VIRTUAL SERVICE PROVIDER ZONES
First Claim
Patent Images
1. A system, comprising:
- a first data storage service, implemented with computing resources in a first set facilities that is in a different jurisdiction from a second set of facilities operated by the a computing resource service provider, the first data storage service receiving web service requests and the first data storage service operates as a proxy by at least;
receiving, at a first web service interface of the first data storage service, a request from a requestor to store data;
encrypting the data using a cryptographic key to generate encrypted data, the cryptographic key inaccessible to an entity located in a particular facility of the second set of facilities, the first data storage service operates as the proxy for the entity; and
transmitting the encrypted data to the entity for persistent storage on behalf of the requestor.
1 Assignment
0 Petitions
Accused Products
Abstract
A service proxy services as an application programming interface proxy to a service, which may involve data storage. When a request to store data is received by the service proxy, the service proxy encrypts the data and stores the data in encrypted form at the service. Similarly, when a request to retrieve data is received by the service proxy, the service proxy obtains encrypted data from the service and decrypts the data. The data may be encrypted using a key that is kept inaccessible to the service.
11 Citations
20 Claims
-
1. A system, comprising:
a first data storage service, implemented with computing resources in a first set facilities that is in a different jurisdiction from a second set of facilities operated by the a computing resource service provider, the first data storage service receiving web service requests and the first data storage service operates as a proxy by at least; receiving, at a first web service interface of the first data storage service, a request from a requestor to store data; encrypting the data using a cryptographic key to generate encrypted data, the cryptographic key inaccessible to an entity located in a particular facility of the second set of facilities, the first data storage service operates as the proxy for the entity; and transmitting the encrypted data to the entity for persistent storage on behalf of the requestor. - View Dependent Claims (2, 3, 4, 5)
-
6. A computer-implemented method, comprising:
under the control of one or more computer systems configured with executable instructions, implementing a first data storage service using computing resources in a first facility and operated by a computing resource service provider, where the first data storage service operates as a proxy to an entity in a different jurisdiction from the first facility by at least; receiving a request to store data; encrypting the data using a cryptographic key to obtain encrypted data, the cryptographic key inaccessible to the entity; and transmitting the encrypted data to the entity for persistent storage on behalf of a requestor. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14)
-
15. A set of one or more non-transitory computer-readable storage media having stored thereon executable instructions that, as a result of being executed by one or more processors of a computer system, cause the computer system to:
-
execute a first data storage service with computing resources of a first facility that is in a first jurisdiction; operate the first data storage service as a proxy; receive a request to store data; and fulfill the request by at least; causing the first data storage service to obtain encrypted data, the encrypted data generated based at least in part on using a cryptographic key to encrypt the data, the cryptographic key is inaccessible to an entity for which the first data storage service is the proxy, the entity located in a second jurisdiction; and causing the first data storage service to transmit the encrypted data to the entity. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification