Recommender Service security and privacy
Here you can find an overview of the Jive Genius Recommender Service security and privacy.
If you have enabled the Recommender Service (it is enabled by default), your Jive instance periodically collects information about users' behavior and send it to the service hosted in Jive Software's data center. This service is delivered from a secure data center in the United States. The Recommender Service relies on state-of-the-art security technology, including a multi-stage encryption process that uses a powerful AES-256 encryption algorithm, to ensure your data is secure and private. Your instance locally encrypts your data into tokens using your unique customer key. This key is available only on your instance. Therefore, it is impossible for the Recommender Service to decrypt any of your data. The Recommender Service processes only data from keyword counts, content types, and user and content relationships.
Before any data is submitted to the Recommender Service, all textual data (subject and content) is processed for efficiency and security. First, keywords for the content in your instance are calculated locally and then encrypted with a unique key stored locally and known only to your instance. Then, your local instance collects activity data about how users have interacted with content, people, and places within your community. The activity data and keywords are then further encrypted and transmitted to the Recommender Service over a secure SSL channel.
The Recommender Service determines that multiple people are interested in the same encrypted keyword without knowing the true value of the keyword. The Recommender never processes the actual textual content from your instance; it processes encrypted data. In addition, the data sent to the service cannot be reversed in the Recommender. This allows the Recommender to provide social intelligence about what users find interesting without requiring access to your sensitive business data. Results are then returned to your instance, decrypted locally as necessary, and delivered to your community users.
Recommender Service encryption example
Here is an example of how the encryption process works. A document with the body "The quick brown fox caught a brown duck" would decompose into a term histogram consisting of:
| Term | Count |
|---|---|
| quick | 1 |
| brown | 2 |
| fox | 1 |
| caught | 1 |
| duck | 1 |
Before the histogram is submitted to the Recommender Service, the Activity Engine performs a symmetric encryption of each term for a given activity. Note that not all activity has terms and not all terms are preserved in this process. After encryption and term extraction, the data above would appear similar to this:
| Term | Count |
|---|---|
| f8245fe13f2c4b6ca67008f40e73db44 | 1 |
| bc02301ef10e49dfaeb54b29524dfbd3 | 2 |
| c6c93f55cd1844e88aa8b671cd8fa4d3 | 1 |
| c02d9cc6a07b406d84cc-b1a44b2f60d6 | 1 |
In this case, the word quick has been encrypted (using AES-256) into the
raw binary sequence f8245fe13f2c4b6ca67008f40e73db44. After encryption, only
the Activity Engine that created the encrypted data has the cryptographic material necessary to
unencrypt the data. This encrypted token is then hashed using JenkinsHash, which turns
f8245fe13f2c4b6ca67008f40e73db44 into a 64-bit number. At no point does the
Recommender know how to convert the 64-bit number back into
f8245fe13f2c4b6ca67008f40e73db44, nor can it convert
f8245fe13f2c4b6ca67008f40e73db44 back into quick.