公开(公告)号：EP2904539A4

公开(公告)日：2016-03-30

申请号：EP13844424

申请日：2013-09-27

申请人： AKAMAI TECH INC

发明人： LUDIN STEPHEN L ,  MISHRA SUDHIN ,  LISIECKI PHILIP A ,  NYGREN ERIK ,  DILLEY JOHN A ,  HALLIN KARL-ELIV J ,  HUNT JOSHUA

IPC分类号： G06F21/50 ,  G06F15/16 ,  G06F21/55 ,  H04L12/815 ,  H04L29/06

CPC分类号： H04L63/1441 ,  H04L47/22 ,  H04L47/70 ,  H04L63/0227 ,  H04L63/145 ,  H04L63/1458 ,  H04L67/02 ,  H04L67/28 ,  H04L67/42

摘要： According to certain non-limiting embodiments disclosed herein, the functionality of a server is extended with a mechanism for identifying connections with clients that have exhibited attack characteristics (for example, characteristics indicating a DoS attack), and for transitioning internal ownership of those connections such that server resources consumed by the connection are reduced, while keeping the connection open. The connection thus moves from a state of relatively high resource use to a state of relatively low server resource use, and the server is able to free resources such as memory and processing cycles previously allocated to the connection. In some cases, the server maintains the connection for at least some time and uses it to keep the client occupied so that it cannot launch—or has fewer resources to launch—further attacks, and possibly to gather information about the attacking client.

公开(公告)号：EP2652633A4

公开(公告)日：2015-04-15

申请号：EP11848550

申请日：2011-12-19

申请人： AKAMAI TECH INC

发明人： BROOKINS NICHOLAS S ,  LUDIN STEPHEN L ,  OLUGBILE AKINWALE O ,  SO RONNIE

IPC分类号： G06F15/16 ,  G06F17/30 ,  H04L12/811 ,  H04L29/06 ,  H04L29/08 ,  H04N21/231 ,  H04N21/61 ,  H04N21/643

CPC分类号： H04L67/1014 ,  G06F17/30 ,  H04L47/38 ,  H04L67/02 ,  H04L67/28 ,  H04L67/2823 ,  H04L67/2852 ,  H04L67/32 ,  H04L67/42 ,  H04N21/23106 ,  H04N21/6125 ,  H04N21/64322

公开(公告)号：EP2652949A4

公开(公告)日：2014-06-04

申请号：EP11849631

申请日：2011-12-19

申请人： AKAMAI TECH INC

发明人： KNOX CHRISTOPHER R ,  BROOKINS NICHOLAS S ,  JANARDHAN VAISHNAV ,  LALWANI ASHOK ,  SO RONNIE ,  SURYANARAYANAN BABU ,  LUDIN STEPHEN L ,  OLUGBILE AKINWALE O ,  KORBE III WILLIAM P ,  LAGHATE PRASANNA ,  RAO CHANDAN H ,  PADINJAREVEETIL ABDUL SALAM FAISAL ,  PAWAR MOSES P

IPC分类号： H04N7/24 ,  H04L29/02 ,  H04N7/173

CPC分类号： H04N21/2187 ,  H04L65/4076 ,  H04L65/4084 ,  H04L65/605 ,  H04L65/607 ,  H04N21/23106 ,  H04N21/2343 ,  H04N21/25825 ,  H04N21/8456

摘要： This patent document describes, among other things, distributed computer platforms for online delivery of multimedia, including HD video, at broadcast audience scale to a variety of runtime environments and client devices in both fixed line and mobile environments. The teachings hereof can be applied to deliver live and on-demand content streams via computer networks. The teachings also relate to the ingestion of content streams in a given source format and the serving of the stream in a given target format. For example, a system might have machines in a content delivery network that ingest live streams in a source format, use an intermediate format to transport the stream within the system, and output the stream in a target format to clients that have requested (e.g., with an HTTP request) the stream. The streams may be archived for later playback.

