Transfer
What is the Purpose of the File Transfer Hub?
The role of the File Transfer Hub is to move your files and directories securely between your vault, local machine, virtual machine, SFTP accounts, and cloud.
The settings of the file transfer hub allow you to manage all your vault-connected accounts from one place. You can perform logouts by deleting the registered credentials, mount or unmount drives connected to your vault, and manage multiple cloud accounts simultaneously.
You can control who is accessing a file by classifying it. However, only users with special permissions can declassify the files.
Can I Transfer a File Tagged by a Project?
You can transfer a file tagged by a project if you are a certified member of the project, the file has been specifically shared with you, and you have the permissions to perform this action.
Can I Project-Tag a File or Directory from the File Transfer Hub?
You can project-tag a file or directory from the File Transfer Hub if you are a certified member of the project that you want to tag the file or directory with. If you are not in the project, you cannot view it at all.
Follow the instructions in Tag a file with a project.
Why does tiCrypt Implements the Transfer from Cloud Services Into the Vault?
Files on a user's local machine pose compliance liabilities. The institution must explain to the NIH, NSF and DoD how they destroy the files copies left on users' local machines. To ensure compliance, all data should be stored in the tiCrypt Vaults and encrypted drives.
Once a file is in Vault, regardless of its origin (Box, Google Drive, OneDrive, local machine, SFTP) the user can compute the SHA-256 for all files.
What are the credentials & buckets/drives settings in the Vault “Local Transfer” about?
Credentials and buckets/drives enable direct data transfers from free cloud services like Google Drive, OneDrive, Dropbox or Box to your Vault, bypassing your local machine entirely.
- Transferring from Vault operations is not connected to your VM configurations.
- tiCrypt does not support Amazon S3 direct transfers.
Why am I unable to transfer data from my Vault to my cloud provider using 'local transfer' function?
The tiCrypt local transfer function is read-only.
You cannot move files from the Vault to OneDrive, Google Drive, or Dropbox due to data exfiltration prevention.
Follow the instructions to transfer data externally from cloud services such as Dropbox, Google Drive, OneDrive, Box or other SFTP clients.
into the Vault.
What is the Difference between "SFTP Account" Mechanism in the File Transfer Hub in the Vault and the "SFTP to VM" Mechanism in the Virtual Machines section?
What is the Difference between "SFTP Account" Mechanism in the File Transfer Hub in the Vault and the "SFTP to VM" Mechanism in the Virtual Machines section?
The SFTP mechanism in the Vault serves the data ingress from an external SFTP server that you can connect to in order to bring data into your Vault. Data in your Vault is isolated and encrypted and will have to be moved into your VM via File Transfer Hub > Transfer in order to use it and process it.
The SFTP to VM mechanism serves the purpose of bringing data directly into your VM which will be ready to be used and processed.
What are the SFTP Mechanisms in tiCrypt?
There are four uniquely different SFTP mechanisms in tiCrypt to allow full control of user behaviour. tiCrypt understands user circumstances and implements multiple ways to securely bring data into its system. Based on the core principle of "The Least Privilege," users are provided with different mechanisms for data ingress and egress.
1. The SFTP to VM Mechanism
- You must have access to VM and use the VM tunnels
- Data is written on the drives of the VM directly which is highly efficient for direct transfers requiring immediate processing.
- You must be an active User and have SFTP & VM permissions in place.
- Used typically to bring data in from your local machine.
2. The SFTP in the Vault, File Transfer Hub Mechanism
- This mechanism is designed for external collaborators without any other access to the system.
- Exceptionally controlled, only allowing data into the Vault via browser.
- You can use this for external collaborators who have nothing in common with tiCrypt.
- The same mechanism applies to inboxes.
Inboxes are designed exclusively for external collaborators to bring data into the Vault, whereas the File Transfer Hub allows you to access and transfer data into your Vault.
3. The SFTP Account in the Vault, File Transfer Hub Mechanism
- This mechanism allows you to log into an external SFTP server from your Vault.
- Securely transfer data from the external SFTP server into the Vault.
- The moment the data leaves the external SFTP server it is under tiCrypt's layer of protection and encryption.
4. SFTP Driver to SFTP
- This mechanism allows data egress from the Vault to an external SFTP server.
- Only active Users can perform transfers using this mechanism.
Real Scenario:
If your inbox receives malware, it is fully isolated and cannot cause harm because the backend does not have access to the Vault data, which is fully encrypted. When the malware is being transferred into a VM, it might try to attempt harming, however, due to VMs anti-malware protection, the malware cannot survive the infrastructure.
The browser used for inboxes will also prevent any malware from being uploaded in the first place.
What is the cryptographic mechanism when sending a file?
Sending a file involves combining the fingerprint of your key with your private key
fingerprint + private key = digital signature
Once the digital signature is generated it is sent to the other user end.
- You cannot perform anything in the system without your private key.
- The private key is only known to you.
You do not need to perform any actions on the front end; the transfer process occurs in 0.1ms.
How do I transfer data between the Vault and my local machine?
1. Vault to Local Machine Transfer
Follow the instructions from the Download Files and Directories in tiCrypt.
2. Local Machine to Vault Transfer
Follow the instructions from the Upload a File Locally.
What is the Data Transfer Mechanism from Vault to a Virtual Machine?
When you transfer files from your Vault to a Virtual Machine, tiCrypt creates a copy of your files, leaving the original files in the Vault. The VM where you move the files to/from must be Connected.
What is the Difference Between Downloading Data from a VM and Transferring Data from a VM via the File Transfer Hub?
When you download data from a VM, you are moving the data to your local machine. This is considered bad practice for data security and should only be used in very rare scenarios.
When you transfer data from a VM via the File Transfer Hub, you are moving the data to another virtual machine. This is good practice for data security and should be your priority when processing or working with data.
What is the Purpose of "SFTP Read Write" and "SFTP Read Only" Options in the File Transfer Hub?
The SFTP Read only allows you to move data into the Vault from an external source. It is less restricted because it is safe to bring data into the Vault. The SFTP Read write allows you to move data out. This is highly restricted and controlled by a super-admin-only mechanism in system settings because it can exfiltrate data.
What is the Purpose of Symbolic Links?
Symbolic links allow a file or a directory to be accessible from another location.
You can use symbolic links when performing an SFTP transfer to a specific location or when transferring data to a specific directory in a drive.
What are the letters in front of drives and access directories when transferring data between the Vault and the VM?
Letters in the drives or access directories represent the slots in the file tree during transfers between the Vault and the VM. The purpose of letters is to manage the drive and access directories allocation of resources.
What is best practice to move larger files to or from the Vault?
For large or unused files in the Vault, use the SFTP transfer feature to move them.
How to prepare my Vault for a classified project transfer from a Virtual Machine?
Create a directory in the Vault with the same tag to transfer files from the tagged VM into the Vault. After moving the files into the vault, you can either share them with new users or declassify them.
If a file is tagged by a project with a higher classification than the VM, it cannot be transferred from the Vault to the VM.
What is the Dynamics Between Transfering Tagged Vs. Untagged Resources Into Tagged Virtual Machines?
| Resource | Transfer Destination | Output |
|---|---|---|
| Unlocked | Unlocked (no tag) VM | Unlocked Resource |
| Unlocked | Project-Tagged VM | Project-Tagged Resource |
| Project-Tagged | Unlocked (no tag) VM | N/A |
| Project-Tagged | Same Project-Tagged VM | Same Project-Tag Resource |