×

Perfect forward secrecy distributed denial of service attack detection

  • US 9,848,013 B1
  • Filed: 02/05/2015
  • Issued: 12/19/2017
  • Est. Priority Date: 02/05/2015
  • Status: Active Grant
First Claim
Patent Images

1. A method for detecting a Denial of Service (DoS) attack when initiating a secure session, the method comprising:

  • receiving, by a processor, a request from a client to initiate the secure session between the client and a server;

    determining, by the processor, whether the client is on a whitelist;

    based on a determination that the client is absent from the whitelist, sending, by the processor, a pre-generated key to the client, the pre-generated key being generated prior to receiving the request and being generated without a communication from the client using a method for securely exchanging cryptographic keys over a public channel the pre-generated key being disassociated from one or more secure sessions between the client and the server; and

    based on further actions associated with the client, wherein further actions include the client failure to finish a handshake procedure within a predetermined time frame, and the further actions performed by the client after the pre-generated key is sent to the client and prior to initiating the secure session, andbased on a determination that the established secure session is invalid;

    identifying the request from the client as taking part in a denial of service attack; and

    based on the identification, denying initiation of the secure session.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×