Secure ISN generation
First Claim
1. In a local server that receives data from one or more remote clients over a data transport protocol, a method of generating an initial sequence number for use by a remote client when assigning sequence numbers to one or more data packets to be sent to the local server, the initial sequence number generated in a manner that prevents the local server from being attacked while maintaining reliable data transfer, the method comprising the acts of:
- generating a random input key using arbitrary information maintained secret by the local server;
receiving a connection identifier key that includes connection information for at least the remote client;
securely initializing a hash function with at least a portion of the random input key and at least a portion of the connection identifier key for determining an intermediate value of an initial sequence number;
creating a monotonically increasing counter for ensuring that a same connection identifier does not have data collisions from competing sequence numbers within a predetermined period of time, and for ensuring randomness of the initial sequence number on a per connection basis for preventing attacks on the local server;
incrementing the counter a fixed value based on a passage of a predetermined time period;
incrementing the counter a variable amount depending upon a rate of connections with the local server, wherein if the rate of connections is beyond a threshold value the variable increment is based on an elapsed time, otherwise the variable increment is based on each connection established with the local server; and
combining the intermediate value, the fixed value and the variable amount for generating the initial sequence number.
2 Assignments
0 Petitions
Accused Products
Abstract
An initial sequence number generator is provided that prevents the local server from being attacked while maintaining reliable data transfer. A random intermediate value is created that is unique to each connection identifier and is combined with a random value created from a global counter to generate the initial sequence number. The counter capable of monotonically increasing by both a fixed and variable amount for ensuring that the same connection identifier does not have data collisions from competing sequence numbers within a predetermined period of time, and also to ensures randomness of the initial sequence number on a per connection basis for preventing attacks on the local server.
15 Citations
40 Claims
-
1. In a local server that receives data from one or more remote clients over a data transport protocol, a method of generating an initial sequence number for use by a remote client when assigning sequence numbers to one or more data packets to be sent to the local server, the initial sequence number generated in a manner that prevents the local server from being attacked while maintaining reliable data transfer, the method comprising the acts of:
-
generating a random input key using arbitrary information maintained secret by the local server;
receiving a connection identifier key that includes connection information for at least the remote client;
securely initializing a hash function with at least a portion of the random input key and at least a portion of the connection identifier key for determining an intermediate value of an initial sequence number;
creating a monotonically increasing counter for ensuring that a same connection identifier does not have data collisions from competing sequence numbers within a predetermined period of time, and for ensuring randomness of the initial sequence number on a per connection basis for preventing attacks on the local server;
incrementing the counter a fixed value based on a passage of a predetermined time period;
incrementing the counter a variable amount depending upon a rate of connections with the local server, wherein if the rate of connections is beyond a threshold value the variable increment is based on an elapsed time, otherwise the variable increment is based on each connection established with the local server; and
combining the intermediate value, the fixed value and the variable amount for generating the initial sequence number. - View Dependent Claims (2, 3, 4, 5, 6, 8, 9, 10)
-
-
7. The method of claim wherein 1, wherein the arbitrary information maintained as a secret by the local server is based on timing, state conditions for the local server, or both, at boot up time of the local server, which include one or more of a time of day, a day of month, a month, a year, a local server hard drive head position, and whether input was detected by hardware of the local server.
