Patents Assigned to Akamai Technologies, Inc.
  • Patent number: 11146615
    Abstract: An Internet infrastructure delivery platform operated by a provider enables HTTP-based service to identified third parties at large scale. The platform provides this service to one or more cloud providers. The approach enables the CDN platform provider (the first party) to service third party traffic on behalf of the cloud provider (the second party). In operation, an edge server handling mechanism leverages DNS to determine if a request with an unknown host header should be serviced. Before serving a response, and assuming the host header includes an unrecognized name, the edge server resolves the host header and obtains an intermediate response, typically a list of aliases (e.g., DNS CNAMEs). The edge server checks the returned CNAME list to determine how to respond to the original request. Using just a single edge configuration, the CDN service provider can support instant provisioning of a cloud provider's identified third party traffic.
    Type: Grant
    Filed: April 1, 2019
    Date of Patent: October 12, 2021
    Assignee: Akamai Technologies, Inc.
    Inventors: Stephen L. Ludin, Prasanna Laghate, Matthew J. Stevens, Frederick R. Shotton, Jozef Hatala
  • Patent number: 11134063
    Abstract: A resource identifier to be encoded is detected. One or more special characters in the detected resource identifier are identified. The detected resource identifier is encoded at least in part by preserving the identified one or more special characters in a resulting encoded resource identifier corresponding to the detected resource identifier. The encoded resource identifier is utilized in place of the detected resource identifier.
    Type: Grant
    Filed: December 9, 2016
    Date of Patent: September 28, 2021
    Assignee: Akamai Technologies, Inc.
    Inventors: Mehrdad Reshadi, Rajaram Gaunker, Hariharan Kolam, Raghu Batta Venkat
  • Patent number: 11128732
    Abstract: It is known in the art to mitigate load on website servers by providing a virtual waiting room where visitors queue. However, in currently known approaches, queue management is “unfair”, in that a given visitor is not admitted to the website based on the order in which they arrived, but rather on a fixed probability each time they try to gain access. Disclosed herein are improved systems and methods for admitting visitors from the waiting room to the website. In embodiments, queued visitors may be admitted in accordance with a probability function that can be customized by an administrator to achieve queue fairness and/or can be adaptive to website load. The systems and methods disclosed herein are compatible with the RESTful nature of common web transactions.
    Type: Grant
    Filed: September 1, 2020
    Date of Patent: September 21, 2021
    Assignee: Akamai Technologies, Inc.
    Inventors: Łukasz Czerpak, Eugene Zhang, Rajiv Ramnath
  • Patent number: 11128693
    Abstract: An Internet infrastructure delivery platform (e.g., operated by a service provider) provides an overlay network (a server infrastructure) that is used to facilitate “second screen” end user media experiences. In this approach, first media content, which is typically either live on-demand, is being rendered on a first content device (e.g., a television, Blu-Ray disk or another source). That first media content may be delivered by servers in the overlay network. One or multiple end user second content devices are then adapted to be associated with the first content source, preferably, via the overlay network, to facilitate second screen end user experiences (on the second content devices).
    Type: Grant
    Filed: March 18, 2019
    Date of Patent: September 21, 2021
    Assignee: Akamai Technologies, Inc.
    Inventors: Kristofer Alexander, Andrew F. Champagne, F. Thomson Leighton, Robert Neville, William Law
  • Publication number: 20210282224
    Abstract: A method for dynamic and extensible creation of an extensible wireless network, using a set of drones that individually support server processes. The drones interact with one another, exchanging information, type of coverage, type and amount of throughput, location, etc. A control node connects to a wired network. The node operates a leader election protocol, captures state information from the drones, and positions/re-positions the drones as necessary. Drones are flown in to position and then engaged as necessary to stretch/adapt the coverage as necessary. The drone's power utilization is monitored and its coverage area modified as necessary to optimize power utilization. The control node performs drone-based coverage/power utilization computations, and attempts to apply the appropriate location assignments to provide maximum network coverage (extensibility) while also preserving drone-specific power (battery) utilization.
    Type: Application
    Filed: October 22, 2020
    Publication date: September 9, 2021
    Applicant: Akamai Technologies, Inc.
