Настройки

Укажите год
-

Небесная энциклопедия

Космические корабли и станции, автоматические КА и методы их проектирования, бортовые комплексы управления, системы и средства жизнеобеспечения, особенности технологии производства ракетно-космических систем

Подробнее
-

Мониторинг СМИ

Мониторинг СМИ и социальных сетей. Сканирование интернета, новостных сайтов, специализированных контентных площадок на базе мессенджеров. Гибкие настройки фильтров и первоначальных источников.

Подробнее

Форма поиска

Поддерживает ввод нескольких поисковых фраз (по одной на строку). При поиске обеспечивает поддержку морфологии русского и английского языка
Ведите корректный номера.
Ведите корректный номера.
Ведите корректный номера.
Ведите корректный номера.
Укажите год
Укажите год
Применить Всего найдено 56. Отображено 56.
10-11-2015 дата публикации

Secure session capability using public-key cryptography without access to the private key

Номер: US0009184911B2
Автор: Sébastien Andreas Henry Pahl, Matthieu Philippe François Tourne, Piotr Sikora, Ray Raymond Bejjani, Dane Orion Knecht, Matthew Browning Prince, John Graham-Cumming, Lee Hahn Holloway, Nicholas Thomas Sullivan, Albertus Strasheim, PAHL SÉBASTIEN ANDREAS HENRY, TOURNE MATTHIEU PHILIPPE FRANÇOIS, SIKORA PIOTR, BEJJANI RAY RAYMOND, KNECHT DANE ORION, PRINCE MATTHEW BROWNING, GRAHAM-CUMMING JOHN, HOLLOWAY LEE HAHN, SULLIVAN NICHOLAS THOMAS, STRASHEIM ALBERTUS
Принадлежит: CLOUDFLARE, INC., CLOUDFLARE INC

A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session. The server transmits the encrypted premaster secret to the different server for decryption along with other information necessary to compute a master secret and session keys for the secure session. The different server decrypts the encrypted premaster secret, generates the master secret, and generates session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server and transmits those session keys to that server.

Подробнее
Номер записи: 1
14-01-2016 дата публикации

SECURE SESSION CAPABILITY USING PUBLIC-KEY CRYPTOGRAPHY WITHOUT ACCESS TO THE PRIVATE KEY

Номер: US20160013935A1
Автор: Sébastien Andreas Henry Pahl, Matthieu Philippe François Tourne, Piotr Sikora, Ray Raymond Bejjani, Dane Orion Knecht, Matthew Browning Prince, John Graham-Cumming, Lee Hahn Holloway, Nicholas Thomas Sullivan, Albertus Strasheim
Принадлежит: Cloudflare Inc

A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server proxies messages to/from the different server including a set of signed cryptographic parameters signed using the private key on the different server. The different server generates the master secret, and generates and transmits the session keys to the server that are to be used in the secure session for encrypting and decrypting communication between the client device and the server.

Подробнее
Номер записи: 2
28-05-2019 дата публикации

Dynamically serving digital certificates based on secure session properties

Номер: US0010305871B2
Автор: Nicholas Thomas Sullivan, Lee Hahn Holloway, Piotr Sikora, Ryan Lackey, John Graham-Cumming, Dane Orion Knecht, Patrick Donahue, Zi Lin
Принадлежит: CLOUDFLARE, INC.

A server receives a request from a client to establish a secure session. The server analyzes the request to determine a set of one or more properties of the request. The server selects, based at least in part on the determined set of properties, one of multiple certificates for a hostname of the server, where each of the certificates is signed using a different signature and hash algorithm pair. The server returns the selected certificate to the client.

Подробнее
Номер записи: 3
26-04-2018 дата публикации

WEB FORM PROTECTION

Номер: US20180115534A1
Автор: Nicholas Thomas Sullivan, Zi Lin, Rajeev Devendra Sharma
Принадлежит: Cloudflare Inc

A request for a web page is received and the requested web page is retrieved. The web page is modified to obfuscate a set of form attribute values into a corresponding set of obfuscated form attribute values. The modified web page is transmitted to the requesting device. The modified web page does not include the set of form attribute values in their original form. Form data for the set of obfuscated form attribute values is received from the requesting device. The set of obfuscated form attribute values is deobfuscated thereby revealing the original set of form attribute values. The form data for the set of original form attribute values is further processed.

Подробнее
Номер записи: 4
09-05-2023 дата публикации

Generating a negative answer to a domain name system query that indicates resource records as existing for the domain name regardless of whether those resource records actually exist

Номер: US0011647008B2
Автор: Daniel Morsing, Marek Majkowski, Nicholas Thomas Sullivan, Olafur Gudmundsson, Filippo Valsorda
Принадлежит: CLOUDFLARE, INC.

A DNS server receives, from a client device, a DNS query for a resource record type at a domain name. The DNS server determines that the resource record type does not exist at the domain name and generates an answer that indicates that the queried resource record type does not exist at the domain name and also indicates that a plurality of other resource record types exist at the domain name regardless of whether those plurality of other resource record types actually exist at the domain name. The DNS server transmits the generated answer to the client device.

Подробнее
Номер записи: 5
03-09-2020 дата публикации

SECURE SESSION CAPABILITY USING PUBLIC-KEY CRYPTOGRAPHY WITHOUT ACCESS TO THE PRIVATE KEY

Номер: US20200280452A1
Автор: Sébastien Andreas Henry Pahl, Matthieu Philippe François Tourne, Piotr Sikora, Ray Raymond Bejjani, Dane Orion Knecht, Matthew Browning Prince, John Graham-Cumming, Lee Hahn Holloway, Nicholas Thomas Sullivan, Albertus Strasheim, PAHL SÉBASTIEN ANDREAS HENRY, TOURNE MATTHIEU PHILIPPE FRANÇOIS, SIKORA PIOTR, BEJJANI RAY RAYMOND, KNECHT DANE ORION, PRINCE MATTHEW BROWNING, GRAHAM-CUMMING JOHN, HOLLOWAY LEE HAHN, SULLIVAN NICHOLAS THOMAS, STRASHEIM ALBERTUS, Pahl, Sébastien Andreas Henry, Tourne, Matthieu Philippe François, Sikora, Piotr, Bejjani, Ray Raymond, Knecht, Dane Orion, Prince, Matthew Browning, Graham-Cumming, John, Holloway, Lee Hahn, Sullivan, Nicholas Thomas, Strasheim, Albertus
Принадлежит:

A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to the different server for decryption along with other information necessary to compute a master secret. The different server decrypts the encrypted premaster secret, generates the master secret, and transmits the master secret to the server. The server receives the master secret and continues with the handshake procedure including generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server. 120.-. (canceled)21. A method , comprising:receiving, by a first server, a message including at least some of a negotiated set of cryptographic parameters from a second server, wherein the received at least some of the negotiated set of cryptographic parameters includes an encrypted premaster secret and a plurality of random values exchanged between a client device and the second server for establishing a secure session between the client device and the second server, wherein the second server does not have access to a private key to decrypt the encrypted premaster secret, and wherein the second server is separate from the first server;identifying the private key associated with a domain for which the client device is requesting the secure session;decrypting the encrypted premaster secret using the private key;generating a master secret using the decrypted premaster secret and the plurality of random values exchanged between the client device and the second server; andtransmitting, to the second server, the generated master secret to the second server, the ...

Подробнее
Номер записи: 6
12-12-2017 дата публикации

Web form protection

Номер: US0009843565B2
Автор: Nicholas Thomas Sullivan, Zi Lin, Rajeev Devendra Sharma, SULLIVAN NICHOLAS THOMAS, LIN ZI, SHARMA RAJEEV DEVENDRA, Sullivan Nicholas Thomas, Lin Zi, Sharma Rajeev Devendra
Принадлежит: CLOUDFLARE, INC., CLOUDFLARE INC, CloudFlare, Inc.

A request for a web page is received and the requested web page is retrieved. The web page is modified to obfuscate a set of form attribute values into a corresponding set of obfuscated form attribute values. The modified web page is transmitted to the requesting device. The modified web page does not include the set of form attribute values in their original form. Form data for the set of obfuscated form attribute values is received from the requesting device. The set of obfuscated form attribute values is deobfuscated thereby revealing the original set of form attribute values. The form data for the set of original form attribute values is further processed.

Подробнее
Номер записи: 7
09-05-2019 дата публикации

SECURE SESSION CAPABILITY USING PUBLIC-KEY CRYPTOGRAPHY WITHOUT ACCESS TO THE PRIVATE KEY

Номер: US20190140843A1
Автор: Sébastien Andreas Henry Pahl, Matthieu Philippe François Tourne, Piotr Sikora, Ray Raymond Bejjani, Dane Orion Knecht, Matthew Browning Prince, John Graham-Cumming, Lee Hahn Holloway, Nicholas Thomas Sullivan, Albertus Strasheim, PAHL SÉBASTIEN ANDREAS HENRY, TOURNE MATTHIEU PHILIPPE FRANÇOIS, SIKORA PIOTR, BEJJANI RAY RAYMOND, KNECHT DANE ORION, PRINCE MATTHEW BROWNING, GRAHAM-CUMMING JOHN, HOLLOWAY LEE HAHN, SULLIVAN NICHOLAS THOMAS, STRASHEIM ALBERTUS, Pahl, Sébastien Andreas Henry, Tourne, Matthieu Philippe François, Sikora, Piotr, Bejjani, Ray Raymond, Knecht, Dane Orion, Prince, Matthew Browning, Graham-Cumming, John, Holloway, Lee Hahn, Sullivan, Nicholas Thomas, Strasheim, Albertus
Принадлежит:

A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to the different server for decryption along with other information necessary to compute a master secret. The different server decrypts the encrypted premaster secret, generates the master secret, and transmits the master secret to the server. The server receives the master secret and continues with the handshake procedure including generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server. 1. A method in a first server for establishing a secure session with a client device , the method comprising:receiving, from the client device, a Client Hello message that includes a first random value;in response to the received Client Hello message, transmitting a Server Hello message to the client device that includes a second random value;transmitting, to the client device, a Server Certificate message that includes one or more digital certificates;transmitting, to the client device, a Server Hello Done message;receiving, from the client device, a Client Key Exchange message that includes an encrypted premaster secret, wherein the first server does not include a private key that can decrypt the encrypted premaster secret;transmitting, to a second server that has access to the private key to decrypt the encrypted premaster secret, the encrypted premaster secret, the first random value, and the second random value;receiving, from the second server, a master secret that was generated using a function that takes as input at least in part the decrypted ...

