In some operating circumstances it is important that internal memory used for VoiceXML variables does not hold raw data values of sensitive information, such as customer credit card data, in case the BVR system is somehow compromised and a scan of the memory of the program is obtained
For this issue, we have developed an extension of VoiceXML specification to add the boolean "encrypted" attribute to <var> tags, which defaults to false if not set.
Below is a simple example adapted from the Welcome sample file demonstrating that you can use both encrypted and non-encrypted variables in a document and include both in the same namelist without issues:
<?xml version="1.0"?>
<!DOCTYPE vxml PUBLIC "-//W3C//DTD VOICEXML 2.0//EN" "vxml20-1115.dtd">
<vxml version="2.0" xml:lang="en-US" xmlns="http://www.w3.org/2001/vxml">
<var name="test" expr="'test'"/>
<var name="testEncrypted" expr="'12323132145156'" encrypted="true"/>
<script> <![CDATA[
function getValue(n) {
return n;
}
]]></script>
<form id="Welcome">
<block>
<log>The value of testEncrypted should be encrypted here <value expr="getValue(testEncrypted)"/> but not here <value expr="testEncrypted"/></log>
<audio src="Welcome.wav" />
</block>
<submit next="http://mywebsitehere.com:8080/encrypt/myHandlerScript.jsp" namelist="test testEncrypted"/>
</form>
</vxml>