top of page
Blog article

Blog article

"SecureFileTransfer" Beta version released, a secure file transfer service

(President: Norio Fujita, established in 1983) has released a beta version of "YubiOn SecureFileTransfer," a service that enables secure file transfer as a PPAP measure, on November 30, 2022.


In Japan, when sending a file by e-mail, a zip file with a password is sometimes attached and the password is sent in a separate e-mail (commonly known as PPAP), but this method cannot prevent eavesdropping of e-mails, and it has been pointed out that there are security safety issues such as information leakage. However, it has been pointed out that this method cannot prevent eavesdropping of e-mails and has security issues such as information leakage. However, this method cannot prevent eavesdropping of e-mails, and it has been pointed out that it is not secure against information leaks and other security issues.


YubiOn SecureFileTransfer" enables users to securely transfer files to other parties without attaching files to e-mails.


SecureFileTransfer
Figure1 - SecureFileTransfer - Overview

[PPAP and its problems]

PPAP is an abbreviation for a method in which a zip file with a password is sent by e-mail, and the password is sent in a separate e-mail. This method is widely used in Japan, but is deprecated due to security issues.


The following are some of the problems with PPAP


- Does not prevent third parties from eavesdropping on the network

Even if an e-mail with a zip file attached and the password are sent in two separate e-mails, if the communication path is tapped by a third party, both pieces of information will be compromised.

- It is not a countermeasure against misdirected transmissions.

PPAP is effective to some extent as a countermeasure against misdirects, but it is not a fundamental solution, as it is possible to send both mails by mistake.


- Passwords are easily analyzed

If the zip file is in the hands of a third party, there is a risk that the password can be analyzed through a zip file password analysis tool.


- Malware infection risk

If you routinely exchange files using password-protected zip files, it is difficult to notice attacks that exploit the fact that zip files slip through the checks of antivirus software to send malware in the form of password-protected zip files.


"YubiOn SecureFileTransfer" eliminates these problems related to e-mail attachments.


[Product Overview]

When you want to send files by e-mail, "YubiOn SecureFileTransfer" allows you to transfer files via secure communication (SSL / TLS) and deliver files after confirming the recipient through authentication. There is no need to install or configure software, and all you need is a browser and an email address to use the service.


YubiOn SecureFileStransfer use sequence diagram
Figure2 - YubiOn SecureFileStransfer - Use sequence diagram

[YubiOn SecureFileTransfer Features]

1.Security

SSL/TLS communication prevents third parties from intercepting the communication path. The data storage server where data is stored is encrypted, and limits can be set on the number of days and number of downloads allowed. In addition, login to the service supports multi-factor authentication (TOTP) for secure use.


2.Access control

File access control ensures that only the sender's designated recipients can download the file, allowing the file to be passed on securely. Even if the sender's e-mail address is mistaken, the file can be prevented from being leaked to a third party.


3.Web Console Function

The file upload history can be viewed on the Web console screen, where you can check how many times a file has been downloaded, delete files that are no longer needed, and safely operate the system after uploading.


[Main functions/limitations]

The beta version is only available as a free version.


(1)Data retention period

The retention period for uploaded data is fixed at 3 days.


(2)Upload Size

The file size limit for uploading is 1 GB.


(3)Upload count limit

There is no limit to the number of uploads.


(4)Number of times DL is available

A file can be downloaded up to 15 times.


(5)Authentication at DL

It is possible to set whether or not authentication of the destination user is required when downloading.


(6)transceiver history

You can view the history of files sent and received. (*Only during the download validity period)


(7)MFA Support

MFA (multi-factor authentication) can be configured for service login.


[Future plans]

The official version is scheduled to be released in 2Q2023 or later.


[Operating environment]

Supported Browsers

  ・Google Chrome

  ・Microsoft Edge

  ・Mozilla Firefox

  ・Safari


[Offer price]

The beta version is provided free of charge.


[About the service page]

Please refer to this page for details of the service.


Click here to register for free


 

Click here to see the press release.

Comments


bottom of page