Most of the existing secure transaction products provide security only between two participants, either user-to-user or user-to-server. However, new secure transaction concepts, applications, and requirements go beyond those simple network arrangements, and often include multiple participants or multiple network components. In such a scenario, in order to complete a transaction, users/servers must interact with more than two parties in real time. Therefore, security products for such transactions must also simultaneously support multiple participants.

OneGroup™ has the following features:

• A Security Infrastructure for OneGroup™ applications is provided by the OneSec™ product comprising registration, certification, smart cards and secure platform components, various security objects and security protocols;
• Group Key Distribution Protocol which is based on the Group Secure Association Key Management Protocol (“GSAKMP”) standard.
• Four secure group applications are:
  • Secure Messaging (Completed)
  • Secure Whiteboard,
  • Secure Documents Exchange, and
  • Controlled and Secure Email system, each providing some aspect of secure group communications.

OneSec™ is the existing security platform for development and run-time support for the various secure applications.

OneGroup™ server is used by the Group Administrators, GCs and SCs:

• to configure and certify the server and to register GCs and SC on the particular server;
• to establish, maintain, synchronize and destroy groups through OneGroup server administration interface, and
• to distribute group keys through GSAKMP messages exchanged with OneGroup clients.

OneGroup™ client is used by GMs:

• to exchange GSAKMP messages with the OneGroup server, and
• to support secure group applications through appropriate APIs to access and use GSA keys.

The architecture of the OneGroup system and secure messaging application is shown below. Although all participating entities, servers and clients, are located in one “plane”, they are shown in a form of a hierarchical arrangement to emphasize their logical relationships.

Various relationships and transactions are shown in different colours: black transactions represent authorizations of SCs by the GCs. Red represents administration functions performed by GC and SCs at the OneGroup™ servers. Exchange of group keys between OneGroup™ servers and GMs are shown in blue, while secure group transactions are shown in green.

OneGroup™ server runs on Windows but in future will run on and will be tightly integrated with SELinux (Secure Linux). SELinux provides mandatory access control architecture incorporated into Linux kernel through separation of information based on confidentiality and integrity requirements.