Подробнее
Номер записи: 8
05-07-2016 дата публикации

Secure session capability using public-key cryptography without access to the private key

Номер: US0009385864B2
Автор: Sébastien Andreas Henry Pahl, Matthieu Philippe François Tourne, Piotr Sikora, Ray Raymond Bejjani, Dane Orion Knecht, Matthew Browning Prince, John Graham-Cumming, Lee Hahn Holloway, Nicholas Thomas Sullivan, Albertus Strasheim, PAHL SÉBASTIEN ANDREAS HENRY, TOURNE MATTHIEU PHILIPPE FRANÇOIS, SIKORA PIOTR, BEJJANI RAY RAYMOND, KNECHT DANE ORION, PRINCE MATTHEW BROWNING, GRAHAM-CUMMING JOHN, HOLLOWAY LEE HAHN, SULLIVAN NICHOLAS THOMAS, STRASHEIM ALBERTUS
Принадлежит: CLOUDFLARE, INC., CLOUDFLARE INC

A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server proxies messages to/from the different server including a set of signed cryptographic parameters signed using the private key on the different server. The different server generates the master secret, and generates and transmits the session keys to the server that are to be used in the secure session for encrypting and decrypting communication between the client device and the server.

Подробнее
Номер записи: 9
22-06-2021 дата публикации

Secure session capability using public-key cryptography without access to the private key

Номер: US0011044083B2
Автор: Sébastien Andreas Henry Pahl, Matthieu Philippe François Tourne, Piotr Sikora, Ray Raymond Bejjani, Dane Orion Knecht, Matthew Browning Prince, John Graham-Cumming, Lee Hahn Holloway, Nicholas Thomas Sullivan, Albertus Strasheim, PAHL SÉBASTIEN ANDREAS HENRY, TOURNE MATTHIEU PHILIPPE FRANÇOIS, SIKORA PIOTR, BEJJANI RAY RAYMOND, KNECHT DANE ORION, PRINCE MATTHEW BROWNING, GRAHAM-CUMMING JOHN, HOLLOWAY LEE HAHN, SULLIVAN NICHOLAS THOMAS, STRASHEIM ALBERTUS, Pahl, Sébastien Andreas Henry, Tourne, Matthieu Philippe François, Sikora, Piotr, Bejjani, Ray Raymond, Knecht, Dane Orion, Prince, Matthew Browning, Graham-Cumming, John, Holloway, Lee Hahn, Sullivan, Nicholas Thomas, Strasheim, Albertus
Принадлежит: CLOUDFLARE, INC., CLOUDFLARE INC

A first server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different, second, server. The first server transmits messages between the client device and the second server where the second server has access to a private key that is not available on the first server. The first server receives from the second server a set of session key(s) used in the secure session for encrypting/decrypting communication between the client device and the first server. The session key(s) are generated using a master secret that is generated using a premaster secret generated using Diffie-Hellman public values selected by the client device and the second server. The first server uses the session key(s) to encrypt/decrypt communication with the client device.

Подробнее
Номер записи: 10
17-08-2017 дата публикации

SECURE SESSION CAPABILITY USING PUBLIC-KEY CRYPTOGRAPHY WITHOUT ACCESS TO THE PRIVATE KEY

Номер: US20170237571A1
Автор: Sébastien Andreas Henry Pahl, Matthieu Philippe François Tourne, Piotr Sikora, Ray Raymond Bejjani, Dane Orion Knecht, Matthew Browning Prince, John Graham-Cumming, Lee Hahn Holloway, Nicholas Thomas Sullivan, Albertus Strasheim, PAHL SÉBASTIEN ANDREAS HENRY, TOURNE MATTHIEU PHILIPPE FRANÇOIS, SIKORA PIOTR, BEJJANI RAY RAYMOND, KNECHT DANE ORION, PRINCE MATTHEW BROWNING, GRAHAM-CUMMING JOHN, HOLLOWAY LEE HAHN, SULLIVAN NICHOLAS THOMAS, STRASHEIM ALBERTUS, Pahl Sébastien Andreas Henry, Tourne Matthieu Philippe François, Sikora Piotr, Bejjani Ray Raymond, Knecht Dane Orion, Prince Matthew Browning, Graham-Cumming John, Holloway Lee Hahn, Sullivan Nicholas Thomas, Strasheim Albertus
Принадлежит:

A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to the different server for decryption along with other information necessary to compute a master secret. The different server decrypts the encrypted premaster secret, generates the master secret, and transmits the master secret to the server. The server receives the master secret and continues with the handshake procedure including generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server. 1. A method in a first server for establishing a secure session with a client device , the method comprising:receiving, from the client device, a Client Hello message that includes a first random value;in response to the received Client Hello message, transmitting a Server Hello message to the client device that includes a second random value;transmitting, to the client device, a Server Certificate message that includes one or more digital certificates;transmitting, to the client device, a Server Hello Done message;receiving, from the client device, a Client Key Exchange message that includes an encrypted premaster secret, wherein the first server does not include a private key that can decrypt the encrypted premaster secret;transmitting, to a second server that has access to the private key to decrypt the encrypted premaster secret, the encrypted premaster secret, the first random value, and the second random value;receiving, from the second server, a master secret that was generated using a function that takes as input at least in part the decrypted ...

Подробнее
Номер записи: 11
27-10-2016 дата публикации

SECURE SESSION CAPABILITY USING PUBLIC-KEY CRYPTOGRAPHY WITHOUT ACCESS TO THE PRIVATE KEY

Номер: US20160315767A1
Автор: Sébastien Andreas Henry Pahl, Matthieu Philippe François Tourne, Piotr Sikora, Ray Raymond Bejjani, Dane Orion Knecht, Matthew Browning Prince, John Graham-Cumming, Lee Hahn Holloway, Nicholas Thomas Sullivan, Albertus Strasheim, PAHL SÉBASTIEN ANDREAS HENRY, TOURNE MATTHIEU PHILIPPE FRANÇOIS, SIKORA PIOTR, BEJJANI RAY RAYMOND, KNECHT DANE ORION, PRINCE MATTHEW BROWNING, GRAHAM-CUMMING JOHN, HOLLOWAY LEE HAHN, SULLIVAN NICHOLAS THOMAS, STRASHEIM ALBERTUS, Pahl Sébastien Andreas Henry, Tourne Matthieu Philippe François, Sikora Piotr, Bejjani Ray Raymond, Knecht Dane Orion, Prince Matthew Browning, Graham-Cumming John, Holloway Lee Hahn, Sullivan Nicholas Thomas, Strasheim Albertus
Принадлежит:

A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server proxies messages to/from the different server including a set of signed cryptographic parameters signed using the private key on the different server. The different server generates the master secret, and generates and transmits the session keys to the server that are to be used in the secure session for encrypting and decrypting communication between the client device and the server. 1. A method in a first server for establishing a secure session with a client device , the method comprising:receiving a first message from the client device that initiates a handshake procedure to establish a secure session between the client device and the first server and transmitting the first message to a second server;receiving, from the second server, a second message in response to the first message and transmitting the second message to the client device;receiving, from the second server, a third message that includes a digital certificate and transmitting the third message to the client device;receiving, from the second server, a fourth message that includes a set of cryptographic parameters that is signed using a private key stored on the second server and not available on the first server and transmitting the fourth message to the client device, wherein the set of cryptographic parameters are to be used by the client device when generating a premaster secret and include a Diffie-Hellman public value selected by the second server;receiving, from the second server, a fifth message that indicates that a server hello part of the handshake procedure is complete and transmitting the fifth message to the client device;receiving, from the client device, a sixth message that includes a Diffie-Hellman public value selected by the client device and transmitting the sixth ...

Подробнее
Номер записи: 12
12-09-2019 дата публикации

Dynamically Serving Digital Certificates Based on Secure Session Properties

Номер: US20190281032A1
Автор: Nicholas Thomas Sullivan, Lee Hahn Holloway, Piotr Sikora, Ryan Lackey, John Graham-Cumming, Dane Orion Knecht, Patrick Donahue, Zi Lin, SULLIVAN NICHOLAS THOMAS, HOLLOWAY LEE HAHN, SIKORA PIOTR, LACKEY RYAN, GRAHAM-CUMMING JOHN, KNECHT DANE ORION, DONAHUE PATRICK, LIN ZI, Sullivan, Nicholas Thomas, Holloway, Lee Hahn, Sikora, Piotr, Lackey, Ryan, Graham-Cumming, John, Knecht, Dane Orion, Donahue, Patrick, Lin, Zi
Принадлежит: Cloudflare Inc

A server receives a request from a client to establish a secure session. The server analyzes the request to determine a set of one or more properties of the request. The server selects, based at least in part on the determined set of properties, one of multiple certificates for a hostname of the server, where each of the certificates is signed using a different signature and hash algorithm pair. The server returns the selected certificate to the client.

