Establishing secure remote access to private computer networks

US 8,201,237 B1
Filed: 12/10/2008
Issued: 06/12/2012
Est. Priority Date: 12/10/2008
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for facilitating establishment of remote access to provided computer networks, the method comprising:

under control of a configured computing system for a configurable network service that provides a first programmatic interface that includes an API (“

application programming interface”

) for use in facilitating establishment of secure connections from remote locations to provided private computer networks,receiving, by the configured computing system, a request that is programmatically provided based on invocation of the API of the first programmatic interface by a remote computing system of a first client, the request being to facilitate establishment of a secure connection to a first private computer network that is provided by the configurable network service for use by the first client, the request further indicating to supply a remote location of the first client with a router networking device and with configuration information for use in configuring the router networking device to establish the secure connection from the remote location to the first private computer network; and

responding to the received request by,interacting, by the configured computing system, with a retailer to acquire the router networking device for the first client, the interacting including supplying the retailer with an identification of the remote location to cause the acquired router networking device to be delivered to the remote location;

generating, by the configured computing system, the configuration information for use in configuring the router networking device to establish the secure connection from the remote location to the first private computer network, the configuration information being specific to the configurable network service; and

initiating providing of the generated configuration information to the remote location of the first client for use with the acquired router networking device to establish the secure connection from the remote location to the first private computer network, the secure connection being a VPN (“

virtual private network”

) connection between the first private computer network and one or more computing systems at the remote location.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are described for providing users with access to computer networks, such as to enable users to interact with a remote configurable network service to create and configure computer networks that are provided by the configurable network service for use by the users. Secure private access between a computer network provided for a user by the configurable network service and one or more other remote computing systems of the user (e.g., a remote private network) may be enabled in various ways. For example, a user may programmatically invoke an API provided by the configurable network service to obtain assistance in establishing remote access from a remote location to a provided computer network of the configurable network service, such as to establish a VPN connection from the remote location to the provided computer network using hardware and/or software supplied to the remote location in response to the API invocation.

156 Citations

31 Claims

1. A computer-implemented method for facilitating establishment of remote access to provided computer networks, the method comprising:
- under control of a configured computing system for a configurable network service that provides a first programmatic interface that includes an API (“
  
  application programming interface”
  
  ) for use in facilitating establishment of secure connections from remote locations to provided private computer networks,receiving, by the configured computing system, a request that is programmatically provided based on invocation of the API of the first programmatic interface by a remote computing system of a first client, the request being to facilitate establishment of a secure connection to a first private computer network that is provided by the configurable network service for use by the first client, the request further indicating to supply a remote location of the first client with a router networking device and with configuration information for use in configuring the router networking device to establish the secure connection from the remote location to the first private computer network; and
  
  responding to the received request by,interacting, by the configured computing system, with a retailer to acquire the router networking device for the first client, the interacting including supplying the retailer with an identification of the remote location to cause the acquired router networking device to be delivered to the remote location;
  
  generating, by the configured computing system, the configuration information for use in configuring the router networking device to establish the secure connection from the remote location to the first private computer network, the configuration information being specific to the configurable network service; and
  
  initiating providing of the generated configuration information to the remote location of the first client for use with the acquired router networking device to establish the secure connection from the remote location to the first private computer network, the secure connection being a VPN (“
  
  virtual private network”
  
