公开(公告)号：US20240396713A1

公开(公告)日：2024-11-28

申请号：US18433124

申请日：2024-02-05

Applicant: CLOUDFLARE, INC.

Inventor： Derek Chamorro ,  Michael Pak

IPC: H04L9/08

Abstract: A first intermediate key management system (KMS) server of a distributed KMS receives a key lookup service (KLS) query from a KMS client for determining an identity of KMS server(s) that are capable of performing a first operation with a first managed key. The first intermediate KMS server is one of the intermediate KMS servers of the distributed KMS. The first KMS server determines the identity of one or more of the KMS servers that are capable of performing the first operation with the first managed key. The first KMS server transmits a KLS response to the KMS client that includes the identity of the KMS server(s) that are capable of performing the first operation with the first managed key.

公开(公告)号：US11895227B1

公开(公告)日：2024-02-06

申请号：US18322265

申请日：2023-05-23

Applicant: CLOUDFLARE, INC.

Inventor： Derek Chamorro ,  Michael Pak

IPC: H04L9/08

CPC classification number: H04L9/0825 ,  H04L9/0827

Abstract: A first intermediate key management system (KMS) server of a distributed KMS receives a key lookup service (KLS) query from a KMS client for determining an identity of KMS server(s) that are capable of performing a first operation with a first managed key. The first intermediate KMS server is one of the intermediate KMS servers of the distributed KMS. The first KMS server determines the identity of one or more of the KMS servers that are capable of performing the first operation with the first managed key. The first KMS server transmits a KLS response to the KMS client that includes the identity of the KMS server(s) that are capable of performing the first operation with the first managed key.

公开(公告)号：US11470104B1

公开(公告)日：2022-10-11

申请号：US17698836

申请日：2022-03-18

Applicant: CLOUDFLARE, INC.

Inventor： Derek Chamorro ,  Molly Rose Cinnamon ,  Tom Paseka ,  Nicholas Wondra

IPC: H04L9/40

Abstract: A server of a distributed cloud computing network receives, over a tunnel established between a customer-premises equipment and the compute server, traffic from an Internet-of-Things (IoT) device that is connected to the CPE. The server enforces an egress traffic policy to determine whether the traffic is permitted to be transmitted to the destination. If the traffic is not permitted to be transmitted to the destination, the server drops the traffic. If the traffic is permitted to be transmitted to the destination, the server transmits the traffic to the destination.

公开(公告)号：US12267346B2

公开(公告)日：2025-04-01

申请号：US18407060

申请日：2024-01-08

Applicant: CLOUDFLARE, INC.

Inventor： Derek Chamorro ,  Molly Rose Cinnamon ,  Tom Paseka ,  Nicholas Wondra

IPC: H04L9/40

Abstract: A server of a distributed cloud computing network receives, over a tunnel established between a customer-premises equipment and the compute server, traffic from an Internet-of-Things (IoT) device that is connected to the CPE. The server enforces an egress traffic policy to determine whether the traffic is permitted to be transmitted to the destination. If the traffic is not permitted to be transmitted to the destination, the server drops the traffic. If the traffic is permitted to be transmitted to the destination, the server transmits the traffic to the destination.

公开(公告)号：US20240163301A1

公开(公告)日：2024-05-16

申请号：US18407060

申请日：2024-01-08

Applicant: CLOUDFLARE, INC.

Inventor： Derek Chamorro ,  Molly Rose Cinnamon ,  Tom Paseka ,  Nicholas Wondra

IPC: H04L9/40

CPC classification number: H04L63/1425 ,  H04L63/0236 ,  H04L63/029 ,  H04L63/1416 ,  H04L63/20

Abstract: A server of a distributed cloud computing network receives, over a tunnel established between a customer-premises equipment and the compute server, traffic from an Internet-of-Things (IoT) device that is connected to the CPE. The server enforces an egress traffic policy to determine whether the traffic is permitted to be transmitted to the destination. If the traffic is not permitted to be transmitted to the destination, the server drops the traffic. If the traffic is permitted to be transmitted to the destination, the server transmits the traffic to the destination.

