Patents by Inventor Philip Lisiecki
Philip Lisiecki has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9634957Abstract: According to certain non-limiting embodiments disclosed herein, the functionality of a server is extended with a mechanism for identifying connections with clients that have exhibited attack characteristics (for example, characteristics indicating a DoS attack), and for transitioning internal ownership of those connections such that server resources consumed by the connection are reduced, while keeping the connection open. The connection thus moves from a state of relatively high resource use to a state of relatively low server resource use. According to certain non-limiting embodiments disclosed herein, the functionality of a server is extended by enabling the server to determine that any of a client and a connection exhibits one or more attack characteristics (e.g., based on at least one of client attributes, connection attributes, and client behavior during the connection, or otherwise). As a result of the determination, the server changes its treatment of the connection.Type: GrantFiled: August 31, 2016Date of Patent: April 25, 2017Assignee: Akamai Technologies, Inc.Inventors: John A. Dilley, Stephen L. Ludin, Sudhin Mishra, Erik Nygren, Philip Lisiecki, Karl-Eliv J. Hallin, Joshua Hunt
-
Publication number: 20170111464Abstract: Live stream delivery within a content delivery network (CDN) includes recording the stream using a recording tier, and playing the stream using a player tier. Recording begins when the stream is received in a source format. The stream is then converted into an intermediate format (IF), which comprises a stream manifest, one or more fragment indexes (FI), and a set of IF fragments. A player process begins when a requesting client is associated with a CDN HTTP proxy. In response to receipt at the proxy of a request for the stream, the HTTP proxy retrieves (either from the archive or the data store) the stream manifest and at least one fragment index. Using the fragment index, the IF fragments are retrieved to the HTTP proxy, converted to a target format, and then served in response to the client request. Preferably, fragments are accessed, cached and served by the proxy via HTTP.Type: ApplicationFiled: December 26, 2016Publication date: April 20, 2017Inventors: Christopher R. Knox, Philip A. Lisiecki, James Mutton, Chuck Bernard, Ashok Lalwani, William Law, Thomas Devanneaux
-
Publication number: 20170111334Abstract: An infrastructure delivery platform provides a RSA proxy service as an enhancement to the TLS/SSL protocol to off-load, from an edge server to an external cryptographic server, the decryption of an encrypted pre-master secret. The technique provides forward secrecy in the event that the edge server is compromised, preferably through the use of a cryptographically strong hash function that is implemented separately at both the edge server and the cryptographic server. To provide the forward secrecy for this particular leg, the edge server selects an ephemeral value, and applies a cryptographic hash the value to compute a server random value, which is then transmitted back to the requesting client. That server random value is later re-generated at the cryptographic server to enable the cryptographic server to compute a master secret. The forward secrecy is enabled by ensuring that the ephemeral value does not travel on the wire.Type: ApplicationFiled: December 26, 2016Publication date: April 20, 2017Inventors: Charles E. Gero, Philip A. Lisiecki
-
Patent number: 9537967Abstract: A method of delivering a live stream is implemented within a content delivery network (CDN) and includes the high level functions of recording the stream using a recording tier, and playing the stream using a player tier. The step of recording the stream includes a set of sub-steps that begins when the stream is received at a CDN entry point in a source format. The stream is then converted into an intermediate format (IF), which is an internal format for delivering the stream within the CDN and comprises a stream manifest, a set of one or more fragment indexes (FI), and a set of IF fragments. The player process begins when a requesting client is associated with a CDN HTTP proxy. In response to receipt at the HTTP proxy of a request for the stream or a portion thereof, the HTTP proxy retrieves (either from the archive or the data store) the stream manifest and at least one fragment index.Type: GrantFiled: August 17, 2010Date of Patent: January 3, 2017Assignee: Akamai Technologies, Inc.Inventors: Christopher R. Knox, Philip A. Lisiecki, James Mutton, Chuck Bernard, Ashok Lalwani, Will Law, Thomas Devanneaux
-
Patent number: 9531691Abstract: An infrastructure delivery platform provides a RSA proxy service as an enhancement to the TLS/SSL protocol to off-load, from an edge server to an external cryptographic server, the decryption of an encrypted pre-master secret. The technique provides forward secrecy in the event that the edge server is compromised, preferably through the use of a cryptographically strong hash function that is implemented separately at both the edge server and the cryptographic server. To provide the forward secrecy for this particular leg, the edge server selects an ephemeral value, and applies a cryptographic hash the value to compute a server random value, which is then transmitted back to the requesting client. That server random value is later re-generated at the cryptographic server to enable the cryptographic server to compute a master secret. The forward secrecy is enabled by ensuring that the ephemeral value does not travel on the wire.Type: GrantFiled: December 17, 2014Date of Patent: December 27, 2016Assignee: Akamai Technologies, Inc.Inventors: Charles E. Gero, Philip A. Lisiecki
