Private network request forwarding
First Claim
Patent Images
1. A computer-implemented method for packet handling, the method comprising:
- receiving, by a first delivery node of a public network having a public Internet Protocol (IP) address, one or more data packets from a user node via the public network;
determining, by the first delivery node, a risk level for a data packet based upon one or more characteristics of the data packet,wherein the risk level is determined based upon at least one of origin of the data packet, historical trends associated with the data packet, an expired token of the data packet, and missing header elements in the data packet;
upon the first delivery node of the content delivery network determining that the risk level of the data packet satisfies a risk threshold;
transmitting, by the first delivery node, the data packet to a second delivery node coupled to the public network and a private network, the second delivery node having a private IP address associated with the private network; and
upon the second delivery node determining that the request is compliant with a routing policy of the private network, transmitting, by the second delivery node, the data packet via the private network to a provider node of a content provider network,wherein the user node is logically external to the content delivery network and the content provider network, andwherein the routing policy defines one or more pre-determined paths associated with a request before that request is transmitted from the user node to the provider node.
1 Assignment
0 Petitions
Accused Products
Abstract
Private network request forwarding can include receiving a request from a user for Internet services over a public network. Private network request forwarding can include analyzing the request and determining whether the request is legitimate. Private network request forwarding can include forwarding the request to an entity through a private network when it is determined that the request is legitimate, wherein the user has access to the entity through a proxy.
25 Citations
22 Claims
-
1. A computer-implemented method for packet handling, the method comprising:
-
receiving, by a first delivery node of a public network having a public Internet Protocol (IP) address, one or more data packets from a user node via the public network; determining, by the first delivery node, a risk level for a data packet based upon one or more characteristics of the data packet, wherein the risk level is determined based upon at least one of origin of the data packet, historical trends associated with the data packet, an expired token of the data packet, and missing header elements in the data packet; upon the first delivery node of the content delivery network determining that the risk level of the data packet satisfies a risk threshold; transmitting, by the first delivery node, the data packet to a second delivery node coupled to the public network and a private network, the second delivery node having a private IP address associated with the private network; and upon the second delivery node determining that the request is compliant with a routing policy of the private network, transmitting, by the second delivery node, the data packet via the private network to a provider node of a content provider network, wherein the user node is logically external to the content delivery network and the content provider network, and wherein the routing policy defines one or more pre-determined paths associated with a request before that request is transmitted from the user node to the provider node. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A content delivery network computing system comprising:
-
at least one inbound data node having a public Internet Protocol (IP) address associated with a public network, and comprising a processor configured to receive one or more data packets from a user node via the public network and to determine a risk level for the data packet based upon a first characteristic of the data packet; at least one analysis node having a public IP address associated with the public network and a private IP address associated with the content delivery network, and comprising a processor configured to determine whether the one or more data packets are compliant with a routing policy of the content delivery network, wherein the risk level is determined based upon at least one of origin of the data packet, historical trends associated with the data packet, an expired token of the data packet, and missing header elements in the data packet, and wherein the routing policy defines one or more pre-determined paths associated with a request before that request is transmitted from the user node to a provider node of a content provider network; and at least one forwarding node having a private IP address of the content provider network associated with the content provider network, and comprising a processor configured to transmit the data packet to the provider node of the content provider network when the at least one inbound data node determines that the risk level for the data packet satisfies a risk threshold and the at least one analysis node determines that the data packet is compliant with the routing policy of the content delivery network, wherein the at least one forwarding node is not directly addressable to the user node, and wherein the content provider network is a private network. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A computing system for private packet handling, the system comprising:
-
a content provider network comprising; a computing service node of a private network, the computing service node comprising a processor hosting a computing service, and configured to execute at least one routine associated with the computing service that generates a reply message in response to receiving a request for the computing service, wherein the computing service node is not directly addressable to a user node of a public network, and wherein the content provider network is a private network; and a content delivery network comprising; at least one inbound data node having a public Internet Protocol (IP) address associated with a public network, and comprising a processor configured to;
receive one or more requests for the computing service from the user node via the public network, and to determine a risk level for the data packet based upon a first characteristic of the data packet, and wherein the risk level is determined based upon at least one of origin of the request, historical trends associated with the request, an expired token of the request, and missing header elements in the request; andat least one forwarding node comprising a processor and having a public IP address associated with the public network and a private IP address associated with the content provider network, and configured to transmit the request indicating the computing service received from the user node to one or more computing service nodes of the content provider network upon determining that the request is compliant with a routing policy of the content delivery network, upon the at least one inbound data node of the content delivery network determining that the request satisfies a risk threshold based upon one or more characteristics of the request, wherein the routing policy defines one or more pre-determined paths associated with a request before that request is transmitted from the user node to a provider node of a content provider network. - View Dependent Claims (18, 19, 20, 21, 22)
-
Specification