Patents Assigned to Akamai Technologies, Inc.
  • Publication number: 20230155998
    Abstract: A multi-factor authentication scheme uses an MFA authentication service and a browser extensionless phish-proof method to facilitate an MFA workflow. Phish-proof MFA verifies that the browser the user is in front of is actually visiting the authentic (real) site and not a phished site. This achieved by only allowing MFA to be initiated from a user trusted browser by verifying its authenticity through a signing operation using a key only it possesses, and then also verifying that the verified browser is visiting the authentic site. In a preferred embodiment, this latter check is carried out using an iframe postMessage owning domain check. In a variant embodiment, the browser is verified to be visiting the authentic site through an origin header check. By using the iframe-based or ORIGIN header-based check, the solution does not require a physical security key (such as a USB authenticator) or any browser extension or plug-in.
    Type: Application
    Filed: November 17, 2021
    Publication date: May 18, 2023
    Applicant: Akamai Technologies, Inc.
    Inventor: Charles E. Gero
  • Publication number: 20230146439
    Abstract: A set of transaction handling computing elements comprise a network core that receive and process transaction requests into an append-only immutable chain of data blocks, wherein a data block is a collection of transactions, and wherein an Unspent Transaction Output (UTXO) data structure supporting the immutable chain of data blocks is an output from a finalized transaction. Typically, the UTXO data structure consists essentially of an address and a value. In this approach, at least one UTXO data structure is configured to include information either in addition to or in lieu of the address and value, thereby defining a Transaction Output (TXO). A TXO may have a variety of types, and one type includes an attribute that encodes data. In response to receipt of a request to process a transaction, the set of transaction handling computing elements are executed to process the transaction into a block using at least the information in the TXO.
    Type: Application
    Filed: January 3, 2023
    Publication date: May 11, 2023
    Applicant: Akamai Technologies, Inc.
    Inventors: William R. Sears, Leen K. Al Shenibr, David C. Carver
  • Publication number: 20230133809
    Abstract: A method of traffic forwarding and disambiguation through the use of local proxies and addresses. The technique leverages DNS to on-ramp traffic to a local proxy. The local proxy runs on the end user's device. According to a first embodiment, DNS is used to remap what would normally be a wide range of IP addresses to localhost based on 127.0.0.0/8 listening sockets, where the system can then listen for connections and data. In a second embodiment, a localhost proxy based on a TUN/TAP interface (or other packet interception method) with a user-defined CIDR range to which the local DNS server drives traffic is used. Requests on that local proxy are annotated (by adding data to the upstream connection).
    Type: Application
    Filed: January 3, 2023
    Publication date: May 4, 2023
    Applicant: Akamai Technologies, Inc.
    Inventors: Seetharama Sarma Ayyadevara, Charles E. Gero, Stephan Benny, Pravin Tatti, Manoj Kumar, Seemant Choudhary, Robert Lauro Quiros, Priyatham Phani Srinath Adigopula, Poornima Venkatesha, Sr., Sumeet Gupta
  • Patent number: 11641337
    Abstract: This document relates to a CDN balancing mitigation system. An implementing CDN can deploy systems and techniques to monitor the domains of content provider customers with an active DNS scanner and detect which are using other CDNs on the same domain. This information can be used as an input signal for identifying and implementing adjustments to CDN configuration. Both automated and semi-automated adjustments are possible. The system can issue configuration adjustments or recommendations to the implementing CDN's servers or to its personnel. These might include “above-SLA” treatments intended to divert traffic to the implementing CDN. The effectiveness can be measured with the multi-CDN balance subsequently observed. The scanning and adjustment workflow can be permanent, temporary, or cycled. Treatments may include a variety of things, such as more cache storage, routing to less loaded servers, and so forth.
    Type: Grant
    Filed: January 18, 2022
    Date of Patent: May 2, 2023
    Assignee: Akamai Technologies, Inc.
    Inventors: Martin T. Flack, Utkarsh Goel
  • Patent number: 11637894
    Abstract: A plurality of WiFi-enabled devices that are physically proximate to one another form an ad hoc mesh network, which is associated with an overlay network, such as a content delivery network. A typical WiFi device is a WiFi router that comprises addressable data storage, together with control software operative to configure the device seamlessly into the WiFi mesh network formed by the device and one or more physically-proximate devices. The addressable data storage across multiple such devices comprises a distributed or “mesh-assisted” cache that is managed by the overly network. The WiFi mesh network thus provides bandwidth that is leveraged by the overlay network to provide distribution of content, e.g., content that has been off-loaded for delivery (by content providers) to the CDN. Other devices that may be leveraged include set-top boxes and IPTV devices.
