LA Architecture Guide

YRP1-508, 3-4 Hikari-no-Oka Yokosuka-Shi, Kanagawa, 239-0847, Japan

tel.: + 81-(0) 46-821-3362 | cba-japan.com
This document contains confidential information that is proprietary to CBA. No part of its contents
may be used, disclosed or conveyed to any party, in any manner whatsoever, without prior
written permission from CBA.
© Copyright 2023 CBA.

All rights reserved.

Updated: 2022-06-22

Document version: 1.64/1

Contact Information

For technical support or other queries, contact CBA Support at:

[email protected]

For our worldwide corporate office address, see:

https://www.cba-japan.com (Japanese) https://www.cba-gbl.com (English)

© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 2

#Contents

Introduction
Default Architecture
CBA Live Assist Server
Consumer Service
Agent Service
CBA Live Assist Consumer SDKs
CBA Live Assist Agent Console SDK
Customized Architecture
Consumer Service
Agent Service
Operation
Bespoke Consumer Service
Bespoke Agent Service
Co-browse only
Initiation
Destruction
Supported Document Push File Types
Security
Anonymous Access

© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 3

Introduction
Fusion Live Assist provides the components for rapid deployment and integration of voice and
video and co-browsing functionality into existing or new browser and mobile applications. This
document describes the supported architectures, and the ways in which CBA Live Assist can
be tailored for different environments.

CBA Live Assist can provide both voice and video communications with interactive co-
browsing, or if desired, co-browsing only.

© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 4

Default Architecture
CBA Live Assist consists of the following core components:

CBA Live Assist server

Consumer service

Agent service

CBA Live Assist Consumer SDKs (Web, iOS, and Android)

CBA Live Assist Agent Console SDK (Web)

CBA Live Assist requires the Web Gateway provided by the Fusion Client SDK, which it uses
for session token management, and voice and video support where applicable.

CBA Live Assist Server

The CBA Live Assist server is the central point which consumers and agents connect to when
sharing content in co-browsing sessions. A consumer and an agent share the same co-browsing
session, identified by a correlation ID, so that the CBA Live Assist server can pass the data
received from one to the other.

© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 5

Consumer Service

For a consumer to use CBA Live Assist, they must have a session token, which is specific to
that consumer. By default, the CBA Live Assist SDKs create a session token using the
integrated Consumer Service. The Consumer Service creates session tokens on behalf of the
consumer, and returns those tokens to the application on the consumer’s device. The session
token also controls the functionality and capabilities that the consumer can access. Session
tokens created by the Consumer Service do not allow a consumer to receive calls on the
session; a bespoke implementation of the Consumer Service could take that further, and only
allow the user to make calls to a specific destination, the helpdesk number; see the Security
section on page 14.

Agent Service

An agent also requires a session token to use CBA Live Assist. The Agent Service creates
session tokens for each agent using the CBA Live Assist SDK. While a consumer session
token is limited to only making outbound calls, an agent session token is limited to only receiving
inbound calls. A bespoke implementation of the Agent Service can apply further CBA Live
Assist-specific restrictions to the session token; see the Security section on page 14.

CBA Live Assist Consumer SDKs

CBA Live Assist provides SDKs for consumer applications on desktop web browser, and mobile
iOS and Android platforms. The CBA Live Assist consumer SDKs provide simple APIs for
application developers to use, so that with only a few lines of code they can integrate CBA Live
Assist into a new or existing application. By default, each of the consumer SDKs reduces
complexity by making use of the Consumer Service to create and manage session tokens on
behalf of the developer.

CBA Live Assist Agent Console SDK

The Agent Console SDK enables a developer to integrate the CBA Live Assist functionality
into a bespoke or pre-existing Agent Console. There is a subtle difference between the consumer
SDKs and the Agent Console SDK concerning the management of session tokens. The Agent
Console SDK does not make automatic use of the Agent Service to obtain session tokens;
instead, it expects the console to obtain them from the Agent Service and provide them to the
SDK. This allows the console to implement appropriate agent authentication and authorization

© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 6

before creating session tokens to give to the SDK. The standard Agent Console delivered with
CBA Live Assist uses the integrated Agent Service to create session tokens, but it does not
apply any user authentication or authorization.

© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 7

Customized Architecture
You can replace both the Consumer and Agent Services by bespoke implementations to facilitate
tighter integration with existing applications and infrastructure. This allows the deployment of
CBA Live Assist to be tailored to the needs of the business.

Consumer Service

The default Consumer Service provides anonymous access to CBA Live Assist, allowing any
user to use CBA Live Assist from the application. This may not be appropriate in all cases, so it
is possible to disable it, and integrate a bespoke implementation. The bespoke implementation is
responsible for creating and managing session tokens, and for returning a session token to the
application so that it can use it when initializing the CBA Live Assist session.