公开(公告)号：US20230300158A1

公开(公告)日：2023-09-21

申请号：US17962799

申请日：2022-10-10

Applicant: CLOUDFLARE, INC.

Inventor： Derek Chamorro ,  Molly Rose Cinnamon ,  Tom Paseka ,  Nicholas Wondra

IPC: H04L9/40

CPC classification number: H04L63/1425 ,  H04L63/1416 ,  H04L63/20 ,  H04L63/029 ,  H04L63/0236

Abstract: A server of a distributed cloud computing network receives, over a tunnel established between a customer-premises equipment and the compute server, traffic from an Internet-of-Things (IoT) device that is connected to the CPE. The server enforces an egress traffic policy to determine whether the traffic is permitted to be transmitted to the destination. If the traffic is not permitted to be transmitted to the destination, the server drops the traffic. If the traffic is permitted to be transmitted to the destination, the server transmits the traffic to the destination.

公开(公告)号：US20240113866A1

公开(公告)日：2024-04-04

申请号：US18321694

申请日：2023-05-22

Applicant: CLOUDFLARE, INC.

Inventor： Derek Chamorro ,  Michael Pak ,  Ignat Korchagin ,  Chase Robinson

IPC: H04L9/08

CPC classification number: H04L9/083

Abstract: A distributed key management system (KMS) includes a central KMS server and multiple intermediate KMS servers. The central KMS server replicates managed keys to the intermediate KMS servers. An intermediate KMS server receives a KMS service request from a KMS client, where any of the intermediate KMS servers are capable of servicing the request. The intermediate KMS server performs the action requested if it has access to the necessary managed key and returns the response to the KMS client. If it does not have access to the necessary managed key, the intermediate KMS server transmits a request for the managed key to the central KMS server. The intermediate KMS server receives the managed key, performs the action requested, and returns the response to the KMS client.

公开(公告)号：US11870797B2

公开(公告)日：2024-01-09

申请号：US17962799

申请日：2022-10-10

Applicant: CLOUDFLARE, INC.

Inventor： Derek Chamorro ,  Molly Rose Cinnamon ,  Tom Paseka ,  Nicholas Wondra

IPC: H04L9/40

CPC classification number: H04L63/1425 ,  H04L63/029 ,  H04L63/0236 ,  H04L63/1416 ,  H04L63/20

Abstract: A server of a distributed cloud computing network receives, over a tunnel established between a customer-premises equipment and the compute server, traffic from an Internet-of-Things (IoT) device that is connected to the CPE. The server enforces an egress traffic policy to determine whether the traffic is permitted to be transmitted to the destination. If the traffic is not permitted to be transmitted to the destination, the server drops the traffic. If the traffic is permitted to be transmitted to the destination, the server transmits the traffic to the destination.

公开(公告)号：US11658812B1

公开(公告)日：2023-05-23

申请号：US17956689

申请日：2022-09-29

Applicant: CLOUDFLARE, INC.

Inventor： Derek Chamorro ,  Michael Pak ,  Ignat Korchagin ,  Chase Robinson

IPC: H04L9/08

CPC classification number: H04L9/083

Abstract: A distributed key management system (KMS) includes a central KMS server and multiple intermediate KMS servers. The central KMS server replicates managed keys to the intermediate KMS servers. An intermediate KMS server receives a KMS service request from a KMS client, where any of the intermediate KMS servers are capable of servicing the request. The intermediate KMS server performs the action requested if it has access to the necessary managed key and returns the response to the KMS client. If it does not have access to the necessary managed key, the intermediate KMS server transmits a request for the managed key to the central KMS server. The intermediate KMS server receives the managed key, performs the action requested, and returns the response to the KMS client.