Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Method for secured and trusted data export in cloud solutions

IP.com Disclosure Number: IPCOM000209878D
Publication Date: 2011-Aug-18
Document File: 2 page(s) / 69K

Publishing Venue

The IP.com Prior Art Database

Abstract

Cloud content management solutions, especially public cloud solutions, require a secure method to export bulk data in a secured fashion. Retrieval of a single object is trivial but batch or bulk exporting data can take time and end user would not want to wait in front of their computers until the export is done. The export needs to occur asynchronously but how can the exported data be secured from tampering or unauthorized access? This method describes how exported data can be secured using state of the art PGP and time bombed tokens.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 53% of the total text.

Page 01 of 2

Method for secured and trusted data export in cloud solutions

At the core of the method are two key stores, one at the customer and one in the cloud. There are two web applications, one for triggering the export process and one for handling the secure download process (such as the IBM download manager for extreme leverage or large fixpacks). using the customers public keys the download files are encrypted and can only be decrypted by the customer. using the customer public key the download token is encrypted and can only be decrypted by the customer. the download package is electronically signed using the cloud private key and the package can be validated by the customer using the cloud public key. the token has encoded a time bomb (timestamp) which is encrypted with the cloud public key and therefore can only be decrypted by the cloud itself. all of this ensures access to the exported data only by the authorized cloud customer, that the exported data can be trusted by the customer and that the data can not be downloaded forever for additional security.

Preparation:
customer receives customer certificate file signed by the Cloud master key


1.

through a secured channel and stores the certificate encrypted in the customer keystore
customer generated PKI keys


2.

Cloud generates eDM user id for customer


3.

Execution
customer logs on to eDM Cloud Webservice using user/pw and connecting over


1.

an ssl encrypted tunnel. (maybe certificate is used in addition to user id/pw...