公开(公告)号：EP1463991A4

公开(公告)日：2008-08-06

申请号：EP03703751

申请日：2003-01-10

申请人： AKAMAI TECH INC

发明人： DAVIS ANDREW THOMAS ,  PARIKH JAY ,  PICHAI SRINIVASAN ,  RUVINSKY EDDIE ,  STODOLSKY DANIEL ,  TSIMELZON MARK ,  WEIHL WILLIAM E

IPC分类号： G06F9/445 ,  G06F15/16 ,  G06F15/173 ,  G06F17/30 ,  H04L29/06 ,  H04L29/08

CPC分类号： H04L67/1008 ,  H04L63/0227 ,  H04L67/02 ,  H04L67/10 ,  H04L67/1002 ,  H04L67/101 ,  H04L67/2804 ,  H04L67/2819 ,  H04L67/2842 ,  H04L67/288 ,  H04L67/34 ,  H04L69/329

摘要： An application deployment model for enterprise applications enables such applications to be deployed to and executed from a globally distributed computing platform, such as an edge server in an Internet content delivery network (CDN). In a representative embodiment, a CDN edge server supports application server code that executes a Web tier and/or Enterprise tier component of a given Java-based application. When multiple instances of the application server code are executed, given resources (e.g., memory, CPU, disk and network I/O) are monitored, and the application server instances are terminated or rate-limited to prevent over-utilization by any particular instance. In addition, a given application running in a given application server instance is restricted from taking certain actions, e.g., reading or writing from a file system, so that it cannot interfere with or access data from another customer's application.

摘要翻译： 企业应用程序的应用程序部署模型使这样的应用程序能够部署到全球分布式计算平台（例如Internet内容传送网络（CDN）中的边缘服务器）中并从其执行。 在代表性的实施例中，CDN边缘服务器支持执行给定基于Java的应用的Web层和/或Enterprise层组件的应用服务器代码。 当执行应用程序服务器代码的多个实例时，将监视给定的资源（例如，内存，CPU，磁盘和网络I / O），并终止或限制应用程序服务器实例以防止任何特定实例的过度利用 。 此外，在给定应用服务器实例中运行的给定应用程序被限制为采取某些动作，例如从文件系统读取或写入，使得它不能干扰或访问另一客户的应用程序的数据。

公开(公告)号：EP1442384A4

公开(公告)日：2007-10-17

申请号：EP02737573

申请日：2002-06-20

申请人： AKAMAI TECH INC ,  FREEDMAN AVRAHAM T

发明人： FREEDMAN AVRAHAM T

IPC分类号： H04L12/56 ,  H04L12/26 ,  H04L12/28

CPC分类号： H04L12/5692 ,  H04L43/50 ,  H04L45/02 ,  H04L45/04 ,  H04L45/70

摘要： The present invention describes a 'companion' to an existing router that is multi-homed to transit Autonomous Systems (TASs) to a plurality of destination Autonomous Systems (DASs). The mechanism includes a path testing process that conducts local traffic analysis of outgoing packets transmitted from the mechanism to a set of IP addresses across different DASs that may be selected by the operator via a configuration file or suitable interface. To perform path testing via a particular link and transmit AS, the path testing process temporarily inserts into the router configuration more specific overriding test routes to which to send the ping traffic (308). Following the test (310-312), the test routes are withdrawn from the router configuration (314). The data collected by this scanning process is then supplied to a path evaluation process (306), which is a decision algorithm for evaluating path quality for each TAS/DAS pair. A path whose quality is below a configurable threshold is a candidate for re-routing. A path selection process (326) either recommend (330)s or, if enabled, executes path changes (332), e.g., by logging into the router and entering a new policy configuration. This has the effect of telling the router to reevaluate all routes heard from the selected TAS in view of the new policy. The path testing, evaluation and when enabled selection processes operate autonomously and in an automated fashion to control outbound transit links.

公开(公告)号：EP1410215A4

公开(公告)日：2006-10-11

申请号：EP01970553

申请日：2001-08-20

申请人： AKAMAI TECH INC

发明人： DAVIS ANDREW THOMAS ,  GENDLER SAMUEL DOV ,  KAGAN MARTY ,  LEWIN MRS THE EXECUTOR FOR D M ,  PARIKH JAY GUNVANTRAI ,  WEIHL WILLIAM EDWARD

IPC分类号： G06F17/30 ,  G06F12/00 ,  G06F15/00 ,  G06F15/16

CPC分类号： H04L67/2842 ,  G06F17/30902

摘要： The present invention enables a content provider to dynamically assemble content at the edge of the Internet, preferably on content delivery network (CDN) edge servers. Preferably, the content provider leverages an "edge side include" (ESI) markup language that is used to define Web page fragments for dynamic assembly at the edge. Dynamic assembly improves site performance by catching the objects that comprise dynamically generated pages at the edge of the Internet, close to the end user. The content provider designs and develops the business logic to form and assemble the pages, for example, by using the ESI language within its development environment. Instead of being assembled by an application/web server in a centralized data center, the application/web server sends a page template and content fragments to a CDN edge server where the page is assembled. Each content fragment can have its own cacheability profile to manage the "freshness" of the content. Once a user requests a page (template), the edge server examines its cache for the included fragments and assembles the page on-the-fly.