  ) connection between the first private computer network and one or more computing systems at the remote location.
- View Dependent Claims (2, 3, 4, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1 further comprising, under the control of the configured computing system for the configurable network service and after the responding to the received request, establishing the secure connection from the remote location to the first private computer network and providing access from the one or more computing systems at the remote location to the first private computer network via the established secure connection.
  - 3. The method of claim 2 wherein the responding to the received request further includes configuring one or more computing systems of the configurable network service to interact with the acquired router networking device at the remote location to provide the secure connection to the first private computer network.
  - 4. The method of claim 1 wherein the responding to the received request further includes determining, by the configured computing system, the remote location of the first client based on at least one of retrieving stored information previously provided by the first client and of interacting with the one or more computing systems at the remote location.
  - 6. The method of claim 1 wherein the generated configuration information includes network contact information for use in contacting the configurable network service and network identification information for use in identifying the first private computer network, such that the generated configuration information is specific to the first private computer network of the first client, and such that the router networking device when configured with the generated configuration information initiates contact with the configurable network service and identifies the first private computer network.
  - 7. The method of claim 6 wherein the generated configuration information includes an existing copy of software for the router networking device that is configured to use the network contact information and the network identification information.
  - 8. The method of claim 1 wherein the initiating of the providing of the generated configuration information to the remote location of the first client includes initiating storage of the generated configuration information on a portable storage medium and initiating delivery of the portable storage medium to the remote location of the first client.
  - 9. The method of claim 1 wherein the initiating of the providing of the generated configuration information to the remote location of the first client is part of the interacting with the retailer to acquire the router networking device for the first client, such that the interacting with the retailer includes supplying the retailer with the generated configuration information to cause the generated configuration information to be delivered to the remote location with the router networking device.
  - 10. The method of claim 1 further comprising, before the receiving of the request to facilitate the establishment of the secure connection, receiving one or more other requests that are programmatically provided by the first client via one or more programmatic interfaces of the configurable network service to initiate creation and configuration of the first private computer network, and creating and configuring the first private computer network for the first client in accordance with the received one or more other requests.
  - 11. The method of claim 1 wherein the router networking device when configured with the generated configuration information and connected to the one or more computing systems at the remote location initiates contact with the configurable network service, the one or more computing systems being part of a remote computer network of the first client and the first private computer network being configured to be an extension to the remote computer network, and wherein the method further comprises providing additional configuration information to the connected configured router networking device as part of establishing the secure connection from the remote location to the first private computer network.
  - 12. The method of claim 1 further comprising, after the establishing of the secure connection from the remote location to the first private computer network, providing additional configuration information to the router networking device at the remote location at one or more times to maintain the secure connection from the remote location to the first private computer network, the provided additional configuration information corresponding to one or more changes to the first private computer network.
  - 13. The method of claim 1 wherein the responding to the received request is performed automatically by the configured computing system without any further interaction with the first client and without any actions by any human representatives of the configurable network service.

5. A computer-implemented method for facilitating establishment of remote access to provided computer networks, the method comprising:
- under control of a configured computing system for a configurable network service that provides a first programmatic interface for use in facilitating establishment of secure connections from remote locations to provided private computer networks,receiving, by the configured computing system, a request that is programmatically provided by a first client via the first programmatic interface, the request being to facilitate establishment of a secure connection to a first private computer network that is provided by the configurable network service for use by the first client, the request further corresponding to supplying a remote location of the first client with a networking device and with configuration information for use in configuring the networking device to establish the secure connection from the remote location to the first private computer network; and
  
  responding to the received request by,determining, by the configured computing system, one of multiple types of networking devices that are sold by a retailer based on at least one of a group of actions including retrieving information from the first client in the received request, interacting with one or more computing systems of the first client at the remote location, and querying the first client to identify the one networking device type from indications supplied to the first client of the multiple networking device types;
  
  interacting, by the configured computing system, with the retailer to acquire the networking device for the first client, the interacting including providing an indication to the retailer of the determined type of networking device to be purchased for the first client and including supplying the retailer with an identification of the remote location to cause the purchased networking device of the determined type to be delivered to the remote location;
  
  generating, by the configured computing system, the configuration information for use in configuring the networking device to establish the secure connection from the remote location to the first private computer network, the configuration information being specific to the configurable network service; and
  
  initiating providing of the generated configuration information to the remote location of the first client for use with the acquired networking device to establish the secure connection from the remote location to the first private computer network.

14. A non-transitory computer-readable medium that includes executable instructions that upon execution cause a computer system to:
- receive a request that is programmatically provided in response to at least an invocation of an application program interface (“
  
  API”
  
  ) by a remote computing system of a first client, the request corresponding to supplying a remote location of the first client with a router networking device and with configuration information for use in configuring the router networking device to establish a secure connection between the remote location and a first private computer network provided by a configurable network service;
  
  cause the router networking device to be delivered to the remote location of the first client;
  
  generate the configuration information for use in configuring the router networking device to establish the secure connection between the remote location and the first private computer network, the configuration information being specific to the configurable network service; and
  
  cause the generated configuration information to be provided to the first client for use with the delivered router networking device to establish the secure connection between the remote location and the first private computer network, the secure connection being a VPN (“
  
  virtual private network”
  
