Source throttling using CPU stamping

US 7,430,607 B2
Filed: 05/25/2005
Issued: 09/30/2008
Est. Priority Date: 05/25/2005
Status: Expired due to Fees

First Claim

Patent Images

1. A computer-readable storage media having computer-executable components for managing web requests being received by a server from a client, said web requests each including header data including message identification (message ID) data identifying unique message data included in the web request and client identification (client ID) data identifying a particular client sending the web request, said components comprising:

a sending component for sending a reply message to the client for each received web request having different message ID data, said reply message including transformation data and instructions to compute stamp data as a function of the transformation data;

a generating component for generating verification data as a function of the stamp data included in an additional web request received from the client;

a comparing component for comparing the generated verification data to the stamp data included in the additional web request received from the client; and

a processing component for processing the additional web request if the stamp data of the additional web request corresponds to the generated verification data wherein the generating component generates as part of the generated verification data a first verification data value as a function of the message ID data and a second verification data value as a function of the client ID data.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for managing one or more web requests provided to a web application from a client computer. An application is responsive to a web request to generate verification data. The application sends a reply to the client to calculate a stamp as a function of the generated verification data. The application is responsive to an additional request from the client including the calculated stamp to determine if it corresponds to the generated verification data. If the calculated stamp corresponds to the generated verification data, the additional web request is submitted to the web application for processing. A Web server subject to a DOS attack will be able to distinguish between genuine users(who generate stamps) and malicious users(who will not generate stamps) and over a period of time be able to restore service to the former and deny to the latter.

71 Citations

View as Search Results

17 Claims

1. A computer-readable storage media having computer-executable components for managing web requests being received by a server from a client, said web requests each including header data including message identification (message ID) data identifying unique message data included in the web request and client identification (client ID) data identifying a particular client sending the web request, said components comprising:
- a sending component for sending a reply message to the client for each received web request having different message ID data, said reply message including transformation data and instructions to compute stamp data as a function of the transformation data;
  
  a generating component for generating verification data as a function of the stamp data included in an additional web request received from the client;
  
  a comparing component for comparing the generated verification data to the stamp data included in the additional web request received from the client; and
  
  a processing component for processing the additional web request if the stamp data of the additional web request corresponds to the generated verification data wherein the generating component generates as part of the generated verification data a first verification data value as a function of the message ID data and a second verification data value as a function of the client ID data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computer-readable storage media of claim 1, wherein the processing component transfers the received additional web request to a general data pool for future processing if the stamp data of the additional web request does not correspond to the generated verification data.
  - 3. The computer-readable storage media of claim 1, wherein the generating component executes a first hash function to convert the message ID data to the first verification data value and a second hash function to convert the client ID data to the second verification data value.
  - 4. The computer-readable storage media of claim 1, wherein the web request includes unique message data specifying content for the server to retrieve, and wherein the processing component retrieves the specified content if the stamp data included in the additional web request corresponds to the generated verification data.
  - 5. The computer-readable storage media of claim 4, wherein the sending component further sends a reply message instructing the client to compute a stamp for each web request having different client ID data.
  - 6. The computer-readable storage media of claim 1, wherein the web request includes a plurality of addresses at which the server is to deliver the unique message data included in the web request, and wherein the processing component distributes the unique message data to each of the plurality of addresses if the stamp data included in the additional web request corresponds the generated verification data.
  - 7. The computer-readable storage media of claim 6, wherein the sending component sends a reply message instructing the client to compute a stamp for each different address included in the web request.
  - 8. The computer-readable storage media of claim 1 further including a filtering component for identifying a reoccurring web request as a function of message ID data included in the header data of the received web request, and excluding the identified reoccurring web request from processing.
  - 9. The computer-readable storage media of claim 1 wherein the transformation data included in the reply message includes a first hash function for converting the message ID data to a first stamp data value and a second hash function for converting the client ID data to a second stamp data value, and wherein transformation data further defines a finite field from which the first and second stamp data values are must be members, whereby the client generates the stamp data as a function of the first and second stamp data values.
  - 10. The computer-readable storage media of claim 9, wherein the stamp data included in the additional service request includes an exponent value x, and wherein the generating component executes the first hash function to converting the message ID data to a first verification data value and a second hash function for converting the client ID data to a second verification data value, and wherein the comparing component executes the following algorithm:
    - a_v^x=b_v,where a_vis the first verification data value and b_vis the second verification data value and both a_vand b_vare members of a finite field F, where the processing component processes the additional web request if the first verification data value raised to the exponent value equals the second verification data value, wherein the processing component transfers the received additional web request to a general data pool for future processing if the first verification data value raised to the exponent value does not equal the second verification data value.

