A certified application is installed onto a content creation device and a mobile certified application is installed onto a mobile device, the applications establish first and second trust relationships with the cloud service. The certified application and mobile certified application establish the third trust relationship via a proximity network. The mobile certified application generates a first ephemeral key pair having a private part. The certified application generates a second ephemeral key pair having a private part. The mobile certified application requests a service from the content creation device involving the transfer of data between the content creation device and the cloud service. The data is protected by at least one of the first and second ephemeral key pairs in response to invocation of the service. The service results in the data being stored at the cloud service and/or rendered at the content creation device.