DYNAMIC CRYPTOGRAPHIC POLYMORPHISM (DCP) SYSTEM AND METHOD

US 20180041478A1
Filed: 06/09/2016
Published: 02/08/2018
Est. Priority Date: 10/16/2015
Status: Active Grant

First Claim

Patent Images

1. A method of enhancing the security of an internet transaction which includes the transmission of structurally formatted information, the method including the steps of:

transmitting a request for the structurally formatted information across a network environmentreceiving the request and sending a formulated response, instead of a normal response of form data, but including a seed requiring calculation and decoding to determine an answer based on the seedwherein the browser determines data that, when combined with the seed produces a correct hash value;

, andreceiving the structurally formatted information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Described herein is a method of enhancing the security of an internet transaction which includes the transmission of structurally formatted information, the method including the steps of: transmitting a request for the structurally formatted information across a network environment; receiving the request and sending a formulated response requiring calculation and decoding to determine the nature and content of the structurally formatted information; and receiving the structurally formatted information.

32 Citations

26 Claims

1. A method of enhancing the security of an internet transaction which includes the transmission of structurally formatted information, the method including the steps of:
- transmitting a request for the structurally formatted information across a network environmentreceiving the request and sending a formulated response, instead of a normal response of form data, but including a seed requiring calculation and decoding to determine an answer based on the seedwherein the browser determines data that, when combined with the seed produces a correct hash value;
  
  , andreceiving the structurally formatted information.
- View Dependent Claims (2, 3)
- - 2. A method as claimed in claim 1 wherein said structurally formatted information comprises form data.
  - 3. A method as claimed in claim 1 wherein the seed includes a series of missing elements and an answer, with the calculation and decoding including determining the missing elements.

4. A method as claimed in claim l, wherein the complexity of the formulated response is altered in accordance with a calculated level of risk of insecurity of the network.

5. A system providing against malicious attacks over a network, the system including:
- at least one client-side computer and at least one server-side computer interconnected over a network;
  
  the at least one client-side computer despatching a first message request for structured information to the at least one server-side computer;
  
  the at least one server-side computer providing a structured response, instead of a normal response of form data, but including seed information to the client-side computer, and the client-side computer determining an answer based on the seed, wherein software determines data that, when combined with the seed produces a correct hash value in the form of a response.

6. In an internet query and answer environment, where a server accepts structured queries from an externally located client over a network, a method of rate limiting the submission of valid data over the network, the method including the steps of:
- (a) receiving a first structured query request from the client over the network.;
  
  (b) providing an encrypted answer in response to the request, the encrypted answer requiring the exercise of a computational resource of a first expected level by the client to determine an answer by the client;
  
  (c) receiving a second response to the encrypted answer and determining if the second response includes a correct answer; and
  
  (d) upon receipt of a correct answer, processing said second response as a valid response.
- View Dependent Claims (7, 8, 9, 10)
- - 7. A method as claimed in claim 6 wherein said step (d) further comprises, if said second response includes an incorrect answer, flagging the client as a suspect client for receipt of future requests.
  - 8. A method as claimed in claim 7 wherein said encrypted answer requiring the exercise of a computational resource, involves the calculation of the answer to a one-way hash function.
  - 9. A method as claimed in claim 8, wherein the calculation includes attempting successive integers in a solution of the one-way hash function.
  - 10. A method as claimed in claim 8, wherein said server adjusts a level of exercise of the computational resource in response to the load of the first structured query requests received by the server.

11. A client-side system for enhancing the security of an internet transaction, the system includinga processor, a memory, and a network connection, each operatively coupled together;
- wherein, the client-side system operates to receive structurally formatted information including a seed used in a calculation to determine an answer based on the seed, wherein a browser determines the answer data that, when combined with the seed produces a correct hash value, and sends the answer data to a server for the purpose of subsequently receiving structurally formatted information.
- View Dependent Claims (12, 13, 14)
- - 12. The client-side system of claim 11, wherein, the structurally formatted information comprises form data.
  - 13. The client-side system of claim 11, wherein the seed includes a series of missing elements and an answer, with the calculation and decoding including determining the missing elements.
  - 14. The client-side system of claim 11, wherein the complexity of the answer is altered in accordance with a calculated level of risk of insecurity of the network.

15. A server-side system for enhancing the security of an internet transaction, the system includinga processor, a memory, and a network connection, each operatively coupled together;
- wherein, the server-side system operates to send structurally formatted information including a seed used in a calculation to determine an answer based on the seed, and, the server-side system receives a correct hash value, and in response, structurally formatted information.
- View Dependent Claims (16, 17, 18)
- - 16. The server-side system of claim 15 wherein, the structurally formatted information comprises form data.
  - 17. The server-side system of claim 15, wherein the seed includes a series of missing elements and an answer, with the calculation and decoding including determining the missing elements.
  - 18. The server-side system of claim 15 wherein the complexity of the answer is altered in accordance with a calculated level of risk of insecurity of the network.

19. A computer readable memory operatively coupled to a client-side system for enhancing the security of an internet transaction, the computer readable memory instructing:
- a processor with a network connection;
  
  wherein, the client-side system operates to receive structurally formatted information including a seed used in a calculation to determine an answer based on the seed, wherein a browser determines the answer data that, when combined with the seed produces a correct hash value, and sends the answer data to a server for the purpose of subsequently receiving structurally formatted information.
- View Dependent Claims (20, 21, 22)
- - 20. The computer readable memory of claim 19, wherein, the structurally formatted information comprises form data.
  - 21. The computer readable memory of claim 19, wherein, the seed includes a series of missing elements and an answer, with the calculation and decoding including determining the missing elements.
  - 22. The computer readable memory of claim 19, wherein the complexity of the answer is altered in accordance with a calculated level of risk of insecurity of the network.

23. A computer readable memory operatively coupled to a server-side system for enhancing the security of an internet transaction, the computer readable memory instructing:
- a processor with a network connection;
  
  wherein, the server-side system operates to send structurally formatted information including a seed used in a calculation to determine an answer based on the seed, and, the server-side system receives a correct hash value, and in response, sends structurally formatted information.
- View Dependent Claims (24, 25, 26)
- - 24. The computer readable memory of claim 23, wherein, the structurally formatted information comprises form data.
  - 25. The computer readable memory claim 23, wherein the seed includes a series of missing elements and an answer, with the calculation and decoding including determining the missing elements.
  - 26. The computer readable memory claim 23 wherein the complexity of the answer is altered in accordance with a calculated level of risk of insecurity of the network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kasada Pty, Ltd.
Original Assignee
Kasada Pty, Ltd.
Inventors
Crowther, Samuel John

Granted Patent

US 10,855,661 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/44   Program or device authentic...

H04L 63/0428   wherein the data content is...

H04L 63/14   for detecting or protecting...

H04L 63/1458   Denial of Service

H04L 67/02   based on web technology, e....

H04L 9/3236   using cryptographic hash fu...

H04L 9/3271   using challenge-response

DYNAMIC CRYPTOGRAPHIC POLYMORPHISM (DCP) SYSTEM AND METHOD

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

32 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

DYNAMIC CRYPTOGRAPHIC POLYMORPHISM (DCP) SYSTEM AND METHOD

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

32 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links