Patents Assigned to Akamai Technologies, Inc.
  • Patent number: 11445225
    Abstract: Origin offload is a key performance indicator of a content delivery network (CDN). This patent document presents unique methods and systems for measuring origin offload and applying those measurements to improve the offload. The techniques presented herein enable resource-efficient measurement of origin offload by individual servers and aggregation and analysis of such measurements to produce significant insights. The teachings hereof can be used to better identify root causes of suboptimal offload performance, to tune CDN settings and configurations, and to modify network operations, deployment and/or capacity planning. In addition, discussed herein are improved metrics showing offload in relation to the maximum achievable offload for the particular traffic being served.
    Type: Grant
    Filed: October 27, 2020
    Date of Patent: September 13, 2022
    Assignee: Akamai Technologies, Inc.
    Inventor: Dmitry Sotnikov
  • Patent number: 11445045
    Abstract: Improved technology for managing the caching of objects that are rarely requested by clients. A cache system can be configured to assess a class of objects (such as objects associated with a particular domain) for cacheability, based on traffic observations. If the maximum possible cache offloading for the class of objects falls below a threshold level, which indicates a high proportion of non-cacheable or “single-hitter” content, then cache admission logic is configured to admit objects only after multiple clients requests during a time period (usually the object's time in cache, or eviction age). Otherwise, the cache admission logic may operate to admit objects to the cache after the first client request, assuming the object meets cacheability criteria. The technological improvements disclosed herein can be used to improve cache utilization, for example by preventing single-hitter objects from pushing out multi-hit objects (the objects that get hits after being added to cache).
    Type: Grant
    Filed: December 21, 2021
    Date of Patent: September 13, 2022
    Assignee: Akamai Technologies, Inc.
    Inventors: Dmitry Sotnikov, Brian Mancuso, Shai Kedem, Omri Guttman, Michael Hakimi
  • Patent number: 11418352
    Abstract: A method to generate a trusted certificate on an endpoint appliance located in an untrusted network, wherein client devices are configured to trust a first Certificate Authority (CA) that is administered by the untrusted network. In this approach, an overlay network is configured between the endpoint appliance and an origin server associated with the endpoint appliance. The overlay comprises an edge machine located proximate the endpoint appliance, and an associated key management service. A second CA is configured in association with the key management service to receive a second certificate signed by the first CA. A third CA is configured in association with the edge machine to receive a third certificate signed by the second CA. In response to a request from the appliance, a server certificate signed by the third CA is dynamically generated and provided to the appliance.
    Type: Grant
    Filed: February 14, 2019
    Date of Patent: August 16, 2022
    Assignee: Akamai Technologies, Inc.
    Inventors: Brandon O. Williams, Andres Guedez
  • Publication number: 20220255893
    Abstract: This document relates to a CDN balancing mitigation system. An implementing CDN can deploy systems and techniques to monitor the domains of content provider customers with an active DNS scanner and detect which are using other CDNs on the same domain. This information can be used as an input signal for identifying and implementing adjustments to CDN configuration. Both automated and semi-automated adjustments are possible. The system can issue configuration adjustments or recommendations to the implementing CDN's servers or to its personnel. These might include “above-SLA” treatments intended to divert traffic to the implementing CDN. The effectiveness can be measured with the multi-CDN balance subsequently observed. The scanning and adjustment workflow can be permanent, temporary, or cycled. Treatments may include a variety of things, such as more cache storage, routing to less loaded servers, and so forth.
    Type: Application
    Filed: January 18, 2022
    Publication date: August 11, 2022
    Applicant: Akamai Technologies Inc.
    Inventors: Martin T. Flack, Utkarsh Goel
  • Patent number: 11411996
    Abstract: A mechanism to facilitate a private network (VPN)-as-a-service, preferably within the context of an overlay IP routing mechanism implemented within an overlay network. A network-as-a-service customer operates endpoints that are desired to be connected to one another securely and privately using the overlay IP (OIP) routing mechanism. The overlay provides delivery of packets end-to-end between overlay network appliances positioned at the endpoints. During such delivery, the appliances are configured such that the data portion of each packet has a distinct encryption context from the encryption context of the TCP/IP portion of the packet. By establishing and maintaining these distinct encryption contexts, the overlay network can decrypt and access the TCP/IP flow. This enables the overlay network provider to apply one or more TCP optimizations. At the same time, the separate encryption contexts ensure the data portion of each packet is never available in the clear at any point during transport.