    Inventor: Vinay Kanitkar
  • Publication number: 20210281397
    Abstract: A distributed ledger and transaction computing network fabric over which large numbers of transactions are processed concurrently in a scalable, reliable, secure and efficient manner. The computing network fabric or “core” is configured to support a distributed blockchain network that organizes data in a manner that allows communication, processing and storage of blocks of the chain to be performed concurrently, with little synchronization, at very high performance and low latency, even when the transactions themselves originate from distant sources. This data organization relies on segmenting a transaction space within autonomous but cooperating computing nodes that are configured as a processing mesh. The nodes operate on blocks independently from one another while still maintaining a consistent and logically-complete view of the blockchain as a whole. Safe and performant transaction processing is provided using an optimistic concurrently control that includes a collision detection and undo mechanism.
    Type: Application
    Filed: May 24, 2021
    Publication date: September 9, 2021
    Applicant: Akamai Technologies, Inc.
    Inventors: David C. Carver, Leen Khalid A. Al Shenibr, Vladimir Shtokman
  • Publication number: 20210273916
    Abstract: Among other things, this document describes systems, methods and devices for providing a cloud proxy auto-config (PAC) function for clients connected to a private network, such as an enterprise network. The teachings hereof are of particular use with cloud hosted proxy services provided by server deployments outside of the private network (e.g., external to the enterprise or other organizational network). This document also describes systems, methods and devices for providing a proxy auto-contig (PAC) function for clients connected to a third party network, such as when the client moves outside of the enterprise network.
    Type: Application
    Filed: March 19, 2021
    Publication date: September 2, 2021
    Applicant: Akamai Technologies, Inc.
    Inventors: Eugene (John) Neystadt, John Devasia, Christopher Dewar, Eyal Heiman
  • Patent number: 11102096
    Abstract: Disclosed herein are systems, methods, and apparatus for performing a new kind of traceroute. This traceroute is referred to herein as a “reverse” traceroute, as it enables a given network node to determine the path of packets sent to it from another node. Preferably, an encapsulating tunnel between the two nodes is leveraged. Preferably, a given network node (“first node”) performs the reverse traceroute by sending encapsulated inner packets in the tunnel to another network node (“second node”). The second node reflects the inner packets back to the first node. Preferably, the inner packets are configured such that their IP header TTLs expire at intermediate nodes (such as routers), and such that the resulting error messages are reported to the first node. In this way, the first node obtains information about the topology of the network and the path taken by inbound packets.
    Type: Grant
    Filed: April 24, 2020
    Date of Patent: August 24, 2021
    Assignee: Akamai Technologies, Inc.
    Inventor: Peter Bristow
  • Patent number: 11093844
    Abstract: The present disclosure is related to a computer-implemented method and system for distinguishing human-driven Doman Name System (DNS) queries from Machine-to-Machine (M2M) DNS queries. The method includes receiving a DNS query, which includes a domain name, generating a probability score for the domain name based on one or more predetermined rules, and categorizing the DNS query as a human-driven DNS query or a M2M DNS query based on the probability score.
    Type: Grant
    Filed: November 21, 2018
    Date of Patent: August 17, 2021
    Assignee: Akamai Technologies, Inc.
    Inventors: James Paugh, Paul O'Leary, Robert S. Wilbourn, Thanh Nguyen, Iurii Iuzifovich, Erik D. Fears
  • Patent number: 11088940
    Abstract: Cooperative Multipath (referred to herein as ‘CM’) significantly improves upon the current state of the art for multipath HTTP and MP-TCP. In CM, a client application will discover and/or connect to N endpoints, over N different paths. Preferably these different paths go through different networks. Hence, each path may provide a unique communication channel, potentially with unique characteristics. A typical (but not limiting) case would be N=2, with the client application connecting over, for example, cellular interface to a first endpoint, and over WiFi to a second endpoint. Wireline interfaces may also be used.
    Type: Grant
    Filed: March 6, 2018
    Date of Patent: August 10, 2021
    Assignee: Akamai Technologies, Inc.
    Inventors: Stephen L. Ludin, Moritz M Steiner, Martin T. Flack
  • Patent number: 11086637
    Abstract: An initial configuration query for an initial configuration query result is received from a service. The initial configuration query result comprises an executable configuration query engine that can be run by the service to serve one or more subsequent configuration query results to one or more subsequent configuration queries constrained by one or more immutable configuration constraints, wherein the initial configuration query comprises the one or more immutable configuration constraints. A subset of configuration data from a configuration database is selected based at least in part on the one or more immutable configuration constraints. The executable configuration query engine is generated, wherein the executable configuration query engine serves configuration data from the selected subset of configuration data.
