US20140304507A1 - Content delivery network encryption - Google Patents

Content delivery network encryption Download PDF

Info

Publication number
US20140304507A1
US20140304507A1 US14/216,422 US201414216422A US2014304507A1 US 20140304507 A1 US20140304507 A1 US 20140304507A1 US 201414216422 A US201414216422 A US 201414216422A US 2014304507 A1 US2014304507 A1 US 2014304507A1
Authority
US
United States
Prior art keywords
content
cdn
key
content object
edge server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US14/216,422
Inventor
Peter Coppola
William P. White
Tamara Monson
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Edgio Inc
Original Assignee
Limelight Networks Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US12/563,793 external-priority patent/US8966003B2/en
Priority claimed from US12/723,533 external-priority patent/US8516082B2/en
Application filed by Limelight Networks Inc filed Critical Limelight Networks Inc
Priority to US14/216,422 priority Critical patent/US20140304507A1/en
Publication of US20140304507A1 publication Critical patent/US20140304507A1/en
Assigned to LIMELIGHT NETWORKS, INC. reassignment LIMELIGHT NETWORKS, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: WHITE, WILLIAM P., COPPOLA, PETER, MONSON, TAMARA
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/568Storing data temporarily at an intermediate stage, e.g. caching
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords

Definitions

  • This disclosure relates in general to content delivery networks (CDNs) and, but not by way of limitation, to delivery of content while protecting the content.
  • CDNs content delivery networks
  • CDNs Content delivery networks
  • QoS quality of service
  • End users often are unaware that they are receiving their content from a CDN. Because the CDN are largely kept invisible to the end user, it is often only URLs that are given to the CDN. The URLs are correlated to a content object that is served from the CDN. Where a content object is currently missing from the part of the CDN receiving the request, other portions of the CDN or the origin server can be queried for the content object.
  • CDNs typically service a large number of end user systems requesting content that content originators may want protected through the CDN. Bulk theft can happen if some or all of a CDN is compromised. With high-definition video being delivered with CDNs, the threat of losing digital copies in bulk would worry a content originator.hacking by outsiders and theft by insiders could result in loss of digital copies of content objects.
  • the present disclosure provides for delivering video and/or audio content to end users encrypted within a content delivery network (CDN) for content originators.
  • CDNs transport content for content originators to end user systems in a largely opaque manner.
  • Caches and origin servers in the CDN are used to store content.
  • Some or all of the video and/or content is encrypted within the CDN.
  • URIs universal resource indicators
  • the CDN can determine the key used to decrypt the content object within the CDN before delivery. Where there is a cache miss, an origin server can be queried for ,the content object, which is encrypted in the CDN.
  • the present disclosure provides a method for protecting content within a CDN that delivers content for content originators.
  • a URI specifying a content object is received.
  • the URI is analyzed to determine if the content object is protected with encryption within the CDN.
  • the content object is searched for within the CDN.
  • the content object is requested from an origin server when the content object cannot find the content object cached within the CDN.
  • the URI is analyzed to find a key from a number of keys.
  • the key for the content object is retrieved.
  • the content object is encrypted with the key to create an encrypted content object.
  • the encrypted content object is cached in the CDN.
  • the encrypted content object or a portion thereof is decrypted with the key as the content object is passed to an end user computer.
  • the present disclosure provides a CDN for delivering content to end users encrypted within the CDN for content originators.
  • the CDN includes a key database comprising a number of keys, an interface to the Internet and an edge server comprising a content database for caching content.
  • the number of keys are indexed by information derivable from the URI information.
  • a key is determined from the number of keys by analysis of a URI from an end user system.
  • the interface requests the content object from an origin server.
  • the CDN requests content from origin servers when not cached in the CDN.
  • the edge server receives the URI specifying a content object.
  • the edge server analyzes the URI to determine if the content object is protected with encryption within the CDN.
  • the edge server stores the content object in the content database.
  • the edge server decrypts the content object or a portion thereof with the key before delivery to an end user.
  • the present disclosure provides a CDN for delivering content to end users encrypted within the CDN for content originators.
  • the CDN comprising: means for receiving a URI specifying a content object; means for analyzing the URI to determine if the content object is protected with encryption within the CDN; means for searching for the content object within the CDN; means for requesting the content object from an origin server when the content object cannot find the content object cached within the CDN; means for analyzing the URI to find a key from a number of keys; means for retrieving the key for the content object; means for encrypting the content object with the key to create an encrypted content object; means for caching the encrypted content object in the CDN; and means for decrypting the encrypted content object or a portion thereof with the key as the content object is passed to an end user computer.
  • FIG. 1 depicts a block diagram of an embodiment of a content distribution system
  • FIGS. 2A , 2 B and 2 C depict block diagrams of embodiments of a content delivery network (CDN);
  • CDN content delivery network
  • FIG. 3 depicts a block diagram of an embodiment of an origin server
  • FIG. 4 depicts a diagram of an embodiment of a content protection scheme
  • FIG. 5 illustrates a flowchart of an embodiment of a process for delivering a content object with a CDN while protecting the content object within the CDN.
  • the content originator 106 offloads delivery of the content objects to a content delivery network (CDN) 110 in this embodiment.
  • the content originator 106 produces and/or distributes content objects and includes a content provider 108 , a content site 116 , and an origin server 112 .
  • the CDN 110 can both cache and/or host content in various embodiments for third parties to offload delivery and typically provide better quality of service (QoS).
  • QoS quality of service
  • the content distribution system 100 locates the content objects (or portions thereof) and distributes the content objects to an end user system 102 .
  • the content objects are dynamically cached within the CDN 110 to improve the QoS.
  • a content object is any content file or content stream and could include, for example, video, pictures, data, audio, software, and/or text.
  • the content object could be live, delayed or stored.
  • the CDN 110 includes a number of points of presence (POPs) 120 , which are geographically distributed through the content distribution system 100 to deliver content.
  • POPs points of presence
  • Various embodiments may have any number of POPs 120 within the CDN 110 that are generally distributed in various locations around the Internet 104 that are proximate to end user systems 102 .
  • Multiple POPs use the same IP address such that an Anycast routing scheme is used to find a POP likely to be close to the end user in a network sense for each request.
  • WAN wide area network
  • 114 may couple the POPs 120 with each other and also couple the POPs 120 with other parts of the CDN 110 .
  • the request for the web page is passed either directly or indirectly via the Internet 104 to the content originator 106 .
  • the content originator 106 is the source or re-distributor of content objects.
  • the content site 116 is an Internet web site accessible by the end user system 102 .
  • the content site 116 could be a web site where the content is viewable with a web browser.
  • the content site 116 could be accessible with application software other than a web browser.
  • the content provider 108 directs content requests to a CDN 110 after they are made or formulates the delivery path by embedding the delivery path into the URLs for a web page. In any event, the request for content is handed over to the CDN 110 in this embodiment by using an Anycast IP address corresponding to two or more POPs 120 .
  • the request is associated with a particular POP 120 within the CDN 110 using the Anycast routing scheme.
  • the particular POP 120 may retrieve the portion of the content object from the content provider 108 .
  • the content provider 108 may directly provide the content object to the CDN 110 and its associated POPs 120 through prepopulation, i.e., in advance of the first request.
  • the content objects are provided to the CDN 110 and stored in one or more CDN servers such that the portion of the requested content may be served from the CDN 110 .
  • the CDN servers include edge servers that actually serve end user requests.
  • the origin server 112 holds a copy of each content object for the content originator 106 . Periodically, the content of the origin server 112 may be reconciled with the CDN 110 through a cache, hosting and/or pre-population algorithm.
  • the content object is stored within the particular POP 120 and is served from that POP to the end user system 102 .
  • the end user system 102 receives the content object and processes it for use by the end user 128 .
  • the end user system 102 could be a personal computer, media player, handheld computer, Internet appliance, phone, IPTV set top, streaming radio or any other device that receives and plays content objects.
  • a number of the end user systems 102 could be networked together. Although this embodiment only shows a single content originator 106 and a single CDN 110 , it is to be understood that there could be many of each in various embodiments.
  • Content can be protected during the distribution process.
  • the content originator 106 protects the content objects with encryption.
  • An encrypted link can be used between the content originator 106 and the CDN 110 when transferring the content object, which can be unencrypted.
  • the CDN encrypts the content object upon receipt before hosting or caching the content object. Decryption is performed before sending the content object or a portion thereof to an end user system 102 .
  • An encrypted link can be used for the delivery or the content object could be encrypted, watermarked, fingerprinted, and/or have digital rights management (DRM) applied.
  • DRM digital rights management
  • the content originator could encrypt the content object instead of or in addition to use of an encrypted link when transferring content for hosting by the CDN or when there is a cache miss within the CDN.
  • Each content originator 106 could have a key that is known to both content originator 106 and CDN 110 .
  • the various content originators 106 could have different unique keys that are used to decrypt the content object or portion thereof before sent to an end user system 102 .
  • the content originator 106 could interact with a CDN key database for a content object where there is a key unique to each content object and content originator 106 .
  • An encrypted link would be used when interacting between the content originator 106 and the CDN key database.
  • the content originator 106 requests a key that is used by the content originator 106 to encrypt the content object before it is sent to the CDN.
  • the CDN uses the key when decrypting the content object or a portion thereof.
