Virtual communication endpoint services

US 9,888,041 B2
Filed: 09/09/2016
Issued: 02/06/2018
Est. Priority Date: 11/20/2012
Status: Active Grant

First Claim

Patent Images

1. A system for managing requests for a service, comprising:

at least one processor; and

memory storing instructions that, when executed by the at least one processor, cause the system to;

receive a request to define a virtual endpoint for the service, the service being offered by a customer using one or more resources of a multi-tenant environment, the request including information associated with an endpoint interface for the service;

define the virtual endpoint for the service in response to receiving the request; and

enable access to the endpoint interface for the service by a virtual load balancer of the multi-tenant environment, the virtual load balancer configured to;

receive a communication to the virtual endpoint from a computing device of a user, the communication including a signature generated using at least one security credential;

determine whether the signature is a valid signature and whether the communication is allowed according to one or more policies associated with the communication; and

forward the communication to the endpoint interface for the service when the signature is a valid signature and the communication is determined to be allowed.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Customers can utilize resources of a multi-tenant environment to provide one or more services available to various users. In order to simplify the process for these customers, the multi-tenant environment can include an infrastructure wherein a portion of the resources provide an authentication and/or authorization service that can be leveraged by the customer services. These resources can logically sit in front of the resources used to provide the customer services, such that a user request must pass through the authorization and authentication service before being directed to the customer service. Such resources can provide other functionality as well, such as load balancing and metering.

61 Citations

View as Search Results

20 Claims

1. A system for managing requests for a service, comprising:
- at least one processor; and
  
  memory storing instructions that, when executed by the at least one processor, cause the system to;
  
  receive a request to define a virtual endpoint for the service, the service being offered by a customer using one or more resources of a multi-tenant environment, the request including information associated with an endpoint interface for the service;
  
  define the virtual endpoint for the service in response to receiving the request; and
  
  enable access to the endpoint interface for the service by a virtual load balancer of the multi-tenant environment, the virtual load balancer configured to;
  
  receive a communication to the virtual endpoint from a computing device of a user, the communication including a signature generated using at least one security credential;
  
  determine whether the signature is a valid signature and whether the communication is allowed according to one or more policies associated with the communication; and
  
  forward the communication to the endpoint interface for the service when the signature is a valid signature and the communication is determined to be allowed.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein the multi-tenant environment comprises a plurality of resources that are shared among a plurality of customers and the instructions that, when executed by the at least one processor, further cause the system to allocate a resource for use by the service.
  - 3. The system of claim 1, wherein determining whether the signature is a valid signature includes:
    - determining whether the user has an account with the multi-tenant environment; and
      
      determining whether the signature was generated using a credential associated with at least one of the user, the customer, or the account with the multi-tenant environment.
  - 4. The system of claim 1, wherein the one or more policies associated with the communication are specified by the customer.
  - 5. The system of claim 1, wherein the virtual endpoint is offered through a request management service, the request management service provided using one or more resources external to, or part of, the multi-tenant environment.
  - 6. The system of claim 5, wherein the request management service is configured to monitor a plurality of requests to determine at least one trend associated with the plurality of requests.
  - 7. The system of claim 6, wherein the request management service is further configured to determine the at least one trend associated with a plurality of denied requests and block a subsequent request based on the at least one determined trend.

8. A computer-implemented method, comprising:
- receiving, by a virtual load balancer of a multi-tenant environment, a communication to a virtual endpoint from a computing device of a user, the communication including a signature generated using at least one security credential, the virtual endpoint being defined by the multi-tenant environment in response to receiving a request to define the virtual endpoint from a customer of the multi-tenant environment;
  
  determining, by the virtual load balancer of the multi-tenant environment, whether the signature is a valid signature and whether the communication is allowed according to one or more policies associated with the communication; and
  
