公开(公告)号：EP2904539A4

公开(公告)日：2016-03-30

申请号：EP13844424

申请日：2013-09-27

申请人： AKAMAI TECH INC

发明人： LUDIN STEPHEN L ,  MISHRA SUDHIN ,  LISIECKI PHILIP A ,  NYGREN ERIK ,  DILLEY JOHN A ,  HALLIN KARL-ELIV J ,  HUNT JOSHUA

IPC分类号： G06F21/50 ,  G06F15/16 ,  G06F21/55 ,  H04L12/815 ,  H04L29/06

CPC分类号： H04L63/1441 ,  H04L47/22 ,  H04L47/70 ,  H04L63/0227 ,  H04L63/145 ,  H04L63/1458 ,  H04L67/02 ,  H04L67/28 ,  H04L67/42

摘要： According to certain non-limiting embodiments disclosed herein, the functionality of a server is extended with a mechanism for identifying connections with clients that have exhibited attack characteristics (for example, characteristics indicating a DoS attack), and for transitioning internal ownership of those connections such that server resources consumed by the connection are reduced, while keeping the connection open. The connection thus moves from a state of relatively high resource use to a state of relatively low server resource use, and the server is able to free resources such as memory and processing cycles previously allocated to the connection. In some cases, the server maintains the connection for at least some time and uses it to keep the client occupied so that it cannot launch—or has fewer resources to launch—further attacks, and possibly to gather information about the attacking client.

公开(公告)号：EP2467786A4

公开(公告)日：2017-01-11

申请号：EP10810493

申请日：2010-08-17

申请人： AKAMAI TECH INC

发明人： KNOX CHRISTOPHER R ,  LISIECKI PHILIP A ,  MUTTON JAMES ,  BERNARD CHUCK ,  LALWANI ASHOK ,  LAW WILLIAM ,  DEVANNEAU THOMAS

IPC分类号： H04L29/06 ,  G06F15/16 ,  H04N21/231 ,  H04N21/2343 ,  H04N21/2747

CPC分类号： H04L67/2823 ,  H04L65/4084 ,  H04L65/605 ,  H04L67/02 ,  H04L67/2833 ,  H04L67/2842 ,  H04L69/08 ,  H04N21/23106 ,  H04N21/2343 ,  H04N21/2747 ,  H04N21/8456

摘要： A method of delivering a live stream is implemented within a content delivery network (CDN) and includes the high level functions of recording the stream using a recording tier, and playing the stream using a player tier. The step of recording the stream includes a set of sub-steps that begins when the stream is received at a CDN entry point in a source format. The stream is then converted into an intermediate format (IF), which is an internal format for delivering the stream within the CDN and comprises a stream manifest, a set of one or more fragment indexes (FI), and a set of IF fragments. The player process begins when a requesting client is associated with a CDN HTTP proxy. In response to receipt at the HTTP proxy of a request for the stream or a portion thereof, the HTTP proxy retrieves (either from the archive or the data store) the stream manifest and at least one fragment index. Using the fragment index, the IF fragments are retrieved to the HTTP proxy, converted to a target format, and then served in response to the client request. The source format may be the same or different from the target format. Preferably, all fragments are accessed, cached and served by the HTTP proxy via HTTP. In another embodiment, a method of delivering a stream on-demand (VOD) uses a translation tier (in lieu of the recording tier) to manage the creation and/or handling of the IF components.

摘要翻译： 内容传送网络（CDN）中的直播流传输包括使用记录层记录流并使用播放器层播放流。 当流以源格式接收时，记录开始。 然后将流转换成中间格式（IF），其包括流清单，一个或多个片段索引（FI）和一组IF片段。 当请求客户端与CDN HTTP代理关联时，播放器进程开始。 响应于代理对流的请求的接收，HTTP代理从数据流清单和至少一个片段索引中检索（来自存档或数据存储）。 使用片段索引，将IF片段检索到HTTP代理，转换为目标格式，然后响应客户端请求提供服务。 优选地，代理通过HTTP访问，高速缓存和服务片段。

公开(公告)号：EP3085008A4

公开(公告)日：2017-06-21

申请号：EP14871587

申请日：2014-12-18

申请人： AKAMAI TECH INC

发明人： GERO CHARLES E ,  LISIECKI PHILIP A

IPC分类号： H04L9/20 ,  H04L9/06 ,  H04L9/08 ,  H04L9/30 ,  H04L9/32 ,  H04L29/06

CPC分类号： H04L63/166 ,  H04L9/0844 ,  H04L63/0281 ,  H04L63/062 ,  H04L63/0823

摘要： An infrastructure delivery platform provides a RSA proxy service as an enhancement to the TLS/SSL protocol to off-load, from an edge server to an external cryptographic server, the decryption of an encrypted pre-master secret. The technique provides forward secrecy in the event that the edge server is compromised, preferably through the use of a cryptographically strong hash function that is implemented separately at both the edge server and the cryptographic server. To provide the forward secrecy for this particular leg, the edge server selects an ephemeral value, and applies a cryptographic hash the value to compute a server random value, which is then transmitted back to the requesting client. That server random value is later re-generated at the cryptographic server to enable the cryptographic server to compute a master secret. The forward secrecy is enabled by ensuring that the ephemeral value does not travel on the wire.

摘要翻译： 基础设施交付平台提供RSA代理服务，作为对TLS / SSL协议的增强，从边缘服务器卸载到外部加密服务器，解密加密的预主秘密。 该技术在边缘服务器受到损害的情况下提供前向保密，优选地通过使用在边缘服务器和加密服务器处单独实施的密码强度散列函数。 为了提供这个特定分支的前向保密性，边缘服务器选择一个临时值，并且应用密码散列值来计算服务器随机值，然后将其传送回请求客户端。 该服务器随机值稍后在密码服务器处重新生成以使密码服务器能够计算主密钥。 通过确保临时值不在线路上传输，可以实现前向保密。

公开(公告)号：EP1410217A4

公开(公告)日：2006-09-20

申请号：EP02757906

申请日：2002-04-01

申请人： AKAMAI TECH INC

发明人： LISIECKI PHILIP A ,  NICOLAOU COSMOS ,  ROSE KYLE R

IPC分类号： G06F15/16 ,  G06F15/167 ,  G06F17/30 ,  H04L29/08 ,  G06F12/00

CPC分类号： G06F17/30215 ,  G06F17/3089 ,  G06F17/30899 ,  G06F17/30902 ,  H04L67/1002 ,  H04L67/1008 ,  H04L67/1012 ,  H04L67/1095 ,  H04L67/1097 ,  H04L67/2814 ,  H04L67/2895

摘要： A method for content storage on behalf of participating content providers (704) begins by having a given content provider (704) identify content for storage. The content provider (704) then uploads the content to a given storage site (700, 702) selected from a set of storage sites (700, 702). Following upload, the content is replicated from the given storage site (700, 702) to at least one other storage site (700, 702) in the set. Upon request from a given entity (706), a given storage site (700, 702) from which the given entity (706) may retrieve the content is then identified. The content is then downloaded from the identified given storage site (700, 702) to the given entity (706). In an illustrative embodiment, the given entity (706) is an edge server (708) of a content delivery network (CDN).