  • a different embodiment could store the keys at the content originator 106 that are requested by the CDN when needed using an encrypted link.
  • FIG. 2A a block diagram of an embodiment of a CDN 110 - 1 is shown.
  • the POPs communicate through a WAN 114 and/or the Internet 104 when locating content objects.
  • An interface to the Internet 104 to the POP 120 accepts requests for content objects from end user systems 102 .
  • the request comes from an Internet protocol (IP) address in the form of a universal resource indicator (URI).
  • Switch fabric 240 assigns the request one of the edge servers 230 according to a routing scheme.
  • IP Internet protocol
  • URI universal resource indicator
  • the edge server 230 assigned the content object request analyzes the URI to determine if it corresponds to an encrypted content object. Other embodiments check a cache 232 of the edge server 230 and metadata, the file system, a table or other methods can indicate that the content object referenced by the URI is protected in the cache with encryption.
  • the encryption used in one edge server cache 232 can be different from other edge server caches 232 in other POPs 120 or even in the same POP 120 .
  • the URI is a request that indicates a file and an address and optionally an encryption variable to indicate if the file is encrypted.
  • the encryption variable is not within the URI, but the URI can be correlated to an encryption variable, which indicates if the file is encrypted.
  • the URI can also include a path, origin location, variable(s), a prefix, etc.
  • the URI is passed to various caches and/or host servers of the CDN 110 in an attempt to find a requested content object. It is to be understood that when the term URI is used, it doesn't necessarily require any format and just conveys at least where to find a content object.
  • the URI either has the encryption variable or can be otherwise correlated to an encryption variable.
  • ACME.llnw.net/videos/sports/game.mov?red5 is a URI with an ACME prefix, a llnw.net domain, a videos/sports path, a game.mov filename, and a red5 encryption variable.
  • the URI itself, the ACME prefix and/or red5 in this example could be used by edge servers 230 to determine if a content object is encrypted.
  • One embodiment hashes the URI or a portion of the URI.
  • the hash is used to query for parameters associated with the URI from a CDN key database 236 . Passing of keys to/from the CDN database 236 uses an encrypted channel.
  • Other embodiments could use other information from the URI to query from the CDN key database 236 , for example, the prefix ACME could correspond to a key that is used for all content referenced with a URI having an ACME prefix.
  • the CDN 110 is used to host content for others.
  • a secure transfer utility like S/FTP can be used to upload content to a CDN origin server 248 .
  • the content object can be encrypted automatically and stored in the content database 252 after upload. In some embodiments, the content object is encrypted during the transfer in the key it will be protected with within the CDN 110 .
  • the content originator 106 loads the content object into the CDN 110 and places the key or keys into the CDN key database 236 .
  • the keys are stored and indexed according to the way they will later be retrieved. For example, the hash of the URI is stored if the hash is later used to find the key when the URI is received.
  • Some embodiments could be encrypted in a number of keys successively.
  • a content object could be encrypted with a key for a CDN and then encrypted with a different key unique to an edge server. Decryption would require both keys to get the content object in the clear.
  • Other embodiments could combine one or more keys and use the combination as a new key to encrypt the content object such that both were required to get the content object in the clear.
  • Some embodiments pass the content object into and out of the CDN in an encrypted form or using an encrypted channel, socket or tunnel during the delivery process.
  • the cache(s) 232 of the CDN or the content database 252 do not hold a requested content object, it is retrieved from the origin server 112 of the content originator 106 .
  • Encrypted streams using RTMPE, HTTP-S, RTMPS, or other protocols can be used to protect a content object read from the content originator 106 .
  • the content object would be encrypted and cached after it enters the CDN 110 and the key would be stored in the CDN key database 236 .
  • the content originator 106 could encrypt the content object and provide the key to the CDN 110 after delivery so it can be decrypted and encrypted in the key of the CDN 110 .
  • the content object is left encrypted with the content originator key and encrypted again with the CDN key.
  • the content originator key would be stored in the CDN key database 236 that that both decryptions could be performed upon delivery of the content object to an end user.
  • the delivery to the end user system 102 could also be protected with an encrypted tunnel and/or encryption of the content object itself.
  • This embodiment uses a watermark/digital rights management (DRM) function 244 to protect the content object.
  • a watermark embeds information about the end user system 102 into the content object by weaving it through the content object in a manner that does not reduce the quality appreciably and is not easily removed.
  • DRM generally protects access and use of the content object in conjunction with software on the end user system 102 with rules enforced by the software.
  • a fingerprint can also be used that puts information into the content object as metadata.
  • Any or all of watermarking, fingerprinting and/or DRM can be used to protect the content object in various embodiments.
  • One a URL-by-URL basis these three protection mechanisms can be evoked.
  • Information in the URL or correlated to the URL can be placed into the content object or define the rules for the DRM.
  • Information that might go into the fingerprint or watermark include IP address of the end user system, account number or other variable from URI, time and date of delivery, the URI or a portion thereof, a serial number unique to the particular delivery, etc.
  • the information embedded into a content object generally allows later determining the end user system 102 and/or end user 128 that received the content object.
  • FIG. 2B a block diagram of an embodiment of a CDN 110 - 2 is shown.
  • This embodiment differs from the embodiment of FIG. 2A by moving the CDN key database 236 into the POP 120 and removing the watermark/DRM function 244 .
  • Each POP 120 could have its own CDN key database 236 . All POPs 120 use different keys such that a compromise of one POP would not expose the content on all POPs 120 in this embodiment.
  • Other embodiments could have the CDN key databases 236 in the various POPs 120 reconciled to contain the same keys. There could be different keys for each edge server 230 , each content object, and/or each end user IP address to further compartmentalize the content.
  • FIG. 2C a block diagram of an embodiment of a CDN 110 - 3 is shown.
  • This embodiment differs from the embodiment of FIG. 2B in that there is a CDN key database 236 for each edge server.
  • This embodiment has different keys for the same content object stored a number of edge server caches 232 . Compromise of the CDN key database 236 for one edge server 230 would not expose the content on other edge servers 230 to theft.
  • FIG. 3 a block diagram of an embodiment of an origin server 112 coupled to the Internet 104 is shown.
  • Some content originators 106 host their content in an origin sever 112 , while others host using the CDN origin server 248 .
  • the origin server includes a server 304 , an origin database 308 and an origin key database 312 .
  • the server 304 can serve content from the origin database 308 that may be requested by an end user system 102 or the CDN 110 on a cache miss.
  • content objects in origin database 308 are protected with encryption.
  • the origin key database 312 holds keys that protect the content objects in the origin database 308 . These same keys may be used within the CDN to protect content objects as they make their way to the end user computers 102 in one embodiment.
  • the keys in the origin key database 312 would be passed to the CDN key database(s) 236 using a secure channel and/or encryption. Where the origin server 112 directly delivers to the end user system 102 the content object could be decrypted as it is streamed.
  • the origin key database 312 has keys that are used in the origin server 112 . Different keys are used in the CDN key database(s) 236 . Transfer of a content object involves decryption from the old key and encryption into the new key. The decryption could be performed before the transfer to the CDN or afterward.
  • Content flows from one or more content originators 106 .
  • the content originators 106 may encrypt some or all of their content objects.
  • the content can be protected in a key of the content originator 106 or the CDN 110 or not encrypted at all.
  • An encrypted tunnel 404 is optionally used between the content originator 106 and the CDN 110 .
  • the content object is encrypted. Keys are discernable within the various caches and databases of the CDN. Regardless of key, the caches can determine redundant content objects such that only one copy need be stored in encrypted form.
  • Content is requested from the CDN 110 and delivered to end user systems 102 .
  • An encrypted tunnel is optionally used between the CDN 110 and the end user system 102 .
  • This embodiment does not encrypt the content object sent to the end user, but other embodiments could encrypt the content object before passing it to the end user system 102 .
  • Watermarking, fingerprinting and/or DRM are used to protect the content object as it passes to and is used by the end user system 102 .
  • FIG. 5 a flowchart of an embodiment of a process 500 for delivering a content object with a CDN while protecting the content object is shown.
  • the depicted portion of the process 500 begins in block 504 where the CDN 110 receives a request for a content object 504 .
  • the URI is analyzed to determine if the content object is encrypted in block 508 .
  • Other embodiments could find the content object and determine from the content object or a table if it were encrypted.
  • the content object referenced in the URI is searched for within the CDN in block 512 . Depending on the content object, it could be cached and/or hosted.
  • processing jumps to block 536 where the content object is decrypted with the appropriate key retrieved from the CDN or origin server.
  • the end user system 102 (browser or otherwise) may request a range of bytes from the file instead of the whole file at once.
  • the edge server 230 can extract and decrypt an arbitrary range of bytes from the file without having to decrypt the entire file.
  • fingerprinting, watermarking and/or DRM can be added to the content object before delivery to the end user system 102 .
  • the content object or portion thereof is sent to the end user system 102 optionally using an encrypted channel or with encryption of the content object.
  • a source of the URI is determined in block 516 that could be an IP address along with other elements of a URI.
  • the content object is requested form the origin server in block 520 .
  • the origin server could decrypt and encrypt the content object for the key used in the CDN 110 or could rely upon the CDN 110 for the encryption.
  • the key is obtained from the CDN key database 236 and/or origin key database 312 .
  • the content object is encrypted with the key in block 528 .
  • the content object is stored in a cache of the CDN in block 532 .
  • Processing continues to blocks 536 and 540 where the content object is decrypted with the key, protected and delivered as discussed above.
  • the process 500 then repeats for each content object request. In some cases, the content object is not encrypted and the cryptographic portions of the process 500 would not be performed.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

