Techniques for providing remote computing services

US 8,595,806 B1
Filed: 09/21/2010
Issued: 11/26/2013
Est. Priority Date: 09/21/2010
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for providing remote computing services, comprising:

under the control of one or more computer systems configured with executable instructions,receiving, at an authentication service, an access key request from a user device, the access key request including data derived from information permanently embedded in the user device;

determining, at the authentication service, based at least on the access key request, whether to provide access to a remote computing service distinct from the authentication service, the remote computing service configured to maintain virtual machines corresponding to authorized user devices;

at a time after a determination has been made to provide access to the remote computing service, transmitting, from the authentication service, an access key to the user device;

receiving, at the remote computing service, a request for access to the remote computing service from the user device, the request for access including the access key provided by the authentication service;

authenticating, at the remote computing service, based at least in part on the received access key, the user device as authorized to access a virtual machine maintained by the remote computing service; and

at a time after the user device has been authenticated, providing access to the remote computing service by at least;

receiving, from the user device, first information identifying user input made in connection with the user device;

executing, based at least in part on the received information, an operating system, the operating system including a graphical user interface; and

providing, to the user device, second information that enables the user device to display the graphical user interface of the operating system in a current operational state.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques, including systems and methods, for providing access to remote computing services are described and suggested herein. In an embodiment, a first computer system provides a key to a user device over a network. The user device provides the received key to a second computer system that uses the key to authenticate the user device. The second computer system executes an operating system for the user device according to instructions received from the user device. Results of execution of the operating system are provided to the user device.

Citations

27 Claims

1. A computer-implemented method for providing remote computing services, comprising:
- under the control of one or more computer systems configured with executable instructions,receiving, at an authentication service, an access key request from a user device, the access key request including data derived from information permanently embedded in the user device;
  
  determining, at the authentication service, based at least on the access key request, whether to provide access to a remote computing service distinct from the authentication service, the remote computing service configured to maintain virtual machines corresponding to authorized user devices;
  
  at a time after a determination has been made to provide access to the remote computing service, transmitting, from the authentication service, an access key to the user device;
  
  receiving, at the remote computing service, a request for access to the remote computing service from the user device, the request for access including the access key provided by the authentication service;
  
  authenticating, at the remote computing service, based at least in part on the received access key, the user device as authorized to access a virtual machine maintained by the remote computing service; and
  
  at a time after the user device has been authenticated, providing access to the remote computing service by at least;
  
  receiving, from the user device, first information identifying user input made in connection with the user device;
  
  executing, based at least in part on the received information, an operating system, the operating system including a graphical user interface; and
  
  providing, to the user device, second information that enables the user device to display the graphical user interface of the operating system in a current operational state.
- View Dependent Claims (2, 3, 23, 24, 25, 26, 27)
- - 2. The computer-implemented method of claim 1, wherein the user device is associated with a user account of the user and wherein determining whether to provide access to the remote computing service includes:
    - accessing the user account to determine whether the user device is to be used in connection with a preexisting configuration of the operating system or a new configuration of the operating system, the preexisting configuration of the operating system resulting from past use of the operating system by at least one user associated with the user account; and
      
      at a time after a determination has been made that the user device is to be used in connection with a preexisting configuration of the operating system;
      
      requesting additional authentication information from the user;
      
      receiving the requested authentication information from the user; and
      
      authenticating, based at least in part on the received requested authentication information, the user device.
  - 3. The computer-implemented method of claim 2, wherein, at a time after a determination has been made that the user device is to be used in connection with a new configuration of the operating system, the method includes determining to provide the access key without requesting the additional authentication information from the user.
  - 23. The computer-implemented method of claim 1, further comprising:
    - receiving, at the authentication service, an acquaintance key request from the user device, the acquaintance key request including an identifier of an acquaintance device distinct from the user device;
      
      responsive to the acquaintance key request, providing, from the authentication service, an acquaintance key distinct from the access key;
      
