System and method for prevention of denial of service attacks for hosted network address translator
US9819745B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Jul 9, 2015 |
| Grant date | Nov 14, 2017 |
| Priority date | — |
| Expiry date | Nov 13, 2035 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L65/65
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
To determine the correct media stream to latch onto, the system and method uses a hashing algorithm to uniquely identify a legitimate media stream. A first invite message is received at a Session Border Controller (SBC) to establish a communication session. For example a Session Initiation Protocol (SIP) INVITE is received. The first invite message comprises a first hash of a fingerprint. For example, the hash may be a hashed session key. A media message is received that contains the fingerprint to establish a media stream for the communication session. A second hash is created using the fingerprint in the media message. The first hash is compared to the second hash. In response to the first hash matching the second hash, a Network Address Translator (NAT) latches to an address and/or a port in the media message. Thus, the correct media stream is associated with the communication session.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.