-
公开(公告)号:US20200007494A1
公开(公告)日:2020-01-02
申请号:US16570505
申请日:2019-09-13
Applicant: CLOUDFLARE, INC.
Inventor: Matthew Browning Prince , Lee Hahn Holloway , David Randolph Conrad , Matthieu Philippe François Tourne
Abstract: A first packet of a first protocol version type that includes an incoming request for an action to be performed on an identified resource is received from a client at a proxy server as a result of a DNS request resolving to a network address of the proxy server. The proxy server transmits an outgoing request for the action to be performed on the identified resource to a network address of the destination origin server in a second packet that is of the second protocol version type. The proxy server receives a third packet that includes an incoming response from the destination origin server, the third packet being of the second protocol version type. The proxy server transmits a fourth packet to the client, the fourth packet being of the first protocol version type, wherein the fourth packet includes an outgoing response that is based on the incoming response.
-
公开(公告)号:US20190215166A1
公开(公告)日:2019-07-11
申请号:US16356304
申请日:2019-03-18
Applicant: CLOUDFLARE, INC.
Inventor: Matthew Browning Prince , Srikanth N. Rao , Lee Hahn Holloway , Ian Gerald Pye
Abstract: A proxy server in a cloud-based proxy service receives a secure session request from a client device as a result of a Domain Name System (DNS) request for a domain resolving to the proxy server. The proxy server participates in a secure session negotiation with the client device including transmitting a digital certificate to the client device that is bound to domain and multiple other domains. The proxy server receives an encrypted request from the client device for an action to be performed on a resource that is hosted at an origin server corresponding to the domain. The proxy server decrypts the request and participates in a secure session negotiation with the origin server including receiving a digital certificate from the origin server. The proxy server encrypts the decrypted request using the digital certificate from the origin server and transmits the encrypted request to the origin server.
-
公开(公告)号:US10313475B2
公开(公告)日:2019-06-04
申请号:US15489433
申请日:2017-04-17
Applicant: CLOUDFLARE, INC.
Inventor: Lee Hahn Holloway , Matthew Browning Prince
Abstract: A proxy server receives from a client device a request for a network resource that is hosted at an origin server for a domain. The request is received at the proxy server as a result of a DNS request for the domain resolving to the proxy server. The origin server is one of multiple origin servers that belong to different domains that resolve to the proxy server and are owned by different entities. The proxy server transmits the request to the origin server. Responsive to determining that the origin server is offline, the proxy server determines whether the requested resource is available in cache. If it is in cache, the proxy server retrieves the requested resource from the cache and transmits the requested resource to the client device.
-
14.发明申请公开(公告)号:US20190044924A1
公开(公告)日:2019-02-07
申请号:US16159437
申请日:2018-10-12
Applicant: CloudFlare, Inc.
Inventor: Sébastien Andreas Henry Pahl , Matthieu Philippe François Tourne , Piotr Sikora , Ray Raymond Bejjani , Dane Orion Knecht , Matthew Browning Prince , John Graham-Cumming , Lee Hahn Holloway , Albertus Strasheim
Abstract: A first server receives a set of cryptographic parameters from a second server. The set of cryptographic parameters is received from the second server as part of a secure session establishment between a client device and the second server. The first server accesses a private key that is not stored on the second server. The first server signs the set of cryptographic parameters using the private key. The first server transmits the signed set of cryptographic parameters to the second server. The first server receives, from the second server, a request to generate a premaster secret using a value generated by the second server that is included in the request and generates the premaster secret. The first server transmits the premaster secret to the second server for use in the secure session establishment between the client device and the second server.
-
公开(公告)号:US10129296B2
公开(公告)日:2018-11-13
申请号:US15603256
申请日:2017-05-23
Applicant: CLOUDFLARE, INC.
Inventor: Lee Hahn Holloway , Srikanth N. Rao , Matthew Browning Prince , Matthieu Philippe François Tourne , Ian Gerald Pye , Ray Raymond Bejjani , Terry Paul Rodery, Jr.
Abstract: A proxy server in a cloud-based proxy service receives a message that indicates that a domain, whose traffic passes through the proxy server, may be under a denial-of-service (DoS) attack. The proxy server enables a rule for the domain that specifies that future requests for resources at that domain are subject to at least initially passing a set of one or more challenges. In response to receiving a request for a resource of that domain from a visitor, the proxy server presents the set of challenges that, if not passed, are an indication that that the visitor is part of the DoS attack. If the set of challenges are passed, the request may be processed. If the set of challenges are not passed, the request may be dropped.
-
Patent Agency Ranking
16.发明授权公开(公告)号:US10009183B2
公开(公告)日:2018-06-26
申请号:US15271190
申请日:2016-09-20
Applicant: CLOUDFLARE, INC.
Inventor: Sébastien Andreas Henry Pahl , Matthieu Philippe François Tourne , Piotr Sikora , Ray Raymond Bejjani , Dane Orion Knecht , Matthew Browning Prince , John Graham-Cumming , Lee Hahn Holloway , Nicholas Thomas Sullivan , Albertus Strasheim
CPC classification number: H04L9/3263 , G06F21/33 , H04L9/083 , H04L9/0841 , H04L9/0844 , H04L9/14 , H04L9/3013 , H04L9/3247 , H04L63/0428 , H04L63/0485 , H04L63/061 , H04L63/0823 , H04L63/0869 , H04L63/164 , H04L63/166 , H04L63/205 , H04L67/141 , H04L67/42
Abstract: A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to the different server for decryption along with other information necessary to compute a master secret. The different server decrypts the encrypted premaster secret, generates the master secret, and transmits the master secret to the server. The server receives the master secret and continues with the handshake procedure including generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.