    Type: Grant
    Filed: September 22, 2020
    Date of Patent: April 25, 2023
    Assignee: Akamai Technologies, Inc.
    Inventor: William R. Law
  • Patent number: 11632356
    Abstract: Among other things, this document describes systems, methods and devices for providing a cloud proxy auto-config (PAC) function for clients connected to a private network, such as an enterprise network. The teachings hereof are of particular use with cloud hosted proxy services provided by server deployments outside of the private network (e.g., external to the enterprise or other organizational network). This document also describes systems, methods and devices for providing a proxy auto-config (PAC) function for clients connected to a third party network, such as when the client moves outside of the enterprise network.
    Type: Grant
    Filed: March 19, 2021
    Date of Patent: April 18, 2023
    Assignee: Akamai Technologies, Inc.
    Inventors: Eugene (John) Neystadt, John Devasia, Christopher Dewar, Eyal Heiman
  • Patent number: 11627630
    Abstract: The technique herein optimizes delivery performance from a content delivery network (CDN) edge node, preferably by using knowledge of radio link allocation behavior. According to the technique herein, an IP address of a cellular end user (or equivalent) is recognized by the CDN edge. Then, preferably by tracking idle times both in consecutive downloading bursts in the end user session and in an on/off style radio link allocation pattern, the CDN edge adjusts transport layer network protocol parameters. The approach (which leverages the cross-layer intelligence obtainable from existing CDN infrastructure) thus enables the transport layer protocol implemented at the edge to optimize the delivery performance over the cellular mobile network.
    Type: Grant
    Filed: April 7, 2020
    Date of Patent: April 11, 2023
    Assignee: Akamai Technologies, Inc.
    Inventor: Byung K. Choi
  • Publication number: 20230108907
    Abstract: This document describes techniques for rotating keys used to tokenize data stored in a streaming data store where data is stored for a maximum time [W]. In some embodiments, a data layer of such a data store can encrypt arriving original data values twice. The original data value is first encrypted with a first key, producing a first token. The original data value is encrypted with a second key, producing a second token. Each encrypted token can be stored separately in the data store. A field may be associated with two database columns, one holding the value encrypted with the first key and the second holding the value encrypted with the second key. Keys are rotated after time [K], which is at least equal to and preferably longer than [W]. Rotation can involve discarding the older key and generating a new key so that two keys are still used.
    Type: Application
    Filed: June 23, 2022
    Publication date: April 6, 2023
    Applicant: Akamai Technologies Inc.
    Inventors: Eugene (John) Neystadt, Jonathan Herzog, Ittay Dror, Elisha Ben-Zvi
  • Patent number: 11622001
    Abstract: A high-performance distributed ledger and transaction computing network fabric over which large numbers of transactions (involving the transformation, conversion or transfer of information or value) are processed concurrently in a scalable, reliable, secure and efficient manner. In one embodiment, the computing network fabric or “core” is configured to support a distributed blockchain network that organizes data in a manner that allows communication, processing and storage of blocks of the chain to be performed concurrently, with little synchronization, at very high performance and low latency, even when the transactions themselves originate from distant sources. This data organization relies on segmenting a transaction space within autonomous but cooperating computing nodes that are configured as a processing mesh. According to an aspect of this disclosure, the CDN edge network is then used to deliver receipts associated with transactions that are processed into the blockchain.
    Type: Grant
    Filed: October 25, 2021
    Date of Patent: April 4, 2023
    Assignee: Akamai Technologies, Inc.
    Inventors: David C. Carver, Andrew F. Champagne
  • Publication number: 20230098185
    Abstract: A set of transaction handling computing elements comprise a network core that receive and process transaction requests into an append-only immutable chain of data blocks, wherein a data block is a collection of transactions, and wherein an Unspent Transaction Output (UTXO) data structure supporting the immutable chain of data blocks is an output from a finalized transaction. Typically, the UTXO data structure consists essentially of an address and a value. In this approach, at least one UTXO data structure is configured to include information either in addition to or in lieu of the address and value, thereby defining a Transaction Output (TXO). A TXO may have a variety of types, and one type includes an attribute that encodes data. In response to receipt of a request to process a transaction, the set of transaction handling computing elements are executed to process the transaction into a block using at least the information in the TXO.
