the information is not altered. Watermarks and/or fingerprints can be used to validate the integrity of the captured content to the user at a later date.



FIG. 4 is a schematic diagram illustrating an embodiment of a computing device that is configured to perform the functionality associated with an embodiment of a monitoring system. Generally, in terms of hardware architecture, computer 400 includes a processor 402, memory 404, a user interface 406, and one or more input and/or communication (I/O) device interface(s) 408 that are communicatively coupled via a local interface 410. The local interface can include, for example but not limited to, one or more buses or other wired or wireless connections. The local interface may have additional elements, which are omitted for simplicity, such as controllers, buffers (caches), drivers, repeaters, and receivers to enable communications. Further, the local interface may include address, control, and/or data connections to enable appropriate communications among the aforementioned components.


The processor 402 may be a hardware device for executing software, particularly software stored in memory 404. In this regard, the processor can be any custom made or commercially available processor, a central processing unit (CPU), an auxiliary processor among several processors associated with the recorder, a semiconductor based microprocessor (in the form of a microchip or chip set), a macroprocessor, or generally any device for executing software instructions. Examples of suitable commercially available microprocessors are as follows: a PA-RISC series microprocessor from Hewlett-Packard® Company, an 80×86 or Pentium® series microprocessor from Intel® Corporation, a PowerPC® microprocessor from IBM®, a Sparc® microprocessor from Sun Microsystems®, Inc, or a 68xxx series microprocessor from Motorola® Corporation.


The memory 404 can include any one or combination of volatile memory elements (e.g., random access memory (RAM, such as DRAM, SRAM, SDRAM, etc.)) and nonvolatile memory elements (e.g., ROM, hard drive, tape, CDROM, etc.). Moreover, the memory may incorporate electronic, magnetic, optical, and/or other types of storage media. Note that the memory can have a distributed architecture, where various components are situated remote from one another, but can be accessed by the processor. Additionally, the memory can include an operating system 412, as well as instructions associated with a monitoring system 420.


The software in memory may include one or more separate programs, each of which includes an ordered listing of executable instructions for implementing logical functions. In this regard, a nonexhaustive list of examples of suitable commercially available operating systems is as follows: (a) a Windows® operating system available from Microsoft® Corporation; (b) a Netware® operating system available from Novell®, Inc.; (c) a Macintosh® operating system available from Apple® Computer, Inc.; (d) a UNIX operating system, which is available for purchase from many vendors, such as the Hewlett-Packard® Company, Sun Microsystems®, Inc., and AT&T® Corporation; (e) a LINUX operating system, which is freeware that is readily available on the Internet 100; (f) a run time Vxworks® operating system from WindRiver® Systems, Inc.; or (g) an appliance-based operating system, such as that implemented in handheld computers or personal data assistants (PDAs) (e.g., PalmOS® available from Palm® Computing, Inc., and Windows CE® available from Microsoft® Corporation). The operating system can be configured to control the execution of other computer programs and provides scheduling, input-communication control, file and data management, memory management, and communication control and/or related services.


It should be noted that a system component embodied as software may also be construed as a source program, executable program (object code), script, or any other entity comprising a set of instructions to be performed. When constructed as a source program, the program is translated via a compiler, assembler, interpreter, or the like, which may or may not be included within the memory, so as to operate properly in connection with the operating system.


When the computing device 400 is in operation, the processor is configured to execute software stored within the memory, to communicate data to and from the memory, and to generally control operations of the recorder pursuant to the software. Software in memory, in whole or in part, is read by the processor, perhaps buffered, and is then executed. In this regard, when executing instructions associated with the monitoring system, the exemplary functionality described above with respect to monitoring systems may be performed.


It should be noted that any of the executable instructions, such as those depicted functionally in the accompanying flowcharts, can be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions. In the context of this document, a “computer-readable medium” can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device. The computer readable medium can be, for example but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device. More specific examples (a nonexhaustive list) of the computer-readable medium could include an electrical connection (electronic) having one or more wires, a portable computer diskette (magnetic), a random access memory (RAM) (electronic), a read-only memory (ROM) (electronic), an erasable programmable read-only memory (EPROM or Flash memory) (electronic), an optical fiber (optical), and a portable compact disc read-only memory (CDROM) (optical). In addition, the scope of embodiments of this disclosure can include embodying the functionality described in logic embodied in hardware or software-configured media.


It should be noted that the flowcharts included herein show the architecture, functionality and/or operation of implementations that may be configured using software. In this regard, each block can be interpreted to represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that in some alternative implementations, the functions noted in the blocks may occur out of the order. For example, two blocks shown in succession may in fact be executed substantially concurrently or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved.


