公开(公告)号：US20250168014A1

公开(公告)日：2025-05-22

申请号：US19033124

申请日：2025-01-21

Applicant: CLOUDFLARE, INC.

Inventor： Watson Bernard Ladd ,  Alexander Andrew Davidson ,  Marwan Fayed ,  Armando Faz Hernández ,  Sai Krishna Deepak Maram ,  Nicholas Thomas Sullivan

IPC: H04L9/32 ,  G06F21/32 ,  H04L9/14

Abstract: A client device receives a challenge request from a server to prove that internet traffic was initiated by a human user through verifying a physical interaction between a human user and a hardware component. The client device causes a prompt to be displayed to perform the physical interaction with the hardware component. A cryptographic attestation is received that includes an attestation signature that is generated after confirmation that the physical interaction was performed with the hardware component. A zero-knowledge proof of the attestation signature is generated and transmitted to the server for verification. The client device receives the requested content responsive to the server verifying the validity of the zero-knowledge proof.

公开(公告)号：US12206789B2

公开(公告)日：2025-01-21

申请号：US17217703

申请日：2021-03-30

Applicant: CLOUDFLARE, INC.

Inventor： Watson Bernard Ladd ,  Alexander Andrew Davidson ,  Marwan Fayed ,  Armando Faz Hernández ,  Sai Krishna Deepak Maram ,  Nicholas Thomas Sullivan

IPC: H04L9/32 ,  G06F21/32 ,  H04L9/14

Abstract: A client device receives a challenge request from a server to prove that internet traffic was initiated by a human user through verifying a physical interaction between a human user and a hardware component. The client device causes a prompt to be displayed to perform the physical interaction with the hardware component. A cryptographic attestation is received that includes an attestation signature that is generated after confirmation that the physical interaction was performed with the hardware component. A zero-knowledge proof of the attestation signature is generated and transmitted to the server for verification. The client device receives the requested content responsive to the server verifying the validity of the zero-knowledge proof.

公开(公告)号：US11677545B2

公开(公告)日：2023-06-13

申请号：US17158787

申请日：2021-01-26

Applicant: CLOUDFLARE, INC.

Inventor： Watson Bernard Ladd ,  Vladislav Krasnov

IPC: H04L29/06 ,  H04L9/08 ,  H04L12/46 ,  H04L9/32

CPC classification number: H04L9/0825 ,  H04L9/083 ,  H04L9/0841 ,  H04L9/3242 ,  H04L9/3297 ,  H04L12/4633

Abstract: A responder device receives, from an initiator device, a request to initiate a cryptographic tunnel between the initiator device and the responder device. The responder device does not include a static private key to be used in an asymmetric cryptography algorithm when establishing the tunnel. The responder device transmits a request to a key server that has access to the static private key and receives a response that is based on at least a result of at least one cryptographic operation using the static private key. The responder device receives from the key server, or generates, a transport key(s) for the responder device to use for sending and receiving data on the cryptographic tunnel. The responder device transmits a response to the initiator device that includes information for the initiator device to generate a transport key(s) that it is to use for sending and receiving data on the cryptographic tunnel.

公开(公告)号：US11949776B2

公开(公告)日：2024-04-02

申请号：US18333333

申请日：2023-06-12

Applicant: CLOUDFLARE, INC.

Inventor： Watson Bernard Ladd ,  Vladislav Krasnov

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/32 ,  H04L12/46

CPC classification number: H04L9/0825 ,  H04L9/083 ,  H04L9/0841 ,  H04L9/3242 ,  H04L9/3297 ,  H04L12/4633

Abstract: A responder device receives, from an initiator device, a request to initiate a cryptographic tunnel between the initiator device and the responder device. The responder device does not include a static private key to be used in an asymmetric cryptography algorithm when establishing the tunnel. The responder device transmits a request to a key server that has access to the static private key and receives a response that is based on at least a result of at least one cryptographic operation using the static private key. The responder device receives from the key server, or generates, a transport key(s) for the responder device to use for sending and receiving data on the cryptographic tunnel. The responder device transmits a response to the initiator device that includes information for the initiator device to generate a transport key(s) that it is to use for sending and receiving data on the cryptographic tunnel.