-
11. In a local server that receives data from one or more remote clients over a data transport protocol, a method of generating an initial sequence number for use by a remote client when assigning sequence numbers to one or more data packets to be sent to the local server, the initial sequence number generated in a manner that prevents the local server from being attacked while maintaining reliable data transfer, the method comprising the steps for:
-
determining an intermediate value of an initial sequence number by hashing a random input key and a connection identifier key, which includes connection information for at least the remote client, the random input key being generated using arbitrary information maintained secret by the local server;
ensuring that a same connection identifier does not have data collisions from competing sequence numbers within a predetermined period of time, and ensuring randomness of the initial sequence number on a per connection basis for preventing attacks on the local server by monotonically incrementing a counter both a fixed value based on a passage of a predetermined time period and a variable amount depending upon a rate of connections with the local server, wherein if the rate of connections is beyond a threshold value the variable increment is based on an elapsed time, otherwise the variable increment is based on each connection established with the local server; and
generating the initial sequence number by combining the intermediate value, the fixed value and the variable amount. - View Dependent Claims (12, 13, 14, 15, 16, 18, 19, 20)
-
-
17. The method of claim wherein 11, wherein the arbitrary information maintained as a secret by the local server is based on timing, state conditions for the local server, or both, at boot up time of the local server, which include one or more of a time of day, a day of month, a month, a year, a local server hard drive head position, and whether input was detected by hardware of the local server.
-
21. For a local server that receives data from one or more remote clients over a data transport protocol, a computer program product comprising computer readable media carrying computer executable instructions that implement a method of generating an initial sequence number for use by a remote client when assigning sequence numbers to one or more data packets to be sent to the local server, the initial sequence number generated in a manner that prevents the local server from being attacked while maintaining reliable data transfer, the method comprising the acts of:
-
generating a random input key using arbitrary information maintained secret by the local server;
receiving a connection identifier key that includes connection information for at least the remote client;
securely initializing a hash function with at least a portion of the random input key and at least a portion of the connection identifier key for determining an intermediate value of an initial sequence number;
creating a monotonically increasing counter for ensuring that a same connection identifier does not have data collisions from competing sequence numbers within a predetermined period of time, and for ensuring randomness of the initial sequence number on a per connection basis for preventing attacks on the local server;
incrementing the counter a fixed value based on a passage of a predetermined time period;
incrementing the counter a variable amount depending upon a rate of connections with the local server, wherein if the rate of connections is beyond a threshold value the variable increment is based on an elapsed time, otherwise the variable increment is based on each connection established with the local server; and
combining the intermediate value, the fixed value and the variable amount for generating the initial sequence number. - View Dependent Claims (22, 23, 24, 25, 26, 28, 29, 30)
-
-
27. The computer program product of claim wherein 21, wherein the arbitrary information maintained as a secret by the local server is based on timing, state conditions for the local server, or both, at boot up time of the local server, which include one or more of a time of day, a day of month, a month, a year, the local server hard drive position, and whether input was detected by hardware of the local server.
-
31. For a local server that receives data from one or more remote clients over a data transport protocol, a computer program product comprising computer readable media carrying computer executable instructions that implement a method of generating an initial sequence number for use by a remote client when assigning sequence numbers to one or more data packets to be sent to the local server, the initial sequence number generated in a manner that prevents the local server from being attacked while maintaining reliable data transfer, the method comprising the steps for:
-
determining an intermediate value of an initial sequence number by hashing a random input key and a connection identifier key, which includes connection information for at least the remote client, the random input key being generated using arbitrary information maintained secret by the local server;
ensuring that a same connection identifier does not have data collisions from competing sequence numbers within a predetermined period of time, and ensuring randomness of the initial sequence number on a per connection basis for preventing attacks on the local server by monotonically incrementing a counter both a fixed value based on a passage of a predetermined time period and a variable amount depending upon a rate of connections with the local server, wherein if the rate of connections is beyond a threshold value the variable increment is based on an elapsed time, otherwise the variable increment is based on each connection established with the local server; and
generating the initial sequence number by combining the intermediate value, the fixed value and the variable amount. - View Dependent Claims (32, 33, 34, 35, 36, 38, 39, 40)
-
-
37. The computer program product of claim wherein 31, wherein the arbitrary information maintained as a secret by the local server is based on timing, state conditions for the local server, or both, at boot up time of the local server, which include one or more of a time of day, a day of month, a month, a year, the local server hard drive position, and whether input was detected by hardware of the local server.
Specification