11. A method for throttling a client sending a plurality of content requests to a server, said content request including message data specifying content for retrieval, said method comprising:
- receiving, at the server, one of a plurality of content request from the client;
  
  transmitting to a client a response message with instructions to compute a stamp as a function of transformation data for each client;
  
  receiving, at the server, an additional content request having a computed stamp from the client; and
  
  generating verification data as a function of header data included in the received additional content request and assigning processing priority to received additional messages from the client which have a computed stamp corresponding to the generated verification data wherein the header data included in each content request includes client identification (client ID) data identifying a particular client sending the request and message identification (message ID) data identifying unique input message included in the content request, and wherein generating verification data includes generating a first verification data value as a function of the message ID included in the content request and generating a second verification data value as a function of the message ID data, and wherein the transmitting includes transmitting to the client a response message with instructions to compute a stamp for each client identified by the client ID included in the plurality of content request or for each message identified by message ID included in the plurality of content request.
- View Dependent Claims (12, 13)
- - 12. The method of claim 11, wherein assigning processing priority includes retrieving the specified content if the stamp data included in the received additional content request corresponds to the generated verification data.
  - 13. The method of claim 11 further including transferring received additional messages which have a computed stamp that does not corresponds to the generated verification data to general data pool for future processing, and filtering data included in the header of the content request to identify a reoccurring content request, and excluding indentified reoccurring content request from processing.

14. A method for throttling a client sending a distribution request with a plurality of addresses to a server, said distribution request including a message for delivery, said method comprising:
- receiving, at the server, the distribution request from the client;
  
  determining if the distribution request includes a stamp for each address;
  
  generating verification data as a function of header data included in the received distribution request when the determining indicates that the distribution request includes a stamp; and
  
  assigning processing priority to the distribution request received from the client which has a stamp corresponding to the generated verification data wherein the header data included in the distribution request includes client identification (ID) data identifying a particular client sending the distribution request and message identification (ID) data identifying a unique message included in the distribution request, and wherein generating verification data includes generating a first verification data value as a function of the message ID included in the content request and generating a second verification data value as a function of the message ID data.
- View Dependent Claims (15, 16, 17)
- - 15. The method of claim 14, wherein assigning processing priority includes delivering the message to the included in the distribution request if the stamp data included in the received additional distribution request corresponds to the generated verification data.
  - 16. The method of claim 14 further including transferring received distribution requests which have a computed stamp that does not correspond to the generated verification data to general data pool for future processing.
  - 17. The method of claim 14 further including a filtering data included in the header of the distribution request to identify a reoccurring distribution request, and excluding identified reoccurring distribution request from processing.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Simpson, Russell L. Jr., Bolles, Gregory Allin, Mohandas, Radhesh
Primary Examiner(s)
WON, MICHAEL YOUNG

Application Number

US11/137,613
Publication Number

US 20060271708A1
Time in Patent Office

1,224 Days
Field of Search

708/203, 708/225, 708/229, 713/717, 713/172, 713/175
US Class Current

709/229
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 2221/2151   Time stamp

H04L 63/1408   by monitoring network traff...

H04L 63/1458   Denial of Service

Source throttling using CPU stamping

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

71 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Source throttling using CPU stamping

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

71 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links