Reputation based connection throttling

US 8,179,798 B2
Filed: 01/24/2007
Issued: 05/15/2012
Est. Priority Date: 01/24/2007
Status: Active Grant

First Claim

Patent Images

1. A reputation based connection throttling system for voice over internet protocol communications, the system comprising:

one or more processors; and

memory coupled to the one or more processors and including instructions, which, when executed by the one or more processors, cause the one or more processors to define;

a communications interface operable to receive voice over Internet protocol connection requests associated with external entities prior to connections being established between the external entities and a protected network associated with the communications interface;

a reputation engine operable, for each of the external entities, to;

derive a reputation associated with an individual external entity; and

determine whether the reputation of the individual external entity is one of a reputable reputation or a non-reputable reputation;

a connection control engine operable to allow a connection request from the individual external entity to the protected network; and

a load balancer engine operable, for each of the external entities having been determined to have a non-reputable reputation, to;

determine a degree of non-reputability of the reputation of the external entity having the non-reputable reputation; and

in response to the connection request from the external entity having the non-reputable reputation entity being allowed, send voice over Internet protocol data packets originating from the external entity having the non-reputable reputation entity to a particular message interrogation engine based on the degree of non-reputability of the external entity having the non-reputable reputation, wherein data packets from a first set of the external entities having degrees of non-reputability higher than degrees of non-reputability of a second set of the external entities are sent to a first message interrogation engine with a higher inspection load than a second message interrogation engine to which data packets from the second set are sent.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for reputation based connection determinations are provided. Systems used for reputation based connection throttling can include a communications interface, a reputation engine and a connection control engine. The communications interface can receive connection requests associated with an external entity prior to a connection being established to the external entity. The reputation engine can derive a reputation associated with the external entity. The connection control engine can allow or deny connection requests to a protected network based upon the derived reputation of the external entity.

450 Citations

17 Claims

1. A reputation based connection throttling system for voice over internet protocol communications, the system comprising:
- one or more processors; and
  
  memory coupled to the one or more processors and including instructions, which, when executed by the one or more processors, cause the one or more processors to define;
  
  a communications interface operable to receive voice over Internet protocol connection requests associated with external entities prior to connections being established between the external entities and a protected network associated with the communications interface;
  
  a reputation engine operable, for each of the external entities, to;
  
  derive a reputation associated with an individual external entity; and
  
  determine whether the reputation of the individual external entity is one of a reputable reputation or a non-reputable reputation;
  
  a connection control engine operable to allow a connection request from the individual external entity to the protected network; and
  
  a load balancer engine operable, for each of the external entities having been determined to have a non-reputable reputation, to;
  
  determine a degree of non-reputability of the reputation of the external entity having the non-reputable reputation; and
  
  in response to the connection request from the external entity having the non-reputable reputation entity being allowed, send voice over Internet protocol data packets originating from the external entity having the non-reputable reputation entity to a particular message interrogation engine based on the degree of non-reputability of the external entity having the non-reputable reputation, wherein data packets from a first set of the external entities having degrees of non-reputability higher than degrees of non-reputability of a second set of the external entities are sent to a first message interrogation engine with a higher inspection load than a second message interrogation engine to which data packets from the second set are sent.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The system of claim 1, wherein the reputation engine derives the reputation the individual external entity based upon an aggregation of reputable criteria and non-reputable criteria associated with the individual external entity.
  - 3. The system of claim 1, wherein the communications interface is further operable to receive short message service connection requests, and the connection control engine is operable to deny the short message service connection request based upon a reputation associated with a short message service entity originating the short message service connection request.
  - 4. The system of claim 1, wherein at least one of the first and second message interrogation engines is operable to examine the data packets originating from the external entity having the non-reputable reputation to determine whether the external entity is exploiting a voice over internet protocol connection.
  - 5. The system of claim 1, wherein the reputation engine is a reputation server operable to receive a reputation query from the connection control engine and to provide the connection control engine with the derived reputation.
  - 6. The system of claim 5, wherein the reputation server derives the reputation of the individual external entity by aggregating a plurality of local reputations associated with the individual external entity, the plurality of local reputations being supplied by a plurality of local reputation engines.
  - 7. The system of claim 1, wherein the connection control engine comprises a policy against which the reputation is compared.
  - 8. The system of claim 7, wherein the policy defines one or more categories of external entities to which voice over internet protocol requests are allowed.
  - 9. The system of claim 1, wherein the communications interface is further operable to receive a plurality of simultaneous connection requests;
    - correlate the simultaneous connection requests to determine that the simultaneous connection requests comprise an attack; and
      
