公开(公告)号：US11882199B2

公开(公告)日：2024-01-23

申请号：US17893003

申请日：2022-08-22

Applicant: CLOUDFLARE, INC.

Inventor： Christopher Philip Branch ,  Naga Sunil Tripirineni ,  Rustam Xing Lalkaka ,  Nick Wondra ,  Mohd Irtefa ,  Matthew Browning Prince ,  Andrew Taylor Plunk ,  Oliver Yu ,  Vlad Krasnov

IPC: H04L67/10 ,  H04L12/46 ,  H04L29/06 ,  H04L9/32 ,  H04L67/63 ,  H04L9/40

CPC classification number: H04L67/63 ,  H04L12/4633 ,  H04L12/4641 ,  H04L63/0272 ,  H04L67/10

Abstract: A request is received from a client device over a Virtual Private Network (VPN) tunnel. The request is received at a first one of a plurality of edge servers of a distributed cloud computing network. A destination of the request is determined and an optimized route for transmitting the request toward an origin server is determined. The optimized route is based at least in part on probe data between edge servers of the distributed cloud computing network. The request is transmitted to a next hop as defined by the optimized route.

公开(公告)号：US20230224290A1

公开(公告)日：2023-07-13

申请号：US18092750

申请日：2023-01-03

Applicant: Cloudflare, Inc.

Inventor： Sébastien Andreas Henry Pahl ,  Matthieu Philippe François Tourne ,  Piotr Sikora ,  Ray Raymond Bejjani ,  Dane Orion Knecht ,  Matthew Browning Prince ,  John Graham-Cumming ,  Lee Hahn Holloway ,  Albertus Strasheim

IPC: H04L9/40

CPC classification number: H04L63/0823 ,  H04L63/061

Abstract: A server establishes a secure session with a client device where a private key used in the handshake is stored in a different server. An encrypted connection is established between the first server and the second server. A message is received from the client device that initiates a procedure to establish the secure session between the client device and the first server. As part of this procedure, the first server transmits over the encrypted connection a request to the second server to use the private key. The first server receives, over the encrypted connection, a response to the request that includes a result of the use of the private key. The first server uses the result during the procedure to establish the secure session.

公开(公告)号：US11546309B2

公开(公告)日：2023-01-03

申请号：US17036988

申请日：2020-09-29

Applicant: Cloudflare, Inc.

Inventor： Sébastien Andreas Henry Pahl ,  Matthieu Philippe François Tourne ,  Piotr Sikora ,  Ray Raymond Bejjani ,  Dane Orion Knecht ,  Matthew Browning Prince ,  John Graham-Cumming ,  Lee Hahn Holloway ,  Albertus Strasheim

IPC: H04L29/06 ,  H04L9/40 ,  G06F21/33 ,  H04L9/08 ,  H04L9/32

Abstract: A first server receives a set of cryptographic parameters from a second server. The set of cryptographic parameters is received from the second server as part of a secure session establishment between a client device and the second server. The first server accesses a private key that is not stored on the second server. The first server signs the set of cryptographic parameters using the private key. The first server transmits the signed set of cryptographic parameters to the second server. The first server receives, from the second server, a request to generate a premaster secret using a value generated by the second server that is included in the request and generates the premaster secret. The first server transmits the premaster secret to the second server for use in the secure session establishment between the client device and the second server.

公开(公告)号：US20220164400A1

公开(公告)日：2022-05-26

申请号：US17667365

申请日：2022-02-08

Applicant: CLOUDFLARE, INC.

