公开(公告)号：US20220006878A1

公开(公告)日：2022-01-06

申请号：US17481222

申请日：2021-09-21

Applicant: Cloudflare, Inc.

Inventor： John Graham-Cumming ,  Andrew Galloni ,  Terin Stock

IPC: H04L29/08

Abstract: A browser receives a web page that includes a script that is configured to control subsequent requests of the browser for at least the web page and caches a first portion of the web page that includes reference(s) to other web resource(s). A subsequent request for the web page is dispatched to the script which returns the cached first portion of the web page to the browser and a request for the full web page is made. Request(s) are also transmitted for the web resource(s) referenced in the first portion of the web page without waiting for the full web page to be received. When the full web page is received, if the first portion of the page matches the corresponding portion of the full page, that corresponding portion is removed from the full page and the remaining page is returned to the browser.

公开(公告)号：US11128727B2

公开(公告)日：2021-09-21

申请号：US16155299

申请日：2018-10-09

Applicant: Cloudflare, Inc.

Inventor： John Graham-Cumming ,  Andrew Galloni ,  Terin Stock

IPC: H04L29/08 ,  H04L29/06

Abstract: A browser receives a web page that includes a script that is configured to control subsequent requests of the browser for at least the web page and caches a first portion of the web page that includes reference(s) to other web resource(s). A subsequent request for the web page is dispatched to the script which returns the cached first portion of the web page to the browser and a request for the full web page is made. Request(s) are also transmitted for the web resource(s) referenced in the first portion of the web page without waiting for the full web page to be received. When the full web page is received, if the first portion of the page matches the corresponding portion of the full page, that corresponding portion is removed from the full page and the remaining page is returned to the browser.

公开(公告)号：US11044335B2

公开(公告)日：2021-06-22

申请号：US16057722

申请日：2018-08-07

Applicant: CLOUDFLARE, INC.

Inventor： Dane Orion Knecht ,  John Graham-Cumming ,  Matthew Browning Prince

IPC: G06F15/16 ,  H04L29/08 ,  H04L29/06

Abstract: A near end point of presence (PoP) of a cloud proxy service receives, from a client device, a request for a network resource. A far end PoP from a plurality of PoPs of the cloud proxy service is identified. Responsive to determining that a version of the network resource is stored in the near end PoP, a request for the network resource is transmitted to the far end PoP with a version identifier that identifies that version. The far end PoP receives, from the near end PoP, a response that includes difference(s) between the version of the network resource stored in the near end PoP with a most current version of the network resource. The response does not include the entire network resource. The near end PoP applies the specified difference(s) to the version that it has stored to generate an updated version of the network resource, and transmits it to the client device.

公开(公告)号：US10798203B2

公开(公告)日：2020-10-06

申请号：US16443747

申请日：2019-06-17

Applicant: CLOUDFLARE, INC.

Inventor： John Graham-Cumming

IPC: H04L29/08 ,  H04L29/06

Abstract: A method and computing device for delta compression techniques for reducing network resource transmission size are described. A first request for a network resource is received. The requested network resource is retrieved. A first response including the network resource is transmitted to the near end network optimizer. The retrieved network resource is stored as a first version of the network resource regardless of a directive that a cached version of the network resource is not to be used to respond to future HTTP requests for that network resource without successful revalidation with an origin server. A second request for the network resource is received. A most current version of the network resource is retrieved. A set of differences between the first version and the most current version of the network resource are determined. The set of differences are transmitted to the near end network optimizer.

公开(公告)号：US20200280452A1

公开(公告)日：2020-09-03

申请号：US16820489

申请日：2020-03-16

Applicant: CLOUDFLARE, INC.

Inventor： Sébastien Andreas Henry Pahl ,  Matthieu Philippe François Tourne ,  Piotr Sikora ,  Ray Raymond Bejjani ,  Dane Orion Knecht ,  Matthew Browning Prince ,  John Graham-Cumming ,  Lee Hahn Holloway ,  Nicholas Thomas Sullivan ,  Albertus Strasheim

IPC: H04L9/32 ,  H04L29/06 ,  G06F21/33 ,  H04L9/08 ,  H04L29/08 ,  H04L9/14 ,  H04L9/30

Abstract: A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to the different server for decryption along with other information necessary to compute a master secret. The different server decrypts the encrypted premaster secret, generates the master secret, and transmits the master secret to the server. The server receives the master secret and continues with the handshake procedure including generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.