    Type: Grant
    Filed: April 3, 2019
    Date of Patent: August 10, 2021
    Assignee: Akamai Technologies, Inc.
    Inventors: Mehrdad Reshadi, Madhukar Nagaraja Kedlaya
  • Publication number: 20210243214
    Abstract: An entity can disseminate nonces by introducing them into various aspects of network traffic, and then listening for them, thereby detecting eavesdroppers on the Internet. A nonce may be numeric, alphanumeric, or otherwise: nonces are contextually appropriate to how they are disseminated. Preferably, a nonce is disseminated by incorporating it into some aspect of network traffic. For example, a nonce can be placed in a network identifier such as an IP address or domain name label. Correlating the circumstances under which the nonce was disseminated and under which it was observed to “propagate”, intelligence about who is eavesdropping on what portions of the Internet can be derived. Such intelligence can be put to many uses, including reporting on eavesdroppers, routing traffic around eavesdroppers, developing reputation scores, and adopting enhanced obfuscation/privacy/security techniques.
    Type: Application
    Filed: February 19, 2021
    Publication date: August 5, 2021
    Applicant: Akamai Technologies, Inc.
    Inventors: David J. Plonka, Kyle R. Rose, Laura M. Roberts
  • Publication number: 20210243128
    Abstract: A method of congestion control implemented by a sender over a network link that includes a router having a queue. During a first state, information is received from a receiver. The information comprises an estimated maximum bandwidth for the link, a one-way transit time for traffic over the link, and an indication whether the network link is congested. In response to the link being congested, the sender transitions to a second state. While in the second state, a sending rate of packets in reduced, in part to attempt to drain the queue of data packets contributed by the sender. The sender transitions to a third state when the sender estimates that the queue has been drained of the data packets contributed. During the third state, the sending rate is increased until either the sender transitions back to the first state, or receives a new indication that the link is congested.
    Type: Application
    Filed: April 19, 2021
    Publication date: August 5, 2021
    Applicant: Akamai Technologies, Inc.
    Inventors: William R. Sears, Martin K. Lohner
  • Publication number: 20210243249
    Abstract: Among other things, this document describes systems, methods and devices for performance testing and dynamic placement of computing tasks in a distributed computing environment. In embodiments, a given client request is forwarded up a hierarchy of nodes, or across tiers in the hierarchy. A particular computing node in the system self-determines to perform a computing task to generate (or help generate) particular content for a response to the client. The computing node injects its identifier into the response indicating that it performed those tasks; the identifier is transmitted to the client with particular content. The client runs code that assesses the performance of the system from the client's perspective, e.g., in servicing the request, and beacons this performance data, along with the aforementioned identifier, to a system intelligence component. The performance information may be used to dynamically place and improve the placement of the computing task(s).
    Type: Application
    Filed: February 2, 2021
    Publication date: August 5, 2021
    Applicant: Akamai Technologies, Inc.
    Inventor: Byung K. Choi
  • Patent number: 11082334
    Abstract: Techniques for enhanced overlay network-based transport of traffic, such as IPsec traffic, e.g., to and from customer branch office locations, are facilitated through the use of the Internet-based overlay routing infrastructure. This disclosure describes managing and enforcing quality-of-service (QoS) in an Internet-based overlay network shared by a set of content provider customer entities. For each entity having a customer branch, the customer branch is coupled to the Internet-based overlay routing network. A quality-of-service (QoS) policy is configured for the customer. Utilization of the Internet-based overlay network against the configured QoS policy is then monitored. The QoS is then enforced for the customer and at least one other customer, based in part on the QoS policies. Capacity is enforced for a customer entity according to the QoS policy at one of: a global level, a geographical region level, and at the customer branch level.
    Type: Grant
    Filed: March 24, 2020
    Date of Patent: August 3, 2021
    Assignee: Akamai Technologies, Inc.
    Inventors: Vinodkumar Parasmal, Parthasarathy Narayanan, Maswood Ahmed Basheer Ahamed, Brandon O. Williams
  • Patent number: 11082401
    Abstract: A cloud-based firewall system and service is provided to protect customer sites from attacks, leakage of confidential information, and other security threats. In various embodiments, such a firewall system and service can be implemented in conjunction with a content delivery network (CDN) having a plurality of distributed content servers. The CDN servers receive requests for content identified by the customer for delivery via the CDN. The CDN servers include firewalls that examine those requests and take action against security threats, so as to prevent them from reaching the customer site. The CDN provider implements the firewall system as a managed firewall service, with the operation of the firewalls for given customer content being defined by that customer, independently of other customers. In some embodiments, a customer may define different firewall configurations for different categories of that customer's content identified for delivery via the CDN.