    Type: Application
    Filed: December 6, 2022
    Publication date: March 30, 2023
    Applicant: Akamai Technologies, Inc.
    Inventors: David C. Carver, Leen Al Shenibr, William R. Sears, Vladimir Shtokman
  • Publication number: 20230102181
    Abstract: A high-performance distributed ledger and transaction computing network fabric over which large numbers of transactions are processed concurrently in a scalable, reliable, secure and efficient manner. In one embodiment, the computing network fabric or “core” is configured to support a distributed blockchain network that organizes data in a manner that allows communication, processing and storage of blocks of the chain to be performed concurrently, with little synchronization, at very high performance and low latency, even when the transactions themselves originate from distant sources. This data organization relies on segmenting a transaction space within autonomous but cooperating computing nodes that are configured as a processing mesh. Secure transaction processing is facilitated by storing cryptographic key materials in secure and trusted computing environments associated with the computing nodes to facilitate construction mining proofs during the validation of a block.
    Type: Application
    Filed: December 6, 2022
    Publication date: March 30, 2023
    Applicant: Akamai Technologies, Inc.
    Inventors: David C. Carver, Samuel Erb
  • Patent number: 11610011
    Abstract: It is often necessary to securely transfer data, such as authenticators or authorization tokens, between programs running on the same end-user device. The teachings hereof enable the pairing of two programs executing on a given end-user device and then the transfer of data from one program to the other. In an embodiment, a first program connects to a server and sends encrypted data elements. A second program intercepts the connection and/or the encrypted data elements. The second program tunnels the encrypted data elements (which remain opaque to the second program at this point) to a server, using an encapsulating protocol. This enables the server to receive the data elements sent by the first program, decrypt them, and provide them to the second program via return message using control fields of the encapsulating protocol. Once set up, the tunneling arrangement enables bidirectional data transfer.
    Type: Grant
    Filed: January 29, 2021
    Date of Patent: March 21, 2023
    Assignee: Akamai Technologies, Inc.
    Inventors: David Tang, Charles E. Gero, Cameron Ross
  • Publication number: 20230079178
    Abstract: This patent document describes technology for providing real-time messaging and entity update services in a distributed proxy server network, such as a CDN. Uses include distributing real-time notifications about updates to data stored in and delivered by the network, with both high efficiency and locality of latency. The technology can be integrated into conventional caching proxy servers providing HTTP services, thereby leveraging their existing footprint in the Internet, their existing overlay network topologies and architectures, and their integration with existing traffic management components.
    Type: Application
    Filed: May 20, 2022
    Publication date: March 16, 2023
    Applicant: Akamai Technologies, Inc.
    Inventors: Matthew J. Stevens, Michael G. Merideth, Nil Alexandrov, Andrew F. Champagne, Brendan Coyle, Timothy Glynn, Mark A. Roman, Xin Xu
  • Patent number: 11606190
    Abstract: A high-performance distributed ledger and transaction computing network fabric over which large numbers of transactions (involving the transformation, conversion or transfer of information or value) are processed concurrently in a scalable, reliable, secure and efficient manner. In one embodiment, the computing network fabric or “core” is configured to support a distributed blockchain network that organizes data in a manner that allows communication, processing and storage of blocks of the chain to be performed concurrently, with little synchronization, at very high performance and low latency, even when the transactions themselves originate from distant sources. This data organization relies on segmenting a transaction space within autonomous but cooperating computing nodes that are configured as a processing mesh. Each computing node typically is functionally-equivalent to all other nodes in the core.
    Type: Grant
    Filed: August 30, 2018
    Date of Patent: March 14, 2023
    Assignee: Akamai Technologies, Inc.
    Inventors: David C. Carver, Andrew F. Champagne, Ramanath Mallikarjuna, Thomas Houman
  • Publication number: 20230073074
    Abstract: This disclosure provides embedding a messaging channel directly into a media stream, where messages delivered via the embedded messaging channel are the extracted at a client media player. An advantage of embedding a message is that it can be done in a single ingest point and then passes transparently through a CDN architecture, effectively achieving message replication using the native CDN media delivery infrastructure.
    Type: Application
    Filed: November 14, 2022
    Publication date: March 9, 2023
    Applicant: Akamai Technologies, Inc.
