Invention Grant
- Patent Title: Using SYN-ACK cookies within a TCP/IP protocol
- Patent Title (中): 在TCP / IP协议中使用SYN-ACK cookie
-
Application No.: US11925157Application Date: 2007-10-26
-
Publication No.: US07921282B1Publication Date: 2011-04-05
- Inventor: Arindum Mukerji , Jesse Abraham Rothstein
- Applicant: Arindum Mukerji , Jesse Abraham Rothstein
- Applicant Address: US WA Seattle
- Assignee: F5 Networks, Inc.
- Current Assignee: F5 Networks, Inc.
- Current Assignee Address: US WA Seattle
- Agency: Frommer Lawrence & Haug LLP
- Agent Jamie L. Wiegand
- Main IPC: H04L9/00
- IPC: H04L9/00 ; G06F7/04
Abstract:
A method, apparatus, and system are directed toward managing a Transmission Control Protocol/Internet Protocol (TCP/IP) handshake. A SYN-ACK cookie is determined based on a cryptographic operation using a secret key and at least one network characteristic. The SYN-ACK cookie is provided in a SYN message's field. The SYN message is sent from a client to a server. Another sequence number based on the received SYN-ACK cookie is included in a SYN-ACK message. The SYN-ACK message is sent to and received by the client. The other sequence number is validated based on the secret key to generate at least another network characteristic. A TCP/IP connection is established if the network characteristic matches the other network characteristic. In one embodiment, the component sending the SYN message may be a different component than the component receiving the SYN-ACK message. In this embodiment, the secret key may be shared between the two components.
Information query