For example, CBA Live Assist may only be available to users that are logged in to the Web
Application. The server-side Web Application can validate a user to ensure that they are logged
in, then it can create a session token on the Web Gateway with the appropriate user details, and
return that token to the client application on the consumer’s device. The client application uses

© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 8

that token when it initializes the CBA Live Assist Consumer SDK, which uses it to establish the
CBA Live Assist session.

For further details on implementing a Consumer Service, see the following developer guides:

CBA Live Assist Android Developer Guide

CBA Live Assist iOS Developer Guide

CBA Live Assist Web Developer Guide

Agent Service

The default Agent Service provides anonymous access to CBA Live Assist, allowing any user
with access to the Agent Console to receive CBA Live Assist calls and support sessions. If you
need to integrate with an existing agent infrastructure, disable this service and replace it with a
bespoke implementation.

For further details on implementing an Agent Service, see the CBA Live Assist Agent Console
Developer Guide.

© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 9

Operation
This topic describes the sequence of events that establishes a CBA Live Assist session
between a consumer and an agent, when using the integrated anonymous access.

For increased security, anonymous agent access is disabled by default. See the CBA Live
Assist Overview and Installation Guide for details on how to enable Anonymous Agent
Access.

1. An agent must open the Agent Console to receive support calls:

2. Once an agent is available, a consumer can request support:

© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 10

Bespoke Consumer Service

With a bespoke implementation of the Consumer Service, the sequence of events differs slightly
from Anonymous Access:

© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 11

The key difference to note is that it is the responsibility of the Web Application to create the
session token using the Web Gateway; the Web Application passes the generated session token
back to the client application, which provides it to CBA Live Assist during initialization. Due to
the presence of the session token, CBA Live Assist does not try to create a session token itself,
and uses the one provided.

Bespoke Agent Service

With a bespoke implementation of the Agent Service, the sequence of events differs slightly from
Anonymous Access:

© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 12

Co-browse only

CBA Live Assist can be used for co-browsing with the voice and video functionality disabled.
When voice and video is enabled, the integrated Consumer Service allocates the correlation ID,
and the call itself transports it between the consumer and the agent (as the username part of the
consumer’s From SIP address; see the FCSDK documentation for further details), so that they
can join the same co-browse session automatically. When only co-browsing is required, there is
no call present, and it is the responsibility of the application developer to allocate a correlation ID
and signal it, if necessary, to the agent; this typically requires deeper integration into an existing
environment (see the CBA Live Assist Developer Guides for details).

Initiation

© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 13

In the sequence diagram, it is the Web Application that triggers the agent to join a co-browse
session by sending the agent application the correlation ID through some unspecified
mechanism; however, this signal may come from somewhere else (for instance, if the consumer
and agent are communicating independently of the co-browse session, the consumer could send
the correlation ID in that way) and is only shown here for illustration.

When generating a correlation ID, consider the following:

Uniqueness - Different customers must not use the same correlation ID at the same time.

Randomness - The value should be suitably random and difficult to guess. As the integrated
Consumer Service does not authenticate a user, if the correlation ID was easily guessable,
an attacker could guess another consumer’s correlation ID, and eavesdrop on their co-
browse session.

Destruction

Both the agent and consumer can join and leave the co-browsing session independently of each
other; the co-browsing session remains open as long as there is at least one active connection.

© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 14

Supported Document Push File Types
Acceptable document types are: PDF, and the image formats GIF, PNG, and JPG/JPEG.

Security
Security within CBA Live Assist is achieved through:

Socket Security - HTTPS, Secure WebSockets (WSS).

Session Tokens - Session tokens created with restricted policies.

Configuration - Behavior restricted by system configuration, administered by an

administrator.

By default, CBA Live Assist provides anonymous access to both consumers and agents, and
does not implement user authentication or authorization; however, it does take precautions to
allow only the appropriate participants to join a CBA Live Assist session. If you replace either
the integrated Consumer or Agent Services, consider the following items:

JavaScript is in plain text when running in a user’s browser. Consequently, values such as
the correlation ID are readily accessible. As described earlier, a suitably unique and random
value should be used when generating one.

The FCSDK Web Gateway can create session tokens with different degrees of restriction.
We recommend that you create them with as much restriction as possible. See the FCSDK
Developer Guide for further details on the Session Token API and creation of session
tokens. Also see the Consumer Session Creation sections of the CBA Live Assist
Developers Guides.

You should create a server-side Web Application to access the Session Token API exposed
by the Web Gateway and return session tokens to the applications. The Session Token API
should not be exposed publicly through a reverse proxy.

Anonymous Access

© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 15

This section describes the processing performed by the integrated services to serve as a guide
for bespoke implementations:

1. The integrated Consumer Service generates a correlation ID that is suitably unique and
random, in the form of assist- followed by a 25 character alphanumeric string. For example:

assist-m2v7r3jpb0jsk5j28ok4b5o4s

2. When the consumer’s device establishes the co-browse session to CBA Live Assist, CBA
Live Assist verifies that the specified session token is authorized for the correlation ID,
rejecting the connection if not:

© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 16

© 2023 CBA | All Rights Reserved | Unauthorized use prohibited. Page 17