Method and apparatus for fault tolerant TCP handshaking

US 7,454,614 B2
Filed: 03/25/2002
Issued: 11/18/2008
Est. Priority Date: 03/29/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

receiving a message from a first node in a network at a second node in the network, the second node being one of at least two nodes in a cluster of nodes, the message including a cryptographic sequence number;

wherein the message was sent by the first node subsequent to an initial message sent by the first node to a third node, and an initial reply sent by the third node to the first node, the third node being in the cluster of nodes,wherein each of the nodes in the cluster stores a cluster wide shared secret, wherein the cluster wide shared secret comprises a private key of the nodes in the cluster,wherein the initial message sent by the first node includes a sequence number, and wherein the initial reply sent by the third node includes a cryptographic sequence number generated by the third node, the cryptographic sequence number generated by replacing a portion of the sequence number received in the initial message with a fingerprint based on the cluster wide shared secret stored at the third node, wherein the fingerprint is generated using an Internet Protocol (IP) address of the first node, a port of the first node, a port of the second node, an IP address of the second node, and the cluster wide shared secret;

processing the message at the second node to determine that the first node and the third node were involved in a connection setup procedure that has not yet been completed;

verifying at the second node that the cryptographic sequence number sent by the first node was created by one of the nodes in the cluster, wherein the verifying comprises accessing the cluster wide shared secret stored at the second node, and wherein either;

the second node builds a connection between the second node and the first node if the cryptographic sequence number was generated based on the cluster wide shared secret; and

the second node determines that the first node was not legitimately attempting to create a connection with the third node if the cryptographic sequence number was not generated based on the cluster wide shared secret.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Method and apparatus for fault tolerant TCP handshaking that includes a first node and a second node both connected in a network where the second node is one of at least two nodes in a cluster of nodes. The second node receives a first message from the first node where the first message includes a sequence number. The second node generates a fingerprint and replaces a portion of the sequence number with the fingerprint to form a cryptographic sequence number. The cryptographic sequence number is sent from the second node to the first node. A second message that includes the cryptographic sequence number is received from the first node at the second node. Any node in the cluster can verify that the cryptographic sequence number sent by the first node was created by one of the nodes in the cluster thereby providing fault tolerant TCP handshaking.

21 Citations

View as Search Results

19 Claims

1. A method comprising:
- receiving a message from a first node in a network at a second node in the network, the second node being one of at least two nodes in a cluster of nodes, the message including a cryptographic sequence number;
  
  wherein the message was sent by the first node subsequent to an initial message sent by the first node to a third node, and an initial reply sent by the third node to the first node, the third node being in the cluster of nodes,wherein each of the nodes in the cluster stores a cluster wide shared secret, wherein the cluster wide shared secret comprises a private key of the nodes in the cluster,wherein the initial message sent by the first node includes a sequence number, and wherein the initial reply sent by the third node includes a cryptographic sequence number generated by the third node, the cryptographic sequence number generated by replacing a portion of the sequence number received in the initial message with a fingerprint based on the cluster wide shared secret stored at the third node, wherein the fingerprint is generated using an Internet Protocol (IP) address of the first node, a port of the first node, a port of the second node, an IP address of the second node, and the cluster wide shared secret;
  
  processing the message at the second node to determine that the first node and the third node were involved in a connection setup procedure that has not yet been completed;
  
  verifying at the second node that the cryptographic sequence number sent by the first node was created by one of the nodes in the cluster, wherein the verifying comprises accessing the cluster wide shared secret stored at the second node, and wherein either;
  
  the second node builds a connection between the second node and the first node if the cryptographic sequence number was generated based on the cluster wide shared secret; and
  
  the second node determines that the first node was not legitimately attempting to create a connection with the third node if the cryptographic sequence number was not generated based on the cluster wide shared secret.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 15, 17)
- - 2. The method according to claim 1, wherein the initial message comprises a SYN message.
  - 3. The method according to claim 1, wherein the fingerprint is generated by performing a hash function on the IP address of the first node, the port of the first node, the port of the second node, the IP address of the second node, and the cluster wide shared secret.
  - 4. The method according to claim 3, wherein the hash function comprises an MD5 hash.
  - 5. The method according to claim 1, wherein the message comprises an Acknowledge message.
  - 6. The method according to claim 1 further comprising changing the cluster wide shared secret at periodic intervals.
  - 7. The method according to claim 6, further comprising changing the cluster wide shared secret every two minutes.
  - 8. The method according to claim 3, wherein the fingerprint is generated using the result from the hash function mixed with some random bits.
  - 15. The method of claim 1, further comprising:
    - determining that the third node failed after sending the initial reply to the first node.
  - 17. The method of claim 1, further comprising determining that the third node failed after sending the initial reply to the first node but before the message is received at the second node.

