CDN-based access control method and related device

US 10,693,858 B2
Filed: 11/28/2017
Issued: 06/23/2020
Est. Priority Date: 07/31/2015
Status: Active Grant

First Claim

Patent Images

1. A content delivery network (CDN) based (CDN based) access control method, comprising:

receiving, by a CDN server, a hypertext transfer protocol (HTTP) request from a user terminal and identification information of the user terminal, wherein the HTTP request comprises an access ticket identifying a user access permission;

sending, by the CDN server, the identification information of the user terminal and the HTTP request to a service server;

receiving, by the CDN server from the service server, an HTTP response comprising a content fingerprint when an authentication result indicates that the access ticket is valid, wherein the content fingerprint identifies a content resource and is not passed through the user terminal;

storing, by the CDN server, the content fingerprint;

obtaining, by the CDN server, the content resource according to the content fingerprint; and

sending, by the CDN server, the content resource to the user terminal.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A content delivery network based (CDN-based) access control method, includes receiving, by a CDN server, a hypertext transfer protocol (HTTP) request from a user terminal and identification information of the user terminal, where the HTTP request includes an access ticket, sending the identification information of the user terminal and the HTTP request to a service server, receiving an HTTP response including a content fingerprint when an authentication result indicating that the access ticket is valid, obtaining the content resource according to the content fingerprint, and sending the content resource to the user terminal.

Citations

20 Claims

1. A content delivery network (CDN) based (CDN based) access control method, comprising:
- receiving, by a CDN server, a hypertext transfer protocol (HTTP) request from a user terminal and identification information of the user terminal, wherein the HTTP request comprises an access ticket identifying a user access permission;
  
  sending, by the CDN server, the identification information of the user terminal and the HTTP request to a service server;
  
  receiving, by the CDN server from the service server, an HTTP response comprising a content fingerprint when an authentication result indicates that the access ticket is valid, wherein the content fingerprint identifies a content resource and is not passed through the user terminal;
  
  storing, by the CDN server, the content fingerprint;
  
  obtaining, by the CDN server, the content resource according to the content fingerprint; and
  
  sending, by the CDN server, the content resource to the user terminal.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method according to claim 1, wherein before receiving the HTTP request and the identification information, the method further comprises:
    - receiving, by the CDN server, the content fingerprint and the content resource from the service server;
      
      checking, by the CDN server, whether the CDN server has stored the content fingerprint; and
      
      discarding, by the CDN server, the content fingerprint and the content resource after the CDN server has stored the content fingerprint.
  - 3. The method according to claim 1, wherein before receiving the HTTP request and the identification information, the method further comprises:
    - receiving, by the CDN server, the content fingerprint and the content resource from the service server;
      
      checking, by the CDN server, whether the CDN server has stored the content resource; and
      
      discarding, by the CDN server, the content fingerprint and the content resource when the CDN server has stored the content resource.
  - 4. The method according to claim 1, wherein after sending the content resource to the user terminal, the method further comprises obtaining, by the CDN server, an updated content resource and an updated content fingerprint from the service server when a quantity of times the content resource is accessed in a preset period of time is not greater than a preset threshold.
  - 5. The method according to claim 1, wherein obtaining, by the CDN server, the content resource according to the content fingerprint comprises:
    - sending, by the CDN server, a content request to the service server, wherein the content request comprises the content fingerprint, andreceiving, by the CDN server, the content resource from the service server in response to the content request.
  - 6. The method according to claim 1, wherein obtaining, by the CDN server, the content resource according to the content fingerprint comprises obtaining, by the CDN server from local storage, the content resource according to the content fingerprint.
  - 7. The method according to claim 1, further comprising:
    - sending, by the CDN server, a content update request to the service server when a number of times the content resource is accessed is fewer than a preset threshold number of times; and
      
      receiving, by the CDN server, an updated content resource and an updated content fingerprint from the service server.

8. A content delivery network (CDN) based access control method, comprising:
- receiving, by a service server from a CDN server, a hypertext transfer protocol (HTTP) request and identification information of a user terminal, wherein the HTTP request comprises an access ticket identifying a user access permission;
  
  performing, by the service server, an authentication on the access ticket using the identification information; and
  
  returning, by the service server to the CDN server, an HTTP response comprising a content fingerprint when an authentication result indicates that the access ticket is valid.
- View Dependent Claims (9, 10)
- - 9. The method according to claim 8, wherein before returning the HTTP response, the method further comprises:
    - performing, by the service server, a hash operation on a content resource to obtain the content fingerprint; and
      
      sending, by the service server, the content resource and the content fingerprint to the CDN server.
  - 10. The method according to claim 8, wherein after returning the HTTP response, the method further comprises:
    - receiving, by the service server, a content update request comprising a uniform resource locator (URL) from the CDN server;
      
      searching, by the service server, for a content resource and the content fingerprint according to the URL; and
      
      returning, by the service server, the content resource and the content fingerprint corresponding to the URL to the CDN server.

