公开(公告)号：US20230138161A1

公开(公告)日：2023-05-04

申请号：US18148642

申请日：2022-12-30

申请人： CLOUDFLARE, INC.

发明人： Kenton Taylor Varda ,  Zachary Aaron Bloom ,  Marek Przemyslaw Majkowski ,  Ingvar Stepanyan ,  Kyle Kloepper ,  Dane Orion Knecht ,  John Graham-Cumming ,  Dani Grant

IPC分类号： G06F9/448 ,  H04L67/00 ,  H04L67/02 ,  H04L67/10 ,  G06F9/455 ,  H04L9/40 ,  H04L67/53 ,  H04L67/63 ,  G06F21/53

摘要： A compute server receives a first request from a client device that triggers execution of a first third-party code piece. The first request is directed to a first zone. A single process at the compute server executes the first third-party code piece. As a result of executing the first third-party code piece, a second request is generated that triggers execution of a second third-party code piece. The second request is directed to a second zone. The single process executes the second third-party code piece. A response is generated to the first request based at least in part on the executed first third-party code piece and the executed second third-party code piece. The generated response is transmitted to the client device.

公开(公告)号：US20230110111A1

公开(公告)日：2023-04-13

申请号：US17867355

申请日：2022-07-18

申请人： CLOUDFLARE, INC.

发明人： James Howard Royal ,  Samuel Douglas Rhea

IPC分类号： H04L9/40

摘要： A server transmits to a third-party application a request for a resource that is received from a client. The server receives an authentication request from the client device that has been generated by the third-party application. The server transmits an identity provider selection page to the client device that allows the client device to select an identity provider. The server causes the client device to transmit a second authentication request to a selected identity provider. The server receives an authentication response that was generated by the identity provider that includes the identity of the user. The server enforces access rule(s) including identity-based rule(s) and/or non-identity based rule(s). If the user is permitted to access the third-party application, the server causes an authentication response to be transmitted from the client device to the third-party application that indicates the user has successfully authenticated.

公开(公告)号：US20230077576A1

公开(公告)日：2023-03-16

申请号：US17820142

申请日：2022-08-16

申请人： CLOUDFLARE, INC.

发明人： Jeff Sesung Kim ,  Jun Ho Choi

IPC分类号： H04L45/302 ,  H04W40/00

摘要： A mobile accelerator system includes point of presences (POPs) that includes an entry POP. The entry POP receives a query to a content server from a mobile device via a dedicated transport channel. The entry POP determines a direct connection score for a direct connection between the mobile device and the content server that does not traverse the mobile accelerator system. The entry POP determines a POP connection score for a connection between the mobile device and the content server through the entry POP and a candidate exit POP. The entry POP determines a dynamic path ranking based on the direct connection score, the POP connection score, and other POP connection score(s) associated with other candidate exit POP(s). The entry POP determines at least a portion of a dynamic path between the mobile device based on the dynamic path ranking and routes data transfers through that dynamic path.

公开(公告)号：US20230056734A1

公开(公告)日：2023-02-23

申请号：US17982358

申请日：2022-11-07

申请人： CLOUDFLARE, INC.

发明人： Jun Ho Choi

IPC分类号： H04L47/27 ,  H04L47/10 ,  H04L47/283 ,  H04L47/193

摘要： An edge server receives a first request message for transmission to the host device. The edge server determines a first congestion control algorithm based on the first request message, including characteristics of the first request message. The edge server applies the first congestion control algorithm to the transport connection for application to the transmission of the first request message. Subsequently, the edge server receives a second request message for transmission to the host device over the transport connection. Based on the second request message, including characteristics of the second request message, the edge server determines and applies a second congestion control algorithm to the transport connection for application to the transmission of the second request message, wherein the second congestion control algorithm is different from the first congestion control algorithm

公开(公告)号：US11546374B2

公开(公告)日：2023-01-03

申请号：US16908518

申请日：2020-06-22

申请人： CLOUDFLARE, INC.

发明人： Achiel Paul van der Mandele ,  Eric Reeves

IPC分类号： H04L9/40 ,  H04L67/288 ,  H04L69/325 ,  H04L67/01 ,  H04L67/63

摘要： A server receives internet traffic from a client device. The server is one of multiple servers of a distributed cloud computing network which are each associated with a set of server identity(ies) including a server/data center certification identity. The server processes, at layer 3, the internet traffic including participating in a layer 3 DDoS protection service. If the traffic is not dropped by the layer 3 DDoS protection service, further processing is performed. The server determines whether it is permitted to process the traffic at layers 5-7 including whether it is associated with a server/data center certification identity that meets a selected criteria for the destination of the internet traffic. If the server does not meet the criteria, it transmits the traffic to another one of the multiple servers for processing the traffic at layers 5-7.

公开(公告)号：US11546309B2

公开(公告)日：2023-01-03

申请号：US17036988

申请日：2020-09-29

申请人： Cloudflare, Inc.

