Patents Assigned to Akamai Technologies, Inc.
  • Patent number: 10708281
    Abstract: A method of detecting bots, preferably in an operating environment supported by a content delivery network (CDN) that comprises a shared infrastructure of distributed edge servers from which CDN customer content is delivered to requesting end users (clients). The method begins as clients interact with the edge servers. As such interactions occur, transaction data is collected. The transaction data is mined against a set of “primitive” or “compound” features sets to generate a database of information. In particular, preferably the database comprises one or more data structures, wherein a given data structure associates a feature value with its relative percentage occurrence across the collected transaction data. Thereafter, and upon receipt of a new transaction request, primitive or compound feature set data derived from the new transaction request are compared against the database. Based on the comparison, an end user client associated with the new transaction request is then characterized, e.g.
    Type: Grant
    Filed: September 24, 2018
    Date of Patent: July 7, 2020
    Assignee: Akamai Technologies, Inc.
    Inventors: Venkata Sai Kishore Modalavalasa, Sreenath Kurupati, Tu Vuong
  • Patent number: 10698985
    Abstract: In a content protection scheme, and in response to a request for a content segment received by a server, the server generates and associates with the segment a message that confers entitlement to a session-specific key from which one or more decryption keys may be derived. The decryption keys are useful to decrypt the segment at runtime as it is about to be rendered by a player. Before delivery, the server encrypts the segment to generate an encrypted fragment, and it then serves the encrypted fragment (and the message) in response to the request. At the client, information in the message is used to obtain the session-specific key. Using that key, the decryption keys are derived, and those keys are then used to decrypt the received encrypted fragment. The decryption occurs at runtime. The approach protects content while in transit to and at rest in the client browser environment.
    Type: Grant
    Filed: March 28, 2017
    Date of Patent: June 30, 2020
    Assignee: Akamai Technologies, Inc.
    Inventors: Christopher R. Knox, Alex Olugbile
  • Patent number: 10700977
    Abstract: A technique that addresses the problem of a TCP connection's throughput being very vulnerable to early losses implements a pair of controls around ssthresh. A first control is a loss forgiveness mechanism that applies to the first n-loss events by the TCP connection. Generally, this mechanism prevents new TCP connections from ending slow-start and becoming conservative on window growth too early (which would otherwise occur due to the early losses). The second control is a self-decay mechanism that is applied beyond the first n-losses that are handled by the first control. This mechanism decouples of ssthresh drop from cwnd and is thus useful in arresting otherwise steep ssthresh drops. The self-decay mechanism also enables TCP to enter/continue to be slow-start even after fast-recovery from a loss event.
    Type: Grant
    Filed: August 14, 2017
    Date of Patent: June 30, 2020
    Assignee: Akamai Technologies, Inc.
    Inventors: Manish Jain, Mangesh M. Kasbekar
  • Patent number: 10694005
    Abstract: This document describes, among other things, improved methods, systems, and apparatus for relaying packets on computer networks. Preferably, the relay function is accelerated at a host by implementing selected forwarding functions in hardware, such as the host's network interface card, while upper software layers at the host retain at least some access to the packet flow to handle more complex operations and/or monitoring. In a so-called “split TCP” arrangement, for example, a relay host terminates a first TCP connection from a given host and forwards packets on that connection to another given host on a second TCP connection. The relay host has a TCP forwarding table implemented at the device level, configurable by a relay management application running in the kernel or user-space. Special forwarding table modes may be used to enable full-TCP protocol support while also taking advantage of hardware acceleration.
    Type: Grant
    Filed: September 26, 2018
    Date of Patent: June 23, 2020
    Assignee: Akamai Technologies Inc.
    Inventor: Byung K. Choi
  • Patent number: 10693834
    Abstract: A method for improving client subnet efficiency by equivalence class aggregation includes receiving a Domain Name System (DNS) query from a client, determining, based on predetermined class criteria, that the client is associated with an equivalency class, searching a cache associated with the equivalence class for an answer corresponding to the DNS query, and upon locating the answer, serving the answer to the client. If it is determined that the cache does not include the answer, the method proceeds with querying, by a recursive server, an authoritative server using client subnet data associated with the equivalence class, receiving the answer from the authoritative server, storing the answer to the cache associated with the equivalency class, and serving the answer to the client. The client subnet data may include a representative CIDR block, the representative CIDR block being used to make queries on behalf of all clients associated with the equivalence class.
