The software allows an entity to perform a legitimate but expensive operation before authentication or authorization has taken place.