Secure UDS
Frequently Asked Questions
Below are some frequently asked questions about using the SUDS data transfer platform.
If you have a question that is not answered here, please contact GSI support ([email protected]) or give us a call at 317.464.8097. Support hours are Monday-Friday, 8:30 AM – 4:30 PM ET.
Connecting to SUDS
Which SFTP clients work with SUDS? Does GSI recommend a particular application?
GSI suggests using WinSCP. Any SFTP client will work if it supports public key authentication, which is the primary authentication used for SUDS. There is a short list of incompatible clients: Five9, Kemp, Mule, paramiko 1.16.0, SSH.NET 2016.1.0
Why is SUDS disconnecting so quickly?
SUDS has a two-minute idle timeout. As long as a transfer is in progress the connection will remain active, but after two minutes with no active transfers the system will log your user out. There may be an error that pops up with message “Network Error: Software caused connection abort”. The connection will need to be reestablished to continue file transfers.
Why did I receive a pop-up that says “WARNING – POTENTIAL SECURITY BREACH”?
Like Public Key Authentication, the server uses a Host Key to prove authenticity to the client. SSH host keys are public/private key pairs that belong to SSH and SFTP servers. They are used by clients to verify the identity of the server when connecting. The private key is stored server side, while the public key is presented to the client during the connection operation. Most clients will present the user with an option to verify the key and accept it, which will allow the connection to proceed. This will usually present as the warning you received and will occur the first time the client connects to the server, or if the host key has expired and was renewed.
The Host Key can be verified by comparing the listed SHA-256: value to the keys listed on tis table (https://learn.microsoft.com/en-us/azure/storage/blobs/secure-file-transfer-protocol-host-keys#valid-host-keys)
What is Public Key Authentication and how is it used to connect to SUDS?
For a deeper understanding of Public Key Authentication look here.
Essentially, Public Key Authentication is a secure logging method using SSH. SUDS is, at its core, an SFTP service, and SFTP is FTP over SSH. Instead of a password, the procedure uses a cryptographic key pair for validation. Although using a strong password helps prevent brute force attacks, public key authentication provides cryptographic strength and automated passwordless logins.
This method uses two cryptographic keys. A public key and a private key. The public key is stored in the user’s SUDS profile in GSI’s SUDS environment. The private key is store on the user’s computer. When SUDS is accessed, the user’s SFTP client compares the public key at the destination to the local private key. When the server confirms that the keys are a matched pair, access is granted.
How do I request a key pair to connect to SUDS?
When a new user is created for SUDS GSI will generate a key pair and distribute the private key to the user. GSI will never hold the private key after it has been sent to the user. If the user needs a new private key due to computer upgrade, or possible compromise, GSI will generate a new pair upon request.
I’ve received my private key file from GSI, how do I install it?
GSI has a helpful video that will walk you through the process
Sending Files via SUDS
I uploaded my files twice via SUDS. Will the receivers get duplicate records?
They will not, they will however recieve duplicate emails that records were uploaded but any duplicate records overwrite the previous one.
How do I use SUDS to transfer UDS records?
The process is different for guaranty funds and receivers. Receivers will process UDS records using the UDS Data Mapper. Once processed the UDS records will be made available to the guaranty funds in their SUDS directory.
A guaranty fund will transfer UDS records (C, D, F, and I) to receivers by uploading them to SUDS. The automatic processing of records begins by using an SFTP client to move UDS compliant files from the guaranty fund user’s local computer or network to the ‘UDSupload’ folder on SUDS.
Receiving Files via SUDS
How do I know when to retrieve files from SUDS?
Whenever files are processed using SUDS the sending and receiving organizations will receive email notifications detailing which files were sent and are available for retrieval.
How will I know where to find the available files?
The notification that informed you that files were available will also list the directory path to locate the files on SUDS. A guaranty fund user will usually find UDS files in a sub-folder of the ‘UDSdownload’ folder named for the insolvency the UDS records belong to. A receiver’s UDS files will be found in the ‘FromGF’ folder.
File System
What are the different parts of the UDS file name?
A UDS file name utilizes the file location state and code to describe the direction of data. View the below example for further clarification.
{NAIC}{RecordType}{FromLocation}{ToLocation}{BatchNumber}{DateSent}.txt
In the example 55555AIN01TX1099920240215.txt, the Indiana Receiver is sending A Records to the TX P&C Fund.
What is each folder in SUDS used for?
There are four folders by default provided in your SUDS folder: ‘DataMapper’, ‘FromGF’, ‘Images’, ‘ToNCIGF’
The DataMapper folder holds the UDS files you’ve created through the mapper, the FromGF folder will hold the C, D, and I records sent from Guaranty Funds, the Images folder will hold the images for all your I records that you create, and your ToNCIGF folder will hold any files that you upload to the UDS Data Mapper website.
Notifications
After uploading UDS C, D, F or I records, do I need to notify the recipient?
Independent notification to the recipient is not required. When UDS C, D, F, or I (including a zip file of images) are uploaded to the ‘UDSupload’ folder automated processes take over. Those processes include receipt notifications to the uploading organization and delivery notifications to the receiving organizations. Each organization will have the ability to choose between instant notifications, daily summary notifications, or both.
Why am I getting multiple confirmation emails after I’ve uploaded?
When files are uploaded to Secure UDS (SUDS) several automated processes are triggered. The files are first scanned for malware where a notification can be triggered if malware is detected. Once the file passes the malware scan it is evaluated for adherence to UDS. Depending in the UDS evaluation, the file will be moved you the Rejected folder, or to the final recipient’s SUDS folders. Since the files are being evaluated individually, they can generate an email for each evaluation.
Security
How does SUDS handle user authentication and encryption of data in transit?
Secure UDS (SUDS) is built on top of a Secure File Transfer Protocol (SFTP) service. SFTP is also known as SSH File Transfer Protocol because SFTP uses SSH as its method of securing communication between a client, such as WinSCP, and a server, SUDS in this case.
The SSH protocol works in the client-server model, which means that the connection is established by the SSH client connecting to the SSH server. The SSH client drives the connection setup process and uses public key cryptography to verify the identity of the SSH server. After the setup phase the SSH protocol uses strong symmetric encryption and hashing algorithms to ensure the privacy and integrity of the data that is exchanged between the client and server.
The figure below presents a simplified setup flow of a secure shell connection.
Once established, the SUDS server will authenticate the user over the encrypted connection using Public Key Authentication
Is there a file size limitation on uploading to SUDS?
Maximum file upload size via SFTP is 100 GB
Why can’t I see my files after I’ve uploaded them?
Files uploaded to the ‘UDSupload’ folder are processed very quickly. They are immediately scanned for malware and, depending on the result, are immediately moved to one of 3 locations. If Malware is discovered, the file is deleted from the system and an alert is generated for the uploading organization. Assuming malware was not discovered, the file is checked for UDS compliance and sent to the receiving organization’s SUDS folders for compliant files or moved to your ‘Reject’ folder for non-compliant files.
Are uploaded files scanned for malware? What happens if malware is detected in a file that I upload?
Files uploaded to SUDS are scanned for malware using the Microsoft Defender for Storage Malware Scanning system. If malware is detected the file will be removed from the system immediately and an alert message will be sent to the uploading organization so they can investigate or quarantine the file as their security practices require.