Patent application number | Description | Published |
20140283057 | TCP VALIDATION VIA SYSTEMATIC TRANSMISSION REGULATION AND REGENERATION - The present invention provides a technique for validating TCP communication between a client requesting resources and a server providing requested resources to protect the specified server from a denial of service attack wherein a plurality of clients initiate communication with a server, but do not complete the communication for the purpose of denying service to the server from other legitimate clients. Through systematic transmission regulation of TCP packets, an intermediary apparatus or set of apparatuses, can, to a high degree of certainty, validate client connections to protect the server from this saturated condition. The communication is then reproduced by the apparatus or apparatuses. | 09-18-2014 |
20140286358 | GLOBAL STATE SYNCHRONIZATION FOR SECURELY MANAGED ASYMMETRIC NETWORK COMMUNICATION - The present invention provides a system and method is disclosed for the development and maintenance of a globally distributed state session table wherein a plurality of client connections from one network are stored in a plurality of computer systems to track the aforementioned connection to one or more secondary networks. Client connection requests may originate anywhere on the Internet and server responses to such client requests may be sent asymmetrically from any other point on the Internet. The client-server connection is secured utilizing an intermediary device that acts as a transparent relay, generating a secret cookie hash for the client, such that only the data packets containing such hash are forwarded by the globally distributed system to the server. | 09-25-2014 |
20140289854 | METHOD FOR THWARTING APPLICATION LAYER HYPERTEXT TRANSPORT PROTOCOL FLOOD ATTACKS FOCUSED ON CONSECUTIVELY SIMILAR APPLICATION-SPECIFIC DATA PACKETS - The present invention provides a methodology to thwart attacks that utilize consecutive hypertext transport protocol packets with similar structures, arriving from a plurality of computer systems on a network, such as the Internet, destined for a single or more computer systems on a secondary network, at such a rate with sufficient complexity to produce an effect on the target computer system or systems such that legitimate clients are denied access to requested services, thus creating a “denial of service” situation. The methodology focuses on the dynamic and proactive reassessment of data packet payload content to maintain a running value of similarity or dissimilarity, thus permitting intermediary apparatuses that are performing this computation to create distinction between legitimate clients and illegitimate clients. | 09-25-2014 |