A system and method for delivering content to end users encrypted within a content delivery network (CDN) for content originators is disclosed. CDNs transport content for content originators to end user systems in a largely opaque manner. Caches and origin servers in the CDN are used to store content. Some or all of the content is encrypted within the CDN. When universal resource indicators (URIs) are received from an end user system, the CDN can determine the key used to decrypt the content object within the CDN before delivery. Where there is a cache miss, an origin server can be queried for the content object, which is encrypted in the CDN.

Description

    CROSS-REFERENCES TO RELATED APPLICATIONS
  • This application is a continuation of U.S. application Ser. No. 13/564,212 filed on Aug. 1, 2012, which is a continuation of U.S. application Ser. No. 13/245,673 filed on Sep. 26, 2011, which is a continuation of U.S. application Ser. No. 12/573,542 filed on Oct. 5, 2009, which claims the benefit of U.S. Application No. 61/102,809 filed Oct. 3, 2008. This application is a continuation-in-part of U.S. application Ser. No. 13/945,664 filed on Jul. 18, 2013, which is a continuation of U.S. application Ser. No. 13/245,861 filed on Sep. 27, 2011, which is a continuation of U.S. application Ser. No. 12/723,533 filed Mar. 12, 2010, which is claims the benefit of U.S. Application No. 61/163,412 filed Mar. 25, 2009. This application is a continuation-in-part of U.S. application Ser. No. 12/563,793 filed Sep. 21, 2009, which claims the benefit of U.S. Application No. 61/098,530 filed Sep. 19, 2008. Each of these references is hereby incorporated by reference in its entirety for all purposes.
    • BACKGROUND
  • This disclosure relates in general to content delivery networks (CDNs) and, but not by way of limitation, to delivery of content while protecting the content.
  • Content delivery networks (CDNs) are used by originators of content to offload delivery of content objects. CDNs distribute edge servers throughout the Internet that host and/or cache content for content originators as a service. A content originator may overload their servers provide poor quality of service (QoS) or worse without reliance on a CDN.
  • End users often are unaware that they are receiving their content from a CDN. Because the CDN are largely kept invisible to the end user, it is often only URLs that are given to the CDN. The URLs are correlated to a content object that is served from the CDN. Where a content object is currently missing from the part of the CDN receiving the request, other portions of the CDN or the origin server can be queried for the content object.
  • CDNs typically service a large number of end user systems requesting content that content originators may want protected through the CDN. Bulk theft can happen if some or all of a CDN is compromised. With high-definition video being delivered with CDNs, the threat of losing digital copies in bulk would worry a content originator. Hacking by outsiders and theft by insiders could result in loss of digital copies of content objects.
    • SUMMARY
  • In one embodiment, the present disclosure provides for delivering video and/or audio content to end users encrypted within a content delivery network (CDN) for content originators. CDNs transport content for content originators to end user systems in a largely opaque manner. Caches and origin servers in the CDN are used to store content. Some or all of the video and/or content is encrypted within the CDN. When universal resource indicators (URIs) are received from an end user system, the CDN can determine the key used to decrypt the content object within the CDN before delivery. Where there is a cache miss, an origin server can be queried for ,the content object, which is encrypted in the CDN.
  • In another embodiment, the present disclosure provides a method for protecting content within a CDN that delivers content for content originators. A URI specifying a content object is received. The URI is analyzed to determine if the content object is protected with encryption within the CDN. The content object is searched for within the CDN. The content object is requested from an origin server when the content object cannot find the content object cached within the CDN. The URI is analyzed to find a key from a number of keys. The key for the content object is retrieved. The content object is encrypted with the key to create an encrypted content object. The encrypted content object is cached in the CDN. The encrypted content object or a portion thereof is decrypted with the key as the content object is passed to an end user computer.
  • In yet another embodiment, the present disclosure provides a CDN for delivering content to end users encrypted within the CDN for content originators. The CDN includes a key database comprising a number of keys, an interface to the Internet and an edge server comprising a content database for caching content. The number of keys are indexed by information derivable from the URI information. A key is determined from the number of keys by analysis of a URI from an end user system. The interface requests the content object from an origin server. The CDN requests content from origin servers when not cached in the CDN. The edge server receives the URI specifying a content object. The edge server analyzes the URI to determine if the content object is protected with encryption within the CDN. The edge server stores the content object in the content database. The edge server decrypts the content object or a portion thereof with the key before delivery to an end user.
  • In still another embodiment, the present disclosure provides a CDN for delivering content to end users encrypted within the CDN for content originators. The CDN comprising: means for receiving a URI specifying a content object; means for analyzing the URI to determine if the content object is protected with encryption within the CDN; means for searching for the content object within the CDN; means for requesting the content object from an origin server when the content object cannot find the content object cached within the CDN; means for analyzing the URI to find a key from a number of keys; means for retrieving the key for the content object; means for encrypting the content object with the key to create an encrypted content object; means for caching the encrypted content object in the CDN; and means for decrypting the encrypted content object or a portion thereof with the key as the content object is passed to an end user computer.
  • Further areas of applicability of the present disclosure will become apparent from the detailed description provided hereinafter. It should be understood that the detailed description and specific examples, while indicating various embodiments, are intended for purposes of illustration only and are not intended to necessarily limit the scope of the disclosure.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • The present disclosure is described in conjunction with the appended figures:
  • FIG. 1 depicts a block diagram of an embodiment of a content distribution system;
  • FIGS. 2A, 2B and 2C depict block diagrams of embodiments of a content delivery network (CDN);
  • FIG. 3 depicts a block diagram of an embodiment of an origin server;
  • FIG. 4 depicts a diagram of an embodiment of a content protection scheme; and
  • FIG. 5 illustrates a flowchart of an embodiment of a process for delivering a content object with a CDN while protecting the content object within the CDN.
  • In the appended figures, similar components and/or features may have the same reference label. Further, various components of the same type may be distinguished by following the reference label by a dash and a second label that distinguishes among the similar components. If only the first reference label is used in the specification, the description is applicable to any one of the similar components having the same first reference label irrespective of the second reference label.
    •  DETAILED DESCRIPTION
  • The ensuing description provides preferred exemplary embodiment(s) only, and is not intended to limit the scope, applicability or configuration of the disclosure. Rather, the ensuing description of the preferred exemplary embodiment(s) will provide those skilled in the art with an enabling description for implementing a preferred exemplary embodiment. It being understood that various changes may be made in the function and arrangement of elements without departing from the spirit and scope as set forth in the appended claims.
  • Referring first to FIG. 1, a block diagram of an embodiment of a content distribution system 100 is shown. The content originator 106 offloads delivery of the content objects to a content delivery network (CDN) 110 in this embodiment. The content originator 106 produces and/or distributes content objects and includes a content provider 108, a content site 116, and an origin server 112. The CDN 110 can both cache and/or host content in various embodiments for third parties to offload delivery and typically provide better quality of service (QoS).
  • In this embodiment, the content distribution system 100 locates the content objects (or portions thereof) and distributes the content objects to an end user system 102. The content objects are dynamically cached within the CDN 110 to improve the QoS. A content object is any content file or content stream and could include, for example, video, pictures, data, audio, software, and/or text. The content object could be live, delayed or stored. Throughout the specification, references may be made to a content object, content, content stream and/or content file, but it is to be understood that those terms could be used interchangeably wherever they may appear.
  • Many content providers 108 use a CDN 110 to deliver the content objects over the Internet 104 to end users 128. The CDN 110 includes a number of points of presence (POPs) 120, which are geographically distributed through the content distribution system 100 to deliver content. Various embodiments may have any number of POPs 120 within the CDN 110 that are generally distributed in various locations around the Internet 104 that are proximate to end user systems 102. Multiple POPs use the same IP address such that an Anycast routing scheme is used to find a POP likely to be close to the end user in a network sense for each request. In addition to the Internet 104, a wide area network (WAN) 114 or other backbone may couple the POPs 120 with each other and also couple the POPs 120 with other parts of the CDN 110.
  • When an end user 128 requests a web page through its respective end user system 102, the request for the web page is passed either directly or indirectly via the Internet 104 to the content originator 106. The content originator 106 is the source or re-distributor of content objects. The content site 116 is an Internet web site accessible by the end user system 102. In one embodiment, the content site 116 could be a web site where the content is viewable with a web browser. In other embodiments, the content site 116 could be accessible with application software other than a web browser. The content provider 108 directs content requests to a CDN 110 after they are made or formulates the delivery path by embedding the delivery path into the URLs for a web page. In any event, the request for content is handed over to the CDN 110 in this embodiment by using an Anycast IP address corresponding to two or more POPs 120.
  • Once the request for a content object is passed to the CDN 110, the request is associated with a particular POP 120 within the CDN 110 using the Anycast routing scheme. The particular POP 120 may retrieve the portion of the content object from the content provider 108. Alternatively, the content provider 108 may directly provide the content object to the CDN 110 and its associated POPs 120 through prepopulation, i.e., in advance of the first request. In this embodiment, the content objects are provided to the CDN 110 and stored in one or more CDN servers such that the portion of the requested content may be served from the CDN 110. The CDN servers include edge servers that actually serve end user requests. The origin server 112 holds a copy of each content object for the content originator 106. Periodically, the content of the origin server 112 may be reconciled with the CDN 110 through a cache, hosting and/or pre-population algorithm. Some content providers could use an origin server within the CDN 110 to host the content and avoid the need to maintain a copy.
  • Once the content object is retrieved, the content object is stored within the particular POP 120 and is served from that POP to the end user system 102. The end user system 102 receives the content object and processes it for use by the end user 128. The end user system 102 could be a personal computer, media player, handheld computer, Internet appliance, phone, IPTV set top, streaming radio or any other device that receives and plays content objects. In some embodiments, a number of the end user systems 102 could be networked together. Although this embodiment only shows a single content originator 106 and a single CDN 110, it is to be understood that there could be many of each in various embodiments.
  • Content can be protected during the distribution process. The content originator 106 protects the content objects with encryption. An encrypted link can be used between the content originator 106 and the CDN 110 when transferring the content object, which can be unencrypted. The CDN encrypts the content object upon receipt before hosting or caching the content object. Decryption is performed before sending the content object or a portion thereof to an end user system 102. An encrypted link can be used for the delivery or the content object could be encrypted, watermarked, fingerprinted, and/or have digital rights management (DRM) applied.
  • The content originator could encrypt the content object instead of or in addition to use of an encrypted link when transferring content for hosting by the CDN or when there is a cache miss within the CDN. Each content originator 106 could have a key that is known to both content originator 106 and CDN 110. The various content originators 106 could have different unique keys that are used to decrypt the content object or portion thereof before sent to an end user system 102.
