摘要 |
<p>It is a major aspect of the present invention to identify and control unsolicited traffic, in particular by limiting or entirely blocking unsolicited traffic in an access network (107) or in a core network (104), e. g. the Internet. This aim is achieved by at least one gate (109), wherein each gate is located between an access network (105, 107) and the core network (109). The gate (109) operates to identify and control unsolicited traffic received from malicious sources (102-1 to 102-N) and to forward permissions or capabilities to sources (101-1 to 101-N; 102-1 to 102-N) wishing to send data by using an authentication authority (113). These functions performed by the gate (109) and the authentication authority (113) are also called edge-based capability (EC) functions. Each source, e. g. a user, a web client or a host computer wanting to send data to a destination (103-1) must receive a permission to send prior to sending. This permission is used to compute a mark for every packet so that the gate (109) is able to distinguishing authenticated (111) from unsolicited (112) traffic and thus to allow only authenticated traffic to pass the gate (109).</p> |