-
1.发明申请公开(公告)号:US20210014204A1
公开(公告)日:2021-01-14
申请号:US17036988
申请日:2020-09-29
申请人: Cloudflare, Inc.
发明人: Sébastien Andreas Henry Pahl , Matthieu Philippe François Tourne , Piotr Sikora , Ray Raymond Bejjani , Dane Orion Knecht , Matthew Browning Prince , John Graham-Cumming , Lee Hahn Holloway , Albertus Strasheim
摘要: A first server receives a set of cryptographic parameters from a second server. The set of cryptographic parameters is received from the second server as part of a secure session establishment between a client device and the second server. The first server accesses a private key that is not stored on the second server. The first server signs the set of cryptographic parameters using the private key. The first server transmits the signed set of cryptographic parameters to the second server. The first server receives, from the second server, a request to generate a premaster secret using a value generated by the second server that is included in the request and generates the premaster secret. The first server transmits the premaster secret to the second server for use in the secure session establishment between the client device and the second server.
-
2.发明授权公开(公告)号:US10785198B2
公开(公告)日:2020-09-22
申请号:US16188244
申请日:2018-11-12
申请人: CLOUDFLARE, INC.
发明人: Sébastien Andreas Henry Pahl , Matthieu Philippe François Tourne , Piotr Sikora , Ray Raymond Bejjani , Dane Orion Knecht , Matthew Browning Prince , John Graham-Cumming , Lee Hahn Holloway , Albertus Strasheim
摘要: A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to another server for decryption. The server receives the decrypted premaster secret and continues with the handshake procedure including generating a master secret from the decrypted premaster secret and generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.
-
公开(公告)号:US10581904B2
公开(公告)日:2020-03-03
申请号:US15585090
申请日:2017-05-02
申请人: CloudFlare, Inc.
发明人: Lee Hahn Holloway , Srikanth N. Rao , Matthew Browning Prince , Matthieu Philippe François Tourne , Ian Gerald Pye , Ray Raymond Bejjani , Terry Paul Rodery, Jr.
摘要: Message(s) are received from each one of multiple proxy servers, which are anycasted to the same IP address, that indicate source IP addresses of packets that are received that are directed to that same IP address. These proxy servers receive the packets as result of domain(s) resolving to that same IP address, and a particular one of the proxy servers receives the packets as a result of an anycast protocol implementation selecting that proxy server. Based on these message(s) from each of the proxy servers, a determination of the likelihood of a packet having a particular source IP address being legitimately received at each of the proxy servers is determined. A message is transmitted to each of the proxy servers that indicates which source IP addresses of packets are not likely to be legitimately received at that proxy server.
-
4.发明申请公开(公告)号:US20170237571A1
公开(公告)日:2017-08-17
申请号:US15271190
申请日:2016-09-20
申请人: CLOUDFLARE, INC.
发明人: Sébastien Andreas Henry Pahl , Matthieu Philippe François Tourne , Piotr Sikora , Ray Raymond Bejjani , Dane Orion Knecht , Matthew Browning Prince , John Graham-Cumming , Lee Hahn Holloway , Nicholas Thomas Sullivan , Albertus Strasheim
CPC分类号: H04L9/3263 , G06F21/33 , H04L9/083 , H04L9/0841 , H04L9/0844 , H04L9/14 , H04L9/3013 , H04L9/3247 , H04L63/0428 , H04L63/0485 , H04L63/061 , H04L63/0823 , H04L63/0869 , H04L63/164 , H04L63/166 , H04L63/205 , H04L67/141 , H04L67/42
摘要: A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to the different server for decryption along with other information necessary to compute a master secret. The different server decrypts the encrypted premaster secret, generates the master secret, and transmits the master secret to the server. The server receives the master secret and continues with the handshake procedure including generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.
-
5.发明公开公开(公告)号:US20230224290A1
公开(公告)日:2023-07-13
申请号:US18092750
申请日:2023-01-03
申请人: Cloudflare, Inc.
发明人: Sébastien Andreas Henry Pahl , Matthieu Philippe François Tourne , Piotr Sikora , Ray Raymond Bejjani , Dane Orion Knecht , Matthew Browning Prince , John Graham-Cumming , Lee Hahn Holloway , Albertus Strasheim
IPC分类号: H04L9/40
CPC分类号: H04L63/0823 , H04L63/061
摘要: A server establishes a secure session with a client device where a private key used in the handshake is stored in a different server. An encrypted connection is established between the first server and the second server. A message is received from the client device that initiates a procedure to establish the secure session between the client device and the first server. As part of this procedure, the first server transmits over the encrypted connection a request to the second server to use the private key. The first server receives, over the encrypted connection, a response to the request that includes a result of the use of the private key. The first server uses the result during the procedure to establish the secure session.
-
6.发明授权公开(公告)号:US11546309B2
公开(公告)日:2023-01-03
申请号:US17036988
申请日:2020-09-29
申请人: Cloudflare, Inc.