-
公开(公告)号:US20170230303A1
公开(公告)日:2017-08-10
申请号:US15495785
申请日:2017-04-24
Applicant: CLOUDFLARE, INC.
Inventor: Matthew Browning Prince , Lee Hahn Holloway , Michelle Marie Zatlyn
IPC: H04L12/911 , H04L29/12 , H04L29/08
Abstract: A proxy server receives from a client device a request for a network resource hosted at an origins server for a domain. The request is received at the proxy server as a result of a DNS request for the domain resolving to the proxy server. The origin server is one of multiple origin servers that belong to different domains and resolve to the proxy server and are owned by different entities. The proxy server requests the network resource from the origin server. The proxy server receives a response from the origin server that indicates that the network resource is unavailable. The proxy server transmits a custom error page to the client device that indicates that the requested resource is unavailable.
-
18.发明授权公开(公告)号:US09680807B2
公开(公告)日:2017-06-13
申请号:US14937805
申请日:2015-11-10
Applicant: CLOUDFLARE, INC.
Inventor: Sébastien Andreas Henry Pahl , Matthieu Phillippe François Tourne , Piotr Sikora , Ray Raymond Bejjani , Dane Orion Knecht , Matthew Browning Prince , John Graham-Cumming , Lee Hahn Holloway , Nicholas Thomas Sullivan , Albertus Strasheim
CPC classification number: H04L63/061 , G06F21/33 , H04L9/0844 , H04L9/085 , H04L63/0442 , H04L63/045 , H04L63/0869 , H04L63/16 , H04L63/164 , H04L63/166 , H04L63/168
Abstract: A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session. The server transmits the encrypted premaster secret to the different server for decryption along with other information necessary to compute a master secret and session keys for the secure session. The different server decrypts the encrypted premaster secret, generates the master secret, and generates session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server and transmits those session keys to that server.
-
公开(公告)号:US20170147590A1
公开(公告)日:2017-05-25
申请号:US15425711
申请日:2017-02-06
Applicant: CLOUDFLARE, INC.
Abstract: A proxy server receives from a client device a request for a network resource that is hosted at an origin server for a domain. The request is received at the proxy server as a result of a DNS request for the domain resolving to the proxy server. The origin server is one of multiple origin servers that belong to different domains that resolve to the proxy server and are owned by different entities. The proxy server retrieves the requested network resource. The proxy server determines that the requested resource is an HTML page, automatically modifies the HTML page, and transmits the modified HTML page to the client device.
-
公开(公告)号:US09548966B2
公开(公告)日:2017-01-17
申请号:US14503299
申请日:2014-09-30
Applicant: CLOUDFLARE, INC.
Inventor: Matthew Browning Prince , Lee Hahn Holloway , Ian Gerald Pye
IPC: H04L29/06 , H04L29/12 , H04L29/08 , G06Q30/02 , G06F17/30 , G06F15/16 , G06F21/55 , G06F21/00 , H04L29/14
CPC classification number: G06F17/3089 , G06F15/16 , G06F17/2247 , G06F17/30861 , G06F21/00 , G06F21/552 , G06Q10/107 , G06Q30/0241 , G06Q30/0251 , G06Q30/0277 , H04L29/12066 , H04L51/22 , H04L61/1511 , H04L61/2007 , H04L63/0236 , H04L63/0245 , H04L63/0254 , H04L63/0281 , H04L63/083 , H04L63/0861 , H04L63/102 , H04L63/126 , H04L63/1416 , H04L63/1433 , H04L63/1441 , H04L63/1458 , H04L63/1466 , H04L67/02 , H04L67/146 , H04L67/28 , H04L67/2804 , H04L67/2842 , H04L69/40
Abstract: A validating server receives from a client device a first request that does not include a cookie for a validating domain that resolves to the validating sever. The first request is received at the validating server as a result of a proxy server redirecting the client device to the validating domain upon a determination that a visitor belonging to the client device is a potential threat based on an IP (Internet Protocol) address assigned to the client device used for a second request to perform an action on an identified resource hosted on an origin server for an origin domain. The validating server sets a cookie for the client device, determines a set of characteristics associated with the first client device, and transmits the cookie and a block page to the client device that has been customized based on the set of characteristics, the block page indicating that the second request has been blocked.
Abstract translation: 验证服务器从客户端设备接收到不包含用于解析为验证服务器的验证域的cookie的第一请求。 由于代理服务器在确定属于客户端设备的访问者是基于分配给的IP(因特网协议)地址的潜在威胁的确定时,代理服务器将客户端设备重定向到验证域,则在验证服务器处接收到第一请求。 用于第二请求的客户端设备对原始域的原始服务器上承载的标识资源执行动作。 验证服务器为客户端设备设置cookie,确定与第一客户端设备相关联的一组特征,并将cookie和块页面发送到已经基于该特征集合定制的客户端设备,该块页面指示 第二个请求已被阻止。
-
-
-
-
-
-
-
-
-
Search Results
118
records
(took 0.036 seconds)