      receiving, at the remote computing service, a request for access to the virtual machine from the acquaintance device, the request for access including the acquaintance key provided by the authentication service; and
      
      authenticating, at the remote computing service, based at least in part on the received acquaintance key, the acquaintance device as authorized to access the virtual machine.
  - 24. The computer-implemented method of claim 23, wherein the identifier of the acquaintance device corresponds to a network address of the acquaintance device and the authenticate service provides the acquaintance key to the acquaintance device at the network address over a secure communication channel.
  - 25. The computer-implemented method of claim 23, wherein, based at least in part on the acquaintance key, the remote computing service enables substantially simultaneous interaction with the virtual machine by the user device and the acquaintance device.
  - 26. The computer-implemented method of claim 23, wherein, based at least in part on the acquaintance key, the remote computing service disables access to the virtual machine by the user device while the acquaintance device has access to the virtual machine.
  - 27. The computer-implemented method of claim 1, wherein the data derived from information permanently embedded in the user device includes a unique identifier of the user device and the access key is generated at least in part by a pseudorandom number generator seeded with at least the unique identifier of the user device.

4. A system for providing remote computing services, comprising:
- an authentication service operable to, at least;
  
  receive from a user device a key request that includes data derived from information incorporated with the user device;
  
  determine whether to provide the user device access to a virtual machine based at least in part on the data in the key request;
  
  responsive to at least receiving the key request, transmit a first key to a user device;
  
  one or more computing devices located remotely from the user device and collectively operable to, at least;
  
  maintain a plurality of virtual machines corresponding to a plurality of user devices;
  
  receive the first key from the user device;
  
  authenticate the user device as authorized to access the virtual machine using the received first key;
  
  execute an operating system for the user device; and
  
  provide results of executing the operating system to the user device.
- View Dependent Claims (5, 6, 7, 8, 9, 10, 11)
- - 5. The system of claim 4, further comprising a data store that associates a plurality of user accounts with the plurality of user devices, the plurality of user devices including the user device from which the key request was received, and wherein the authentication service is further operable to, at a time after receipt of the key request, access the data store to determine a status of the user account associated with the user device, and wherein transmitting the first key to the user device is conditional on the account status.
  - 6. The system of claim 5, wherein the data derived from information embedded in the user device includes a unique identifier of the user device, and wherein the authentication service uses the unique identifier to determine the status of the user account.
  - 7. The system of claim 4, further comprising a messaging proxy operable to transmit a second key to the user device, and wherein the one or more computing devices are collectively operable to receive the second key, and wherein authenticating the user device as authorized to access the virtual machine is based at least in part on both the received first key and the received second key.
  - 8. The system of claim 4, wherein the first key is active for a limited time period and wherein the authentication service is operable to periodically transmit new, time-limited keys to the user device, and wherein the one or more computing devices are further collectively operable to receive the new, time-limited keys from the user device and re-authenticate the user device using the received new, time-limited keys in order to continuously provide the results of executing the operating system.
  - 9. The system of claim 4, wherein executing the operating system includes executing the operating system in the virtual machine.
  - 10. The system of claim 4, wherein the information incorporated with the user device is permanently incorporated with the user device.
  - 11. The system of claim 4, wherein providing results of executing the operating system includes providing to the user device information that enables the user device to display a graphical user interface for allowing a user of the user device to control at least a portion of execution of the operating system.

