The rapid growth of computer networks, both public and private, in recent years has been spurred, in large part, by “client/server computing.” In this model, one computing device, the client, requests that another computing device, the server, provide services or features to it. Note that “client” and “server” are used solely to denote the parties in a request transaction. While some computing devices are implemented as dedicated servers that can serve multiple clients, a client and a server can switch roles from one transaction to another. In a “peer-to-peer” network (common, for example, among devices communicating via short range radio), every computing device has the potential to be both a client and a server, serially or simultaneously.
Servers often have to allocate precious resources to fulfill a request for a feature or for a service. Upon receiving a request from a client, a server checks the availability of its resources. Traditionally, if the server does not have the resources to fulfill the request, then the server rejects the request. If the client can proceed without the requested feature or service, then it does so and resubmits the request later, at which time the server may have the necessary resources available to fulfill the request.
In order to ensure that precious server resources are dedicated only to those clients authorized to use them, servers often check the identity of a client making a request. If the client cannot authenticate itself to the satisfaction of the server, then the server rejects the request.
This protection against unauthorized clients is not perfect, however. Some types of requests are made before the authorization process is complete. Processing these requests, even if they are ultimately rejected, consumes some level of server resources. For example, a nefarious client could bring a “denial of service” (DOS) attack against a server by repeatedly making requests of the server. Although this client will fail to authenticate itself and its requests will ultimately be rejected, the server may in the mean time utilize so many resources attempting to authenticate the client during each request that the server exhausts its resource pool until the server is rendered incapable of fulfilling any requests, even those made by authorized clients.