公开(公告)号：US20230224267A1

公开(公告)日：2023-07-13

申请号：US18153059

申请日：2023-01-11

Applicant: CLOUDFLARE, INC.

Inventor： Michael J. Flester

IPC: H04L51/212 ,  G06F21/31

CPC classification number: H04L51/212 ,  G06F21/313

Abstract: An email verification system is described. The email verification system stores names and associated email addresses. An email is received that has a sender name and a sender email address. If the email verification system determines that the sender name matches a stored name but the sender email address does not match with an email address associated with the stored name, the email is prevented from being transmitted to its recipient unless the email is verified as being legitimate. The email verification system transmits a request to verify the email via a configured verification method. If a response is received that verifies the email as legitimate, the email is delivered; otherwise the email is blocked.

公开(公告)号：US20230199055A1

公开(公告)日：2023-06-22

申请号：US17956695

申请日：2022-09-29

Applicant: CLOUDFLARE, INC.

Inventor： Killian Koenig ,  Dane Orion Knecht ,  James Royal

IPC: H04L67/02 ,  H04L9/40 ,  H04L67/51 ,  H04L67/561

CPC classification number: H04L67/02 ,  H04L63/0823 ,  H04L67/51 ,  H04L63/0435 ,  H04L63/102 ,  H04L67/561

Abstract: A server receives from a browser executing on a client device an HTTP request. The server transmits a response to the HTTP request to the browser. The response includes code that when executed by the browser, executes a non-HTTP layer 7 protocol client that communicates with a non-HTTP layer 7 protocol service at an external network. The server receives, from the non-HTTP layer 7 protocol client executing in the browser, data related to the non-HTTP layer 7 protocol service. The server proxies the data related to the non-HTTP layer 7 protocol service over a layer 4 tunnel that is interfaced with the non-HTTP layer 7 protocol service. The server logs event data received from the non-HTTP layer 7 protocol client executing in the browser.

公开(公告)号：US20230164077A1

公开(公告)日：2023-05-25

申请号：US18158694

申请日：2023-01-24

Applicant: CLOUDFLARE, INC.

Inventor： Christopher Philip BRANCH ,  Dane Orion KNECHT

IPC: H04L45/745 ,  H04L12/46

CPC classification number: H04L45/745 ,  H04L12/4641 ,  H04L12/4633 ,  H04L67/10

Abstract: Method and apparatus for traffic optimization in virtual private networks (VPNs). A client device establishes a first VPN connection with a first server based on first VPN credentials. Traffic is transmitted and received through the first VPN connection to and from the first server. A second server is identified based on traffic optimization criteria that need to be satisfied by the VPN connection. Upon receipt of the identification of the second server the client device is to use the second server as a destination of a second VPN connection. The second VPN connection satisfies a set of traffic optimization goals for at least one flow from the flows forwarded through the first VPN connection. Based on the identification of the second server, the client device establishes the second VPN connection for the flow between the client device and the second server.

公开(公告)号：US20230138161A1

公开(公告)日：2023-05-04

申请号：US18148642

申请日：2022-12-30

Applicant: CLOUDFLARE, INC.

Inventor： Kenton Taylor Varda ,  Zachary Aaron Bloom ,  Marek Przemyslaw Majkowski ,  Ingvar Stepanyan ,  Kyle Kloepper ,  Dane Orion Knecht ,  John Graham-Cumming ,  Dani Grant

IPC: G06F9/448 ,  H04L67/00 ,  H04L67/02 ,  H04L67/10 ,  G06F9/455 ,  H04L9/40 ,  H04L67/53 ,  H04L67/63 ,  G06F21/53

Abstract: A compute server receives a first request from a client device that triggers execution of a first third-party code piece. The first request is directed to a first zone. A single process at the compute server executes the first third-party code piece. As a result of executing the first third-party code piece, a second request is generated that triggers execution of a second third-party code piece. The second request is directed to a second zone. The single process executes the second third-party code piece. A response is generated to the first request based at least in part on the executed first third-party code piece and the executed second third-party code piece. The generated response is transmitted to the client device.

公开(公告)号：US20230110111A1

公开(公告)日：2023-04-13

申请号：US17867355

申请日：2022-07-18

Applicant: CLOUDFLARE, INC.

Inventor： James Howard Royal ,  Samuel Douglas Rhea

IPC: H04L9/40

Abstract: A server transmits to a third-party application a request for a resource that is received from a client. The server receives an authentication request from the client device that has been generated by the third-party application. The server transmits an identity provider selection page to the client device that allows the client device to select an identity provider. The server causes the client device to transmit a second authentication request to a selected identity provider. The server receives an authentication response that was generated by the identity provider that includes the identity of the user. The server enforces access rule(s) including identity-based rule(s) and/or non-identity based rule(s). If the user is permitted to access the third-party application, the server causes an authentication response to be transmitted from the client device to the third-party application that indicates the user has successfully authenticated.