公开(公告)号：EP3275138A4

公开(公告)日：2018-08-01

申请号：EP16773908

申请日：2016-03-28

申请人： AKAMAI TECH INC

发明人： LUBASHEV IGOR ,  BOROWSKY ELIZABETH L ,  HILL STEVEN ,  JENKINS KATHARINE ,  BANERJEE DEBABRATA ,  FREEDMAN NOAM ,  TORRES MARCELO

IPC分类号： H04L12/715 ,  H04L12/46

CPC分类号： H04L12/4633 ,  H04L12/6418 ,  H04W4/025

摘要： An overlay network is enhanced to provide traffic delivery using anycast and end user mapping. An anycast IP address is associated with sets of forwarding machines positioned in the overlay network. These locations correspond with IP addresses for zero rated billing traffic. In response to receipt at a forwarding machine of a packet, the machine issues an end user mapping request to the mapping mechanism. The mapping request has an IP address associated with the client from which the end user request originates. The mapping mechanism resolves the request and provides a response to the request. The response is an IP address associated with a set of server machines distinct from the forwarding machine. The forwarding machine encapsulates the packet and proxies the connection to the identified server. The server receives the connection, decapsulates the request, and processes the packet. The server machine responds to the requesting client directly.

公开(公告)号：EP3201783A4

公开(公告)日：2018-05-02

申请号：EP15847121

申请日：2015-09-29

申请人： AKAMAI TECH INC

发明人： KASBEKAR MANGESH

IPC分类号： G06F13/00 ,  H04L29/06

CPC分类号： H04L63/166 ,  H04L63/0281 ,  H04L63/0428 ,  H04L69/321

摘要： This disclosure provides for a network element (in the middle) to inject enrichments into SSL connections, and for taking them out. This network element is sometimes referred to herein as a “middle box.” In the context of layered software architecture, this solution preferably is implemented by a library that operates below the SSL layer and above the TCP sockets layer at the two endpoints of the SSL connection. Preferably, the SSL enrichments are implemented as SSL/TLS records.

公开(公告)号：EP3216163A4

公开(公告)日：2018-03-28

申请号：EP15856230

申请日：2015-11-04

申请人： AKAMAI TECH INC

发明人： GERO CHARLES E ,  SHAPIRO JEREMY N ,  BURD DANA J

IPC分类号： H04L9/08 ,  H04L9/30 ,  H04L29/06

CPC分类号： H04L9/0844 ,  H04L63/0823 ,  H04L63/164 ,  H04L2209/76

摘要： An infrastructure delivery platform provides a proxy service as an enhancement to the TLS/SSL protocol to off-load to an external server the generation of a digital signature, the digital signature being generated using a private key that would otherwise have to be maintained on a terminating server. Using this service, instead of digitally signing (using the private key) "locally," the terminating server proxies given public portions of ephemeral key exchange material to the external server and receives, in response, a signature validating the terminating server is authorized to continue with the key exchange. In this manner, a private key used to generate the digital signature (or, more generally, to facilitate the key exchange) does not need to be stored in association with the terminating server. Rather, that private key is stored only at the external server, and there is no requirement for the pre-master secret to travel (on the wire).

公开(公告)号：EP2705653A4

公开(公告)日：2015-11-11

申请号：EP12779877

申请日：2012-05-07

申请人： AKAMAI TECH INC

发明人： ZEHAVI RONNI ,  TRUGMAN UDI ,  DRAI DAVID ,  SAFRUTI IDO

IPC分类号： H04L29/06

CPC分类号： H04L29/08729 ,  H04L63/0428 ,  H04L63/166 ,  H04L65/4084 ,  H04L67/2842 ,  H04L67/327