Path optimization for adaptive streaming

US 9,571,390 B2
Filed: 11/25/2013
Issued: 02/14/2017
Est. Priority Date: 11/25/2013
Status: Active Grant

First Claim

Patent Images

1. A method for providing network security at a network device, the method comprising:

receiving, by the network device, a first endpoint request to download content;

sending, by the network device, the first request to a security provider for network security inspection, wherein the security provider forwards the first request to a content provider;

wherein an inspection is performed at the security provider on a first chunk of the content in response to the first request and a routing instruction is generated in response to the inspection, wherein the routing instruction requests that subsequent requests for the content are blocked when a risk score for the first chunk is more than a threshold level and the inspection is not passed, and the routing instruction indicates that further inspection on subsequent chunks is omitted when the risk score for the first chunk is less than the threshold level and the inspection is passed;

receiving, by the network device, the first chunk of the content from the security provider, wherein the first chunk of content includes a header and a payload;

receiving, by the network device, the routing instruction based on the inspection of the payload of the first chunk of content that originated with the content provider; and

modifying, using a processor of the network device, a second request or a subsequent request addressed to the content provider to circumvent the security provider, wherein the second request is for a second chunk of the content based on the routing instruction.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one implementation, downloading of streaming content using a security as a service (SecaaS) system is more efficient because portions of the streaming content may not be inspected by the SecaaS. A first request to download content from a content provider is received, and a connection is initiated with a security provider, which inspects the first chunk of the content and generates a routing instruction based on the inspection of the first chunk of content. Based on the routing instructions and the inspection of the first chunk, a request for a second chunk of the streaming content is addressed to the content provider. The second chunk of the streaming content, circumvents the SecaaS system.

12 Citations

20 Claims

1. A method for providing network security at a network device, the method comprising:
- receiving, by the network device, a first endpoint request to download content;
  
  sending, by the network device, the first request to a security provider for network security inspection, wherein the security provider forwards the first request to a content provider;
  
  wherein an inspection is performed at the security provider on a first chunk of the content in response to the first request and a routing instruction is generated in response to the inspection, wherein the routing instruction requests that subsequent requests for the content are blocked when a risk score for the first chunk is more than a threshold level and the inspection is not passed, and the routing instruction indicates that further inspection on subsequent chunks is omitted when the risk score for the first chunk is less than the threshold level and the inspection is passed;
  
  receiving, by the network device, the first chunk of the content from the security provider, wherein the first chunk of content includes a header and a payload;
  
  receiving, by the network device, the routing instruction based on the inspection of the payload of the first chunk of content that originated with the content provider; and
  
  modifying, using a processor of the network device, a second request or a subsequent request addressed to the content provider to circumvent the security provider, wherein the second request is for a second chunk of the content based on the routing instruction.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising:
    - initiating a connection with the security provider before sending the first request; and
      
      closing the connection with the security provider in response to the routing instruction.
  - 3. The method of claim 1, wherein the routing instruction includes a whitelist entry for the content provider.
  - 4. The method of claim 1, further comprising:
    - receiving the second chunk of the content, wherein the first chunk and the second chunk are consecutive segments of a media stream.
  - 5. The method of claim 1, wherein the first chunk is encoded at a first bitrate and the second chunk is encoded at a second bitrate.
  - 6. The method of claim 1, wherein the routing instruction includes a security level based on the inspection of the first chunk of content.
  - 7. The method of claim 1, further comprising:
    - receiving an instruction to close a connection used to transmit the first chunk after the first chunk is sent to an endpoint.
  - 8. The method of claim 1, further comprising:
    - starting a timer based on receipt of the routing instruction; and
      
      removing the routing instruction when the timer reaches a predetermined timeout period.
  - 9. The method of claim 1, wherein the second request addressed to the content provider indicates whether the first chunk passed the inspection.

