公开(公告)号：US11128733B2

公开(公告)日：2021-09-21

申请号：US16367207

申请日：2019-03-27

Applicant: CLOUDFLARE, INC.

Inventor： Patrick Meenan ,  Dane Orion Knecht

IPC: H04L29/08

Abstract: A process for prioritizing content responses executed by a first server in a distributed cloud platform. The first server including processor, and a non-transitory machine-readable storage medium that provides instructions that, when executed by the processor, causes the first server to perform operations including to receive, at a proxy server, a request for a plurality of content items from a client device, where the proxy server is in a distributed cloud computing platform, to receive at least one of the plurality of content items from an origin server or a cache, to determine a priority scheme for ordering the plurality of content items, where the priority scheme differs from a priority scheme of the client device and differs from a priority scheme of a domain of the plurality of content items, and to send a response including the plurality of content items to the client device in an order according to the priority determined scheme.

公开(公告)号：US20210014204A1

公开(公告)日：2021-01-14

申请号：US17036988

申请日：2020-09-29

Applicant: Cloudflare, Inc.

Inventor： Sébastien Andreas Henry Pahl ,  Matthieu Philippe François Tourne ,  Piotr Sikora ,  Ray Raymond Bejjani ,  Dane Orion Knecht ,  Matthew Browning Prince ,  John Graham-Cumming ,  Lee Hahn Holloway ,  Albertus Strasheim

IPC: H04L29/06 ,  G06F21/33 ,  H04L9/08 ,  H04L9/32

Abstract: A first server receives a set of cryptographic parameters from a second server. The set of cryptographic parameters is received from the second server as part of a secure session establishment between a client device and the second server. The first server accesses a private key that is not stored on the second server. The first server signs the set of cryptographic parameters using the private key. The first server transmits the signed set of cryptographic parameters to the second server. The first server receives, from the second server, a request to generate a premaster secret using a value generated by the second server that is included in the request and generates the premaster secret. The first server transmits the premaster secret to the second server for use in the secure session establishment between the client device and the second server.

公开(公告)号：US10893031B2

公开(公告)日：2021-01-12

申请号：US16422947

申请日：2019-05-24

Applicant: CLOUDFLARE, INC.

Inventor： Nicholas Thomas Sullivan ,  Lee Hahn Holloway ,  Piotr Sikora ,  Ryan Lackey ,  John Graham-Cumming ,  Dane Orion Knecht ,  Patrick Donahue ,  Zi Lin

IPC: H04L29/06 ,  H04L9/32 ,  G06F21/33

Abstract: A server receives a request from a client to establish a secure session. The server analyzes the request to determine a set of one or more properties of the request. The server selects, based at least in part on the determined set of properties, one of multiple certificates for a hostname of the server, where each of the certificates is signed using a different signature and hash algorithm pair. The server returns the selected certificate to the client.

公开(公告)号：US10860340B2

公开(公告)日：2020-12-08

申请号：US16450585

申请日：2019-06-24

Applicant: CLOUDFLARE, INC.

Inventor： Kenton Taylor Varda ,  Zachary Aaron Bloom ,  Marek Przemyslaw Majkowski ,  Ingvar Stepanyan ,  Kyle Kloepper ,  Dane Orion Knecht ,  John Graham-Cumming ,  Dani Grant

IPC: G06F9/448 ,  H04L29/08 ,  H04L29/06 ,  G06F9/455

Abstract: A compute server receives a request from a client device that triggers execution of a code piece. The compute server is one of multiple compute servers that are part of a distributed cloud computing network. The request is directed to a zone. A single process at the compute server executes the code piece in an isolated execution environment. The single process is also executing other code pieces in other isolated execution environments respectively. A response is generated to the request based at least in part on the executed code piece, and the generated response is transmitted to the client device.

公开(公告)号：US20200322438A1

公开(公告)日：2020-10-08

申请号：US16909757

申请日：2020-06-23

Applicant: CLOUDFLARE, INC.

Inventor： Dane Orion Knecht

IPC: H04L29/08 ,  H04L29/06 ,  H04L9/32 ,  G06F21/64

Abstract: A client network application transmits a request for a network resource to a server. The client receives a response that includes a network resource that includes a digital signature that represents that at least a portion of the received network resource has been determined to be conforming to a set of rule(s). The client determines whether the digital signature is valid. If it is valid, the client processes the network resource in a pipeline (e.g., a fast path pipeline) and if it is not valid, the client may process the network resource in a different pipeline (e.g., a non fast-path pipeline).

