公开(公告)号：US20220132283A1

公开(公告)日：2022-04-28

申请号：US17077209

申请日：2020-10-22

Applicant: Akamai Technologies Inc.

Inventor： Mark M. Ingerman

IPC: H04W4/44 ,  H04W76/14 ,  H04W4/02 ,  H04W72/04 ,  H04W12/08 ,  H04W12/63 ,  G06N20/00

Abstract: Disclosed herein are systems and methods for coordinating the wireless sharing of content between vehicles in a secure and efficient manner. In one embodiment, vehicles recognize when there is an opportunity for them to participate in content sharing, such as when a vehicle is temporarily stopped at a traffic signal, or stuck in traffic, or the like. In response to this opportunity, the vehicle can notify a coordination component, sending a manifest of content it has available for sharing and content that it desires. The coordination component can match two vehicles in location and time, and can facilitate a secure wireless content share transaction. Such a transaction can involve use of ephemeral wireless network parameters, including temporary network names, passwords and/or security keys. Feedback about the success of the content transfer may be reported to system component(s) to improve identification of sharing opportunities in the future.

公开(公告)号：US11303720B2

公开(公告)日：2022-04-12

申请号：US16888202

申请日：2020-05-29

Applicant: Akamai Technologies, Inc.

Inventor： Byung K. Choi

IPC: H04L67/2885 ,  H04L67/568 ,  H04L67/5651 ,  H04L67/564 ,  H04L67/1097 ,  H04L67/52

Abstract: This document describes systems, methods and apparatus for locating an object and/or processed versions of that object in a CDN cache system. When a CDN server needs to send a forward request to an origin server to retrieve an object, the CDN server can append a ‘cache hint’ (sometimes referred to herein as a pointer or as ‘reverse cookie’) to its request. The cache hint preferably includes information that will be stored at the origin server and provided to other CDN servers that subsequently ask for the same object. Preferably the information is a pointer that will enable the object to be located within the CDN and/or enable the location of modified version of the object that have already been created and stored within the CDN.

公开(公告)号：US11297040B2

公开(公告)日：2022-04-05

申请号：US16400304

申请日：2019-05-01

Applicant: Akamai Technologies Inc.

Inventor： Jason C. Bonci

IPC: H04L9/32 ,  H04L29/06 ,  G06F21/00

Abstract: This document describes, among other things, security hardening techniques that guard against certain client-side attack vectors. These techniques generally involve the use of an intermediary that detects and handles identity service transactions on behalf of a client. In one embodiment, the intermediary establishes a resource domain session with the client in order to provide the client with desired resource domain content or services from a resource domain host. The intermediary detects when the resource domain host invokes a federated identity service as a condition of client access. The intermediary handles the identity transaction in the identity domain on behalf of the client within the client's resource domain session. Upon successful authentication and/or authorization with an IdP, the intermediary connects the results of the identity services domain transaction to the resource domain.

公开(公告)号：US11290468B2

公开(公告)日：2022-03-29

申请号：US16922009

申请日：2020-07-07

Applicant: Akamai Technologies, Inc.

Inventor： Venkata Sai Kishore Modalavalasa ,  Sreenath Kurupati ,  Tu Vuong

IPC: H04L29/06 ,  H04L61/3015 ,  H04N21/239 ,  H04N21/24

Abstract: A method of detecting bots, preferably in an operating environment supported by a content delivery network (CDN) that comprises a shared infrastructure of distributed edge servers from which CDN customer content is delivered to requesting end users (clients). The method begins as clients interact with the edge servers. As such interactions occur, transaction data is collected. The transaction data is mined against a set of “primitive” or “compound” features sets to generate a database of information. In particular, preferably the database comprises one or more data structures, wherein a given data structure associates a feature value with its relative percentage occurrence across the collected transaction data. Thereafter, and upon receipt of a new transaction request, primitive or compound feature set data derived from the new transaction request are compared against the database. Based on the comparison, an end user client associated with the new transaction request is then characterized, e.g., as being associated with a human user, or a bot.

公开(公告)号：US11283757B2

公开(公告)日：2022-03-22

申请号：US16907854

申请日：2020-06-22

Applicant: Akamai Technologies Inc.

Inventor： Kyle G. Schomp ,  Rami Al-Dalky

IPC: G06F15/173 ,  H04L61/4511 ,  H04L45/74 ,  H04L67/1008 ,  H04L61/5007

Abstract: Generally, aspects of the invention involve creating a data structure (a map) that reflects routing of Internet traffic to Anycast prefixes. Assume, for example, that each Anycast prefix is associated with two or more deployments (Points of Presence or PoPs) that can provide a service such as DNS, content delivery (e.g., via proxy servers, as in a CDN), distributed network storage, compute, or otherwise. The map is built in such a way as to identify portions of the Internet (e.g., in IP address space) that are consistently routed with one another, i.e., always to the same PoP as one another, regardless of how the Anycast prefixes are deployed. Aspects of the invention also involve the use of this map, once created. The map can be applied in a variety of ways to assist and/or improve the operation of Anycast deployments and thus represents an improvement to computer networking technology.

