tiCrypt Features Overview

tiCrypt provides a broad set of features supporting a wide range of secure data-processing use cases. This section highlights core features most relevant to first-time users, with examples commonly used by U.S. and Canadian defense contractors.

tiCrypt Front-End Components

The tiCrypt front end consists of three primary components:

• Vault
• Virtual Machines
• Management

Vault

The Vault functions similarly to a cloud file system (e.g., Google Drive), but is end-to-end encrypted. It stores files and directories uploaded from a user’s local machine and ensures data remains protected at rest and in transit.

Sharing

Users can securely share files or directories with other users. Sharing can be:

• Time-bound
• Restricted to viewing, downloading, or editing

Data can also be imported into the Vault via:

• Dropbox, Google Drive, OneDrive, and Box
• SFTP for large-data transfers

Inboxes

Inboxes provide the simplest way to receive data from external individuals or organizations that are not part of the tiCrypt environment.

• Each inbox generates a secure upload link
• Uploaders use a browser or SFTP (for large transfers)
• Uploaded data lands directly into the user’s Vault

Groups

Groups allow multiple users to collaborate securely.

• Groups are cryptographically encrypted user assemblies
• Each group has a shared folder
• Data shared within a group is accessible only to group members

Projects

Projects restrict access to sensitive files and directories.

• Files and folders can be tagged to a project
• Only project members may access tagged content
• Projects can enforce security requirements

Security requirements are bundled into security levels. Only users who satisfy all requirements of a security level can access the data.

Project owners can optionally restrict:

• Viewing
• Editing
• Downloading

Virtual Machines

Virtual machines (VMs) are secure, isolated desktop environments running entirely within tiCrypt’s controlled infrastructure.

Within a virtual machine, users can:

• Run applications and tools
• Process sensitive datasets
• Edit documents, code, spreadsheets, and presentations
• Browse the web in a monitored and restricted environment

By isolating computation from user endpoints, virtual machines significantly reduce the risk of data leakage.

Cluster VMs

For large-scale or compute-intensive workloads, tiCrypt supports clustered virtual machines:

• Multiple virtual machines can be interconnected
• Multiple users can collaborate on shared compute resources
• Compute, memory, and storage can be pooled to handle complex tasks

Terminals

Virtual machines provide flexible terminal access, including:

• Direct command-line access
• Multiple concurrent terminal sessions
• Parallel workflows across multiple virtual machines

Transfers

Virtual machines are designed to securely handle data movement:

• Encrypted local drives protect data at rest
• Seamless transfers to and from the Vault
• Vault mirroring ensures encryption during transit and storage

Virtual machines also support direct SFTP transfers from:

• External servers
• Local machines

This enables efficient ingestion and processing of large datasets without compromising security.

Restricted Virtual Machines

Virtual machines containing sensitive data can be explicitly bound to projects.

• Only authorized project members may access the VM
• Access is enforced consistently with project-level security controls

Management

tiCrypt provides a comprehensive management layer designed to support secure administration at scale.

Teams

All users and administrators operate within teams.

• Teams are access-controlled
• Teams are managed by administrators

Managed Objects

Administrators can delegate operational responsibility by assigning:

• Teams
• Groups

to sub-administrators, enabling controlled and scalable delegation.

Profiles

Administrators assign profiles to users to define permissions and system access.

Profiles determine:

• Which features users can access
• Which system components are available (Vault, Virtual Machines, Management, and others)

Projects (Admin View)

Administrators manage project-level security and access restrictions.

• Users may require certifications to meet project security requirements
• Projects enforce access rules consistently across files, groups, and virtual machines

Certifications

Administrators can issue certifications to users.

• Certifications act as verifiable proof that users meet specific requirements
• When required certifications are met, users gain access to project data

Notes:

• Projects are access-controlled
• Groups are cryptographically enforced
• Both mechanisms can be combined

Scaling Techniques

tiCrypt supports multiple scaling strategies:

• Multiple groups under a single project tag, enabling isolated collaboration
• Large groups with directories tagged to different projects for parallel, independent workflows

Subprojects

Subprojects enable hierarchical organization within projects.

Example:

• A parent project represents the main component
• Subprojects represent individual subcomponents

This structure supports complex, multi-stage workflows.

Virtual Machine Administration

tiCrypt’s virtual machine infrastructure is composed of layered components, including:

• Realms
• Hosts
• Pools
• Servers
• Volumes
• Profiles
• Hardware configurations
• Images, drives, and VM definitions

These layers integrate with the backend to deliver secure and flexible compute environments.

Settings

Organizations can customize:

• Branding and themes
• Email templates
• CUI banners
• Terms of service
• Custom metadata fields

Auditing

Auditing is implemented as a dedicated, permanent subsystem.

It provides:

• Alerts across all system layers
• Prebuilt compliance reports
• SQL-based query access to event logs
• A complete, immutable audit trail