×

Perfect forward secrecy distributed denial of service attack defense

  • US 9,838,423 B2
  • Filed: 01/27/2017
  • Issued: 12/05/2017
  • Est. Priority Date: 12/30/2014
  • Status: Active Grant
First Claim
Patent Images

1. A method for mitigating a denial of service attack, the method comprising:

  • receiving, by a processor, from a client, a request to initiate a secure session between the client and a server;

    determining, by the processor, whether the client is on a whitelist;

    based on a determination that client is absent from the whitelist, sending, by the processor, a pre-generated key to the client to establish the secure session, the pre-generated key being stored in a database associated with the server before receiving the request to initiate a secure session;

    determining, by the processor, whether the secure session is valid by monitoring further actions associated with the client for at least one suspicious activity;

    based on a determination that the secure session is valid when suspicious activity is absent, forcing, by the processor, a renegotiation of the secure session, wherein a determination that the suspicious activity is absent is based at least on receiving, from the client, a pre-master key encrypted by the client using the pre-generated key;

    generating, by the processor, a new key using a method for securely exchanging cryptographic keys over a public channel; and

    sending, by the processor, the new key to the client; and

    based on the determination that the secure session is invalid, identifying the client as taking part in a denial of service attack; and

    based on the identification, denying to initiate the secure session.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×