Path optimization for adaptive streaming
First Claim
1. A method for providing network security at a network device, the method comprising:
- receiving, by the network device, a first endpoint request to download content;
sending, by the network device, the first request to a security provider for network security inspection, wherein the security provider forwards the first request to a content provider;
wherein an inspection is performed at the security provider on a first chunk of the content in response to the first request and a routing instruction is generated in response to the inspection, wherein the routing instruction requests that subsequent requests for the content are blocked when a risk score for the first chunk is more than a threshold level and the inspection is not passed, and the routing instruction indicates that further inspection on subsequent chunks is omitted when the risk score for the first chunk is less than the threshold level and the inspection is passed;
receiving, by the network device, the first chunk of the content from the security provider, wherein the first chunk of content includes a header and a payload;
receiving, by the network device, the routing instruction based on the inspection of the payload of the first chunk of content that originated with the content provider; and
modifying, using a processor of the network device, a second request or a subsequent request addressed to the content provider to circumvent the security provider, wherein the second request is for a second chunk of the content based on the routing instruction.
1 Assignment
0 Petitions
Accused Products
Abstract
In one implementation, downloading of streaming content using a security as a service (SecaaS) system is more efficient because portions of the streaming content may not be inspected by the SecaaS. A first request to download content from a content provider is received, and a connection is initiated with a security provider, which inspects the first chunk of the content and generates a routing instruction based on the inspection of the first chunk of content. Based on the routing instructions and the inspection of the first chunk, a request for a second chunk of the streaming content is addressed to the content provider. The second chunk of the streaming content, circumvents the SecaaS system.
12 Citations
20 Claims
-
1. A method for providing network security at a network device, the method comprising:
-
receiving, by the network device, a first endpoint request to download content; sending, by the network device, the first request to a security provider for network security inspection, wherein the security provider forwards the first request to a content provider; wherein an inspection is performed at the security provider on a first chunk of the content in response to the first request and a routing instruction is generated in response to the inspection, wherein the routing instruction requests that subsequent requests for the content are blocked when a risk score for the first chunk is more than a threshold level and the inspection is not passed, and the routing instruction indicates that further inspection on subsequent chunks is omitted when the risk score for the first chunk is less than the threshold level and the inspection is passed; receiving, by the network device, the first chunk of the content from the security provider, wherein the first chunk of content includes a header and a payload; receiving, by the network device, the routing instruction based on the inspection of the payload of the first chunk of content that originated with the content provider; and modifying, using a processor of the network device, a second request or a subsequent request addressed to the content provider to circumvent the security provider, wherein the second request is for a second chunk of the content based on the routing instruction. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A non-transitory computer readable medium including instructions that when executed are configured to perform a method comprising:
-
receiving, by a network device, a first endpoint request to download content; sending, by the network device, the first request to a security provider for network security inspection, wherein the security provider forwards the first request to a content provider; wherein an inspection is performed at the security provider on a first chunk of the content in response to the first request and a routing instruction is generated in response to the inspection, wherein the routing instruction requests that subsequent requests for the content are blocked when a risk score for the first chunk is more than a threshold level and the inspection is not passed, and the routing instruction indicates that further inspection on subsequent chunks is omitted when the risk score for the first chunk is less than the threshold level and the inspection is passed; receiving, by the network device, the first chunk of the content from the security provider, wherein the first chunk of content includes a header and a payload; receiving, by the network device, the routing instruction based on the inspection of the payload of the first chunk of content that originated with the content provider; and modifying, using a processor of the network device, a second request or a subsequent request addressed to the content provider to circumvent the security provider, wherein the second request is for a second chunk of the content based on the routing instruction. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. An apparatus comprising:
-
a processor; and a memory including computer program code for one or more programs; the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to at least perform; receiving, by a network device, a first endpoint request to download content; sending, by the network device, the first request to a security provider for network security inspection, wherein the security provider forwards the first request to a content provider; wherein an inspection is performed at the security provider on a first chunk of the content in response to the first request and a routing instruction is generated in response to the inspection, wherein the routing instruction requests that subsequent requests for the content are blocked when a risk score for the first chunk is more than a threshold level and the inspection is not passed, and the routing instruction indicates that further inspection on subsequent chunks is omitted when the risk score for the first chunk is less than the threshold level and the inspection is passed; receiving, by the network device, the first chunk of the content from the security provider, wherein the first chunk of content includes a header and a payload; receiving, by the network device, the routing instruction based on the inspection of the payload of the first chunk of content that originated with the content provider; and modifying, using a processor of the network device, a second request or a subsequent request addressed to the content provider to circumvent the security provider, wherein the second request is for a second chunk of the content based on the routing instruction. - View Dependent Claims (18, 19, 20)
-
Specification