Dynamic throttling systems and services

US 8,281,382 B1
Filed: 06/30/2008
Issued: 10/02/2012
Est. Priority Date: 06/30/2008
Status: Active Grant

First Claim

Patent Images

1. A method of dynamically determining whether to allow access to data in a distributed electronic environment, comprising:

receiving a request for data to a Web service controlling access to the data;

parsing the request to determine at least one token associated with the request;

forwarding the token to a throttling module configured to analyze aggregate request frequency related to the token and determine whether to allow access to the data using a rule corresponding to the token of the request, the aggregate request frequency corresponding to any related request received by any of a plurality of servers being operable to provide access to the data in response to the request, at least a portion of the aggregate request frequency having been propagated to the throttling module by any of the plurality of servers being operable to provide access to the data in response to the request;

forwarding the request to one of the plurality of servers in order to provide access to the data when the throttling module returns a decision to allow access; and

returning a response indicating that access will not be provided in response to the request when the throttling module returns a decision not to allow access.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A lightweight throttling mechanism allows for dynamic control of access to resources in a distributed environment. Each request received by a server of a server group is parsed to determine tokens in the request, which are compared with designated rules to determine whether to process or reject the request based on usage data associated with an aspect of the request, the token values, and the rule(s) specified for the request. The receiving of each request can be broadcast to throttling components for each server such that the global state of the system is known to each server. The system then can monitor usage and dynamically throttle requests based on real time data in a distributed environment.

81 Citations

View as Search Results

25 Claims

1. A method of dynamically determining whether to allow access to data in a distributed electronic environment, comprising:
- receiving a request for data to a Web service controlling access to the data;
  
  parsing the request to determine at least one token associated with the request;
  
  forwarding the token to a throttling module configured to analyze aggregate request frequency related to the token and determine whether to allow access to the data using a rule corresponding to the token of the request, the aggregate request frequency corresponding to any related request received by any of a plurality of servers being operable to provide access to the data in response to the request, at least a portion of the aggregate request frequency having been propagated to the throttling module by any of the plurality of servers being operable to provide access to the data in response to the request;
  
  forwarding the request to one of the plurality of servers in order to provide access to the data when the throttling module returns a decision to allow access; and
  
  returning a response indicating that access will not be provided in response to the request when the throttling module returns a decision not to allow access.
- View Dependent Claims (2, 3)
- - 2. A method according to claim 1, further comprising:
    - receiving a request from a user to set a rule for access to the data; and
      
      applying the rule on one of a set of throttling configuration components,wherein each throttling module is able to retrieve the rule by querying one of the set of throttling configuration components.
  - 3. A method according to claim 2, wherein the request to set a rule further includes an effective date for the rule, and further comprising:
    - placing data for the rule into a job queue before a time of the effective date; and
      
      processing the rule from the job queue at the effective date.

4. A method of determining whether to allow access to a resource in an electronic environment, comprising:
- receiving an incoming client request for access to a resource;
  
  parsing the client request to determine at least one parameter associated with the client request;
  
  forwarding at least the parameter to a throttling module configured to analyze individual client aggregate usage history related to the parameter and determine whether to allow the client access to the resource using a rule corresponding to the parameter of the request, the individual client aggregate usage history in aggregate corresponding to any related request by the client received by any related component across the electronic environment being operable to provide access to the resource, at least a portion of the individual client aggregate usage history having been propagated to the throttling module by any related component across the electronic environment being operable to provide access to the resource;
  
  forwarding the client request in order to provide access to the resource when the throttling module returns a decision to allow access; and
  
  returning a response indicating that access will not be provided in response to the client request when the throttling module returns a decision not to allow access.
- View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 5. A method according to claim 4, further comprising:
    - receiving a request to set a rule for access to the resource.
  - 6. A method according to claim 5, further comprising:
    - parsing the client request to determine the rule to apply; and
      
      applying the rule to the client request for which access to the resource is controlled by the throttling module.
  - 7. A method according to claim 6, further comprising:
    - propagating the rule to any other throttling module being operable to provide access to the resource in response to the client request.
  - 8. A method according to claim 5, wherein:
    - the request to set a rule is one of an add rule request, get rule request, edit rule request, remove rule request, andthe request is of the form of a normal rule request, blacklist rule request, or whitelist rule request type.
  - 9. A method according to claim 5, wherein:
    - the request from a user to set a rule further includes an effective date for the rule.
  - 10. A method according to claim 9, further comprising:
    - placing data for the rule into a job queue before a time of the effective date; and
      
      processing the rule from the job queue at the effective date.
  - 11. A method according to claim 4, further comprising:
    - recording information indicating receiving of the client request.
  - 12. A method according to claim 11, further comprising:
    - forwarding the information to any other component capable of receiving and processing the request.
  - 13. A method according to claim 11, further comprising:
    - refreshing the stored data at a configurable interval,wherein a configurable amount of aggregate usage history is stored for the throttling module.
  - 14. A method according to claim 4, wherein:
    - receiving a client request for access to a resource includes receiving the request to a component in a distributed environment, wherein the distributed environment includes a plurality of components being operable to receive requests from a plurality of sources.
  - 15. A method according to claim 14, wherein:
    - each of the components is a server including a throttling module.
  - 16. A method according to claim 4, wherein:
    - the steps of the method are performed as part of a Web service.