10. A non-transitory computer readable medium including instructions that when executed are configured to perform a method comprising:
- receiving, by a network device, a first endpoint request to download content;
  
  sending, by the network device, the first request to a security provider for network security inspection, wherein the security provider forwards the first request to a content provider;
  
  wherein an inspection is performed at the security provider on a first chunk of the content in response to the first request and a routing instruction is generated in response to the inspection, wherein the routing instruction requests that subsequent requests for the content are blocked when a risk score for the first chunk is more than a threshold level and the inspection is not passed, and the routing instruction indicates that further inspection on subsequent chunks is omitted when the risk score for the first chunk is less than the threshold level and the inspection is passed;
  
  receiving, by the network device, the first chunk of the content from the security provider, wherein the first chunk of content includes a header and a payload;
  
  receiving, by the network device, the routing instruction based on the inspection of the payload of the first chunk of content that originated with the content provider; and
  
  modifying, using a processor of the network device, a second request or a subsequent request addressed to the content provider to circumvent the security provider, wherein the second request is for a second chunk of the content based on the routing instruction.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The non-transitory computer readable medium of claim 10, the instructions further configured to perform:
    - initiating a connection with the security provider before sending the first request; and
      
      closing the connection with the security provider in response to the routing instruction.
  - 12. The non-transitory computer readable medium of claim 10, wherein the routing instruction includes a whitelist entry for the content provider.
  - 13. The non-transitory computer readable medium of claim 10, the instructions further configured to perform:
    - receiving the second chunk of the content, wherein the first chunk and the second chunk are consecutive segments of a media stream.
  - 14. The non-transitory computer readable medium of claim 10, wherein the first chunk is encoded at a first bitrate and the second chunk is encoded at a second bitrate.
  - 15. The non-transitory computer readable medium of claim 10, wherein the routing instruction includes a security level based on the inspection of the first chunk of content.
  - 16. The non-transitory computer readable medium of claim 10, the instructions further configured to perform:
    - receiving an instruction to close a connection used to transmit the first chunk after the first chunk is sent to an endpoint.

17. An apparatus comprising:
- a processor; and
  
  a memory including computer program code for one or more programs;
  
  the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to at least perform;
  
  receiving, by a network device, a first endpoint request to download content;
  
  sending, by the network device, the first request to a security provider for network security inspection, wherein the security provider forwards the first request to a content provider;
  
  wherein an inspection is performed at the security provider on a first chunk of the content in response to the first request and a routing instruction is generated in response to the inspection, wherein the routing instruction requests that subsequent requests for the content are blocked when a risk score for the first chunk is more than a threshold level and the inspection is not passed, and the routing instruction indicates that further inspection on subsequent chunks is omitted when the risk score for the first chunk is less than the threshold level and the inspection is passed;
  
  receiving, by the network device, the first chunk of the content from the security provider, wherein the first chunk of content includes a header and a payload;
  
  receiving, by the network device, the routing instruction based on the inspection of the payload of the first chunk of content that originated with the content provider; and
  
  modifying, using a processor of the network device, a second request or a subsequent request addressed to the content provider to circumvent the security provider, wherein the second request is for a second chunk of the content based on the routing instruction.
- View Dependent Claims (18, 19, 20)
- - 18. The apparatus of claim 17, wherein the first chunk is encoded at a first bitrate and the second chunk is encoded at a second bitrate.
  - 19. The apparatus of claim 17, wherein the routing instruction includes a security level based on the inspection of the first chunk of content.
  - 20. The apparatus of claim 17, the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to at least perform:
    - starting a timer based on receipt of the routing instruction; and
      
      removing the routing instruction when the timer reaches a predetermined timeout period.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Reddy, Tirumaleswar, Patil, Prashanth, Ver Steeg, William, Wing, Daniel
Primary Examiner(s)
Parry, Chris
Assistant Examiner(s)
Lee, Daeoo

Application Number

US14/089,193
Publication Number

US 20150149657A1
Time in Patent Office

1,177 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 45/72   Routing based on the source...

H04L 63/0245   Filtering by information in...

H04L 63/1408   by monitoring network traff...

H04L 63/20   for managing network securi...

Path optimization for adaptive streaming

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

12 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Path optimization for adaptive streaming

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

12 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links