System and method for protecting a computer network against denial of service attacks

US 6,886,102 B1
Filed: 07/14/2000
Issued: 04/26/2005
Est. Priority Date: 07/14/1999
Status: Expired due to Term

First Claim

Patent Images

1. A method for determining whether a sender seeking to send a message to a receiving computer system via a network is an authorized sender, comprising:

receiving from the sender a request to communicate;

selecting a number N1;

calculating a hash value for the number N1 using a predetermined cryptographic hash function;

sending the hash value to the sender;

receiving from the sender a second number N2;

calculating a hash value for the number N2 using the predetermined cryptographic hash function;

comparing the hash value for the number N1 with the hash value for the number N2; and

processing a message received from the sender if at least a prescribed nonzero number of bits of the hash value for the number N1 match the corresponding bits of the hash value for the number N2;

wherein the number N2 is determined by an authorized sender by using the predetermined cryptographic hash function to search for a number (N2) such that at least the prescribed nonzero number of bits of the hash value for the number N2 match the corresponding bits of the hash value for the number N1.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method are disclosed for determining whether a sender seeking to send a message to a receiving computer system via a network is an authorized sender. A request to communicate is received from the sender. A number N1 is selected. A hash value for the number N1 is calculated. The hash value is sent to the sender.

Citations

15 Claims

1. A method for determining whether a sender seeking to send a message to a receiving computer system via a network is an authorized sender, comprising:
- receiving from the sender a request to communicate;
  
  selecting a number N1;
  
  calculating a hash value for the number N1 using a predetermined cryptographic hash function;
  
  sending the hash value to the sender;
  
  receiving from the sender a second number N2;
  
  calculating a hash value for the number N2 using the predetermined cryptographic hash function;
  
  comparing the hash value for the number N1 with the hash value for the number N2; and
  
  processing a message received from the sender if at least a prescribed nonzero number of bits of the hash value for the number N1 match the corresponding bits of the hash value for the number N2;
  
  wherein the number N2 is determined by an authorized sender by using the predetermined cryptographic hash function to search for a number (N2) such that at least the prescribed nonzero number of bits of the hash value for the number N2 match the corresponding bits of the hash value for the number N1.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the hash values are each Y bits long and the requirement that at least a prescribed nonzero number of bits of the hash value for the number N1 match the corresponding bits of the hash value for the number N2 is considered to be satisfied if the first X bits of the hash value for number N1 are the same as the first X bits of the hash value for number N2.
  - 3. The method of claim 1, further comprising not processing a message from the sender it is not the case that at least a prescribed nonzero number of bits of the hash value for the number N1 match the corresponding bits of the hash value for the number N2.
  - 4. The method of claim 1, wherein the number N1 is a random number.
  - 5. The method of claim 1, wherein the number N1 is a random number generated by a pseudo random number generator.
  - 6. The method of claim 1, wherein the cryptographic hash function is the Secure Hash Algorithm (SHA-1).
  - 7. The method of claim 1, further comprising the sender finding the second number N2.

8. A method for determining whether a sender seeking to send a message to a receiving computer system via a network is an authorized sender, comprising:
- receiving from the sender a request to communicate, the request to communicate comprising a number N and a timestamp T;
  
  calculating a hash value for the number N and a hash value for the timestamp T using a predetermined cryptographic hash function; and
  
  determining whether at least a prescribed nonzero number of bits of the hash value for the number N match the corresponding bits of the hash value for the timestamp T;
  
  wherein the number N is determined by an authorized sender by using the predetermined cryptographic hash function to search for a number (N) such that at least a prescribed nonzero number of bits of the hash value for the number N match the corresponding bits of the hash value for the timestamp T.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The method of claim 8, further comprising processing a message received from the sender if at least a prescribed nonzero number of bits of the hash value for the number N matches the corresponding bits of the hash value for the timestamp T.
  - 10. The method of claim 8, further comprising determining whether the timestamp T is within a prescribed interval of the current time.
  - 11. The method of claim 8, further comprising ignoring a message received from the sender if the timestamp T is not within a prescribed interval of the current time.
  - 12. The method of claim 8, further comprising determining whether the number N has been used in any prior request to communicate.
  - 13. The method of claim 12, further comprising ignoring a message received from the sender if the number N has been used in any prior request to communicate.

14. A system for determining whether a sender seeking to send a message to a receiving computer system via a network is an authorized sender, comprising:
- a computer associated with the network configured to;
  
  receive from the sender a request to communicate;
  
  select a number N1;
  
  calculate a hash value for the number N1 using a pre-determined cryptographic hash function;
  
  send the hash value calculated for the number N1 to the sender;
  
  receive from the sender a second number N2;
  
  calculate a hash value for the number N2 using the pre-determined cryptographic hash function;
  
  compare the hash value for the number N1 with the hash value for the number N2; and
  
  process a message received from the sender if at least a prescribed nonzero number of bits of the hash value for the number N1 match the corresponding bits of the hash value for the number N2;
  
  wherein the number N2 is determined by an authorized sender by using the predetermined cryptographic hash function to search for a number (N2) such that at least the prescribed nonzero number of bits of the hash value for the number N2 match the corresponding bits of the hash value for the number N1.

15. A computer program product for determining whether a sender seeking to send a message to a receiving computer system via a network is an authorized sender, the computer program product being embodied in a computer readable medium and comprising computer instructions for:
- receiving from the sender a request to communicate;
  
  selecting a number N1;
  
  calculating a hash value for the number N1 using a predetermined cryptographic hash function;
  
  sending the hash value to the sender;
  
  receiving from the sender a second number N2;
  
  calculating a hash value for the number N2 using the predetermined cryptographic hash function;
  
  comparing the hash value for the number N1 with the hash value for the number N2; and
  
  processing a message received from the sender if at least a prescribed nonzero number of bits of the hash value for the number N1 match the corresponding bits of the hash value for the number N2;
  
  wherein the number N2 is determined by an authorized sender by using the predetermined cryptographic hash function to search for a number (N2) such that at least the prescribed nonzero number of bits of the hash value for the number N2 match the corresponding bits of the hash value for the number N1.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Lyle, Michael P.
Primary Examiner(s)
Morse, Gregory
Assistant Examiner(s)
Lipman, Jacob

Application Number

US09/615,961
Time in Patent Office

1,747 Days
Field of Search

713/178, 713/168, 713/201, 713/184, 709/206
US Class Current

726/23
CPC Class Codes

G06F 21/554   involving event detection a...

H04L 63/126   the source of the received ...

H04L 63/1458   Denial of Service

System and method for protecting a computer network against denial of service attacks

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for protecting a computer network against denial of service attacks

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links