It should be emphasized that the above-described embodiments are merely possible examples of implementations, merely set forth for a clear understanding of the principles of this disclosure. Many variations and modifications may be made to the above-described embodiments without departing substantially from the spirit and principles of the disclosure. All such modifications and variations are intended to be included herein within the scope of this disclosure.

Claims
  • 1. A method for protecting information provided to an agent via a communication network, said method comprising: receiving, at a communication monitoring server, an interactive communication responsive to an agent request via a communication network, the communication including information that is to be protected;routing the communication to an agent;recording at least a portion of the communication;electronically identifying the information that is to be protected from the communication; andpreventing unauthorized access to the information that is to be protected during replay of the portion of the communication.
  • 2. The method of claim 1, wherein the preventing unauthorized access comprises: in response to the electronic identification, stopping the recording during a time in which the information that is to be protected is expected to be provided during the communication; andrestarting the recording after the time in which the information that is to be protected is expected to be provided has lapsed such that at least a portion of the information that is to be protected is not recorded.
  • 3. The method of claim 2, wherein electronically identifying the information that is to be protected from the communication comprises: using voice recognition to determine the time during which the information that is to be protected is expected to be provided during the communication.
  • 4. The method of claim 1, wherein: the communication is facilitated via a computer telephony integration (CTI) network; andwherein electronically identifying the information that is to be protected from the communication further comprises:using CTI events to determine a time during which the information that is to be protected is expected to be provided during the communication.
  • 5. The method of claim 1, wherein: the agent uses a desktop application of a workstation during an interaction involving the communication; andwherein electronically identifying the information that is to be protected from the communication further comprises:using desktop application events to determine a time during which the information that is to be protected is expected to be provided during the communication.
  • 6. The method of claim 5, wherein using desktop application events to determine a time during which the information that is to be protected is expected to be provided during the communication comprises detecting the display of a customer sensitive data entry screen on the desktop.
  • 7. The method of claim 1, wherein recording at least a portion of the communication comprises recording the communication during a time in which the information that is to be protected is communicated to the agent.
  • 8. The method of claim 7, further comprising, after recording, automatically deleting at least a portion of the information that is to be protected.
  • 9. The method of claim 8, further comprising automatically stitching together a portion of a recording that preceded the information that is to be protected with a portion of the recording that succeeded the information that is to be protected.
  • 10. The method of claim 8, further comprising automatically tagging a portion of a recording from which the information that is to be protected was deleted such that the recording contains an indication that the information that is to be protected was deleted therefrom.
  • 11. The method of claim 7, further comprising automatically modifying a stored format of the information that is to be protected such that at least a portion of the information that is to be protected is unintelligible to a user during a playback of the communication unless that user possesses an authorization to access the information that is to be protected.
  • 12. The method of claim 11, wherein modifying comprises obfuscating the information that is to be protected.
  • 13. The method of claim 11, wherein modifying comprises masking the information that is to be protected.
  • 14. The method of claim 11, wherein modifying comprises encrypting at least a portion of the information that is to be protected.
  • 15. The method of claim 1, further comprising replaying the portion of the communication that was recorded.
  • 16. The method of claim 15, wherein, during the replaying, at least one of the following are not provided unless the user conducting the replaying is authorized to access to the information: captured audio containing at least a portion of the information; and portions of captured screen shots from a workstation of the agent containing at least a portion of the information.