    Type: Grant
    Filed: April 23, 2019
    Date of Patent: August 9, 2022
    Assignee: Akamai Technologies, Inc.
    Inventors: Brandon O. Williams, Martin K. Lohner, Kevin Harmon, Jeffrey Bower
  • Patent number: 11411975
    Abstract: Methods and systems for malicious non-human user detection on computing devices are described. The method includes collecting, by a processing device, raw data corresponding to a user action, converting, by the processing device, the raw data to features, wherein the features represent characteristics of a human user or a malicious code acting as if it were the human user, and comparing, by the processing device, at least one of the features against a corresponding portion of a characteristic model to differentiate the human user from the malicious code acting as if it were the human user.
    Type: Grant
    Filed: June 16, 2020
    Date of Patent: August 9, 2022
    Assignee: Akamai Technologies, Inc.
    Inventor: Sreenath Kurupati
  • Publication number: 20220247778
    Abstract: The methods and system described herein automatically generate network router access control entities (ACEs) that are used to filter internet traffic and more specifically to block malicious traffic. The rules are generated by an ACE engine that processes incoming internet packets and examines existing ACEs and a statistical profile of the captured packets to produce one or more recommended ACEs with a quantified measure of confidence. Preferably, a recommended ACE is identified in real time of the attack, and preferably selected from a library of pre-authored ACEs. It is then deployed automatically or alternatively sent to system personnel for review and confirmation.
    Type: Application
    Filed: January 6, 2022
    Publication date: August 4, 2022
    Applicant: Akamai Technologies, Inc.
    Inventors: Bonita G. Lee, Christopher Bero
  • Patent number: 11405286
    Abstract: An analysis system automates IP address structure discovery by deep analysis of sample IPv6 addresses using a set of computational methods, namely, information-theoretic analysis, machine learning, and statistical modeling. The system receives a sample set of IP addresses, computes entropies, discovers and mines address segments, builds a network model of address segment inter-dependencies, and provides a graphical display with various plots and tools to enable a network analyst to navigate and explore the exposed IPv6 address structure. The structural information is then applied as input to applications that include: (a) identifying homogeneous groups of client addresses, e.g., to assist in mapping clients to content in a CDN; (b) supporting network situational awareness efforts, e.g., in cyber defense; (c) selecting candidate targets for active measurements, e.g.
    Type: Grant
    Filed: March 8, 2021
    Date of Patent: August 2, 2022
    Assignee: Akamai Technologies, Inc.
    Inventors: Pawel J. Foremski, Arthur W. Berger, David J. Plonka
  • Publication number: 20220239581
    Abstract: This document describes systems, devices, and methods for testing the integration of a content provider's origin infrastructure with a content delivery network (CDN). In embodiments, the teachings hereof enable a content provider's developer to rapidly and flexibly create test environments that send test traffic through the same CDN hardware and software that handle (or at least have the ability to handle) production traffic, but in isolation from that production traffic and from each other. Furthermore, in embodiments, the teachings hereof enable the content provider to specify an arbitrary test origin behind its corporate firewall with which the CDN should communicate.
    Type: Application
    Filed: February 14, 2022
    Publication date: July 28, 2022
    Applicant: Akamai Technologies, Inc.
    Inventors: Bradford A. Jones, Manish Gupta
  • Publication number: 20220237594
    Abstract: A payment network comprises ledger services, and associated wallet services. To provide wallet services resiliency, multiple active wallet replicas are used to enable the system (i) to rely on collision detection and blockchain idempotency to produce a single correct outcome, and (2) to implement various collision avoidance techniques. Using a ledger services idempotency feature, multiple actors form independent valid intents and know that no more than one intent will get finalized on the ledger. In a variant embodiment, replicas implement processing delays and utilize so-called “intent” messages. By adding the delays, decision logic is biased logic towards one intent. The intent messages are used to intercede before a wallet handles a same original upstream message and forms a different intent. Seeing the replica's intent, the wallet can adopt the same intent and proceed with downstream processing. After adopting intent, preferably a wallet also informs its replicas of its intent.
    Type: Application
    Filed: January 18, 2022
    Publication date: July 28, 2022
    Applicant: Akamai Technologies, Inc.
