Managing secure content in a content delivery network

US 8,397,073 B1
Filed: 03/11/2010
Issued: 03/12/2013
Est. Priority Date: 09/04/2009
Status: Active Grant

First Claim

Patent Images

1. A system for managing content requests comprising:

a content delivery network (CDN) component corresponding to a CDN service provider, the CDN component including a computing device, the computing device including a processor and a memory, the CDN component operative to;

host or process content on behalf of an original content provider, wherein the original content provider is different from the CDN service provider;

receive a security-based client request for an embedded resource from a client, wherein the security-based client request is associated with an embedded resource identifier including first signature information and originally provided to the client from the original content provider; and

provide the embedded resource to the client based on processing the security-based client request to verify the first signature information; and

an origin source component corresponding to a network storage service provider, the origin source component including a computing device including a processor and a memory, the origin source component operative to;

function as a content origin source on behalf of the original content provider, wherein the network storage service provider is different from the CDN service provider and the original content provider;

receive a security-based CDN service provider request for an embedded resource from the CDN component, wherein the security-based CDN service provider request includes an identifier corresponding to the CDN service provider and second signature information that is different from the first signature information; and

responsive to the security-based CDN service provider request from the CDN component processing the security-based client request, provide the embedded resource to the CDN service provider based on verification of the second signature information and in accordance with policies associated with the identifier corresponding to the CDN service provider.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method, and computer readable medium for managing secure content by CDN service providers are provided. A network storage provider stores one or more resources on behalf of a content provider. A CDN service provider obtains client computing device requests for secure content. Based on processing first signature information, the CDN service provider determines whether the secure content is available to the client computing device. If the CDN service provider does not maintain the requested content, the CDN service provider transmits a request to the network storage provider. Based on second signature information and an identifier associated with the CDN service provider, the network storage provider processes the request based policy information associated with the identifier.

387 Citations

18 Claims

1. A system for managing content requests comprising:
- a content delivery network (CDN) component corresponding to a CDN service provider, the CDN component including a computing device, the computing device including a processor and a memory, the CDN component operative to;
  
  host or process content on behalf of an original content provider, wherein the original content provider is different from the CDN service provider;
  
  receive a security-based client request for an embedded resource from a client, wherein the security-based client request is associated with an embedded resource identifier including first signature information and originally provided to the client from the original content provider; and
  
  provide the embedded resource to the client based on processing the security-based client request to verify the first signature information; and
  
  an origin source component corresponding to a network storage service provider, the origin source component including a computing device including a processor and a memory, the origin source component operative to;
  
  function as a content origin source on behalf of the original content provider, wherein the network storage service provider is different from the CDN service provider and the original content provider;
  
  receive a security-based CDN service provider request for an embedded resource from the CDN component, wherein the security-based CDN service provider request includes an identifier corresponding to the CDN service provider and second signature information that is different from the first signature information; and
  
  responsive to the security-based CDN service provider request from the CDN component processing the security-based client request, provide the embedded resource to the CDN service provider based on verification of the second signature information and in accordance with policies associated with the identifier corresponding to the CDN service provider.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system as recited in claim 1, wherein the identifier is originally provided by the original content provider.
  - 3. The system as recited in claim 1, wherein the policies associated with the identifier correspond to an access control list associated with the identifier.
  - 4. The system as recited in claim 3, wherein the access control list is configured by the original content provider.
  - 5. The system as recited in claim 3, wherein the access control list identifies one or more entities that may access the requested embedded resource.
  - 6. The system as recited in claim 5, wherein the access control list defines one or more parameters associated with access to the embedded resource by the one or more identified entities.
  - 7. The system as recited in claim 3, wherein the access control list defines one or more parameters associated with the requested embedded resource.
  - 8. The system as recited in claim 1, wherein information associated with the security-based CDN service provider request is originally provided by the network storage service provider.
  - 9. The system as recited in claim 1, wherein the CDN component processes the security-based client request using a secure information verification service to verify the first signature information.

10. A computer-implemented method for managing content requests comprising:
- hosting or processing content, by a content delivery network (CDN) computing device corresponding to a CDN service provider, on behalf of an original content provider, wherein the original content provider is different from the CDN service provider and wherein the CDN computing device includes a processor and a memory;
  
  receiving, by the CDN computing device, a security-based client request for an embedded resource from a client, wherein the security-based client request is associated with an embedded resource identifier including first signature information and originally provided to the client from the original content provider;
  
  providing, by the CDN computing device, the embedded resource to the client based on processing the security-based client request to verify the first signature information;
  
  receiving, by a network storage computing device, a security-based CDN service provider request for an embedded resource from the CDN computing device, wherein the network storage computing device corresponds to a network storage service provider functioning as a content origin source on behalf of the original content provider, wherein the network storage service provider is different from the CDN service provider and the original content provider, and wherein the security-based CDN service provider request includes an identifier corresponding to the CDN service provider and second signature information that is different from the first signature information; and
  
  responsive to the security-based CDN service provider request from the CDN computing device processing the security-based client request, providing the embedded resource to the CDN service provider based on verification of the second signature information and in accordance with policies associated with the identifier corresponding to the CDN service provider.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The computer-implemented method as recited in claim 10, wherein the identifier is originally provided by the original content provider.
  - 12. The computer-implemented method as recited in claim 10, wherein the policies associated with the identifier correspond to an access control list associated with the identifier.
  - 13. The computer-implemented method as recited in claim 12, wherein the access control list is configured by the original content provider.
  - 14. The computer-implemented method as recited in claim 12, wherein the access control list identifies one or more entities that may access the requested embedded resource.
  - 15. The computer-implemented method as recited in claim 14, wherein the access control list defines one or more parameters associated with access to the embedded resource by the one or more identified entities.
  - 16. The computer-implemented method as recited in claim 12, wherein the access control list defines one or more parameters associated with the requested embedded resource.
  - 17. The computer-implemented method as recited in claim 10, wherein information associated with the security-based CDN service provider request is originally provided by the network storage service provider.
  - 18. The computer-implemented method as recited in claim 10, wherein the CDN computing device processes the security-based client request using a secure information verification service to verify the first signature information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Richardson, David R., Johnson, Don, Cormie, John, Marshall, Bradley E., Cavage, Mark Joseph, Abrar, Mustafa I.
Primary Examiner(s)
Orgad, Edan
Assistant Examiner(s)
HOLDER, BRADLEY W

Application Number

US12/722,454
Time in Patent Office

1,097 Days
Field of Search

713/176, 713/150, 713/168
US Class Current

713/176
CPC Class Codes

H04L 63/101   Access control lists [ACL]

H04L 63/126   the source of the received ...

H04L 63/20   for managing network securi...

H04L 67/1097   for distributed storage of ...

H04L 9/3247   involving digital signatures

Managing secure content in a content delivery network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

387 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Managing secure content in a content delivery network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

387 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links