  • In another embodiment, the content originator 106 could interact with a CDN key database for a content object where there is a key unique to each content object and content originator 106. An encrypted link would be used when interacting between the content originator 106 and the CDN key database. The content originator 106 requests a key that is used by the content originator 106 to encrypt the content object before it is sent to the CDN. The CDN uses the key when decrypting the content object or a portion thereof. A different embodiment could store the keys at the content originator 106 that are requested by the CDN when needed using an encrypted link.
  • With reference to FIG. 2A, a block diagram of an embodiment of a CDN 110-1 is shown. Although only one POP 120 is shown in detail, there are a number of POPs 120 similarly configured throughout the CDN 110. The POPs communicate through a WAN 114 and/or the Internet 104 when locating content objects. An interface to the Internet 104 to the POP 120 accepts requests for content objects from end user systems 102. The request comes from an Internet protocol (IP) address in the form of a universal resource indicator (URI). Switch fabric 240 assigns the request one of the edge servers 230 according to a routing scheme.
  • The edge server 230 assigned the content object request analyzes the URI to determine if it corresponds to an encrypted content object. Other embodiments check a cache 232 of the edge server 230 and metadata, the file system, a table or other methods can indicate that the content object referenced by the URI is protected in the cache with encryption. The encryption used in one edge server cache 232 can be different from other edge server caches 232 in other POPs 120 or even in the same POP 120.
  • In one embodiment, the URI is a request that indicates a file and an address and optionally an encryption variable to indicate if the file is encrypted. In another embodiment, the encryption variable is not within the URI, but the URI can be correlated to an encryption variable, which indicates if the file is encrypted. Optionally, the URI can also include a path, origin location, variable(s), a prefix, etc. In some form, the URI is passed to various caches and/or host servers of the CDN 110 in an attempt to find a requested content object. It is to be understood that when the term URI is used, it doesn't necessarily require any format and just conveys at least where to find a content object.
  • The URI either has the encryption variable or can be otherwise correlated to an encryption variable. For example, ACME.llnw.net/videos/sports/game.mov?red5 is a URI with an ACME prefix, a llnw.net domain, a videos/sports path, a game.mov filename, and a red5 encryption variable. The URI itself, the ACME prefix and/or red5 in this example could be used by edge servers 230 to determine if a content object is encrypted.
  • One embodiment hashes the URI or a portion of the URI. The hash is used to query for parameters associated with the URI from a CDN key database 236. Passing of keys to/from the CDN database 236 uses an encrypted channel. Other embodiments could use other information from the URI to query from the CDN key database 236, for example, the prefix ACME could correspond to a key that is used for all content referenced with a URI having an ACME prefix. In various embodiments, there could be different keys for the content originator, content partner and/or another party in the supply chain; the content object, its format, its bitrate, its size, and/or other attributes of the content object; the particular CDN, POP, cache server and/or edge server. For example, high-definition video could be encrypted, but standard-definition content would not.
  • In some cases, the CDN 110 is used to host content for others. A secure transfer utility like S/FTP can be used to upload content to a CDN origin server 248. The content object can be encrypted automatically and stored in the content database 252 after upload. In some embodiments, the content object is encrypted during the transfer in the key it will be protected with within the CDN 110. The content originator 106 loads the content object into the CDN 110 and places the key or keys into the CDN key database 236. The keys are stored and indexed according to the way they will later be retrieved. For example, the hash of the URI is stored if the hash is later used to find the key when the URI is received.
  • Some embodiments could be encrypted in a number of keys successively. For example, a content object could be encrypted with a key for a CDN and then encrypted with a different key unique to an edge server. Decryption would require both keys to get the content object in the clear. Other embodiments could combine one or more keys and use the combination as a new key to encrypt the content object such that both were required to get the content object in the clear.
  • Some embodiments pass the content object into and out of the CDN in an encrypted form or using an encrypted channel, socket or tunnel during the delivery process. When the cache(s) 232 of the CDN or the content database 252 do not hold a requested content object, it is retrieved from the origin server 112 of the content originator 106. Encrypted streams using RTMPE, HTTP-S, RTMPS, or other protocols can be used to protect a content object read from the content originator 106. The content object would be encrypted and cached after it enters the CDN 110 and the key would be stored in the CDN key database 236.
  • In some cases, the content originator 106 could encrypt the content object and provide the key to the CDN 110 after delivery so it can be decrypted and encrypted in the key of the CDN 110. In one embodiment, the content object is left encrypted with the content originator key and encrypted again with the CDN key. The content originator key would be stored in the CDN key database 236 that that both decryptions could be performed upon delivery of the content object to an end user.
  • The delivery to the end user system 102 could also be protected with an encrypted tunnel and/or encryption of the content object itself. This embodiment uses a watermark/digital rights management (DRM) function 244 to protect the content object. A watermark embeds information about the end user system 102 into the content object by weaving it through the content object in a manner that does not reduce the quality appreciably and is not easily removed. DRM generally protects access and use of the content object in conjunction with software on the end user system 102 with rules enforced by the software. A fingerprint can also be used that puts information into the content object as metadata.
  • Any or all of watermarking, fingerprinting and/or DRM can be used to protect the content object in various embodiments. One a URL-by-URL basis, these three protection mechanisms can be evoked. Information in the URL or correlated to the URL can be placed into the content object or define the rules for the DRM. Information that might go into the fingerprint or watermark include IP address of the end user system, account number or other variable from URI, time and date of delivery, the URI or a portion thereof, a serial number unique to the particular delivery, etc. The information embedded into a content object generally allows later determining the end user system 102 and/or end user 128 that received the content object.
  • Referring to FIG. 2B, a block diagram of an embodiment of a CDN 110-2 is shown. This embodiment differs from the embodiment of FIG. 2A by moving the CDN key database 236 into the POP 120 and removing the watermark/DRM function 244. Each POP 120 could have its own CDN key database 236. All POPs 120 use different keys such that a compromise of one POP would not expose the content on all POPs 120 in this embodiment. Other embodiments could have the CDN key databases 236 in the various POPs 120 reconciled to contain the same keys. There could be different keys for each edge server 230, each content object, and/or each end user IP address to further compartmentalize the content.
  • With reference to FIG. 2C, a block diagram of an embodiment of a CDN 110-3 is shown. This embodiment differs from the embodiment of FIG. 2B in that there is a CDN key database 236 for each edge server. This embodiment has different keys for the same content object stored a number of edge server caches 232. Compromise of the CDN key database 236 for one edge server 230 would not expose the content on other edge servers 230 to theft.
  • Referring to FIG. 3, a block diagram of an embodiment of an origin server 112 coupled to the Internet 104 is shown. Some content originators 106 host their content in an origin sever 112, while others host using the CDN origin server 248. The origin server includes a server 304, an origin database 308 and an origin key database 312. The server 304 can serve content from the origin database 308 that may be requested by an end user system 102 or the CDN 110 on a cache miss. In this embodiment, content objects in origin database 308 are protected with encryption.
  • The origin key database 312 holds keys that protect the content objects in the origin database 308. These same keys may be used within the CDN to protect content objects as they make their way to the end user computers 102 in one embodiment. The keys in the origin key database 312 would be passed to the CDN key database(s) 236 using a secure channel and/or encryption. Where the origin server 112 directly delivers to the end user system 102 the content object could be decrypted as it is streamed.
  • In another embodiment, the origin key database 312 has keys that are used in the origin server 112. Different keys are used in the CDN key database(s) 236. Transfer of a content object involves decryption from the old key and encryption into the new key. The decryption could be performed before the transfer to the CDN or afterward.
  • With reference to FIG. 4, a diagram of an embodiment of a content protection scheme 400 is shown. Content flows from one or more content originators 106. The content originators 106 may encrypt some or all of their content objects. The content can be protected in a key of the content originator 106 or the CDN 110 or not encrypted at all. An encrypted tunnel 404 is optionally used between the content originator 106 and the CDN 110. Within the CDN 110, the content object is encrypted. Keys are discernable within the various caches and databases of the CDN. Regardless of key, the caches can determine redundant content objects such that only one copy need be stored in encrypted form.
  • Content is requested from the CDN 110 and delivered to end user systems 102. An encrypted tunnel is optionally used between the CDN 110 and the end user system 102. This embodiment does not encrypt the content object sent to the end user, but other embodiments could encrypt the content object before passing it to the end user system 102. Watermarking, fingerprinting and/or DRM are used to protect the content object as it passes to and is used by the end user system 102.
  • Referring to FIG. 5, a flowchart of an embodiment of a process 500 for delivering a content object with a CDN while protecting the content object is shown. The depicted portion of the process 500 begins in block 504 where the CDN 110 receives a request for a content object 504. The URI is analyzed to determine if the content object is encrypted in block 508. Other embodiments could find the content object and determine from the content object or a table if it were encrypted. In any event, the content object referenced in the URI is searched for within the CDN in block 512. Depending on the content object, it could be cached and/or hosted.
  • Where the content object is found in the CDN in block 528, processing jumps to block 536 where the content object is decrypted with the appropriate key retrieved from the CDN or origin server. The end user system 102 (browser or otherwise) may request a range of bytes from the file instead of the whole file at once. The edge server 230 can extract and decrypt an arbitrary range of bytes from the file without having to decrypt the entire file. Optionally, fingerprinting, watermarking and/or DRM can be added to the content object before delivery to the end user system 102. In block 540, the content object or portion thereof is sent to the end user system 102 optionally using an encrypted channel or with encryption of the content object.
  • Where the content object cannot be found within the CDN 110 in block 528, processing continues to 516 to handle the cache miss. A source of the URI is determined in block 516 that could be an IP address along with other elements of a URI. The content object is requested form the origin server in block 520. The origin server could decrypt and encrypt the content object for the key used in the CDN 110 or could rely upon the CDN 110 for the encryption.
  • In block 524, the key is obtained from the CDN key database 236 and/or origin key database 312. Before storing in a database or cache, the content object is encrypted with the key in block 528. The content object is stored in a cache of the CDN in block 532. Processing continues to blocks 536 and 540 where the content object is decrypted with the key, protected and delivered as discussed above. The process 500 then repeats for each content object request. In some cases, the content object is not encrypted and the cryptographic portions of the process 500 would not be performed.
  • A number of variations and modifications of the disclosed embodiments can also be used. For example, some of the above embodiments protect the exchange between content originator and CDN, but it is to be understood that there could be any number of links in a chain between the content originator and CDN each with the ability to encrypt content objects and tunnels while exchanging necessary keys.
  • While the principles of the disclosure have been described above in connection with specific apparatuses and methods, it is to be clearly understood that this description is made only by way of example and not as limitation on the scope of the disclosure.

