Browse Prior Art Database

Method for secured and trusted data export in cloud solutions Disclosure Number: IPCOM000209878D
Publication Date: 2011-Aug-18
Document File: 2 page(s) / 69K

Publishing Venue

The Prior Art Database


Cloud content management solutions, especially public cloud solutions, require a secure method to export bulk data in a secured fashion. Retrieval of a single object is trivial but batch or bulk exporting data can take time and end user would not want to wait in front of their computers until the export is done. The export needs to occur asynchronously but how can the exported data be secured from tampering or unauthorized access? This method describes how exported data can be secured using state of the art PGP and time bombed tokens.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 53% of the total text.

Page 01 of 2

Method for secured and trusted data export in cloud solutions

At the core of the method are two key stores, one at the customer and one in the cloud. There are two web applications, one for triggering the export process and one for handling the secure download process (such as the IBM download manager for extreme leverage or large fixpacks). using the customers public keys the download files are encrypted and can only be decrypted by the customer. using the customer public key the download token is encrypted and can only be decrypted by the customer. the download package is electronically signed using the cloud private key and the package can be validated by the customer using the cloud public key. the token has encoded a time bomb (timestamp) which is encrypted with the cloud public key and therefore can only be decrypted by the cloud itself. all of this ensures access to the exported data only by the authorized cloud customer, that the exported data can be trusted by the customer and that the data can not be downloaded forever for additional security.

customer receives customer certificate file signed by the Cloud master key


through a secured channel and stores the certificate encrypted in the customer keystore
customer generated PKI keys


Cloud generates eDM user id for customer


customer logs on to eDM Cloud Webservice using user/pw and connecting over


an ssl encrypted tunnel. (maybe certificate is used in addition to user id/pw...