Methods and apparatus for providing security in a caching device
First Claim
1. In a caching device, a method for providing content, comprising the steps of:
- (A) obtaining content from an origin server;
(B) observing an access identifier provided by the origin server in response to a first content request, the access identifier providing an authentication indication for accessing the content obtained from the origin server; and
(C) receiving a second content request, and one of (i) preventing the origin server from handling the second content request and providing the obtained content when the second content request includes the access identifier, and (ii) forwarding the second content request to the origin server for processing when the second content request does not include the access identifier;
in response to receiving the second content request;
comparing the access identifier received with second content request to the access identifier received from the origin server;
if the comparison indicates that the access identifier received with second content request is equivalent to the access identifier received from the origin server, performing the step of (i) preventing the origin server from handling the second content request and providing the obtained content; and
if the comparison indicates that the access identifier received with second content request is not equivalent to the access identifier received from the origin server, performing the step of (ii) forwarding the second content request to the origin server for processing;
wherein observing the access identifier comprises reading the access identifier provided by the origin server in response to the first content request, the access identifier configured as a cookie that provides authentication indication to a client computer device for accessing the content obtained from the origin server;
wherein, in response to receiving the second content request;
comparing the access identifier received with second content request to the access identifier received from the origin server comprises comparing a cookie received with the second content request to the cookie received from the origin server;
if the comparison indicates that the cookie received with second content request is equivalent to the cookie received from the origin server, performing the step of (i) preventing the origin server from handling the second content request and providing the obtained content; and
if the comparison indicates that the cookie received with second content request is not equivalent to the cookie received from the origin server, performing the step of (ii) forwarding the second content request to the origin server for processing.
1 Assignment
0 Petitions
Accused Products
Abstract
The invention is directed to techniques, in a caching device, for providing content, comprising the steps of obtaining content from an origin server, observing an access identifier provided by the origin server in response to a first content request, the access identifier providing an authentication indication for accessing the content obtained from the origin server, receiving a second content request, and one of (i) preventing the origin server from handling the second content request and providing the obtained content when the second content request includes the access identifier, and (ii) forwarding the second content request to the origin server for processing when the second content request does not include the access identifier.
76 Citations
23 Claims
-
1. In a caching device, a method for providing content, comprising the steps of:
-
(A) obtaining content from an origin server; (B) observing an access identifier provided by the origin server in response to a first content request, the access identifier providing an authentication indication for accessing the content obtained from the origin server; and (C) receiving a second content request, and one of (i) preventing the origin server from handling the second content request and providing the obtained content when the second content request includes the access identifier, and (ii) forwarding the second content request to the origin server for processing when the second content request does not include the access identifier; in response to receiving the second content request; comparing the access identifier received with second content request to the access identifier received from the origin server; if the comparison indicates that the access identifier received with second content request is equivalent to the access identifier received from the origin server, performing the step of (i) preventing the origin server from handling the second content request and providing the obtained content; and if the comparison indicates that the access identifier received with second content request is not equivalent to the access identifier received from the origin server, performing the step of (ii) forwarding the second content request to the origin server for processing; wherein observing the access identifier comprises reading the access identifier provided by the origin server in response to the first content request, the access identifier configured as a cookie that provides authentication indication to a client computer device for accessing the content obtained from the origin server; wherein, in response to receiving the second content request; comparing the access identifier received with second content request to the access identifier received from the origin server comprises comparing a cookie received with the second content request to the cookie received from the origin server; if the comparison indicates that the cookie received with second content request is equivalent to the cookie received from the origin server, performing the step of (i) preventing the origin server from handling the second content request and providing the obtained content; and if the comparison indicates that the cookie received with second content request is not equivalent to the cookie received from the origin server, performing the step of (ii) forwarding the second content request to the origin server for processing. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A caching device, comprising:
-
an communications interface; a controller coupled to the interface, wherein the communications interface is configured to obtain content from the origin server; the controller is configured to observe an access identifier provided by the origin server in response to a first content request, the access identifier providing an authentication indication for accessing the content obtained from the origin server; and the controller is configured to receive a second content request, and one of (i) preventing the origin server from handling the second content request and providing the obtained content when the second content request includes the access identifier, and (ii) forwarding the second content request to the origin server for processing when the second content request does not include the access identifier, in response to receiving the second content request; the controller is configured to compare the access identifier received with second content request to the access identifier received from the origin server; if the comparison indicates that the access identifier received with second content request is equivalent to the access identifier received from the origin server, the controller is configured to perform the step of (i) preventing the origin server from handling the second content request and providing the obtained content; and if the comparison indicates that the access identifier received with second content request is not equivalent to the access identifier received from the origin server, the controller is configured to perform the step of (ii) forwarding the second content request to the origin server for processing; wherein when observing the access identifier the controller is configured to read the access identifier provided by the origin server in response to the first content request, the access identifier configured as a cookie that provides authentication indication to a client computer device for accessing the content obtained from the origin server; wherein, in response to receiving the second content request the controller is configured to; when comparing the access identifier received with second content request to the access identifier received from the origin server comprises compare a cookie received with the second content request to the cookie received from the origin server; if the comparison indicates that the cookie received with second content request is equivalent to the cookie received from the origin server, perform the step of (i) preventing the origin server from handling the second content request and providing the obtained content; and if the comparison indicates that the cookie received with second content request is not equivalent to the cookie received from the origin server, perform the step of (ii) forwarding the second content request to the origin server for processing. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A computer program product that includes a computer readable medium having instructions stored thereon such that, when the instructions are carried out by a computer, the computer can be configured to operate as a caching device capable of performing the steps of:
