Abstract: Provided is an unobtrusive client verification system with one verification devices having processors that are configured to receive a first request from an unverified client device, generate a random number in response to receiving the first request from the unverified client device, define a set of expressions as a browser challenge problem that evaluates to an answer specified by the random number, encrypt the answer within an answer token, provide the browser challenge problem with the answer token to the unverified client device, receive a second request with a solution to the browser challenge problem and the answer token from the unverified client device, and verify the unverified client device in response to the solution matching the answer that is decrypted from the answer token provided with the second request.

Abstract: Provided is an unobtrusive client verification system with one verification devices having processors that are configured to receive a first request from an unverified client device, generate a random number in response to receiving the first request from the unverified client device, define a set of expressions as a browser challenge problem that evaluates to an answer specified by the random number, encrypt the answer within an answer token, provide the browser challenge problem with the answer token to the unverified client device, receive a second request with a solution to the browser challenge problem and the answer token from the unverified client device, and verify the unverified client device in response to the solution matching the answer that is decrypted from the answer token provided with the second request.

Abstract: Provided is an unobtrusive client verification system with one verification devices having processors that are configured to receive a first request from an unverified client device, generate a random number in response to receiving the first request from the unverified client device, define a set of expressions as a browser challenge problem that evaluates to an answer specified by the random number, encrypt the answer within an answer token, provide the browser challenge problem with the answer token to the unverified client device, receive a second request with a solution to the browser challenge problem and the answer token from the unverified client device, and verify the unverified client device in response to the solution matching the answer that is decrypted from the answer token provided with the second request.

Abstract: Provided is an unobtrusive client verification system with one verification devices having processors that are configured to receive a first request from an unverified client device, generate a random number in response to receiving the first request from the unverified client device, define a set of expressions as a browser challenge problem that evaluates to an answer specified by the random number, encrypt the answer within an answer token, provide the browser challenge problem with the answer token to the unverified client device, receive a second request with a solution to the browser challenge problem and the answer token from the unverified client device, and verify the unverified client device in response to the solution matching the answer that is decrypted from the answer token provided with the second request.

Abstract: Optimized message flooding is provided for time sensitive or real-time contacting of nodes across a distributed platform. The propagation of messaging across the distributed platform is accelerated based on a parallel fan-out distribution of the flood messaging from increasing numbers of nodes with the distribution occurring over existing connections maintained between different sets of nodes. Responses are propagated via a reverse traversal of the nodes. The reverse traversal is optimized by merging responses at different tiers. A set of triggers set at the different nodes specify conditions with which to identify and preempt the slowest nodes of a lower tier from withholding message flooding completion. As such, desired messaging and responses can be collected from across the distributed platform in a determinate amount of time with minimal overhead.

Abstract: Optimized message flooding is provided for time sensitive or real-time contacting of nodes across a distributed platform. The propagation of messaging across the distributed platform is accelerated based on a parallel fan-out distribution of the flood messaging from increasing numbers of nodes with the distribution occurring over existing connections maintained between different sets of nodes. Responses are propagated via a reverse traversal of the nodes. The reverse traversal is optimized by merging responses at different tiers. A set of triggers set at the different nodes specify conditions with which to identify and preempt the slowest nodes of a lower tier from withholding message flooding completion. As such, desired messaging and responses can be collected from across the distributed platform in a determinate amount of time with minimal overhead.

Abstract: Some embodiments provide distributed rate limiting to combat network based attacks launched against a distributed platform or customers thereof. The distributed rate limiting involves graduated monitoring to identify when an attack expands beyond a single server to other servers operating from within the same distributed platform distribution point, and when the attack further expands from one distributed platform distribution point to other distribution points. Once request rates across the distributed platform distribution points exceed a global threshold, a first set of attack protections are invoked across the distributed platform. Should request rates increase or continue to exceed the threshold, additional attack protections can be invoked. Distributed rate limiting allows any server within the distributed platform to assume command and control over the graduated monitoring as well as escalating the response to any identified attack.

Abstract: Some embodiments implement end-to-end certificate pinning for content intake from various content providers and for content distribution to various end users. To ensure secure retrieval of content provider content, the content distributor pins the content provider to one or more certificate authorities. Accordingly, the content distributor only retrieves content from a sender identified as the content provider when the sender identity is verified with a certificate issued by a certificate authority pinned to the content provider. To ensure secure delivery of content from the content distributor to an end user, the content distributor modifies the pinset of the user browser to pin the content distributor to one or more certificate authorities. Thereafter, the user browser only accepts content from a sender identified as the content distributor when the sender identity is verified with a certificate issued by a certificate authority pinned to the content distributor in the browser pinset.

Abstract: Some embodiments provide distributed rate limiting to combat network based attacks launched against a distributed platform or customers thereof. The distributed rate limiting involves graduated monitoring to identify when an attack expands beyond a single server to other servers operating from within the same distributed platform distribution point, and when the attack further expands from one distributed platform distribution point to other distribution points. Once request rates across the distributed platform distribution points exceed a global threshold, a first set of attack protections are invoked across the distributed platform. Should request rates increase or continue to exceed the threshold, additional attack protections can be invoked. Distributed rate limiting allows any server within the distributed platform to assume command and control over the graduated monitoring as well as escalating the response to any identified attack.

Abstract: Some embodiments implement end-to-end certificate pinning for content intake from various content providers and for content distribution to various end users. To ensure secure retrieval of content provider content, the content distributor pins the content provider to one or more certificate authorities. Accordingly, the content distributor only retrieves content from a sender identified as the content provider when the sender identity is verified with a certificate issued by a certificate authority pinned to the content provider. To ensure secure delivery of content from the content distributor to an end user, the content distributor modifies the pinset of the user browser to pin the content distributor to one or more certificate authorities. Thereafter, the user browser only accepts content from a sender identified as the content distributor when the sender identity is verified with a certificate issued by a certificate authority pinned to the content distributor in the browser pinset.