公开(公告)号：US20240106864A1

公开(公告)日：2024-03-28

申请号：US18527887

申请日：2023-12-04

Applicant: CLOUDFLARE, INC.

Inventor： James Howard Royal

IPC: H04L9/40

CPC classification number: H04L63/20 ,  H04L63/0807 ,  H04L63/102

Abstract: A cloud-based security service that includes external evaluation for accessing a third-party application. The security service receives a request to access a third-party application from a client device. The security service enforces a set of one or more access policies configured for the third-party application including an external evaluation rule. As part of enforcing the external evaluation rule, the security service transmits an external evaluation request to an external endpoint defined in the external evaluation rule. The external evaluation request includes an identity of a user associated with the request. The security service receives the result of the external evaluation. If the external evaluation passed, the security service grants access to the third-party application based at least in part on its passing.

公开(公告)号：US11888851B2

公开(公告)日：2024-01-30

申请号：US17867355

申请日：2022-07-18

Applicant: CLOUDFLARE, INC.

Inventor： James Howard Royal ,  Samuel Douglas Rhea

IPC: H04L29/06 ,  H04L9/40

CPC classification number: H04L63/0884 ,  H04L63/0281 ,  H04L63/20

Abstract: A server transmits to a third-party application a request for a resource that is received from a client. The server receives an authentication request from the client device that has been generated by the third-party application. The server transmits an identity provider selection page to the client device that allows the client device to select an identity provider. The server causes the client device to transmit a second authentication request to a selected identity provider. The server receives an authentication response that was generated by the identity provider that includes the identity of the user. The server enforces access rule(s) including identity-based rule(s) and/or non-identity based rule(s). If the user is permitted to access the third-party application, the server causes an authentication response to be transmitted from the client device to the third-party application that indicates the user has successfully authenticated.

公开(公告)号：US20240171576A1

公开(公告)日：2024-05-23

申请号：US18425713

申请日：2024-01-29

Applicant: CLOUDFLARE, INC.

Inventor： James Howard Royal ,  Samuel Douglas Rhea

IPC: H04L9/40

CPC classification number: H04L63/0884 ,  H04L63/0281 ,  H04L63/20

Abstract: A server transmits to a third-party application a request for a resource that is received from a client. The server receives an authentication request from the client device that has been generated by the third-party application. The server transmits an identity provider selection page to the client device that allows the client device to select an identity provider. The server causes the client device to transmit a second authentication request to a selected identity provider. The server receives an authentication response that was generated by the identity provider that includes the identity of the user. The server enforces access rule(s) including identity-based rule(s) and/or non-identity based rule(s). If the user is permitted to access the third-party application, the server causes an authentication response to be transmitted from the client device to the third-party application that indicates the user has successfully authenticated.

公开(公告)号：US11838327B1

公开(公告)日：2023-12-05

申请号：US17936572

申请日：2022-09-29

Applicant: CLOUDFLARE, INC.

Inventor： James Howard Royal

IPC: H04L9/40

CPC classification number: H04L63/20 ,  H04L63/0807 ,  H04L63/102

Abstract: A cloud-based security service that includes external evaluation for accessing a third-party application. The security service receives a request to access a third-party application from a client device. The security service enforces a set of one or more access policies configured for the third-party application including an external evaluation rule. As part of enforcing the external evaluation rule, the security service transmits an external evaluation request to an external endpoint defined in the external evaluation rule. The external evaluation request includes an identity of a user associated with the request. The security service receives the result of the external evaluation. If the external evaluation passed, the security service grants access to the third-party application based at least in part on its passing.

公开(公告)号：US12238098B1

公开(公告)日：2025-02-25

申请号：US18809098

申请日：2024-08-19

Applicant: CLOUDFLARE, INC.

Inventor： Kenny Johnson ,  Gabriel Andrew Bauman ,  Kyle Hiller ,  Alexander Jay Holland ,  Russell Louis Kerns ,  Jesse Li ,  James Howard Royal ,  Akemi Leigh Davisson

IPC: H04L9/40 ,  G06F21/62

Abstract: A system for cross-domain identity management (SCIM) proxy service is described. A first SCIM endpoint receives, from a first SCIM client, a first message that includes a SCIM resource. The first SCIM endpoint is associated with a customer of the SCIM proxy service. The SCIM proxy service is configured as a first SCIM service provider for the first SCIM client. The first message is validated. The first SCIM proxy service determines that a third-party application is in scope for the SCIM resource, where the SCIM proxy service is configured as a second SCIM client for the third-party application. The SCIM proxy service transforms the SCIM resource to create a transformed SCIM resource that is applicable for the third-party application. The SCIM proxy service transmits a second message to a second SCIM endpoint of the third-party application, the second message including the transformed SCIM resource.

公开(公告)号：US20230412644A1

公开(公告)日：2023-12-21

申请号：US17936572

申请日：2022-09-29

Applicant: CLOUDFLARE, INC.

Inventor： James Howard Royal

IPC: H04L9/40

CPC classification number: H04L63/20 ,  H04L63/102 ,  H04L63/0807

Abstract: A cloud-based security service that includes external evaluation for accessing a third-party application. The security service receives a request to access a third-party application from a client device. The security service enforces a set of one or more access policies configured for the third-party application including an external evaluation rule. As part of enforcing the external evaluation rule, the security service transmits an external evaluation request to an external endpoint defined in the external evaluation rule. The external evaluation request includes an identity of a user associated with the request. The security service receives the result of the external evaluation. If the external evaluation passed, the security service grants access to the third-party application based at least in part on its passing.

公开(公告)号：US20230110111A1

公开(公告)日：2023-04-13

申请号：US17867355

申请日：2022-07-18

Applicant: CLOUDFLARE, INC.

Inventor： James Howard Royal ,  Samuel Douglas Rhea

IPC: H04L9/40

Abstract: A server transmits to a third-party application a request for a resource that is received from a client. The server receives an authentication request from the client device that has been generated by the third-party application. The server transmits an identity provider selection page to the client device that allows the client device to select an identity provider. The server causes the client device to transmit a second authentication request to a selected identity provider. The server receives an authentication response that was generated by the identity provider that includes the identity of the user. The server enforces access rule(s) including identity-based rule(s) and/or non-identity based rule(s). If the user is permitted to access the third-party application, the server causes an authentication response to be transmitted from the client device to the third-party application that indicates the user has successfully authenticated.