    Inventors: David C. Carver, William R. Sears, Talmai Oliveira
  • Publication number: 20220217192
    Abstract: A messaging channel is embedded directly into a media stream. Messages delivered via the embedded messaging channel are extracted at a client media player. According to a variant embodiment, and in lieu of embedding all of the message data in the media stream, only a coordination index is injected, and the message data is sent separately and merged into the media stream downstream (at the client media player) based on the coordination index. In one example embodiment, multiple data streams (each potentially with different content intended for a particular “type” or class of user) are transmitted alongside the video stream in which the coordination index (e.g., a sequence number) has been injected into a video frame. Based on a user's service level, a particular one of the multiple data streams is released when the sequence number appears in the video frame, and the data in that stream is associated with the media.
    Type: Application
    Filed: March 22, 2022
    Publication date: July 7, 2022
    Applicant: Akamai Technologies, Inc.
    Inventors: Mark M. Ingerman, Michael Archer
  • Publication number: 20220217157
    Abstract: A method of detecting bots, preferably in an operating environment supported by a content delivery network (CDN) that comprises a shared infrastructure of distributed edge servers from which CDN customer content is delivered to requesting end users (clients). The method begins as clients interact with the edge servers. As such interactions occur, transaction data is collected. The transaction data is mined against a set of “primitive” or “compound” features sets to generate a database of information. In particular, preferably the database comprises one or more data structures, wherein a given data structure associates a feature value with its relative percentage occurrence across the collected transaction data. Thereafter, and upon receipt of a new transaction request, primitive or compound feature set data derived from the new transaction request are compared against the database. Based on the comparison, an end user client associated with the new transaction request is then characterized, e.g.
    Type: Application
    Filed: March 29, 2022
    Publication date: July 7, 2022
    Applicant: Akamai Technologies, Inc.
    Inventors: Venkata Sai Kishore Modalavalasa, Sreenath Kurupati, Tu Vuong
  • Patent number: 11381393
    Abstract: This document describes techniques for rotating keys used to tokenize data stored in a streaming data store where data is stored for a maximum time [W]. In some embodiments, a data layer of such a data store can encrypt arriving original data values twice. The original data value is first encrypted with a first key, producing a first token. The original data value is encrypted with a second key, producing a second token. Each encrypted token can be stored separately in the data store. A field may be associated with two database columns, one holding the value encrypted with the first key and the second holding the value encrypted with the second key. Keys are rotated after time [K], which is at least equal to and preferably longer than [W]. Rotation can involve discarding the older key and generating a new key so that two keys are still used.
    Type: Grant
    Filed: September 24, 2019
    Date of Patent: July 5, 2022
    Assignee: Akamai Technologies Inc.
    Inventors: Eugene (John) Neystadt, Jonathan Herzog, Ittay Dror, Elisha Ben-Zvi
  • Patent number: 11379281
    Abstract: A server in a content delivery network (CDN) can examine API traffic and extract therefrom content that can be optimized before it is served to a client. The server can apply content location instructions to a given API message to find such content therein. Upon finding an instance of such content, the server can verify the identity of the content by applying a set of content verification instructions. If verification succeeds, the server can retrieve an optimized version of the identified content and swap it into the API message for the original version. If an optimized version is not available, the server can initiate an optimization process so that next time the optimized version will be available. In some embodiments, an analysis service can assist by observing traffic from an API endpoint over time, detecting the format of API messages and producing the content location and verification instructions.
    Type: Grant
    Filed: November 18, 2020
    Date of Patent: July 5, 2022
    Assignee: Akamai Technologies, Inc.
    Inventors: Utkarsh Goel, Martin T. Flack
  • Patent number: 11374945
    Abstract: A server interacts with a bot detection service to provide bot detection as a requesting client interacts with the server. In an asynchronous mode, the server injects into a page a data collection script configured to record interactions at the requesting client, to collect sensor data about the interactions, and to send the collected sensor data to the server. After the client receives the page, the sensor data is collected and forwarded to the server through a series of posts. The server forwards the posts to the detection service. During this data collection, the server also may receive a request from the client for a protected endpoint. When this occurs, and in a synchronous mode, the server issues a query to the detection service to obtain a threat score based in part on the collected sensor data that has been received and forwarded by the server. Based on the threat score returned, the server then determines whether the request for the endpoint should be forwarded onward for handling.
