What technology area does this patent fall under?

Primary CPC classification H04L63/0807. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Jan 01 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B1). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Method and apparatus for limiting traffic rate to an origin server

US10171446B1 · US · B1

Patent metadata
Field	Value
Publication number	US-10171446-B1
Application number	US-201815939174-A
Country	US
Kind code	B1
Filing date	Mar 28, 2018
Priority date	Oct 13, 2017
Publication date	Jan 1, 2019
Grant date	Jan 1, 2019

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

A method and an apparatus of limiting a rate at which traffic is received at an origin server are described. A first request for a resource at an origin server is received at a proxy server from a client device. A first response that includes a refresh instruction, a first refresh time, and a first cryptographic token that is not valid until a first predetermined time is reached is transmitted to the client device. The refresh instruction is to cause the client device to request the resource after the first refresh time has elapsed. As a result of the refresh instruction a second request for the resource is received from the client device. The second request includes the first cryptographic token. Responsive to determining that the first cryptographic token is valid, fulfilling the request.

First claim

Opening claim text (preview).

What is claimed is: 1. A method in a proxy server of limiting a rate at which traffic is received at an origin server, the method comprising: receiving, from a client device, a first request for a resource at an origin server; transmitting, to the client device, a first response that includes a refresh instruction, a first refresh time, and a first cryptographic token that is not valid until a first predetermined time is reached, and wherein the refresh instruction is to cause the client device to request the resource after the first refresh time has elapsed; receiving as a result of the refresh instruction a second request for the resource from the client device, wherein the second request includes the first cryptographic token; determining that the first cryptographic token is not valid; and responsive to determining that the first cryptographic token is not valid, performing: (a) determining a number of requests that are to be transmitted to the origin server as a result of validity of their respective cryptographic token, (b) responsive to determining, based on the number of requests that are to be transmitted to the origin server and based on a maximum number of client devices that can access the origin server during a predetermined interval of time, that the second request can be assigned a second cryptographic token that is not valid until a second predetermined time is reached, wherein the second predetermined time occurs earlier than the first predetermined time, transmitting a second response including the refresh instruction, a second refresh time, and the second cryptographic token, (c) responsive to determining that the second request cannot be assigned the second cryptographic token, transmitting a third response that includes the refresh instruction, the first refresh time, and the first cryptographic token, (d) receiving a third request for the resource from the client device, wherein the third request includes at least one of the first cryptographic token and the second cryptographic token, (e) repeating (a), (b), (c) and (d) until receiving a request from the client device that includes at least one of the first cryptographic token and the second cryptographic token that is valid, and (f) responsive to determining that at least one of the first cryptographic token and the second cryptographic token is valid, fulfilling the third request. 2. The method of claim 1 further comprising: receiving a fourth request for the resource from the client device, wherein the fourth request includes a third cryptographic token; determining that the third cryptographic token is valid; and responsive to determining that the third cryptographic token is valid, fulfilling the fourth request. 3. The method of claim 1 , wherein the number of requests that are to be transmitted to the origin server is a moving average. 4. The method of claim 1 , wherein the number of requests that are to be transmitted to the origin server includes requests addressed to the origin server from client devices in one or more geographical locations. 5. The method of claim 1 , wherein the first cryptographic token includes a time-based one time password and the first predetermined time. 6. The method of claim 1 further comprising receiving as input the maximum number of client devices that can access the origin server during the predetermined interval of time. 7. A proxy server for limiting a rate at which traffic is received at an origin server, the proxy server comprising: a non-transitory computer readable storage medium to store instructions; and a processor coupled with the non-transitory computer readable storage medium to process the stored instructions to: receive, from a client device, a first request for a resource at an origin server, transmit, to the client device, a first response that includes a refresh instruction, a first refresh time, and a first cryptographic token that is not valid until a first predetermined time is reached, and wherein the refresh instruction is to cause the client device to request the resource after the first refresh time has elapsed, receive as a result of the refresh instruction a second request for the resource from the client device, wherein the second request includes the first cryptographic token, determine that the first cryptographic token is not valid, and responsive to determining that the first cryptographic token is not valid, perform: (a) determine a number of requests that are to be transmitted to the origin server as a result of validity of their respective cryptographic token, (b) responsive to determining, based on the number of requests that are to be transmitted to the origin server and based on a maximum number of client devices that can access the origin server during a predetermined interval of time, that the second request can be assigned a second cryptographic token that is not valid until a second predetermined time is reached, wherein the second predetermined time occurs earlier than the first predetermined time, transmit a second response including the refresh instruction, a second refresh time, and the second cryptographic token, (c) responsive to determining that the second request cannot be assigned the second cryptographic token, transmit a third response that includes the refresh instruction, the first refresh time, and the first cryptographic token, (d) receive a third request for the resource from the client device, wherein the third request includes at least one of the first cryptographic token and the second cryptographic token, (e) repeat (a), (b) (c) and (d) until receiving a request from the client device that includes at least one of the first cryptographic token and the second cryptographic token that is valid, and (f) responsive to determining that at least one of the first cryptographic token and the second cryptographic token is valid, fulfil the third request. 8. The proxy server of claim 7 , wherein the processor is further to: receive a fourth request for the resource from the client device, wherein the fourth request includes a third cryptographic token; determine that the third cryptographic token is valid; and responsive to determining that the third cryptographic token is valid, fulfil the fourth request. 9. The proxy server of claim 7 , wherein the number of requests that are to be transmitted to the origin server is a moving average. 10. The proxy server of claim 7 , wherein the number of requests that are to be transmitted to the origin server includes requests addressed to the origin server from client devices in one or more geographical locations. 11. The proxy server of claim 7 , wherein the first cryptographic token includes a time-based one time password and the first predetermined time. 12. The proxy server of claim 7 , wherein the processor is further to receive as input the maximum number of client devices that can access the origin server during the predetermined interval of time. 13. A non-transitory computer readable storage medium that provide instructions, which when executed by a processor of a proxy server, cause said processor to perform operations comprising: receiving, from a client device, a first request for a resource at an origin server; transmitting, to the client device, a first response that includes a refresh instruction, a first refresh time, and a first cryptographic token that is not valid until a first predetermined time is reached, and wherein the refresh instruction is to cause the client device to request the resource after the first refresh time has elapsed; receiving as a result of the refresh instruction a second re

Assignees

Cloudflare Inc

Inventors

Classifications

G06F21/335
for accessing specific resources, e.g. using Kerberos tickets · CPC title
H04L63/0807Primary
using tickets, e.g. Kerberos (cryptographic mechanisms or cryptographic arrangements for entity authentication using tickets or tokens H04L9/3213) · CPC title
H04L63/108
when the policy decisions are valid for a limited amount of time · CPC title
H04L63/0838
using one-time-passwords · CPC title
H04L63/1458
Denial of Service · CPC title

Patent family

Related publications grouped by family.

View patent family 62013838

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US10171446B1 cover?: A method and an apparatus of limiting a rate at which traffic is received at an origin server are described. A first request for a resource at an origin server is received at a proxy server from a client device. A first response that includes a refresh instruction, a first refresh time, and a first cryptographic token that is not valid until a first predetermined time is reached is transmitted …
Who is the assignee on this patent?: Cloudflare Inc
What technology area does this patent fall under?: Primary CPC classification H04L63/0807. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Jan 01 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B1). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).