-
Publication number: 20160373371Abstract: According to certain non-limiting embodiments disclosed herein, the functionality of a server is extended with a mechanism for identifying connections with clients that have exhibited attack characteristics (for example, characteristics indicating a DoS attack), and for transitioning internal ownership of those connections such that server resources consumed by the connection are reduced, while keeping the connection open. The connection thus moves from a state of relatively high resource use to a state of relatively low server resource use. According to certain non-limiting embodiments disclosed herein, the functionality of a server is extended by enabling the server to determine that any of a client and a connection exhibits one or more attack characteristics (e.g., based on at least one of client attributes, connection attributes, and client behavior during the connection, or otherwise). As a result of the determination, the server changes its treatment of the connection.Type: ApplicationFiled: August 31, 2016Publication date: December 22, 2016Applicant: Akamai Technologies, Inc.Inventors: John A. Dilley, Stephen L. Ludin, Sudhin Mishra, Erik Nygren, Philip Lisiecki, Karl-Eliv J. Hallin, Joshua Hunt
-
Patent number: 9525701Abstract: According to certain non-limiting embodiments disclosed herein, the functionality of a server is extended with a mechanism for identifying connections with clients that have exhibited attack characteristics (for example, characteristics indicating a DoS attack), and for transitioning internal ownership of those connections such that server resources consumed by the connection are reduced, while keeping the connection open. The connection thus moves from a state of relatively high resource use to a state of relatively low server resource use. According to certain non-limiting embodiments disclosed herein, the functionality of a server is extended by enabling the server to determine that any of a client and a connection exhibits one or more attack characteristics (e.g., based on at least one of client attributes, connection attributes, and client behavior during the connection, or otherwise). As a result of the determination, the server changes its treatment of the connection.Type: GrantFiled: October 22, 2014Date of Patent: December 20, 2016Assignee: AKAMAI TECHNOLOGIES, INC.Inventors: Sudhin Mishra, Stephen L. Ludin, Philip A. Lisiecki, Erik Nygren, John A. Dilley, Karl-Eliv J. Hallin, Joshua Hunt
-
Patent number: 9467469Abstract: According to certain non-limiting embodiments disclosed herein, the functionality of a server is extended with a mechanism for identifying connections with clients that have exhibited attack characteristics (for example, characteristics indicating a DoS attack), and for transitioning internal ownership of those connections such that server resources consumed by the connection are reduced, while keeping the connection open. The connection thus moves from a state of relatively high resource use to a state of relatively low server resource use. According to certain non-limiting embodiments disclosed herein, the functionality of a server is extended by enabling the server to determine that any of a client and a connection exhibits one or more attack characteristics (e.g., based on at least one of client attributes, connection attributes, and client behavior during the connection, or otherwise). As a result of the determination, the server changes its treatment of the connection.Type: GrantFiled: October 22, 2014Date of Patent: October 11, 2016Assignee: AKAMAI TECHNOLOGIES, INC.Inventors: Sudhin Mishra, Stephen L. Ludin, Philip A. Lisiecki, Erik Nygren, John A. Dilley, Karl-Eliv J. Hallin, Joshua Hunt
-
Publication number: 20160036765Abstract: To serve content through a content delivery network (CDN), the CDN must have some information about the identity, characteristics and state of its target objects. Such additional information is provided in the form of object metadata, which according to the invention can be located in the request string itself, in the response headers from the origin server, in a metadata configuration file distributed to CDN servers, or in a per-customer metadata configuration file. CDN content servers execute a request identification and parsing process to locate object metadata and to handle the request in accordance therewith. Where different types of metadata exist for a particular object, metadata in a configuration file is overridden by metadata in a response header or request string, with metadata in the request string taking precedence.Type: ApplicationFiled: October 12, 2015Publication date: February 4, 2016Inventors: Joel M. Wein, John Josef Kloninger, Mark C. Nottingham, David R. Karger, Philip A. Lisiecki
-
