Method and system for protecting a security parameter negotiation server against denial-of-service attacks
US6904529B1 · kind B1 · utility
Assignee
Inventor
Key dates
| Filing date | Apr 28, 2000 |
| Grant date | Jun 7, 2005 |
| Priority date | — |
| Expiry date | Apr 28, 2020 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1408
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A method and system protects a security parameter negotiation server that stores states for connection requests pending negotiations from malicious denial-of-service attacks that attempt to flood the server with false requests. The degradation of performance of the server is dynamically detected, such as by monitoring the running intervals of a reaper that removes unneeded states. When performance degradation of the system is detected, relevant performance variables such as negotiation delay, extra retransmission delay and packet drop percentage are dynamically adjusted to reduce the workload on the negotiation server. Limiting the number of states with incomplete negotiation status for each client and the total number of such states further enhances the effectiveness of the protection against denial-of-service attacks.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.