Подробнее
Номер записи: 13
08-11-2018 дата публикации

SECURE SESSION CAPABILITY USING PUBLIC-KEY CRYPTOGRAPHY WITHOUT ACCESS TO THE PRIVATE KEY

Номер: US20180323969A1
Автор: Sébastien Andreas Henry Pahl, Matthieu Philippe François Tourne, Piotr Sikora, Ray Raymond Bejjani, Dane Orion Knecht, Matthew Browning Prince, John Graham-Cumming, Lee Hahn Holloway, Nicholas Thomas Sullivan, Albertus Strasheim, PAHL SÉBASTIEN ANDREAS HENRY, TOURNE MATTHIEU PHILIPPE FRANÇOIS, SIKORA PIOTR, BEJJANI RAY RAYMOND, KNECHT DANE ORION, PRINCE MATTHEW BROWNING, GRAHAM-CUMMING JOHN, HOLLOWAY LEE HAHN, SULLIVAN NICHOLAS THOMAS, STRASHEIM ALBERTUS, Pahl, Sébastien Andreas Henry, Tourne, Matthieu Philippe François, Sikora, Piotr, Bejjani, Ray Raymond, Knecht, Dane Orion, Prince, Matthew Browning, Graham-Cumming, John, Holloway, Lee Hahn, Sullivan, Nicholas Thomas, Strasheim, Albertus
Принадлежит: Cloudflare Inc

A first server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different, second, server. The first server transmits messages between the client device and the second server where the second server has access to a private key that is not available on the first server. The first server receives from the second server a set of session key(s) used in the secure session for encrypting/decrypting communication between the client device and the first server. The session key(s) are generated using a master secret that is generated using a premaster secret generated using Diffie-Hellman public values selected by the client device and the second server. The first server uses the session key(s) to encrypt/decrypt communication with the client device.

Подробнее
Номер записи: 14
22-06-2017 дата публикации

METHODS AND SYSTEMS FOR IDENTIFICATION OF A DOMAIN OF A COMMAND AND CONTROL SERVER OF A BOTNET

Номер: US20170180312A1
Автор: Nicholas Thomas Sullivan, SULLIVAN NICHOLAS THOMAS, Sullivan Nicholas Thomas
Принадлежит: Cloudflare Inc

Methods and apparatuses for identifying a domain of a command and control server of a botnet are described. Upon receipt of a request to register a domain for a service that includes a proxy server, where the proxy server is to receive and process traffic for that domain if registration is successful, a determination of whether the domain was generated by a domain generation algorithm (DGA) is performed. Responsive to determining that the domain was generated by the DGA, performing at least one of: denying registration of the domain for the service, and accepting registration of the domain for the service and causing the proxy server to monitor communications received to and from the domain

Подробнее
Номер записи: 15
26-01-2021 дата публикации

Web form protection

Номер: US0010904227B2
Автор: Nicholas Thomas Sullivan, Zi Lin, Rajeev Devendra Sharma, SULLIVAN NICHOLAS THOMAS, LIN ZI, SHARMA RAJEEV DEVENDRA, Sullivan, Nicholas Thomas, Lin, Zi, Sharma, Rajeev Devendra
Принадлежит: CLOUDFLARE, INC., CLOUDFLARE INC, Cloudflare, Inc.

A request for a web page is received and the requested web page is retrieved. The web page is modified to obfuscate a set of form attribute values into a corresponding set of obfuscated form attribute values. The modified web page is transmitted to the requesting device. The modified web page does not include the set of form attribute values in their original form. Form data for the set of obfuscated form attribute values is received from the requesting device. The set of obfuscated form attribute values is deobfuscated thereby revealing the original set of form attribute values. The form data for the set of original form attribute values is further processed.

Подробнее
Номер записи: 16
26-06-2018 дата публикации

Secure session capability using public-key cryptography without access to the private key

Номер: US0010009183B2
Автор: Sébastien Andreas Henry Pahl, Matthieu Philippe François Tourne, Piotr Sikora, Ray Raymond Bejjani, Dane Orion Knecht, Matthew Browning Prince, John Graham-Cumming, Lee Hahn Holloway, Nicholas Thomas Sullivan, Albertus Strasheim, PAHL SÉBASTIEN ANDREAS HENRY, TOURNE MATTHIEU PHILIPPE FRANÇOIS, SIKORA PIOTR, BEJJANI RAY RAYMOND, KNECHT DANE ORION, PRINCE MATTHEW BROWNING, GRAHAM-CUMMING JOHN, HOLLOWAY LEE HAHN, SULLIVAN NICHOLAS THOMAS, STRASHEIM ALBERTUS, Pahl, Sébastien Andreas Henry, Tourne, Matthieu Philippe François, Sikora, Piotr, Bejjani, Ray Raymond, Knecht, Dane Orion, Prince, Matthew Browning, Graham-Cumming, John, Holloway, Lee Hahn, Sullivan, Nicholas Thomas, Strasheim, Albertus
Принадлежит: CLOUDFLARE, INC., CLOUDFLARE INC

A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to the different server for decryption along with other information necessary to compute a master secret. The different server decrypts the encrypted premaster secret, generates the master secret, and transmits the master secret to the server. The server receives the master secret and continues with the handshake procedure including generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.

Подробнее
Номер записи: 17
08-01-2019 дата публикации

Managing private key access in multiple nodes

Номер: US0010177909B1
Автор: Nicholas Thomas Sullivan, Brendan Scott McMillion, SULLIVAN NICHOLAS THOMAS, MCMILLION BRENDAN SCOTT, Sullivan, Nicholas Thomas, McMillion, Brendan Scott
Принадлежит: CLOUDFLARE, INC., CLOUDFLARE INC, Cloudflare, Inc.

Managing private key access in multiple nodes is described. A piece of data (e.g., a private key) is encrypted using identity-based broadcast encryption and identity-based revocation encryption so that only certain servers in a distributed network of servers can decrypt the piece of data. The piece of data is encrypted with a key encryption key (KEK). The KEK is split into two pieces. The first piece is encrypted using identity-based broadcast encryption with an identified location as input such that only servers of the identified location can decrypt the first piece, and the second piece is encrypted using identity-based revocation encryption so that certain identified servers of the identified location cannot decrypt cannot decrypt the second piece. The keys are transmitted to the servers.

Подробнее
Номер записи: 18
12-01-2017 дата публикации

Certificate Authority Framework

Номер: US20170012967A1
Автор: Lee Hahn Holloway, Nicholas Thomas Sullivan, HOLLOWAY LEE HAHN, SULLIVAN NICHOLAS THOMAS, Holloway Lee Hahn, Sullivan Nicholas Thomas
Принадлежит:

A server receives a single certificate signature request from a requestor and determines that the requestor is authorized for a certificate corresponding to the single certificate signature request. The server generates a first certificate corresponding to the single certificate signature request, wherein the first certificate has a first expiry value. The server transmits the generated first certificate to the requestor. Responsive to an amount of time elapsing, the server automatically generating a second certificate corresponding to the single certificate signature request, wherein the amount of time expiring is less than the first expiry value. The server transmits the generated second certificate to the requestor. 1receiving a single certificate signature request from a requestor;determining that the requestor is authorized for a certificate corresponding to the single certificate signature request;generating a first certificate corresponding to the single certificate signature request, wherein the first certificate has a first expiry value;transmitting the generated first certificate to the requestor;responsive to an amount of time elapsing, automatically generating a second certificate corresponding to the single certificate signature request, wherein the amount of time elapsing is less than the first expiry value; andtransmitting the generated second certificate to the requestor.. A method, comprising: This application claims the benefit of U.S. Provisional Application No. 62/190,692, filed Jul. 9, 2015, which is hereby incorporated by reference.Embodiments of the invention relate to the field of secure network communications; and more specifically, to a certificate authority framework.Secure Sockets Layer (SSL) and Transport Layer Security (TLS), which is the successor to SSL, provide secure network connections. SSL and/or TLS are commonly used during web browsing (e.g., using HTTPS), email, and other Internet applications. SSL and TLS are described in ...

Подробнее
Номер записи: 19
24-02-2015 дата публикации

Secure session capability using public-key cryptography without access to the private key

Номер: US0008966267B1
Автор: Sébastien Andreas Henry Pahl, Matthieu Philippe François Tourne, Piotr Sikora, Ray Raymond Bejjani, Dane Orion Knecht, Matthew Browning Prince, John Graham-Cumming, Lee Hahn Holloway, Nicholas Thomas Sullivan, Albertus Strasheim, PAHL SÉBASTIEN ANDREAS HENRY, TOURNE MATTHIEU PHILIPPE FRANÇOIS, SIKORA PIOTR, BEJJANI RAY RAYMOND, KNECHT DANE ORION, PRINCE MATTHEW BROWNING, GRAHAM-CUMMING JOHN, HOLLOWAY LEE HAHN, SULLIVAN NICHOLAS THOMAS, STRASHEIM ALBERTUS
Принадлежит: Cloudflare, Inc., PAHL SÉBASTIEN ANDREAS HENRY, TOURNE MATTHIEU PHILIPPE FRANÇOIS, SIKORA PIOTR, BEJJANI RAY RAYMOND, KNECHT DANE ORION, PRINCE MATTHEW BROWNING, GRAHAM-CUMMING JOHN, HOLLOWAY LEE HAHN, SULLIVAN NICHOLAS THOMAS, STRASHEIM ALBERTUS, CLOUDFLARE INC, CLOUDFLARE, INC.