Patent number: 9160704Abstract: To serve content through a content delivery network (CDN), the CDN must have some information about the identity, characteristics and state of its target objects. Such additional information is provided in the form of object metadata, which according to the invention can be located in the request string itself, in the response headers from the origin server, in a metadata configuration file distributed to CDN servers, or in a per-customer metadata configuration file. CDN content servers execute a request identification and parsing process to locate object metadata and to handle the request in accordance therewith. Where different types of metadata exist for a particular object, metadata in a configuration file is overridden by metadata in a response header or request string, with metadata in the request string taking precedence.Type: GrantFiled: July 8, 2013Date of Patent: October 13, 2015Assignee: Akamai Technologies, Inc.Inventors: Joel M. Wein, John Josef Kloninger, Mark C. Nottingham, David R. Karger, Philip A. Lisiecki
-
Publication number: 20150278324Abstract: A data storage system with quorum-based commits sometimes experiences replica failure, due to unavailability of a replica-hosting node, for example. In embodiments described herein, such failed replicas can be quarantined rather than deleted, and subsequently such quarantines can be recovered. The teachings hereof provide data storage with improved fault-tolerance, resiliency, and data availability.Type: ApplicationFiled: November 17, 2014Publication date: October 1, 2015Applicant: AKAMAI TECHNOLOGIES, INC.Inventors: Kai C Wong, Philip A Lisiecki, Sung Chiu
-
Publication number: 20150249854Abstract: A method of delivering a live stream includes recording the stream using a recording tier, and playing the stream using a player tier. The step of recording the stream includes sub-steps that begin when the stream is received in a source format. The stream is then converted into an intermediate format (IF), which is an internal format for delivering the stream within an overlay network. The player process begins when a requesting client is associated with a network proxy. In response to receipt at the proxy of a request for the stream or a portion thereof, the proxy retrieves (either from the archive or the data store) a stream manifest and at least one fragment index. Using the fragment index, the intermediate format file fragments are retrieved to the proxy, converted to a target format, and then served in response to the client request.Type: ApplicationFiled: May 18, 2015Publication date: September 3, 2015Inventors: Christopher R. Knox, Philip A. Lisiecki, James Mutton, Chuck Bernard, Ashok J. Lalwani
-
Patent number: 9038116Abstract: A method of delivering a live stream is implemented within a content delivery network (CDN) and includes the high level functions of recording the stream using a recording tier, and playing the stream using a player tier. The step of recording the stream includes a set of sub-steps that begins when the stream is received at a CDN entry point in a source format. The stream is then converted into an intermediate format (IF), which is an internal format for delivering the stream within the CDN and comprises a stream manifest, a set of one or more fragment indexes (FI), and a set of IF fragments. The player process begins when a requesting client is associated with a CDN HTTP proxy. In response to receipt at the HTTP proxy of a request for the stream or a portion thereof, the HTTP proxy retrieves (either from the archive or the data store) the stream manifest and at least one fragment index.Type: GrantFiled: December 24, 2010Date of Patent: May 19, 2015Assignee: Akamai Technologies, Inc.Inventors: Christopher R. Knox, Philip A. Lisiecki, James Mutton, Chuck Bernard, Ashok Jaiprakash Lalwani
-
Publication number: 20150106624Abstract: An infrastructure delivery platform provides a RSA proxy service as an enhancement to the TLS/SSL protocol to off-load, from an edge server to an external cryptographic server, the decryption of an encrypted pre-master secret. The technique provides forward secrecy in the event that the edge server is compromised, preferably through the use of a cryptographically strong hash function that is implemented separately at both the edge server and the cryptographic server. To provide the forward secrecy for this particular leg, the edge server selects an ephemeral value, and applies a cryptographic hash the value to compute a server random value, which is then transmitted back to the requesting client. That server random value is later re-generated at the cryptographic server to enable the cryptographic server to compute a master secret. The forward secrecy is enabled by ensuring that the ephemeral value does not travel on the wire.Type: ApplicationFiled: December 17, 2014Publication date: April 16, 2015Inventors: Charles E. Gero, Philip A. Lisiecki
-
Patent number: 9009267Abstract: A content file purge mechanism for a content delivery network (CDN) is described. A Web-enabled portal is used by CDN customers to enter purge requests securely. A purge request identifies one or more content files to be purged. The purge request is pushed over a secure link from the portal to a purge server, which validates purge requests from multiple CDN customers and batches the requests into an aggregate purge request. The aggregate purge request is pushed from the purge server to a set of staging servers. Periodically, CDN content servers poll the staging servers to determine whether an aggregate purge request exists. If so, the CDN content servers obtain the aggregate purge request and process the request to remove the identified content files from their local storage.Type: GrantFiled: September 10, 2012Date of Patent: April 14, 2015Assignee: Akamai Technologies, Inc.Inventors: Alexander Sherman, Philip A. Lisiecki, Joel M. Wein, Don A. Dailey, John A. Dilley, William E. Weihl
-