  • 17. A system for protecting information provided to an agent via a communication network, said system comprising: a communication monitoring system operative to monitor an interactive communication responsive to an agent request via a communication network and electronically identify information contained in the communication that is to be protected; anda recording device operative to record at least a portion of the communication;wherein the communication monitoring system is further operative to provide instructions to the recording device responsive to electronically identifying the information that is to be protected such that unauthorized access to the information is prevented.
  • 18. The system of claim 17, further comprising: a voice recognition system operative to analyze voice content of the communication and to determine a time during which the information that is to be protected is expected to be provided during the communication; andwherein the communication monitoring system is operative to instruct the recording device to: stop recording the communication during the time in which the information that is to be protected is expected to be provided during the communication; andrestart recording the communication after the time has lapsed such that at least a portion of the information that is to be protected is not recorded.
  • 19. The system of claim 17, further comprising means for providing the communication to the agent.
  • 20. The system of claim 17, further comprising: a computer telephony integration (CTI) operative to provide the communication to the agent; andwherein the communication monitoring system is operative to analyze CTI events to determine a time during which the information that is to be protected is expected to be provided during the communication and, responsive thereto, instruct the recording device to: stop recording the communication during the time in which the information that is to be protected is expected to be provided during the communication; andrestart recording the communication after the time in which the information that is to be protected is expected to be provided has lapsed such that at least a portion of the information that is to be protected is not recorded.
  • 21. The system of claim 20, wherein the recording device is operative to record CTI activity.
  • 22. The system of claim 17, further comprising: an agent workstation operative to execute a desktop application during an interaction involving the communication; andwherein the communication monitoring system is operative to analyze desktop application events to determine a time during which the information that is to be protected is expected to be provided during the communication and, responsive thereto, instruct the recording device to: stop recording the communication during the time in which the information that is to be protected is expected to be provided during the communication; andrestart recording the communication after the time in which the information that is to be protected is expected to be provided has lapsed such that at least a portion of the information that is to be protected is not recorded.
  • 23. The system of claim 22, wherein the recording device is operative to record desktop application activity.
  • 24. The system of claim 17, further comprising: an application interface enabling the agent to control recording of the communication via such that at least a portion of the information that is to be protected is not recorded.
  • 25. A computer-readable medium having a computer program stored thereon, the computer program comprising computer-executable instructions for performing a computer-executed method for protecting information provided to an agent via a communication network, said method comprising: receiving an interactive communication responsive to an agent request via a communication network, the communication including information that is to be protected;electronically identifying the information that is to be protected from the communication;recording at least a portion of the communication; andpreventing unauthorized access to the information such that, if it is determined that the information that is to be protected has been recorded, at least a portion of the information is rendered unintelligible to a user unless that user possesses an authorization to access the information.
US Referenced Citations (160)
Number Name Date Kind
3594919 De Bell et al. Jul 1971 A
3705271 De Bell et al. Dec 1972 A
4510351 Costello et al. Apr 1985 A
4684349 Ferguson et al. Aug 1987 A
4694483 Cheung Sep 1987 A
4763353 Canale et al. Aug 1988 A
4815120 Kosich Mar 1989 A
4924488 Kosich May 1990 A
4953159 Hayden et al. Aug 1990 A
5016272 Stubbs et al. May 1991 A
5101402 Chiu et al. Mar 1992 A
5117225 Wang May 1992 A
5210789 Jeffus et al. May 1993 A
5239460 LaRoche Aug 1993 A