    Type: Grant
    Filed: August 14, 2018
    Date of Patent: June 23, 2020
    Assignee: Akamai Technologies Inc
    Inventors: Robert Thomas Halley, Brian Wellington
  • Publication number: 20200196210
    Abstract: Edge server compute capacity demand in an overlay network is predicted and used to pre-position compute capacity in advance of application-specific demands. Preferably, machine learning is used to proactively predict anticipated compute capacity needs for an edge server region (e.g., a set of co-located edge servers). In advance, compute capacity (application instances) are made available in-region, and data associated with an application instance is migrated to be close to the instance. The approach facilitates compute-at-the-edge services, which require data (state) to be close to a pre-positioned latency-sensitive application instance. Overlay network mapping (globally) may be used for more long-term positioning, with short-duration scheduling then being done in-region as needed. Compute instances and associated state are migrated intelligently based on predicted (e.g., machine-learned) demand, and with full data consistency enforced.
    Type: Application
    Filed: June 13, 2019
    Publication date: June 18, 2020
    Applicant: Akamai Technologies, Inc.
    Inventors: Vinay Kanitkar, Robert B. Bird, Aniruddha Bohra, Michael Merideth
  • Patent number: 10686818
    Abstract: Methods and systems for malicious non-human user detection on computing devices are described. The method includes collecting, by a processing device, raw data corresponding to a user action, converting, by the processing device, the raw data to features, wherein the features represent characteristics of a human user or a malicious code acting as if it were the human user, and comparing, by the processing device, at least one of the features against a corresponding portion of a characteristic model to differentiate the human user from the malicious code acting as if it were the human user.
    Type: Grant
    Filed: February 26, 2018
    Date of Patent: June 16, 2020
    Assignee: Akamai Technologies, Inc.
    Inventor: Sreenath Kurupati
  • Publication number: 20200186500
    Abstract: Among other things, this document describes systems, methods and devices for providing a cloud proxy auto-config (PAC) function for clients connected to a private network, such as an enterprise network. The teachings hereof are of particular use with cloud hosted proxy services provided by server deployments outside of the private network (e.g., external to the enterprise or other organizational network). This document also describes systems, methods and devices for providing a proxy auto-config (PAC) function for clients connected to a third party network, such as when the client moves outside of the enterprise network.
    Type: Application
    Filed: December 6, 2018
    Publication date: June 11, 2020
    Applicant: Akamai Technologies, Inc.
    Inventors: Eugene ("John") Neystadt, John Devasia, Christopher Dewar, Eyal Heiman
  • Publication number: 20200186501
    Abstract: Among other things, this document describes systems, methods and devices for providing a cloud proxy auto-config (PAC) function for clients connected to a private network, such as an enterprise network. The teachings hereof are of particular use with cloud hosted proxy services provided by server deployments outside of the private network (e.g., external to the enterprise or other organizational network). This document also describes systems, methods and devices for providing a proxy auto-config (PAC) function for clients connected to a third party network, such as when the client moves outside of the enterprise network.
    Type: Application
    Filed: December 6, 2018
    Publication date: June 11, 2020
    Applicant: Akamai Technologies, Inc.
    Inventors: Eugene ("John") Neystadt, John Devasia, Christopher Dewar, Eyal Heiman
  • Publication number: 20200186568
    Abstract: A high-performance distributed ledger and transaction computing network fabric over which large numbers of transactions (involving the transformation, conversion or transfer of information or value) are processed concurrently in a scalable, reliable, secure and efficient manner. In one embodiment, the computing network fabric or “core” is configured to support a distributed blockchain network that organizes data in a manner that allows communication, processing and storage of blocks of the chain to be performed concurrently, with little synchronization, at very high performance and low latency, even when the transactions themselves originate from distant sources. This data organization relies on segmenting a transaction space within autonomous but cooperating computing nodes that are configured as a processing mesh. Each computing node typically is functionally-equivalent to all other nodes in the core.
