Information security – Monitoring or scanning of software or data including attack...
Reexamination Certificate
2008-09-09
2008-09-09
Barron, Jr., Gilberto (Department: 2132)
Information security
Monitoring or scanning of software or data including attack...
C726S013000
Reexamination Certificate
active
10152541
ABSTRACT:
An approach for preventing denial-of-service attacks on Secure Sockets Layer (“SSL”) protocol is described. Queues are generated for handshake state connections and data transmission connections. A connection object representing a new SSL connection is time-stamped as it enters the handshake portion of the SSL protocol. A connection pointer to the connection object is placed at the head of the handshake queue. As new SSL messages are transferred between client and SSL server, the time-stamp is updated when the entire message is received, the connection pointer is repositioned to the head of the queue. A timer event periodically surveys the queues. If connection packet transmission gaps remain below a specified maximum handshake gap time, a connection is allowed to progress to the data transmission state. If any connection exceeds the specified gap time, the SSL connection is dropped.
REFERENCES:
patent: 6094485 (2000-07-01), Weinstein et al.
patent: 6799202 (2004-09-01), Hankinson et al.
patent: 6907042 (2005-06-01), Oguchi
patent: 2002/0108059 (2002-08-01), Canion et al.
patent: 2002/0184489 (2002-12-01), Mraz
patent: 2003/0028803 (2003-02-01), Bunker et al.
patent: 2003/0145226 (2003-07-01), Bruton et al.
A. Juels et al., “Client Puzzles: A Cryptographic Countermeasure Against Connection Depletion Attacks,” in S. Kent, editor,Proceedings of NDDS '99(Networks and Distributed Security Systems), pp. 151-165, 1999.
D. Dean et al., “Using Client Puzzles to Protect TLS,” 10th Annual USENIX Security Symposium, 2001.
Barfield Brad
Branum, Jr. Robert R.
Fritzges Eric
Grimm Martin
Prasad Hema
Barron Jr. Gilberto
Cisco Technology Inc.
Hickman Palermo & Truong & Becker LLP
Nobahar Abdulhakim
LandOfFree
Method and system for prevention of network... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and system for prevention of network..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and system for prevention of network... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3940213