Provisioning of a shippable storage device and ingesting data from the shippable storage device
First Claim
1. A system, comprising:
- one or more computing devices connected to a network of a storage service provider;
at least one shippable storage device received from a client of the storage service provider, wherein the at least one shippable storage device is attached to the network of the storage service provider; and
a data ingestion service implemented on at least one of the one or more computing devices, wherein the data ingestion service is configured to;
determine information for a data import job associated with the shippable storage device;
obtain, based on the information for the data import job, security information and one or more stored keys stored by the storage service provider;
authenticate the shippable storage device based on the security information;
obtain encrypted keys and encrypted data from the shippable storage device;
decrypt one or more of the encrypted keys using the one or more keys stored by the storage service provider to generate decrypted keys;
decrypt the encrypted data based on usage of the decrypted keys to generate decrypted data; and
store the decrypted data at one or more locations at the storage service provider indicated by the information for the data import job.
0 Assignments
0 Petitions
Accused Products
Abstract
When a client requests a data import job, a remote storage service provider provisions a shippable storage device that will be used to transfer client data from the client to the service provider for import. The service provider generates security information for the data import job, provisions the shippable storage device with the security information, and sends the shippable storage device to the client. The service provider also sends client-keys to the client, separate from the shippable storage device (e.g., via a network). The client receives the device, encrypts the client data and keys, transfers the encrypted data and keys onto the device, and ships it back to the service provider. The remote storage service provider authenticates the storage device, decrypts client-generated keys using the client-keys stored at the storage service provider, decrypts the data using the decrypted client-side generated keys, and imports the decrypted data.
42 Citations
20 Claims
-
1. A system, comprising:
-
one or more computing devices connected to a network of a storage service provider; at least one shippable storage device received from a client of the storage service provider, wherein the at least one shippable storage device is attached to the network of the storage service provider; and a data ingestion service implemented on at least one of the one or more computing devices, wherein the data ingestion service is configured to; determine information for a data import job associated with the shippable storage device; obtain, based on the information for the data import job, security information and one or more stored keys stored by the storage service provider; authenticate the shippable storage device based on the security information; obtain encrypted keys and encrypted data from the shippable storage device; decrypt one or more of the encrypted keys using the one or more keys stored by the storage service provider to generate decrypted keys; decrypt the encrypted data based on usage of the decrypted keys to generate decrypted data; and store the decrypted data at one or more locations at the storage service provider indicated by the information for the data import job. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method, comprising:
performing, by a data ingestion service implemented on one or more computing devices of a storage service provider; determining a data import job associated with a shippable storage device received from a client, wherein the shippable storage device is attached to a network of the storage service provider; obtaining, based on the data import job, one or more stored keys stored by the storage service provider; obtaining encrypted keys and encrypted data from the shippable storage device; decrypting one or more of the encrypted keys using the one or more stored keys to generate one or more decrypted keys; decrypting the encrypted data based at least on usage of the one or more decrypted keys to generate decrypted data; and storing the decrypted data at one or more locations at the storage service provider. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
14. A non-transitory computer-accessible storage medium storing program instructions that, when executed on one or more processors of a data ingestion service cause the one or more processors to implement a data ingestion service to perform:
-
determining a data import job associated with a shippable storage device received from a client, wherein the shippable storage device is attached to a network of the storage service provider; obtaining, based on the data import job, one or more stored keys stored by the storage service provider; obtaining encrypted keys and encrypted data from the shippable storage device; decrypting one or more of the encrypted keys using the one or more stored keys to generate one or more decrypted keys; decrypting the encrypted data based at least on usage of the one or more decrypted keys to generate decrypted data; and storing the decrypted data at one or more locations at the storage service provider. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification