Techniques to store secret information for global data centers
First Claim
Patent Images
1. A computer-implemented method, comprising:
- generating a secret for a data center at a front end service comprising at least one server device;
receiving a request at the front end service to access a back end storage from a client device in the data center;
accessing the back end storage from the front end service using the secret generated for the data center without providing the secret to the client in the data center; and
returning a result of accessing the back end storage to the client.
3 Assignments
0 Petitions
Accused Products
Abstract
Techniques to store secret information for global data centers securely may provide a front end service for a back end data store. The front end service may be responsible for deployment, upgrade, and disaster recovery aspects, and so forth, of data center maintenance. Data centers may access data and data-related services from the back end data store through the front end service. Secrets that are needed to access secure data may be stored on behalf of the data centers without providing the secrets to the data centers.
79 Citations
20 Claims
-
1. A computer-implemented method, comprising:
-
generating a secret for a data center at a front end service comprising at least one server device; receiving a request at the front end service to access a back end storage from a client device in the data center; accessing the back end storage from the front end service using the secret generated for the data center without providing the secret to the client in the data center; and returning a result of accessing the back end storage to the client. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An article comprising computer readable memory, the computer readable memory comprising instructions that when executed by a processor cause a system to:
-
generate a secret for a data center at a front end service; store the secret on a back end storage not directly accessible to the data center; receive a request at the front end service to access the back end storage from a client in the data center; perform a validation process on the request; access the back end storage from the front end service using the secret generated for the data center, when the request is validated and without providing the secret to the requesting client; prevent access to data on the back end storage protected by the secret and generate a new secret for the data center, when the request is not validated; and return a result of the validation process to the client. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. An apparatus, comprising:
-
a processor; a front end service stored in memory and executing on the processor to; receive, from a client device in a data center, a request to access at least one of data and a service on a back end storage, wherein the request does not contain a secret to access the back end storage; prompt the back end storage to determine information identifying a secret generated for the data center; and access the back end storage using the secret generated for the data center, when the request is validated, and without providing the secret to the client device; and return a result of accessing the back end storage to the client. - View Dependent Claims (17, 18, 19, 20)
-
Specification