A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server proxies messages to/from the different server including a set of signed cryptographic parameters signed using the private key on the different server. The different server generates the master secret, and generates and transmits the session keys to the server that are to be used in the secure session for encrypting and decrypting communication between the client device and the server.

Подробнее
Номер записи: 20
17-03-2020 дата публикации

Secure session capability using public-key cryptography without access to the private key

Номер: US0010594496B2
Автор: Sébastien Andreas Henry Pahl, Matthieu Philippe François Tourne, Piotr Sikora, Ray Raymond Bejjani, Dane Orion Knecht, Matthew Browning Prince, John Graham-Cumming, Lee Hahn Holloway, Nicholas Thomas Sullivan, Albertus Strasheim, PAHL SÉBASTIEN ANDREAS HENRY, TOURNE MATTHIEU PHILIPPE FRANÇOIS, SIKORA PIOTR, BEJJANI RAY RAYMOND, KNECHT DANE ORION, PRINCE MATTHEW BROWNING, GRAHAM-CUMMING JOHN, HOLLOWAY LEE HAHN, SULLIVAN NICHOLAS THOMAS, STRASHEIM ALBERTUS, Pahl, Sébastien Andreas Henry, Tourne, Matthieu Philippe François, Sikora, Piotr, Bejjani, Ray Raymond, Knecht, Dane Orion, Prince, Matthew Browning, Graham-Cumming, John, Holloway, Lee Hahn, Sullivan, Nicholas Thomas, Strasheim, Albertus
Принадлежит: CLOUDFLARE, INC., CLOUDFLARE INC

A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to the different server for decryption along with other information necessary to compute a master secret. The different server decrypts the encrypted premaster secret, generates the master secret, and transmits the master secret to the server. The server receives the master secret and continues with the handshake procedure including generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.

Подробнее
Номер записи: 21
26-01-2021 дата публикации

Multiply-encrypting data requiring multiple keys for decryption

Номер: US0010904005B2
Автор: Nicholas Thomas Sullivan, SULLIVAN NICHOLAS THOMAS, Sullivan, Nicholas Thomas
Принадлежит: CLOUDFLARE, INC., CLOUDFLARE INC, Cloudflare, Inc.

A server receives a piece of data for encryption. The server encrypts the piece of data such that no single key can decrypt the encrypted piece of data and any combination of a first multiple of unique keys taken a second multiple at a time are capable of decrypting the encrypted piece of data. Each of the first multiple of unique keys is tied to account credentials of a different user. The second multiple is less than or equal to the first multiple. The encrypted piece of data is returned.

Подробнее
Номер записи: 22
23-06-2016 дата публикации

WEB FORM PROTECTION

Номер: US20160182517A1
Автор: Nicholas Thomas Sullivan, Zi Lin, Rajeev Devendra Sharma, SULLIVAN NICHOLAS THOMAS, LIN ZI, SHARMA RAJEEV DEVENDRA
Принадлежит:

A request for a web page is received and the requested web page is retrieved. The web page is modified to obfuscate a set of form attribute values into a corresponding set of obfuscated form attribute values. The modified web page is transmitted to the requesting device. The modified web page does not include the set of form attribute values in their original form. Form data for the set of obfuscated form attribute values is received from the requesting device. The set of obfuscated form attribute values is deobfuscated thereby revealing the original set of form attribute values. The form data for the set of original form attribute values is further processed. 1. A method in a proxy server that is coupled with an origin server , comprising:receiving, from a requesting device, a request for a web page of the origin server;retrieving the requested web page;determining that the retrieved web page includes a web form that includes a set of one or more form attribute values for obfuscation; determining a first set of one or more values of a set of one or more characteristics of the requesting device,', 'deriving a first symmetric key from at least the first set of values, and', 'encrypting the set of form attribute values using the first symmetric key;, 'modifying the retrieved web page including obfuscating the set of form attribute values into a corresponding set of one more obfuscated form attribute values wherein obfuscating the set of form attribute values includes performing the followingtransmitting the modified web page to the requesting device, wherein the set of form attribute values in their original form is not included in the modified web page;receiving, from the requesting device, form data for the set of obfuscated form attribute values; determining a second set of one or more values of the set of characteristics of the requesting device,', 'deriving a second symmetric key from at least the second set of values, and', 'decrypting the set of obfuscated form ...

Подробнее
Номер записи: 23
09-05-2019 дата публикации

MANAGING PRIVATE KEY ACCESS IN MULTIPLE NODES

Номер: US20190140825A1
Автор: Nicholas Thomas Sullivan, Brendan Scott McMillion, SULLIVAN NICHOLAS THOMAS, MCMILLION BRENDAN SCOTT, Sullivan, Nicholas Thomas, McMillion, Brendan Scott
Принадлежит:

Managing private key access in multiple nodes is described. A piece of data (e.g., a private key) is encrypted using identity-based broadcast encryption and identity-based revocation encryption so that only certain servers in a distributed network of servers can decrypt the piece of data. The piece of data is encrypted with a key encryption key (KEK). The KEK is split into two pieces. The first piece is encrypted using identity-based broadcast encryption with a first set of identities as input such that only servers of the first set of identities can decrypt the first piece, and the second piece is encrypted using identity-based revocation encryption so that all servers except those that have the second set of identities can decrypt the second piece. The keys are transmitted to the servers. 1. A method for managing access to a private key , comprising: a first set of one or more identities of a first set of a plurality of decryption server devices in which decryption of the private key is allowed, and', 'a second set of one or more identities of a second set of the plurality of decryption server devices in which decryption of the private key is not allowed;, 'receiving configuration that specifiesencrypting a key encryption key (KEK) for the private key;encrypting the private key with the KEK to generate an encrypted private key;splitting the KEK into a first piece and a second piece;encrypting the first piece using an identity-based broadcast encryption algorithm using first set of identities such that only decryption server devices of the first set of identities are able to decrypt the first piece;encrypting the second piece using an identity-based revocation encryption algorithm using the second set of identities such that all decryption server devices except the second set of the plurality of decryption server devices identified by the second set of identities are able to decrypt the second piece; andtransmitting the encrypted private key, the encrypted first ...

Подробнее
Номер записи: 24
14-01-2016 дата публикации

SECURE SESSION CAPABILITY USING PUBLIC-KEY CRYPTOGRAPHY WITHOUT ACCESS TO THE PRIVATE KEY

Номер: US20160014114A1
Автор: Sébastien Andreas Henry Pahl, Matthieu Philippe François Tourne, Piotr Sikora, Ray Raymond Bejjani, Dane Orion Knecht, Matthew Browning Prince, John Graham-Cumming, Lee Hahn Holloway, Nicholas Thomas Sullivan, Albertus Strasheim
Принадлежит:

A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to the different server for decryption along with other information necessary to compute a master secret. The different server decrypts the encrypted premaster secret, generates the master secret, and transmits the master secret to the server. The server receives the master secret and continues with the handshake procedure including generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server. 1. A method in a first server for establishing a secure session with a client device , the method comprising:receiving, from the client device, a Client Hello message that includes a first random value;in response to the received Client Hello message, transmitting a Server Hello message to the client device that includes a second random value;transmitting, to the client device, a Server Certificate message that includes one or more digital certificates;transmitting, to the client device, a Server Hello Done message;receiving, from the client device, a Client Key Exchange message that includes an encrypted premaster secret, wherein the first server does not include a private key that can decrypt the encrypted premaster secret;transmitting, to a second server that has access to the private key to decrypt the encrypted premaster secret, the encrypted premaster secret, the first random value, and the second random value;receiving, from the second server, a master secret that was generated using a function that takes as input at least in part the decrypted ...

Подробнее
Номер записи: 25
02-05-2017 дата публикации

Multiply-encrypting data requiring multiple keys for decryption

Номер: US0009639687B2
Автор: Nicholas Thomas Sullivan, SULLIVAN NICHOLAS THOMAS, Sullivan Nicholas Thomas
Принадлежит: CLOUDFARE, INC., CLOUDFLARE INC, CLOUDFARE INC, CloudFlare, Inc.

A server receives a piece of data for encryption. The server encrypts the piece of data such that no single key can decrypt the encrypted piece of data and any combination of a first multiple of unique keys taken a second multiple at a time are capable of decrypting the encrypted piece of data. Each of the first multiple of unique keys is tied to account credentials of a different user. The second multiple is less than or equal to the first multiple. The encrypted piece of data is returned.

Подробнее
Номер записи: 26
09-10-2018 дата публикации

Methods and systems for identification of a domain of a command and control server of a botnet

Номер: US0010097511B2
Автор: Nicholas Thomas Sullivan, SULLIVAN NICHOLAS THOMAS, Sullivan, Nicholas Thomas
Принадлежит: Cloudflare, Inc., CLOUDFLARE INC, CLOUDFLARE, INC.

