%201.svg)
The signed attestation record below is the authoritative cryptographic evidence for the transfer of one object between cloud providers.
The signed payload, exactly as it appears in the WORM record. This is the authoritative artifact — everything else in this document derives from it. Annotations to the right are not part of the signed payload.
{ "attestation_version": "TG-ATTESTATION-V1",Attestation envelope version "schema_version": "1.8.0",Canonical payload schema version "context_tag": "TG-ATTESTATION-V1",Concatenated into signing input to prevent cross-context signature reuse "signature_sequence_number": 1,Monotonic per-object sequence (1 = first attestation) "worm_record_uri": "worm://sg-attestation-store/attestations/obj_8f3a9c2e-7b1d-4f5a-9e8c-2d4b6a8f1c3e/1.json",Path to immutable WORM record backing this attestation "tg_object_id": "obj_8f3a9c2e-7b1d-4f5a-9e8c-2d4b6a8f1c3e",Unique TG-assigned identifier for this object's transfer "transfer_id": "tr_a1b2c3d4-e5f6-7890-abcd-ef1234567890",Identifier for the transfer batch this object belongs to "object_name": "study_2026-04-15_CT-CHEST_patient-redacted.dcm.bundle",Object name as it appeared in source "source_path": "s3://meridian-phi-prod-us-east-1/imaging/2026-04-15/study_2026-04-15_CT-CHEST_patient-redacted.dcm.bundle",Full source URI: cloud://account/bucket/key "destination_path": "gs://meridian-ai-training-us-central1/imaging-ingest/2026-04-15/study_2026-04-15_CT-CHEST_patient-redacted.dcm.bundle",Full destination URI: cloud://account/bucket/key "source_hash_sha256": "8a4f0d2bb7c1e6f3a9d8b5c2f1e4a7d3c6b9f2a5e8d1b4c7f0a3d6e9b2c5f8a1",SHA-256 over plaintext at pipeline entry, before encryption "destination_hash_sha256": "8a4f0d2bb7c1e6f3a9d8b5c2f1e4a7d3c6b9f2a5e8d1b4c7f0a3d6e9b2c5f8a1",SHA-256 computed inline during decryption at Landing — must equal source_hash_sha256 "hash_match": true,true when source and destination hashes match — gate that permits destination write "data_encryption_algorithm": "AES-256-GCM",Authenticated cipher used to encrypt the object payload "fips_compliant": true,true when all crypto in this transfer was FIPS 140-2 Level 2 compliant "kms_encrypt_key_id": "arn:aws:kms:us-east-1:847362910543:key/c8d4f1a2-3b5e-4a7c-9d2e-6f1a8c3b5d7e",Customer KMS key used to wrap the DEK at source "kms_encrypt_provider": "aws",Cloud provider holding the encrypt key "kms_encrypt_algorithm": "AES-256 (DEK wrapping via SYMMETRIC_DEFAULT)",Algorithm used by KMS to wrap the DEK "kms_encrypt_timestamp": "2026-04-15T14:22:03.118Z",When the encrypt KMS call returned "kms_decrypt_key_id": "projects/meridian-ai-prod/locations/us-central1/keyRings/phi-ingest/cryptoKeys/dek-prod-2026",Customer KMS key used to unwrap the DEK at destination "kms_decrypt_provider": "gcp",Cloud provider holding the decrypt key "kms_decrypt_algorithm": "GOOGLE_SYMMETRIC_ENCRYPTION",Algorithm used by KMS to unwrap "kms_decrypt_timestamp": "2026-04-15T14:22:09.847Z",When the decrypt KMS call returned "transfer_started_at": "2026-04-15T14:22:03.092Z",Pipeline began processing this object "transfer_completed_at": "2026-04-15T14:22:11.234Z",Destination write confirmed; signing ceremony begins "accountability": { "initiating_organization": "Meridian Health Network",Customer-declared organization name "organization_id": "ORG-MHN-2024-PROD",Customer-declared organization identifier "authorized_by": "[email protected]",Customer-declared deployment authorizer "pipeline_name": "phi-imaging-aws-to-gcp-prod",Customer-declared pipeline name "pipeline_id": "tg-pipeline-mhn-imaging-001",TG-assigned pipeline identifier "deployment_date": "2026-03-20T11:14:22.000Z",When this pipeline was deployed "tg_execution_identity": "arn:aws:iam::847362910543:role/tg-pipeline-execution-role",IAM identity TG executed under, from cloud metadata APIs at runtime "cloud_context": { "source": { "provider": "aws",Source cloud provider "account_id": "847362910543",Source cloud account "region": "us-east-1"Source cloud region }, "destination": { "provider": "gcp",Destination cloud provider "account_id": "meridian-ai-prod",Destination cloud account "region": "us-central1"Destination cloud region } } }, "ask_key_id": "projects/sg-attestation-prod/locations/global/keyRings/ask-prod-v1/cryptoKeys/ask-attestation-signer/cryptoKeyVersions/1",SG ASK key identifier (selected from 4 SG KMS instances by executing cloud + tier) "ask_public_key_sha256": "4d3c2b1a9e8f7d6c5b4a3928170e6d5c4b3a2918e7d6c5b4a39281706f5e4d3c",SHA-256 fingerprint of the ASK public key — use for offline verification "signing_algorithm": "ECDSA P-384 / SHA-256 / DER",Signature curve / hash / encoding format "signed_at": "2026-04-15T14:22:11.487Z",When the SG KMS Sign call completed "signature": "MEUCIQDx9mYq7K4n2pB8vW3jL5k7M2nR9sF8tHqGzL6vX2cYJgIgA1bC3dE4fG5hI6jK7lM8nO9pQ0rS1tU2vW3xY4zA5bC6dE7fG8hI9jK0lM1nO2pQ3rS4tU5vW6xY7zA8bC9dE0fG1hI2jK3lM4nO5pQ6rS7tU8vW9xY0zA1bC2dE3fG4hI5jK6lM7nO8pQ9rS0tU1vW2xY3zA4bC5dE6fG7hI8jK9lM0nO1pQ2rS3tU4vW5xY6zA7bC8dE9fG0hI1jK2lM3nO4pQ5rS6tU7vW8xY9z"DER-encoded ECDSA signature over the canonical payload}Time-ordered events observed by Transfer General during this object's transfer. Each event was written to an immutable store at the moment it occurred. Marker ▸ indicates events whose timestamps appear as fields in the canonical payload above.
8.395s · ▸ denotes anchor events recorded in canonical_payload.
This attestation is verifiable by anyone in possession of the canonical payload, the signature, and the ASK public key — without contacting Server General.
Reconstruct signing input from canonical_payload + schema_version + context_tag. Verify against the ASK public key.
# with openssl $ openssl dgst -sha256 -verify ask_pub.pem \ -signature attestation.sig \ signing_input.bin Verified OK
Required for formal compliance proceedings. Calls the originating cloud KMS using ask_key_id. Returns a CSP-native verification receipt.
# this transfer signed by GCP instance $ gcloud kms asymmetric-signature verify \ --location=global \ --keyring=ask-prod-v1 \ --key=ask-attestation-signer \ --version=1 \ --signature-file=attestation.sig \ --input-file=signing_input.bin Verified.
How fields recorded in this attestation satisfy specific control requirements. Not legal advice; this is the explicit mapping from each framework's integrity-of-data-in-motion requirement to the evidence produced here.
If you are representing one of our partners, please log into your account to access hidden resources or request an invitation to sign up for the account.
.png)
