Applying policies based on unique content identifiers
First Claim
Patent Images
1. A network device, comprising:
- a non-transitory memory device storing a plurality of processor-executable instructions; and
a processor configured to execute the processor-executable instructions, wherein executing the processor-executable instructions causes the network device to;
receive a packet destined for a requesting user device, the packet corresponding to a particular content item provided by a content provider, out of a plurality of content items offered by the content provider,wherein each content item, of the plurality of content items, is associated with a unique identifier,wherein the packet includes;
encrypted data that corresponds to a portion of the particular content item, anda tag, in a header of the packet, that was applied by the content provider, the tag including a value that is mapped to;
an identity of the requesting user device, andan identity of the particular content item,wherein the value includes a hash value that was generated using a cryptographic hash function,wherein the value is different from another value that is mapped to an identity of the same particular content item and an identity of another user device,the tag having been applied by the content provider based on a determination by the content provider that the packet includes the encrypted data that corresponds to the particular content item;
determine whether deep packet inspection (“
DPI”
) can be used to inspect contents of the packet;
based on determining whether DPI can be used to inspect the contents of the packet, determine that DPI cannot be used to inspect the encrypted data of the packet;
based on determining that DPI cannot be used to inspect the encrypted data of the packet;
determine a time of day associated with a request for the particular content item by the requesting user device;
determine that the header of the packet includes the tag that was applied by the content provider, the tag including the value that is mapped to;
the identity of the requesting user device, andthe identity of the particular content item;
determine a policy, that indicates parameters indicating how the packet should be transmitted to the requesting user device, the policy being determined based on;
decrypting the hash value to determine the identity of the requesting user device and the identity of the particular content item, as indicated by the hash value included in the tag, andthe time of day associated with the request for the particular content item; and
output the packet towards the requesting user device in accordance with the policy determined based on the value included in contents of the packet or based on the tag.
1 Assignment
0 Petitions
Accused Products
Abstract
A first server device may receive, from a second server device, a unique identifier (ID) relates to content stored by the second server device; determine a policy based on the unique ID; generate a policy tag identifying the determined policy; and output the policy tag to the second server device. Outputting the policy tag may cause the second server device to apply the policy tag to a packet associated with the content, and output the packet towards a requesting user device that requests the content.
16 Citations
20 Claims
-
1. A network device, comprising:
-
a non-transitory memory device storing a plurality of processor-executable instructions; and a processor configured to execute the processor-executable instructions, wherein executing the processor-executable instructions causes the network device to; receive a packet destined for a requesting user device, the packet corresponding to a particular content item provided by a content provider, out of a plurality of content items offered by the content provider, wherein each content item, of the plurality of content items, is associated with a unique identifier, wherein the packet includes; encrypted data that corresponds to a portion of the particular content item, and a tag, in a header of the packet, that was applied by the content provider, the tag including a value that is mapped to; an identity of the requesting user device, and an identity of the particular content item, wherein the value includes a hash value that was generated using a cryptographic hash function, wherein the value is different from another value that is mapped to an identity of the same particular content item and an identity of another user device, the tag having been applied by the content provider based on a determination by the content provider that the packet includes the encrypted data that corresponds to the particular content item; determine whether deep packet inspection (“
DPI”
) can be used to inspect contents of the packet;based on determining whether DPI can be used to inspect the contents of the packet, determine that DPI cannot be used to inspect the encrypted data of the packet; based on determining that DPI cannot be used to inspect the encrypted data of the packet; determine a time of day associated with a request for the particular content item by the requesting user device; determine that the header of the packet includes the tag that was applied by the content provider, the tag including the value that is mapped to; the identity of the requesting user device, and the identity of the particular content item; determine a policy, that indicates parameters indicating how the packet should be transmitted to the requesting user device, the policy being determined based on; decrypting the hash value to determine the identity of the requesting user device and the identity of the particular content item, as indicated by the hash value included in the tag, and the time of day associated with the request for the particular content item; and output the packet towards the requesting user device in accordance with the policy determined based on the value included in contents of the packet or based on the tag. - View Dependent Claims (2, 13, 14, 17)
-
-
3. A device, comprising:
-
a non-transitory memory device storing a plurality of processor-executable instructions; and a processor configured to execute the processor-executable instructions, wherein executing the processor-executable instructions causes the device to; receive, from a content provider, a unique identifier (ID), the unique ID being associated with; a particular content item stored by the content provider, the particular content item being one of a plurality of content items stored by the content provider, and an identity of a user device that requested the content from the content provider; determine a time of day associated with the request for content by the user device; determine a policy, indicating how the content should be transmitted to the user device, based on; the unique ID that is associated with the particular content item, the time of day associated with the request for content, and the user device that requested the content; generate a hash value by applying a cryptographic hash function to a value that is associated with the policy that was determined based on the unique ID and the user device; generate a policy tag identifying the determined policy, the policy tag including the hash value that is based on the unique ID that is associated with the particular content item and the user device that requested the content; and output the policy tag to the content provider, wherein outputting the policy tag causes the content provider to; determine that a packet, that includes a portion of the requested content includes the portion of the requested content as encrypted data; apply, based on determining that the packet includes the encrypted data, the policy tag, including the hash value that is based on the unique ID, to a header of the packet, and output the packet towards the user device that requested the content. - View Dependent Claims (4, 5, 6, 7, 18, 19, 20)
-
-
8. A system, comprising:
-
a content provider device configured to; store, in a non-transitory memory device associated with the content provider device, a plurality of content items; store, in the non-transitory memory device associated with the content provider device, a plurality of unique identifiers that each correspond to a different content item stored by the content provider, wherein a particular one of the unique identifiers corresponds to; a particular content item, of the plurality of content items, and a particular user device; receive, from the particular user device, a request for content, the request specifying the particular content item; determine a time of day associated with the request for content; identify the particular content item and the particular user device, as indicated by the particular unique identifier associated with the particular content item and the particular user device; generate a hash value by applying a cryptographic hash function to the unique identifier; generate one or more packets that each include a portion of the particular content item as encrypted data; determine, based on the one or more packets including encrypted data, that a tag should be applied to the one or more packets; apply the tag to a header of the one or more packets that are associated with the particular content item, wherein the tag includes the generated hash value, and wherein the hash value of the tag is further associated with a policy relating to how the one or more packets should be transmitted to the particular user device; and output the one or more packets toward the particular user device; and one or more network devices configured to; receive the one or more packets; attempt to perform deep packet inspection (“
DPI”
) to inspect the one or more packets;determine, based on the attempting, that DPI cannot be used to inspect the one or more packets due to the one or more packets including encrypted data; identify, based on determining that DPI cannot be used to inspect the one or more packets, the tag that was applied by the content provider; decrypt the hash value included in the tag to obtain a decrypted value; identify the policy based on; the decrypted value obtained from the tag, and the time of day associated with the request for content; and forward the one or more packets toward the user device according to the identified policy. - View Dependent Claims (9, 10, 11, 12, 15, 16)
-
Specification