SECURITY
Our Comprehensive Approach to Security

Yugma is truly different from other web conferencing solutions, especially in terms of size, simplicity, and cross-platform support. Yugma's security advantage, however, is perhaps the most important difference. With Yugma, security includes: protecting the privacy and integrity of your meeting and data; protecting hosts, participants, and the Yugma service itself from potential compromises. Yugma assures the privacy and integrity of your meetings through the exclusive use of SSL to encrypt all meeting content. Yugma uses SSL to encrypt all data, including application sharing content and public and private chat in both inbound and outbound communications. This method guarantees that meeting data cannot be interpreted or altered by someone eavesdropping on the Internet.

The Yugma client download is certified by Verisign, and assures the identity of the Yugma download and service. Yugma uses full 128 bit encryption for all transactions (all e-commerce, data communication, meeting data, and authentication related informational transactions). Yugma architecture further provides for a central server level authentication for valid users (hosts/presenters), and a meeting-identification for all participants for attending a meeting. This randomly generated nine-digit meeting identifier makes any un-authorized attendance of a Yugma meeting prohibited, unless the host/presenter has somehow communicated the meeting-ID to the prospective participant. Although the client resides on the client computer, there is no way someone from the outside could connect to the computer using Yugma, without proper authentication at the central server.

Yugma's architecture assures and encompasses a robust security model allowing for user and participant authentication for any access to any meetings and related data, and offers the maximum possible security model for conducting all meetings. Yugma security is further enhanced by virtue of its end to end implementation in Java and leveraging its security benefits on both the server and the client applet. Inherently, implementation in Java provides protection against buffer overflows. Every buffer access is preceded by a check to ensure the area accessed is within the legal bounds of the given buffer. Java does not allow reading or writing to arbitrary locations in memory, thus eliminating possibilities of overflow attacks.

Yugma uses a digitally signed Java applet to launch the Yugma application. The Yugma applet has been digitally signed by a trusted authority, (such as Verisign, as an example).

For a participant to be able to share their desktop they would need to request and be granted permission from the Yugma host client applet. But such permission is not required to join a Yugma meeting (solely as a participant), as it is with other solutions. Even the meeting host may decline the permission request and still run a meeting. Yugma offers the flexibility of the meeting host to optionally choose the "show only" mode for all participants, so people aren't prompted for permission when they join in.

Most other web conferencing/collaboration clients run not as Java applets but as browser "plug-in". Irrespective of how they run, there is a download of client code on your computer. The browser plug-ins lack Java's security benefits, including protection from buffer overflows. Upon installation, the plug-in requests your permission, just like with the Yugma client applet download. Yugma, however, is an all-or-nothing proposition: if you don't "trust" the installation, it stops and you cannot join the meeting.

A secure client is worthless with an insecure server. Like the Yugma client, the Yugma server is written entirely in Java, so it too benefits from Java's security advantages. In addition, multiple layers of facility, hardware and software protection assure the safety of the Yugma servers. Yugma (SaaS) service is hosted at a top tier provider which provides for a high level of security and reliability through video surveil- lance, firewalls and locked cabinets, and creates a necessary secure shell around Yugma.

Finally, Yugma even considers details like cookies and JavaScript (also called "Active Scripting"; not the same as Java). Some users disable cookies because they can compromise privacy. Neither cookies nor JavaScript need be enabled to participate in a Yugma meeting. The cookies are external to the Yugma meeting details and are for ease of use of returning customers to attend meetings in the future.

In the critical area of security, Yugma is truly unique. Yugma made security complete and standard, not an option, not an afterthought, whether you choose to internalize Yugma inside the firewall, or use it as a service outside your firewalls.