发明人： Sébastien Andreas Henry Pahl ,  Matthieu Philippe François Tourne ,  Piotr Sikora ,  Ray Raymond Bejjani ,  Dane Orion Knecht ,  Matthew Browning Prince ,  John Graham-Cumming ,  Lee Hahn Holloway ,  Albertus Strasheim

IPC分类号： H04L29/06 ,  H04L9/40 ,  G06F21/33 ,  H04L9/08 ,  H04L9/32

摘要： A first server receives a set of cryptographic parameters from a second server. The set of cryptographic parameters is received from the second server as part of a secure session establishment between a client device and the second server. The first server accesses a private key that is not stored on the second server. The first server signs the set of cryptographic parameters using the private key. The first server transmits the signed set of cryptographic parameters to the second server. The first server receives, from the second server, a request to generate a premaster secret using a value generated by the second server that is included in the request and generates the premaster secret. The first server transmits the premaster secret to the second server for use in the secure session establishment between the client device and the second server.

公开(公告)号：US20220417211A1

公开(公告)日：2022-12-29

申请号：US17903828

申请日：2022-09-06

申请人： CLOUDFLARE, INC.

发明人： Marek Przemyslaw Majkowski ,  Braden Michael Ehrat ,  Sergi Isasi ,  Dane Orion Knecht ,  Dina Kozlov ,  Rustam Xing Lalkaka ,  Eric Reeves ,  Oliver Zi-gang Yu

IPC分类号： H04L61/5007

摘要： A map of IP addresses of a distributed cloud computing network to one or more groupings is stored. The IP addresses are anycast IP addresses for which compute servers of the distributed cloud computing network share. These IP addresses are to be used as source IP addresses when transmitting traffic to destinations external to the cloud computing network. The map is made available to external destinations. Traffic is received at the distributed cloud computing network that is destined to an external destination. An IP address is selected based on the characteristic(s) applicable for the traffic and the map. The distributed cloud computing network transmits the traffic to the external destination using the selected IP address.

公开(公告)号：US11489909B1

公开(公告)日：2022-11-01

申请号：US17559994

申请日：2021-12-22

申请人： CLOUDFLARE, INC.

发明人： Killian Koenig ,  Dane Orion Knecht ,  James Royal

IPC分类号： H04L67/02 ,  H04L9/40 ,  H04L67/51 ,  H04L67/561

摘要： Layer 7 protocol (non-HTTP) client applications are executed in the browser. The non-HTTP layer 7 protocol client application connects to a compute server that proxies layer 4 packets to the origin network that has the non-HTTP layer 7 protocol service. As an example, an SSH client (a non-HTTP layer 7 protocol) can execute in the browser and the TCP packets (layer 4 packets) are proxied by a compute server to the origin network that has the appropriate SSH server. The non-HTTP layer 7 protocol client application allows users to run commands or otherwise interact with the client as if they were using a native application (one that is not executed within the browser) without any client-side configuration or agent.

公开(公告)号：US11483690B2

公开(公告)日：2022-10-25

申请号：US17131090

申请日：2020-12-22

申请人： CLOUDFLARE, INC.

发明人： Jeff Sesung Kim ,  Junho Choi ,  Sang Jo Lee ,  Young Keun Park ,  Tianyu Shi

IPC分类号： H04M3/42 ,  H04W4/60 ,  H04W8/18

摘要： Techniques for providing mobile device content delivery acceleration for mobile applications are discussed herein. Some embodiments may provide for a mobile accelerator system including a plurality of point-of-presences (POPs) and a control tower system. The control tower system may be configured to control mobile data transfer acceleration between a mobile device and the content server via the plurality of POPs of the mobile accelerator system. Each mobile application executing on the mobile device may be registered, validated, and then associated with a device POP that forms a dedicated connection with an entry POP of the plurality of POPs. Mobile data transfer acceleration for each mobile application may be selectively activated or deactivated, such as based on user configurations at the application level, domain name level, and/or country level.

公开(公告)号：US20220300637A1

公开(公告)日：2022-09-22

申请号：US17207413

申请日：2021-03-19

申请人： CLOUDFLARE, INC.

发明人： Joshua Thomas Claeys ,  Benjamin Buzbee ,  Pierre Cauchois ,  Killian Koenig ,  Trevor Sundberg

IPC分类号： G06F21/62 ,  H04L29/06

摘要： A remote browsing session is initiated between a remote browser client executing on a client device and a remote browser host executing on a remote browser server. The remote browser host receives from the client device, encrypted remote browser data of remote browser data that affects the remote browser session. The remote browser client does not have access to a decryption key for the encrypted remote browser data. The encrypted remote browser data is decrypted to reveal the remote browser data including data for one or more cookies. The remote browser host is configured with the remote browser data. The remote browser host manages updates to the remote browser data during the remote browsing session including updates to one or more cookies. Periodically, updates to the remote browser data are encrypted and transmitted to the remote browser client for storage.