公开(公告)号：US20220321354A1

公开(公告)日：2022-10-06

申请号：US17217703

申请日：2021-03-30

Applicant: CLOUDFLARE, INC.

Inventor： Watson Bernard Ladd ,  Alexander Andrew Davidson ,  Marwan Fayed ,  Armando Faz Hernández ,  Sai Krishna Deepak Maram ,  Nicholas Thomas Sullivan

IPC: H04L9/32 ,  H04L9/14 ,  G06F21/32

Abstract: A client device receives a challenge request from a server to prove that internet traffic was initiated by a human user through verifying a physical interaction between a human user and a hardware component. The client device causes a prompt to be displayed to perform the physical interaction with the hardware component. A cryptographic attestation is received that includes an attestation signature that is generated after confirmation that the physical interaction was performed with the hardware component. A zero-knowledge proof of the attestation signature is generated and transmitted to the server for verification. The client device receives the requested content responsive to the server verifying the validity of the zero-knowledge proof.

公开(公告)号：US11438178B2

公开(公告)日：2022-09-06

申请号：US16820489

申请日：2020-03-16

Applicant: CLOUDFLARE, INC.

Inventor： Sébastien Andreas Henry Pahl ,  Matthieu Philippe François Tourne ,  Piotr Sikora ,  Ray Raymond Bejjani ,  Dane Orion Knecht ,  Matthew Browning Prince ,  John Graham-Cumming ,  Lee Hahn Holloway ,  Nicholas Thomas Sullivan ,  Albertus Strasheim

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/40 ,  G06F21/33 ,  H04L9/08 ,  H04L67/141 ,  H04L67/01 ,  H04L9/14 ,  H04L9/30

Abstract: A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to the different server for decryption along with other information necessary to compute a master secret. The different server decrypts the encrypted premaster secret, generates the master secret, and transmits the master secret to the server. The server receives the master secret and continues with the handshake procedure including generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.

公开(公告)号：US10904227B2

公开(公告)日：2021-01-26

申请号：US15839494

申请日：2017-12-12

Applicant: Cloudflare, Inc.

Inventor： Nicholas Thomas Sullivan ,  Zi Lin ,  Rajeev Devendra Sharma

IPC: H04L29/06 ,  H04L29/08 ,  H04L9/08 ,  H04L9/14 ,  G06F16/958

Abstract: A request for a web page is received and the requested web page is retrieved. The web page is modified to obfuscate a set of form attribute values into a corresponding set of obfuscated form attribute values. The modified web page is transmitted to the requesting device. The modified web page does not include the set of form attribute values in their original form. Form data for the set of obfuscated form attribute values is received from the requesting device. The set of obfuscated form attribute values is deobfuscated thereby revealing the original set of form attribute values. The form data for the set of original form attribute values is further processed.

公开(公告)号：US20200280452A1

公开(公告)日：2020-09-03

申请号：US16820489

申请日：2020-03-16

Applicant: CLOUDFLARE, INC.

Inventor： Sébastien Andreas Henry Pahl ,  Matthieu Philippe François Tourne ,  Piotr Sikora ,  Ray Raymond Bejjani ,  Dane Orion Knecht ,  Matthew Browning Prince ,  John Graham-Cumming ,  Lee Hahn Holloway ,  Nicholas Thomas Sullivan ,  Albertus Strasheim

IPC: H04L9/32 ,  H04L29/06 ,  G06F21/33 ,  H04L9/08 ,  H04L29/08 ,  H04L9/14 ,  H04L9/30

Abstract: A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to the different server for decryption along with other information necessary to compute a master secret. The different server decrypts the encrypted premaster secret, generates the master secret, and transmits the master secret to the server. The server receives the master secret and continues with the handshake procedure including generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.

公开(公告)号：US10594496B2

公开(公告)日：2020-03-17

申请号：US16019109

申请日：2018-06-26

Applicant: CLOUDFLARE, INC.

Inventor： Sébastien Andreas Henry Pahl ,  Matthieu Philippe François Tourne ,  Piotr Sikora ,  Ray Raymond Bejjani ,  Dane Orion Knecht ,  Matthew Browning Prince ,  John Graham-Cumming ,  Lee Hahn Holloway ,  Nicholas Thomas Sullivan ,  Albertus Strasheim

IPC: H04L29/06 ,  H04L9/32 ,  G06F21/33 ,  H04L9/08 ,  H04L29/08 ,  H04L9/14 ,  H04L9/30

Abstract: A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to the different server for decryption along with other information necessary to compute a master secret. The different server decrypts the encrypted premaster secret, generates the master secret, and transmits the master secret to the server. The server receives the master secret and continues with the handshake procedure including generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.

公开(公告)号：US20190116039A1

公开(公告)日：2019-04-18

申请号：US15950088

申请日：2018-04-10

Applicant: Cloudflare, Inc.