12. A computer-implemented method of providing access to remote computing services, comprising:
- under the control of a plurality of computer systems configured with executable instructions and located remotely from a first user device,receiving data derived from information incorporated with the first user device;
  
  determining whether to provide the first user device access to a virtual machine based at least in part on the data;
  
  transmitting, by a first computer system, a first key to the first user device;
  
  maintaining a plurality of virtual machines corresponding to a plurality of user devices;
  
  receiving, by a second computer system, the first key from the first user device;
  
  authenticating, by the second computer system, the first user device as authorized to access the virtual machine using the received first key;
  
  at a time after the first user device is authenticated by the second computer system, executing an operating system for the first user device; and
  
  providing information corresponding to execution of the operating system to the first user device.
- View Dependent Claims (13, 14, 15)
- - 13. The computer-implemented method of claim 12, further comprising:
    - transmitting a second key to a second user device; and
      
      receiving, by the second computer system, the second key; and
      
      wherein authenticating the first user device using the received first key is based at least in part on the received second key.
  - 14. The computer-implemented method of claim 13, wherein the second device is a mobile device and wherein transmitting the second key to the second user devices includes sending an SMS message to the mobile device.
  - 15. The computer-implemented method of claim 12, wherein the first key is active for a time period and wherein authenticating the first user device using the received first key includes checking whether the time period has been exceeded.

16. One or more computer-readable storage media having collectively stored thereon instructions for causing a computer system to perform a process of providing access to remote computing services, the computer system including a first subsystem and a second subsystem, the process comprising:
- determining whether to provide a user device with access to a virtual machine based at least in part on data derived from information incorporated with a user device;
  
  transmitting, by the first subsystem and responsive to a determination to provide the user device with access to the virtual machine, a key to the user device;
  
  maintaining a plurality of virtual machines corresponding to a plurality of user devices;
  
  receiving, by the second subsystem, the key from the user device;
  
  authenticating, by the second subsystem, the user device as authorized to access the virtual machine using the received key;
  
  at a time after the user device is authenticated by the second subsystem, executing an operating system for the user device; and
  
  providing information corresponding to execution of the operating system to the user device.
- View Dependent Claims (17, 18)
- - 17. The one or more computer-readable storage media of claim 16, wherein the process further comprises:
    - receiving a request for an acquaintance key;
      
      authenticating, based at least in part on the acquaintance key, an acquaintance device as authorized to access the virtual machine; and
      
      at a time after the acquaintance device is authenticated, providing information corresponding to execution of the operating system to the acquaintance device.
  - 18. The one or more computer-readable storage media of claim 16, wherein the process further includes providing at least some of the information corresponding to execution of the operating system to a second device different from user device.

19. A user device for accessing a remote computing service, comprising:
- a display device;
  
  an input device;
  
  at least one processor; and
  
  memory, including instructions executable by the at least one processor that cause the user device to, at least;
  
  detect a connection to a network;
  
  at a time after detection of the connection to the network, send, to a first computer system, a key request including data derived from information incorporated with the user device;
  
  receive a key responsive to the key request and a determination to provide the user device with access to a virtual machine based at least in part on the data derived from information incorporated with the user device;
  
  provide the received key to a second computer system for authentication by the second computer system as authorized to access the virtual machine;
  
  receive, by the input device, user input;
  
  at a time after authentication, provide information corresponding to the user input to the second computer system in order to control an operating system executing on the second computer system;
  
  receive information corresponding to operation of the operating system; and
  
  modify a display of the display device according to the received information corresponding to operation of the operating system.
- View Dependent Claims (20, 21, 22)
- - 20. The user device of claim 19, wherein the instructions cause the user device to, upon a first detection of a network connection, send the key request including data derived from the information incorporated with the user device to a pre-programmed network location stored in the memory.
  - 21. The user device of claim 19, wherein the user device is incapable of executing the operating system.
  - 22. The user device of claim 19, wherein the executable instructions further cause the user device to receive authentication input from the user and provide the received authentication input to the second computer system for authentication with the provided received key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Gabrielson, Jacob
Primary Examiner(s)
Pollack, Melvin H

Application Number

US12/886,852
Time in Patent Office

1,162 Days
Field of Search

709/7
US Class Current

726/7
CPC Class Codes

G06F 21/629   to features or functions of...

H04L 63/0853   using an additional device,...

H04L 63/0876   based on the identity of th...

H04L 63/18   using different networks or...

Techniques for providing remote computing services

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Techniques for providing remote computing services

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links