    Type: Application
    Filed: November 26, 2019
    Publication date: June 11, 2020
    Applicant: Akamai Technologies, Inc.
    Inventors: Samuel Erb, Mark A. Roman, Talmai Oliveira, David C. Carver
  • Patent number: 10681001
    Abstract: Among other things, this document describes systems, devices, and methods for improving the mapping of end user clients to content servers. In one embodiment, an intermediary DNS server receives a DNS answer with multiple IP addresses. The intermediary DNS server modifies this answer before passing it on to the end user client—that is the end user client that originally requested name resolution of the hostname. Modification can involve filtering the list to remove low-performing IP addresses, re-ordering the list, blocking certain IPs according to policy, or other things. The intermediary DNS server can be operated by a internet service provider (carrier) or an enterprise, for example, or provided on their behalf by a third party as a service. The modification can be based on knowledge of the client-side network, including the location and connectivity of the end user client.
    Type: Grant
    Filed: May 31, 2018
    Date of Patent: June 9, 2020
    Assignee: Akamai Technologies, Inc.
    Inventors: David Tang, Charles E. Gero
  • Publication number: 20200175419
    Abstract: Individual nodes (e.g., edge machines) in an overlay network each build local machine learning (ML) models associated with a particular behavior of interest. Through a communication mechanism, nodes exchange some portion of their ML models between or among each other. The portion of the local model that is exchanged with one or more other nodes encodes or encapsulates relevant knowledge (learned at the source node) for the particular behavior of interest; in this manner, relevant transfer learning is enabled such that individual node models become smarter. Sets of machines that collaborate converge their models toward a solution that is then used to facilitate another overlay network function or optimization. The local knowledge exchange among the nodes creates an emergent behavioral profile used to control the edge machine behavior. Example functions managed with this ML front-end include predictive pre-fetching, anomaly detection, image management, forecasting to allocate resources, and others.
    Type: Application
    Filed: June 11, 2019
    Publication date: June 4, 2020
    Applicant: Akamai Technologies, Inc.
    Inventors: Robert B. Bird, Jan Galkowski
  • Patent number: 10673891
    Abstract: The methods and system described herein automatically generate network router access control entities (ACEs) that are used to filter internet traffic and more specifically to block malicious traffic. The rules are generated by an ACE engine that processes incoming internet packets and examines existing ACEs and a statistical profile of the captured packets to produce one or more recommended ACEs with a quantified measure of confidence. Preferably, a recommended ACE is identified in real time of the attack, and preferably selected from a library of pre-authored ACEs. It is then deployed automatically or alternatively sent to system personnel for review and confirmation.
    Type: Grant
    Filed: May 30, 2017
    Date of Patent: June 2, 2020
    Assignee: Akamai Technologies, Inc.
    Inventors: Bonita G. Lee, Christopher Bero
  • Patent number: 10673890
    Abstract: The methods and system described herein automatically generate network router access control entities (ACEs) that are used to filter internet traffic and more specifically to block malicious traffic. The rules are generated by an ACE engine that processes incoming internet packets and examines existing ACEs and a statistical profile of the captured packets to produce one or more recommended ACEs with a quantified measure of confidence. Preferably, a recommended ACE is identified in real time of the attack, and preferably selected from a library of pre-authored ACEs. It is then deployed automatically or alternatively sent to system personnel for review and confirmation.
    Type: Grant
    Filed: May 30, 2017
    Date of Patent: June 2, 2020
    Assignee: Akamai Technologies, Inc.
    Inventors: Bonita G. Lee, Christopher Bero
  • Patent number: 10671691
    Abstract: Disclosed herein are systems, methods, and apparatus for improving the delivery of web content that has been authored for multiple devices. In certain embodiments, an intermediary device such as a proxy server determines the characteristics of a client device requesting multi-device content, obtains and examines the multi-device content, and in view of the particular requesting client device removes portions that are irrelevant for that device. Doing so can accelerate delivery of the content by reducing payload and relieving the client device of the processing burden associated with parsing the content to make that determination itself, among other things.
    Type: Grant
    Filed: October 8, 2018
    Date of Patent: June 2, 2020
    Assignee: Akamai Technologies Inc.
