Home

Case Study: Talk It Out encrypted messaging

Published 08/17/2018

Client Name

Undisclosed

Industry

Communication

Start Date

04/01/2017

Target Launch Date

05/01/2017

Actual Launch Date

05/01/2017

Problem Summary

Our client was in an industry that involved recruiting employees from other firms.

It was a sensitive process and we were required to sign an strict NDA to tackle the project.

Because of the sensitive nature of the communications, our client wanted to have a way that there would be no trace of the communication and would not require the other party to install an application.

Solution Summary

Describe our solution / approach to the work that needs to be solved / done – again in non-technical terms (Good Question for Gunner to answer)
We proposed a completely serverless approach that would leverage web sockets and embeddable JavaScript.

Neither party would be required to create an account, however, each link to the embedded JavaScript would require a secret URL, handle and password.

Additionally, the initiator of the conversation would choose a secret key which would be used to encrypt the conversation at rest.

The key would need to be communicated verbally and the other party would have to unlock the room with the key.

The messages would be sent – encrypted – over SSL sockets directly to the other recipient.

Challenges

The only challenge we encountered was how to do serverless sockets.

After some investigating, we discovered it could be done using AWS IoT even though that was not the originally intended purpose of the technology.

Technical Approach

We used RxJS on the client side to stream the data to a Lambda function after authenticating with AWS cognito.

The Lambda function simply passed the message as is to the other client where the message was unencrypted using the shared code word.

The two endpoints didn’t even need to be on remote servers. A local HTML file that included the necessary scripts could be used as a client.

Project Management Approach

We had just over 30 days to complete this project, so it was a mad scramble with only a single resource dedicated to the project.

Unfortunately, serverless websockets was a big unknown for us, so it took us two research sprints to find a solution.

After that, we followed with two feature sprints and a bug sprint and launched right on time.

Project Roles

  • Cody Swann – Project Manager
  • Cody Swann – Web Developer

Proficiencies Used

  • agile
  • API
  • API Gateway
  • availability
  • AWS
  • AWS Availability Zones
  • AWS Regions
  • backend
  • Bug Sprint
  • CodeCommit
  • Continuous Deployment
  • CSS
  • deploy
  • Design Framework
  • DevOps
  • disaster recovery
  • distributed service
  • DynamoDB
  • ES6
  • Feature Sprint
  • frontend
  • functional requirements
  • git
  • HTML
  • immutable
  • iteration
  • iterative
  • JavaScript
  • Lambda
  • Node
  • non-functional requirements
  • NoSQL
  • NOTS
  • production
  • Redundancy
  • research sprint
  • RxJS
  • S3
  • scalability
  • SDK
  • serverless
  • Serverless Framework
  • sprint
  • technical requirements
  • the cloud
  • Tolerant
  • uptime
  • version control
  • AWS IoT
  • IoT

Lessons Learned

We learned that completely serverless web sockets are a work in progress and you need to get creative to implement them.

Benefits

We’re not allowed to give away specific usage statistics of the app, but the firm continues to use this product today.

Why Gunner Technology?

The firm was attracted to our experience with HIPAA and loved our proposed solution because it would not require any installation and we provided a functional demo with our proposal.

Project Screenshots

talkitout-3 - Cody Swanntalkitout-4 - Cody Swanntalkitout-2 - Cody Swanntalkitout-1 - Cody Swann

Architectural Diagram

aws-diagram - Cody Swann