9. A system comprising:
- a first node, the first node operably connected to a network; and
  
  a second node, the second node being one of at least two nodes in a cluster of nodes operably connected to the network, wherein each of the nodes in the cluster stores a cluster wide shared secret, wherein the cluster wide shared secret comprises a private key of the nodes in the cluster, the second node configured to receive an initial message that includes a sequence number from the first node, to generate a fingerprint based on the cluster wide shared secret stored at the second node, to replace a portion of the sequence number received from the first node with the fingerprint to form a cryptographic sequence number, and to send the cryptographic sequence number from the second node to the first node in an initial reply, wherein the second node generates the fingerprint using an Internet Protocol (IP) address of the first node, a port of the first node, a port of the second node, an IP address of the second node, and the cluster wide shared secret;
  
  a third node, the third node being in the cluster of nodes operably connected to the network, the third node configured to receive a message including the cryptographic sequence number from the first node, to process the message to determine that the first node and the second node were involved in a connection setup procedure that has not yet been completed, and to verify that the cryptographic sequence number sent by the first node in the message was created by one of the nodes in the cluster, wherein the verifying comprises accessing the cluster wide shared secret stored at the third node, and wherein either;
  
  the third node is configured to build a connection between the third node and the first node if the cryptographic sequence number was generated based on the cluster wide shared secret; and
  
  the third node is configured to determine that the first node was not legitimately attempting to create a connection with the second node if the cryptographic sequence number was not generated based on the cluster wide shared secret.
- View Dependent Claims (10, 18, 19)
- - 10. The system according to claim 9, wherein the second node generates the fingerprint by performing a hash function on the IP address of the first node, the port of the first node, the port of the second node, the IP address of the second node, and the cluster wide shared secret.
  - 18. The system according to claim 9, wherein the second node fails after sending the initial reply to the first node but before the second message is received at the third node.
  - 19. The system according to claim 9, wherein the initial message is a SYN message and the message is an ACK message.

11. An apparatus comprising a computing device configured to perform:
- receiving a message from a first node in a network at a second node in the network, the second node being one of at least two nodes in a cluster of nodes, the message including a cryptographic sequence number;
  
  wherein the message was sent by the first node subsequent to an initial message sent by the first node to a third node, and an initial reply sent by the third node to the first node, the third node being in the cluster of nodes,wherein each of the nodes in the cluster stores a cluster wide shared secret, wherein the cluster wide shared secret comprises a private key of the nodes in the cluster,wherein the initial message sent by the first node includes a sequence number, and wherein the initial reply sent by the third node includes a cryptographic sequence number generated by the third node, the cryptographic sequence number generated by replacing a portion of the sequence number received in the initial message with a fingerprint based on the cluster wide shared secret stored at the third node, wherein the fingerprint is generated using an Internet Protocol (IP) address of the first node, a port of the first node, a port of the second node, an IP address of the second node, and the cluster wide shared secret;
  
  processing the message at the second node to determine that the first node and the third node were involved in a connection setup procedure that has not yet been completed;
  
  verifying at the second node that the cryptographic sequence number sent by the first node was created by one of the nodes in the cluster, wherein the verifying comprises accessing the cluster wide shared secret stored at the second third node, and wherein either;
  
  the second node builds a connection between the second node and the first node if the cryptographic sequence number was generated based on the cluster wide shared secret; and
  
  the second node determines that the first node was not legitimately attempting to create a connection with the third node if the cryptographic sequence number was not generated based on the cluster wide shared secret.
- View Dependent Claims (12, 13, 14, 16)
- - 12. The apparatus according to claim 11, wherein the fingerprint is generated by performing a hash function on the IP address of the first node, the port of the first node, the port of the second node, the IP address of the second node, and the cluster wide shared secret.
  - 13. The apparatus according to claim 11, wherein the initial message comprises a SYN message.
  - 14. The apparatus according to claim 11, wherein the message comprises an Acknowledge message.
  - 16. The apparatus according to claim 11, the computing device further configured to perform:
    - determining that the third node failed after sending the initial reply to the first node.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Corporation
Original Assignee
Microsoft Corporation
Inventors
Cain, Adam, Kroeger, Thomas, Watkins, Craig, Kashtan, David
Primary Examiner(s)
Kincaid; Kristine
Assistant Examiner(s)
SHAW, YIN CHEN

Application Number

US10/103,774
Publication Number

US 20020157037A1
Time in Patent Office

2,430 Days
Field of Search

713/153, 713/163, 713/201, 713/150, 713/160, 713/168, 713/170, 713/181, 714 1- 4, 714/13, 714/25, 714/15, 714/100, 709/227, 709/228, 709223-225, 370/230, 370/241, 370/242, 380/247, 726/22, 726/26
US Class Current

713/168
CPC Class Codes

H04L 1/1607   Details of the supervisory ...

H04L 63/045   wherein the sending and rec...

H04L 63/1466   Active attacks involving in...

Method and apparatus for fault tolerant TCP handshaking

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

21 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for fault tolerant TCP handshaking

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links