Methods and apparatuses for identifying a domain of a command and control server of a botnet are described. Upon receipt of a request to register a domain for a service that includes a proxy server, where the proxy server is to receive and process traffic for that domain if registration is successful, a determination of whether the domain was generated by a domain generation algorithm (DGA) is performed. Responsive to determining that the domain was generated by the DGA, performing at least one of: denying registration of the domain for the service, and accepting registration of the domain for the service and causing the proxy server to monitor communications received to and from the domain ...

Подробнее
Номер записи: 27
05-05-2020 дата публикации

Methods and systems for identification of a domain of a command and control server of a botnet

Номер: US0010645061B2
Автор: Nicholas Thomas Sullivan, SULLIVAN NICHOLAS THOMAS, Sullivan, Nicholas Thomas
Принадлежит: CLOUDFLARE, INC., CLOUDFLARE INC

Methods and apparatuses for identifying a domain of a command and control server of a botnet are described. Upon receipt of a request to register a domain for a service that includes a proxy server, where the proxy server is to receive and process traffic for that domain if registration is successful, a determination of whether the domain was generated by a domain generation algorithm (DGA) is performed. Responsive to determining that the domain was generated by the DGA, accepting registration of the domain for the service and causing the proxy server to monitor communications received to and from the domain.

Подробнее
Номер записи: 28
20-09-2016 дата публикации

Secure session capability using public-key cryptography without access to the private key

Номер: US0009450950B2
Автор: Sébastien Andreas Henry Pahl, Matthieu Philippe François Tourne, Piotr Sikora, Ray Raymond Bejjani, Dane Orion Knecht, Matthew Browning Prince, John Graham-Cumming, Lee Hahn Holloway, Nicholas Thomas Sullivan, Albertus Strasheim, PAHL SÉBASTIEN ANDREAS HENRY, TOURNE MATTHIEU PHILIPPE FRANÇOIS, SIKORA PIOTR, BEJJANI RAY RAYMOND, KNECHT DANE ORION, PRINCE MATTHEW BROWNING, GRAHAM-CUMMING JOHN, HOLLOWAY LEE HAHN, SULLIVAN NICHOLAS THOMAS, STRASHEIM ALBERTUS, Pahl Sébastien Andreas Henry, Tourne Matthieu Philippe François, Sikora Piotr, Bejjani Ray Raymond, Knecht Dane Orion, Prince Matthew Browning, Graham-Cumming John, Holloway Lee Hahn, Sullivan Nicholas Thomas, Strasheim Albertus
Принадлежит: CLOUDFLARE, INC., CLOUDFLARE INC

A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to the different server for decryption along with other information necessary to compute a master secret. The different server decrypts the encrypted premaster secret, generates the master secret, and transmits the master secret to the server. The server receives the master secret and continues with the handshake procedure including generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.

Подробнее
Номер записи: 29
02-03-2021 дата публикации

Managing private key access in multiple nodes

Номер: US0010938554B2
Автор: Nicholas Thomas Sullivan, Brendan Scott McMillion, SULLIVAN NICHOLAS THOMAS, MCMILLION BRENDAN SCOTT, Sullivan, Nicholas Thomas, McMillion, Brendan Scott
Принадлежит: CLOUDFLARE, INC., CLOUDFLARE INC, Cloudflare, Inc.

Managing private key access in multiple nodes is described. A piece of data (e.g., a private key) is encrypted using identity-based broadcast encryption and identity-based revocation encryption so that only certain servers in a distributed network of servers can decrypt the piece of data. The piece of data is encrypted with a key encryption key (KEK). The KEK is split into two pieces. The first piece is encrypted using identity-based broadcast encryption with a first set of identities as input such that only servers of the first set of identities can decrypt the first piece, and the second piece is encrypted using identity-based revocation encryption so that all servers except those that have the second set of identities can decrypt the second piece. The keys are transmitted to the servers.

Подробнее
Номер записи: 30
26-07-2016 дата публикации

Web form protection

Номер: US0009401919B2
Автор: Nicholas Thomas Sullivan, Zi Lin, Rajeev Devendra Sharma, SULLIVAN NICHOLAS THOMAS, LIN ZI, SHARMA RAJEEV DEVENDRA, Sullivan Nicholas Thomas, Lin Zi, Sharma Rajeev Devendra
Принадлежит: CLOUDFLARE, INC., CLOUDFLARE INC, CloudFlare, Inc.

A request for a web page is received and the requested web page is retrieved. The web page is modified to obfuscate a set of form attribute values into a corresponding set of obfuscated form attribute values. The modified web page is transmitted to the requesting device. The modified web page does not include the set of form attribute values in their original form. Form data for the set of obfuscated form attribute values is received from the requesting device. The set of obfuscated form attribute values is deobfuscated thereby revealing the original set of form attribute values. The form data for the set of original form attribute values is further processed.

Подробнее
Номер записи: 31
24-07-2018 дата публикации

Secure session capability using public-key cryptography without access to the private key

Номер: US0010033529B2
Автор: Sébastien Andreas Henry Pahl, Matthieu Philippe François Tourne, Piotr Sikora, Ray Raymond Bejjani, Dane Orion Knecht, Matthew Browning Prince, John Graham-Cumming, Lee Hahn Holloway, Nicholas Thomas Sullivan, Albertus Strasheim, PAHL SÉBASTIEN ANDREAS HENRY, TOURNE MATTHIEU PHILIPPE FRANÇOIS, SIKORA PIOTR, BEJJANI RAY RAYMOND, KNECHT DANE ORION, PRINCE MATTHEW BROWNING, GRAHAM-CUMMING JOHN, HOLLOWAY LEE HAHN, SULLIVAN NICHOLAS THOMAS, STRASHEIM ALBERTUS, Pahl, Sébastien Andreas Henry, Tourne, Matthieu Philippe François, Sikora, Piotr, Bejjani, Ray Raymond, Knecht, Dane Orion, Prince, Matthew Browning, Graham-Cumming, John, Holloway, Lee Hahn, Sullivan, Nicholas Thomas, Strasheim, Albertus
Принадлежит: CLOUDFLARE, INC., CLOUDFLARE INC, CloudFlare, Inc.

A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server proxies messages to/from the different server including a set of signed cryptographic parameters signed using the private key on the different server. The different server generates the master secret, and generates and transmits the session keys to the server that are to be used in the secure session for encrypting and decrypting communication between the client device and the server.

Подробнее
Номер записи: 32
15-06-2017 дата публикации

DYNAMICALLY SERVING DIGITAL CERTIFICATES BASED ON SECURE SESSION PROPERTIES

Номер: US20170171172A1
Автор: Nicholas Thomas Sullivan, Lee Hahn Holloway, Piotr Sikora, Ryan Lackey, John Graham-Cumming, Dane Orion Knecht, Patrick Donahue, Zi Lin, SULLIVAN NICHOLAS THOMAS, HOLLOWAY LEE HAHN, SIKORA PIOTR, LACKEY RYAN, GRAHAM-CUMMING JOHN, KNECHT DANE ORION, DONAHUE PATRICK, LIN ZI, Sullivan Nicholas Thomas, Holloway Lee Hahn, Sikora Piotr, Lackey Ryan, Graham-Cumming John, Knecht Dane Orion, Donahue Patrick, Lin Zi
Принадлежит:

A server receives a request from a client to establish a secure session. The server analyzes the request to determine a set of one or more properties of the request. The server selects, based at least in part on the determined set of properties, one of multiple certificates for a hostname of the server, where each of the certificates is signed using a different signature and hash algorithm pair. The server returns the selected certificate to the client. 1. A method in a server , comprising:receiving a request from a client network application that initiates a handshake procedure to establish a secure session;analyzing the request to determine a set of one or more properties of the request;selecting, based at least in part on the determined set of one or more properties of the request, one of a plurality of certificates for a hostname for the server, wherein each of the plurality of certificates is signed using a different signature and hash algorithm pair; andreturning the selected certificate to the client network application.2. The method of claim 1 , wherein at least one property of the determined set of one or more properties is whether the request specifies the hostname.3. The method of claim 2 , wherein at least one property of the determined set of one or more properties is whether the request specifies which one or more signature and hash algorithm pairs is supported by the client network application.4. The method of claim 3 , wherein the selected certificate is signed using an RSA signature algorithm with a SHA-1 cryptographic hash algorithm responsive to the determined set of properties not specifying the hostname or not specifying which one or more signature and hash algorithm pairs is supported by the client network application.5. The method of claim 3 , wherein the plurality of certificates includes:a first certificate signed using an RSA signature algorithm with a first cryptographic hash algorithm, anda second certificate signed using an ECDSA ...

Подробнее
Номер записи: 33
17-03-2016 дата публикации

SECURE SESSION CAPABILITY USING PUBLIC-KEY CRYPTOGRAPHY WITHOUT ACCESS TO THE PRIVATE KEY

Номер: US20160080337A1
Автор: Sébastien Andreas Henry Pahl, Matthieu Philippe François Tourne, Piotr Sikora, Ray Raymond Bejjani, Dane Orion Knecht, Matthew Browning Prince, John Graham-Cumming, Lee Hahn Holloway, Nicholas Thomas Sullivan, Albertus Strasheim
Принадлежит:

A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session. The server transmits the encrypted premaster secret to the different server for decryption along with other information necessary to compute a master secret and session keys for the secure session. The different server decrypts the encrypted premaster secret, generates the master secret, and generates session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server and transmits those session keys to that server. 1. A method in a first server for establishing a secure session with a client device , the method comprising:receiving, from the client device, a Client Hello message that includes a first random value;in response to the received Client Hello message, transmitting a Server Hello message to the client device that includes a second random value;transmitting, to the client device, a Server Certificate message that includes one or more digital certificates;transmitting, to the client device, a Server Hello Done message;receiving, from the client device, a Client Key Exchange message that includes an encrypted premaster secret, wherein the first server does not include a private key that can decrypt the encrypted premaster secret;transmitting, to a second server that has access to a private key that is capable of decrypting the encrypted premaster secret, the encrypted premaster secret, the first random value, the second random value, and an indication of a negotiated cipher suite between the client device and the first server;receiving, from the second server, a set of or more session keys to be used in the secure session ...