公开(公告)号：US20220321354A1

公开(公告)日：2022-10-06

申请号：US17217703

申请日：2021-03-30

Applicant: CLOUDFLARE, INC.

Inventor： Watson Bernard Ladd ,  Alexander Andrew Davidson ,  Marwan Fayed ,  Armando Faz Hernández ,  Sai Krishna Deepak Maram ,  Nicholas Thomas Sullivan

IPC: H04L9/32 ,  H04L9/14 ,  G06F21/32

Abstract: A client device receives a challenge request from a server to prove that internet traffic was initiated by a human user through verifying a physical interaction between a human user and a hardware component. The client device causes a prompt to be displayed to perform the physical interaction with the hardware component. A cryptographic attestation is received that includes an attestation signature that is generated after confirmation that the physical interaction was performed with the hardware component. A zero-knowledge proof of the attestation signature is generated and transmitted to the server for verification. The client device receives the requested content responsive to the server verifying the validity of the zero-knowledge proof.

公开(公告)号：US20230327858A1

公开(公告)日：2023-10-12

申请号：US18333333

申请日：2023-06-12

Applicant: CLOUDFLARE, INC.

Inventor： Watson Bernard Ladd ,  Vladislav Krasnov

IPC: H04L9/08 ,  H04L12/46 ,  H04L9/32

CPC classification number: H04L9/0825 ,  H04L9/083 ,  H04L12/4633 ,  H04L9/3297 ,  H04L9/3242 ,  H04L9/0841

Abstract: A responder device receives, from an initiator device, a request to initiate a cryptographic tunnel between the initiator device and the responder device. The responder device does not include a static private key to be used in an asymmetric cryptography algorithm when establishing the tunnel. The responder device transmits a request to a key server that has access to the static private key and receives a response that is based on at least a result of at least one cryptographic operation using the static private key. The responder device receives from the key server, or generates, a transport key(s) for the responder device to use for sending and receiving data on the cryptographic tunnel. The responder device transmits a response to the initiator device that includes information for the initiator device to generate a transport key(s) that it is to use for sending and receiving data on the cryptographic tunnel.

公开(公告)号：US20210288795A1

公开(公告)日：2021-09-16

申请号：US17158787

申请日：2021-01-26

Applicant: CLOUDFLARE, INC.

Inventor： Watson Bernard Ladd ,  Vladislav Krasnov

IPC: H04L9/08 ,  H04L12/46 ,  H04L9/32

Abstract: A responder device receives, from an initiator device, a request to initiate a cryptographic tunnel between the initiator device and the responder device. The responder device does not include a static private key to be used in an asymmetric cryptography algorithm when establishing the tunnel. The responder device transmits a request to a key server that has access to the static private key and receives a response that is based on at least a result of at least one cryptographic operation using the static private key. The responder device receives from the key server, or generates, a transport key(s) for the responder device to use for sending and receiving data on the cryptographic tunnel. The responder device transmits a response to the initiator device that includes information for the initiator device to generate a transport key(s) that it is to use for sending and receiving data on the cryptographic tunnel.

公开(公告)号：US10903990B1

公开(公告)日：2021-01-26

申请号：US16816194

申请日：2020-03-11

Applicant: CLOUDFLARE, INC.

Inventor： Watson Bernard Ladd ,  Vladislav Krasnov

IPC: H04L29/06 ,  H04L9/08 ,  H04L12/46 ,  H04L9/32

Abstract: A responder device receives, from an initiator device, a request to initiate a cryptographic tunnel between the initiator device and the responder device. The responder device does not include a static private key to be used in an asymmetric cryptography algorithm when establishing the tunnel. The responder device transmits a request to a key server that has access to the static private key and receives a response that is based on at least a result of at least one cryptographic operation using the static private key. The responder device receives from the key server, or generates, a transport key(s) for the responder device to use for sending and receiving data on the cryptographic tunnel. The responder device transmits a response to the initiator device that includes information for the initiator device to generate a transport key(s) that it is to use for sending and receiving data on the cryptographic tunnel.