Patent number: 9009270Abstract: A method for content storage on behalf of participating content providers begins by having a given content provider identify content for storage. The content provider then uploads the content to a given storage site selected from a set of storage sites. Following upload, the content is replicated from the given storage site to at least one other storage site in the set. Upon request from a given entity, a given storage site from which the given entity may retrieve the content is then identified. The content is then downloaded from the identified given storage site to the given entity. In an illustrative embodiment, the given entity is an edge server of a content delivery network (CDN).Type: GrantFiled: May 20, 2013Date of Patent: April 14, 2015Assignee: Akamai Technologies, Inc.Inventors: Philip A. Lisiecki, Cosmos Nicolaou, Kyle R. Rose
-
Publication number: 20150040221Abstract: According to certain non-limiting embodiments disclosed herein, the functionality of a server is extended with a mechanism for identifying connections with clients that have exhibited attack characteristics (for example, characteristics indicating a DoS attack), and for transitioning internal ownership of those connections such that server resources consumed by the connection are reduced, while keeping the connection open. The connection thus moves from a state of relatively high resource use to a state of relatively low server resource use. According to certain non-limiting embodiments disclosed herein, the functionality of a server is extended by enabling the server to determine that any of a client and a connection exhibits one or more attack characteristics (e.g., based on at least one of client attributes, connection attributes, and client behavior during the connection, or otherwise). As a result of the determination, the server changes its treatment of the connection.Type: ApplicationFiled: October 22, 2014Publication date: February 5, 2015Applicant: AKAMAI TECHNOLOGIES, INC.Inventors: Sudhin Mishra, Stephen L. Ludin, Philip A. Lisiecki, Erik Nygren, John A. Dilley, Karl-Eliv J. Hallin, Joshua Hunt
-
Patent number: 8875287Abstract: According to certain non-limiting embodiments disclosed herein, the functionality of a server is extended with a mechanism for identifying connections with clients that have exhibited attack characteristics (for example, characteristics indicating a DoS attack), and for transitioning internal ownership of those connections such that server resources consumed by the connection are reduced, while keeping the connection open. The connection thus moves from a state of relatively high resource use to a state of relatively low server resource use, and the server is able to free resources such as memory and processing cycles previously allocated to the connection. In some cases, the server maintains the connection for at least some time and uses it to keep the client occupied so that it cannot launch—or has fewer resources to launch—further attacks, and possibly to gather information about the attacking client.Type: GrantFiled: March 15, 2013Date of Patent: October 28, 2014Assignee: Akamai Technologies, Inc.Inventors: Stephen L. Ludin, Sudhin Mishra, Philip A. Lisiecki, Erik Nygren, John A. Dilley, Karl-Eliv J. Hallin, Joshua Hunt
-
Publication number: 20140101758Abstract: According to certain non-limiting embodiments disclosed herein, the functionality of a server is extended with a mechanism for identifying connections with clients that have exhibited attack characteristics (for example, characteristics indicating a DoS attack), and for transitioning internal ownership of those connections such that server resources consumed by the connection are reduced, while keeping the connection open. The connection thus moves from a state of relatively high resource use to a state of relatively low server resource use, and the server is able to free resources such as memory and processing cycles previously allocated to the connection. In some cases, the server maintains the connection for at least some time and uses it to keep the client occupied so that it cannot launch—or has fewer resources to launch—further attacks, and possibly to gather information about the attacking client.Type: ApplicationFiled: March 15, 2013Publication date: April 10, 2014Applicant: AKAMAI TECHNOLOGIES INC.Inventors: Stephen L. Ludin, Sudhin Mishra, Philip A. Lisiecki, Erik Nygren, John A. Dilley, Karl-Eliv J. Hallin, Joshua Hunt
-
Publication number: 20130297735Abstract: To serve content through a content delivery network (CDN), the CDN must have some information about the identity, characteristics and state of its target objects. Such additional information is provided in the form of object metadata, which according to the invention can be located in the request string itself, in the response headers from the origin server, in a metadata configuration file distributed to CDN servers, or in a per-customer metadata configuration file. CDN content servers execute a request identification and parsing process to locate object metadata and to handle the request in accordance therewith. Where different types of metadata exist for a particular object, metadata in a configuration file is overridden by metadata in a response header or request string, with metadata in the request string taking precedence.Type: ApplicationFiled: July 8, 2013Publication date: November 7, 2013Inventors: Joel M. Wein, John Josef Kloninger, Mark C. Nottingham, David R. Karger, Philip A. Lisiecki