FTAPI

The FTAPI (ɛfʈɐpi) Software GmbH (File Transfer Application Platform for Integration) is a Munich-based company that offers solutions for professional data transfer and data storage develops and sells. With the help of the SecuPass process, data of any size can be transmitted ad hoc end-to-end encrypted . The secure exchange of data is not limited to users of the same software, but works with all people or companies, regardless of whether they encrypt their data. The customer decides for himself whether he wants to run the products on his own server ( on premises ) or use the FTAPI cloud server ( on demand ). FTAPI's concept is to combine security with user-friendliness.

Company history

Stephan Niedermeier, today's CTO of FTAPI, worked as a freelance consultant during his studies. He often encountered problems transferring large data. With the aim of sending files of any size as easily and securely as possible, Niedermeier developed the software prototype in 2009. The concept received an award at the Munich Business Plan Competition for its innovative approach and was subsequently supported by several funding programs. The company was founded at the end of 2010 and the first product was ready for the market in the same year. In 2013 the company brought Daniel Niesler, the current CEO of FTAPI, on board in order to benefit from his expertise in connection with Internet companies.

In February 2014, QSC AG took over 51 percent of the shares in FTAPI. Founder Stephan Niedermeier and CEO Daniel Niesler will remain involved in the company.

use

Internal use

The different FTAPI products for "Managed File Transfer" can be integrated into existing e-mail systems such as Outlook and configured individually for customers. Similar to normal e-mail, data can simply be added as an attachment and sent in encrypted form. The user can choose between four different security levels for each transfer. There is also the option of encrypting files in secure data rooms so that they can then be edited together. Each user can create several data rooms to which he can give any number of users access.

External use

Secure exchange with companies or private individuals who do not have special encryption software is also possible: If sensitive data is to be transmitted to such partners, they will receive a secure download link in their mailbox via email. The FTAPI SubmitBox, an individual Internet address that every FTAPI user receives, is used for risk-free reception. External partners can securely upload data there and save it for FTAPI users.

Since May 2014, Android users have been able to use the FTAPI app to access their secure data rooms while on the move using a tablet or smartphone.

safety

The SecuPass encryption technology developed by FTAPI enables a simple key exchange, which is necessary for the end-to-end encrypted transmission of any files. On the one hand, this procedure guarantees highly secure data encryption. Another special feature is that the transfer can take place between any person (or endpoint) without them having to create and install keys or certificates, as is the case, for example, with PGP- based variants. Files transferred via FTAPI are never sent "in one piece", but are always segmented into many parts, which in turn are encrypted with different crypto methods, depending on the security level selected:

Choice of security level before sending a file

• Security level 1 : With these data transfers, the recipient receives a secure download link. Every recipient can receive these files, regardless of whether they have an FTAPI account.
• Security level 2 : The recipient receives a secure download link and can only access it as an FTAPI user, as he also has to authenticate himself with a password.
• Security level 3 : The first of the four security levels that guarantees true end-to-end encryption. All files remain encrypted throughout. In addition to the login, the SecuPass key is requested.
• Security level 4 : In addition to the files, the transmitted message is also encrypted throughout. The recipient needs a SecuPass key to download the file.

Cooperation with Vodafone

In mid-March 2015, at a press conference at CeBIT in Hanover , Vodafone presented a solution for email encryption that was developed in close cooperation with FTAPI and is based on technology from the Munich-based company. "Secure E-Mail" is tailored to everyday business life and is intended to enable Vodafone's 1.1 million business customers to easily exchange end-to-end encrypted e-mails and file attachments across all common end devices. The availability of the app was promised for September 2015 and should be compatible with all communication partners, regardless of whether they also use secure e-mail. A hybrid encryption of AES 256 and RSA 4096 ensures a high level of security. As with the common FTAPI app, the key exchange takes place fully automatically and therefore does not require any knowledge from the user. At the end of 2016, Vodafone announced the discontinuation of the service on March 31, 2017 and the deletion of all data.

Heartbleed

FTAPI was not affected by the Heartbleed bug because the company's own servers do not use OpenSSL.

Poodle

FTAPI was briefly affected by the Poodle HTTPS vulnerability. In order to protect FTAPI servers against the attack method, the software update 3.0.13 and guidelines were made available a few days after it became known, which prevent the use of SSLv3 on the server side.

Zero Knowledge

According to his own statement, all products offered by FTAPI since the company was founded are based on the zero-knowledge principle coined by Edward Snowden . This ensures that not even company employees have access to data that is stored on the company servers.

1. ↑ Preview page for iOS. In: App Store (iOS) . Retrieved July 21, 2019 . 
2. ↑ Bavarian IT Security Cluster eV: Secure File Transfer at it-sa 2012 . In: Website Title . ( it-sicherheit-bayern.de [accessed on March 19, 2018]). 
3. ↑ https://www.ftapi.com/Produkte
4. ↑ Archive link ( Memento of the original from July 14, 2014 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice.  @1@ 2Template: Webachiv / IABot / www.stifterverband.de
5. ↑ http://www.crunchbase.com/organization/ftapi-software
6. ↑ http://de.linkedin.com/pub/daniel-niesler/13/7b8/23  ( Page no longer available , search in web archives )  Info: The link was automatically marked as defective. Please check the link according to the instructions and then remove this notice.@1@ 2Template: Dead Link / de.linkedin.com  
7. ↑ https://www.ftapi.com/presse/QSC-AG-uebernehmen-Verschluesselungs-Spezialisten-FTAPI
8. ↑ http://www.handelsblatt.com/unternehmen/it-medien/telekom-konzern-qsc-schluckt-sicherheits-startup/9529100.html
9. ↑ on position, tailwind for Munich start-ups, p. 4
10. ↑ http://www.sce.de/en/news-details.html?tx_ttnews%5Btt_news%5D=96&cHash=65b300e4ebf2f7ac84550281962163ba  ( page no longer available , search in web archives )  Info: The link was automatically marked as defective. Please check the link according to the instructions and then remove this notice.@1@ 2Template: Dead Link / www.sce.de  
11. ↑ https://www.ftapi.com/Warum-FTAPI/FAQs-ftapi
12. ↑ http://www.golem.de/news/secure-e-mail-vodafone-mail-bietet-ende-zu-ende-verschluesselung-fuer-firmen-1503-112970.html
13. ↑ Encrypted communication: Vodafone discontinues secure e-mail - Golem.de . ( golem.de [accessed on April 5, 2017]). 
14. ↑ https://www.ftapi.com/HeartBleed ( Memento from July 14, 2014 in the Internet Archive )
15. ↑ Current safety information . ftapi.com. Archived from the original on August 8, 2016. Retrieved April 4, 2019.
16. ↑ https://www.tinfoilsecurity.com/poodle
17. ↑ https://www.theguardian.com/technology/2014/jul/17/edward-snowden-dropbox-privacy-spideroak
18. ↑ http://www.it-finanzmagazin.de/zero-knowledge-wird-zum-datentransfer-guetesiegel-1888/
19. ↑ https://www.ftapi.com/Produkte
20. ↑ https://www.ftapi.com/Warum-FTAPI/Vorteile-mit-FTAPI
21. ↑ https://www.muenchen.ihk.de/de/WirUeberUns/Publikationen/Magazin-wirtschaft-/Aktuelle-Ausgabe-und-Archiv2/magazin-09-2013/Betriebliche-Praxis/telekommunikation-helfer-gegen-online- spies
22. ↑ John Pardey: In the comparison test - Secure Data Rooms. Pp. 16-19
23. ↑ http://www.cs.hm.edu/die_fakultaet/gruenderteams/ftapi.de.html