公开(公告)号：US20230077576A1

公开(公告)日：2023-03-16

申请号：US17820142

申请日：2022-08-16

Applicant: CLOUDFLARE, INC.

Inventor： Jeff Sesung Kim ,  Jun Ho Choi

IPC: H04L45/302 ,  H04W40/00

Abstract: A mobile accelerator system includes point of presences (POPs) that includes an entry POP. The entry POP receives a query to a content server from a mobile device via a dedicated transport channel. The entry POP determines a direct connection score for a direct connection between the mobile device and the content server that does not traverse the mobile accelerator system. The entry POP determines a POP connection score for a connection between the mobile device and the content server through the entry POP and a candidate exit POP. The entry POP determines a dynamic path ranking based on the direct connection score, the POP connection score, and other POP connection score(s) associated with other candidate exit POP(s). The entry POP determines at least a portion of a dynamic path between the mobile device based on the dynamic path ranking and routes data transfers through that dynamic path.

公开(公告)号：US20230056734A1

公开(公告)日：2023-02-23

申请号：US17982358

申请日：2022-11-07

Applicant: CLOUDFLARE, INC.

Inventor： Jun Ho Choi

IPC: H04L47/27 ,  H04L47/10 ,  H04L47/283 ,  H04L47/193

Abstract: An edge server receives a first request message for transmission to the host device. The edge server determines a first congestion control algorithm based on the first request message, including characteristics of the first request message. The edge server applies the first congestion control algorithm to the transport connection for application to the transmission of the first request message. Subsequently, the edge server receives a second request message for transmission to the host device over the transport connection. Based on the second request message, including characteristics of the second request message, the edge server determines and applies a second congestion control algorithm to the transport connection for application to the transmission of the second request message, wherein the second congestion control algorithm is different from the first congestion control algorithm

公开(公告)号：US11546374B2

公开(公告)日：2023-01-03

申请号：US16908518

申请日：2020-06-22

Applicant: CLOUDFLARE, INC.

Inventor： Achiel Paul van der Mandele ,  Eric Reeves

IPC: H04L9/40 ,  H04L67/288 ,  H04L69/325 ,  H04L67/01 ,  H04L67/63

Abstract: A server receives internet traffic from a client device. The server is one of multiple servers of a distributed cloud computing network which are each associated with a set of server identity(ies) including a server/data center certification identity. The server processes, at layer 3, the internet traffic including participating in a layer 3 DDoS protection service. If the traffic is not dropped by the layer 3 DDoS protection service, further processing is performed. The server determines whether it is permitted to process the traffic at layers 5-7 including whether it is associated with a server/data center certification identity that meets a selected criteria for the destination of the internet traffic. If the server does not meet the criteria, it transmits the traffic to another one of the multiple servers for processing the traffic at layers 5-7.

公开(公告)号：US11546309B2

公开(公告)日：2023-01-03

申请号：US17036988

申请日：2020-09-29

Applicant: Cloudflare, Inc.

Inventor： Sébastien Andreas Henry Pahl ,  Matthieu Philippe François Tourne ,  Piotr Sikora ,  Ray Raymond Bejjani ,  Dane Orion Knecht ,  Matthew Browning Prince ,  John Graham-Cumming ,  Lee Hahn Holloway ,  Albertus Strasheim

IPC: H04L29/06 ,  H04L9/40 ,  G06F21/33 ,  H04L9/08 ,  H04L9/32

Abstract: A first server receives a set of cryptographic parameters from a second server. The set of cryptographic parameters is received from the second server as part of a secure session establishment between a client device and the second server. The first server accesses a private key that is not stored on the second server. The first server signs the set of cryptographic parameters using the private key. The first server transmits the signed set of cryptographic parameters to the second server. The first server receives, from the second server, a request to generate a premaster secret using a value generated by the second server that is included in the request and generates the premaster secret. The first server transmits the premaster secret to the second server for use in the secure session establishment between the client device and the second server.

公开(公告)号：US20220417211A1

公开(公告)日：2022-12-29

申请号：US17903828

申请日：2022-09-06

Applicant: CLOUDFLARE, INC.

Inventor： Marek Przemyslaw Majkowski ,  Braden Michael Ehrat ,  Sergi Isasi ,  Dane Orion Knecht ,  Dina Kozlov ,  Rustam Xing Lalkaka ,  Eric Reeves ,  Oliver Zi-gang Yu

IPC: H04L61/5007

Abstract: A map of IP addresses of a distributed cloud computing network to one or more groupings is stored. The IP addresses are anycast IP addresses for which compute servers of the distributed cloud computing network share. These IP addresses are to be used as source IP addresses when transmitting traffic to destinations external to the cloud computing network. The map is made available to external destinations. Traffic is received at the distributed cloud computing network that is destined to an external destination. An IP address is selected based on the characteristic(s) applicable for the traffic and the map. The distributed cloud computing network transmits the traffic to the external destination using the selected IP address.