Abstract: According to this disclosure, a proxy server is enhanced to be able to interpret instructions that specify how to modify an input object to create an output object to serve to a requesting client. Typically the instructions operate on binary data. For example, the instructions can be interpreted in a byte-based interpreter that directs the proxy as to what order, and from which source, to fill an output buffer that is served to the client. The instructions specify what changes to make to a generic input file. This functionality extends the capability of the proxy server in an open-ended fashion and enables it to efficiently create a wide variety of outputs for a given generic input file. The generic input file and/or the instructions may be cached at the proxy. The teachings hereof have applications in, among other things, the delivery of web content, streaming media, and the like.

Abstract: According to certain non-limiting embodiments disclosed herein, the functionality of a server is extended with a mechanism for identifying connections with clients that have exhibited attack characteristics (for example, characteristics indicating a DoS attack), and for transitioning internal ownership of those connections such that server resources consumed by the connection are reduced, while keeping the connection open. The connection thus moves from a state of relatively high resource use to a state of relatively low server resource use, and the server is able to free resources such as memory and processing cycles previously allocated to the connection. In some cases, the server maintains the connection for at least some time and uses it to keep the client occupied so that it cannot launch—or has fewer resources to launch—further attacks, and possibly to gather information about the attacking client.

Abstract: In a content protection scheme, and in response to a request for a content segment received by a server, the server generates and associates with the segment a message that confers entitlement to a session-specific key from which one or more decryption keys may be derived. The decryption keys are useful to decrypt the segment at runtime as it is about to be rendered by a player. Before delivery, the server encrypts the segment to generate an encrypted fragment, and it then serves the encrypted fragment (and the message) in response to the request. At the client, information in the message is used to obtain the session-specific key. Using that key, the decryption keys are derived, and those keys are then used to decrypt the received encrypted fragment. The decryption occurs at runtime. The approach protects content while in transit to and at rest in the client browser environment.

Abstract: A dynamic image delivery system receives a client request for an image at an image caching server. The image caching server measures the client's network access speed and looks for an appropriate pre-rendered copy of the requested image that is rendered for the client's network access speed in local storage. If the appropriate rendered copy is found, then the image caching server sends the rendered image to the client. If it is not found, then the image caching server dynamically renders a copy of the image and sends it to the client.

Abstract: Techniques are provided for using the mobility support features of IPv6 to allow client and server nodes to communicate without the continuing intervention of a load-balancing node that selected the server node. A load-balancing node intercepts a TCP SYN packet addressed to a virtual IP address. The load-balancing node selects a server node from among multiple server nodes, and sends the packet toward the server node. The server node sends an IPv6 packet toward the client node. The packet contains a Binding Update option that specifies the virtual IP address as a Home Address. This information causes the client node to replace destination addresses in outgoing IP packets so that packets that the client node would have sent toward the virtual IP address are sent toward the selected server node's IP address instead. Consequently, the IP packets are routed toward the selected server node instead of the load-balancing node.

Abstract: A method of controlling size of a receive window includes transmitting packets over a communication channel from a transmitting device to a receiver, and receiving acknowledgment packets from the receiver, the received acknowledgement packets from the receiver including an advertised receive window size. The method further includes determining a backlog parameter for the receiver in accordance with the advertised receive window size, determining a queuing delay in accordance the received acknowledgment packets, resetting a size of a congestion window in accordance with a function of a current size of the congestion window and a factor proportional to the queuing delay, and resetting a size of a receive window in accordance with a function of a current size of the receive window and the backlog parameter. A network window is reset in accordance with the smaller of the size of the congestion window and the size of the receive window.

Abstract: A content delivery network provides delivery of cacheable content files, such as HTML. To support HTML delivery, the content provider provides the CDNSP with an association of the content provider's domain name to an origin server domain name at which default HTML files are published. The CDNSP provides its customer with a CDNSP-specific domain name. The content provider then implements DNS entry aliasing so that domain name requests for the host cue the CDN DNS request routing mechanism. This mechanism identifies a content server to respond to a request directed to the customer's domain. The CDN content server returns a default HTML file if such file is cached; otherwise, the content server directs a request for the file to the origin server to retrieve the file, after which the file is cached on the content server for subsequent use.

Abstract: A dynamic image delivery system receives a client request for an image at an image caching server. The image caching server measures the client's network access speed and looks for an appropriate pre-rendered copy of the requested image that is rendered for the client's network access speed in local storage. If the appropriate rendered copy is found, then the image caching server sends the rendered image to the client. If it is not found, then the image caching server dynamically renders a copy of the image and sends it to the client.

Abstract: In one example, multimedia content is requested from a plurality of storage modules. Each storage module retrieves the requested parts, which are typically stored on a plurality of storage devices at each storage module. Each storage module determines independently when to retrieve the requested parts of the data file from storage and transmits those parts from storage to a data queue. Based on a capacity of a delivery module and/or the data rate associated with the request, each storage module transmits the parts of the data file to the delivery module. The delivery module generates a sequenced data segment from the parts of the data file received from the plurality of storage modules and transmits the sequenced data segment to the requester.

Abstract: Using cryptographic techniques, sensitive data is protected against disclosure in the event of a compromise of a content delivery network (CDN) edge infrastructure. These techniques obviate storage and/or transfer of such sensitive data, even with respect to payment transactions that are being authorized or otherwise enabled from CDN edge servers.

Abstract: A method and system for modifying web pages, including dynamic web pages, based on automated analysis wherein web pages are transformed based on transformation instructions in nearly real-time, and wherein analysis is performed and transformation instructions based on the analysis are prepared prior to a request for the web page. The system has two primary components, an analyzer which asynchronously and repeatedly analyzes web pages creating and updating transformation instructions relating to the web pages, and a transformer which intercepts traffic to a web server in response to a request for the web page, receives the returned web pages, and transforms them based on stored transformation instructions.

