Securing an accessible computer system

US 9,288,218 B2
Filed: 03/19/2010
Issued: 03/15/2016
Est. Priority Date: 08/24/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A method for securing an accessible computer system, the method comprising:

counting, at a switch that performs load balancing for access provider systems, a cumulative number of access requests initiated by an access requestor to all of the access provider systems during a first period of time;

determining, by the switch, that the cumulative number of access requests exceeds a threshold number, even though a number of access requests to each of the access provider systems alone is less than the threshold number;

denying, at the switch, access by the access requestor to the access provider systems in response to determining that the cumulative number of access requests exceeds the threshold number; and

restarting a time out period during which the access requestor is denied access based on detecting, at the switch, receipt of another access request from the access requestor before the time out period expires.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

To secure an accessible computer system, the computer system is monitored for connection transactions. An access requestor is denied access to the computer system when the access requestor initiates a number of connection transactions that exceed a configurable threshold number during a first configurable period of time. The monitoring may include detecting connection transactions initiated by the access requestor, counting the number of connection transactions initiated by the access requestor during the first configurable period of time, and comparing the number of connection transactions initiated by the access requestor during the first configurable period of time to the configurable threshold number.

124 Citations

18 Claims

1. A method for securing an accessible computer system, the method comprising:
- counting, at a switch that performs load balancing for access provider systems, a cumulative number of access requests initiated by an access requestor to all of the access provider systems during a first period of time;
  
  determining, by the switch, that the cumulative number of access requests exceeds a threshold number, even though a number of access requests to each of the access provider systems alone is less than the threshold number;
  
  denying, at the switch, access by the access requestor to the access provider systems in response to determining that the cumulative number of access requests exceeds the threshold number; and
  
  restarting a time out period during which the access requestor is denied access based on detecting, at the switch, receipt of another access request from the access requestor before the time out period expires.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the determining further includes comparing, using the switch, the cumulative number of access requests to the threshold number.
  - 3. The method of claim 1, wherein the denying of access includes denying access by the access requestor to the access provider systems for a second period of time.
  - 4. The method of claim 1, wherein the denying of access includes denying access by the access requestor to the access provider systems for a second period of time after detecting a most recent access request received from the access requestor at the switch.
  - 5. The method of claim 1, wherein the determining further includes determining, by the switch, whether a total number of access requests initiated to all of the access provider systems by the access requestor during the first period of time exceeds the threshold number.

6. A method comprising:
- monitoring, at a switch connected to access provider systems, for access requests by an access requestor to the access provider systems;
  
  based on the monitoring, determining, by the switch, whether a cumulative number of access requests, received from the access requestor during a first period of time and handled by more than one of the access provider systems, exceeds a threshold number;
  
  denying, at the switch and for a second period of time, access by the access requestor to the access provider systems in response to a determination that the cumulative number of access requests exceeds the threshold number; and
  
  restarting the second period of time during which the access requestor is denied access in response to detecting, at the switch, receipt of another access request from the access requestor before the second period of time expires.
- View Dependent Claims (7, 8, 9)
- - 7. The method of claim 6, wherein the monitoring further includes counting, using the switch, a cumulative number of access requests for all of the access provider systems connected to the switch initiated by the access requestor during the first period of time.
  - 8. The method of claim 7, wherein the determining further includes comparing, using the switch, the cumulative number of access requests for all of the access provider systems to the threshold number.
  - 9. The method of claim 8, wherein the denying of access further includes denying, using the switch, access by the access requestor to all of the access provider systems connected to the switch when the comparison indicates that the cumulative number of access requests for all of the access provider systems exceeds the threshold number.

10. A switch comprising:
- a processor; and
  
  a memory encoded with machine readable instructions that, when executed by the processor, operate to cause the processor to perform operations comprising;
  
  performing load balancing for access provider systems;
  
  counting a cumulative number of access requests initiated by an access requestor to all of the access provider systems during a first period of time;
  
  determining that the cumulative number of access requests exceeds a threshold number, even though a number of access requests to each of the access provider systems alone is less than the threshold number;
  
  denying, at the switch, access by the access requestor to the access provider systems in response to determining that the cumulative number of access requests exceeds the threshold number; and
  
  restarting a time out period during which the access requestor is denied access based on detecting receipt of another access request from the access requestor before the time out period expires.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The switch of claim 10, wherein the determining further includes comparing, using the switch, the cumulative number of access requests to the threshold number.
  - 12. The switch of claim 10, wherein the denying of access includes denying access by the access requestor to the access provider systems for a second period of time.
  - 13. The switch of claim 10, wherein the denying of access includes denying access by the access requestor to the access provider systems for a second period of time after detecting a most recent access request received from the access requestor at the switch.
  - 14. The switch of claim 10, wherein the determining further includes determining whether a total number of access requests initiated to all of the access provider systems by the access requestor during the first period of time exceeds the threshold number.

15. A switch comprising:
- a processor; and
  
  a memory encoded with machine readable instructions that, when executed by the processor, operate to cause the processor to perform operations comprising;
  
  monitoring for access requests by an access requestor to access provider systems connected to the switch;
  
  based on the monitoring, determining whether a cumulative number of access requests, received from the access requestor during a first period of time and handled by more than one of the access provider systems, exceeds a threshold number;
  
  denying, at the switch and for a second period of time, access by the access requestor to the access provider systems in response to a determination that the cumulative number of access requests exceeds the threshold number; and
  
  restarting the second period of time during which the access requestor is denied access in response to detecting, at the switch, receipt of another access request from the access requestor before the second period of time expires.
- View Dependent Claims (16, 17, 18)
- - 16. The switch of claim 15, wherein the monitoring further includes counting a cumulative number of access requests for all of the access provider systems connected to the switch initiated by the access requestor during the first period of time.
  - 17. The switch of claim 16, wherein the determining further includes comparing the cumulative number of access requests for all of the access provider systems to the threshold number.
  - 18. The switch of claim 17, wherein the denying of access further includes denying access by the access requestor to all of the access provider systems connected to the switch when the comparison indicates that the cumulative number of access requests for all of the access provider systems exceeds the threshold number.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avago Technologies International Sales Pte Limited (Broadcom, Inc.)
Original Assignee
AOL Inc. (Apollo Global Management, Inc.), Foundry Networks LLC (Broadcom, Inc.)
Inventors
Barrett, Joseph G., Wright, Christopher J., Blake, Victor R., Stehnach, Thomas, Jalan, Rajkumar
Primary Examiner(s)
Chea, Philip
Assistant Examiner(s)
Nguyen, Van Kim T

Application Number

US12/727,499
Publication Number

US 20100235506A1
Time in Patent Office

2,188 Days
Field of Search

709/225, 709/226, 709/227, 709/228, 709/229
US Class Current

1/1
CPC Class Codes

H04L 45/50   using label swapping, e.g. ...

H04L 47/822   Collecting or measuring res...

H04L 63/1408   by monitoring network traff...

H04L 63/1458   Denial of Service

Securing an accessible computer system

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

124 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Securing an accessible computer system

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

124 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links