Claims (21)

1. (canceled)
2. A content delivery network (CDN) having a plurality of points of presence (POPs) distributed geographically, the CDN comprising:
a first key database, wherein:
the first key database is part of a first POP of the plurality of POPs; and
the first key database stores a first plurality of keys for decrypting content objects;
a first cache, wherein:
the first cache is part of the first POP; and
the first cache stores a first encrypted version of a content object;
a first edge server, wherein:
the first edge server is part of the first POP; and
the first edge server is configured to:
receive a first request for the content object, wherein the first request is generated by a first end-user system;
retrieve a first key of the first plurality of keys from the first key database;
decrypt at least a portion of the first encrypted version of the content object using the first key to create a first unencrypted object; and
initiate delivery of the first unencrypted object to the first end-user system over the Internet;
a second key database, wherein the second key database stores a second plurality of keys for decrypting content objects;
a second cache, wherein the second cache stores a second encrypted version of the content object;
a second edge server, the second edge server configured to:
receive a second request for the content object;
retrieve a second key, wherein:
the second key is retrieved from the second key database; and
the second key is one of the second plurality of keys;
decrypt at least a portion of the second encrypted version of the content object using the second key to create a second unencrypted object; and
initiate delivery of the second unencrypted object to a second end-user system over the Internet.
3. The CDN as recited in claim 2, wherein:
the second edge server is part of the first POP; and
the second key database is part of the first POP.
4. The CDN as recited in claim 2, wherein the second edge server is part of a second POP of the plurality of POPs.
5. The CDN as recited in claim 2, wherein the second key database is part of a second POP of the plurality of POPS.
6. The CDN as recited in claim 2, wherein the first key database and/or the second key database are indexed by information derivable from information contained in a URI.
7. The CDN as recited in claim 2, further comprising a fingerprinting function that embeds a source Internet address into the content object.
8. A method for protecting content within a content delivery network (CDN) having a plurality of points of presence (POPs) distributed geographically, the method comprising:
receiving a first request for a content object;
locating a first encrypted version of the content object at a first edge server, wherein the first edge server is part of a first POP of the plurality of POPs;
retrieving a first key for the first encrypted version of the content object, wherein the first key is located in a first key database;
receiving a second request for the content object;
locating a second encrypted version of the content object at a second edge server, wherein the second edge server is part of the CDN;
retrieving a second key for the second encrypted version of the content object, wherein the second key is located in a second key database; and
decrypting at least a portion of the first encrypted version of the content object with the first key to create a first unencrypted object;
initiating delivery of the first unencrypted object to a first end-user system;
decrypting at least a portion of the second encrypted version of the content object with the second key to create a second unencrypted object; and
initiating delivery of the second unencrypted object to a second end-user system.
9. The method for protecting content within the CDN as recited in claim 8, wherein:
the second edge server is part of the first POP; and
the second key database is part of the first POP.
10. The method for protecting content within the CDN as recited in claim 8, wherein;
the second edge server is part of a second POP of the plurality of POPs; and
the second key database is part of the second POP.
11. The method for protecting content within the CDN as recited in claim 2, wherein the first key database and the second key database are part of the CDN.
12. The method for protecting content within the CDN as recited in claim 8, wherein:
the first key database is outside the CDN; and
the first key is passed to the CDN using a secure channel.
13. The method for protecting content within the CDN as recited in claim 8, wherein the first request is received by the first edge server and the second request is received by the second edge server.
14. The method for protecting content within the CDN as recited in claim 8, wherein:
the first request includes a URI specifying the content object; and
the first key is located by analyzing the URI.
15. The method for protecting content within the CDN as recited in claim 14, further comprising watermarking the content object with a fingerprint that allows determination of an IP address that the URI was requested from.
16. The method for protecting content within the CDN as recited in claim 8, wherein the first end-user system is the same as the second end-user system.
17. A memory device having instructions for protecting content within a CDN having a plurality of points of presence (POPs) distributed geographically, that when executed, cause one or more processors to:
receive a first request for a content object;
locate a first encrypted version of the content object at a first edge server, wherein the first edge server is part of a first POP of the plurality of POPs;
retrieve a first key for the first encrypted version of the content object, wherein the first key is located in a first key database;
receive a second request for the content object;
locate a second encrypted version of the content object at a second edge server, wherein the second edge server is part of the CDN;
retrieve a second key for the second encrypted version of the content object, wherein the second key is located in a second key database; and
decrypt at least a portion of the first encrypted version of the content object with the first key to create a first unencrypted object;
initiate delivery of the first unencrypted object to a first end-user system;
decrypt at least a portion of the second encrypted version of the content object with the second key to create a second unencrypted object; and
initiate delivery of the second unencrypted object to a second end-user system.
18. The memory device having instructions for protecting content within the CDN as recited in claim 17, wherein:
the second edge server is part of the first POP; and
the second key database is part of the first POP.
19. The memory device having instructions for protecting content within the CDN as recited in claim 17, wherein:
the second edge server is part of a second POP of the plurality of POPs; and
the second key database is part of the second POP.
20. The memory device having instructions for protecting content within the CDN as recited in claim 17, wherein:
the first request includes a URI specifying the content object; and
the first key is located by analyzing the URI.
21. The memory device having instructions for protecting content within the CDN as recited in claim 20, wherein the instructions further cause the one or more processors to watermark the first unencrypted object and/or the second unencrypted object with a fingerprint that allows determination of an IP address that the URI was requested from.
US14/216,422 2008-09-19 2014-03-17 Content delivery network encryption Abandoned US20140304507A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US14/216,422 US20140304507A1 (en) 2008-09-19 2014-03-17 Content delivery network encryption

Applications Claiming Priority (11)

Application Number Priority Date Filing Date Title
US9853008P 2008-09-19 2008-09-19
US10280908P 2008-10-03 2008-10-03
US16341209P 2009-03-25 2009-03-25
US12/563,793 US8966003B2 (en) 2008-09-19 2009-09-21 Content delivery network stream server vignette distribution
US12/573,542 US8200958B2 (en) 2008-10-03 2009-10-05 Content delivery network encryption
US12/723,533 US8516082B2 (en) 2009-03-25 2010-03-12 Publishing-point management for content delivery network
US13/245,673 US8250368B2 (en) 2008-10-03 2011-09-26 Content delivery network encryption
US13/245,861 US8510417B2 (en) 2009-03-25 2011-09-27 Publishing-point management for content delivery network
US13/564,212 US8707039B2 (en) 2008-10-03 2012-08-01 Content delivery network encryption
US13/945,664 US20130304864A1 (en) 2009-03-25 2013-07-18 Publishing-Point Management for Content Delivery Network
US14/216,422 US20140304507A1 (en) 2008-09-19 2014-03-17 Content delivery network encryption

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US13/564,212 Continuation US8707039B2 (en) 2008-09-19 2012-08-01 Content delivery network encryption

Publications (1)

Publication Number Publication Date
US20140304507A1 true US20140304507A1 (en) 2014-10-09

Family

ID=42074257

Family Applications (4)

Application Number Title Priority Date Filing Date
US12/573,542 Expired - Fee Related US8200958B2 (en) 2008-09-19 2009-10-05 Content delivery network encryption
US13/245,673 Active US8250368B2 (en) 2008-09-19 2011-09-26 Content delivery network encryption
US13/564,212 Active 2029-11-04 US8707039B2 (en) 2008-09-19 2012-08-01 Content delivery network encryption
US14/216,422 Abandoned US20140304507A1 (en) 2008-09-19 2014-03-17 Content delivery network encryption

Family Applications Before (3)

Application Number Title Priority Date Filing Date
US12/573,542 Expired - Fee Related US8200958B2 (en) 2008-09-19 2009-10-05 Content delivery network encryption
US13/245,673 Active US8250368B2 (en) 2008-09-19 2011-09-26 Content delivery network encryption
US13/564,212 Active 2029-11-04 US8707039B2 (en) 2008-09-19 2012-08-01 Content delivery network encryption

Country Status (4)

Country Link
US (4) US8200958B2 (en)
EP (1) EP2342862A2 (en)
CN (1) CN102217225B (en)
WO (1) WO2010040133A2 (en)

Cited By (59)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160335447A1 (en) * 2015-05-15 2016-11-17 Alcatel-Lucent Usa, Inc. Secure enterprise cdn framework
US20170046134A1 (en) * 2015-08-12 2017-02-16 Oracle International Corporation EFFICIENT STORAGE AND TRANSFER OF iOS BINARY FILES
US9851953B2 (en) 2015-06-29 2017-12-26 Oracle International Corporation Cloud based editor for generation of interpreted artifacts for mobile runtime
US10013668B2 (en) 2015-08-14 2018-07-03 Oracle International Corporation Secure storage of enterprise certificates for cloud services
US10255061B2 (en) 2016-08-05 2019-04-09 Oracle International Corporation Zero down time upgrade for a multi-tenant identity and data security management cloud service
US10263947B2 (en) 2016-08-05 2019-04-16 Oracle International Corporation LDAP to SCIM proxy service
US10261836B2 (en) 2017-03-21 2019-04-16 Oracle International Corporation Dynamic dispatching of workloads spanning heterogeneous services
US10341354B2 (en) 2016-09-16 2019-07-02 Oracle International Corporation Distributed high availability agent architecture
US10341410B2 (en) 2016-05-11 2019-07-02 Oracle International Corporation Security tokens for a multi-tenant identity and data security management cloud service
US10348858B2 (en) 2017-09-15 2019-07-09 Oracle International Corporation Dynamic message queues for a microservice based cloud service
US10419514B2 (en) 2015-08-14 2019-09-17 Oracle International Corporation Discovery of federated logins
US10425386B2 (en) 2016-05-11 2019-09-24 Oracle International Corporation Policy enforcement point for a multi-tenant identity and data security management cloud service
US10445395B2 (en) 2016-09-16 2019-10-15 Oracle International Corporation Cookie based state propagation for a multi-tenant identity cloud service
US10452497B2 (en) 2015-08-14 2019-10-22 Oracle International Corporation Restoration of UI state in transactional systems
US10454915B2 (en) 2017-05-18 2019-10-22 Oracle International Corporation User authentication using kerberos with identity cloud service
US10454940B2 (en) 2016-05-11 2019-10-22 Oracle International Corporation Identity cloud service authorization model
US10484243B2 (en) 2016-09-16 2019-11-19 Oracle International Corporation Application management for a multi-tenant identity cloud service
US10484382B2 (en) 2016-08-31 2019-11-19 Oracle International Corporation Data management for a multi-tenant identity cloud service
US10505941B2 (en) 2016-08-05 2019-12-10 Oracle International Corporation Virtual directory system for LDAP to SCIM proxy service
US10511589B2 (en) 2016-09-14 2019-12-17 Oracle International Corporation Single logout functionality for a multi-tenant identity and data security management cloud service
US10516672B2 (en) 2016-08-05 2019-12-24 Oracle International Corporation Service discovery for a multi-tenant identity and data security management cloud service
US10530578B2 (en) 2016-08-05 2020-01-07 Oracle International Corporation Key store service
US10567364B2 (en) 2016-09-16 2020-02-18 Oracle International Corporation Preserving LDAP hierarchy in a SCIM directory using special marker groups
US10581820B2 (en) 2016-05-11 2020-03-03 Oracle International Corporation Key generation and rollover
US10582001B2 (en) 2015-08-11 2020-03-03 Oracle International Corporation Asynchronous pre-caching of synchronously loaded resources
US10582012B2 (en) 2015-10-16 2020-03-03 Oracle International Corporation Adaptive data transfer optimization
US10585682B2 (en) 2016-08-05 2020-03-10 Oracle International Corporation Tenant self-service troubleshooting for a multi-tenant identity and data security management cloud service
US10594684B2 (en) 2016-09-14 2020-03-17 Oracle International Corporation Generating derived credentials for a multi-tenant identity cloud service
US10616224B2 (en) 2016-09-16 2020-04-07 Oracle International Corporation Tenant and service management for a multi-tenant identity and data security management cloud service
US10693861B2 (en) 2016-05-11 2020-06-23 Oracle International Corporation Task segregation in a multi-tenant identity and data security management cloud service
US10705823B2 (en) 2017-09-29 2020-07-07 Oracle International Corporation Application templates and upgrade framework for a multi-tenant identity cloud service
US10715564B2 (en) 2018-01-29 2020-07-14 Oracle International Corporation Dynamic client registration for an identity cloud service
US10735394B2 (en) 2016-08-05 2020-08-04 Oracle International Corporation Caching framework for a multi-tenant identity and data security management cloud service
US10764273B2 (en) 2018-06-28 2020-09-01 Oracle International Corporation Session synchronization across multiple devices in an identity cloud service
US10791087B2 (en) 2016-09-16 2020-09-29 Oracle International Corporation SCIM to LDAP mapping using subtype attributes
US10798165B2 (en) 2018-04-02 2020-10-06 Oracle International Corporation Tenant data comparison for a multi-tenant identity cloud service
US10831789B2 (en) 2017-09-27 2020-11-10 Oracle International Corporation Reference attribute query processing for a multi-tenant cloud service
US10834137B2 (en) 2017-09-28 2020-11-10 Oracle International Corporation Rest-based declarative policy management
US10846390B2 (en) 2016-09-14 2020-11-24 Oracle International Corporation Single sign-on functionality for a multi-tenant identity and data security management cloud service
US10878079B2 (en) 2016-05-11 2020-12-29 Oracle International Corporation Identity cloud service authorization model with dynamic roles and scopes
US10904074B2 (en) 2016-09-17 2021-01-26 Oracle International Corporation Composite event handler for a multi-tenant identity cloud service
US10931656B2 (en) 2018-03-27 2021-02-23 Oracle International Corporation Cross-region trust for a multi-tenant identity cloud service
US10997320B1 (en) * 2018-01-31 2021-05-04 EMC IP Holding Company LLC Segment-based personalized cache architecture
US11012444B2 (en) 2018-06-25 2021-05-18 Oracle International Corporation Declarative third party identity provider integration for a multi-tenant identity cloud service
US11061929B2 (en) 2019-02-08 2021-07-13 Oracle International Corporation Replication of resource type and schema metadata for a multi-tenant identity cloud service
US11102313B2 (en) 2015-08-10 2021-08-24 Oracle International Corporation Transactional autosave with local and remote lifecycles
US11165634B2 (en) 2018-04-02 2021-11-02 Oracle International Corporation Data replication conflict detection and resolution for a multi-tenant identity cloud service
US11258775B2 (en) 2018-04-04 2022-02-22 Oracle International Corporation Local write for a multi-tenant identity cloud service
US11271969B2 (en) 2017-09-28 2022-03-08 Oracle International Corporation Rest-based declarative policy management
US11321343B2 (en) 2019-02-19 2022-05-03 Oracle International Corporation Tenant replication bootstrap for a multi-tenant identity cloud service
US11321187B2 (en) 2018-10-19 2022-05-03 Oracle International Corporation Assured lazy rollback for a multi-tenant identity cloud service
US11423111B2 (en) 2019-02-25 2022-08-23 Oracle International Corporation Client API for rest based endpoints for a multi-tenant identify cloud service
US11611548B2 (en) 2019-11-22 2023-03-21 Oracle International Corporation Bulk multifactor authentication enrollment
US11651357B2 (en) 2019-02-01 2023-05-16 Oracle International Corporation Multifactor authentication without a user footprint
US11669321B2 (en) 2019-02-20 2023-06-06 Oracle International Corporation Automated database upgrade for a multi-tenant identity cloud service
US11687378B2 (en) 2019-09-13 2023-06-27 Oracle International Corporation Multi-tenant identity cloud service with on-premise authentication integration and bridge high availability
US11693835B2 (en) 2018-10-17 2023-07-04 Oracle International Corporation Dynamic database schema allocation on tenant onboarding for a multi-tenant identity cloud service
US11792226B2 (en) 2019-02-25 2023-10-17 Oracle International Corporation Automatic api document generation from scim metadata
US11870770B2 (en) 2019-09-13 2024-01-09 Oracle International Corporation Multi-tenant identity cloud service with on-premise authentication integration

