公开(公告)号：US11736740B2

公开(公告)日：2023-08-22

申请号：US17020580

申请日：2020-09-14

Applicant: Cloudflare, Inc.

Inventor： Dane Orion Knecht ,  Igor Postelnik ,  Oliver Yu ,  John Graham-Cumming ,  Dani Grant ,  Nitin Rao

IPC: H04N21/231 ,  H04N21/232 ,  H04N21/845 ,  H04N21/239 ,  H04N21/218 ,  H04N21/262

CPC classification number: H04N21/23103 ,  H04N21/2181 ,  H04N21/2323 ,  H04N21/2393 ,  H04N21/26258 ,  H04N21/8456

Abstract: A server in a content delivery network (CDN) receives a request for a web page of a domain handled by an origin server. The server retrieves the web page and the web page references a video. The server retrieves a file that indicates a list of locations of the domain in which segments of the video are located. The server fetches at least an initial portion of the segments. The server receives a request for the video. The server transmits to the requester at least the initial portion of the segments. The server receives a subsequent request of a different portion of the segments. The server transmits a response to the requester that instructs the requester to transmit the request for the different portion of segments to a second server in the CDN.

公开(公告)号：US11647096B2

公开(公告)日：2023-05-09

申请号：US17504957

申请日：2021-10-19

Applicant: CLOUDFLARE, INC.

Inventor： Christopher Stephen Joel ,  Lee Hahn Holloway ,  Dane Orion Knecht ,  Albertus Strasheim

IPC: H04L67/02 ,  G06F40/151 ,  G06F40/166 ,  G06F16/95 ,  H04L67/01 ,  H04L67/566 ,  H04L67/565 ,  G06F16/957

CPC classification number: H04L67/565 ,  G06F16/95 ,  G06F16/9574 ,  G06F40/151 ,  G06F40/166 ,  H04L67/01 ,  H04L67/02 ,  H04L67/566

Abstract: A request for a web page is received at a proxy server. The request originates from a client network application of a client device. The requested web page includes multiple references to multiple images. The proxy server retrieves the requested web page. The proxy server modifies code of the retrieved web page such that the client network application will not, for each one of those images, initially request those images when parsing the page. The proxy server also adds code to the retrieved web page that, when executed by the client network application, causes at least two of the images to be requested with a single request. The proxy server transmits the modified web page to the client device.

公开(公告)号：US11438178B2

公开(公告)日：2022-09-06

申请号：US16820489

申请日：2020-03-16

Applicant: CLOUDFLARE, INC.

Inventor： Sébastien Andreas Henry Pahl ,  Matthieu Philippe François Tourne ,  Piotr Sikora ,  Ray Raymond Bejjani ,  Dane Orion Knecht ,  Matthew Browning Prince ,  John Graham-Cumming ,  Lee Hahn Holloway ,  Nicholas Thomas Sullivan ,  Albertus Strasheim

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/40 ,  G06F21/33 ,  H04L9/08 ,  H04L67/141 ,  H04L67/01 ,  H04L9/14 ,  H04L9/30

Abstract: A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to the different server for decryption along with other information necessary to compute a master secret. The different server decrypts the encrypted premaster secret, generates the master secret, and transmits the master secret to the server. The server receives the master secret and continues with the handshake procedure including generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.

公开(公告)号：US11316825B2

公开(公告)日：2022-04-26

申请号：US16883116

申请日：2020-05-26

Applicant: CLOUDFLARE, INC.

Inventor： Dane Orion Knecht ,  John Graham-Cumming ,  Dani Grant ,  Christopher Philip Branch ,  Tom Paseka

IPC: H04L61/2592 ,  H04L61/4511 ,  H04L67/02 ,  H04L67/01 ,  H04L12/46 ,  H04L67/1031 ,  H04L67/10 ,  H04L67/1017 ,  H04L61/5007

Abstract: An edge server of a distributed edge compute and routing service receives a tunnel connection request from a tunnel client residing on an origin server, that requests a tunnel be established between the edge server and the tunnel client. The request identifies the hostname that is to be tunneled. An IP address is assigned for the tunnel. DNS record(s) are added or changed that associate the hostname with the assigned IP address. Routing rules are installed in the edge servers of the distributed edge compute and routing service to reach the edge server for the tunneled hostname. The edge server receives a request for a resource of the tunneled hostname from another edge server that received the request from a client, where the other edge server is not connected to the origin server. The request is transmitted from the edge server to the origin server over the tunnel.

公开(公告)号：US20220038550A1

公开(公告)日：2022-02-03

申请号：US17504957

申请日：2021-10-19

Applicant: CLOUDFLARE, INC.