  ) connection between the first private computer network and one or more computing systems at the remote location.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
- - 15. The non-transitory computer-readable medium of claim 14 wherein the non-transitory computer-readable medium further comprises instructions that upon execution cause the computer system to:
    - establish the secure connection between the remote location and the first private computer network; and
      
      provide access from the one or more computing systems at the remote location to the first private computer network via the established secure connection.
  - 16. The non-transitory computer-readable medium of claim 15 wherein the non-transitory computer-readable medium further comprises executable instructions that upon execution cause the computer system to configure one or more additional computing systems of the configurable network service to interact with the delivered router networking device at the remote location to provide the secure connection to the first private computer network, and wherein the one or more computing systems at the remote location are part of a remote computer network of the first client and the first private computer network is configured to be an extension to the remote computer network.
  - 17. The non-transitory computer-readable medium of claim 14 wherein the generated configuration information includes network contact information for use in contacting the configurable network service and network identification information for use in identifying the first private computer network, such that the generated configuration information is specific to the first private computer network, and such that the delivered router networking device when configured with the generated configuration information initiates contact with the configurable network service and identifies the first private computer network.
  - 18. The non-transitory computer-readable medium of claim 14 wherein the instructions that upon execution cause the computer system to cause the generated configuration to be provided to the first client include instructions that upon execution cause the computer system to cause the generated configuration information to be stored on a portable storage medium and delivered to the remote location of the first client.
  - 19. The non-transitory computer-readable medium of claim 14 wherein the instructions that cause the router networking device to be delivered to the remote location of the first client further comprise instructions that upon execution cause the computer system to supply a retailer of the router networking device with the generated configuration information to cause the generated configuration information to be delivered to the remote location with the router networking device.
  - 20. The non-transitory computer-readable medium of claim 14 wherein the non-transitory computer-readable medium further comprises executable instructions that upon execution cause the computer system to:
    - receive a request from the first client via one or more programmatic interfaces of the configurable network service to initiate creation and configuration of the first private computer network; and
      
      create and configure the first private computer network for the first client in accordance with the received request.
  - 21. The non-transitory computer-readable medium of claim 14 wherein the non-transitory computer-readable medium further comprises executable instructions that upon execution cause the computer system to, after establishment of the secure connection between the remote location and the first private computer network, provide additional configuration information to the router networking device at the remote location at one or more times to maintain the secure connection, the provided additional configuration information corresponding to one or more changes to the first private computer network.

22. A configured system comprising:
- one or more processors; and
  
  one or more modules of a configurable network service that provides a first programmatic interface having an API (“
  
  application programming interface”
  
  ) for use in facilitating establishment of secure connections from remote locations to provided private computer networks, the one or more modules being configured to, when executed by at least one of the one or more processors;
  
  receive a request that is programmatically provided based on invocation of the API of the first programmatic interface by a remote computing system of a first client, the request being to facilitate establishment of a secure connection to a first private computer network that is provided by the configurable network service for use by the first client, the request further corresponding to supplying a remote location of the first client with a router networking device and with configuration information for use in configuring the router networking device to establish the secure connection from the remote location to the first private computer network; and
  
  respond to the received request by,interacting with a retailer to acquire the router networking device for the first client, the interacting including supplying the retailer with an identification of the remote location to cause the acquired router networking device to be delivered to the remote location;
  
  generating the configuration information for use in configuring the router networking device to establish the secure connection from the remote location to the first private computer network, the configuration information being specific to the configurable network service; and
  
  initiating providing of the generated configuration information to the remote location of the first client for use with the acquired router networking device to establish the secure connection from the remote location to the first private computer network, the secure connection being a VPN (“
  
  virtual private network”
  
