公开(公告)号：US20250071120A1

公开(公告)日：2025-02-27

申请号：US18236454

申请日：2023-08-22

Applicant: Akamai Technologies, Inc.

Inventor： David Tang

IPC: H04L9/40 ,  H04L43/10 ,  H04L67/141

Abstract: A service for automatic discovery of locations at which instances of an internal enterprise application are located. The service is configured to facilitate routing of connection requests directed to the internal enterprise application, which is hosted in distinct enterprise locations. The service works in association with a set of connectors that each have an associated Internet Protocol (IP) address (typically of a device to which the connector is coupled) at which it is reachable and through which a connection to an internal enterprise application instance can be proxied. Connections to the internal enterprise application are routable along a network path from a client to a given connector through a set of intermediary nodes. Using information collected from the connectors, the service performs a series of correlations to enable service provider mapping technologies to make both global and local traffic mapping decisions for these internal enterprise resources. In a variant embodiment wherein connectors can access the application across site-to-site connections, the system also leverages connector-to-origin latency data to facilitate a full path mapping solution.

公开(公告)号：US20250071091A1

公开(公告)日：2025-02-27

申请号：US18236439

申请日：2023-08-22

Applicant: Akamai Technologies, Inc.

Inventor： Charles E. Gero ,  David Tang ,  Vishal Patel

IPC: H04L9/40

Abstract: A location service for automatic discovery of locations at which instances of an internal enterprise application are located. The location service is configured to facilitate routing of connection requests directed to the internal enterprise application, which typically is hosted in distinct enterprise locations. The service works in association with a set of connectors that each have an associated public Internet Protocol (IP) address (typically of a device to which the connector is coupled) at which it is reachable and through which a connection to an internal enterprise application instance can be proxied. Connections to the internal enterprise application are routable along a network path from a client to a given connector through a set of intermediary nodes. Using information collected from the connectors, the service performs a series of correlations (viz., finding matching connections and their corresponding public IP addresses) to enable service provider mapping technologies to make both global and local traffic mapping decisions for these internal enterprise resources.

公开(公告)号：US20250039219A1

公开(公告)日：2025-01-30

申请号：US18416730

申请日：2024-01-18

Applicant: Akamai Technologies, Inc.

Inventor： Leonid Mirkis ,  Alex Marks-Bluth

IPC: H04L9/40 ,  G06F9/54

Abstract: Improved security inspections for API traffic are disclosed. A data obfuscation process is applied to structured data in a request or response body to obfuscate the content while retaining the structural aspects thereof. The resulting sanitized version of the structured data is sent for analysis. For example a machine learning component is trained on such sanitized data to develop a signature or model that detects anomalous interactions with the API. The retained structure contains signals useful for pattern recognition and anomaly detection. The signature or model is preferably developed for a specific API endpoint. Then, a detection engine can be deployed to assess subsequent API traffic for the API endpoint, with such subsequent live traffic being similarly obfuscated by the system before being assessed. The teachings hereof can be used to block attacks or other malicious activities directed against API endpoints.

公开(公告)号：US20240430297A1

公开(公告)日：2024-12-26

申请号：US18829516

申请日：2024-09-10

Applicant: Akamai Technologies, Inc.

Inventor： John Summers ,  Robert Polansky ,  Darryl Nicholson ,  Scott Markwell

IPC: H04L9/40 ,  H04L67/306

Abstract: An account protection service to prevent user login or other protected endpoint request abuse. In one embodiment, the service collects user recognition data, preferably for each login attempt (e.g. data about the connection, session, and other relevant context), and it constructs a true user profile for each such user over time, preferably using the recognition data from successful logins. The profile evolves as additional recognition data is collected from successful logins. The profile is a model of what the user “looks like” to the system. For a subsequent login attempt, the system then calculates a true user score. This score represents how well the current user recognition data matches the model represented by the true user profile. The user recognition service is used to drive policy decisions and enforcement capabilities.

公开(公告)号：US12159170B2

公开(公告)日：2024-12-03

申请号：US17451620

申请日：2021-10-20

Applicant: Akamai Technologies, Inc.

Inventor： Martin T. Flack ,  Michael Bishop ,  Stephen Ludin

IPC: G06F9/48 ,  G06F1/18 ,  G06F1/3206 ,  G06F1/3234 ,  G06F9/50 ,  G06F11/34

Abstract: A multi-tenant service platform provides network services, such as content delivery, edge compute, and/or media streaming, on behalf of, or directly for, a given tenant. The service platform offers a policy layer enabling each tenant to specify levels of acceptable performance degradation that the platform may incur so that the platform can use electricity with desirable characteristics to service client requests associated with that tenant. Service nodes in the platform (e.g., edge servers) enforce the policy layer at the time of a service request. Preferably, the ‘quality’ of the electricity is a measurement of source of the energy, e.g., whether it is sourced from high-carbon fossil fuels (low-quality) or low-carbon renewables (high-quality). If the desired quality of electricity cannot be achieved, the node can resort to using less electricity to handle the request, which is achieved in a variety of ways.

公开(公告)号：US12117991B2

公开(公告)日：2024-10-15

申请号：US18075721

申请日：2022-12-06

Applicant: Akamai Technologies, Inc.

