Security framework for HTTP streaming architecture

US 8,769,614 B1
Filed: 12/29/2010
Issued: 07/01/2014
Est. Priority Date: 12/29/2009
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for authenticating a client player application, the method comprising:

receiving, at a server, a request for streaming content from a client player application;

sending at least one portion of the streaming content to the client player application;

sending a program to the client player application for execution thereby, the program being embedded in the at least one portion of streaming content and comprising one or more computer-readable instructions that, when executed by the client player application, cause the client player application to send information identifying the client player application to the server;

receiving the information identifying the client player application and determining whether the client player application is recognized as an authentic client player application, based at least in part on the content of the information identifying the client player application that was sent because of the embedded program'"'"'s one or more computer-readable instructions.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus for preventing unauthorized access to online content, including in particular streaming video and other media, are provided. In various embodiments, techniques are provided to authorize users and to authenticate clients (e.g., client media players) to a content delivery system. The content delivery system may comprise a content delivery network with one or more content or “edge” servers therein. The requesting client is sent a program at the time of content delivery. The program may be embedded in the content stream, or sent outside of the stream. The program contains instructions that are executed by the client and cause it to return identifying information to the content delivery system, which can then determine whether the client player is recognized and, if so, authorized to view the content. Unrecognized and/or altered players may be prevented from viewing the content.

Citations

26 Claims

1. A computer-implemented method for authenticating a client player application, the method comprising:
- receiving, at a server, a request for streaming content from a client player application;
  
  sending at least one portion of the streaming content to the client player application;
  
  sending a program to the client player application for execution thereby, the program being embedded in the at least one portion of streaming content and comprising one or more computer-readable instructions that, when executed by the client player application, cause the client player application to send information identifying the client player application to the server;
  
  receiving the information identifying the client player application and determining whether the client player application is recognized as an authentic client player application, based at least in part on the content of the information identifying the client player application that was sent because of the embedded program'"'"'s one or more computer-readable instructions.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein the at least one portion of the streaming content comprises a beginning portion of the streaming content.
  - 3. The method of claim 1, comprising determining at the time of the request whether to embed the program within the at least one portion of the streaming content.
  - 4. The method of claim 1, wherein the program is sent to the client player application as a Small Web Format (SWF) file.
  - 5. The method of claim 1, comprising performing at least one step selected from a group of steps that is:
    - (i) continuing with the sending of the streaming content to the client player application, where the client player application is recognized as an authentic client and (ii) aborting the sending of the streaming content, where the client player application is not recognized as an authentic client player application.
  - 6. The method of claim 1, wherein the server is one of a plurality of content servers in a content delivery network.
  - 7. The method of claim 1, wherein the client player application comprises a multimedia player.
  - 8. The method of claim 1, wherein the information identifying the client player application comprises:
    - a byte array of the client player application.
  - 9. The method of claim 1, wherein the information identifying the client player application uniquely identifies the client player application.
  - 10. The method of claim 1, wherein the program includes instructions for encoding the information identifying the client player application into a token and sending the token to the server.
  - 11. The method of claim 1, wherein the determination of whether the client player application is recognized as an authentic client player application comprises comparing the information identifying the client player application with a list of known client player applications.
  - 12. The method of claim 1, wherein the program is sent to the client player application in a file that includes a function defined therein.
  - 13. The method of claim 1, wherein the program sent to the client player application comprises one or more computer-readable instructions that the client player application must combine with one or more computer-readable instructions that were previously provided to the client player application by the server or an operator thereof, in order to send the information identifying the client player application to the server.

14. A system for authenticating a client player application that requests streaming content from a content delivery system having one or more servers, comprising:
- at least one of one or more servers that receives a request from a client player application for streaming content;
  
  the one or more servers comprising at least one processor and a memory storing instructions that, when executed, configure the one or more servers to send at least one portion of the streaming content to the client player application and to send a program to the client player application that is embedded in the at least one portion of the streaming content and comprises one or more computer-readable instructions for execution by the client player application;
  
  the one or more computer-readable instructions in the program, when executed by the client player application, causing the client player application to send information identifying the client player application to at least one of the one or more servers;
  
  the one or more servers further configured by the executed instructions to receive the information identifying the client player application and to determine whether the client player application is recognized as an authentic client, based at least in part on the content of the information identifying the client player application that was sent because of the embedded program'"'"'s one or more computer-readable instructions.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 15. The system of claim 14, wherein the at least one portion of the streaming content comprises a beginning portion of the streaming content.
  - 16. The system of claim 14, wherein the executed instructions configure the one or more servers to determine, at the time of the request, whether to embed the program within the at least one portion of the streaming content.
  - 17. The system of claim 14, wherein the program is sent to the client player application as a Small Web Format (SWF) file.
  - 18. The system of claim 14, wherein the one or more servers are configured to perform at least one step selected from a group of steps that is:
    - (i) continuing with sending the streaming content to the client player application, where the client player application is recognized as an authentic client player application, and (ii) aborting the sending of streaming content, where the client player application is not recognized as an authentic client player application.
  - 19. The system of claim 14, wherein the client player application comprises a multimedia player.
  - 20. The system of claim 14, wherein the information identifying the client player application comprises:
    - a byte array of the client player application.
  - 21. The system of claim 14, wherein the information identifying the client player application uniquely identifies the client player application.
  - 22. The system of claim 14, wherein the program includes instructions for encoding the information identifying the client player application into a token and sending the token to the one or more servers.
  - 23. The system of claim 14, wherein the executed instructions configure the one or more servers to determine whether the client player application is recognized as an authentic client player application by comparing the information identifying the client player application with a list of known client player applications.
  - 24. The system of claim 14, further comprising a server associated with a customer of a content delivery network provider that is associated with the one or more servers, the customer-associated server sending a list of client player applications to the one or more servers.
  - 25. The system of claim 14, wherein the program is sent to the client player application in a file that includes a function defined therein.
  - 26. The system of claim 14, wherein the program sent to the client player application comprises an one or more computer-readable instructions that the client player application must combine with one or more computer-readable instructions previously provided to the client player application by the one or more servers or an operator thereof, in order to send the information identifying the client player application to at least one of the one or more servers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Akamai Technologies, Inc.
Original Assignee
Akamai Technologies, Inc.
Inventors
Knox, Christopher R., Devanneaux, Thomas, Olugbile, Akinwale Olugbemiga, Law, Will, Brookins, Nicholas Shayne
Primary Examiner(s)
Shiferaw, Eleni
Assistant Examiner(s)
GIDDINS, NELSON S

Application Number

US12/980,996
Time in Patent Office

1,280 Days
Field of Search

713/156, 713/158, 713/159, 713/168, 713/171, 713/172, 713/185, 726/1, 726/2, 726/3, 726/4, 726/5, 726/6, 726/7, 726/9, 726/17, 726/18, 726/19, 726/20, 726/21, 380/202, 380/203, 380/210, 380/259, 380/281, 380/283, 380/284
US Class Current

726/3
CPC Class Codes

H04L 63/04   for providing a confidentia...

H04L 63/08   for authentication of entit...

H04L 65/1069   Session establishment or de...

H04L 65/61   for supporting one-way stre...

H04L 65/612   for unicast

H04N 21/47202   for requesting content on d...

Security framework for HTTP streaming architecture

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Security framework for HTTP streaming architecture

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links