5241625 Epard et al. Aug 1993 A
5267865 Lee et al. Dec 1993 A
5299260 Shaio Mar 1994 A
5311422 Loftin et al. May 1994 A
5315711 Barone et al. May 1994 A
5317628 Misholi et al. May 1994 A
5347306 Nitta Sep 1994 A
5388252 Dreste et al. Feb 1995 A
5396371 Henits et al. Mar 1995 A
5432715 Shigematsu et al. Jul 1995 A
5465286 Clare et al. Nov 1995 A
5475625 Glaschick Dec 1995 A
5485569 Goldman et al. Jan 1996 A
5491780 Fyles et al. Feb 1996 A
5499291 Kepley Mar 1996 A
5535256 Maloney et al. Jul 1996 A
5572652 Robusto et al. Nov 1996 A
5577112 Cambray et al. Nov 1996 A
5590171 Howe et al. Dec 1996 A
5597312 Bloom et al. Jan 1997 A
5619183 Ziegra et al. Apr 1997 A
5696906 Peters et al. Dec 1997 A
5717879 Moran et al. Feb 1998 A
5721842 Beasley et al. Feb 1998 A
5742670 Bennett Apr 1998 A
5748499 Trueblood May 1998 A
5778182 Cathey et al. Jul 1998 A
5784452 Carney Jul 1998 A
5790798 Beckett, II et al. Aug 1998 A
5796952 Davis et al. Aug 1998 A
5809247 Richardson et al. Sep 1998 A
5809250 Kisor Sep 1998 A
5825869 Brooks et al. Oct 1998 A
5835572 Richardson, Jr. et al. Nov 1998 A
5862330 Anupam et al. Jan 1999 A
5864772 Alvarado et al. Jan 1999 A
5884032 Bateman et al. Mar 1999 A
5907680 Nielsen May 1999 A
5918214 Perkowski Jun 1999 A
5923746 Baker et al. Jul 1999 A
5933811 Angles et al. Aug 1999 A
5944791 Scherpbier Aug 1999 A
5948061 Merriman et al. Sep 1999 A
5958016 Chang et al. Sep 1999 A
5964836 Rowe et al. Oct 1999 A
5978648 George et al. Nov 1999 A
5982857 Brady Nov 1999 A
5987466 Greer et al. Nov 1999 A
5990852 Szamrej Nov 1999 A
5991373 Pattison et al. Nov 1999 A
5991796 Anupam et al. Nov 1999 A
6005932 Bloom Dec 1999 A
6009429 Greer et al. Dec 1999 A
6014134 Bell et al. Jan 2000 A
6014647 Nizzari et al. Jan 2000 A
6018619 Allard et al. Jan 2000 A
6035332 Ingrassia et al. Mar 2000 A
6038544 Machin et al. Mar 2000 A
6039575 L'Allier et al. Mar 2000 A
6057841 Thurlow et al. May 2000 A
6058163 Pattison et al. May 2000 A
6061798 Coley et al. May 2000 A
6072860 Kek et al. Jun 2000 A
6076099 Chen et al. Jun 2000 A
6078894 Clawson et al. Jun 2000 A
6091712 Pope et al. Jul 2000 A
6108711 Beck et al. Aug 2000 A
6122665 Bar et al. Sep 2000 A
6122668 Teng et al. Sep 2000 A
6130668 Stein Oct 2000 A
6138139 Beck et al. Oct 2000 A
6144991 England Nov 2000 A
6146148 Stuppy Nov 2000 A
6151622 Fraenkel et al. Nov 2000 A
6154771 Rangan et al. Nov 2000 A
6157808 Hollingsworth Dec 2000 A
6171109 Ohsuga Jan 2001 B1
6182094 Humpleman et al. Jan 2001 B1
6195679 Bauersfeld et al. Feb 2001 B1
6201948 Cook et al. Mar 2001 B1
6211451 Tohgi et al. Apr 2001 B1
6225993 Lindblad et al. May 2001 B1
6230197 Beck et al. May 2001 B1
6236977 Verba et al. May 2001 B1
6244758 Solymar et al. Jun 2001 B1
6282548 Burner et al. Aug 2001 B1
6286030 Wenig et al. Sep 2001 B1
6286046 Bryant Sep 2001 B1
6288753 DeNicola et al. Sep 2001 B1
6289340 Purnam et al. Sep 2001 B1
6301462 Freeman et al. Oct 2001 B1
6301573 McIlwaine et al. Oct 2001 B1
6324282 McIlwaine et al. Nov 2001 B1
6347374 Drake et al. Feb 2002 B1
6351467 Dillon Feb 2002 B1
6353851 Anupam et al. Mar 2002 B1
6360250 Anupam et al. Mar 2002 B1
6370574 House et al. Apr 2002 B1
6404857 Blair et al. Jun 2002 B1
6411989 Anupam et al. Jun 2002 B1
6418471 Shelton et al. Jul 2002 B1
6459787 McIlwaine et al. Oct 2002 B2
6487195 Choung et al. Nov 2002 B1
6493758 McLain Dec 2002 B1
6502131 Vaid et al. Dec 2002 B1
6510220 Beckett, II et al. Jan 2003 B1
6535909 Rust Mar 2003 B1
6542602 Elazar Apr 2003 B1
6546405 Gupta et al. Apr 2003 B2
6560328 Bondarenko et al. May 2003 B1
6583806 Ludwig et al. Jun 2003 B2
6606657 Zilberstein et al. Aug 2003 B1
6665644 Kanevsky et al. Dec 2003 B1
6674447 Chiang et al. Jan 2004 B1
6683633 Holtzblatt et al. Jan 2004 B2
6697858 Ezerzer et al. Feb 2004 B1
6724887 Eilbacher et al. Apr 2004 B1
6738456 Wrona et al. May 2004 B2
6757361 Blair et al. Jun 2004 B2
6772396 Cronin et al. Aug 2004 B1
6775377 McIlwaine et al. Aug 2004 B2
6792575 Samaniego et al. Sep 2004 B1
6810414 Brittain Oct 2004 B1
6820083 Nagy et al. Nov 2004 B1
6823384 Wilson et al. Nov 2004 B1
6870916 Henrikson et al. Mar 2005 B2
6901438 Davis et al. May 2005 B1
6959078 Eilbacher et al. Oct 2005 B1
6965886 Govrin et al. Nov 2005 B2
20010000962 Rajan May 2001 A1
20010032335 Jones Oct 2001 A1
20010043697 Cox et al. Nov 2001 A1
20020038363 MacLean Mar 2002 A1
20020052948 Baudu et al. May 2002 A1
20020065911 Von Klopp et al. May 2002 A1
20020065912 Catchpole et al. May 2002 A1
20020128925 Angeles Sep 2002 A1
20020143925 Pricer et al. Oct 2002 A1
20020165954 Eshghi et al. Nov 2002 A1
20030055883 Wiles et al. Mar 2003 A1
20030079020 Gourraud et al. Apr 2003 A1
20030144900 Whitmer Jul 2003 A1
20030154240 Nygren et al. Aug 2003 A1
20040100507 Hayner et al. May 2004 A1
20040165717 McIlwaine et al. Aug 2004 A1
20050138560 Lee et al. Jun 2005 A1
Foreign Referenced Citations (6)
Number Date Country
0453128 Oct 1991 EP
0773687 May 1997 EP
0989720 Mar 2000 EP
2369263 May 2002 GB
WO 9843380 Nov 1998 WO
WO 0016207 Mar 2000 WO