-
(A) obtaining content from an origin server; (B) observing an access identifier provided by the origin server in response to a first content request, the access identifier providing an authentication indication for accessing the content obtained from the origin server; and (C) receiving a second content request, and one of (i) preventing the origin server from handling the second content request and providing the obtained content when the second content request includes the access identifier, and (ii) forwarding the second content request to the origin server for processing when the second content request does not include the access identifier; in response to receiving the second content request; comparing the access identifier received with second content request to the access identifier received from the origin server; if the comparison indicates that the access identifier received with second content request is equivalent to the access identifier received from the origin server, performing the step of (i) preventing the origin server from handling the second content request and providing the obtained content; and if the comparison indicates that the access identifier received with second content request is not equivalent to the access identifier received from the origin server, performing the step of (ii) forwarding the second content request to the origin server for processing; wherein observing the access identifier comprises reading the access identifier provided by the origin server in response to the first content request, the access identifier configured as a cookie that provides authentication indication to a client computer device for accessing the content obtained from the origin server; wherein, in response to receiving the second content request; comparing the access identifier received with second content request to the access identifier received from the origin server comprises comparing a cookie received with the second content request to the cookie received from the origin server; if the comparison indicates that the cookie received with second content request is equivalent to the cookie received from the origin server, performing the step of (i) preventing the origin server from handling the second content request and providing the obtained content; and if the comparison indicates that the cookie received with second content request is not equivalent to the cookie received from the origin server, performing the step of (ii) forwarding the second content request to the origin server for processing.
-
-
22. A caching device, comprising:
-
memory to store a table; a communications interface to communicate with a client computer system; a controller to observe an access identifier; an interconnection mechanism coupling the memory, communications interface and controller; means, coupled to the communications interface, for obtaining content from an origin server; means, coupled to the communications interface and controller, for observing an access identifier provided by the origin server in response to a first content request, the access identifier providing an authentication indication for accessing the content obtained from the origin server; and means, coupled to the communications interface and controller, for receiving a second content request, and one of (i) preventing the origin server from handling the second content request and providing the obtained content when the second content request includes the access identifier, and (ii) forwarding the second content request to the origin server for processing when the second content request does not include the access identifier, wherein means for receiving comprises means for comparing the access identifier received with second content request to the access identifier received from the origin server; if the comparison indicates that the access identifier received with second content request is equivalent to the access identifier received from the origin server, performing the step of (i) preventing the origin server from handling the second content request and providing the obtained content; and if the comparison indicates that the access identifier received with second content request is not equivalent to the access identifier received from the origin server, performing the step of (ii) forwarding the second content request to the origin server for processing; wherein means for observing the access identifier comprises means for reading the access identifier provided by the origin server in response to the first content request, the access identifier configured as a cookie that provides authentication indication to a client computer device for accessing the content obtained from the origin server; wherein, in response to receiving the second content request; means for receiving comprises means for comparing the access identifier received with second content request to the access identifier received from the origin server comprises comparing a cookie received with the second content request to the cookie received from the origin server; if the comparison indicates that the cookie received with second content request is equivalent to the cookie received from the origin server, performing the step of (i) preventing the origin server from handling the second content request and providing the obtained content; and if the comparison indicates that the cookie received with second content request is not equivalent to the cookie received from the origin server, performing the step of (ii) forwarding the second content request to the origin server for processing.
-
-
23. A system for providing content comprising:
-
a client computer system for providing content requests; an origin server in communication with said client computer system, said origin server for providing content in response to content requests; and a caching device in communication with said client computer system, and said origin server, said caching device comprising; a controller coupled to the interface, wherein the controller is configured to obtain content from the origin server; the controller is configured to observe an access identifier provided by the origin server in response to a first content request, the access identifier providing an authentication indication for accessing the content obtained from the origin server; and the controller is configured to receive a second content request, and one of (i) preventing the origin server from handling the second content request and providing the obtained content when the second content request includes the access identifier, and (ii) forwarding the second content request to the origin server for processing when the second content request does not include the access identifier, in response to receiving the second content request; the controller is configured to compare the access identifier received with second content request to the access identifier received from the origin server; if the comparison indicates that the access identifier received with second content request is equivalent to the access identifier received from the origin server, the controller is configured to perform the step of (i) preventing the origin server from handling the second content request and providing the obtained content; and if the comparison indicates that the access identifier received with second content request is not equivalent to the access identifier received from the origin server, the controller is configured to perform the step of (ii) forwarding the second content request to the origin server for processing; wherein when observing the access identifier the controller is configured to read the access identifier provided by the origin server in response to the first content request, the access identifier configured as a cookie that provides authentication indication to a client computer device for accessing the content obtained from the origin server; wherein, in response to receiving the second content request the controller is configured to; when comparing the access identifier received with second content request to the access identifier received from the origin server comprises compare a cookie received with the second content request to the cookie received from the origin server; if the comparison indicates that the cookie received with second content request is equivalent to the cookie received from the origin server, perform the step of (i) preventing the origin server from handling the second content request and providing the obtained content; and if the comparison indicates that the cookie received with second content request is not equivalent to the cookie received from the origin server, perform the step of (ii) forwarding the second content request to the origin server for processing.
-
Specification