    Type: Grant
    Filed: February 4, 2019
    Date of Patent: August 3, 2021
    Assignee: Akamai Technologies, Inc.
    Inventors: John A. Dilley, Prasanna Laghate, John F. Summers, Thomas Devanneaux
  • Patent number: 11080065
    Abstract: A method of generating an optimized executable configuration query engine is disclosed. A set of one or more immutable configuration parameters associated with a configurable service or a configurable application is received. At least a portion of a set of configuration data in a configuration database and at least a portion of the set of one or more immutable configuration parameters are transformed into a set of data and code in a compiler-readable format. An optimized subset of the set of configuration data in the configuration database is selected based at least in part on the set of one or more immutable configuration parameters. An optimized executable configuration query engine is generated based at least in part on the set of one or more immutable configuration parameters, wherein the optimized executable configuration query engine serves configuration data from the selected optimized subset of the set of configuration data.
    Type: Grant
    Filed: April 3, 2019
    Date of Patent: August 3, 2021
    Assignee: Akamai Technologies, Inc.
    Inventors: Mehrdad Reshadi, Madhukar Nagaraja Kedlaya
  • Publication number: 20210227040
    Abstract: A high-performance distributed ledger and transaction computing network fabric over which large numbers of transactions (involving the transformation, conversion or transfer of information or value) are processed concurrently in a scalable, reliable, secure and efficient manner. In one embodiment, the computing network fabric or “core” is configured to support a distributed blockchain network that organizes data in a manner that allows communication, processing and storage of blocks of the chain to be performed concurrently, with little synchronization, at very high performance and low latency, even when the transactions themselves originate from distant sources. This data organization relies on segmenting a transaction space within autonomous but cooperating computing nodes that are configured as a processing mesh. Each computing node typically is functionally-equivalent to all other nodes in the core.
    Type: Application
    Filed: April 6, 2021
    Publication date: July 22, 2021
    Applicant: Akamai Technologies, Inc.
    Inventors: David C. Carver, Thomas Houman, Andrew F. Champagne, Vladimir Shtokman, Patrick Alexander Deegan, Ramanath Mallikarjuna
  • Publication number: 20210226987
    Abstract: An account protection service to prevent user login or other protected endpoint request abuse. In one embodiment, the service collects user recognition data, preferably for each login attempt (e.g. data about the connection, session, and other relevant context), and it constructs a true user profile for each such user over time, preferably using the recognition data from successful logins. The profile evolves as additional recognition data is collected from successful logins. The profile is a model of what the user “looks like” to the system. For a subsequent login attempt, the system then calculates a true user score. This score represents how well the current user recognition data matches the model represented by the true user profile. The user recognition service is used to drive policy decisions and enforcement capabilities. Preferably, user recognition works in association with bot detection in a combined solution.
    Type: Application
    Filed: December 24, 2020
    Publication date: July 22, 2021
    Applicant: Akamai Technologies, Inc.
    Inventors: John Summers, Robert Polansky, Darryl Nicholson, Scott Markwell
  • Patent number: 11070473
    Abstract: A mechanism to facilitate a private network (VPN)-as-a-service, preferably within the context of an overlay IP routing mechanism implemented within an overlay network. The overlay provides delivery of packets end-to-end between overlay network appliances positioned at the endpoints. During such delivery, the appliances are configured such that the data portion of each packet has a distinct encryption context from the encryption context of the TCP/IP portion of the packet. By establishing and maintaining these distinct encryption contexts, the overlay network can decrypt and access the TCP/IP flow. This enables the overlay network provider to apply one or more TCP optimizations. At the same time, the separate encryption contexts ensure the data portion of each packet is never available in the clear at any point during transport. According to another feature, data flows within the overlay directed to a particular edge region may be load-balanced while still preserving IPsec replay protection.
    Type: Grant
    Filed: November 3, 2017
    Date of Patent: July 20, 2021
    Assignee: Akamai Technologies, Inc.
    Inventors: Brandon O. Williams, Martin K. Lohner, Gowtham Boddapati