Managing secure content in a content delivery network

US 9,712,325 B2
Filed: 07/15/2015
Issued: 07/18/2017
Est. Priority Date: 09/04/2009
Status: Active Grant

First Claim

Patent Images

1. A system for managing content requests comprising:

one or more first storage devices including a hardware processor and a memory, the one or more first storage devices configured to;

receive a client request for an embedded resource from a client computing device, the client request including an embedded resource identifier originally provided to the client computing device from an original content provider, the embedded resource identifier including first signature information; and

provide the embedded resource to the client computing device based on verification of the first signature information; and

one or more second storage devices including a hardware processor and a memory, the one or more second storage devices configured to;

receive a first storage device request for the embedded resource from one of the one or more first storage devices, the first storage device request including second signature information, the second signature information being different from the first signature information; and

responsive to the first storage device request, provide the embedded resource to the first storage device based on verification of the second signature information.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method, and computer readable medium for managing secure content by CDN service providers are provided. A network storage provider stores one or more resources on behalf of a content provider. A CDN service provider obtains client computing device requests for secure content. Based on processing first signature information, the CDN service provider determines whether the secure content is available to the client computing device. If the CDN service provider does not maintain the requested content, the CDN service provider transmits a request to the network storage provider. Based on second signature information and an identifier associated with the CDN service provider, the network storage provider processes the request based policy information associated with the identifier.

1190 Citations

20 Claims

1. A system for managing content requests comprising:
- one or more first storage devices including a hardware processor and a memory, the one or more first storage devices configured to;
  
  receive a client request for an embedded resource from a client computing device, the client request including an embedded resource identifier originally provided to the client computing device from an original content provider, the embedded resource identifier including first signature information; and
  
  provide the embedded resource to the client computing device based on verification of the first signature information; and
  
  one or more second storage devices including a hardware processor and a memory, the one or more second storage devices configured to;
  
  receive a first storage device request for the embedded resource from one of the one or more first storage devices, the first storage device request including second signature information, the second signature information being different from the first signature information; and
  
  responsive to the first storage device request, provide the embedded resource to the first storage device based on verification of the second signature information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The system as recited in claim 1, wherein the client request comprises a DNS query associated with the embedded resource.
  - 3. The system as recited in claim 1, wherein the second signature information is originally provided by the one or more second storage devices.
  - 4. The system as recited in claim 1, wherein the one or more second storage devices provide the embedded resource further in accordance with policies associated with the embedded resource identifier.
  - 5. The system as recited in claim 4, wherein the policies associated with the embedded resource identifier correspond to an access control list associated with the embedded resource identifier.
  - 6. The system as recited in claim 5, wherein the access control list identifies one or more entities that may access the requested embedded resource.
  - 7. The system as recited in claim 6, wherein the access control list defines one or more parameters associated with access to the embedded resource by the one or more identified entities.
  - 8. The system as recited in claim 5, wherein the access control list defines one or more parameters associated with the requested embedded resource.
  - 9. The system as recited in claim 8, wherein the one or more parameters include expiration data associated with the embedded resource.
  - 10. The system as recited in claim 1, wherein a secure information verification service verifies the first signature information and wherein the secure information verification service is distinct from the one or more first storage devices.
  - 11. The system as recited in claim 1, wherein a secure information verification service verifies the second signature information and wherein the secure information verification service is distinct from the one or more second storage devices.

12. A computer-implemented method for managing content requests comprising:
- receiving, by a first storage device, a client request for an embedded resource from a client computing device, the client request including an embedded resource identifier originally provided to the client computing device from an original content provider, the embedded resource identifier including first signature information;
  
  providing, by the first storage device, the embedded resource to the client computing device based at least in part on verification of the first signature information;
  
  receiving, by a second storage device, a first storage device request for the embedded resource from one or more first storage devices, the first storage device request including second signature information, the second signature information being different from the first signature information; and
  
  providing, by the second storage device, the embedded resource to the first storage device based at least in part on verification of the second signature information and in response to the first storage device request.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The computer-implemented method as recited in claim 12, wherein the second signature information is originally provided by a network storage computing device.
  - 14. The computer-implemented method as recited in claim 13, wherein the network storage computing device provides the embedded resource further in accordance with policies associated with the embedded resource identifier.
  - 15. The computer-implemented method as recited in claim 14, wherein the policies associated with the embedded resource identifier correspond to an access control list associated with the embedded resource identifier.
  - 16. The computer-implemented method as recited in claim 15, wherein the access control list identifies one or more entities that may access the embedded resource.
  - 17. The computer-implemented method as recited in claim 15, wherein the access control list defines one or more parameters associated with the embedded resource.
  - 18. The computer-implemented method as recited in claim 17, wherein the one or more parameters include expiration data associated with the embedded resource.
  - 19. The computer-implemented method as recited in claim 12 further comprising verifying, by a content delivery network computing device, the first signature information to verify that the client request for the embedded resource has been authorized by the original content provider.
  - 20. The computer-implemented method as recited in claim 12 further comprising verifying, by a network storage computing device, the second signature information to verify that the first storage device request for the embedded resource has been authorized.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Marshall, Bradley Eugene, Cavage, Mark Joseph, Abrar, Mustafa I., Richardson, David R., Johnson, Don, Cormie, John
Primary Examiner(s)
Holder, Bradley

Application Number

US14/800,591
Publication Number

US 20150319194A1
Time in Patent Office

734 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/101   Access control lists [ACL]

H04L 63/126   the source of the received ...

H04L 63/20   for managing network securi...

H04L 67/1097   for distributed storage of ...

H04L 9/3247   involving digital signatures

Managing secure content in a content delivery network

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

1190 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Managing secure content in a content delivery network

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

1190 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links