Each customer is issued a unique 2048-bit strong PGP key which is used to encrypt data in memory, before being written to disk, significantly reducing security risks. This is referred to as the public key and can only be used to encrypt data. In order to decrypt the data, it needs to be uploaded to the cloud where specialized APIs identify the user, match it to a customer and retrieve the customer’s private key from a repository that stores it encrypted as well.
The user that is uploading data using the Movere Console, needs to have the correct access level (Write claim) and is required to authenticate using the Movere Console. Once the user authenticates, they are issued a token. The token is valid for 90 days and is used for every upload that the Movere Console is responsible for, be it inventory or ARC data. NOTE: The token is NOT used to encrypt or decrypt data, nor can it be used to access the Movere website. The sole purpose of this token file is to allow uploads of already encrypted data to the cloud, and to identify the user that is performing the upload. After 90 days, the token becomes invalid and user needs to authenticate once again via the Movere Console.
The entire upload process is performed over a secure connection (HTTPS) which uses SSL/TLS. This is on top of the encryption at rest of each file using PGP keys.