Подробнее
Номер записи: 34
19-11-2019 дата публикации

Multiply-encrypting data requiring multiple keys for decryption

Номер: US0010484176B2
Автор: Nicholas Thomas Sullivan, SULLIVAN NICHOLAS THOMAS, Sullivan, Nicholas Thomas
Принадлежит: CLOUDFLARE, INC., CLOUDFLARE INC, Cloudflare, Inc.

A server receives a piece of data for encryption. The server encrypts the piece of data such that no single key can decrypt the encrypted piece of data and any combination of a first multiple of unique keys taken a second multiple at a time are capable of decrypting the encrypted piece of data. Each of the first multiple of unique keys is tied to account credentials of a different user. The second multiple is less than or equal to the first multiple. The encrypted piece of data is returned.

Подробнее
Номер записи: 35
13-06-2017 дата публикации

Secure session capability using public-key cryptography without access to the private key

Номер: US0009680807B2
Автор: Sébastien Andreas Henry Pahl, Matthieu Phillippe François Tourne, Piotr Sikora, Ray Raymond Bejjani, Dane Orion Knecht, Matthew Browning Prince, John Graham-Cumming, Lee Hahn Holloway, Nicholas Thomas Sullivan, Albertus Strasheim, PAHL SÉBASTIEN ANDREAS HENRY, TOURNE MATTHIEU PHILLIPPE FRANÇOIS, SIKORA PIOTR, BEJJANI RAY RAYMOND, KNECHT DANE ORION, PRINCE MATTHEW BROWNING, GRAHAM-CUMMING JOHN, HOLLOWAY LEE HAHN, SULLIVAN NICHOLAS THOMAS, STRASHEIM ALBERTUS, Pahl Sébastien Andreas Henry, Tourne Matthieu Phillippe François, Sikora Piotr, Bejjani Ray Raymond, Knecht Dane Orion, Prince Matthew Browning, Graham-Cumming John, Holloway Lee Hahn, Sullivan Nicholas Thomas, Strasheim Albertus
Принадлежит: CLOUDFLARE, INC., CLOUDFLARE INC

A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session. The server transmits the encrypted premaster secret to the different server for decryption along with other information necessary to compute a master secret and session keys for the secure session. The different server decrypts the encrypted premaster secret, generates the master secret, and generates session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server and transmits those session keys to that server.

Подробнее
Номер записи: 36
31-03-2015 дата публикации

Secure session capability using public-key cryptography without access to the private key

Номер: US0008996873B1
Автор: Sébastien Andreas Henry Pahl, Matthieu Philippe François Tourne, Piotr Sikora, Ray Raymond Bejjani, Dane Orion Knecht, Matthew Browning Prince, John Graham-Cumming, Lee Hahn Holloway, Nicholas Thomas Sullivan, Albertus Strasheim, PAHL SÉBASTIEN ANDREAS HENRY, TOURNE MATTHIEU PHILIPPE FRANÇOIS, SIKORA PIOTR, BEJJANI RAY RAYMOND, KNECHT DANE ORION, PRINCE MATTHEW BROWNING, GRAHAM-CUMMING JOHN, HOLLOWAY LEE HAHN, SULLIVAN NICHOLAS THOMAS, STRASHEIM ALBERTUS
Принадлежит: Cloudflare, Inc., PAHL SÉBASTIEN ANDREAS HENRY, TOURNE MATTHIEU PHILIPPE FRANÇOIS, SIKORA PIOTR, BEJJANI RAY RAYMOND, KNECHT DANE ORION, PRINCE MATTHEW BROWNING, GRAHAM-CUMMING JOHN, HOLLOWAY LEE HAHN, SULLIVAN NICHOLAS THOMAS, STRASHEIM ALBERTUS, CLOUDFLARE INC, CLOUDFLARE, INC.

A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to the different server for decryption along with other information necessary to compute a master secret. The different server decrypts the encrypted premaster secret, generates the master secret, and transmits the master secret to the server. The server receives the master secret and continues with the handshake procedure including generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.

Подробнее
Номер записи: 37
10-11-2016 дата публикации

Generating an NSEC Record

Номер: US20160330185A1
Автор: Daniel Morsing, Marek Majkowski, Nicholas Thomas Sullivan, Olafur Gudmundsson, MORSING DANIEL, MAJKOWSKI MAREK, SULLIVAN NICHOLAS THOMAS, GUDMUNDSSON OLAFUR, Morsing Daniel, Majkowski Marek, Sullivan Nicholas Thomas, Gudmundsson Olafur
Принадлежит:

A DNS server receives, from a client device, a DNS query for a resource record type at a domain name. The DNS server determines that the resource record type does not exist at the domain name and generates an answer that indicates that the queried resource record type does not exist at the domain name and also indicates that a plurality of other resource record types exist at the domain name regardless of whether those plurality of other resource record types actually exist at the domain name. The DNS server transmits the generated answer to the client device. 1. A method in a Domain Name System (DNS) server , comprising:receiving, from a client device, a DNS query for a resource record type at a domain name;determining that the resource record type does not exist at the domain name;generating an answer that indicates that the queried resource record type does not exist at the domain name and also indicates that a plurality of other resource record types exist at the domain name regardless of whether those plurality of other resource record types actually exist at the domain name; andtransmitting the generated answer to the client device.2. The method of claim 1 , wherein generating the answer includes generating a NextSECure (NSEC) record that indicates that the queried resource record type does not exist at the domain name and also indicates that the plurality of other resource record types exist at the domain name regardless of whether those plurality of other resource record types actually exist at the domain name.3. The method of claim 2 , wherein the NSEC record includes a type bit maps field claim 2 , and wherein generating the NSEC record includes setting a bit in the type bit maps field for each of the plurality of other resource record types and not for the queried resource record type.4. The method of claim 1 , wherein prior to generating the answer claim 1 , determining that the domain name exists.5. The method of claim 1 , wherein the plurality of other ...

Подробнее
Номер записи: 38
29-09-2020 дата публикации

Certificate authority framework

Номер: US0010791110B2
Автор: Lee Hahn Holloway, Nicholas Thomas Sullivan, HOLLOWAY LEE HAHN, SULLIVAN NICHOLAS THOMAS, Holloway, Lee Hahn, Sullivan, Nicholas Thomas
Принадлежит: CLOUDFLARE, INC., CLOUDFLARE INC

A server receives a single certificate signature request from a requestor and determines that the requestor is authorized for a certificate corresponding to the single certificate signature request. The server generates a first certificate corresponding to the single certificate signature request, wherein the first certificate has a first expiry value. The server transmits the generated first certificate to the requestor. Responsive to an amount of time elapsing, the server automatically generating a second certificate corresponding to the single certificate signature request, wherein the amount of time expiring is less than the first expiry value. The server transmits the generated second certificate to the requestor.

Подробнее
Номер записи: 39
24-07-2018 дата публикации

Transparent DNSSEC-signing proxy

Номер: US0010033699B2
Автор: Nicholas Thomas Sullivan, Olafur Gudmundsson, Filippo Valsorda, SULLIVAN NICHOLAS THOMAS, GUDMUNDSSON OLAFUR, VALSORDA FILIPPO, Sullivan, Nicholas Thomas, Gudmundsson, Olafur, Valsorda, Filippo
Принадлежит: CLOUDFLARE, INC., CLOUDFLARE INC

A first DNS server receives, from a client device, a DNS query for a domain name and transmits, to a second DNS server, the DNS query for the domain name. The first DNS server receives, from the second DNS server, an answer to the DNS query that is unsigned. The first DNS server signs the received answer to the DNS query and transmits, to the client device, the signed DNS answer.

Подробнее
Номер записи: 40
06-10-2022 дата публикации

USING A ZERO-KNOWLEDGE PROOF TO PROVE KNOWLEDGE THAT A WEBSITE VISITOR IS A LEGITIMATE HUMAN USER

Номер: US20220321354A1
Автор: Watson Bernard Ladd, Alexander Andrew Davidson, Marwan Fayed, Armando Faz Hernández, Sai Krishna Deepak Maram, Nicholas Thomas Sullivan
Принадлежит:

A client device receives a challenge request from a server to prove that internet traffic was initiated by a human user through verifying a physical interaction between a human user and a hardware component. The client device causes a prompt to be displayed to perform the physical interaction with the hardware component. A cryptographic attestation is received that includes an attestation signature that is generated after confirmation that the physical interaction was performed with the hardware component. A zero-knowledge proof of the attestation signature is generated and transmitted to the server for verification. The client device receives the requested content responsive to the server verifying the validity of the zero-knowledge proof.

