Abstract

Realtime, low-latency voice assistants are increasingly built on WebRTC: the browser negotiates a peer connection directly with the model provider's realtime endpoint and streams audio over SRTP/DTLS, bypassing the application server entirely for the media path. This delivers sub-second latency but destroys the enforcement point that data-loss-prevention (DLP) and cloud-access-security-broker (CASB) systems rely on. A prompt-DLP proxy inspects HTTP request and response bodies; it can neither decrypt nor even observe a WebRTC audio stream that never traverses it. The result is an enforcement blind spot precisely where the most sensitive channel — a natural-language voice conversation with a persona that may carry proprietary instructions — operates. This publication discloses an architecture that resolves the blind spot by relocating policy enforcement to the single server-side choke point that the WebRTC bootstrap cannot avoid: the minting of the short-lived ephemeral credential (an "ek" token) that the browser must present to open the session. The credential is bound by the provider to the model identifier and the composed system instructions at mint time; therefore gating the mint gates the whole session. Before minting, the server runs the composed persona instructions through an egress guard whose policy set can allow, redact (mint against sanitized instructions), block (refuse to mint — no credential, no session), or downgrade the request to a tracked, server-observable voice transport by returning HTTP 403 with a redirect. A FAILCLOSED flag converts guard errors into session refusals rather than silent un-gated sessions. We describe the mechanism, a reference data model, a worked example, the delta over prior art, and enabling claims. This document is published as prior art to prevent the mechanism from being patented by others.

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.

Share

COinS