Inventor： David C. Carver ,  Leen K. AlShenibr ,  William R. Sears ,  Vladimir Shtokman

IPC: G06F16/00 ,  G06F16/22 ,  G06F16/23 ,  G06F16/27 ,  G06F21/64 ,  G06Q20/36 ,  G06Q20/40 ,  G06Q30/0226 ,  H04L9/08 ,  H04L9/30 ,  H04L9/32 ,  H04L67/10 ,  G06Q20/20 ,  H04L9/00

CPC classification number: G06F16/2379 ,  G06F16/2228 ,  G06F16/27 ,  G06F21/64 ,  G06Q20/367 ,  G06Q20/409 ,  G06Q30/0226 ,  H04L9/0891 ,  H04L9/30 ,  H04L9/3247 ,  H04L67/10 ,  G06Q20/202 ,  G06Q20/36 ,  G06Q20/405 ,  H04L9/50

Abstract: A set of transaction handling computing elements comprise a network core that receive and process transaction requests into an append-only immutable chain of data blocks, wherein a data block is a collection of transactions, and wherein an Unspent Transaction Output (UTXO) data structure supporting the immutable chain of data blocks is an output from a finalized transaction. Typically, the UTXO data structure consists essentially of an address and a value. In this approach, at least one UTXO data structure is configured to include information either in addition to or in lieu of the address and value, thereby defining a Transaction Output (TXO). A TXO may have a variety of types, and one type includes an attribute that encodes data. In response to receipt of a request to process a transaction, the set of transaction handling computing elements are executed to process the transaction into a block using at least the information in the TXO.

公开(公告)号：US12079087B2

公开(公告)日：2024-09-03

申请号：US17383187

申请日：2021-07-22

Applicant: Akamai Technologies, Inc.

Inventor： Aniruddha Bohra ,  Florin Sultan ,  Umberto Boscolo Bragadin ,  James Lee ,  Solomon Lifshits

IPC: G06F11/14 ,  G06F11/07 ,  H04L1/18 ,  H04L1/1867 ,  H04L69/10 ,  H04L41/0654

CPC classification number: G06F11/1435 ,  G06F11/0772 ,  G06F11/1464 ,  G06F11/1469 ,  H04L1/18 ,  H04L1/189 ,  H04L69/10 ,  H04L41/0654

Abstract: This patent document describes failure recovery technologies for the processing of streaming data, also referred to as pipelined data. The technologies described herein have particular applicability in distributed computing systems that are required to process streams of data and provide at-most-once and/or exactly-once service levels. In a preferred embodiment, a system comprises many nodes configured in a network topology, such as a hierarchical tree structure. Data is generated at leaf nodes. Intermediate nodes process the streaming data in a pipelined fashion, sending towards the root aggregated or otherwise combined data from the source data streams towards. To reduce overhead and provide locally handled failure recovery, system nodes transfer data using a protocol that controls which node owns the data for purposes of failure recovery as it moves through the network.

公开(公告)号：US20240275778A1

公开(公告)日：2024-08-15

申请号：US18636468

申请日：2024-04-16

Applicant: Akamai Technologies, Inc.

Inventor： Charles E. Gero

IPC: H04L9/40

CPC classification number: H04L63/083

Abstract: A multi-factor authentication scheme uses an MFA authentication service and a browser extensionless phish-proof method to facilitate an MFA workflow. Phish-proof MFA verifies that the browser the user is in front of is actually visiting the authentic (real) site and not a phished site. This achieved by only allowing MFA to be initiated from a user trusted browser by verifying its authenticity through a signing operation using a key only it possesses, and then also verifying that the verified browser is visiting the authentic site. In a preferred embodiment, this latter check is carried out using an iframe postMessage owning domain check. In a variant embodiment, the browser is verified to be visiting the authentic site through an origin header check. By using the iframe-based or ORIGIN header-based check, the solution does not require a physical security key (such as a USB authenticator) or any browser extension or plug-in.

公开(公告)号：US12063245B2

公开(公告)日：2024-08-13

申请号：US16409517

申请日：2019-05-10

Applicant: Akamai Technologies Inc.

Inventor： Richard E. Willey ,  Ruben E. Brown ,  Daniel E. Cooper

IPC: H04L9/40 ,  H04L67/10

CPC classification number: H04L63/1458 ,  H04L63/1416 ,  H04L67/10 ,  H04L2463/144

Abstract: Among other things, this document describes systems, methods and apparatus for identifying and mitigating network attacks, particularly botnet attacks and other volumetric attacks. In some embodiments, a distributed computing platform provides client-facing service endpoints and a request routing mechanism (request router or RR) directing clients to a particular service endpoint or cluster thereof to obtain a service. The state of the RR at a given time is communicated to enforcement points in the system, which may be cluster equipment, service endpoints, or other components. When client traffic arrives at a particular enforcement point it is checked for consistency with the RR's directions, referred to as ‘mapping consistency’. This information is incorporated into decisions about how to handle the packets from the client.

公开(公告)号：US11997096B2

公开(公告)日：2024-05-28

申请号：US17323141

申请日：2021-05-18

Applicant: Akamai Technologies, Inc.

Inventor： Mark M. Ingerman ,  Robert B. Bird

IPC: H04L9/40 ,  H04L67/1095 ,  H04L67/1097

CPC classification number: H04L63/102 ,  H04L63/0876 ,  H04L63/1433 ,  H04L63/20 ,  H04L67/1095 ,  H04L67/1097

Abstract: A distributed computing system provides a distributed data store for network enabled devices at the edge. The distributed database is partitioned such that each node in the system has its own partition and some number of followers that replicate the data in the partition. The data in the partition is typically used in providing services to network enabled devices from the edge. The set of data for a particular network enabled device is owned by the node to which the network enabled device connects. Ownership of the data (and the data itself) may move around the distributed computing system to different nodes, e.g., for load balancing, fault-resilience, and/or due to device movement. Security/health checks are enforced at the edge as part of a process of transferring data ownership, thereby providing a mechanism to mitigate compromised or malfunctioning network enabled devices.