Typical call centers are expanding to provide communication with customers through various means, including through verbal communication over a telephone line, SMS text messaging, Instant Messaging, and email. During a communication session, agents and customers can correspond via one or more of the different communication means. These communication sessions are commonly recorded and stored as messages in a telephone call center for quality assurance and review purposes. Each session can include the divulgence of sensitive information, such as name, telephone number, address, social security number, and account number, which are stored as recorded messages.
To protect the sensitive information of customers, the message recordings of the communication sessions are encrypted via an encryption key for later use, if necessary. Generally, call centers use a master key to generate encryption keys, which are used to encrypt call center recordings. To prevent a key from being guessed or obtained by an unauthorized user, the key must be randomly generated and include sufficient entropy, or uncertainty. However, only a certain amount of randomness can be provided from a particular device to generate the keys. Also, extreme care must be taken in protecting the master key from which the encryption keys are generated. Therefore, the use of a single key for encrypting multiple records can result in a massive security breach. For example, if an unauthorized user obtains the key, the unauthorized user would have access to all the emails encrypted with that key.
Accordingly, a system and method to ensure maximum security of messages with sensitive information, while minimizing the extent of a possible security breach is needed. Preferably, the system and method will prevent unauthorized users from accessing a large amounts of data during a security breach by generating a unique encryption key for each record.