公开(公告)号：US20210400041A1

公开(公告)日：2021-12-23

申请号：US17206305

申请日：2021-03-19

Applicant: Akamai Technologies, Inc.

Inventor： Emile Delcourt ,  Harish Somaraddi ,  Tadhg Pearson

IPC: H04L29/06

Abstract: Among other things, this document describes systems, methods, and apparatus for monitoring and protecting a user credential issued by an organization when that credential is used outside that organization's network security perimeter. For example, a reverse proxy server (RPS) receives a client request directed to a content provider's site. The RPS initiates a process that involves parsing the request message and extracting a user credential. The RPS locates a credential policy from the credential owner based on the user credential. The RPS can issue an API request to a credential service that is authoritative for the credential. That credential service may return a directive to the RPS specifying how to handle the client request message. Preferably, the operation is transparent to the content provider whose site was the target of the client's request message. Activity records can be presented in visualizations that enhance security analysts' tactical comprehension at a glance.

公开(公告)号：US20210243249A1

公开(公告)日：2021-08-05

申请号：US17165545

申请日：2021-02-02

Applicant: Akamai Technologies, Inc.

Inventor： Byung K. Choi

IPC: H04L29/08 ,  G06F17/18 ,  G06F11/34

Abstract: Among other things, this document describes systems, methods and devices for performance testing and dynamic placement of computing tasks in a distributed computing environment. In embodiments, a given client request is forwarded up a hierarchy of nodes, or across tiers in the hierarchy. A particular computing node in the system self-determines to perform a computing task to generate (or help generate) particular content for a response to the client. The computing node injects its identifier into the response indicating that it performed those tasks; the identifier is transmitted to the client with particular content. The client runs code that assesses the performance of the system from the client's perspective, e.g., in servicing the request, and beacons this performance data, along with the aforementioned identifier, to a system intelligence component. The performance information may be used to dynamically place and improve the placement of the computing task(s).

公开(公告)号：US11080065B1

公开(公告)日：2021-08-03

申请号：US16374581

申请日：2019-04-03

Applicant: Akamai Technologies, Inc.

Inventor： Mehrdad Reshadi ,  Madhukar Nagaraja Kedlaya

IPC: G06F9/44 ,  G06F9/445 ,  H04L29/08

Abstract: A method of generating an optimized executable configuration query engine is disclosed. A set of one or more immutable configuration parameters associated with a configurable service or a configurable application is received. At least a portion of a set of configuration data in a configuration database and at least a portion of the set of one or more immutable configuration parameters are transformed into a set of data and code in a compiler-readable format. An optimized subset of the set of configuration data in the configuration database is selected based at least in part on the set of one or more immutable configuration parameters. An optimized executable configuration query engine is generated based at least in part on the set of one or more immutable configuration parameters, wherein the optimized executable configuration query engine serves configuration data from the selected optimized subset of the set of configuration data.

公开(公告)号：US20210227040A1

公开(公告)日：2021-07-22

申请号：US17223098

申请日：2021-04-06

Applicant: Akamai Technologies, Inc.

Inventor： David C. Carver ,  Thomas Houman ,  Andrew F. Champagne ,  Vladimir Shtokman ,  Patrick Alexander Deegan ,  Ramanath Mallikarjuna

IPC: H04L29/08 ,  H04L9/32 ,  H04L9/06

Abstract: A high-performance distributed ledger and transaction computing network fabric over which large numbers of transactions (involving the transformation, conversion or transfer of information or value) are processed concurrently in a scalable, reliable, secure and efficient manner. In one embodiment, the computing network fabric or “core” is configured to support a distributed blockchain network that organizes data in a manner that allows communication, processing and storage of blocks of the chain to be performed concurrently, with little synchronization, at very high performance and low latency, even when the transactions themselves originate from distant sources. This data organization relies on segmenting a transaction space within autonomous but cooperating computing nodes that are configured as a processing mesh. Each computing node typically is functionally-equivalent to all other nodes in the core. The nodes operate on blocks independently from one another while still maintaining a consistent and logically-complete view of the blockchain as a whole.

公开(公告)号：US20210211305A1

公开(公告)日：2021-07-08

申请号：US17209614

申请日：2021-03-23

Applicant: Akamai Technologies, Inc.

Inventor： Rupinder Singh Gill ,  Shravan Kumar Mettu ,  Seetharama Sarma Ayyadevara

IPC: H04L9/32 ,  H04L9/00 ,  H04L29/06 ,  H04L9/14 ,  H04L9/30

Abstract: A service consumer that utilizes a cloud-based access service provided by a service provider has associated therewith a network that is not capable of being controlled by the service provider. An enterprise connector is supported in this uncontrolled network, preferably as an appliance-based solution. According to this disclosure, the enterprise configures an appliance and then deploys it in the uncontrolled network. To this end, an appliance is required to proceed through a multi-stage approval protocol before it is accepted as a “connector” and is thus enabled for secure communication with the service provider. The multiple stages include a “first contact” (back to the service) stage, an undergoing approval stage, a re-generating identity material stage, and a final approved and configured stage. Unless the appliance passes through these stages, the appliance is not permitted to interact with the service as a connector. As an additional aspect, the service provides various protections for addressing scenarios wherein entities masquerade as approved appliances.