What technology area does this patent fall under?

Primary CPC classification H04L63/0236. Mapped technology areas include Electricity.

When was this patent published?

Publication date Thu Dec 22 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).

Managing dynamic ip address assignments

US2016373405A1 · US · A1

Patent metadata
Field	Value
Publication number	US-2016373405-A1
Application number	US-201514741148-A
Country	US
Kind code	A1
Filing date	Jun 16, 2015
Priority date	Jun 16, 2015
Publication date	Dec 22, 2016
Grant date	—

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Various systems and processes may be used to manage Internet Protocol (IP) addresses that are dynamically assigned. In particular implementations, systems and processes for managing IP addresses that are dynamically assigned may include the ability to determine whether an identifier for a web service has been received from a customer having one or more virtual machines in a service provider network, the web service being accessible by the customer's virtual machines over an external communication network. The systems and processes may also include the ability to determine a number of IP addresses for the web service, identify virtual machines of the customer that are allowed to communicate with the web service, generate one or more IP address lists for the identified virtual machines, and update security tables for the identified virtual machines with the IP address lists at server computers hosting the identified virtual machines.

First claim

Opening claim text (preview).

What is claimed is: 1 . A computer-readable storage medium having computer-executable instructions stored thereupon that, when executed by a computer system, cause the computer system to: receive, via a graphical user interface, a selection of an identifier for a web service by a customer of a service provider network, the service provider network having server computers hosting one or more virtual machines for the customer web service; determine one or more public IP addresses for the web service; identify virtual machines of the customer in the service provider network that are allowed to communicate with the web service; generate IP address lists for the identified virtual machines, the IP address lists including the one or more public IP addresses for the web service; and update security tables for the identified virtual machines with the generated IP address lists at server computers hosting the identified virtual machines. 2 . The computer readable storage medium of claim 1 , having further computer-executable instructions stored thereupon which, when executed by a computer system, cause the computer system to: determine whether one or more computer network addresses for the web service have changed; confirm the computer network addresses for the web service; generate one or more updated computer network address lists for the identified virtual machines, the computer network address lists including the computer network addresses for the web service; and update the security tables for the identified virtual machines with the updated computer network address lists at the server computers hosting the virtual machines. 3 . The computer readable storage medium of claim 2 , wherein determining whether one or computer network addresses for the web service have changed comprises receiving notice of one or more new computer network addresses for the web service. 4 . The computer readable storage medium of claim 2 , having further computer-executable instructions stored thereupon which, when executed by a computer system, cause the computer system to: determine that the computer network address lists have been distributed to the server computers hosting the identified virtual machines; and generate a notification for the web service that it is safe to begin using the new computer network addresses. 5 . A method for managing Internet Protocol (IP) address assignment, the method comprising: receiving, from a user, a specification of an identifier for a web service and an indication of one or more virtual machines of the user, the identifier associated with network addresses for the web service; generating one or more network address lists for the one or more virtual machines based at least in part on the specification of the identifier, the network address lists including the network addresses for the web service; and updating security tables for the one or more virtual machines with the address lists at server computers hosting the one or more virtual machines, the security tables used by the server computers to at least determine whether to allow communications addressed to or from the network addresses for the service. 6 . The method of claim 5 , further comprising: determining whether one or more IP addresses for the web service have changed; confirming the IP addresses for the web service; generating one or more updated IP address lists for virtual machines in the service provider network, the IP address lists including the IP addresses for the web service; and updating the security tables for the virtual machines with the updated IP address lists at the server computers hosting the virtual machines. 7 . The method of claim 6 , wherein determining whether one or IP addresses for the web service have changed comprises receiving notice of one or more new IP addresses for the web service. 8 . The method of claim 7 , further comprising: determining that the IP address lists have been distributed to the server computers hosting the identified virtual machines; and generating a notification for the web service that it is safe to begin using the new IP addresses. 9 . The method of claim 5 , wherein determining whether one or more IP addresses for the web service have changed comprises receiving notice that one or more IP addresses for the web service are to be deleted. 10 . The method of claim 9 , further comprising: determining that the IP address lists have been distributed to the server computers hosting the identified virtual machines; and generating a notification for the web service that it is safe to remove the IP addresses. 11 . The method of claim 5 , wherein generating one or more network address lists for the one or more virtual machines based at least in part on the specification of the identifier comprises merging the network addresses for the web service with network addresses specified for the virtual machines. 12 . The method of claim 5 , wherein generating one or more network address lists for the one or more virtual machines based at least in part on the specification of the identifier comprises expanding a network address prefix into a plurality of network addresses. 13 . The method of claim 5 , further comprising generating a notification regarding a change in IP address for security groups associated with the web service. 14 . The method of claim 5 , further comprising: receiving a customer selection of a web service for a security group; determining whether a web service version is proximate the customer resources; recommending use of the web service version proximate the customer resources; receiving a customer selection of a web service version; and associating the selected web service version with the security group. 15 . A system, comprising: one or more computing devices comprising processing units and memory; the one or more computing devices configured to: receiving, from a user, a specification of an identifier for a web service and an indication of one or more virtual machines of the user, the identifier associated with network addresses for the web service; generate one or more network address lists for the one or more virtual machine based at least in part of the specification of the identifier, the network address lists including the network addresses for the web service; and update security tables for the one or more virtual machines with the address lists at server computers hosting the one or more virtual machines, the security tables used by the server computers to at least determine whether to allow communication addressed to or from the network addresses for the service. 16 . The system of claim 15 , wherein the computing devices are further configured to: determine whether one or more IP addresses for the web service have changed; confirm the IP addresses for the web service; generate one or more updated IP address lists for virtual machines in the service provider network, the IP address lists including the IP addresses for the web service; and update the security tables for the virtual machines with the updated IP address lists at the server computers hosting the virtual machines. 17 . The system of claim 16 , wherein determining whether one or IP addresses for the web service have changed comprises receiving notice of one or more new IP addresses for the web service. 18 . The system of claim 17 , wherein the computing devices are further configured to: determine that the IP address lists have been distributed to the server computers

Assignees

Amazon Tech Inc

Inventors

Classifications

H04L63/101
Access control lists [ACL] · CPC title
H04L63/20
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
H04L63/108
when the policy decisions are valid for a limited amount of time · CPC title
H04L63/0236Primary
Filtering by address, protocol, port number or service, e.g. IP-address or URL · CPC title
H04L61/30
Managing network names, e.g. use of aliases or nicknames (name-to-address mapping H04L61/45) · CPC title

Patent family

Related publications grouped by family.

View patent family 56360488

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US2016373405A1 cover?: Various systems and processes may be used to manage Internet Protocol (IP) addresses that are dynamically assigned. In particular implementations, systems and processes for managing IP addresses that are dynamically assigned may include the ability to determine whether an identifier for a web service has been received from a customer having one or more virtual machines in a service provider net…
Who is the assignee on this patent?: Amazon Tech Inc
What technology area does this patent fall under?: Primary CPC classification H04L63/0236. Mapped technology areas include Electricity.
When was this patent published?: Publication date Thu Dec 22 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).