Data Security in Improov 3.7April 10, 2019
Back to the future
The voice chat integration in Improov 3.5 brought us one step closer to the easiest setup we could have for the creation of a collaborative meeting.
With each Improov release, we aim to ease collaboration between all co-workers, engineers and non-technical teams. We want to make collaboration easier, faster to set up, and also as secure as possible.
In this article, you will find information about our security policy and the processes we set up so that your data can be transmitted securely.
SessionID: an Easier and More Secure Way to Join Improov Sessions
In Improov 3.6, we decided to add the sessionID feature so the connection process would be more user-friendly. You can still find this feature in Improov 3.7.
SessionID is a central server working as a directory connecting Improov users. The session host will retrieve a unique session identifier and transmit it to his guests. Thanks to this identifier, guests will be able to connect to the session host without showing all the technical details.
All connections are using secure websockets, which means that what users say through voice chat and all the actions made during the session will be transmitted encrypted.
Automatic Model Transmission: Send and Download Models Automatically and Securely
Thanks to the Automatic Model Transmission feature, collaborating in Improov is even more simple. Indeed, before Improov 3.7, all collaborators needed to have access to the same 3D model file. It could sometimes involve using a shared network drive, or applying a complex procedure to send the CAD model before the meeting.
Automatic Model Transmission now allows users to send 3D CAD models to collaborators, automatically and securely. Session host can optionally activate Automatic Model Transmission and set up a special password to encrypt 3D data. Then, when collaborators join the collaborative session, the 3d model will automatically be downloaded.
With Great Power Comes Great Responsibility
CAD models are sensitive data, and we designed an appropriate security policy. First of all, to limit risks and liability, we transmit as less data as possible to other collaborators. We won’t transmit your CAD models native files, but only a 3D representation. Construction history, boundary representation and precise tolerancing will not be transferred. We will only relay tessellated data reconstructed from your original CAD parts, product tree and textures.
Besides empowering your data security, our policy also leads to faster download times and an overall better user experience.
In addition to this policy, we worked with cyber security experts to design an appropriate protocol to transmit your data securely.
The end-to-end encryption is at the root of our Automatic Model Transmission feature. Your model is encrypted on your computer with the password you provided. The model can then be securely sent over the websecure communication channel. Your encrypted model is not stored on our server disk, but only in the memory of the server application.
Furthermore, we asked for an evaluation of our server by a French cyber security company which concluded that we respect the current security recommandations.
For More Details
If an intruder managed to get access to our secure server computer, he would have to hack our server application to access the encrypted data in memory. The intruder would then have to decrypt the data, but it is nearly impossible. It also means that even we can not access your data. As soon as your session ends, we delete the data from our server.
For the nifty details, we use the PBKDF2 algorithm to generate a robust key from a model password. This key is then used by Improov to encrypt data with AES algorithm. The model password is never transferred to our server, even on a hashed form. This does mean that you are responsible for transmitting your model password in a secure way. For example, you can use your internal company chat, encrypted mail, or any tool that your team generally uses to transfer secure messages.
Here is a scheme recapitulating our security approach:
Respecting Your Company Security Policy
We understand that each company has a different security policy. If using an external server is not an option, the local private server is of course still working. However, keep in mind that it will not include the sessionID protocol, so you will need to use an IP address in order to connect to your collaborators.
You can also buy a private sessionID server that we will install on your own private company network to benefit from both using the sessionID feature and respecting your company security policy.
Any Questions Left?
Feel free to contact us if you have any questions about our security approach or Improov use cases and benefits:
This is only our first version of Automatic Model Transmission, stay tuned for future improvements by subscribing to our newsletter:
Share this article
About usMiddleVR is a VR company focused on professionals founded in 2012.
NewsletterSubscribe to our newsletter
Creative Valley 11 rue Carnot, 94270 Le Kremlin-Bicêtre
Lü Di Shang Wu Building
No 1258 Yu Yuan Road, Room 1805
200050 Shanghai, ChinaApril 10, 2019