公开(公告)号：US10594496B2

公开(公告)日：2020-03-17

申请号：US16019109

申请日：2018-06-26

Applicant: CLOUDFLARE, INC.

Inventor： Sébastien Andreas Henry Pahl ,  Matthieu Philippe François Tourne ,  Piotr Sikora ,  Ray Raymond Bejjani ,  Dane Orion Knecht ,  Matthew Browning Prince ,  John Graham-Cumming ,  Lee Hahn Holloway ,  Nicholas Thomas Sullivan ,  Albertus Strasheim

IPC: H04L29/06 ,  H04L9/32 ,  G06F21/33 ,  H04L9/08 ,  H04L29/08 ,  H04L9/14 ,  H04L9/30

Abstract: A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to the different server for decryption along with other information necessary to compute a master secret. The different server decrypts the encrypted premaster secret, generates the master secret, and transmits the master secret to the server. The server receives the master secret and continues with the handshake procedure including generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.

公开(公告)号：US20190334855A1

公开(公告)日：2019-10-31

申请号：US16505433

申请日：2019-07-08

Applicant: CLOUDFLARE, INC.

Inventor： Lee Hahn Holloway ,  Ray Raymond Bejjani ,  Dane Orion Knecht ,  Matthew Browning Prince ,  John Graham-Cumming

IPC: H04L29/12

Abstract: A DNS name server manages CNAME records. The server receives a query for a first Address record for a fully qualified domain name from a requester. The server determines that the fully qualified domain name has a CNAME record, where the fully qualified domain name is a root domain. The server traverses a chain according to the CNAME record to locate a second Address record that includes an IP address. The server generates a response to the query that includes a third Address record for the fully qualified domain name that includes at least the IP address of the located second Address record. The server transmits the generated response to the requester.

公开(公告)号：US10348674B2

公开(公告)日：2019-07-09

申请号：US16121320

申请日：2018-09-04

Applicant: CLOUDFLARE, INC.

Inventor： Lee Hahn Holloway ,  Ray Raymond Bejjani ,  Dane Orion Knecht ,  Matthew Browning Prince ,  John Graham-Cumming

IPC: G06F15/16 ,  H04L29/12

Abstract: A method and apparatus for managing CNAME records such that CNAME records at the root domain are supported while complying with the RFC specification (an IP address is returned for any Address query for the root record). The authoritative DNS infrastructure acts as a DNS resolver where if there is a CNAME at the root record, rather than returning that record directly, a recursive lookup is used to follow the CNAME chain until an A record is located. The address associated with the A record is then returned. This effectively “flattens” the CNAME chain. This complies with the requirements of the DNS specification and is invisible to any service that interacts with the DNS server.

公开(公告)号：US20190097983A1

公开(公告)日：2019-03-28

申请号：US16188244

申请日：2018-11-12

Applicant: CLOUDFLARE, INC.

Inventor： Sébastien Andreas Henry Pahl ,  Matthieu Philippe François Tourne ,  Piotr Sikora ,  Ray Raymond Bejjani ,  Dane Orion Knecht ,  Matthew Browning Prince ,  John Graham-Cumming ,  Lee Hahn Holloway ,  Albertus Strasheim

IPC: H04L29/06 ,  G06F21/33 ,  H04L9/08 ,  H04L9/32

Abstract: A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to another server for decryption. The server receives the decrypted premaster secret and continues with the handshake procedure including generating a master secret from the decrypted premaster secret and generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.

公开(公告)号：US20190045023A1

公开(公告)日：2019-02-07

申请号：US16155299

申请日：2018-10-09

Applicant: Cloudflare, Inc.

Inventor： John Graham-Cumming ,  Andrew Galloni ,  Terin Stock

IPC: H04L29/08 ,  H04L29/06

Abstract: A browser receives a web page that includes a script that is configured to control subsequent requests of the browser for at least the web page and caches a first portion of the web page that includes reference(s) to other web resource(s). A subsequent request for the web page is dispatched to the script which returns the cached first portion of the web page to the browser and a request for the full web page is made. Request(s) are also transmitted for the web resource(s) referenced in the first portion of the web page without waiting for the full web page to be received. When the full web page is received, if the first portion of the page matches the corresponding portion of the full page, that corresponding portion is removed from the full page and the remaining page is returned to the browser.