      the reputation engine is further operable to update the reputation of one or more of the external entities associated with the simultaneous connection requests.
  - 10. The system of claim 1, wherein the reputation of the individual external entity indicates a reputation of the individual external entity for participating in denial of service attacks, wherein a reputation for participating in a denial of service attack triggers the connection control engine to immediately throttle a connection based upon input from a handset or a policy.
  - 11. The system of claim 1, wherein the connection is requested to a device on the protected network, the device comprising a mobile, location aware device.
  - 12. The system of claim 1, wherein the load balancer engine is operable to reduce a quality of service for any connections allowed to the first set of the external entities, as compared to connections for the second set of the external entities, by sending the data packets from the first set of the external entities to the first message interrogation engine, which has a higher inspection load than that of the second message interrogation engine to which the data packets from the second set are sent.

13. A computer-implemented method, comprising:
- receiving voice over internet protocol connection requests associated with external entities prior to connections being established between an individual external entity and a protected network;
  
  for each of the external entities;
  
  deriving a reputation associated with the individual external entity; and
  
  determining whether the reputation of the individual external entity is one of a reputable reputation or a non-reputable reputation;
  
  in response to determining that the reputation of the individual external entity is a reputable reputation, allowing a connection request from the individual external entity to the protected network; and
  
  in response to determining that the reputation of the individual external entity is a non-reputable reputation, allowing the connection request to the protected network and determining a degree of non-reputability of the reputation of the individual external entity;
  
  sending voice over internet protocol data packets originating from a first set of the external entities having first degrees of non-reputability to a first message interrogation engine; and
  
  sending voice over interne protocol data packets originating from a second set of the external entities having degrees of non-reputability less than the first degrees of non-reputability of the first set to a second message interrogation engine, wherein the first message interrogation engine has a higher inspection load than the second message interrogation engine.
- View Dependent Claims (14, 15, 16)
- - 14. The method of claim 13, wherein deriving a reputation comprises:
    - deriving the reputation of the individual external entity based upon an aggregation of reputable criteria and non-reputable criteria associated with the individual external entity.
  - 15. The method of claim 13, wherein deriving a reputation comprises:
    - aggregating a plurality of local reputations associated with the individual external entity, the plurality of local reputations being supplied by a plurality of local reputation engines.
  - 16. The method of claim 13, further comprising:
    - receiving a plurality of simultaneous connection requests;
      
      correlating the simultaneous connection requests to determine that the requests comprise an attack; and
      
      updating the reputation of one or more of the external entities associated with the simultaneous connection requests.

17. A non-transitory computer storage medium encoded with a computer program, the program comprising instructions that when executed by data processing apparatus cause the data processing apparatus to perform operations, comprising:
- receiving voice over internet protocol connection requests associated with external entities prior to connections being established between the external entities and a protected network;
  
  for each of the external entities;
  
  deriving a reputation associated with the external entity; and
  
  determining whether the reputation of the external entity is one of a reputable reputation or a non-reputable reputation;
  
  in response to determining that the reputation of the external entity is a reputable reputation, allowing a connection request from the external entity to the protected network; and
  
  in response to determining that the reputation of the external entity is a non-reputable reputation, allowing the connection request to the protected network and determining a degree of non-reputability of the reputation of the external entity;
  
  sending voice over internet protocol data packets originating from a first set of the external entities having first degrees of non-reputability to a first message interrogation engine; and
  
  sending voice over internet protocol data packets originating from a second set of the external entities having degrees of non-reputability less than the first degrees of non-reputability of the first set to a second message interrogation engine, wherein the first message interrogation engine has a higher inspection load than the second message interrogation engine.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Alperovitch, Dmitri, Judge, Paul, Krasser, Sven, Schneck, Phyllis Adele, Trivedi, Aarjav Jyotindra Neeta, Yang, Weilai
Primary Examiner(s)
Juntima, Nittaya
Assistant Examiner(s)
OH, ANDREW CHUNG SUK

Application Number

US11/626,644
Publication Number

US 20080175226A1
Time in Patent Office

1,938 Days
Field of Search

None
US Class Current

370/232
CPC Class Codes

H04L 51/212   using filtering or selectiv...

H04L 63/0227   Filtering policies mail mes...

H04L 63/10   for controlling access to d...

H04L 63/1458   Denial of Service

H04L 65/1079   of unsolicited session atte...

Reputation based connection throttling

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

450 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Reputation based connection throttling

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

450 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links