    Inventor: Martin T. Flack
  • Patent number: 10673718
    Abstract: Disclosed herein are systems, methods, and apparatus for performing a new kind of traceroute. This traceroute is referred to herein as a “reverse” traceroute, as it enables a given network node to determine the path of packets sent to it from another node. Preferably, an encapsulating tunnel between the two nodes is leveraged. Preferably, a given network node (“first node”) performs the reverse traceroute by sending encapsulated inner packets in the tunnel to another network node (“second node”). The second node reflects the inner packets back to the first node. Preferably, the inner packets are configured such that their IP header TTLs expire at intermediate nodes (such as routers), and such that the resulting error messages are reported to the first node. In this way, the first node obtains information about the topology of the network and the path taken by inbound packets.
    Type: Grant
    Filed: March 5, 2019
    Date of Patent: June 2, 2020
    Assignee: Akamai Technologies, Inc.
    Inventor: Peter Bristow
  • Publication number: 20200167341
    Abstract: A high-performance distributed ledger and transaction computing network fabric over which large numbers of transactions (involving the transformation, conversion or transfer of information or value) are processed concurrently in a scalable, reliable, secure and efficient manner. In one embodiment, the computing network fabric or “core” is configured to support a distributed blockchain network that organizes data in a manner that allows communication, processing and storage of blocks of the chain to be performed concurrently, with little synchronization, at very high performance and low latency, even when the transactions themselves originate from distant sources. This data organization relies on segmenting a transaction space within autonomous but cooperating computing nodes that are configured as a processing mesh. Each computing node typically is functionally-equivalent to all other nodes in the core.
    Type: Application
    Filed: October 29, 2019
    Publication date: May 28, 2020
    Applicant: Akamai Technologies, Inc.
    Inventor: David C. Carver
  • Publication number: 20200167779
    Abstract: A high-performance distributed ledger and transaction computing network fabric over which large numbers of transactions are processed concurrently in a scalable, reliable, secure and efficient manner. In one embodiment, the computing network core is configured to support a distributed blockchain network that organizes data in a manner that allows communication, processing and storage of blocks of the chain to be performed concurrently at very high performance and low latency, even when the transactions themselves originate from distant sources. This data organization relies on segmenting a transaction space within autonomous but cooperating computing nodes that are configured as a processing mesh. The system also provides for confidence-based consensus and automated fork resolution.
    Type: Application
    Filed: November 27, 2019
    Publication date: May 28, 2020
    Applicant: Akamai Technologies, Inc.
    Inventors: David C. Carver, Leen K. Al Shenibr, Samuel Delaughter, Samuel Erb, Vladimir Shtokman, Patrick A. Deegan, Thomas Houman
  • Patent number: 10667172
    Abstract: Among other things, this document describes systems, devices, and methods for wireless content delivery to vehicles and in particular to vehicles in cellular radio environments. The teachings hereof can be used to deliver a vehicle manufacturer's head unit updates, firmware, configurations, and other data to a vehicle. In embodiments, downloads are managed at the control plane and/or data plane. Download management can include mitigating either current or anticipated wireless congestion at cell towers, enforcing campaign priority for firmware updates, accommodating occupant-originated data flows to and from the vehicle, and/or accounting for contractual data arrangements between vehicles makers and cellular providers, among other things.
    Type: Grant
    Filed: June 18, 2018
    Date of Patent: May 26, 2020
    Assignee: Akamai Technologies, Inc.
    Inventor: Mark M. Ingerman
  • Publication number: 20200162360
    Abstract: This document describes systems, devices, and methods for testing the integration of a content provider's origin infrastructure with a content delivery network (CDN). In embodiments, the teachings hereof enable a content provider's developer to rapidly and flexibly create test environments that send test traffic through the same CDN hardware and software that handle (or at least have the ability to handle) production traffic, but in isolation from that production traffic and from each other. Furthermore, in embodiments, the teachings hereof enable the content provider to specify an arbitrary test origin behind its corporate firewall with which the CDN should communicate.
    Type: Application
    Filed: August 30, 2019
    Publication date: May 21, 2020
    Applicant: Akamai Technologies, Inc.
    Inventors: Bradford A. Jones, Manish Gupta