What technology area does this patent fall under?

Primary CPC classification H04L63/0263. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Aug 03 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Cloud based firewall system and service

US11082401B2 · US · B2

Patent metadata
Field	Value
Publication number	US-11082401-B2
Application number	US-201916266335-A
Country	US
Kind code	B2
Filing date	Feb 4, 2019
Priority date	Dec 12, 2009
Publication date	Aug 3, 2021
Grant date	Aug 3, 2021

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

A cloud-based firewall system and service is provided to protect customer sites from attacks, leakage of confidential information, and other security threats. In various embodiments, such a firewall system and service can be implemented in conjunction with a content delivery network (CDN) having a plurality of distributed content servers. The CDN servers receive requests for content identified by the customer for delivery via the CDN. The CDN servers include firewalls that examine those requests and take action against security threats, so as to prevent them from reaching the customer site. The CDN provider implements the firewall system as a managed firewall service, with the operation of the firewalls for given customer content being defined by that customer, independently of other customers. In some embodiments, a customer may define different firewall configurations for different categories of that customer's content identified for delivery via the CDN.

First claim

Opening claim text (preview).

What is claimed is: 1. A method of content delivery in a content delivery network (CDN) operated by a content delivery network service provider (CDNSP) on behalf of a plurality of participating content providers, wherein the plurality of participating content providers have content delivered via the CDN, the CDN having a plurality of CDN servers deployed around the Internet at an edge, the edge being any of in and adjacent to an end user access network, the method comprising: the CDNSP providing a user interface through which a particular participating content provider any of: creates and selects a first firewall instance for the plurality of CDN servers, which are deployed around the Internet at the edge, to apply to network traffic associated with the particular participating content provider, the network traffic comprising requests for content of the particular participating content provider, the content to be delivered via the CDN; the user interface further enabling the particular participating content provider to any of: create and select a second firewall instance for the plurality of CDN servers, which are deployed around the Internet at the edge, to apply to network traffic associated with the particular participating content provider, the network traffic comprising requests for content of the particular participating content provider, the content to be delivered via the CDN; the first firewall instance comprising: (i) a first application layer control, which comprises one or more security criteria to be checked against a request and an action to take if an attack is identified; (ii) a first network layer control, which comprises one or more IP-layer restrictions to apply to requests from particular IP addresses; and (iii) a designation of a first set of one or more of the plurality of CDN servers to which the first firewall instance will apply; the second firewall instance comprising: (i) a second application layer control, which comprises one or more security criteria to be checked against a request and an action to take if an attack is identified; (ii) a second network layer control, which comprises one or more IP-layer restrictions to apply to requests from particular IP addresses; and, (iii) a designation of a second set of one or more of the plurality of CDN servers to which the second firewall instance will apply, the second set being different than the first set. 2. The method of claim 1 , wherein the one or more security criteria in the first application layer control comprise any of: one or more selected rules from a ruleset, and, a rule authored by a user with a Boolean expression. 3. The method of claim 1 , wherein the one or more security criteria comprises: a rule authored by a user with a Boolean expression. 4. The method of claim 1 , wherein one or more the IP-layer restrictions comprises any of: a whitelist, a blacklist. 5. A system comprising a content delivery network (CDN) operated by a content delivery network service provider (CDNSP) on behalf of a plurality of participating content providers, wherein the plurality of participating content providers have content delivered via the CDN, the CDN having a plurality of CDN servers deployed around the Internet at an edge, the edge being any of in and adjacent to an end user access network, the system further comprising: the plurality of CDN servers; and, a user interface through which a particular participating content provider any of: creates and selects a first firewall instance for the plurality of CDN servers, which are deployed around the Internet at the edge, to apply to network traffic associated with the particular participating content provider, the network traffic comprising requests for content of the particular participating content provider, the content to be delivered via the CDN; the user interface further enabling the particular participating content provider to any of: create and select a second firewall instance for the plurality of CDN servers, which are deployed around the Internet at the edge, to apply to network traffic associated with the particular participating content provider, the network traffic comprising requests for content of the particular participating content provider, the content to be delivered via the CDN; the first firewall instance comprising: (i) a first application layer control, which comprises one or more security criteria to be checked against a request and an action to take if an attack is identified; (ii) a first network layer control, which comprises one or more IP-layer restrictions to apply to requests from particular IP addresses; and (iii) a designation of a first set of one or more of the plurality of CDN servers to which the first firewall instance will apply; the second firewall instance comprising: (i) a second application layer control, which comprises one or more security criteria to be checked against a request and an action to take if an attack is identified; (ii) a second network layer control, which comprises one or more IP-layer restrictions to apply to requests from particular IP addresses; and, (iii) a designation of a second set of one or more of the plurality of CDN servers to which the second firewall instance will apply, the second set being different than the first set. 6. The system of claim 5 , wherein the one or more security criteria in the first application layer control comprise any of: one or more selected rules from a ruleset, and, a rule authored by a user with a Boolean expression. 7. The system of claim 5 , wherein the one or more security criteria comprises: a rule authored by a user with a Boolean expression. 8. The system of claim 5 , wherein one or more the IP-layer restrictions comprises any of: a whitelist, a blacklist.

Assignees

Akamai Tech Inc

Inventors

Classifications

H04L63/0227
Filtering policies (mail message filtering H04L51/212) · CPC title
H04L63/0263Primary
Rule management · CPC title
H04L63/16
Implementing security features at a particular protocol layer · CPC title
H04L63/0218
Distributed architectures, e.g. distributed firewalls · CPC title
H04L67/10
in which an application is distributed across nodes in the network (software deployment G06F8/60; multiprogramming arrangements G06F9/46) · CPC title

Patent family

Related publications grouped by family.

View patent family 44146221

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US11082401B2 cover?: A cloud-based firewall system and service is provided to protect customer sites from attacks, leakage of confidential information, and other security threats. In various embodiments, such a firewall system and service can be implemented in conjunction with a content delivery network (CDN) having a plurality of distributed content servers. The CDN servers receive requests for content identified …
Who is the assignee on this patent?: Akamai Tech Inc
What technology area does this patent fall under?: Primary CPC classification H04L63/0263. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Aug 03 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).