  ) connection between the first private computer network and one or more computing systems at the remote location.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29)
- - 23. The system of claim 22 wherein the one or more modules are further configured to, after the responding to the received request, establish the secure connection from the remote location to the first private computer network and provide access from the one or more computing systems at the remote location to the first private computer network via the established secure connection.
  - 24. The system of claim 23 further comprising one or more computing systems of the configurable network service, wherein the responding to the received request further includes configuring the one or more computing systems of the configurable network service to interact with the acquired router networking device at the remote location to provide the secure connection to the first private computer network, and wherein the one or more computing systems at the remote location are part of a remote computer network of the first client and the first private computer network is configured to be an extension to the remote computer network.
  - 25. The system of claim 22 wherein the generated configuration information includes network contact information for use in contacting the configurable network service and network identification information for use in identifying the first private computer network, such that the generated configuration information is specific to the first private computer network of the first client, and such that the router networking device when configured with the generated configuration information initiates contact with the configurable network service and identifies the first private computer network.
  - 26. The system of claim 22 wherein the initiating of the providing of the generated configuration information to the remote location of the first client includes initiating storage of the generated configuration information on a portable storage medium and initiating delivery of the portable storage medium to the remote location of the first client.
  - 27. The system of claim 22 wherein the initiating of the providing of the generated configuration information to the remote location of the first client is part of the interacting with the retailer to acquire the router networking device for the first client, such that the interacting with the retailer includes supplying the retailer with the generated configuration information to cause the generated configuration information to be delivered to the remote location with the router networking device.
  - 28. The system of claim 22 wherein the one or more modules are further configured to, before the receiving of the request to facilitate the establishment of the secure connection, receive one or more other requests that are programmatically provided by the first client via one or more programmatic interfaces of the configurable network service to initiate creation and configuration of the first private computer network, and create and configure the first private computer network for the first client in accordance with the received one or more other requests.
  - 29. The system of claim 22 wherein the one or more modules include software instructions for execution by the one or more processors.

30. A non-transitory computer-readable medium whose stored contents configure a computing system to perform a method, the configured computing system being part of a configurable network service that provides a first programmatic interface, the method comprising:
- receiving a request that is programmatically provided by a first client via the first programmatic interface to facilitate establishment of a secure connection to a first private computer network that is provided by the configurable network service for use by the first client, the request corresponding to supplying a remote location of the first client with a networking device and with configuration information for use in configuring the networking device to establish the secure connection from the remote location to the first private computer network; and
  
  responding to the received request by,determining one of multiple types of networking devices that are sold by a retailer based on at least one of a group of actions including retrieving information from the first client in the received request, interacting with one or more computing systems of the first client at the remote location, and querying the first client to identify the one networking device type from indications supplied to the first client of the multiple networking device types;
  
  interacting with the retailer to acquire the networking device for the first client, the interacting including providing an indication to the retailer of the determined type of networking device to be acquired for the first client and including supplying the retailer with an identification of the remote location to cause the acquired networking device of the determined type to be delivered to the remote location;
  
  generating the configuration information for use in configuring the networking device to establish the secure connection from the remote location to the first private computer network, the configuration information being specific to the configurable network service; and
  
  initiating providing of the generated configuration information to the remote location of the first client for use with the acquired networking device to establish the secure connection from the remote location to the first private computer network.

31. A configured computing system comprising:
- one or more processors; and
  
  one or more modules of a configurable network service that are configured to, when executed by at least one of the one or more processors;
  
  receive a request that is programmatically provided by a first client via a first programmatic interface of the configurable network service to facilitate establishment of a secure connection to a first private computer network that is provided by the configurable network service for use by the first client, the request corresponding to supplying a remote location of the first client with a networking device and with configuration information for use in configuring the networking device to establish the secure connection from the remote location to the first private computer network; and
  
  respond to the received request by,determining one of multiple types of networking devices that are sold by a retailer based on at least one of a group of actions including retrieving information from the first client in the received request, interacting with one or more computing systems of the first client at the remote location, and querying the first client to identify the one networking device type from indications supplied to the first client of the multiple networking device types;
  
  interacting with the retailer to acquire the networking device for the first client, the interacting including providing an indication to the retailer of the determined type of networking device to be acquired for the first client and including supplying the retailer with an identification of the remote location to cause the acquired networking device of the determined type to be delivered to the remote location;
  
  generating the configuration information for use in configuring the networking device to establish the secure connection from the remote location to the first private computer network, the configuration information being specific to the configurable network service; and
  
  initiating providing of the generated configuration information to the remote location of the first client for use with the acquired networking device to establish the secure connection from the remote location to the first private computer network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Doane, Andrew J., Brandwine, Eric Jason
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
Cribbs, Malcolm

Application Number

US12/332,231
Time in Patent Office

1,280 Days
Field of Search

726/2, 726/3, 726/11, 726/14, 726/15, 713/153
US Class Current

726/15
CPC Class Codes

H04L 61/5069   for group communication, mu...

H04L 63/0272   Virtual private networks

H04L 63/10   for controlling access to d...

H04L 67/34   involving the movement of s...

H04L 67/52   specially adapted for the l...

H04L 67/75   Indicating network or usage...

Establishing secure remote access to private computer networks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

156 Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Establishing secure remote access to private computer networks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

156 Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links