Method and apparatus for cryptographically blocking network denial of service attacks based on payload size
US7290281B1 · kind B1 · utility
Assignee
Inventor
Key dates
| Filing date | Aug 8, 2002 |
| Grant date | Oct 30, 2007 |
| Priority date | — |
| Expiry date | Sep 1, 2024 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L69/22
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A method and apparatus for protecting, from denial of service attacks, a device that provides particular services that consume substantial computational resources. A data packet includes data for the particular services and a cryptographic tag. It is determined whether the data packet is legitimate based on the cryptographic tag and a size of the data for the particular services without otherwise using the data for the particular services. If the data packet is not legitimate, then the data is diverted from input to the particular services that process the data. These techniques use the cryptographic tag to provide strong data origin authentication without the heavy computational costs associated with providing full data integrity authentication in typical cryptographic services. Further, denial of service protection is conveniently implemented as a cryptographic service.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.