Method of distributed denial of service (DDos) and hacking protection for internet-based servers using a private network of internet servers by executing computer-executable instructions stored on a non-transitory computer-readable medium

US 9,985,985 B2
Filed: 02/22/2017
Issued: 05/29/2018
Est. Priority Date: 10/05/2012
Status: Active Grant

First Claim

Patent Images

1. A method of Distributed Denial of Service (DDoS) and hacking protection for internet-based servers by executing computer-executable instructions stored on a non-transitory computer-readable medium, the method comprising:

providing data routing software on a computing device;

establishing a first network connection between the computing device and a first edge server through the data routing software,establishing a second network connection between the computing device and a second edge server;

transmitting a first user data stream from the computing device to the first edge server through the first network connection;

transmitting a second user data stream from the computing device to the second edge server through the second network connection, wherein the second user data stream is redundant to the first user data stream;

transmitting the first and second user data streams from the first and second edge servers, respectively, to a global private network having a plurality of global private network servers and, subsequently, transmitting the first and second user data streams from the global private network toward a destination server;

determining the first user data stream to arrive at the destination server before the second user data stream;

utilizing the first user data stream based on the determination that the first user data stream arrived at the destination server before the second user data stream;

analyzing incoming traffic to the first and second edge servers to determine whether the incoming traffic constitutes malicious activity;

determining incoming traffic to the first edge server constitutes malicious activity;

after determining incoming traffic to the first edge server constitutes malicious activity, blocking the incoming traffic at the first edge server in response to determining incoming traffic to the first edge server constitutes malicious activity; and

after blocking the incoming traffic at the first edge server, utilizing the second user data stream at the destination server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of DDoS and hacking protection for internet-based servers using a private network of internet servers utilizes multiple data streams sent over a network of proxy servers to mitigate malicious attacks and ensure fast connections from a user to a destination server. The destination server is hidden from the user and the redundancy of the proxy network serves to maintain security and connection quality between the user and the destination server.

Citations

10 Claims

1. A method of Distributed Denial of Service (DDoS) and hacking protection for internet-based servers by executing computer-executable instructions stored on a non-transitory computer-readable medium, the method comprising:
- providing data routing software on a computing device;
  
  establishing a first network connection between the computing device and a first edge server through the data routing software,establishing a second network connection between the computing device and a second edge server;
  
  transmitting a first user data stream from the computing device to the first edge server through the first network connection;
  
  transmitting a second user data stream from the computing device to the second edge server through the second network connection, wherein the second user data stream is redundant to the first user data stream;
  
  transmitting the first and second user data streams from the first and second edge servers, respectively, to a global private network having a plurality of global private network servers and, subsequently, transmitting the first and second user data streams from the global private network toward a destination server;
  
  determining the first user data stream to arrive at the destination server before the second user data stream;
  
  utilizing the first user data stream based on the determination that the first user data stream arrived at the destination server before the second user data stream;
  
  analyzing incoming traffic to the first and second edge servers to determine whether the incoming traffic constitutes malicious activity;
  
  determining incoming traffic to the first edge server constitutes malicious activity;
  
  after determining incoming traffic to the first edge server constitutes malicious activity, blocking the incoming traffic at the first edge server in response to determining incoming traffic to the first edge server constitutes malicious activity; and
  
  after blocking the incoming traffic at the first edge server, utilizing the second user data stream at the destination server.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the destination server is obfuscated from the computing device by the global private network.
  - 3. The method of claim 1,wherein the determining incoming traffic to the first edge server constitutes malicious activity comprises determining the incoming traffic as malicious activity when the incoming traffic comprises anomalous traffic, wherein anomalous traffic is traffic that is unexpected by the global private network.
  - 4. The method of claim 1, wherein the plurality of global private network servers are proxy servers.
  - 5. The method of claim 1, wherein the data routing software is a proxy software.
  - 6. The method of claim 1, further comprising, after determining the first user data stream to arrive at the destination server before the second user data stream, placing the second user data stream in standby.
  - 7. The method of claim 6, wherein the utilizing the second user data stream at the destination server comprises:
    - removing the second user data stream from standby and utilizing the second user data stream at the destination server.

8. A non-transitory computer-readable medium storing a plurality of instructions which, when executed by a processor, cause the processor to perform operations for providing Distributed Denial of Service (DDoS) and hacking protection, the operations comprising:
- providing data routing software on a computing device;
  
  establishing a first network connection between the computing device and a first edge server through the data routing software,establishing a second network connection between the computing device and a second edge server;
  
  transmitting a first user data stream from the computing device to the first edge server through the first network connection;
  
  transmitting a second user data stream from the computing device to the second edge server through the second network connection, wherein the second user data stream is redundant to the first user data stream;
  
  transmitting the first and second user data streams from the first and second edge servers, respectively, to a global private network having a plurality of global private network servers and, subsequently, transmitting the first and second user data streams from the global private network towards a destination server;
  
  determining the first user data stream to arrive at the destination server before the second user data stream;
  
  utilizing the first user data stream based on the determination that the first user data stream arrived at the destination server before the second user data stream;
  
  analyzing incoming traffic to the first and second edge servers to determine whether the incoming traffic constitutes malicious activity;
  
  determining incoming traffic to the first edge server constitutes malicious activity;
  
  after determining incoming traffic to the first edge server constitutes malicious activity, blocking the incoming traffic at the first edge server in response to determining incoming traffic to the first edge server constitutes malicious activity; and
  
  after blocking the incoming traffic at the first edge server, utilizing the second user data stream at the destination server.
- View Dependent Claims (9, 10)
- - 9. The non-transitory computer-readable medium of claim 8, further comprising, after determining the first user data stream to arrive at the destination server before the second user data stream, placing the second user data stream in standby.
  - 10. The non-transitory computer-readable medium of claim 9, wherein the utilizing the second user data stream at the destination server comprises:
    - removing the second user data stream from standby and utilizing the second user data stream at the destination server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AAA Internet Publishing, Inc
Original Assignee
AAA Internet Publishing, Inc
Inventors
Bartlett, Robert Michael Norman, Needham, Alexander Edward, Lightfoot, Keelan
Primary Examiner(s)
Schmidt, Kari

Application Number

US15/439,677
Publication Number

US 20170163679A1
Time in Patent Office

461 Days
Field of Search
US Class Current
CPC Class Codes

H04L 2463/141   Denial of service attacks a...

H04L 2463/142   Denial of service attacks a...

H04L 63/0245   Filtering by information in...

H04L 63/0281   Proxies

H04L 63/1408   by monitoring network traff...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1458   Denial of Service

Method of distributed denial of service (DDos) and hacking protection for internet-based servers using a private network of internet servers by executing computer-executable instructions stored on a non-transitory computer-readable medium

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Method of distributed denial of service (DDos) and hacking protection for internet-based servers using a private network of internet servers by executing computer-executable instructions stored on a non-transitory computer-readable medium

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links