Families Citing this family (74)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100070876A1 (en) * 2008-09-18 2010-03-18 Pictela, Inc. Self-Replicating Rich Media Interface
US8898482B2 (en) * 2010-02-22 2014-11-25 Lockify, Inc. Encryption system using clients and untrusted servers
US8756272B1 (en) 2010-08-26 2014-06-17 Amazon Technologies, Inc. Processing encoded content
EP2429189A1 (en) * 2010-09-09 2012-03-14 Irdeto B.V. Method and system for providing content to a recipient device
US9747592B2 (en) * 2011-08-16 2017-08-29 Verizon Digital Media Services Inc. End-to-end content delivery network incorporating independently operated transparent caches and proxy caches
US9350539B2 (en) 2011-09-23 2016-05-24 Koninklijke Kpn N.V. Secure distribution of content
CN102447712B (en) * 2012-01-20 2015-07-08 华为技术有限公司 Method and system for interconnecting nodes in content delivery network (CDN) as well as nodes
US9158893B2 (en) 2012-02-17 2015-10-13 Shape Security, Inc. System for finding code in a data flow
US10191954B1 (en) 2012-05-07 2019-01-29 Amazon Technologies, Inc. Prioritized transcoding of media content
US9088634B1 (en) 2012-05-07 2015-07-21 Amazon Technologies, Inc. Dynamic media transcoding at network edge
US9510033B1 (en) 2012-05-07 2016-11-29 Amazon Technologies, Inc. Controlling dynamic media transcoding
US9483785B1 (en) 2012-05-07 2016-11-01 Amazon Technologies, Inc. Utilizing excess resource capacity for transcoding media
US11989585B1 (en) 2012-05-07 2024-05-21 Amazon Technologies, Inc. Optimizing media transcoding based on licensing models
US9380326B1 (en) 2012-05-07 2016-06-28 Amazon Technologies, Inc. Systems and methods for media processing
US9497496B1 (en) 2012-05-07 2016-11-15 Amazon Technologies, Inc. Personalized content insertion into media assets at the network edge
US9058645B1 (en) * 2012-05-07 2015-06-16 Amazon Technologies, Inc. Watermarking media assets at the network edge
US9710307B1 (en) 2012-05-07 2017-07-18 Amazon Technologies, Inc. Extensible workflows for processing content
US20150207872A1 (en) * 2012-08-21 2015-07-23 Nec Europe Ltd. Method and system for performing mobile cdn request routing
US8806558B1 (en) 2013-09-20 2014-08-12 Limelight Networks, Inc. Unique watermarking of content objects according to end user identity
US9654579B2 (en) 2012-12-21 2017-05-16 Akamai Technologies, Inc. Scalable content delivery network request handling mechanism
US9509804B2 (en) * 2012-12-21 2016-11-29 Akami Technologies, Inc. Scalable content delivery network request handling mechanism to support a request processing layer
US20150356281A1 (en) * 2012-12-28 2015-12-10 Koninklijke Kpn N.V. Secure Watermarking of Content
US8989377B2 (en) * 2012-12-31 2015-03-24 Futurewei Technologies, Inc. Secure video transcoding with applications to adaptive streaming
US8869281B2 (en) 2013-03-15 2014-10-21 Shape Security, Inc. Protecting against the introduction of alien content
US9225737B2 (en) 2013-03-15 2015-12-29 Shape Security, Inc. Detecting the introduction of alien content
US9338143B2 (en) 2013-03-15 2016-05-10 Shape Security, Inc. Stateless web content anti-automation
US20140283038A1 (en) 2013-03-15 2014-09-18 Shape Security Inc. Safe Intelligent Content Modification
US9141820B2 (en) * 2013-07-25 2015-09-22 Adobe Systems Incorporated Network-based service content protection
US8954583B1 (en) 2014-01-20 2015-02-10 Shape Security, Inc. Intercepting and supervising calls to transformed operations and objects
US8893294B1 (en) 2014-01-21 2014-11-18 Shape Security, Inc. Flexible caching
US9489526B1 (en) 2014-01-21 2016-11-08 Shape Security, Inc. Pre-analyzing served content
US9027142B1 (en) 2014-01-21 2015-05-05 Shape Security, Inc. Dynamic field re-rendering
US9225729B1 (en) 2014-01-21 2015-12-29 Shape Security, Inc. Blind hash compression
GB201405025D0 (en) * 2014-03-20 2014-05-07 Gould Tech Solutions Ltd Apparatus and method for content handling
US8997226B1 (en) 2014-04-17 2015-03-31 Shape Security, Inc. Detection of client-side malware activity
US9477836B1 (en) 2014-04-23 2016-10-25 Shape Security, Inc. Content modification in served code
CN103957469B (en) * 2014-05-21 2017-09-15 百视通网络电视技术发展有限责任公司 Based on the Internet video-on-demand method and system for turning encapsulation in real time
US9858440B1 (en) 2014-05-23 2018-01-02 Shape Security, Inc. Encoding of sensitive data
US9411958B2 (en) 2014-05-23 2016-08-09 Shape Security, Inc. Polymorphic treatment of data entered at clients
US9405910B2 (en) 2014-06-02 2016-08-02 Shape Security, Inc. Automatic library detection
US10089216B2 (en) 2014-06-30 2018-10-02 Shape Security, Inc. Automatically determining whether a page of a web site is broken despite elements on the page that may change
US9075990B1 (en) 2014-07-01 2015-07-07 Shape Security, Inc. Reliable selection of security countermeasures
US9003511B1 (en) 2014-07-22 2015-04-07 Shape Security, Inc. Polymorphic security policy action
US9825984B1 (en) 2014-08-27 2017-11-21 Shape Security, Inc. Background analysis of web content
US9438625B1 (en) 2014-09-09 2016-09-06 Shape Security, Inc. Mitigating scripted attacks using dynamic polymorphism
US9602543B2 (en) 2014-09-09 2017-03-21 Shape Security, Inc. Client/server polymorphism using polymorphic hooks
US10298599B1 (en) 2014-09-19 2019-05-21 Shape Security, Inc. Systems for detecting a headless browser executing on a client computer
US9954893B1 (en) 2014-09-23 2018-04-24 Shape Security, Inc. Techniques for combating man-in-the-browser attacks
US9800602B2 (en) 2014-09-30 2017-10-24 Shape Security, Inc. Automated hardening of web page content
US9529994B2 (en) 2014-11-24 2016-12-27 Shape Security, Inc. Call stack integrity check on client/server systems
US9825995B1 (en) 2015-01-14 2017-11-21 Shape Security, Inc. Coordinated application of security policies
US9813440B1 (en) 2015-05-15 2017-11-07 Shape Security, Inc. Polymorphic treatment of annotated content
US9986058B2 (en) 2015-05-21 2018-05-29 Shape Security, Inc. Security systems for mitigating attacks from a headless browser executing on a client computer
WO2017007705A1 (en) 2015-07-06 2017-01-12 Shape Security, Inc. Asymmetrical challenges for web security
WO2017007936A1 (en) 2015-07-07 2017-01-12 Shape Security, Inc. Split serving of computer code
CA2992928A1 (en) * 2015-07-08 2017-01-12 Ipra Technologies Ltd Oy A method of and system for providing access to access restricted content to a user
CN105991635A (en) * 2015-07-08 2016-10-05 成都惠申科技有限公司 Method and device for ensuring security and consistency of CDN (content delivery network) content access
US9807113B2 (en) 2015-08-31 2017-10-31 Shape Security, Inc. Polymorphic obfuscation of executable code
US10375026B2 (en) 2015-10-28 2019-08-06 Shape Security, Inc. Web transaction status tracking
US10212130B1 (en) 2015-11-16 2019-02-19 Shape Security, Inc. Browser extension firewall
US10567363B1 (en) 2016-03-03 2020-02-18 Shape Security, Inc. Deterministic reproduction of system state using seeded pseudo-random number generators
US9917850B2 (en) 2016-03-03 2018-03-13 Shape Security, Inc. Deterministic reproduction of client/server computer state or output sent to one or more client computers
US10129289B1 (en) 2016-03-11 2018-11-13 Shape Security, Inc. Mitigating attacks on server computers by enforcing platform policies on client computers
US10216488B1 (en) 2016-03-14 2019-02-26 Shape Security, Inc. Intercepting and injecting calls into operations and objects
US10225238B2 (en) * 2016-04-11 2019-03-05 Facebook, Inc. Data security for content delivery networks
EP3446463A1 (en) 2016-04-22 2019-02-27 Level 3 Communications, LLC Anycast routing techniques in a network
TWI640195B (en) * 2016-12-14 2018-11-01 日商夏普股份有限公司 Broadcast system with a uri message watermark payload
US10116661B2 (en) * 2016-12-27 2018-10-30 Oath Inc. Method and system for classifying network requests
CN107707514B (en) * 2017-02-08 2018-08-21 贵州白山云科技有限公司 One kind is for encrypted method and system and device between CDN node
US10771582B2 (en) 2018-03-04 2020-09-08 Netskrt Systems, Inc. System and apparatus for intelligently caching data based on predictable schedules of mobile transportation environments
US11399058B2 (en) * 2018-03-22 2022-07-26 Netskrt Systems, Inc. Immutable ledger method and apparatus for managing the distribution of content
US11269612B2 (en) 2019-12-10 2022-03-08 Paypal, Inc. Low latency dynamic content management
US11431690B1 (en) * 2020-06-23 2022-08-30 Amazon Technologies, Inc. Protecting data within an edge location while providing access to associated metadata
US11843682B1 (en) * 2022-08-31 2023-12-12 Adobe Inc. Prepopulating an edge server cache

