Provisioning of a shippable storage device and ingesting data from the shippable storage device

US 9,934,389 B2
Filed: 12/18/2015
Issued: 04/03/2018
Est. Priority Date: 12/18/2015
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

one or more computing devices of a storage service provider; and

a provisioning service implemented on at least one of the one or more computing devices, wherein the provisioning service is configured to;

receive, from a client, a request to import data from the client to the storage service provider;

send, to the client, a data transfer tool for transferring the data onto at least one shippable storage device;

determine at least one encryption key to be used by the data transfer tool;

determine security information to be used by the data transfer tool;

generate a manifest that includes the at least one encryption key and at least some of the security information;

provision the at least one shippable storage device to be sent to the client;

in response to completion of the provisioning of the shippable storage device, indicate that the shippable storage device is ready for shipment to the client; and

send the manifest to the client.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

When a client requests a data import job, a remote storage service provider provisions a shippable storage device that will be used to transfer client data from the client to the service provider for import. The service provider generates security information for the data import job, provisions the shippable storage device with the security information, and sends the shippable storage device to the client. The service provider also sends client-keys to the client, separate from the shippable storage device (e.g., via a network). The client receives the device, encrypts the client data and keys, transfers the encrypted data and keys onto the device, and ships it back to the service provider. The remote storage service provider authenticates the storage device, decrypts client-generated keys using the client-keys stored at the storage service provider, decrypts the data using the decrypted client-side generated keys, and imports the decrypted data.

51 Citations

View as Search Results

20 Claims

1. A system, comprising:
- one or more computing devices of a storage service provider; and
  
  a provisioning service implemented on at least one of the one or more computing devices, wherein the provisioning service is configured to;
  
  receive, from a client, a request to import data from the client to the storage service provider;
  
  send, to the client, a data transfer tool for transferring the data onto at least one shippable storage device;
  
  determine at least one encryption key to be used by the data transfer tool;
  
  determine security information to be used by the data transfer tool;
  
  generate a manifest that includes the at least one encryption key and at least some of the security information;
  
  provision the at least one shippable storage device to be sent to the client;
  
  in response to completion of the provisioning of the shippable storage device, indicate that the shippable storage device is ready for shipment to the client; and
  
  send the manifest to the client.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system as recited in claim 1, wherein the provisioning service is further configured to:
    - receive, from the client device, credential information;
      
      in response to receiving the credential information from the client device, authenticate the client; and
      
      provide an indication to the client of a status of one or more data import jobs.
  - 3. The system as recited in claim 1, wherein the manifest further comprises:
    - at least one additional encryption key stored by the storage service provider, wherein the at least one additional encryption key is associated with at least one corresponding storage location of the data storage provider to store at least a portion of the imported data.
  - 4. The system as recited in claim 1, wherein the provisioning service is further configured to:
    - write at least a portion of the security information to the shippable storage device; and
      
      write address information of the client to the shippable storage device.
  - 5. The system as recited in claim 1, wherein the provisioning service is further configured to:
    - in response to determining that the client has received the shippable storage device;
      
      send the manifest to the client via a communication network; and
      
      send a code to the client for decrypting the manifest.
  - 6. The system as recited in claim 1, wherein the provisioning service is further configured to:
    - write an operating system to the shippable storage device; and
      
      write at least a portion of the security information to the shippable storage device, wherein the at least a portion of the security information is configured to provide mutual authentication between the shippable storage device and the data transfer tool.

7. A method, comprising:
- performing, by a provisioning service implemented on one or more computing devices of a storage service provider;
  
  receiving, from a client, a request to import data from the client to the storage service provider;
  
  determining at least one encryption key associated with importing the data;
  
  generating information that includes the at least one encryption key;
  
  provisioning a shippable storage device to be sent to the client;
  
  in response to completion of the provisioning of the shippable storage device, indicating that the shippable storage device is ready for sending to the client; and
  
  sending the information to the client.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15)
- - 8. The method as recited in claim 7, further comprising:
    - sending, to the client separate from the information, a data transfer tool for transferring the data onto the at least one shippable storage device.
  - 9. The method as recited in claim 8, wherein the generated information includes security information for use by the data transfer tool for authenticating the shippable storage device.
  - 10. The method as recited in claim 9, wherein the at least one encryption key comprises a first encryption key stored by the storage service provider and at least a second encryption key stored by the storage service provider.
  - 11. The method as recited in claim 10, wherein the first encryption key is associated with a first data storage location at the storage service provider and the at least a second encryption key is associated with a second data storage location at the storage service provider.
  - 12. The method as recited in claim 9, wherein the security information comprises:
    - at least a first portion of security information that is configured for authenticating the shippable storage device; and
      
      at least a second portion of security information that is configured for authenticating the data transfer tool by the shippable storage device.
  - 13. The method as recited in claim 7, further comprising:
    - sending, to the client, a code for decrypting the information sent to the client, wherein the information is sent to the client via a communication network.
  - 14. The method as recited in claim 7, further comprising:
    - writing an operating system to the shippable storage device; and
      
      writing address information of the client to the shippable storage device to be displayed by the shippable storage device.
  - 15. The method as recited in claim 7, further comprising:
    - writing at least a portion of the security information to the shippable storage device, wherein the at least a portion of the security information is configured to provide mutual authentication between the shippable storage device and the data transfer tool.

16. A non-transitory computer-readable storage medium storing program instructions that, when executed by one or more computing devices, cause the one or more computing devices to implement:
- performing, by a provisioning service of a storage service provider;
  
  receiving, from a client, a request to import data from the client to the storage service provider;
  
  determining at least one encryption key associated with importing the data;
  
  generating information that includes the at least one encryption key;
  
  provisioning a shippable storage device to be sent to the client;
  
  in response to completion of the provisioning of the shippable storage device, indicating that the shippable storage device is ready for sending to the client; and
  
  sending the information to the client.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The non-transitory, computer-readable storage medium of claim 16, wherein the program instructions cause the one or more computing devices to further implement:
    - sending, to the client separate from the information, a data transfer tool for transferring the data onto the at least one shippable storage device.
  - 18. The non-transitory, computer-readable storage medium of claim 17, wherein the generated information includes security information for use by the data transfer tool for authenticating the shippable storage device.
  - 19. The non-transitory, computer-readable storage medium of claim 18, wherein the at least one encryption key comprises:
    - a first encryption key stored by the storage service provider and associated with a first data storage location at the storage service provider; and
      
      at least a second encryption key stored by the storage service provider and associated with at least a second data storage location at the storage service provider.
  - 20. The non-transitory, computer-readable storage medium of claim 16, wherein the program instructions cause the one or more computing devices to further implement:
    - sending, to the client, a code for decrypting the information sent to the client, wherein the information is sent to the client via a communication network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Paterra, Frank, Basarir, Firat
Primary Examiner(s)
LE, CHAU D

Application Number

US14/975,363
Publication Number

US 20170177883A1
Time in Patent Office

837 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/44   Program or device authentic...

G06F 21/606   by securing the transmissio...

G06F 21/80   in storage media based on m...

G06Q 10/00   Administration; Management

G06Q 10/06   Resources, workflows, human...

G06Q 10/06314   Calendaring for a resource

G06Q 10/08   Logistics, e.g. warehousing...

G06Q 10/083   Shipping

H04L 63/0428   wherein the data content is...

H04L 9/0822   using key encryption key

H04L 9/0897   involving additional device...

H04L 9/3263   involving certificates, e.g...

Provisioning of a shippable storage device and ingesting data from the shippable storage device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

51 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Provisioning of a shippable storage device and ingesting data from the shippable storage device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

51 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others