Подробнее
Номер записи: 41
10-11-2016 дата публикации

Transparent DNSSEC-signing proxy

Номер: US20160330174A1
Автор: Nicholas Thomas Sullivan, Olafur Gudmundsson, SULLIVAN NICHOLAS THOMAS, GUDMUNDSSON OLAFUR, Sullivan Nicholas Thomas, Gudmundsson Olafur
Принадлежит:

A first DNS server receives, from a client device, a DNS query for a domain name and transmits, to a second DNS server, the DNS query for the domain name The first DNS server receives, from the second DNS server, an answer to the DNS query that is unsigned. The first DNS server signs the received answer to the DNS query and transmits, to the client device, the signed DNS answer. 1. A method in a first Domain Name System (DNS) server , comprising:receiving, from a client device, a DNS query for a domain name;transmitting, to a second DNS server, the DNS query for the domain name;receiving, from the second DNS server, an answer to the DNS query that is unsigned;signing the received answer to the DNS query; andtransmitting, to the client device, the signed DNS answer.2. The method of claim 1 , wherein the answer to the DNS query that is received from the second DNS server includes a resource record claim 1 , and wherein signing the received answer to the DNS query includes generating a resource record digital signature (RRSIG) record that includes a signature of the resource record.3. The method of claim 1 , further comprising:caching the signed DNS answer.4. The method of claim 1 , wherein signing the received answer to the DNS query includes using a private zone signing key (ZSK) managed by the first DNS server claim 1 , and wherein the first DNS server creates a DNSKEY record that includes a public ZSK.5. The method of claim 4 , wherein the DNSKEY record further includes a public key signing key (KSK) claim 4 , and further comprising signing the public ZSK and the public KSK of the DNSKEY record with a private key signing key (KSK).6. The method of claim 5 , wherein the first DNS server creates a delegate signer (DS) record from the public KSK.7. The method of claim 1 , wherein the first DNS server is a proxy DNS server and receives the DNS query as a result of a name server of the second DNS server being changed to point to the first DNS server.8. An apparatus ...

Подробнее
Номер записи: 42
08-01-2019 дата публикации

Methods and apparatuses for enabling HSTS policy for a subdomain of a domain

Номер: US0010178128B2
Автор: Nicholas Thomas Sullivan, Rajeev Devendra Sharma, Ryan Lackey, Zi Lin, SULLIVAN NICHOLAS THOMAS, SHARMA RAJEEV DEVENDRA, LACKEY RYAN, LIN ZI, Sullivan, Nicholas Thomas, Sharma, Rajeev Devendra, Lackey, Ryan, Lin, Zi
Принадлежит: CLOUDFLARE, INC., CLOUDFLARE INC

A method and apparatus for enabling an HSTS policy for a subdomain of a domain is described. A request for content at a subdomain of a domain is received at a proxy server from a client device over a secure transport. The proxy server determines whether the subdomain is associated with a rule indicating that Hypertext Transport Protocol Strict Transport Security (HSTS) is to be enabled for the subdomain of the domain. Responsive to determining that the subdomain is associated with the rule, the proxy server transmits, to the client device, a first response that includes an HSTS header and which instructs the client device to communicate only over the secure transport for requests for content at the subdomain, wherein the first response includes the HSTS header regardless of whether HSTS has been enabled for the subdomain at an origin server.

Подробнее
Номер записи: 43
18-04-2019 дата публикации

Multiply-Encrypting Data Requiring Multiple Keys for Decryption

Номер: US20190116039A1
Автор: Nicholas Thomas Sullivan, SULLIVAN NICHOLAS THOMAS, Sullivan, Nicholas Thomas
Принадлежит: Cloudflare Inc

A server receives a piece of data for encryption. The server encrypts the piece of data such that no single key can decrypt the encrypted piece of data and any combination of a first multiple of unique keys taken a second multiple at a time are capable of decrypting the encrypted piece of data. Each of the first multiple of unique keys is tied to account credentials of a different user. The second multiple is less than or equal to the first multiple. The encrypted piece of data is returned.

Подробнее
Номер записи: 44
17-11-2016 дата публикации

WEB FORM PROTECTION

Номер: US20160337324A1
Автор: Nicholas Thomas Sullivan, Zi Lin, Rajeev Devendra Sharma, SULLIVAN NICHOLAS THOMAS, LIN ZI, SHARMA RAJEEV DEVENDRA, Sullivan Nicholas Thomas, Lin Zi, Sharma Rajeev Devendra
Принадлежит:

A request for a web page is received and the requested web page is retrieved. The web page is modified to obfuscate a set of form attribute values into a corresponding set of obfuscated form attribute values. The modified web page is transmitted to the requesting device. The modified web page does not include the set of form attribute values in their original form. Form data for the set of obfuscated form attribute values is received from the requesting device. The set of obfuscated form attribute values is deobfuscated thereby revealing the original set of form attribute values. The form data for the set of original form attribute values is further processed. 1. A method in a proxy server that is coupled with an origin server , comprising;receiving, from a requesting device, a request for a web page of the origin server;retrieving the requested web page;determining that the retrieved web page includes a web form that includes a set of one or more form attribute values for obfuscation;modifying the retrieved web page including obfuscating the set of form attribute values into a corresponding set of one more obfuscated form attribute values;transmitting the modified web page to the requesting device, wherein the set of form attribute values in their original form is not included in the modified web page;receiving, from the requesting device, form data for the set of obfuscated form attribute values;deobfuscating the set of obfuscated form attribute values thereby revealing the set of form attribute values; andresponsive to the deobfuscation, transmitting the form data with the set of form attribute values to the origin server.2. The method of claim 1 , wherein retrieving the requested web page includes transmitting a request for the web page to the origin server and receiving a response from the origin server that includes the requested web page.3. The method of claim 1 , wherein retrieving the requested web page includes accessing the requested web page from a cache ...

Подробнее
Номер записи: 45
06-09-2022 дата публикации

Secure session capability using public-key cryptography without access to the private key

Номер: US0011438178B2
Автор: Sébastien Andreas Henry Pahl, Matthieu Philippe François Tourne, Piotr Sikora, Ray Raymond Bejjani, Dane Orion Knecht, Matthew Browning Prince, John Graham-Cumming, Lee Hahn Holloway, Nicholas Thomas Sullivan, Albertus Strasheim
Принадлежит: CLOUDFLARE, INC.

A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to the different server for decryption along with other information necessary to compute a master secret. The different server decrypts the encrypted premaster secret, generates the master secret, and transmits the master secret to the server. The server receives the master secret and continues with the handshake procedure including generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.

Подробнее
Номер записи: 46
11-06-2020 дата публикации

Multiply-Encrypting Data Requiring Multiple Keys for Decryption

Номер: US20200186351A1
Автор: Nicholas Thomas Sullivan, SULLIVAN NICHOLAS THOMAS, Sullivan, Nicholas Thomas
Принадлежит: Cloudflare Inc

A server receives a piece of data for encryption. The server encrypts the piece of data such that no single key can decrypt the encrypted piece of data and any combination of a first multiple of unique keys taken a second multiple at a time are capable of decrypting the encrypted piece of data. Each of the first multiple of unique keys is tied to account credentials of a different user. The second multiple is less than or equal to the first multiple. The encrypted piece of data is returned.

Подробнее
Номер записи: 47
24-04-2018 дата публикации

Generating a negative answer to a domain name system query that indicates resource records as existing for the domain name regardless of whether those resource records actually exist for the domain name

Номер: US0009954840B2
Автор: Daniel Morsing, Marek Majkowski, Nicholas Thomas Sullivan, Olafur Gudmundsson, Filippo Valsorda, MORSING DANIEL, MAJKOWSKI MAREK, SULLIVAN NICHOLAS THOMAS, GUDMUNDSSON OLAFUR, VALSORDA FILIPPO, Morsing, Daniel, Majkowski, Marek, Sullivan, Nicholas Thomas, Gudmundsson, Olafur, Valsorda, Filippo
Принадлежит: CLOUDFLARE, INC., CLOUDFLARE INC

A DNS server receives, from a client device, a DNS query for a resource record type at a domain name. The DNS server determines that the resource record type does not exist at the domain name and generates an answer that indicates that the queried resource record type does not exist at the domain name and also indicates that a plurality of other resource record types exist at the domain name regardless of whether those plurality of other resource record types actually exist at the domain name. The DNS server transmits the generated answer to the client device.

Подробнее
Номер записи: 48
02-03-2017 дата публикации

Multiply-Encrypting Data Requiring Multiple Keys for Decryption

Номер: US20170063531A1
Автор: Nicholas Thomas Sullivan, SULLIVAN NICHOLAS THOMAS, Sullivan Nicholas Thomas
Принадлежит:

A server receives a piece of data for encryption. The server encrypts the piece of data such that no single key can decrypt the encrypted piece of data and any combination of a first multiple of unique keys taken a second multiple at a time are capable of decrypting the encrypted piece of data. Each of the first multiple of unique keys is tied to account credentials of a different user. The second multiple is less than or equal to the first multiple. The encrypted piece of data is returned. 1. A method executed on a server , comprising:receiving a request to encrypt a piece of data;encrypting the piece of data such that no single key can decrypt the encrypted piece of data and any combination of a first plurality of unique keys taken a second plurality at a time are capable of decrypting the encrypted piece of data, wherein each one of the first plurality of unique keys is tied to account credentials of a different user, and wherein the second plurality is less than or equal to the first plurality; andreturning the encrypted piece of data.2. The method of claim 1 , further comprising:receiving the encrypted piece of data for decryption;responsive to determining that there is access to at least one combination of the first plurality of unique keys taken the second plurality at a time, decrypting the encrypted piece of data using that combination of unique keys; andreturning the decrypted piece of data.3. The method of claim 2 , wherein the at least one combination of the first plurality of unique keys taken the second plurality at a time have been delegated by corresponding users to the server for decrypting.4. The method of claim 3 , wherein each of those unique keys of the at least one combination has been delegated by the corresponding users for use by the server in decrypting for a limited amount of time.5. The method of claim 1 , wherein the request indicates the following:the piece of data to encrypt;a list of a plurality of users that are associated with the ...

