United States Patent 7,694,335
Turner , et al. April 6, 2010

Server preventing attacks by generating a challenge having a computational request and a secure cookie for processing by a client


A server is configured for preventing flood attacks by a client having sent a request, by dynamically generating a challenge to be performed by the client before the server will perform any work for the client. The challenge includes a dynamically generated computational request and a dynamically generated secure cookie. The server generates a first hash result based on hashing a first random number, having a prescribed length, with a second random number having a dynamically selected length. A secure cookie is generated based on hashing the first hash result with a prescribed secure key known only by the server, and a unique identifier for the request such as the client network address with a time stamp. The challenge requires the client to determine the second random number based on the first random number and the hash result. The server validates the challenge results using the secure cookie.

Inventors: Turner; Bryan C. (Apex, NC), Toebes; John (Cary, NC)
Assignee: Cisco Technology, Inc. (San Jose, CA)
Appl. No.: 10/795,312
Filed: March 9, 2004

Full patent text at USPTO