System and method for protecting a computer network against denial of service attacks
First Claim
Patent Images
1. A method for determining whether a sender seeking to send a message to a receiving computer system via a network is an authorized sender, comprising:
- receiving from the sender a request to communicate;
selecting a number N1;
calculating a hash value for the number N1 using a predetermined cryptographic hash function;
sending the hash value to the sender;
receiving from the sender a second number N2;
calculating a hash value for the number N2 using the predetermined cryptographic hash function;
comparing the hash value for the number N1 with the hash value for the number N2; and
processing a message received from the sender if at least a prescribed nonzero number of bits of the hash value for the number N1 match the corresponding bits of the hash value for the number N2;
wherein the number N2 is determined by an authorized sender by using the predetermined cryptographic hash function to search for a number (N2) such that at least the prescribed nonzero number of bits of the hash value for the number N2 match the corresponding bits of the hash value for the number N1.
6 Assignments
0 Petitions
Accused Products
Abstract
A system and method are disclosed for determining whether a sender seeking to send a message to a receiving computer system via a network is an authorized sender. A request to communicate is received from the sender. A number N1 is selected. A hash value for the number N1 is calculated. The hash value is sent to the sender.
-
Citations
15 Claims
-
1. A method for determining whether a sender seeking to send a message to a receiving computer system via a network is an authorized sender, comprising:
-
receiving from the sender a request to communicate;
selecting a number N1;
calculating a hash value for the number N1 using a predetermined cryptographic hash function;
sending the hash value to the sender;
receiving from the sender a second number N2;
calculating a hash value for the number N2 using the predetermined cryptographic hash function;
comparing the hash value for the number N1 with the hash value for the number N2; and
processing a message received from the sender if at least a prescribed nonzero number of bits of the hash value for the number N1 match the corresponding bits of the hash value for the number N2;
wherein the number N2 is determined by an authorized sender by using the predetermined cryptographic hash function to search for a number (N2) such that at least the prescribed nonzero number of bits of the hash value for the number N2 match the corresponding bits of the hash value for the number N1. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for determining whether a sender seeking to send a message to a receiving computer system via a network is an authorized sender, comprising:
-
receiving from the sender a request to communicate, the request to communicate comprising a number N and a timestamp T;
calculating a hash value for the number N and a hash value for the timestamp T using a predetermined cryptographic hash function; and
determining whether at least a prescribed nonzero number of bits of the hash value for the number N match the corresponding bits of the hash value for the timestamp T;
wherein the number N is determined by an authorized sender by using the predetermined cryptographic hash function to search for a number (N) such that at least a prescribed nonzero number of bits of the hash value for the number N match the corresponding bits of the hash value for the timestamp T. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A system for determining whether a sender seeking to send a message to a receiving computer system via a network is an authorized sender, comprising:
-
a computer associated with the network configured to;
receive from the sender a request to communicate;
select a number N1;
calculate a hash value for the number N1 using a pre-determined cryptographic hash function;
send the hash value calculated for the number N1 to the sender;
receive from the sender a second number N2;
calculate a hash value for the number N2 using the pre-determined cryptographic hash function;
compare the hash value for the number N1 with the hash value for the number N2; and
process a message received from the sender if at least a prescribed nonzero number of bits of the hash value for the number N1 match the corresponding bits of the hash value for the number N2;
wherein the number N2 is determined by an authorized sender by using the predetermined cryptographic hash function to search for a number (N2) such that at least the prescribed nonzero number of bits of the hash value for the number N2 match the corresponding bits of the hash value for the number N1.
-
-
15. A computer program product for determining whether a sender seeking to send a message to a receiving computer system via a network is an authorized sender, the computer program product being embodied in a computer readable medium and comprising computer instructions for:
-
receiving from the sender a request to communicate;
selecting a number N1;
calculating a hash value for the number N1 using a predetermined cryptographic hash function;
sending the hash value to the sender;
receiving from the sender a second number N2;
calculating a hash value for the number N2 using the predetermined cryptographic hash function;
comparing the hash value for the number N1 with the hash value for the number N2; and
processing a message received from the sender if at least a prescribed nonzero number of bits of the hash value for the number N1 match the corresponding bits of the hash value for the number N2;
wherein the number N2 is determined by an authorized sender by using the predetermined cryptographic hash function to search for a number (N2) such that at least the prescribed nonzero number of bits of the hash value for the number N2 match the corresponding bits of the hash value for the number N1.
-
Specification