tiCrypt Vault Overview

Store and share encrypted data within the tiCrypt Vault.

Overview

  • Introduction to the three core components: Vault, Virtual Machines, and Administrator Tools.
  • How end-to-end browser-based encryption protects sensitive data.
  • File uploads, organization, and secure sharing with users and groups.
  • Cryptographic isolation of groups and strict access separation.
  • Project tagging and compliance-driven access controls for sensitive data.
  • Secure external file intake using one-way Dropbox-style links.
  • High-level overview of encrypted Virtual Machines for secure processing.
  • Administrative governance, resource allocation, and private key escrow recovery.
Platform Overview

tiCrypt is a secure platform designed for organizations working with sensitive data, including Controlled Unclassified Information (CUI). The system consists of three tightly integrated components: the Vault, the Virtual Machines, and the Administrator Tools. Together, these components create a secure, end-to-end encrypted environment that supports NIST 800-171 and CMMC Level 2 requirements.

This demo focuses on the tiCrypt Vault, the secure storage and collaboration layer of the platform. In upcoming videos, we explore how Virtual Machines extend this environment into secure processing and isolated compute workflows.

Vault: Secure File Storage

The tiCrypt Vault provides functionality similar to Google Drive, allowing users to upload, organize, and share files. Users can create folders, drag and drop documents, and preview supported file types such as PDFs directly in the browser without downloading them.

Unlike traditional cloud storage solutions, tiCrypt enforces end-to-end encryption. All encryption and decryption occur in the user’s browser before data reaches the server. This ensures that even backend administrators cannot access file contents.

Users, Groups, and Cryptographic Isolation

The platform supports both individual users and cryptographically isolated groups. Users can access their own files, while groups enable secure collaboration across teams.

Group isolation is enforced at the cryptographic level. Membership in one group does not grant access to another group’s files, even with backend system access. This architecture supports strict segmentation policies required in regulated environments.

Secure File Sharing Controls

Files and folders can be shared with individual users or entire groups. Administrators can configure expiration dates, revoke access at any time, and restrict permissions based on operational requirements.

Resources can also be tagged with projects. When a file, folder, or group is associated with a project, predefined security policies apply automatically. This is particularly useful for enforcing CUI handling requirements, such as restricting downloads to prevent sensitive data from reaching unmanaged endpoints.

CUI Protection and Endpoint Scope Reduction

For organizations handling CUI, preventing data from touching local hard drives is critical. Once CUI is downloaded to an endpoint, that device may fall into compliance scope, significantly increasing operational burden.

tiCrypt allows administrators to enforce policies that keep sensitive data within the encrypted environment, aligning with secure VDI strategies and minimizing compliance exposure.

Secure One-Way Upload (Encrypted Dropbox)

The Vault can be configured as a secure dropbox, allowing external parties to upload files through a controlled URL. Administrators can define expiration periods, file size limits, and additional constraints.

This functionality enables secure one-way data intake. External users cannot view Vault contents; they can only submit files. This design supports secure collaboration with vendors, partners, and clients without expanding system exposure.

Virtual Machines and Secure Processing

Beyond storage, tiCrypt includes a Virtual Machine environment for secure data processing. Users can create drives, attach them to virtual machines, and install required software within isolated compute environments.

Access is provided through encrypted tunnels using RDP or terminal sessions. Virtual machines are disconnected from the public internet and accessible only to authorized users. This ensures secure processing of sensitive workloads within a controlled, end-to-end encrypted architecture.

Administrative Controls and Key Escrow

The Administrator Tools provide centralized management of users, teams, resource allocation, and project tagging. Teams allow structured allocation of compute and storage resources across departments or programs.

tiCrypt also integrates a secure key escrow mechanism. When a new user is created, their private key is split into multiple parts and distributed to designated recovery groups. This enables controlled restoration of access without compromising end-to-end encryption principles.