Storage gateway security model

US 9,203,801 B1
Filed: 01/24/2014
Issued: 12/01/2015
Est. Priority Date: 06/30/2011
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

initiating, by a storage gateway, at least one secure connection to a remote service provider for remotely managing the storage gateway and for storing customer data from a customer network to a remote data store via a storage service provided by the remote service provider, wherein the storage gateway operates between one or more customer processes on the customer network and the storage service to store customer data to the remote data store; and

receiving, by the storage gateway via the at least one secure connection to the remote service provider, management requests from a process on the customer network, wherein the management requests received by the storage gateway are specified by the process via a console process provided by the remote service provider.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, apparatus, and computer-accessible storage media for implementing a gateway to a remote service provider according to a security model. The gateway serves as an interface between processes on a customer network and the provider, for example to store customer data to a remote data store. The model may include an activation process initiated by the gateway to register with the provider and associate the gateway with a customer account; the gateway is provided with security credentials. The model may also include establishing secure connections to external processes, for example processes of the service provider. The gateway initiates connections; the external processes do not initiate connections. The model may also include the customer managing the gateway through the service provider. The model may also include encrypting communications between the gateway and the provider and the gateway including security credentials in communications to the provider.

37 Citations

20 Claims

1. A method, comprising:
- initiating, by a storage gateway, at least one secure connection to a remote service provider for remotely managing the storage gateway and for storing customer data from a customer network to a remote data store via a storage service provided by the remote service provider, wherein the storage gateway operates between one or more customer processes on the customer network and the storage service to store customer data to the remote data store; and
  
  receiving, by the storage gateway via the at least one secure connection to the remote service provider, management requests from a process on the customer network, wherein the management requests received by the storage gateway are specified by the process via a console process provided by the remote service provider.
- View Dependent Claims (2, 3, 4)
- - 2. The method as recited in claim 1, wherein the process on the customer network comprises a web interface and wherein the method further comprises:
    - receiving, by the web interface, customer information for logging on to a customer account associated with the storage gateway;
      
      associating the customer information with the storage gateway; and
      
      initiating, via the console process, one or more management requests for the storage gateway based on one or more management requests from the web interface, wherein the management requests for the storage gateway are received by a gateway control server of the remote service provider and provided to the storage gateway via the at least one secure connection.
  - 3. The method as recited in claim 2, further comprising operating, by the storage gateway, as an interface between the one or more customer processes on the customer network and the storage service to download customer data from the remote data store, and locally caching, by the storage gateway, frequently accessed customer data.
  - 4. The method as recited in claim 2, further comprising returning a status from the storage gateway to the console process via the gateway control server from which the storage gateway received the management requests.

5. A device, comprising:
- at least one processor; and
  
  a memory comprising program instructions, wherein the program instructions are executable by the at least one processor to implement a gateway process to perform;
  
  initiating at least one secure connection to a remote service provider for remotely managing the gateway process and for storing customer data from a customer network to a remote data store via a storage service provided to the customer by the remote service provider, wherein the gateway process operates between one or more customer processes on the customer network and the storage service to store customer data to the remote data store; and
  
  receiving via the at least one secure connection to the remote service provider, management instructions from an interface on the customer network, wherein the management instructions received by the gateway process are specified by the interface via a console process of the remote service provider.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12)
- - 6. The device as recited in claim 5, wherein the program instructions are further executable to perform encrypting communications sent from the gateway process to the remote service provider over the at least one secure connection.
  - 7. The device as recited in claim 5, wherein the management instructions received by the gateway process from the interface on the customer network via the secure connection to the remote data store instruct configuration changes or operational requests.
  - 8. The device as recited in claim 5, wherein the program instructions are further executable to cause the gateway process to perform accepting inbound connections only to one or more data ports exposed to customer processes on the customer network.
  - 9. The device as recited in claim 5, wherein the program instructions are executable to cause the gateway process to perform operating as an interface between the customer network and the storage service to download customer data from the remote data store.
  - 10. The device as recited in claim 5, wherein the program instructions are further executable to cause the gateway process to perform locally caching frequently accessed data.
  - 11. The device as recited in claim 5, wherein the program instructions are further executable to perform returning a status from the gateway process to the console process via a gateway control server from which the gateway process received the management instructions from the interface on the customer network.
  - 12. The device as recited in claim 5, wherein the program instructions are further executable to perform implementing a virtual machine on the device, and wherein the gateway process is implemented on the virtual machine.

13. A non-transitory computer-readable storage medium storing program instructions that when executed by a computer implement a gateway process, the program instructions further executable to cause the gateway process to perform:
- initiating at least one secure connection to a remote service provider for remotely managing the gateway process and for storing customer data from a customer network to a remote data store via a storage service provided to the customer by the remote service provider, wherein the gateway process operates between one or more customer processes on the customer network and the storage service to store customer data to the remote data store; and
  
  receiving via the at least one secure connection to the remote service provider, management instructions from an interface on the customer network, wherein the management instructions received by the gateway process are specified by the interface via a console process of the remote service provider.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The non-transitory computer-readable storage medium as recited in claim 13, wherein the management instructions from the interface are initiated by an administrative process on the customer network via the console process of the remote service provider.
  - 15. The non-transitory computer-readable storage medium as recited in claim 13, wherein the management instructions received by the gateway process are associated with configuration change requests or operation requests.
  - 16. The non-transitory computer-readable storage medium as recited in claim 13, wherein the program instructions are further executable to cause the gateway process to perform providing an interface between the one or more customer processes on the customer network and the storage service to download customer data from the remote data store.
  - 17. The non-transitory computer-readable storage medium as recited in claim 13, wherein the program instructions are further executable to cause the gateway process to perform locally caching frequently accessed customer data.
  - 18. The non-transitory computer-readable storage medium as recited in claim 13, wherein the program instructions are further executable to perform returning a status from the gateway process to the console process via a gateway control server from which the gateway process received the management instructions from the interface on the customer network.
  - 19. The non-transitory computer-readable storage medium as recited in claim 13, wherein the gateway process is a virtual appliance that executes within a virtual machine on a device on the customer network.
  - 20. The non-transitory computer-readable storage medium as recited in claim 13, wherein to operate between one or more customer processes on the customer network and the storage service the program instructions further executable to cause the gateway process to perform:
    - presenting a data access interface on the customer network;
      
      converting data accesses by the one or more customer processes to the data access interface into service requests according to a service interface of the remote service provider; and
      
      sending the service requests to the remote service provider according to the service interface.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Sorenson, James Christopher III, Lin, Yun, Salyers, David Carl, Khetrapal, Ankur
Primary Examiner(s)
Smithers, Matthew

Application Number

US14/163,978
Time in Patent Office

676 Days
Field of Search

726/6, 726/7
US Class Current

1/1
CPC Class Codes

H04L 63/02   for separating internal fro...

H04L 63/0281   Proxies

H04L 63/08   for authentication of entit...

H04L 63/166   at the transport layer

H04L 67/1097   for distributed storage of ...

H04L 67/56   Provisioning of proxy servi...

Storage gateway security model

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

37 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Storage gateway security model

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

37 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links