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5956716A (en) * 1995-06-07 1999-09-21 Intervu, Inc. System and method for delivery of video data over a computer network
US20030174648A1 (en) * 2001-10-17 2003-09-18 Mea Wang Content delivery network by-pass system
US20030204602A1 (en) * 2002-04-26 2003-10-30 Hudson Michael D. Mediated multi-source peer content delivery network architecture
US20050144478A1 (en) * 2003-12-25 2005-06-30 Kabushiki Kaisha Toshiba Content receiving/storing apparatus and content delivery system
US6950823B2 (en) * 2002-12-23 2005-09-27 International Business Machines Corporation Transparent edge-of-network data cache
US20070265968A1 (en) * 2006-05-15 2007-11-15 The Directv Group, Inc. Methods and apparatus to conditionally authorize content delivery at content servers in pay delivery systems
US7552338B1 (en) * 2004-10-29 2009-06-23 Akamai Technologies, Inc. Dynamic multimedia fingerprinting system

Family Cites Families (35)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6411725B1 (en) * 1995-07-27 2002-06-25 Digimarc Corporation Watermark enabled video objects
US7689532B1 (en) * 2000-07-20 2010-03-30 Digimarc Corporation Using embedded data with file sharing
US6108703A (en) * 1998-07-14 2000-08-22 Massachusetts Institute Of Technology Global hosting system
US6735699B1 (en) 1998-09-24 2004-05-11 Ryuichi Sasaki Method and system for monitoring use of digital works
US7664864B2 (en) * 1998-11-13 2010-02-16 Verisign, Inc. Meta content distribution network
US7017188B1 (en) * 1998-11-16 2006-03-21 Softricity, Inc. Method and apparatus for secure content delivery over broadband access networks
US7146505B1 (en) * 1999-06-01 2006-12-05 America Online, Inc. Secure data exchange between date processing systems
US7363361B2 (en) * 2000-08-18 2008-04-22 Akamai Technologies, Inc. Secure content delivery system
US6970849B1 (en) * 1999-12-17 2005-11-29 Microsoft Corporation Inter-server communication using request with encrypted parameter
US7426750B2 (en) * 2000-02-18 2008-09-16 Verimatrix, Inc. Network-based content distribution system
US6807277B1 (en) * 2000-06-12 2004-10-19 Surety, Llc Secure messaging system with return receipts
AU2001269856B2 (en) * 2000-06-16 2007-11-29 Mih Technology Holdings Bv Methods and systems to distribute content via a network utilizing distributed conditional access agents and secure agents, and to perform digital rights management (drm)
US7158953B1 (en) * 2000-06-27 2007-01-02 Microsoft Corporation Method and system for limiting the use of user-specific software features
US6891953B1 (en) * 2000-06-27 2005-05-10 Microsoft Corporation Method and system for binding enhanced software features to a persona
JP2002042013A (en) * 2000-07-21 2002-02-08 Nec Corp Contents distributing method, contents distributing system and recording medium with contents distributing program recorded thereon
US6753699B2 (en) * 2000-11-13 2004-06-22 Standard Microsystems Corporation Integrated circuit and method of controlling output impedance
US20020138437A1 (en) * 2001-01-08 2002-09-26 Lewin Daniel M. Extending an internet content delivery network into an enterprise environment by locating ICDN content servers topologically near an enterprise firewall
US20020169963A1 (en) * 2001-05-10 2002-11-14 Seder Phillip Andrew Digital watermarking apparatus, systems and methods
US6824051B2 (en) * 2001-06-07 2004-11-30 Contentguard Holdings, Inc. Protected content distribution system
KR20030029244A (en) 2001-10-05 2003-04-14 주식회사 케이티 Method of content protection and delivery on CDN service network and System thereof
US9167036B2 (en) * 2002-02-14 2015-10-20 Level 3 Communications, Llc Managed object replication and delivery
US20040093419A1 (en) * 2002-10-23 2004-05-13 Weihl William E. Method and system for secure content delivery
WO2005008452A1 (en) * 2003-07-22 2005-01-27 Koninklijke Philips Electronics N.V. Record carrier, read-out device and method for reading carrier data and network data
US8239446B2 (en) * 2003-11-19 2012-08-07 Sony Computer Entertainment America Llc Content distribution architecture
US7676568B2 (en) * 2004-03-08 2010-03-09 Cisco Technology, Inc. Centrally-controlled distributed marking of content
JP4688436B2 (en) * 2004-05-20 2011-05-25 株式会社日立製作所 Content distribution control server control method, content encryption server control method, client device control method, license server control method, public information management server control method, client device, and program
US7711647B2 (en) * 2004-06-10 2010-05-04 Akamai Technologies, Inc. Digital rights management in a distributed network
US20060106802A1 (en) * 2004-11-18 2006-05-18 International Business Machines Corporation Stateless methods for resource hiding and access control support based on URI encryption
US7567671B2 (en) * 2005-06-10 2009-07-28 Aniruddha Gupte Encryption method and apparatus for use in digital distribution system
JP4935015B2 (en) * 2005-07-29 2012-05-23 ソニー株式会社 Content distribution system, content distribution method, content transmission terminal, and content reception terminal
US7987509B2 (en) * 2005-11-10 2011-07-26 International Business Machines Corporation Generation of unique significant key from URL get/post content
US20100281042A1 (en) * 2007-02-09 2010-11-04 Novarra, Inc. Method and System for Transforming and Delivering Video File Content for Mobile Devices
WO2008116137A2 (en) * 2007-03-22 2008-09-25 Nielsen Media Research, Inc. Digital rights management and audience measurement systems and methods
JP2008301372A (en) * 2007-06-01 2008-12-11 Toshiba Corp Content distribution server, and content distribution system
US20090183000A1 (en) * 2008-01-16 2009-07-16 Scott Krig Method And System For Dynamically Granting A DRM License Using A URL

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5956716A (en) * 1995-06-07 1999-09-21 Intervu, Inc. System and method for delivery of video data over a computer network
US20030174648A1 (en) * 2001-10-17 2003-09-18 Mea Wang Content delivery network by-pass system
US20030204602A1 (en) * 2002-04-26 2003-10-30 Hudson Michael D. Mediated multi-source peer content delivery network architecture
US6950823B2 (en) * 2002-12-23 2005-09-27 International Business Machines Corporation Transparent edge-of-network data cache
US20050144478A1 (en) * 2003-12-25 2005-06-30 Kabushiki Kaisha Toshiba Content receiving/storing apparatus and content delivery system
US7552338B1 (en) * 2004-10-29 2009-06-23 Akamai Technologies, Inc. Dynamic multimedia fingerprinting system
US20070265968A1 (en) * 2006-05-15 2007-11-15 The Directv Group, Inc. Methods and apparatus to conditionally authorize content delivery at content servers in pay delivery systems

