Method and apparatus for trust-based, fine-grained rate limiting of network requests
First Claim
1. A method of limiting unauthorized network requests, comprising the steps of:
- identifying entities legitimately entitled to service;
establishing said identified entities as trusted entities;
processing requests from said trusted entities according to a first policy; and
processing remaining requests according to at least a second policy.
9 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for fine-grained, trust-based rate limiting of network requests distinguishes trusted network traffic from untrusted network traffic at the granularity of an individual user/machine combination, so that network traffic policing measures are readily implemented against untrusted and potentially hostile traffic without compromising service to trusted users. A server establishes a user/client pair as trusted by issuing a trust token to the client when successfully authenticating to the server for the first time. Subsequently, the client provides the trust token at login. At the server, rate policies apportion bandwidth according to type of traffic: network requests that include a valid trust token are granted highest priority. Rate policies further specify bandwidth restrictions imposed for untrusted network traffic. This scheme enables the server to throttle untrusted password-guessing requests from crackers without penalizing most friendly logins and only slightly penalizing the relatively few untrusted friendly logins.
-
Citations
94 Claims
-
1. A method of limiting unauthorized network requests, comprising the steps of:
-
identifying entities legitimately entitled to service;
establishing said identified entities as trusted entities;
processing requests from said trusted entities according to a first policy; and
processing remaining requests according to at least a second policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
-
-
38. A computer program product comprising computer readable code means embodied on a tangible medium, said computer readable code means comprising code for performing a method of limiting unauthorized network requests, said method comprising the steps of:
-
identifying entities legitimately entitled to service;
establishing said identified entities as trusted entities;
processing requests from said trusted entities according to a first policy; and
processing remaining requests according to at least a second policy. - View Dependent Claims (39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74)
-
-
75. A method of establishing an entity requesting a network service as trusted, comprising the steps of:
-
for each successful authentication, adding or updating a database record containing at least a user identifier, an originating network address and a date/timestamp of first and/or the current successful authentication;
comparing all subsequent authentication requests to said record; and
where the user identifier of a subsequent request matches that of a successful authentication, extending trust to the subsequent request if its originating network address and timestamp information satisfy predetermined criteria in relation to said record. - View Dependent Claims (76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94)
-
Specification