Inventor： Christopher Stephen Joel ,  Lee Hahn Holloway ,  Dane Orion Knecht ,  Albertus Strasheim

IPC: H04L29/08 ,  H04L29/06 ,  G06F16/95 ,  G06F16/957 ,  G06F40/151 ,  G06F40/166

Abstract: A request for a web page is received at a proxy server. The request originates from a client network application of a client device. The requested web page includes multiple references to multiple images. The proxy server retrieves the requested web page. The proxy server modifies code of the retrieved web page such that the client network application will not, for each one of those images, initially request those images when parsing the page. The proxy server also adds code to the retrieved web page that, when executed by the client network application, causes at least two of the images to be requested with a single request. The proxy server transmits the modified web page to the client device.

公开(公告)号：US11044335B2

公开(公告)日：2021-06-22

申请号：US16057722

申请日：2018-08-07

Applicant: CLOUDFLARE, INC.

Inventor： Dane Orion Knecht ,  John Graham-Cumming ,  Matthew Browning Prince

IPC: G06F15/16 ,  H04L29/08 ,  H04L29/06

Abstract: A near end point of presence (PoP) of a cloud proxy service receives, from a client device, a request for a network resource. A far end PoP from a plurality of PoPs of the cloud proxy service is identified. Responsive to determining that a version of the network resource is stored in the near end PoP, a request for the network resource is transmitted to the far end PoP with a version identifier that identifies that version. The far end PoP receives, from the near end PoP, a response that includes difference(s) between the version of the network resource stored in the near end PoP with a most current version of the network resource. The response does not include the entire network resource. The near end PoP applies the specified difference(s) to the version that it has stored to generate an updated version of the network resource, and transmits it to the client device.

公开(公告)号：US10778582B2

公开(公告)日：2020-09-15

申请号：US16444795

申请日：2019-06-18

Applicant: CLOUDFLARE, INC.

Inventor： Christopher Philip Branch ,  Dane Orion Knecht

IPC: H04L12/741 ,  H04L12/46 ,  H04L29/06 ,  H04L29/08

Abstract: Method and apparatus for traffic optimization in virtual private networks (VPNs). A client device establishes a first VPN connection with a first server based on first VPN credentials. Traffic is transmitted and received through the first VPN connection to and from the first server. A second server is identified based on traffic optimization criteria that need to be satisfied by the VPN connection. Upon receipt of the identification of the second server the client device is to use the second server as a destination of a second VPN connection. The second VPN connection satisfies a set of traffic optimization goals for at least one flow from the flows forwarded through the first VPN connection. Based on the identification of the second server, the client device establishes the second VPN connection for the flow between the client device and the second server.

公开(公告)号：US20200280452A1

公开(公告)日：2020-09-03

申请号：US16820489

申请日：2020-03-16

Applicant: CLOUDFLARE, INC.

Inventor： Sébastien Andreas Henry Pahl ,  Matthieu Philippe François Tourne ,  Piotr Sikora ,  Ray Raymond Bejjani ,  Dane Orion Knecht ,  Matthew Browning Prince ,  John Graham-Cumming ,  Lee Hahn Holloway ,  Nicholas Thomas Sullivan ,  Albertus Strasheim

IPC: H04L9/32 ,  H04L29/06 ,  G06F21/33 ,  H04L9/08 ,  H04L29/08 ,  H04L9/14 ,  H04L9/30

Abstract: A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to the different server for decryption along with other information necessary to compute a master secret. The different server decrypts the encrypted premaster secret, generates the master secret, and transmits the master secret to the server. The server receives the master secret and continues with the handshake procedure including generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.

公开(公告)号：US10594496B2

公开(公告)日：2020-03-17

申请号：US16019109

申请日：2018-06-26

Applicant: CLOUDFLARE, INC.

Inventor： Sébastien Andreas Henry Pahl ,  Matthieu Philippe François Tourne ,  Piotr Sikora ,  Ray Raymond Bejjani ,  Dane Orion Knecht ,  Matthew Browning Prince ,  John Graham-Cumming ,  Lee Hahn Holloway ,  Nicholas Thomas Sullivan ,  Albertus Strasheim

IPC: H04L29/06 ,  H04L9/32 ,  G06F21/33 ,  H04L9/08 ,  H04L29/08 ,  H04L9/14 ,  H04L9/30

Abstract: A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to the different server for decryption along with other information necessary to compute a master secret. The different server decrypts the encrypted premaster secret, generates the master secret, and transmits the master secret to the server. The server receives the master secret and continues with the handshake procedure including generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.

公开(公告)号：US20190334855A1

公开(公告)日：2019-10-31

申请号：US16505433

申请日：2019-07-08

Applicant: CLOUDFLARE, INC.

Inventor： Lee Hahn Holloway ,  Ray Raymond Bejjani ,  Dane Orion Knecht ,  Matthew Browning Prince ,  John Graham-Cumming

IPC: H04L29/12

Abstract: A DNS name server manages CNAME records. The server receives a query for a first Address record for a fully qualified domain name from a requester. The server determines that the fully qualified domain name has a CNAME record, where the fully qualified domain name is a root domain. The server traverses a chain according to the CNAME record to locate a second Address record that includes an IP address. The server generates a response to the query that includes a third Address record for the fully qualified domain name that includes at least the IP address of the located second Address record. The server transmits the generated response to the requester.