公开(公告)号：US20170171172A1

公开(公告)日：2017-06-15

申请号：US14964491

申请日：2015-12-09

Applicant: CLOUDFLARE, INC.

Inventor： Nicholas Thomas Sullivan ,  Lee Hahn Holloway ,  Piotr Sikora ,  Ryan Lackey ,  John Graham-Cumming ,  Dane Orion Knecht ,  Patrick Donahue ,  Zi Lin

IPC: H04L29/06 ,  G06F21/33

CPC classification number: H04L63/061 ,  G06F21/33 ,  H04L63/205

Abstract: A server receives a request from a client to establish a secure session. The server analyzes the request to determine a set of one or more properties of the request. The server selects, based at least in part on the determined set of properties, one of multiple certificates for a hostname of the server, where each of the certificates is signed using a different signature and hash algorithm pair. The server returns the selected certificate to the client.

公开(公告)号：US20170063531A1

公开(公告)日：2017-03-02

申请号：US14945089

申请日：2015-11-18

Applicant: CloudFlare, Inc.

Inventor： Nicholas Thomas Sullivan

IPC: H04L9/06 ,  H04L9/08 ,  H04L9/30 ,  H04L9/16

CPC classification number: H04L9/3226 ,  G06F21/31 ,  G06F21/40 ,  G06F21/45 ,  G06F21/60 ,  G06F21/62 ,  G06F21/6209 ,  G06F2221/2147 ,  H04L9/0822 ,  H04L9/085 ,  H04L9/0861 ,  H04L9/0863 ,  H04L63/0435 ,  H04L63/0478 ,  H04L63/065 ,  H04L63/08 ,  H04L63/10 ,  H04L63/104 ,  H04L2463/062

Abstract: A server receives a piece of data for encryption. The server encrypts the piece of data such that no single key can decrypt the encrypted piece of data and any combination of a first multiple of unique keys taken a second multiple at a time are capable of decrypting the encrypted piece of data. Each of the first multiple of unique keys is tied to account credentials of a different user. The second multiple is less than or equal to the first multiple. The encrypted piece of data is returned.

Abstract translation: 服务器接收一段数据进行加密。 服务器对该数据进行加密，使得没有一个密钥可以对加密的数据进行解密，并且每次采用第二个多个的唯一密钥的第一多个的任意组合能够对加密的数据进行解密。 每个唯一键的第一个倍数与不同用户的帐户凭据相关联。 第二个倍数小于或等于第一个倍数。 返回加密的数据。

公开(公告)号：US20160330174A1

公开(公告)日：2016-11-10

申请号：US15148867

申请日：2016-05-06

Applicant: CLOUDFLARE, INC.

Inventor： Nicholas Thomas Sullivan ,  Olafur Gudmundsson

IPC: H04L29/06 ,  H04L29/08 ,  H04L29/12

CPC classification number: H04L63/0281 ,  H04L61/1511 ,  H04L63/12 ,  H04L67/2819

Abstract: A first DNS server receives, from a client device, a DNS query for a domain name and transmits, to a second DNS server, the DNS query for the domain name The first DNS server receives, from the second DNS server, an answer to the DNS query that is unsigned. The first DNS server signs the received answer to the DNS query and transmits, to the client device, the signed DNS answer.

Abstract translation: 第一DNS服务器从客户端设备接收域名的DNS查询，并向第二DNS服务器发送域名的DNS查询。第一DNS服务器从第二DNS服务器接收对该域的答案 无符号的DNS查询。 第一个DNS服务器将接收到的答案标记为DNS查询，并向客户端设备发送签名的DNS答案。

公开(公告)号：US20160014114A1

公开(公告)日：2016-01-14

申请号：US14675385

申请日：2015-03-31

Applicant: CLOUDFLARE, INC.

Inventor： Sébastien Andreas Henry Pahl ,  Matthieu Philippe François Tourne ,  Piotr Sikora ,  Ray Raymond Bejjani ,  Dane Orion Knecht ,  Matthew Browning Prince ,  John Graham-Cumming ,  Lee Hahn Holloway ,  Nicholas Thomas Sullivan ,  Albertus Strasheim

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L9/3263 ,  G06F21/33 ,  H04L9/083 ,  H04L9/0841 ,  H04L9/0844 ,  H04L9/14 ,  H04L9/3013 ,  H04L9/3247 ,  H04L63/0428 ,  H04L63/0485 ,  H04L63/061 ,  H04L63/0823 ,  H04L63/0869 ,  H04L63/164 ,  H04L63/166 ,  H04L63/205 ,  H04L67/141 ,  H04L67/42

Abstract: A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to the different server for decryption along with other information necessary to compute a master secret. The different server decrypts the encrypted premaster secret, generates the master secret, and transmits the master secret to the server. The server receives the master secret and continues with the handshake procedure including generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.

Abstract translation: 服务器与客户端设备建立安全会话，其中在建立安全会话时用于握手的私钥被存储在不同的服务器中。 在握手过程中，服务器接收使用与客户端设备尝试建立安全会话的域绑定的公共密钥进行加密的预安全秘密。 服务器将加密的前端机密发送到不同的服务器以进行解密，以及计算主密钥所需的其他信息。 不同的服务器解密加密的前提密码，生成主密钥，并将主密钥发送到服务器。 服务器接收主密钥并继续握手过程，包括生成在安全会话中使用的一个或多个会话密钥，用于加密和解密客户端设备与服务器之间的通信。