An Introduction to Groove Security Services

1. An Introduction toGroove Security Services

2. Introduction This presentation introduces how Groove provides broad and deep security services for small group interaction. It is intended for a business audience with an interest in security. For a more in-depth analysis and explanation of the full Groove security architecture, please see the complete set of documents on http://www.groove.net/feature/security/

3. What customers ask about Groove security • Is the content and activity of a Groove shared space confidential? • How do I know that only authorized (authenticated) users have access to a shared space? How do I know they really are who they say they are? • How do I guard against the inadvertent or malicious spread of viruses or rogue components?

4. ConfidentialityIs the content and activity of a shared space confidential? Transceiver Transceiver Shared Space Shared Space Shared Space Shared Space Tool Tool Tool Tool Tool Tool Tool Tool Security Security XML Object Store XML Object Store XML Object Routing XML Object Routing (encrypted) (encrypted) (encrypted) (encrypted) • All content (“deltas”) is encrypted and stored in Groove’s local XML object store • Encrypted deltas are queued for routing and sent across the network. • Encrypted deltas are stored locally in the XML object store of the other member(s) of the shared space. • Unencrypted content is never “in the clear” on the network

5. ConfidentialityIs the content and activity of a shared space confidential? • Strong encryption – 192 bit • Data is encrypted on the disk AND on the wire • Passphrase • Account information is encrypted in your passphrase • strongly recommend a well defined passphrase alphanumeric

6. What customers ask about Groove security • Is the content and activity of a Groove shared space confidential? • How do I know that only authorized (authenticated) users have access to a shared space? How do I know they really are who they say they are? • How do I guard against the inadvertent or malicious spread of viruses or rogue components?

7. AuthenticationHow do I know only authorized users have access to a shared space? • Andrew sends an Email invite to Kathleen • Kathleen receives the email with an attachment (the invitation file) and text. Partner Sales Training.GRV (4.88 KB) Kathleen Bissonnette • Kathleen sees in the Groove invitation file that Andrew is the invitor. Andrew Mahon Partner Sales Training “Partner Sales Training.GRV” • By accepting, Kathleen receives Andrew’s public key • By accepting, Kathleen sends to Andrew her public key • All future instant messages and invitations are authenticated

8. Authentication – Voice AnnotationHow do I know they really are who they say they are? • The sender can “self-authenticate” by using voice annotation. When Kathleen listens to the voice attachment, she can “hear” that the sender is indeed Andrew. Kathleen Bissonnette Andrew Mahon Partner Sales Training

9. Authentication – Digital FingerprintsHow do I know they really are who they say they are? • Kathleen can also check Andrew’s digital fingerprint. • The fingerprint is computed locally on Kathleen’s machine. • Andrew’s fingerprint is saved as part of Andrew’s contact information stored on Kathleen’s system. • For any subsequent invitation from Andrew, Kathleen can check to see if the fingerprint in the invitation matches the fingerprint in Andrew’s vCard.

10. What customers ask about Groove security • Is the content and activity of a Groove shared space confidential? • How do I know that only authorized (authenticated) users have access to a shared space? How do I know they really are who they say they are? • How do I guard against the inadvertent or malicious spread of viruses or rogue components?

11. Component Management – User ControlHow do I guard against viruses or rogue components? Used for viewing CAD drawings CAD Viewer Tool “add the CAD Viewer to the shared space” Andrew Kathleen • Any member can add new tools and functionality to a Groove shared space. • When Andrew adds a CAD Viewer Tool to the shared space, Groove automatically tells the other members’ shared spaces to add the CAD Viewer Tool as well.

12. Component Management – IT ControlsHow do I guard against viruses or rogue components? signed components signed components • Members do not send tools to each other; they send commands to add a tool. • If a member already has the tool installed locally, Groove simply adds the tool to the shared space. IT Controls components.groove.net “ add tool ” Other component servers Andrew • If a member does not already have the tool installed, Groove automatically locates the tool on a component server, downloads and installs the tool, and adds it to the space. • All components are digitally signed. • IT managers can limit which components users are able to download, balancing end user control and flexibility with corporate security guidelines.

13. Summary • All content and activity in a Groove shared space is confidential, regardless of user indifference • Only authorized (authenticated) users have access to a shared space. Groove includes additional techniques to ensure authentication. • Groove component management services guard against downloading of unauthorized tools.