Protecting against denial of service attacks using trust, quality of service, personalization, and hide port messages
First Claim
1. An information processing system comprising:
- a challenge server operatively coupled with a client system, said challenge server comprising an interface for communicating with said client system, wherein said challenge server is configured for;
presenting a cryptographic challenge to the client system;
initializing a trust cookie that encodes the client system'"'"'s initial priority level after the client system correctly solves the cryptographic challenge;
computing a trust level score for the client system based on a service request, wherein said trust level score is associated with an amount of resources expended by an application server in handling the service request such that a higher trust level score is computed for service requests consuming less system resources;
assigning the trust level score to the client system based on the computation;
embedding the assigned trust level score in the trust cookie included in all responses sent from the application server to the client system; and
the information processing system further comprising;
the application server comprising an interface with the client system requesting a service from said application server;
a firewall coupled with the application server, said firewall configured to;
receive the service request from the client system;
receive the trust cookie from the client system;
serve the client system by presenting the valid trust cookie at a priority level associated with an assigned trust level score;
for the client with a low assigned trust level score, limiting a number of service requests that said client system can issue per unit of time; and
dropping any request from a client system with no trust cookie or an invalid trust cookie.
0 Assignments
0 Petitions
Accused Products
Abstract
According to an embodiment of the invention, a system for processing a plurality of service requests in a client-server system includes a challenge server for: presenting a cryptographic challenge to the client; initializing a trust cookie that encodes a client'"'"'s initial priority level after the client correctly solves the cryptographic challenge; computing a trust level score for the client based on a service request wherein said trust level score is associated with an amount of resources expended by the server in handling the service request such that a higher trust level score is computed for service requests consuming less system resources; assigning the trust level score to the client based on the computation; and embedding the assigned trust level score in the trust cookie included in all responses sent from the server to the client. The system further includes an application server coupled with a firewall.
48 Citations
12 Claims
-
1. An information processing system comprising:
a challenge server operatively coupled with a client system, said challenge server comprising an interface for communicating with said client system, wherein said challenge server is configured for; presenting a cryptographic challenge to the client system; initializing a trust cookie that encodes the client system'"'"'s initial priority level after the client system correctly solves the cryptographic challenge; computing a trust level score for the client system based on a service request, wherein said trust level score is associated with an amount of resources expended by an application server in handling the service request such that a higher trust level score is computed for service requests consuming less system resources;
assigning the trust level score to the client system based on the computation;embedding the assigned trust level score in the trust cookie included in all responses sent from the application server to the client system; and the information processing system further comprising; the application server comprising an interface with the client system requesting a service from said application server; a firewall coupled with the application server, said firewall configured to; receive the service request from the client system;
receive the trust cookie from the client system;serve the client system by presenting the valid trust cookie at a priority level associated with an assigned trust level score; for the client with a low assigned trust level score, limiting a number of service requests that said client system can issue per unit of time; and dropping any request from a client system with no trust cookie or an invalid trust cookie. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
8. A non-transitory computer readable medium comprising program code for causing a computer to perform functions of:
-
presenting a cryptographic challenge to a client system;
initializing a trust cookie that encodes the client system'"'"'s initial priority level after said client system correctly solves the cryptographic challenge;computing a trust level score for the client system based on a service request from the client system, wherein said trust level score is associated with an amount of resources expended by an application server in handling said service request such that a higher trust level score is computed for service requests consuming less system resources; assigning the trust level score to the client system based on the computation; and
embedding the assigned trust level score in the trust cookie included in all responses sent from the application server to the client system. - View Dependent Claims (9, 10, 11, 12)
-
Specification