Method and apparatus for protecting electronic commerce from distributed denial-of-service attacks
First Claim
1. A method of limiting the effect upon certain users that access an e-merchant'"'"'s server from a denial-of-service attack against the e-merchant'"'"'s server, the method comprising:
- marking a packet addressed to the e-merchant'"'"'s server for forwarding in a privileged class of service when the source of the packet is a computer whose user is a VIP user who has been designated by the e-merchant as being within a predetermined subset of users who transact business online with the e-merchant through the e-merchant'"'"'s server, where a determination that the computer'"'"'s user is a VIP user is made through the VIP user'"'"'s activation of a VIP right that was granted to the VIP user by the e-merchant and the attachment of that VIP right to the VIP user'"'"'s computer, the VIP right granted by the e-merchant to the VIP user automatically expiring at the end of a specified term and/or after a specified maximum number of packets or bytes have been forwarded to the e-merchant'"'"'s server by the VIP user'"'"'s computer client-in the privileged class of service.
7 Assignments
0 Petitions
Accused Products
Abstract
An Internet Service Provider (ISP), in consideration of being remunerated in some manner by an e-merchant, carries the packets of a designated subset of that e-merchant'"'"'s clients, designated as VIPs, in a privileged class of service as compared to an unprivileged class of service that is used to carry the packets of the e-merchant'"'"'s other regular clients. In this way, the adverse effects on performance due to congestion in the unprivileged class of service, whether due to an ongoing denial-of-service attack or not, will not affect the performance of packets sent by and to VIPs using the privileged class of service. An e-merchant may select its VIPs from among those clients that bring in a majority of the e-merchant'"'"'s revenues. An e-merchant turns a regular client into a VIP by granting it a VIP right. VIP gates, preferable implemented in an ISP'"'"'s access gateways, monitor the packets sent by clients and mark for the privileged class of service those packets whose source has an active VIP right issued by the packet'"'"'s destination.
19 Citations
6 Claims
-
1. A method of limiting the effect upon certain users that access an e-merchant'"'"'s server from a denial-of-service attack against the e-merchant'"'"'s server, the method comprising:
marking a packet addressed to the e-merchant'"'"'s server for forwarding in a privileged class of service when the source of the packet is a computer whose user is a VIP user who has been designated by the e-merchant as being within a predetermined subset of users who transact business online with the e-merchant through the e-merchant'"'"'s server, where a determination that the computer'"'"'s user is a VIP user is made through the VIP user'"'"'s activation of a VIP right that was granted to the VIP user by the e-merchant and the attachment of that VIP right to the VIP user'"'"'s computer, the VIP right granted by the e-merchant to the VIP user automatically expiring at the end of a specified term and/or after a specified maximum number of packets or bytes have been forwarded to the e-merchant'"'"'s server by the VIP user'"'"'s computer client-in the privileged class of service. - View Dependent Claims (2, 3)
-
4. Apparatus for limiting the effect upon certain users that access an e-merchant'"'"'s server from a denial-of-service attack against the e-merchant'"'"'s server comprising:
-
means for storing a VIP right for at least one user who has been designated by the e-merchant as a VIP user who is within a predetermined subset of users that transact business online with the e-merchant through the e-merchant'"'"'s server, the VIP right being granted individually by the e-merchant to the at least one VIP user and having a specified term and/or specified packet or byte usage limits; and a computer program or application that performs a method of marking a packet addressed to the e-merchant'"'"'s server for forwarding in a privileged class of service when the source of the packet is a computer whose user has been designated as a VIP user by the e-merchant, where a determination that the computer'"'"'s user is a VIP user is made through the VIP user'"'"'s activation of the VIP right and the attachment of that VIP right to the VIP user'"'"'s computer, and the specified term of the VIP right granted to that user that is stored in the storing means has neither expired nor have the number of packets or bytes that have been already forwarded from that client to the e-merchant'"'"'s server in the privileged class of service exceeded the specified packet or byte usage limits of that user'"'"'s VIP right. - View Dependent Claims (5, 6)
-
Specification
-
- Resources
-
Current AssigneeGemalto SA (Thales SA)
-
Original AssigneeLucent Technologies, Inc. (Nokia Corporation)
-
InventorsBrustoloni, Jose′ C
-
Primary Examiner(s)Najjar; Saleh
-
Assistant Examiner(s)KOROBOV, VITALI A
-
Application NumberUS10/175,463Publication NumberTime in Patent Office1,980 DaysField of Search709/207, 709/227, 709/228, 709/232, 709/235, 370/229, 370/320, 370/230.1, 370/231, 370/232, 370/351, 370/395.21, 370/395.3, 370/238, 370/223, 370/227, 705/26US Class Current709/240CPC Class CodesG06Q 30/0601 Electronic shopping [e-shop...H04L 47/10 Flow control; Congestion co...H04L 47/2408 for supporting different se...H04L 47/2491 Mapping quality of service ...H04L 63/104 Grouping of entitiesH04L 63/1408 by monitoring network traff...H04L 63/1458 Denial of ServiceH04L 67/61 taking into account QoS or ...H04L 69/329 in the application layer [O...H04L 9/40 Network security protocols
