Statistical security for anonymous mesh-up oriented online services

摘要

Web pages and applications commonly consume functionality provided by services to provide users with a rich experience. For example, a backend mapping service may provide access to these services. However, the users and application consuming the services may be anonymous and unverified. Accordingly, a two ticket validation technique is provided to validate service execution requests from anonymous applications. In particular, a user is provided with a client ticket comprising a reputation. The reputation may be adjusted over time based upon how the user consumes services. An application may request access to a service by providing the client ticket and an application ticket for validation. The reputation of the user may be used to determine an access level at which the application may access the service. Users with a high reputation may receive high quality access to the service, while users with a low reputation may receive lower quality access.

主权项

1. A method for validating server execution requests, comprising:
receiving a service execution request comprising:
a client ticket having a reputation value for an anonymous user that is automatically determined based upon user interaction with one or more services through one or more applications;an application ticket having an application identification (ID) identifying the application; anda request for execution of a service; identifying a service policy corresponding to the service; determining, from the service policy, one or more reputation threshold values based upon the application ID, wherein each of the one or more reputation threshold values correspond to one or more access levels; comparing the reputation value to the one or more reputation threshold values; and validating the service execution request when the reputation value is greater than at least one of the one or more reputation threshold values.