Подробнее
Номер записи: 49
23-08-2018 дата публикации

Generating an NSEC Record

Номер: US20180241733A1
Автор: Daniel Morsing, Marek Majkowski, Nicholas Thomas Sullivan, Olafur Gudmundsson
Принадлежит:

A DNS server receives, from a client device, a DNS query for a resource record type at a domain name. The DNS server determines that the resource record type does not exist at the domain name and generates an answer that indicates that the queried resource record type does not exist at the domain name and also indicates that a plurality of other resource record types exist at the domain name regardless of whether those plurality of other resource record types actually exist at the domain name. The DNS server transmits the generated answer to the client device. 1. A method in a Domain Name System (DNS) server , comprising:receiving, from a client device, a first DNS query for a first resource record type at a first domain name; generating a first answer that indicates that the queried first resource record type does not exist at the first domain name and also indicates that a plurality of other resource record types exist at the first domain name regardless of whether those plurality of other resource record types actually exist at the first domain name, and', 'transmitting the generated first answer to the client device,, 'in response to determining that the first domain name exists but the queried first resource record type does not exist at the first domain namereceiving, from the client device, a second DNS query for a second resource record type at a second domain name; and 'transmitting, to the client device, a second answer that indicates that the second domain name does not exist.', 'in response to determining that the second domain name does not exist2. The method of claim 1 , wherein generating the first answer includes generating a NextSECure (NSEC) record that indicates that the queried first resource record type does not exist at the first domain name and also indicates that the plurality of other resource record types exist at the first domain name regardless of whether those plurality of other resource record types actually exist at the first domain ...

Подробнее
Номер записи: 50
12-01-2021 дата публикации

Dynamically serving digital certificates based on secure session properties

Номер: US0010893031B2
Автор: Nicholas Thomas Sullivan, Lee Hahn Holloway, Piotr Sikora, Ryan Lackey, John Graham-Cumming, Dane Orion Knecht, Patrick Donahue, Zi Lin, SULLIVAN NICHOLAS THOMAS, HOLLOWAY LEE HAHN, SIKORA PIOTR, LACKEY RYAN, GRAHAM-CUMMING JOHN, KNECHT DANE ORION, DONAHUE PATRICK, LIN ZI, Sullivan, Nicholas Thomas, Holloway, Lee Hahn, Sikora, Piotr, Lackey, Ryan, Graham-Cumming, John, Knecht, Dane Orion, Donahue, Patrick, Lin, Zi
Принадлежит: CLOUDFLARE, INC., CLOUDFLARE INC

A server receives a request from a client to establish a secure session. The server analyzes the request to determine a set of one or more properties of the request. The server selects, based at least in part on the determined set of properties, one of multiple certificates for a hostname of the server, where each of the certificates is signed using a different signature and hash algorithm pair. The server returns the selected certificate to the client.

Подробнее
Номер записи: 51
10-04-2018 дата публикации

Multiply-encrypting data requiring multiple keys for decryption

Номер: US0009942044B2
Автор: Nicholas Thomas Sullivan, SULLIVAN NICHOLAS THOMAS, Sullivan Nicholas Thomas
Принадлежит: CLOUDFLARE, INC., CLOUDFLARE INC, CloudFlare, Inc.

A server receives a piece of data for encryption. The server encrypts the piece of data such that no single key can decrypt the encrypted piece of data and any combination of a first multiple of unique keys taken a second multiple at a time are capable of decrypting the encrypted piece of data. Each of the first multiple of unique keys is tied to account credentials of a different user. The second multiple is less than or equal to the first multiple. The encrypted piece of data is returned.

Подробнее
Номер записи: 52
08-10-2015 дата публикации

SECURE SESSION CAPABILITY USING PUBLIC-KEY CRYPTOGRAPHY WITHOUT ACCESS TO THE PRIVATE KEY

Номер: US20150288514A1
Автор: Sébastien Andreas Henry Pahl, Matthieu Philippe François Tourne, Piotr Sikora, Ray Raymond Bejjani, Dane Orion Knecht, Matthew Browning Prince, John Graham-Cumming, Lee Hahn Holloway, Nicholas Thomas Sullivan, Albertus Strasheim
Принадлежит:

A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session. The server transmits the encrypted premaster secret to the different server for decryption along with other information necessary to compute a master secret and session keys for the secure session. The different server decrypts the encrypted premaster secret, generates the master secret, and generates session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server and transmits those session keys to that server. 1. A method in a first server for establishing a secure session with a client device , the method comprising:receiving, from the client device, a Client Hello message that includes a first random value;in response to the received Client Hello message, transmitting a Server Hello message to the client device that includes a second random value;transmitting, to the client device, a Server Certificate message that includes one or more digital certificates;transmitting, to the client device, a Server Hello Done message;receiving, from the client device, a Client Key Exchange message that includes an encrypted premaster secret, wherein the first server does not include a private key that can decrypt the encrypted premaster secret;transmitting, to a second server that has access to a private key that is capable of decrypting the encrypted premaster secret, the encrypted premaster secret, the first random value, the second random value, and an indication of a negotiated cipher suite between the client device and the first server;receiving, from the second server, a set of or more session keys to be used in the secure session ...

Подробнее
Номер записи: 53
15-06-2017 дата публикации

METHODS AND APPARATUSES FOR ENABLING HSTS POLICY FOR A SUBDOMAIN OF A DOMAIN

Номер: US20170171247A1
Автор: Nicholas Thomas Sullivan, Rajeev Devendra Sharma, Ryan Lackey, Zi Lin, SULLIVAN NICHOLAS THOMAS, SHARMA RAJEEV DEVENDRA, LACKEY RYAN, LIN ZI, Sullivan Nicholas Thomas, Sharma Rajeev Devendra, Lackey Ryan, Lin Zi
Принадлежит: Cloudflare Inc

A method and apparatus for enabling an HSTS policy for a subdomain of a domain is described. A request for content at a subdomain of a domain is received at a proxy server from a client device over a secure transport. The proxy server determines whether the subdomain is associated with a rule indicating that Hypertext Transport Protocol Strict Transport Security (HSTS) is to be enabled for the subdomain of the domain. Responsive to determining that the subdomain is associated with the rule, the proxy server transmits, to the client device, a first response that includes an HSTS header and which instructs the client device to communicate only over the secure transport for requests for content at the subdomain, wherein the first response includes the HSTS header regardless of whether HSTS has been enabled for the subdomain at an origin server.

Подробнее
Номер записи: 54
17-08-2017 дата публикации

Multiply-Encrypting Data Requiring Multiple Keys for Decryption

Номер: US20170237566A1
Автор: Nicholas Thomas Sullivan, SULLIVAN NICHOLAS THOMAS, Sullivan Nicholas Thomas
Принадлежит:

A server receives a piece of data for encryption. The server encrypts the piece of data such that no single key can decrypt the encrypted piece of data and any combination of a first multiple of unique keys taken a second multiple at a time are capable of decrypting the encrypted piece of data. Each of the first multiple of unique keys is tied to account credentials of a different user. The second multiple is less than or equal to the first multiple. The encrypted piece of data is returned. 1. A method executed on a server , comprising:receiving a request to encrypt a piece of data;encrypting the piece of data such that no single key can decrypt the encrypted piece of data and any combination of a first plurality of unique keys taken a second plurality at a time are capable of decrypting the encrypted piece of data, wherein each one of the first plurality of unique keys is tied to account credentials of a different user, and wherein the second plurality is less than or equal to the first plurality; andreturning the encrypted piece of data.2. The method of claim 1 , further comprising:receiving the encrypted piece of data for decryption;responsive to determining that there is access to at least one combination of the first plurality of unique keys taken the second plurality at a time, decrypting the encrypted piece of data using that combination of unique keys; andreturning the decrypted piece of data.3. The method of claim 2 , wherein the at least one combination of the first plurality of unique keys taken the second plurality at a time have been delegated by corresponding users to the server for decrypting.4. The method of claim 3 , wherein each of those unique keys of the at least one combination has been delegated by the corresponding users for use by the server in decrypting for a limited amount of time.5. The method of claim 1 , wherein the request indicates the following:the piece of data to encrypt;a list of a plurality of users that are associated with the ...

Подробнее
Номер записи: 55
17-01-2019 дата публикации

Methods and systems for identification of a domain of a command and control server of a botnet

Номер: US20190020623A1
Автор: Nicholas Thomas Sullivan
Принадлежит: Cloudflare Inc

Methods and apparatuses for identifying a domain of a command and control server of a botnet are described. Upon receipt of a request to register a domain for a service that includes a proxy server, where the proxy server is to receive and process traffic for that domain if registration is successful, a determination of whether the domain was generated by a domain generation algorithm (DGA) is performed. Responsive to determining that the domain was generated by the DGA, accepting registration of the domain for the service and causing the proxy server to monitor communications received to and from the domain.

Подробнее
Номер записи: 56