    Inventor: Michael Archer
  • Patent number: 11588885
    Abstract: Among other things, this document describes systems, methods and devices for performance testing and dynamic placement of computing tasks in a distributed computing environment. In embodiments, a given client request is forwarded up a hierarchy of nodes, or across tiers in the hierarchy. A particular computing node in the system self-determines to perform a computing task to generate (or help generate) particular content for a response to the client. The computing node injects its identifier into the response indicating that it performed those tasks; the identifier is transmitted to the client with particular content. The client runs code that assesses the performance of the system from the client's perspective, e.g., in servicing the request, and beacons this performance data, along with the aforementioned identifier, to a system intelligence component. The performance information may be used to dynamically place and improve the placement of the computing task(s).
    Type: Grant
    Filed: April 11, 2022
    Date of Patent: February 21, 2023
    Assignee: Akamai Technologies, Inc.
    Inventor: Byung K. Choi
  • Patent number: 11588648
    Abstract: A service consumer that utilizes a cloud-based access service provided by a service provider has associated therewith a network that is not capable of being controlled by the service provider. An enterprise connector is supported in this uncontrolled network, preferably as an appliance-based solution. According to this disclosure, the enterprise configures an appliance and then deploys it in the uncontrolled network. To this end, an appliance is required to proceed through a multi-stage approval protocol before it is accepted as a “connector” and is thus enabled for secure communication with the service provider. The multiple stages include a “first contact” (back to the service) stage, an undergoing approval stage, a re-generating identity material stage, and a final approved and configured stage. Unless the appliance passes through these stages, the appliance is not permitted to interact with the service as a connector.
    Type: Grant
    Filed: March 23, 2021
    Date of Patent: February 21, 2023
    Assignee: Akamai Technologies, Inc.
    Inventors: Rupinder Singh Gill, Shravan Kumar Mettu, Seetharama Sarma Ayyadevara
  • Patent number: 11588851
    Abstract: This disclosure describes a technique to determine whether a client computing device accessing an API is masquerading its device type (i.e., pretending to be a device that it is not). To this end, and according to this disclosure, the client performs certain processing requested by the server to reveal its actual processing capabilities and thereby its true device type, whereupon—once the server learns the true nature of the client device—it can take appropriate actions to mitigate or prevent further damage. To this end, during the API transaction the server returns information to the client device that causes the client device to perform certain computations or actions. The resulting activity is captured on the client computing and then transmitted back to the server, which then analyzes the data to inform its decision about the true client device type.
    Type: Grant
    Filed: July 14, 2020
    Date of Patent: February 21, 2023
    Assignee: Akamai Technologies, Inc.
    Inventor: Sreenath Kurupati
  • Publication number: 20230053164
    Abstract: Edge server compute capacity demand in an overlay network is predicted and used to pre-position compute capacity in advance of application-specific demands. Preferably, machine learning is used to proactively predict anticipated compute capacity needs for an edge server region (e.g., a set of co-located edge servers). In advance, compute capacity (application instances) are made available in-region, and data associated with an application instance is migrated to be close to the instance. The approach facilitates compute-at-the-edge services, which require data (state) to be close to a pre-positioned latency-sensitive application instance. Overlay network mapping (globally) may be used for more long-term positioning, with short-duration scheduling then being done in-region as needed. Compute instances and associated state are migrated intelligently based on predicted (e.g., machine-learned) demand, and with full data consistency enforced.
    Type: Application
    Filed: November 1, 2022
    Publication date: February 16, 2023
    Applicant: Akamai Technologies, Inc.
    Inventors: Vinay Kanitkar, Robert B. Bird, Aniruddha Bohra, Michael Merideth
  • Publication number: 20230048746
    Abstract: A server in a content delivery network (CDN) can examine API traffic and extract therefrom content that can be optimized before it is served to a client. The server can apply content location instructions to a given API message to find such content therein. Upon finding an instance of such content, the server can verify the identity of the content by applying a set of content verification instructions. If verification succeeds, the server can retrieve an optimized version of the identified content and swap it into the API message for the original version. If an optimized version is not available, the server can initiate an optimization process so that next time the optimized version will be available. In some embodiments, an analysis service can assist by observing traffic from an API endpoint over time, detecting the format of API messages and producing the content location and verification instructions.
    Type: Application
    Filed: June 17, 2022
    Publication date: February 16, 2023
    Applicant: Akamai Technologies, Inc.
    Inventors: Utkarsh Goel, Martin T. Flack