公开(公告)号：US10791110B2

公开(公告)日：2020-09-29

申请号：US15206118

申请日：2016-07-08

Applicant: CLOUDFLARE, INC.

Inventor： Lee Hahn Holloway ,  Nicholas Thomas Sullivan

IPC: H04L29/06 ,  H04L9/32

Abstract: A server receives a single certificate signature request from a requestor and determines that the requestor is authorized for a certificate corresponding to the single certificate signature request. The server generates a first certificate corresponding to the single certificate signature request, wherein the first certificate has a first expiry value. The server transmits the generated first certificate to the requestor. Responsive to an amount of time elapsing, the server automatically generating a second certificate corresponding to the single certificate signature request, wherein the amount of time expiring is less than the first expiry value. The server transmits the generated second certificate to the requestor.

公开(公告)号：US20190281032A1

公开(公告)日：2019-09-12

申请号：US16422947

申请日：2019-05-24

Applicant: CLOUDFLARE, INC.

Inventor： Nicholas Thomas Sullivan ,  Lee Hahn Holloway ,  Piotr Sikora ,  Ryan Lackey ,  John Graham-Cumming ,  Dane Orion Knecht ,  Patrick Donahue ,  Zi Lin

IPC: H04L29/06 ,  H04L9/32 ,  G06F21/33

Abstract: A server receives a request from a client to establish a secure session. The server analyzes the request to determine a set of one or more properties of the request. The server selects, based at least in part on the determined set of properties, one of multiple certificates for a hostname of the server, where each of the certificates is signed using a different signature and hash algorithm pair. The server returns the selected certificate to the client.

公开(公告)号：US10178128B2

公开(公告)日：2019-01-08

申请号：US14967156

申请日：2015-12-11

Applicant: CLOUDFLARE, INC.

Inventor： Nicholas Thomas Sullivan ,  Rajeev Devendra Sharma ,  Ryan Lackey ,  Zi Lin

IPC: G06F17/00 ,  H04L29/06 ,  H04L29/08 ,  H04L29/12

Abstract: A method and apparatus for enabling an HSTS policy for a subdomain of a domain is described. A request for content at a subdomain of a domain is received at a proxy server from a client device over a secure transport. The proxy server determines whether the subdomain is associated with a rule indicating that Hypertext Transport Protocol Strict Transport Security (HSTS) is to be enabled for the subdomain of the domain. Responsive to determining that the subdomain is associated with the rule, the proxy server transmits, to the client device, a first response that includes an HSTS header and which instructs the client device to communicate only over the secure transport for requests for content at the subdomain, wherein the first response includes the HSTS header regardless of whether HSTS has been enabled for the subdomain at an origin server.

公开(公告)号：US10033699B2

公开(公告)日：2018-07-24

申请号：US15148867

申请日：2016-05-06

Applicant: CLOUDFLARE, INC.

Inventor： Nicholas Thomas Sullivan ,  Olafur Gudmundsson ,  Filippo Valsorda

IPC: H04L29/06 ,  H04L29/12 ,  H04L29/08

Abstract: A first DNS server receives, from a client device, a DNS query for a domain name and transmits, to a second DNS server, the DNS query for the domain name. The first DNS server receives, from the second DNS server, an answer to the DNS query that is unsigned. The first DNS server signs the received answer to the DNS query and transmits, to the client device, the signed DNS answer.

公开(公告)号：US20180115534A1

公开(公告)日：2018-04-26

申请号：US15839494

申请日：2017-12-12

Applicant: Cloudflare, Inc.

Inventor： Nicholas Thomas Sullivan ,  Zi Lin ,  Rajeev Devendra Sharma

IPC: H04L29/06 ,  H04L9/08 ,  H04L29/08 ,  G06F17/30 ,  H04L9/14

CPC classification number: H04L63/0435 ,  G06F16/958 ,  H04L9/0819 ,  H04L9/14 ,  H04L63/0281 ,  H04L63/061 ,  H04L63/10 ,  H04L63/168 ,  H04L67/2842 ,  H04L2209/24

Abstract: A request for a web page is received and the requested web page is retrieved. The web page is modified to obfuscate a set of form attribute values into a corresponding set of obfuscated form attribute values. The modified web page is transmitted to the requesting device. The modified web page does not include the set of form attribute values in their original form. Form data for the set of obfuscated form attribute values is received from the requesting device. The set of obfuscated form attribute values is deobfuscated thereby revealing the original set of form attribute values. The form data for the set of original form attribute values is further processed.

公开(公告)号：US20170237571A1

公开(公告)日：2017-08-17

申请号：US15271190

申请日：2016-09-20

Applicant: CLOUDFLARE, INC.