Inventor： Nicholas Thomas Sullivan

IPC: H04L9/32 ,  G06F21/62 ,  G06F21/31 ,  H04L29/06 ,  H04L9/08 ,  G06F21/60 ,  G06F21/40 ,  G06F21/45

CPC classification number: H04L9/3226 ,  G06F21/31 ,  G06F21/40 ,  G06F21/45 ,  G06F21/60 ,  G06F21/62 ,  G06F21/6209 ,  G06F2221/2147 ,  H04L9/0822 ,  H04L9/085 ,  H04L9/0861 ,  H04L9/0863 ,  H04L63/0435 ,  H04L63/0478 ,  H04L63/065 ,  H04L63/08 ,  H04L63/10 ,  H04L63/104 ,  H04L2463/062

Abstract: A server receives a piece of data for encryption. The server encrypts the piece of data such that no single key can decrypt the encrypted piece of data and any combination of a first multiple of unique keys taken a second multiple at a time are capable of decrypting the encrypted piece of data. Each of the first multiple of unique keys is tied to account credentials of a different user. The second multiple is less than or equal to the first multiple. The encrypted piece of data is returned.

公开(公告)号：US20180323969A1

公开(公告)日：2018-11-08

申请号：US16043972

申请日：2018-07-24

Applicant: CLOUDFLARE, INC.

Inventor： Sébastien Andreas Henry Pahl ,  Matthieu Philippe François Tourne ,  Piotr Sikora ,  Ray Raymond Bejjani ,  Dane Orion Knecht ,  Matthew Browning Prince ,  John Graham-Cumming ,  Lee Hahn Holloway ,  Nicholas Thomas Sullivan ,  Albertus Strasheim

IPC: H04L9/08 ,  H04L9/32 ,  H04L29/06 ,  H04L9/14 ,  H04L9/30

CPC classification number: H04L9/0844 ,  H04L9/14 ,  H04L9/30 ,  H04L9/321 ,  H04L9/3263 ,  H04L9/3268 ,  H04L63/061 ,  H04L63/166

Abstract: A first server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different, second, server. The first server transmits messages between the client device and the second server where the second server has access to a private key that is not available on the first server. The first server receives from the second server a set of session key(s) used in the secure session for encrypting/decrypting communication between the client device and the first server. The session key(s) are generated using a master secret that is generated using a premaster secret generated using Diffie-Hellman public values selected by the client device and the second server. The first server uses the session key(s) to encrypt/decrypt communication with the client device.

公开(公告)号：US20180241733A1

公开(公告)日：2018-08-23

申请号：US15961632

申请日：2018-04-24

Applicant: CLOUDFLARE, INC.

Inventor： Daniel Morsing ,  Marek Majkowski ,  Nicholas Thomas Sullivan ,  Olafur Gudmundsson

IPC: H04L29/06 ,  H04L29/08 ,  H04L29/12

CPC classification number: H04L63/08 ,  H04L61/1511 ,  H04L63/12 ,  H04L67/10 ,  H04L67/1036 ,  H04L67/42

Abstract: A DNS server receives, from a client device, a DNS query for a resource record type at a domain name. The DNS server determines that the resource record type does not exist at the domain name and generates an answer that indicates that the queried resource record type does not exist at the domain name and also indicates that a plurality of other resource record types exist at the domain name regardless of whether those plurality of other resource record types actually exist at the domain name. The DNS server transmits the generated answer to the client device.

公开(公告)号：US20170237566A1

公开(公告)日：2017-08-17

申请号：US15585079

申请日：2017-05-02

Applicant: CloudFlare, Inc.

Inventor： Nicholas Thomas Sullivan

IPC: H04L9/32 ,  H04L9/08 ,  G06F21/40 ,  G06F21/62 ,  H04L29/06 ,  G06F21/31

CPC classification number: H04L9/3226 ,  G06F21/31 ,  G06F21/40 ,  G06F21/45 ,  G06F21/60 ,  G06F21/62 ,  G06F21/6209 ,  G06F2221/2147 ,  H04L9/0822 ,  H04L9/085 ,  H04L9/0861 ,  H04L9/0863 ,  H04L63/0435 ,  H04L63/0478 ,  H04L63/065 ,  H04L63/08 ,  H04L63/10 ,  H04L63/104 ,  H04L2463/062

Abstract: A server receives a piece of data for encryption. The server encrypts the piece of data such that no single key can decrypt the encrypted piece of data and any combination of a first multiple of unique keys taken a second multiple at a time are capable of decrypting the encrypted piece of data. Each of the first multiple of unique keys is tied to account credentials of a different user. The second multiple is less than or equal to the first multiple. The encrypted piece of data is returned.

公开(公告)号：US20170171247A1

公开(公告)日：2017-06-15

申请号：US14967156

申请日：2015-12-11

Applicant: CLOUDFLARE, INC.

Inventor： Nicholas Thomas Sullivan ,  Rajeev Devendra Sharma ,  Ryan Lackey ,  Zi Lin

IPC: H04L29/06 ,  H04L29/12 ,  H04L29/08

CPC classification number: H04L63/20 ,  H04L61/1511 ,  H04L63/0281 ,  H04L63/166 ,  H04L67/02

Abstract: A method and apparatus for enabling an HSTS policy for a subdomain of a domain is described. A request for content at a subdomain of a domain is received at a proxy server from a client device over a secure transport. The proxy server determines whether the subdomain is associated with a rule indicating that Hypertext Transport Protocol Strict Transport Security (HSTS) is to be enabled for the subdomain of the domain. Responsive to determining that the subdomain is associated with the rule, the proxy server transmits, to the client device, a first response that includes an HSTS header and which instructs the client device to communicate only over the secure transport for requests for content at the subdomain, wherein the first response includes the HSTS header regardless of whether HSTS has been enabled for the subdomain at an origin server.