Our client was in an industry that involved recruiting employees from other firms.
It was a sensitive process and we were required to sign an strict NDA to tackle the project.
Because of the sensitive nature of the communications, our client wanted to have a way that there would be no trace of the communication and would not require the other party to install an application.
Describe our solution / approach to the work that needs to be solved / done – again in non-technical terms (Good Question for Gunner to answer)
Additionally, the initiator of the conversation would choose a secret key which would be used to encrypt the conversation at rest.
The key would need to be communicated verbally and the other party would have to unlock the room with the key.
The messages would be sent – encrypted – over SSL sockets directly to the other recipient.
The only challenge we encountered was how to do serverless sockets.
After some investigating, we discovered it could be done using AWS IoT even though that was not the originally intended purpose of the technology.
We used RxJS on the client side to stream the data to a Lambda function after authenticating with AWS cognito.
The Lambda function simply passed the message as is to the other client where the message was unencrypted using the shared code word.
The two endpoints didn’t even need to be on remote servers. A local HTML file that included the necessary scripts could be used as a client.
We had just over 30 days to complete this project, so it was a mad scramble with only a single resource dedicated to the project.
Unfortunately, serverless websockets was a big unknown for us, so it took us two research sprints to find a solution.
After that, we followed with two feature sprints and a bug sprint and launched right on time.
We learned that completely serverless web sockets are a work in progress and you need to get creative to implement them.
We’re not allowed to give away specific usage statistics of the app, but the firm continues to use this product today.
The firm was attracted to our experience with HIPAA and loved our proposed solution because it would not require any installation and we provided a functional demo with our proposal.