发明人: Sébastien Andreas Henry Pahl , Matthieu Philippe François Tourne , Piotr Sikora , Ray Raymond Bejjani , Dane Orion Knecht , Matthew Browning Prince , John Graham-Cumming , Lee Hahn Holloway , Albertus Strasheim
摘要: A first server receives a set of cryptographic parameters from a second server. The set of cryptographic parameters is received from the second server as part of a secure session establishment between a client device and the second server. The first server accesses a private key that is not stored on the second server. The first server signs the set of cryptographic parameters using the private key. The first server transmits the signed set of cryptographic parameters to the second server. The first server receives, from the second server, a request to generate a premaster secret using a value generated by the second server that is included in the request and generates the premaster secret. The first server transmits the premaster secret to the second server for use in the secure session establishment between the client device and the second server.
-
7.发明申请公开(公告)号:US20190044924A1
公开(公告)日:2019-02-07
申请号:US16159437
申请日:2018-10-12
申请人: CloudFlare, Inc.
发明人: Sébastien Andreas Henry Pahl , Matthieu Philippe François Tourne , Piotr Sikora , Ray Raymond Bejjani , Dane Orion Knecht , Matthew Browning Prince , John Graham-Cumming , Lee Hahn Holloway , Albertus Strasheim
摘要: A first server receives a set of cryptographic parameters from a second server. The set of cryptographic parameters is received from the second server as part of a secure session establishment between a client device and the second server. The first server accesses a private key that is not stored on the second server. The first server signs the set of cryptographic parameters using the private key. The first server transmits the signed set of cryptographic parameters to the second server. The first server receives, from the second server, a request to generate a premaster secret using a value generated by the second server that is included in the request and generates the premaster secret. The first server transmits the premaster secret to the second server for use in the secure session establishment between the client device and the second server.
-
公开(公告)号:US10129296B2
公开(公告)日:2018-11-13
申请号:US15603256
申请日:2017-05-23
申请人: CLOUDFLARE, INC.
发明人: Lee Hahn Holloway , Srikanth N. Rao , Matthew Browning Prince , Matthieu Philippe François Tourne , Ian Gerald Pye , Ray Raymond Bejjani , Terry Paul Rodery, Jr.
摘要: A proxy server in a cloud-based proxy service receives a message that indicates that a domain, whose traffic passes through the proxy server, may be under a denial-of-service (DoS) attack. The proxy server enables a rule for the domain that specifies that future requests for resources at that domain are subject to at least initially passing a set of one or more challenges. In response to receiving a request for a resource of that domain from a visitor, the proxy server presents the set of challenges that, if not passed, are an indication that that the visitor is part of the DoS attack. If the set of challenges are passed, the request may be processed. If the set of challenges are not passed, the request may be dropped.
-
9.发明授权公开(公告)号:US10009183B2
公开(公告)日:2018-06-26
申请号:US15271190
申请日:2016-09-20
申请人: CLOUDFLARE, INC.
发明人: Sébastien Andreas Henry Pahl , Matthieu Philippe François Tourne , Piotr Sikora , Ray Raymond Bejjani , Dane Orion Knecht , Matthew Browning Prince , John Graham-Cumming , Lee Hahn Holloway , Nicholas Thomas Sullivan , Albertus Strasheim
CPC分类号: H04L9/3263 , G06F21/33 , H04L9/083 , H04L9/0841 , H04L9/0844 , H04L9/14 , H04L9/3013 , H04L9/3247 , H04L63/0428 , H04L63/0485 , H04L63/061 , H04L63/0823 , H04L63/0869 , H04L63/164 , H04L63/166 , H04L63/205 , H04L67/141 , H04L67/42
摘要: A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to the different server for decryption along with other information necessary to compute a master secret. The different server decrypts the encrypted premaster secret, generates the master secret, and transmits the master secret to the server. The server receives the master secret and continues with the handshake procedure including generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.
-
10.发明授权公开(公告)号:US09680807B2
公开(公告)日:2017-06-13
申请号:US14937805
申请日:2015-11-10
申请人: CLOUDFLARE, INC.
发明人: Sébastien Andreas Henry Pahl , Matthieu Phillippe François Tourne , Piotr Sikora , Ray Raymond Bejjani , Dane Orion Knecht , Matthew Browning Prince , John Graham-Cumming , Lee Hahn Holloway , Nicholas Thomas Sullivan , Albertus Strasheim
CPC分类号: H04L63/061 , G06F21/33 , H04L9/0844 , H04L9/085 , H04L63/0442 , H04L63/045 , H04L63/0869 , H04L63/16 , H04L63/164 , H04L63/166 , H04L63/168
摘要: A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session. The server transmits the encrypted premaster secret to the different server for decryption along with other information necessary to compute a master secret and session keys for the secure session. The different server decrypts the encrypted premaster secret, generates the master secret, and generates session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server and transmits those session keys to that server.
-
-
-
-
-
-
-
-
-
搜索结果
54 条记录 (耗时 0.029 秒)
