公开(公告)号：US11838276B2

公开(公告)日：2023-12-05

申请号：US17324353

申请日：2021-05-19

Applicant: Akamai Technologies, Inc.

Inventor： Stephen L. Ludin ,  Michael A. Bishop

IPC: H04L29/00 ,  H04L9/40

CPC classification number: H04L63/0281 ,  H04L63/0853 ,  H04L63/20

Abstract: This document describes, among other things, systems and methods for more efficiently resuming a client-to-origin TLS session through a proxy layer that fronts the origin in order to provide network security services. At the time of an initial TLS handshake with an unknown client, for example, the proxy can perform a set of security checks. If the client passes the checks, the proxy can transmit a ‘proxy token’ upstream to the origin. The origin can incorporate this token into session state data which is passed back to and stored on the client, e.g., using a TLS session ticket extension field, pre-shared key extension field, or other field. On TLS session resumption, when the client sends the session state data, the proxy can recover its proxy token from the session state data, and upon successful validation, bypass security checks that it would otherwise perform against the client, thereby more efficiently handling known clients.

公开(公告)号：US10810279B2

公开(公告)日：2020-10-20

申请号：US15890626

申请日：2018-02-07

Applicant: Akamai Technologies, Inc.

Inventor： Utkarsh Goel ,  Moritz Steiner ,  Michael A. Bishop ,  Martin T. Flack ,  Stephen L. Ludin

IPC: G06F16/957 ,  H04L29/08

Abstract: Among other things, this document describes systems, devices, and methods for improving the delivery of resources embedded on a web page. In one embodiment, a content delivery network analyzes markup language documents that clients have requested to embedded resources, such as linked references to images, scripts, fonts, cascading style sheets, or other types of content. This analysis may be conducted on the content server and/or asynchronously, in a dedicated analytical environment, to produce delivery instructions. Where embedded resources have hostnames for which the content delivery network is authoritative, and where certain conditions are met, servers can be instructed to push additional certificates for such hostnames over the primary connection. When embedded resources have hostnames for which the platform is not authoritative, and where certain conditions are met, servers can be instructed to pre-fetch and push such resources with a signature from the authoritative origin.

公开(公告)号：US20200162432A1

公开(公告)日：2020-05-21

申请号：US16194022

申请日：2018-11-16

Applicant: Akamai Technologies, Inc.

Inventor： Stephen L. Ludin ,  Michael A. Bishop

IPC: H04L29/06

Abstract: This document describes, among other things, systems and methods for more efficiently resuming a client-to-origin TLS session through a proxy layer that fronts the origin in order to provide network security services. At the time of an initial TLS handshake with an unknown client, for example, the proxy can perform a set of security checks. If the client passes the checks, the proxy can transmit a ‘proxy token’ upstream to the origin. The origin can incorporate this token into session state data which is passed back to and stored on the client, e.g., using a TLS session ticket extension field, pre-shared key extension field, or other field. On TLS session resumption, when the client sends the session state data, the proxy can recover its proxy token from the session state data, and upon successful validation, bypass security checks that it would otherwise perform against the client, thereby more efficiently handling known clients.

公开(公告)号：US20190243924A1

公开(公告)日：2019-08-08

申请号：US15890626

申请日：2018-02-07

Applicant: Akamai Technologies, Inc.

Inventor： Utkarsh Goel ,  Moritz Steiner ,  Michael A. Bishop ,  Martin T. Flack ,  Stephen L. Ludin

IPC: G06F17/30 ,  H04L29/08

Abstract: Among other things, this document describes systems, devices, and methods for improving the delivery of resources embedded on a web page. In one embodiment, a content delivery network analyzes markup language documents that clients have requested to embedded resources, such as linked references to images, scripts, fonts, cascading style sheets, or other types of content. This analysis may be conducted on the content server and/or asynchronously, in a dedicated analytical environment, to produce delivery instructions. Where embedded resources have hostnames for which the content delivery network is authoritative, and where certain conditions are met, servers can be instructed to push additional certificates for such hostnames over the primary connection. When embedded resources have hostnames for which the platform is not authoritative, and where certain conditions are met, servers can be instructed to pre-fetch and push such resources with a signature from the authoritative origin.

公开(公告)号：US20220078165A1

公开(公告)日：2022-03-10

申请号：US17324353

申请日：2021-05-19

Applicant: Akamai Technologies, Inc.

Inventor： Stephen L. Ludin ,  Michael A. Bishop

IPC: H04L29/06

Abstract: This document describes, among other things, systems and methods for more efficiently resuming a client-to-origin TLS session through a proxy layer that fronts the origin in order to provide network security services. At the time of an initial TLS handshake with an unknown client, for example, the proxy can perform a set of security checks. if the client passes the checks, the proxy can transmit a ‘proxy token’ upstream to the origin. The origin can incorporate this token into session state data which is passed back to and stored on the client, e.g., using a TLS session ticket extension field, pre-shared key extension field, or other field. On TLS session resumption, when the client sends the session state data, the proxy can recover its proxy token from the session state data, and upon successful validation, bypass security checks that it would otherwise perform against the client, thereby more efficiently handling known clients.

公开(公告)号：US11019034B2

公开(公告)日：2021-05-25

申请号：US16194022

申请日：2018-11-16

Applicant: Akamai Technologies, Inc.

Inventor： Stephen L. Ludin ,  Michael A. Bishop

IPC: G06F21/00 ,  H04L29/06

Abstract: This document describes, among other things, systems and methods for more efficiently resuming a client-to-origin TLS session through a proxy layer that fronts the origin in order to provide network security services. At the time of an initial TLS handshake with an unknown client, for example, the proxy can perform a set of security checks. If the client passes the checks, the proxy can transmit a ‘proxy token’ upstream to the origin. The origin can incorporate this token into session state data which is passed back to and stored on the client, e.g., using a TLS session ticket extension field, pre-shared key extension field, or other field. On TLS session resumption, when the client sends the session state data, the proxy can recover its proxy token from the session state data, and upon successful validation, bypass security checks that it would otherwise perform against the client, thereby more efficiently handling known clients.