Protecting against denial of service attacks using trust, quality of service, personalization, and hide port messages

US 8,250,631 B2
Filed: 04/09/2010
Issued: 08/21/2012
Est. Priority Date: 05/12/2006
Status: Expired due to Fees

First Claim

Patent Images

1. An information processing system comprising:

a challenge server operatively coupled with a client system, said challenge server comprising an interface for communicating with said client system, wherein said challenge server is configured for;

presenting a cryptographic challenge to the client system;

initializing a trust cookie that encodes the client system'"'"'s initial priority level after the client system correctly solves the cryptographic challenge;

computing a trust level score for the client system based on a service request, wherein said trust level score is associated with an amount of resources expended by an application server in handling the service request such that a higher trust level score is computed for service requests consuming less system resources;

assigning the trust level score to the client system based on the computation;

embedding the assigned trust level score in the trust cookie included in all responses sent from the application server to the client system; and

the information processing system further comprising;

the application server comprising an interface with the client system requesting a service from said application server;

a firewall coupled with the application server, said firewall configured to;

receive the service request from the client system;

receive the trust cookie from the client system;

serve the client system by presenting the valid trust cookie at a priority level associated with an assigned trust level score;

for the client with a low assigned trust level score, limiting a number of service requests that said client system can issue per unit of time; and

dropping any request from a client system with no trust cookie or an invalid trust cookie.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to an embodiment of the invention, a system for processing a plurality of service requests in a client-server system includes a challenge server for: presenting a cryptographic challenge to the client; initializing a trust cookie that encodes a client'"'"'s initial priority level after the client correctly solves the cryptographic challenge; computing a trust level score for the client based on a service request wherein said trust level score is associated with an amount of resources expended by the server in handling the service request such that a higher trust level score is computed for service requests consuming less system resources; assigning the trust level score to the client based on the computation; and embedding the assigned trust level score in the trust cookie included in all responses sent from the server to the client. The system further includes an application server coupled with a firewall.

48 Citations

View as Search Results

12 Claims

1. An information processing system comprising:
- a challenge server operatively coupled with a client system, said challenge server comprising an interface for communicating with said client system, wherein said challenge server is configured for;
  
  presenting a cryptographic challenge to the client system;
  
  initializing a trust cookie that encodes the client system'"'"'s initial priority level after the client system correctly solves the cryptographic challenge;
  
  computing a trust level score for the client system based on a service request, wherein said trust level score is associated with an amount of resources expended by an application server in handling the service request such that a higher trust level score is computed for service requests consuming less system resources;
  
  assigning the trust level score to the client system based on the computation;
  
  embedding the assigned trust level score in the trust cookie included in all responses sent from the application server to the client system; and
  
  the information processing system further comprising;
  
  the application server comprising an interface with the client system requesting a service from said application server;
  
  a firewall coupled with the application server, said firewall configured to;
  
  receive the service request from the client system;
  
  receive the trust cookie from the client system;
  
  serve the client system by presenting the valid trust cookie at a priority level associated with an assigned trust level score;
  
  for the client with a low assigned trust level score, limiting a number of service requests that said client system can issue per unit of time; and
  
  dropping any request from a client system with no trust cookie or an invalid trust cookie.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1 wherein the application server updates the trust cookie based upon client requests.
  - 3. The system of claim 1 wherein the challenge server is further configured for modifying the assigned trust level score provided to the client system based on a subsequent request from said client system.
  - 4. The system of claim 1 wherein the trust cookie further comprises a secret cryptographic key.
  - 5. The system of claim 1 wherein the trust cookie further comprises a symmetric key encryption algorithm.
  - 6. The system of claim 1 wherein a lower trust level score is achieved by a service request consuming more system resources.
  - 7. The system of claim 1 wherein the trust cookie comprises a client system IP address, an application server IP address, a time at which the trust cookie was issued, and the trust level score.

8. A non-transitory computer readable medium comprising program code for causing a computer to perform functions of:
- presenting a cryptographic challenge to a client system;
  
  initializing a trust cookie that encodes the client system'"'"'s initial priority level after said client system correctly solves the cryptographic challenge;
  
  computing a trust level score for the client system based on a service request from the client system, wherein said trust level score is associated with an amount of resources expended by an application server in handling said service request such that a higher trust level score is computed for service requests consuming less system resources;
  
  assigning the trust level score to the client system based on the computation; and
  
  embedding the assigned trust level score in the trust cookie included in all responses sent from the application server to the client system.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The non-transitory computer readable medium of claim 8 wherein the program code further causes the computer to modify the assigned trust level score provided to the client system based on a subsequent request from said client system.
  - 10. The non-transitory computer readable medium of claim 8 wherein the trust cookie comprises a client system IP address, an application server IP address, a time at which the trust cookie was issued, and the trust level score.
  - 11. The non-transitory computer readable medium of claim 10 wherein the trust cookie further comprises a symmetric key encryption algorithm.
  - 12. The non-transitory computer readable medium of claim 10 wherein the trust cookie further comprises a secret cryptographic key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Srivatsa, Mudhakar, Yin, Jian, Iyengar, Arun K
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
Gregory, Shaun

Application Number

US12/757,836
Publication Number

US 20100235632A1
Time in Patent Office

865 Days
Field of Search

None
US Class Current

726/4
CPC Class Codes

H04L 2463/102   applying security measure f...

H04L 2463/141   Denial of service attacks a...

H04L 63/0236   Filtering by address, proto...

H04L 63/126   the source of the received ...

H04L 63/1458   Denial of Service

H04L 9/3213   using tickets or tokens, e....

H04L 9/3271   using challenge-response

Protecting against denial of service attacks using trust, quality of service, personalization, and hide port messages

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

48 Citations

12 Claims

Specification

Use Cases

Quick Links

Others

Protecting against denial of service attacks using trust, quality of service, personalization, and hide port messages

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

48 Citations

12 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others