17. A system for determining whether to allow access to a resource in an electronic environment, comprising:
- a processor; and
  
  a memory device including instructions that, when executed by the processor, cause the processor to;
  
  receive an incoming client request for access to a resource;
  
  parse the client request to determine at least one parameter associated with the client;
  
  forward at least the parameter to a throttling module configured to analyze individual client aggregate usage history related to the parameter and determine whether to allow the client access to the resource using a rule corresponding to the parameter of the request, the individual client aggregate usage history in aggregate corresponding to any related request by the client received by any related component across the electronic environment being operable to provide access to the resource, at least a portion of the individual client aggregate usage history having been propagated to the throttling module by any related component across the electronic environment being operable to provide access to the resource;
  
  forward the client request in order to provide access to the resource when the throttling module returns a decision to allow access; and
  
  return a response indicating that access will not be provided in response to the client request when the throttling module returns a decision not to allow access.
- View Dependent Claims (18, 19, 20)
- - 18. A system according to claim 17, wherein the memory device further includes instructions that, when executed by the processor, cause the processor to:
    - receive a request to set a rule for access to the resource;
      
      parse the client request to determine the rule to apply;
      
      apply the rule to the client request for which access to the resource is controlled by the throttling module; and
      
      propagate the rule to any other throttling module being operable to provide access to the resource in response to the client request.
  - 19. A system according to claim 17, wherein the memory device further includes instructions that, when executed by the processor, cause the processor to:
    - place data for the rule into a job queue before a time of an effective date sent with the request; and
      
      process the rule from the job queue at the effective date.
  - 20. A system according to claim 17, wherein the memory device further includes instructions that, when executed by the processor, cause the processor to:
    - record information indicating receiving of the client request; and
      
      forward the information to any other component capable of receiving and processing the client request.

21. A system for dynamically determining whether to allow access to data in a distributed electronic environment, comprising:
- a processor; and
  
  a memory device including instructions that, when executed by the processor, cause the processor to;
  
  receive an incoming client request for data to a Web service controlling access to the data;
  
  parse the client request to determine at least one token associated with the client;
  
  forward the token to a throttling module configured to analyze individual client aggregate usage history related to the token and determine whether to allow the client access to the data using a rule corresponding to the token of the request, the individual client aggregate usage history corresponding to any related request by the client received by any of a plurality of servers being operable to provide access to the data in response to the request, at least a portion of the individual client aggregate usage history having been propagated to the throttling module by any of a plurality of servers being operable to provide access to the data in response to the request;
  
  forward the client request to one of the plurality of servers in order to provide access to the data when the throttling module returns a decision to allow access; and
  
  return a response indicating that access will not be provided in response to the client request when the throttling module returns a decision not to allow access.

22. A computer program product embedded in a computer readable non-transitory medium for determining whether to allow access to a resource in an electronic environment, comprising:
- program code for receiving a client request for access to a resource;
  
  program code for parsing the request to determine at least one parameter associated with the request;
  
  program code for forwarding at least the parameter to a throttling module configured to analyze aggregate usage history related to the parameter and determine whether to allow access to the resource using a rule corresponding to the parameter of the request, the aggregate usage history in aggregate corresponding to any related amount of requests by a client received by any related component across the electronic environment being operable to provide access to the resource, at least a portion of the aggregate usage history having been propagated to the throttling module by any related component across the electronic environment being operable to provide access to the resource;
  
  program code for forwarding the request in order to provide access to the resource when the throttling module returns a decision to allow access; and
  
  program code for returning a response indicating that access will not be provided in response to the request when the throttling module returns a decision not to allow access.
- View Dependent Claims (23, 24, 25)
- - 23. A computer program product according to claim 22, further comprising:
    - program code for receiving a request to set a rule for access to the resource;
      
      program code for parsing the client request to determine the rule to apply;
      
      program code for applying the rule to the client request for which access to the resource is controlled by the throttling module; and
      
      program code for propagating the rule to any other throttling module being operable to provide access to the resource in response to the client request.
  - 24. A computer program product according to claim 22, further comprising:
    - program code for placing data for the rule into a job queue before a time of an effective date sent with the request; and
      
      program code for processing the rule from the job queue at the effective date.
  - 25. A computer program product according to claim 22, further comprising:
    - program code for recording information indicating receiving of the client request; and
      
      program code for forwarding the information to any other component capable of receiving and processing the client request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Tavis, Matthew T., Sanyal, Soumya, Powers, Ernest S. III, Zhou, Mack, Slotnick, Stephen A., Hui, John Wai Yam, Schermerhorn, Porter
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
Cribbs, Malcolm

Application Number

US12/164,709
Time in Patent Office

1,555 Days
Field of Search

726/1, 726/2, 726/7, 726/9, 726 26- 33, 705 50- 54, 705 57- 59
US Class Current

726/9
CPC Class Codes

G06F 21/105   Arrangements for software l...

G06F 21/1077   Recurrent authorisation

G06F 40/205   Parsing

H04L 47/125   by balancing the load, e.g....

H04L 47/741   Holding a request until res...

H04L 47/745   Reaction in network

H04L 47/823   Prediction of resource usage

H04L 47/826   Involving periods of time

H04L 63/10   for controlling access to d...

H04L 63/108   when the policy decisions a...

H04L 63/1441   Countermeasures against mal...

H04L 63/20   for managing network securi...

H04L 67/01   Protocols

H04L 67/02   based on web technology, e....

H04L 67/535   Tracking the activity of th...

H04L 67/60   Scheduling or organising th...

Dynamic throttling systems and services

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

81 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic throttling systems and services

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

81 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links