11. A content delivery network (CDN) server, comprising:
- a receiver apparatus configured to receive a hypertext transfer protocol (HTTP) request from a user terminal and identification information, wherein the HTTP request comprises an access ticket identifying a user access permission;
  
  a transmitter apparatus configured to send the identification information and the HTTP request to a service server,wherein the receiver apparatus is further configured to receive, from the service server, an HTTP response comprising a content fingerprint when an authentication result indicates that the access ticket is valid, and wherein the content fingerprint identifies a content resource and is not passed through the user terminal; and
  
  a hardware processor coupled to the receiver apparatus and the transmitter apparatus and configured to;
  
  store the content fingerprint;
  
  obtain the content resource according to the content fingerprint; and
  
  send, using the transmitter apparatus, the content resource to the user terminal.
- View Dependent Claims (12, 13)
- - 12. The CDN server according to claim 11, wherein the receiver apparatus is further configured to receive the content fingerprint and the content resource from the service server, and wherein the hardware processor is further configured to:
    - check whether the hardware processor has stored the content fingerprint; and
      
      discard the content fingerprint and the content resource after the processor has stored the content fingerprint.
  - 13. The CDN server according to claim 11, wherein the hardware processor is further configured to obtain an updated content resource and an updated content fingerprint from the service server when a quantity of times the content resource is accessed in a preset period of time is not greater than a preset threshold.

14. A service server, comprising:
- a receiver apparatus configured to receive a hypertext transfer protocol (HTTP) request and identification information of a user terminal from a content delivery network (CDN) server, wherein the HTTP request comprises an access ticket;
  
  a hardware processor coupled to the receiver apparatus and configured to perform authentication on the access ticket using the identification information; and
  
  a transmitter apparatus coupled to the hardware processor and configured to return an HTTP response comprising a content fingerprint to the CDN server when an authentication result indicates that the access ticket is valid.
- View Dependent Claims (15, 16)
- - 15. The service server according to claim 14, wherein the hardware processor is further configured to perform a hash operation on a content resource to obtain the content fingerprint identifying the content resource, and wherein the transmitter apparatus is further configured to send the content resource and the content fingerprint to the CDN server.
  - 16. The service server according to claim 14, wherein the receiver apparatus is further configured to receive a content update request comprising a uniform resource locator (URL) from the CDN server, wherein the hardware processor is further configured to search for a content resource and the content fingerprint according to the URL, and wherein the transmitter apparatus is further configured to return the content resource and the content fingerprint corresponding to the URL to the CDN server.

17. A computer program product comprising computer-executable instructions stored on a non-transitory computer-readable medium that, when executed by a processor, cause a content delivery network (CDN) server to:
- receive a hypertext transfer protocol (HTTP) request from a user terminal and identification information of the user terminal, wherein the HTTP request comprises an access ticket identifying a user access permission;
  
  send the identification information of the user terminal and the HTTP request to a service server;
  
  receive, from a service server, an HTTP response comprising a content fingerprint when an authentication result indicates that the access ticket is valid, wherein the content fingerprint identifies a content resource and does not pass through the user terminal;
  
  store the content fingerprint;
  
  obtain the content resource according to the content fingerprint; and
  
  send the content resource to the user terminal.
- View Dependent Claims (18, 19, 20)
- - 18. The computer program product of claim 17, wherein before receiving the HTTP request and the identification information, the computer-executable instructions further cause the CDN server to:
    - receive the content fingerprint from the service server and the content resource; and
      
      check whether the CDN server has stored the content fingerprint.
  - 19. The computer program product of claim 17, wherein before receiving the HTTP request and the identification information of the user terminal, the computer-executable instructions further cause the CDN server to:
    - receive the content fingerprint from the service server and the content resource; and
      
      save the content resource.
  - 20. The computer program product of claim 17, wherein after sending the content resource to the user terminal, the computer-executable instructions further cause the CDN server to obtain an updated content resource and an updated content fingerprint from the service server when a quantity of times the content resource is accessed in a preset period of time is not greater than a preset threshold.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Original Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Inventors
Lu, Dajun, Cheng, Weiming
Primary Examiner(s)
Plecha, Thaddeus J

Application Number

US15/824,499
Publication Number

US 20180091495A1
Time in Patent Office

938 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/137   Hash-based content-based in...

G06F 16/152   using file content signatur...

G06F 21/10   Protecting distributed prog...

G06F 21/604   Tools and structures for ma...

G06F 21/62   Protecting access to data v...

G06Q 20/1235   with control of digital rig...

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/10   for controlling access to d...

H04L 65/40   Support for services or app...

H04L 67/02   based on web technology, e....

H04L 9/3247   involving digital signatures

H04L 9/40   Network security protocols

H04N 21/20   Servers specifically adapte...

CDN-based access control method and related device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

CDN-based access control method and related device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links