Abstract: An Internet infrastructure delivery platform (e.g., operated by a service provider) provides an overlay network (a server infrastructure) that is used to facilitate “second screen” end user media experiences. In this approach, first media content, which is typically either live on-demand, is being rendered on a first content device (e.g., a television, Blu-Ray disk or other source). That first media content may be delivered by servers in the overlay network. One or multiple end user second content devices are then adapted to be associated with the first content source, preferably, via the overlay network, to facilitate second screen end user experiences (on the second content devices).

Abstract: Stream-based data deduplication is provided in a multi-tenant shared infrastructure but without requiring “paired” endpoints having synchronized data dictionaries. Data objects processed by the dedupe functionality are treated as objects that can be fetched as needed. As such, a decoding peer does not need to maintain a symmetric library for the origin. Rather, if the peer does not have the chunks in cache that it needs, it follows a conventional content delivery network procedure to retrieve them. In this way, if dictionaries between pairs of sending and receiving peers are out-of-sync, relevant sections are then re-synchronized on-demand. The approach does not require that libraries maintained at a particular pair of sender and receiving peers are the same. Rather, the technique enables a peer, in effect, to “backfill” its dictionary on-the-fly. On-the-wire compression techniques are provided to reduce the amount of data transmitted between the peers.

Abstract: Stream-based data deduplication is provided in a multi-tenant shared infrastructure but without requiring “paired” endpoints having synchronized data dictionaries. Data objects processed by the dedupe functionality are treated as objects that can be fetched as needed. As such, a decoding peer does not need to maintain a symmetric library for the origin. Rather, if the peer does not have the chunks in cache that it needs, it follows a conventional content delivery network procedure to retrieve them. In this way, if dictionaries between pairs of sending and receiving peers are out-of-sync, relevant sections are then re-synchronized on-demand. The approach does not require that libraries maintained at a particular pair of sender and receiving peers are the same. Rather, the technique enables a peer, in effect, to “backfill” its dictionary on-the-fly. On-the-wire compression techniques are provided to reduce the amount of data transmitted between the peers.

Abstract: Described herein are methods, apparatus and systems for selectively delivering content through one of two communication channels, one being origin to client and the other being from or through a CDN to client. Thus a client may choose to request content from a CDN and/or from an origin server. This disclosure sets forth techniques for, among other things, distinguishing between which channel to use for a given object, using the CDN-client channel to obtain the performance benefit of doing so, and reverting to the origin-client channel where content may be private, sensitive, corrupted, or otherwise considered to be unsuitable from delivery from and/or through the CDN.

Abstract: Stream-based data deduplication is provided in a multi-tenant shared infrastructure but without requiring “paired” endpoints having synchronized data dictionaries. Data objects processed by the dedupe functionality are treated as objects that can be fetched as needed. As such, a decoding peer does not need to maintain a symmetric library for the origin. Rather, if the peer does not have the chunks in cache that it needs, it follows a conventional content delivery network procedure to retrieve them. In this way, if dictionaries between pairs of sending and receiving peers are out-of-sync, relevant sections are then re-synchronized on-demand. The approach does not require that libraries maintained at a particular pair of sender and receiving peers are the same. Rather, the technique enables a peer, in effect, to “backfill” its dictionary on-the-fly. On-the-wire compression techniques are provided to reduce the amount of data transmitted between the peers.

Abstract: Methods and apparatus for preventing unauthorized access to online content, including in particular streaming video and other media, are provided. In various embodiments, techniques are provided to authorize users and to authenticate clients (e.g., client media players) to a content delivery system. The content delivery system may comprise a content delivery network with one or more content or “edge” servers therein. The requesting client is sent a program at the time of content delivery. The program may be embedded in the content stream, or sent outside of the stream. The program contains instructions that are executed by the client and cause it to return identifying information to the content delivery system, which can then determine whether the client player is recognized and, if so, authorized to view the content. Unrecognized and/or altered players may be prevented from viewing the content.

Abstract: Described herein are improved systems, methods, and devices for delivering and managing metadata in a distributed computing platform such as a content delivery network (CDN) so as to configure content servers to handle client requests. The teachings hereof provide, among other things, scalable and configurable solutions for delivering and managing metadata, preferably by leveraging dynamically obtained control information. For example, in one embodiment, a given content server may store metadata, e.g., in a configuration file, that references dynamic, late-bound control information for use in satisfying dependencies. This dynamic control information can be requested by the CDN content server, typically from a remote host, when needed to parse and execute the metadata.

Abstract: Described herein are improved systems, methods, and devices for delivering and managing metadata in a distributed computing platform such as a content delivery network (CDN) so as to configure content servers to handle client requests. The teachings hereof provide, among other things, scalable and configurable solutions for delivering and managing metadata, preferably by leveraging dynamically obtained control information. For example, in one embodiment, a given content server may store metadata, e.g., in a configuration file, that references dynamic, late-bound control information for use in satisfying dependencies. This dynamic control information can be requested by the CDN content server, typically from a remote host, when needed to parse and execute the metadata.

Abstract: Described herein are improved systems, methods, and devices for delivering and managing metadata in a distributed computing platform such as a content delivery network (CDN) so as to configure content servers to handle client requests. The teachings hereof provide, among other things, scalable and configurable solutions for delivering and managing metadata, preferably by leveraging dynamically obtained control information. For example, in one embodiment, a given content server may store metadata, e.g., in a configuration file, that references dynamic, late-bound control information for use in satisfying dependencies. This dynamic control information can be requested by the CDN content server, typically from a remote host, when needed to parse and execute the metadata.