System and Method for Location, Time-of-Day, and Quality-of-Service Based Prioritized Access Control

US 20110141900A1
Filed: 12/11/2009
Published: 06/16/2011
Est. Priority Date: 12/11/2009
Status: Active Grant

First Claim

Patent Images

1. A priority server for a provider network, comprising:

a traffic volume detection module that receives operational information from the provider network and determines that a host on the provider network is experiencing a flash event based upon the operational information;

a traffic analyzer module that determines that the flash event is not a distributed denial of service attack on the host; and

a rules module that provides a priority rule to an access router in the provider network that is coupled to the host in response to determining that the flash event is not a distributed denial of service attack, wherein;

the priority rule is based upon a characteristic of packets routed in the provider network that are associated with the flash event; and

the characteristic is determined not solely by information included in the packets.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A priority server for a provider network includes a traffic volume detection module, a traffic analyzer module, and a rules module. The traffic volume detection module receives operational information from the provider network and determines that a host is experiencing a flash event based upon the operational information. The traffic analyzer module determines that the flash event is not a distributed denial of service attack on the host. When it is determined that the flash event is not a distributed denial of service attack, the rules module provides a priority rule to an access router that is coupled to the host. The priority rule is based upon a characteristic of packets routed in the provider network that are associated with the flash event, and the characteristic is determined not solely by information included in the packets.

77 Citations

View as Search Results

20 Claims

1. A priority server for a provider network, comprising:
- a traffic volume detection module that receives operational information from the provider network and determines that a host on the provider network is experiencing a flash event based upon the operational information;
  
  a traffic analyzer module that determines that the flash event is not a distributed denial of service attack on the host; and
  
  a rules module that provides a priority rule to an access router in the provider network that is coupled to the host in response to determining that the flash event is not a distributed denial of service attack, wherein;
  
  the priority rule is based upon a characteristic of packets routed in the provider network that are associated with the flash event; and
  
  the characteristic is determined not solely by information included in the packets.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The priority server of claim 1, wherein the characteristic includes a geographic location that is a source of the packets.
  - 3. The priority server of claim 1, wherein the characteristic includes a time at which the packets entered the provider network.
  - 4. The priority server of claim 3, wherein the time includes a time zone.
  - 5. The priority server of claim 3, wherein the time includes a range of times.
  - 6. The priority server of claim 1, wherein the characteristic includes a port of the host that is a target of the packets.
  - 7. The priority server of claim 1, wherein the characteristic includes a particular network protocol that is associated with the packets.

8. A method of prioritizing traffic in a provider network, comprising:
- receiving at a traffic volume detection module of a priority server operational information from the provider network;
  
  determining that a host on the provider network is experiencing a flash event based upon the operational information;
  
  determining that the flash event is not a distributed denial of service attack on the host; and
  
  in response to determining that the flash event is not a distributed denial of service attack, providing a priority rule to an access router in the provider network that is coupled to the host, wherein;
  
  the priority rule is based upon a characteristic of packets routed in the provider network that are associated with the flash event; and
  
  the characteristic is determined not solely by information included in the packets.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, wherein the characteristic includes a geographic location that is a source of the packets.
  - 10. The method of claim 8, wherein the characteristic includes a time at which the packets entered the provider network.
  - 11. The method of claim 10, wherein the time includes a time zone.
  - 12. The method of claim 11, wherein the time includes a range of times.
  - 13. The method of claim 8, wherein the characteristic includes a port of the host that is a target of the packets.
  - 14. The method of claim 8, wherein the characteristic includes a particular network protocol that is associated with the packets.

15. Machine-executable code for managing prioritized access rules, wherein the machine-executable code is embedded within a tangible medium and includes instructions for carrying out a method comprising:
- receiving operational information from a provider network;
  
  determining that a host on the provider network is experiencing a flash event based upon the operational information;
  
  determining that the flash event is not a distributed denial of service attack on the host; and
  
  in response to determining that the flash event is not a distributed denial of service attack, providing a priority rule to an access router in the provider network that is coupled to the host, wherein;
  
  the priority rule is based upon a characteristic of packets routed in the provider network that are associated with the flash event; and
  
  the characteristic is determined not solely by information included in the packets.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The machine-executable code of claim 15, wherein the characteristic includes a geographic location that is a source of the packets.
  - 17. The machine-executable code of claim 15, wherein the characteristic includes a time at which the packets entered the provider network.
  - 18. The machine-executable code of claim 17, wherein the time includes a time zone.
  - 19. The machine-executable code of claim 15, wherein the characteristic includes a port of the host that is a target of the packets.
  - 20. The machine-executable code of claim 15, wherein the characteristic includes a particular network protocol that is associated with the packets.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Inventors
Jayawardena, Thusitha, de los Reyes, Gustavo

Granted Patent

US 8,254,257 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/237
CPC Class Codes

H04L 43/028   by filtering

H04L 63/0227   Filtering policies mail mes...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1458   Denial of Service

System and Method for Location, Time-of-Day, and Quality-of-Service Based Prioritized Access Control

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

77 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

System and Method for Location, Time-of-Day, and Quality-of-Service Based Prioritized Access Control

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

77 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others