CONTENT DELIVERY NETWORK ENCRYPTION
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for delivering content to end users encrypted within a content delivery network (CDN) for content originators is disclosed. CDNs transport content for content originators to end user systems in a largely opaque manner. Caches and origin servers in the CDN are used to store content. Some or all of the content is encrypted within the CDN. When universal resource indicators (URIs) are received from an end user system, the CDN can determine the key used to decrypt the content object within the CDN before delivery. Where there is a cache miss, an origin server can be queried for the content object, which is encrypted in the CDN.
80 Citations
21 Claims
-
1. (canceled)
-
2. A content delivery network (CDN) having a plurality of points of presence (POPs) distributed geographically, the CDN comprising:
-
a first key database, wherein; the first key database is part of a first POP of the plurality of POPs; and the first key database stores a first plurality of keys for decrypting content objects; a first cache, wherein; the first cache is part of the first POP; and the first cache stores a first encrypted version of a content object; a first edge server, wherein; the first edge server is part of the first POP; and the first edge server is configured to; receive a first request for the content object, wherein the first request is generated by a first end-user system; retrieve a first key of the first plurality of keys from the first key database; decrypt at least a portion of the first encrypted version of the content object using the first key to create a first unencrypted object; and initiate delivery of the first unencrypted object to the first end-user system over the Internet; a second key database, wherein the second key database stores a second plurality of keys for decrypting content objects; a second cache, wherein the second cache stores a second encrypted version of the content object; a second edge server, the second edge server configured to; receive a second request for the content object; retrieve a second key, wherein; the second key is retrieved from the second key database; and the second key is one of the second plurality of keys; decrypt at least a portion of the second encrypted version of the content object using the second key to create a second unencrypted object; and initiate delivery of the second unencrypted object to a second end-user system over the Internet. - View Dependent Claims (3, 4, 5, 6, 7, 11)
-
-
8. A method for protecting content within a content delivery network (CDN) having a plurality of points of presence (POPs) distributed geographically, the method comprising:
-
receiving a first request for a content object; locating a first encrypted version of the content object at a first edge server, wherein the first edge server is part of a first POP of the plurality of POPs; retrieving a first key for the first encrypted version of the content object, wherein the first key is located in a first key database; receiving a second request for the content object; locating a second encrypted version of the content object at a second edge server, wherein the second edge server is part of the CDN; retrieving a second key for the second encrypted version of the content object, wherein the second key is located in a second key database; and decrypting at least a portion of the first encrypted version of the content object with the first key to create a first unencrypted object; initiating delivery of the first unencrypted object to a first end-user system; decrypting at least a portion of the second encrypted version of the content object with the second key to create a second unencrypted object; and initiating delivery of the second unencrypted object to a second end-user system. - View Dependent Claims (9, 10, 12, 13, 14, 15, 16)
-
-
17. A memory device having instructions for protecting content within a CDN having a plurality of points of presence (POPs) distributed geographically, that when executed, cause one or more processors to:
-
receive a first request for a content object; locate a first encrypted version of the content object at a first edge server, wherein the first edge server is part of a first POP of the plurality of POPs; retrieve a first key for the first encrypted version of the content object, wherein the first key is located in a first key database; receive a second request for the content object; locate a second encrypted version of the content object at a second edge server, wherein the second edge server is part of the CDN; retrieve a second key for the second encrypted version of the content object, wherein the second key is located in a second key database; and decrypt at least a portion of the first encrypted version of the content object with the first key to create a first unencrypted object; initiate delivery of the first unencrypted object to a first end-user system; decrypt at least a portion of the second encrypted version of the content object with the second key to create a second unencrypted object; and initiate delivery of the second unencrypted object to a second end-user system. - View Dependent Claims (18, 19, 20, 21)
-
Specification