  forwarding, by the virtual load balancer of the multi-tenant environment, the communication to an endpoint interface for a service when the signature is a valid signature and the communication is determined to be allowed.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The computer-implemented method of claim 8, further comprising:
    - allocating a resource of the multi-tenant environment for use by the service, the multi-tenant environment comprising a plurality of resources that are shared among a plurality of customers.
  - 10. The computer-implemented method of claim 8, wherein determining whether the signature is a valid signature further comprises:
    - determining whether the user has an account with the multi-tenant environment; and
      
      determining whether the signature was generated using a credential associated with at least one of the user, the customer, or the account with the multi-tenant environment.
  - 11. The computer-implemented method of claim 8, further comprising:
    - receiving from the customer one or more policies that specify indicia of allowable communications.
  - 12. The computer-implemented method of claim 8, further comprising:
    - monitoring a plurality of requests; and
      
      determining at least one trend associated with the plurality of requests.
  - 13. The computer-implemented method of claim 12, further comprising:
    - determining at least one trend associated with a plurality of denied requests; and
      
      blocking a subsequent request based on the at least one determined trend.

14. A non-transitory computer-readable storage medium including instructions that, when executed by at least one processor of a computer system, cause the computer system to:
- receive a request to define a virtual endpoint for a service, the service being offered by a customer using one or more resources of a multi-tenant environment, the request including information associated with an endpoint interface for the service;
  
  define the virtual endpoint for the service in response to receiving the request; and
  
  enable access to the endpoint interface for the service by a virtual load balancer of the multi-tenant environment, the virtual load balancer configured to;
  
  receive a communication to the virtual endpoint from a computing device of a user, the communication including a signature generated using at least one security credential;
  
  determine whether the signature is a valid signature and whether the communication is allowed according to one or more policies associated with the communication; and
  
  forward the communication to the endpoint interface for the service when the signature is a valid signature and the communication is determined to be allowed.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The non-transitory computer-readable storage medium of claim 14, wherein the instructions, when executed, further cause the computer system to:
    - allocate a resource of the multi-tenant environment for use by the service, the multi-tenant environment comprising a plurality of resources that are shared among a plurality of customers.
  - 16. The non-transitory computer-readable storage medium of claim 14, wherein the instructions for determining whether the signature is a valid signature further include instructions that when executed cause the computer system to:
    - determine whether the user has an account with the multi-tenant environment; and
      
      determine whether the signature was generated using a credential associated with at least one of the user, the customer, or the account with the multi-tenant environment.
  - 17. The non-transitory computer-readable storage medium of claim 14, wherein the instructions when executed further cause the computer system to:
    - receive from the customer the one or more policies that specify indicia of allowable communications.
  - 18. The non-transitory computer-readable storage medium of claim 14, wherein the instructions when executed further cause the computer system to:
    - offer the virtual endpoint through a request management service, the request management service provided using one or more resources external to, or part of, the multi-tenant environment.
  - 19. The non-transitory computer-readable storage medium of claim 18, wherein the instructions when executed further cause the computer system to:
    - monitor by the request management service a plurality of requests to determine at least one trend associated with the plurality of requests.
  - 20. The non-transitory computer-readable storage medium of claim 19, wherein the instructions when executed further cause the computer system to:
    - determine by the request management service at least one trend associated with a plurality of denied requests and block a subsequent request based on the at least one determined trend.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Roth, Gregory Branchek, Baer, Graeme David, Brandwine, Eric Jason
Primary Examiner(s)
ZHAO, DON GORDON

Application Number

US15/261,069
Publication Number

US 20170126746A1
Time in Patent Office

515 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/6218   to a system of files or obj...

H04L 63/0218   Distributed architectures, ...

H04L 63/0272   Virtual private networks

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/0861   using biometrical features,...

H04L 63/10   for controlling access to d...

H04L 63/123   received data contents, e.g...

H04L 63/1458   Denial of Service

H04L 63/168   above the transport layer

H04L 63/205   involving negotiation or de...

H04L 67/10   in which an application is ...

H04L 67/1001   for accessing one among a p...

Virtual communication endpoint services

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

61 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Virtual communication endpoint services

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

61 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links