Cited By (74)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160335447A1 (en) * 2015-05-15 2016-11-17 Alcatel-Lucent Usa, Inc. Secure enterprise cdn framework
US9851953B2 (en) 2015-06-29 2017-12-26 Oracle International Corporation Cloud based editor for generation of interpreted artifacts for mobile runtime
US11102313B2 (en) 2015-08-10 2021-08-24 Oracle International Corporation Transactional autosave with local and remote lifecycles
US10582001B2 (en) 2015-08-11 2020-03-03 Oracle International Corporation Asynchronous pre-caching of synchronously loaded resources
US20170046134A1 (en) * 2015-08-12 2017-02-16 Oracle International Corporation EFFICIENT STORAGE AND TRANSFER OF iOS BINARY FILES
US9959100B2 (en) * 2015-08-12 2018-05-01 Oracle International Corporation Efficient storage and transfer of iOS binary files
US10013668B2 (en) 2015-08-14 2018-07-03 Oracle International Corporation Secure storage of enterprise certificates for cloud services
US10452497B2 (en) 2015-08-14 2019-10-22 Oracle International Corporation Restoration of UI state in transactional systems
US10419514B2 (en) 2015-08-14 2019-09-17 Oracle International Corporation Discovery of federated logins
US10582012B2 (en) 2015-10-16 2020-03-03 Oracle International Corporation Adaptive data transfer optimization
US10581820B2 (en) 2016-05-11 2020-03-03 Oracle International Corporation Key generation and rollover
US10341410B2 (en) 2016-05-11 2019-07-02 Oracle International Corporation Security tokens for a multi-tenant identity and data security management cloud service
US10425386B2 (en) 2016-05-11 2019-09-24 Oracle International Corporation Policy enforcement point for a multi-tenant identity and data security management cloud service
US10848543B2 (en) 2016-05-11 2020-11-24 Oracle International Corporation Security tokens for a multi-tenant identity and data security management cloud service
US10878079B2 (en) 2016-05-11 2020-12-29 Oracle International Corporation Identity cloud service authorization model with dynamic roles and scopes
US10693861B2 (en) 2016-05-11 2020-06-23 Oracle International Corporation Task segregation in a multi-tenant identity and data security management cloud service
US10454940B2 (en) 2016-05-11 2019-10-22 Oracle International Corporation Identity cloud service authorization model
US11088993B2 (en) 2016-05-11 2021-08-10 Oracle International Corporation Policy enforcement point for a multi-tenant identity and data security management cloud service
US11601411B2 (en) 2016-08-05 2023-03-07 Oracle International Corporation Caching framework for a multi-tenant identity and data security management cloud service
US10505941B2 (en) 2016-08-05 2019-12-10 Oracle International Corporation Virtual directory system for LDAP to SCIM proxy service
US10516672B2 (en) 2016-08-05 2019-12-24 Oracle International Corporation Service discovery for a multi-tenant identity and data security management cloud service
US10530578B2 (en) 2016-08-05 2020-01-07 Oracle International Corporation Key store service
US11356454B2 (en) 2016-08-05 2022-06-07 Oracle International Corporation Service discovery for a multi-tenant identity and data security management cloud service
US10263947B2 (en) 2016-08-05 2019-04-16 Oracle International Corporation LDAP to SCIM proxy service
US10579367B2 (en) 2016-08-05 2020-03-03 Oracle International Corporation Zero down time upgrade for a multi-tenant identity and data security management cloud service
US10255061B2 (en) 2016-08-05 2019-04-09 Oracle International Corporation Zero down time upgrade for a multi-tenant identity and data security management cloud service
US10585682B2 (en) 2016-08-05 2020-03-10 Oracle International Corporation Tenant self-service troubleshooting for a multi-tenant identity and data security management cloud service
US10735394B2 (en) 2016-08-05 2020-08-04 Oracle International Corporation Caching framework for a multi-tenant identity and data security management cloud service
US10721237B2 (en) 2016-08-05 2020-07-21 Oracle International Corporation Hierarchical processing for a virtual directory system for LDAP to SCIM proxy service
US10484382B2 (en) 2016-08-31 2019-11-19 Oracle International Corporation Data management for a multi-tenant identity cloud service
US11258797B2 (en) 2016-08-31 2022-02-22 Oracle International Corporation Data management for a multi-tenant identity cloud service
US11258786B2 (en) 2016-09-14 2022-02-22 Oracle International Corporation Generating derived credentials for a multi-tenant identity cloud service
US10846390B2 (en) 2016-09-14 2020-11-24 Oracle International Corporation Single sign-on functionality for a multi-tenant identity and data security management cloud service
US10594684B2 (en) 2016-09-14 2020-03-17 Oracle International Corporation Generating derived credentials for a multi-tenant identity cloud service
US10511589B2 (en) 2016-09-14 2019-12-17 Oracle International Corporation Single logout functionality for a multi-tenant identity and data security management cloud service
US10445395B2 (en) 2016-09-16 2019-10-15 Oracle International Corporation Cookie based state propagation for a multi-tenant identity cloud service
US10616224B2 (en) 2016-09-16 2020-04-07 Oracle International Corporation Tenant and service management for a multi-tenant identity and data security management cloud service
US10484243B2 (en) 2016-09-16 2019-11-19 Oracle International Corporation Application management for a multi-tenant identity cloud service
US10791087B2 (en) 2016-09-16 2020-09-29 Oracle International Corporation SCIM to LDAP mapping using subtype attributes
US10341354B2 (en) 2016-09-16 2019-07-02 Oracle International Corporation Distributed high availability agent architecture
US11023555B2 (en) 2016-09-16 2021-06-01 Oracle International Corporation Cookie based state propagation for a multi-tenant identity cloud service
US10567364B2 (en) 2016-09-16 2020-02-18 Oracle International Corporation Preserving LDAP hierarchy in a SCIM directory using special marker groups
US10904074B2 (en) 2016-09-17 2021-01-26 Oracle International Corporation Composite event handler for a multi-tenant identity cloud service
US10261836B2 (en) 2017-03-21 2019-04-16 Oracle International Corporation Dynamic dispatching of workloads spanning heterogeneous services
US10454915B2 (en) 2017-05-18 2019-10-22 Oracle International Corporation User authentication using kerberos with identity cloud service
US10348858B2 (en) 2017-09-15 2019-07-09 Oracle International Corporation Dynamic message queues for a microservice based cloud service
US10831789B2 (en) 2017-09-27 2020-11-10 Oracle International Corporation Reference attribute query processing for a multi-tenant cloud service
US11308132B2 (en) 2017-09-27 2022-04-19 Oracle International Corporation Reference attributes for related stored objects in a multi-tenant cloud service
US11271969B2 (en) 2017-09-28 2022-03-08 Oracle International Corporation Rest-based declarative policy management
US10834137B2 (en) 2017-09-28 2020-11-10 Oracle International Corporation Rest-based declarative policy management
US10705823B2 (en) 2017-09-29 2020-07-07 Oracle International Corporation Application templates and upgrade framework for a multi-tenant identity cloud service
US10715564B2 (en) 2018-01-29 2020-07-14 Oracle International Corporation Dynamic client registration for an identity cloud service
US11463488B2 (en) 2018-01-29 2022-10-04 Oracle International Corporation Dynamic client registration for an identity cloud service
US10997320B1 (en) * 2018-01-31 2021-05-04 EMC IP Holding Company LLC Segment-based personalized cache architecture
US11528262B2 (en) 2018-03-27 2022-12-13 Oracle International Corporation Cross-region trust for a multi-tenant identity cloud service
US10931656B2 (en) 2018-03-27 2021-02-23 Oracle International Corporation Cross-region trust for a multi-tenant identity cloud service
US11165634B2 (en) 2018-04-02 2021-11-02 Oracle International Corporation Data replication conflict detection and resolution for a multi-tenant identity cloud service
US11652685B2 (en) 2018-04-02 2023-05-16 Oracle International Corporation Data replication conflict detection and resolution for a multi-tenant identity cloud service
US10798165B2 (en) 2018-04-02 2020-10-06 Oracle International Corporation Tenant data comparison for a multi-tenant identity cloud service
US11258775B2 (en) 2018-04-04 2022-02-22 Oracle International Corporation Local write for a multi-tenant identity cloud service
US11012444B2 (en) 2018-06-25 2021-05-18 Oracle International Corporation Declarative third party identity provider integration for a multi-tenant identity cloud service
US10764273B2 (en) 2018-06-28 2020-09-01 Oracle International Corporation Session synchronization across multiple devices in an identity cloud service
US11411944B2 (en) 2018-06-28 2022-08-09 Oracle International Corporation Session synchronization across multiple devices in an identity cloud service
US11693835B2 (en) 2018-10-17 2023-07-04 Oracle International Corporation Dynamic database schema allocation on tenant onboarding for a multi-tenant identity cloud service
US11321187B2 (en) 2018-10-19 2022-05-03 Oracle International Corporation Assured lazy rollback for a multi-tenant identity cloud service
US11651357B2 (en) 2019-02-01 2023-05-16 Oracle International Corporation Multifactor authentication without a user footprint
US11061929B2 (en) 2019-02-08 2021-07-13 Oracle International Corporation Replication of resource type and schema metadata for a multi-tenant identity cloud service
US11321343B2 (en) 2019-02-19 2022-05-03 Oracle International Corporation Tenant replication bootstrap for a multi-tenant identity cloud service
US11669321B2 (en) 2019-02-20 2023-06-06 Oracle International Corporation Automated database upgrade for a multi-tenant identity cloud service
US11423111B2 (en) 2019-02-25 2022-08-23 Oracle International Corporation Client API for rest based endpoints for a multi-tenant identify cloud service
US11792226B2 (en) 2019-02-25 2023-10-17 Oracle International Corporation Automatic api document generation from scim metadata
US11687378B2 (en) 2019-09-13 2023-06-27 Oracle International Corporation Multi-tenant identity cloud service with on-premise authentication integration and bridge high availability
US11870770B2 (en) 2019-09-13 2024-01-09 Oracle International Corporation Multi-tenant identity cloud service with on-premise authentication integration
US11611548B2 (en) 2019-11-22 2023-03-21 Oracle International Corporation Bulk multifactor authentication enrollment

Also Published As

Publication number Publication date
CN102217225A (en) 2011-10-12
US8250368B2 (en) 2012-08-21
US20100088505A1 (en) 2010-04-08
WO2010040133A3 (en) 2010-07-22
US20120017087A1 (en) 2012-01-19
EP2342862A2 (en) 2011-07-13
WO2010040133A2 (en) 2010-04-08
US8707039B2 (en) 2014-04-22
US20120297192A1 (en) 2012-11-22
CN102217225B (en) 2014-04-02
US8200958B2 (en) 2012-06-12

Similar Documents

Publication Publication Date Title
US8707039B2 (en) Content delivery network encryption
US20230214459A1 (en) Digital rights management for http-based media streaming
US10188134B2 (en) Authenticated encryption support in DASH based segmented streaming media distribution
US9342668B2 (en) Signaling and handling content encryption and rights management in content transport and delivery
US20040199771A1 (en) Method for tracing a security breach in highly distributed content
US7328345B2 (en) Method and system for end to end securing of content for video on demand
US20170118537A1 (en) Adaptive watermarking for streaming data
RU2661757C2 (en) Cashing of encrypted content
US20050193205A1 (en) Method and system for session based watermarking of encrypted content
US20090031424A1 (en) Incomplete data in a distributed environment
US8788849B2 (en) Method and apparatus for protecting cached streams
CN101636739A (en) Apparatus & methods for digital content distribution
EP2966834B1 (en) System and method for parallel secure content bootstrapping in content-centric networks
US20140025841A1 (en) Redundancy Elimination for Web Caching
EP3539270A1 (en) Resource segmentation to improve delivery performance
CN106657162B (en) Online streaming media playing method, streaming media downloading method and offline playing method
US20060048237A1 (en) Tracing and identifying piracy in wireless digital rights management system
Jarnikov et al. A watermarking system for adaptive streaming
US10728301B1 (en) Cryptographic content delivery network
KR20220036916A (en) How to watermark a video fragment with 2 or more variants
Kang Parallel Security Video Streaming in Cloud Server Environment
CN114760501A (en) Digital copyright protection method, system, server, module, player and medium
US20050149743A1 (en) Arrangements and methods for secure data transmission

Legal Events

Date Code Title Description
AS Assignment

Owner name: LIMELIGHT NETWORKS, INC., ARIZONA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:MONSON, TAMARA;COPPOLA, PETER;WHITE, WILLIAM P.;SIGNING DATES FROM 20141208 TO 20141216;REEL/FRAME:034568/0009

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION