Many modern online systems that are required to scale to millions of user requests need to authenticate each user request (or at least a large proportion) in order to verify the identity of a user. For example, an IoT appliance may report an athlete's heart rate and location every second to an online server. This may be achieved by a wearable, such as a smart watch or the like, worn by the athlete that is configured to report the aforementioned statistics to the online server; for example, the statistics may be reported to an online service using a REST service over https. In order to ensure that the information is being saved correctly and the privacy of the athlete is being maintained, it will be required to authenticate each request. This may require the user name and password to be resent on every request and re-authentication to be performed on every request. Or, alternatively, upon successful verification of the login information, a new access token or the like will be generated and returned to the IoT appliance which in turn stores that particular token and sends it on every subsequent request to the online server.
Unfortunately, the difficulty with the above approaches is that the memory complexity of tracking authentication status can scale linearly to the number of users. For example, the conventional systems as described above may utilize cookies, session ids, tokens, etc. of a user who recently authenticated successfully in order to track the authentication status. However, the use of any of the aforementioned cookies, session ids, tokens, etc. requires a value associated therewith to be compared against a stored value in order to facilitate authentication. This may require an expensive scan of a potentially enormous database table on every request which can significantly impact performance. This presents a challenge with respect to scaling, because the number of rows in the database table, and thus the cost of locating a particular row, is proportional to the number of users. There is, therefore, a need to address this particular issue regardless scaling. The present invention is directed towards at least addressing this issue.