Jive Genius Recommender Service Security and Privacy

If you have enabled the Recommender Service (it is enabled by default), your Jive instance will periodically collect information about users' behavior and send it to the service hosted in Jive Software's United States data center. The Recommender Service relies on state-of-the-art security technology, including a multi-stage encryption process that uses a powerful AES-256 encryption algorithm, to ensure your data is secure and private. Your instance locally encrypts your data into tokens using your unique customer key. This key is available only on your instance. Therefore, it is impossible for the Recommender Service to decrypt any of your data. The Recommender Service processes only data from keyword counts, content types, and user and content relationships.

Before any data is submitted to the Recommender Service, all textual data (subject and content) is processed for efficiency and security. First, keywords for the content in your instance are calculated locally and then encrypted with a unique key stored locally and known only to your instance. Then, your local instance collects activity data about how users have interacted with content, people, and places within your community. The activity data and keywords are then further encrypted and transmitted to the Recommender Service over a secure SSL channel.

The Recommender Service determines that multiple people are interested in the same encrypted keyword without knowing the true value of the keyword. The Recommender never processes the actual textual content from your instance; it processes encrypted data. In addition, the data sent to the service cannot be reversed in the Recommender. This allows the Recommender to provide social intelligence about what users find interesting without requiring access to your sensitive business data. Results are then returned to your instance, decrypted locally as necessary, and delivered to your community users.

Recommender Service Encryption Example

Jive Software will never request that you share with us your cryptographic keys.

Here is an example of how the encryption process works. A document with the body "The quick brown fox caught a brown duck" would decompose into a term histogram consisting of:

Term Count
quick 1
brown 2
fox 1
caught 1
duck 1

Before the histogram is submitted to the Recommender Service, the Activity Engine performs a symmetric encryption of each term for a given activity. Note that not all activity has terms and not all terms are preserved in this process. After encryption and term extraction, the data above would appear similar to this:

Term Count
f8245fe13f2c4b6ca67008f40e73db44 1
bc02301ef10e49dfaeb54b29524dfbd3 2
c6c93f55cd1844e88aa8b671cd8fa4d3 1
c02d9cc6a07b406d84cc-b1a44b2f60d6 1

In this case, the word "quick" has been encrypted (using AES-256) into the raw binary sequence "f8245fe13f2c4b6ca67008f40e73db44". After encryption, only the Activity Engine that created the encrypted data has the cryptographic material necessary to unencrypt the data. This encrypted token is then hashed using JenkinsHash, which turns "f8245fe13f2c4b6ca67008f40e73db44" into a 64-bit number. At no point does the Recommender know how to convert the 64-bit number back into "f8245fe13f2c4b6ca67008f40e73db44", nor can it convert "f8245fe13f2c4b6ca67008f40e73db44" back into "quick".