Inventor： Lee Hahn Holloway ,  Matthew Browning Prince ,  Ian Gerald Pye ,  Matthieu Philippe François Tourne ,  Michelle Marie Zatlyn

IPC: G06F16/958 ,  G06F16/95 ,  G06F21/55 ,  H04L9/40 ,  H04L67/561 ,  G06Q30/02 ,  G06Q10/10 ,  H04L61/4511 ,  H04L67/02 ,  H04L67/568 ,  H04L69/40 ,  G06F40/143 ,  G06F40/14 ,  G06F15/16 ,  G06F21/00 ,  H04L67/56 ,  H04L67/146 ,  H04L61/5007 ,  H04L51/42 ,  H04L47/74

Abstract: A proxy server receives, from multiple visitors of multiple client devices, a plurality of requests for actions to be performed on identified network resources belonging to a plurality of origin servers. At least some of the origin servers belong to different domains and are owned by different entities. The proxy server and the origin servers are also owned by different entities. The proxy server analyzes each request it receives to determine whether that request poses a threat and whether the visitor belonging to the request poses a threat. The proxy server blocks those requests from visitors that pose a threat or in which the request itself poses a threat. The proxy server transmits the requests that are not a threat and is from a visitor that is not a threat to the appropriate origin server.

公开(公告)号：US11244024B2

公开(公告)日：2022-02-08

申请号：US16889343

申请日：2020-06-01

Applicant: CLOUDFLARE, INC.

Inventor： Lee Hahn Holloway ,  Matthew Browning Prince ,  Ian Gerald Pye ,  Matthieu Philippe François Tourne ,  Michelle Marie Zatlyn

IPC: G06F21/00 ,  G06F16/958 ,  G06F16/95 ,  G06F21/55 ,  H04L29/06 ,  H04L29/08 ,  G06Q30/02 ,  G06Q10/10 ,  H04L29/12 ,  H04L29/14 ,  G06F40/143 ,  G06F40/14 ,  G06F15/16 ,  H04L12/58 ,  H04L12/911

Abstract: A proxy server receives, from multiple visitors of multiple client devices, a plurality of requests for actions to be performed on identified network resources belonging to a plurality of origin servers. At least some of the origin servers belong to different domains and are owned by different entities. The proxy server and the origin servers are also owned by different entities. The proxy server analyzes each request it receives to determine whether that request poses a threat and whether the visitor belonging to the request poses a threat. The proxy server blocks those requests from visitors that pose a threat or in which the request itself poses a threat. The proxy server transmits the requests that are not a threat and is from a visitor that is not a threat to the appropriate origin server.

公开(公告)号：US10855798B2

公开(公告)日：2020-12-01

申请号：US16430192

申请日：2019-06-03

Applicant: CLOUDFLARE, INC.

Inventor： Lee Hahn Holloway ,  Matthew Browning Prince

IPC: H04L29/08 ,  H04L29/12 ,  H04L29/06

Abstract: A proxy server receives from a client device a request for a network resource that is hosted at an origin server for a domain. The proxy server transmits the request to the origin server. Responsive to determining that the origin server is offline, the proxy server determines whether the requested resource is available in cache. If it is in cache, the proxy server retrieves the requested resource from the cache and transmits the requested resource to the client device. The proxy server also transmits an offline browsing cookie to the client device for the domain such that when a subsequent request is received from the client device for a resource of the domain that includes the offline browsing cookie, a cached version of the requested resource will be served instead of querying the origin server.

公开(公告)号：US20200293584A1

公开(公告)日：2020-09-17

申请号：US16889343

申请日：2020-06-01

Applicant: CLOUDFLARE, INC.

Inventor： Lee Hahn Holloway ,  Matthew Browning Prince ,  Ian Gerald Pye ,  Matthieu Philippe François Tourne ,  Michelle Marie Zatlyn

IPC: G06F16/958 ,  G06F16/95 ,  G06F21/55 ,  H04L29/06 ,  H04L29/08 ,  G06Q30/02 ,  G06Q10/10 ,  H04L29/12 ,  H04L29/14 ,  G06F40/14 ,  G06F15/16 ,  G06F21/00 ,  H04L12/58 ,  H04L12/911

Abstract: A proxy server receives, from multiple visitors of multiple client devices, a plurality of requests for actions to be performed on identified network resources belonging to a plurality of origin servers. At least some of the origin servers belong to different domains and are owned by different entities. The proxy server and the origin servers are also owned by different entities. The proxy server analyzes each request it receives to determine whether that request poses a threat and whether the visitor belonging to the request poses a threat. The proxy server blocks those requests from visitors that pose a threat or in which the request itself poses a threat. The proxy server transmits the requests that are not a threat and is from a visitor that is not a threat to the appropriate origin server.