    Type: Grant
    Filed: February 12, 2019
    Date of Patent: June 28, 2022
    Assignee: Akamai Technologies, Inc.
    Inventors: David Senecal, Prajakta Bhurke, Tu Vuong
  • Patent number: 11368514
    Abstract: A server-side technique to detect and mitigate client-side content filtering, such as ad blocking. In operation, the technique operates on a server-side of a client-server communication path to provide real-time detect the existence of a client filter (e.g., an ad blocker plug-in) through transparent request exchanges, and then to mitigate (defeat) that filter through one or operations designed to modify the HTML response body or otherwise obscure URLs. Preferably, the publisher (the CDN customer) defines one or more criteria of the page resources being served by the overlay (CDN) and that need to be protected against the client-side filtering.
    Type: Grant
    Filed: October 26, 2020
    Date of Patent: June 21, 2022
    Assignee: Akamai Technologies, Inc.
    Inventors: Patrice Boffa, Eugene Y. Zhang, Sabrina A. Burney
  • Patent number: 11368483
    Abstract: A server interacts with a bot detection service to provide bot detection as a requesting client interacts with the server. In an asynchronous mode, the server injects into a page a data collection script configured to record interactions at the requesting client, to collect sensor data about the interactions, and to send the collected sensor data to the server. After the client receives the page, the sensor data is collected and forwarded to the server through a series of posts. The server forwards the posts to the detection service. During this data collection, the server also may receive a request from the client for a protected endpoint. When this occurs, and in a synchronous mode, the server issues a query to the detection service to obtain a threat score based in part on the collected sensor data that has been received and forwarded by the server. Based on the threat score returned, the server then determines whether the request for the endpoint should be forwarded onward for handling.
    Type: Grant
    Filed: February 12, 2019
    Date of Patent: June 21, 2022
    Assignee: Akamai Technologies, Inc.
    Inventors: David Senecal, Prajakta Bhurke
  • Publication number: 20220191241
    Abstract: A method and apparatus for data collection to facilitate bot detection. According to this approach, and in lieu of conventional user agent-based fingerprinting, a client script is executed to attempt to identify one or more Javascript “landmark” features. In one embodiment, a landmark Javascript feature is a Javascript implementation that exists in a first browser type but not a second browser type distinct from the first browser type, and that also exists in one or more releases of the first browser type, but not in one or more other releases of the first browser type. By testing against landmark Javascript features as opposed to an unconstrained set of API calls and the like, the technique herein provides for much more computationally-efficient client-side operation.
    Type: Application
    Filed: August 18, 2021
    Publication date: June 16, 2022
    Applicant: Akamai Technologies, Inc.
    Inventor: Simon E. Vera-Schockner
  • Publication number: 20220166791
    Abstract: A server interacts with a bot detection service to provide bot detection as a requesting client interacts with the server. In an asynchronous mode, the server injects into a page a data collection script configured to record interactions at the requesting client, to collect sensor data about the interactions, and to send the collected sensor data to the server. After the client receives the page, the sensor data is collected and forwarded to the server through a series of posts. The server forwards the posts to the detection service. During this data collection, the server also may receive a request from the client for a protected endpoint. When this occurs, and in a synchronous mode, the server issues a query to the detection service to obtain a threat score based in part on the collected sensor data that has been received and forwarded by the server. Based on the threat score returned, the server then determines whether the request for the endpoint should be forwarded onward for handling.
    Type: Application
    Filed: February 8, 2022
    Publication date: May 26, 2022
    Applicant: Akamai Technologies, Inc.
    Inventors: David Senecal, Prajakta Bhurke, Tu Vuong
  • Patent number: 11343348
    Abstract: This patent document describes technology for providing real-time messaging and entity update services in a distributed proxy server network, such as a CDN. Uses include distributing real-time notifications about updates to data stored in and delivered by the network, with both high efficiency and locality of latency. The technology can be integrated into conventional caching proxy servers providing HTTP services, thereby leveraging their existing footprint in the Internet, their existing overlay network topologies and architectures, and their integration with existing traffic management components.
    Type: Grant
    Filed: May 3, 2021
    Date of Patent: May 24, 2022
    Assignee: Akamai Technologies, Inc.
    Inventors: Matthew J. Stevens, Michael G. Merideth, Nil Alexandrov, Andrew F. Champagne, Brendan Coyle, Timothy Glynn, Mark A. Roman, Xin Xu