Frequently asked questions and operational responses

In this section, we answer the most commonly asked questions about Transfer.legal.

How is Transfer.legal different from other file sharing services?

Transfer.legal offers a wide range of tools to let you manage confidentiality and traceability of your voluminous data sending: timestamp service, data encryption, tracking, datalog function…  To our knowledge, it is the only solution that offers so many services that comply with data governance regulation.

What are the reference documents associated with Legal.transfer?

Transfer.legal relies on a set of French, European and International standards, the most important of which include:

  • RGS (general security database drawn up by the French government)
  • Common core PSCO (ETSI EN 319 401) ;
  • Electronic archiving (NZ42-013) ;
  • Timestamp service (ETSI TS 102-023).

Transfer.legal also relies on internal policies that describe the different services. Among these, the most important are:

  • Encryption key and secret management policy
  • Proof policy
  • Archiving policy

How can I integrate Transfer.legal in my information system?

We provide you with an API to be able to easily integrate Transfer.legal in your information system.

Two versions are available:

  • A REST version that requires understanding of encryption mechanisms ;
  • Ready-to-use libraries that can be embed directly in your projects.

If you are interested in using our API, please contact us directly.

What is a transaction within Transfer.legal ?

A transaction can be of four types:

  • Data sending for delivery;
  • Data download;
  • Request for data sending (solicitation);
  • Response to solicitation and associated sending.

For each of these transactions, a set of technical information are collected to identity the parties: sender, recipient(s), date of sending and receipt, events linked to sending and to alerts (by sms and email).

These transactions are recorded in an unforgeable log.

What are logs and proofs in Transfer.legal ?

Traceability allows you to know who had sent what, to whom and when. To ensure the relevance of the information, Transfer.legal uses techniques for purposes of proof: certified timestamp of the logs, cryptographic chaining…

What is a proof system?

A proof system provides technical procedures which will enable you to reliably know:

  • The identity of the sender and the recipient;
  • The date of sending and the existence of the data on that date;
  • The date of receipt.

Proof may be produced in court to assert your rights.

Why trusted third parties are used by Transfer.legal ?

A trusted service is more reliable if it is itself based on a group of certified actors.

What is digital data sovereignty?

This concept refers to a simple instruction: regain control upon your data! Most services are not very transparent on this issue or provide unpersuasive explanations on actual data location. Worse, data location often determines which law would apply and consequences for lawful rights holders can be considerable.

What is a timestamp service provider?

A timestamp service provider certifies the date of a data and its existence at this date. It undertakes, in addition to the reliability of the provided date, to store the proof of this date (timestamp token) over time.

What is a timestamp token?

A timestamp token is issued by a timestamp service provider. It contains:

  • Data footprint (hash) that has been timestamped;
  • Date and UTC time;
  • The identifier of the certificate that generates the token.

The token ensures that a data (represented through a footprint or a hash) is associated with a time value.

Does Transfer.legal rely on blockchain technologies?

Transfer.legal uses a portion of the blockchain technology, namely for the event log that uses a cryptographic chain between each transaction. The use of a trusted third-party for each transaction ensures its inviolability. It is of course possible to integrate Transfer.legal technology in a public (bitcoins or similar) or private blockchain.

What is the difference with services using blockchain to provide proof (namely proof of the timestamp)?

Today, blockchain is presented as an alternative trust model to traditional models. From trust, considered as the capacity for another person to deliver information or a reliable service, results the concept of proof. The use of a third party is essential to date a document or certify its existence.

In a classical approach, the third party is said to be trusted as it derives its legitimacy from a legal or normative environment that it undertakes to comply with. An external audit ensures this compliance.

In a decentralized approach, trust relies on verification made by a consensus amongst players. Thus, the rule in place ensures trust without the need for regulation or external control. The system produces, endogamically and by construction, its own legitimacy.

Beyond theory, factual differences that may be pointed out are:

  • Data storage: most of the time, blockchain services only store data footprint. It is up to the owner to ensure data sustainability and retention over time, which is often a more difficult task than expected. The archiving option in Transfer.legal ensures that data are retained over the long term;
  • Contractual obligation and predictability: blockchain services do not have contractual obligation regarding successful completion of the transactions, long-term durability, data transfer and reversibility… With clear commitments, Transfer.legal really undertakes to provide a predictable service regarding the modalities of its implementation over time;
  • Preserved anonymity: this aspect is ignored but blockchain, when it is public, provides no guarantee of anonymity. Our service is based on a private log that is only accessible to external auditors under certain conditions to be laid down by public authorities or by yourself;
  • Data location: data are disseminated among interested parties that build the consensus. The archiving option enables to locate data in the country of your choice.

Why does your usual file transfer service not provide same services?

Usual services are often focused on a specific use:

  • Large file transfer;
  • Electronic registered mail for dematerialized letter;
  • Collaboration and file sharing;
  • Encryption of correspondence.

Transfer.legal provides, upon request, all these services to which it adds proof services.

How to be sure that your data are stored in your country?

This is a binding contractual agreement. If you choose the Business offer, you choose the location of your data within our archiving service.

What is the audit trail function?

The audit function is the guarantee of the control and of the complete and permanent traceability of events occurring in the system in order to trace transactions.

What are encryption keys used for and can you retrieve them?

Transfer.legal uses encryption technology AES 256 CBC.

Data are encrypted on our servers and encryption keys are accessible only by you after having been authenticated.

You can recover encryption keys on request.

What are the differences between provided authentication modes?

Authentication can be defined as a procedure to verify the identification of a natural person thanks to technical means, such as a password, a secret code, an answer to a question or a digital securing (for instance: a digital certificate).

Within Transfer.legal, you have access to different authentication modes according to the level of identification you expect from the recipient:

  • Only by electronic mail system;
  • By the use of an OTP;
  • By the registration on Transfer.legal.