公开(公告)号：US20200242177A1

公开(公告)日：2020-07-30

申请号：US16848641

申请日：2020-04-14

Applicant: Cloudflare, Inc.

Inventor： Lee Hahn Holloway ,  Matthew Browning Prince ,  Ian Gerald Pye

IPC: G06F16/958 ,  H04L29/12 ,  H04L12/911 ,  H04L29/06 ,  H04L29/08 ,  G06F21/00 ,  G06F16/95 ,  G06Q30/02 ,  H04L12/58 ,  G06F15/16 ,  G06F40/14 ,  G06Q10/10 ,  G06F21/55 ,  H04L29/14

Abstract: A proxy server for limiting Internet connection speed of visitors that pose a threat. The proxy server receives from a client device a request to perform an action on an identified resource that is hosted at an origin server for a domain. The proxy server receives the request as a result of a DNS request for the domain resolving to the proxy server. The origin server is one of multiple origin servers that belong to different domains that resolve to the proxy server and are owned by different entities. The proxy server analyzes the request to determine whether a visitor belonging to the request poses a threat. If the proxy server determines that the visitor poses a threat, the proxy server reduces the speed at which the proxy server processes the request while keeping a connection to the client device open.

公开(公告)号：US20200210501A1

公开(公告)日：2020-07-02

申请号：US16813550

申请日：2020-03-09

Applicant: CLOUDFLARE, INC.

Inventor： Lee Hahn Holloway ,  Matthew Browning Prince ,  Matthieu Philippe François Tourne

IPC: G06F16/958 ,  G06F16/95 ,  G06F21/55 ,  H04L29/06 ,  H04L29/08 ,  G06Q30/02 ,  G06Q10/10 ,  H04L29/12 ,  H04L29/14 ,  G06F40/14 ,  G06F15/16 ,  G06F21/00 ,  H04L12/58 ,  H04L12/911

Abstract: A proxy server receives from a client device a request for a network resource that is hosted at an origin server for a domain. The request is received at the proxy server as a result of a DNS request for the domain resolving to the proxy server. The origin server is one of multiple origin servers that belong to different domains that resolve to the proxy server and are owned by different entities. The proxy server retrieves the requested network resource. The proxy server determines that the requested resource is an HTML page, automatically modifies the HTML page, and transmits the modified HTML page to the client device.

公开(公告)号：US20200159791A1

公开(公告)日：2020-05-21

申请号：US16659296

申请日：2019-10-21

Applicant: CLOUDFLARE, INC.

Inventor： Matthew Browning Prince ,  Lee Hahn Holloway ,  Michelle Marie Zatlyn

IPC: G06F16/958 ,  G06F16/95 ,  G06F21/55 ,  H04L29/06 ,  H04L29/08 ,  G06Q30/02 ,  G06Q10/10 ,  H04L29/12 ,  H04L29/14 ,  G06F40/14 ,  G06F15/16 ,  G06F21/00 ,  H04L12/58 ,  H04L12/911

Abstract: A proxy server receives from a client device a request for a network resource hosted at an origins server for a domain. The request is received at the proxy server as a result of a DNS request for the domain resolving to the proxy server. The origin server is one of multiple origin servers that belong to different domains and resolve to the proxy server and are owned by different entities. The proxy server requests the network resource from the origin server. The proxy server receives a response from the origin server that indicates that the network resource is unavailable. The proxy server transmits a custom error page to the client device that indicates that the requested resource is unavailable.