公开(公告)号：US10785198B2

公开(公告)日：2020-09-22

申请号：US16188244

申请日：2018-11-12

Applicant: CLOUDFLARE, INC.

Inventor： Sébastien Andreas Henry Pahl ,  Matthieu Philippe François Tourne ,  Piotr Sikora ,  Ray Raymond Bejjani ,  Dane Orion Knecht ,  Matthew Browning Prince ,  John Graham-Cumming ,  Lee Hahn Holloway ,  Albertus Strasheim

IPC: H04L29/06 ,  G06F21/33 ,  H04L9/08 ,  H04L9/32

Abstract: A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to another server for decryption. The server receives the decrypted premaster secret and continues with the handshake procedure including generating a master secret from the decrypted premaster secret and generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.

公开(公告)号：US10779015B2

公开(公告)日：2020-09-15

申请号：US15726315

申请日：2017-10-05

Applicant: Cloudflare, Inc.

Inventor： Dane Orion Knecht ,  Igor Postelnik ,  Oliver Yu ,  John Graham-Cumming ,  Dani Grant ,  Nitin Rao

IPC: H04N21/231 ,  H04N21/218 ,  H04N21/239 ,  H04N21/232 ,  H04N21/262 ,  H04N21/845

Abstract: A server in a content delivery network (CDN) receives a request for a web page of a domain handled by an origin server. The server retrieves the web page and the web page references a video. The server retrieves a file that indicates a list of locations of the domain in which segments of the video are located. The server fetches at least an initial portion of the segments. The server receives a request for the video. The server transmits to the requester at least the initial portion of the segments. The server receives a subsequent request of a different portion of the segments. The server transmits a response to the requester that instructs the requester to transmit the request for the different portion of segments to a second server in the CDN.

公开(公告)号：US10693979B2

公开(公告)日：2020-06-23

申请号：US15920298

申请日：2018-03-13

Applicant: CLOUDFLARE, INC.

Inventor： Dane Orion Knecht

IPC: H04L29/08 ,  H04L29/06 ,  H04L9/32 ,  G06F21/64

Abstract: A first server receives, from a client network application, a request for a network resource. The first server retrieves the requested network resource, where the requested network resource is handled by a second server that is different than the first server. The first server validates whether at least a portion of the retrieved network resource conforms to a set of one or more rules. If it does, the first server cryptographically signs the at least portion of the retrieved network resource thereby creating a digital signature. The first server transmits a response to the client network application that includes the at least the portion of the retrieved network resource and the digital signature. The client network application is configured to validate the first digital signature that validates that the portion of the network resource conforms to the set of rules.

公开(公告)号：US10601941B1

公开(公告)日：2020-03-24

申请号：US16203444

申请日：2018-11-28

Applicant: CLOUDFLARE, INC.

Inventor： Igor Postelnik ,  John Fawcett ,  Dane Orion Knecht ,  Oliver Zi-gang Yu ,  Dani Grant

IPC: G06F15/173 ,  H04L29/08 ,  G06Q30/02 ,  H04L29/06

Abstract: A method and system for optimization of an advertisement in a network resource in a proxy server of a cloud-based proxy service are described. Responsive to determining that there is an advertisement element in a network resource, the proxy server automatically modifies the advertisement element. The automatic modification of the advertisement element includes: 1) compressing style code into compressed style code; 2) compressing the image; and 3) compressing the style generation code. The proxy server generates a modified version of the network resource including the modified version of the advertisement element, where the modified version of the advertisement element is smaller in size than the advertisement element included in the network resource retrieved from the origin server; and transmits the modified version of the network resource to the client device instead of the network resource.

公开(公告)号：US20190281032A1

公开(公告)日：2019-09-12

申请号：US16422947

申请日：2019-05-24

Applicant: CLOUDFLARE, INC.

Inventor： Nicholas Thomas Sullivan ,  Lee Hahn Holloway ,  Piotr Sikora ,  Ryan Lackey ,  John Graham-Cumming ,  Dane Orion Knecht ,  Patrick Donahue ,  Zi Lin

IPC: H04L29/06 ,  H04L9/32 ,  G06F21/33

Abstract: A server receives a request from a client to establish a secure session. The server analyzes the request to determine a set of one or more properties of the request. The server selects, based at least in part on the determined set of properties, one of multiple certificates for a hostname of the server, where each of the certificates is signed using a different signature and hash algorithm pair. The server returns the selected certificate to the client.