Inventor： Sébastien Andreas Henry Pahl ,  Matthieu Philippe François Tourne ,  Piotr Sikora ,  Ray Raymond Bejjani ,  Dane Orion Knecht ,  Matthew Browning Prince ,  John Graham-Cumming ,  Lee Hahn Holloway ,  Nicholas Thomas Sullivan ,  Albertus Strasheim

IPC: H04L9/32 ,  H04L29/08 ,  H04L9/30 ,  H04L29/06 ,  H04L9/08 ,  H04L9/14

CPC classification number: H04L9/3263 ,  G06F21/33 ,  H04L9/083 ,  H04L9/0841 ,  H04L9/0844 ,  H04L9/14 ,  H04L9/3013 ,  H04L9/3247 ,  H04L63/0428 ,  H04L63/0485 ,  H04L63/061 ,  H04L63/0823 ,  H04L63/0869 ,  H04L63/164 ,  H04L63/166 ,  H04L63/205 ,  H04L67/141 ,  H04L67/42

Abstract: A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to the different server for decryption along with other information necessary to compute a master secret. The different server decrypts the encrypted premaster secret, generates the master secret, and transmits the master secret to the server. The server receives the master secret and continues with the handshake procedure including generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.

公开(公告)号：US20170180312A1

公开(公告)日：2017-06-22

申请号：US14978209

申请日：2015-12-22

Applicant: CLOUDFLARE, INC.

Inventor： Nicholas Thomas Sullivan

IPC: H04L29/12 ,  H04L29/08

CPC classification number: H04L61/3025 ,  H04L61/1511 ,  H04L61/6013 ,  H04L67/28

Abstract: Methods and apparatuses for identifying a domain of a command and control server of a botnet are described. Upon receipt of a request to register a domain for a service that includes a proxy server, where the proxy server is to receive and process traffic for that domain if registration is successful, a determination of whether the domain was generated by a domain generation algorithm (DGA) is performed. Responsive to determining that the domain was generated by the DGA, performing at least one of: denying registration of the domain for the service, and accepting registration of the domain for the service and causing the proxy server to monitor communications received to and from the domain

公开(公告)号：US09401919B2

公开(公告)日：2016-07-26

申请号：US14578223

申请日：2014-12-19

Applicant: CloudFlare, Inc.

Inventor： Nicholas Thomas Sullivan ,  Zi Lin ,  Rajeev Devendra Sharma

IPC: H04L29/06 ,  G06F17/30 ,  H04L9/08 ,  H04L9/14 ,  H04L9/32

CPC classification number: H04L63/0435 ,  G06F17/3089 ,  H04L9/0819 ,  H04L9/14 ,  H04L63/0281 ,  H04L63/061 ,  H04L63/10 ,  H04L63/168 ,  H04L67/2842 ,  H04L2209/24

Abstract: A request for a web page is received and the requested web page is retrieved. The web page is modified to obfuscate a set of form attribute values into a corresponding set of obfuscated form attribute values. The modified web page is transmitted to the requesting device. The modified web page does not include the set of form attribute values in their original form. Form data for the set of obfuscated form attribute values is received from the requesting device. The set of obfuscated form attribute values is deobfuscated thereby revealing the original set of form attribute values. The form data for the set of original form attribute values is further processed.

Abstract translation: 接收到对网页的请求，并且检索所请求的网页。 修改网页以将一组表单属性值混淆到相应的一组混淆形式属性值中。 被修改的网页被发送到请求设备。 修改后的网页不包含其原始形式的表单属性值集合。 从请求设备接收到用于一组混淆形式属性值的表单数据。 混淆形式属性值的集合被反混淆，从而揭示原始的表单属性值集合。 进一步处理原始表单属性值集合的表单数据。

公开(公告)号：US10484176B2

公开(公告)日：2019-11-19

申请号：US15950088

申请日：2018-04-10

Applicant: Cloudflare, Inc.

Inventor： Nicholas Thomas Sullivan

IPC: H04L9/32 ,  G06F21/45 ,  H04L29/06 ,  H04L9/08 ,  G06F21/62 ,  G06F21/31 ,  G06F21/60 ,  G06F21/40

Abstract: A server receives a piece of data for encryption. The server encrypts the piece of data such that no single key can decrypt the encrypted piece of data and any combination of a first multiple of unique keys taken a second multiple at a time are capable of decrypting the encrypted piece of data. Each of the first multiple of unique keys is tied to account credentials of a different user. The second multiple is less than or equal to the first multiple. The encrypted piece of data is returned.

公开(公告)号：US10305871B2

公开(公告)日：2019-05-28

申请号：US14964491

申请日：2015-12-09

Applicant: CLOUDFLARE, INC.

Inventor： Nicholas Thomas Sullivan ,  Lee Hahn Holloway ,  Piotr Sikora ,  Ryan Lackey ,  John Graham-Cumming ,  Dane Orion Knecht ,  Patrick Donahue ,  Zi Lin

IPC: H04L29/06 ,  G06F21/33

Abstract: A server receives a request from a client to establish a secure session. The server analyzes the request to determine a set of one or more properties of the request. The server selects, based at least in part on the determined set of properties, one of multiple certificates for a hostname of the server, where each of the certificates is signed using a different signature and hash algorithm pair. The server returns the selected certificate to the client.