Distribution of secure data with entitlement enforcement
First Claim
1. A method for distributing content received over an encrypted connection to one or more clients, comprising:
- receiving, by a proxy from a client, a first encrypted request for content over a first encrypted connection;
obtaining, by the proxy, an unencrypted version of the first encrypted request, the unencrypted version associated with authentication information being associated with the client;
sending, by a content streamer, over a second encrypted connection entitlement data and a second encrypted request for the content to a repository, the repository storing the content, the entitlement data being based on the authentication information, an authentication of the second encrypted request being based on the entitlement data, and the second encrypted request being based on the first encrypted request;
downloading by the content streamer the content from the repository over the second encrypted connection if the second encrypted request is authenticated;
storing by the proxy the requested content in unencrypted form in a cache; and
streaming by the proxy the requested content to the client.
1 Assignment
0 Petitions
Accused Products
Abstract
An example method for distributing content includes receiving a first encrypted request for content over a first encrypted connection from a client. The method also includes obtaining an unencrypted version of the first encrypted request. The unencrypted version is associated with authentication information associated with the client. The method further includes sending over a second encrypted connection entitlement data and a second encrypted request for the content to a repository. The repository stores the content, the entitlement data is based on the authentication information, and an authentication of the second encrypted request is based on the entitlement data. The method also includes downloading the content from the repository over the second encrypted connection, storing the requested content in unencrypted form in a cache, and streaming the requested content to the client.
7 Citations
20 Claims
-
1. A method for distributing content received over an encrypted connection to one or more clients, comprising:
-
receiving, by a proxy from a client, a first encrypted request for content over a first encrypted connection; obtaining, by the proxy, an unencrypted version of the first encrypted request, the unencrypted version associated with authentication information being associated with the client; sending, by a content streamer, over a second encrypted connection entitlement data and a second encrypted request for the content to a repository, the repository storing the content, the entitlement data being based on the authentication information, an authentication of the second encrypted request being based on the entitlement data, and the second encrypted request being based on the first encrypted request; downloading by the content streamer the content from the repository over the second encrypted connection if the second encrypted request is authenticated; storing by the proxy the requested content in unencrypted form in a cache; and streaming by the proxy the requested content to the client. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for distributing content received over an encrypted connection to one or more clients, comprising:
-
a reverse proxy that authenticates one or more encrypted requests received from one or more clients over one or more encrypted connections, unencrypts one or more authenticated encrypted requests, and sends the one or more unencrypted requests over a first connection different from the one or more encrypted connections; and a caching proxy that receives an unencrypted request for content over the first connection and sends authentication information and a second request for the content over a second connection different from the one or more encrypted connections; and a content streamer that receives the authentication information and the second request over the second connection, retrieves, based on the authentication information, entitlement data from an entitlement database, and sends the entitlement data and an encrypted request for the content over an encrypted connection to a repository storing the content, wherein an authentication of the encrypted request is based on the entitlement data, and wherein the content streamer downloads the content from the repository over the encrypted connection if the encrypted request is authenticated, the caching proxy receives the requested content, caches the requested content in unencrypted form, and streams the requested content to the reverse proxy, and the reverse proxy streams the content to the client. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
-
20. A non-transitory machine-readable storage medium comprising a plurality of machine-readable instructions that when executed by one or more hardware processors is configurable to cause the one or more hardware processors to perform a method comprising:
-
receiving, by a proxy from a client, a first encrypted request for content over a first encrypted connection; obtaining by the proxy an unencrypted version of the first encrypted request, the unencrypted version associated with authentication information being associated with the client; sending by a content streamer over a second encrypted connection entitlement data and a second encrypted request for the content to a repository, the repository storing the content, the entitlement data being based on the authentication information, an authentication of the second encrypted request being based on the entitlement data, and the second encrypted request being based on the first encrypted request; downloading by the content streamer the content from the repository over the second encrypted connection if the second encrypted request is authenticated; storing by the proxy the requested content in unencrypted form in a cache; and streaming by the proxy the requested content to the client.
-
Specification