发明名称 |
PREVENTION OF OVERLOAD-BASED SERVICE FAILURE OF SECURITY AGGREGATION POINT |
摘要 |
There are provided measures for enabling/realizing prevention of an overload-based service failure of a security aggregation point, such as for example prevention of a DDoS attack on an IKE aggregation point. Such measures exemplarily comprise detection of presence of an overload condition with respect to establishment of certificate-based security associations between one or more clients and a security aggregation point, dynamic population of a blacklist for unauthorized clients,i.e. clients which are unauthorized for establishment of a certificate-based security association (e.g. clients having no valid certificate),with at least source information identifying clients having undergone authentication failure, check of the blacklist for a match with source information in an initiation request from a client in response to the initiation request, and rejection of the initiation request from the client on the basis of a match between the source information in the initiation request and the source information in the blacklist. |
申请公布号 |
WO2016058631(A1) |
申请公布日期 |
2016.04.21 |
申请号 |
WO2014EP71993 |
申请日期 |
2014.10.14 |
申请人 |
NOKIA SOLUTIONS AND NETWORKS OY |
发明人 |
RAMACHANDRAN, RAHUL;N, VISHNU RAM OMANAKUTTY AMMA VIJAY;THALIATH, JOSEPH |
分类号 |
H04L29/06;H04W12/04;H04W12/08 |
主分类号 |
H04L29/06 |
代理机构 |
|
代理人 |
|
主权项 |
|
地址 |
|