Patents by Inventor Ian Gerald Pye
Ian Gerald Pye has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10681065Abstract: The Kentik Data Engine (KDE) is an integrated real-time, big data software system able to analyze what exactly is happening on a network at the present moment, and what happened on the network over the a prior period of time. KDE collects live operational data from computer network infrastructure devices (routers and switches) and computer hosts, consisting of multiple data types, categories, and protocols, and correlates them to analyze network activity and health. KDE does this in a lossless manner, meaning that it retains all raw data rather than summarizing or aggregating prior to storage. In this way, KDE provides a combination of precise, actionable information in real-time as well as a complete forensic data store for detailed exploratory analysis.Type: GrantFiled: February 13, 2018Date of Patent: June 9, 2020Assignee: Kentik Technologies, Inc.Inventors: Avraham Tzur Freedman, Ian Gerald Pye, Daniel P. Ellis, Ian Applegate
-
Patent number: 10671694Abstract: A proxy server receives, from multiple visitors of multiple client devices, a plurality of requests for actions to be performed on identified network resources belonging to a plurality of origin servers. At least some of the origin servers belong to different domains and are owned by different entities. The proxy server and the origin servers are also owned by different entities. The proxy server analyzes each request it receives to determine whether that request poses a threat and whether the visitor belonging to the request poses a threat. The proxy server blocks those requests from visitors that pose a threat or in which the request itself poses a threat. The proxy server transmits the requests that are not a threat and is from a visitor that is not a threat to the appropriate origin server.Type: GrantFiled: March 25, 2019Date of Patent: June 2, 2020Assignee: CLOUDFLARE, INC.Inventors: Lee Hahn Holloway, Matthew Browning Prince, Ian Gerald Pye, Matthieu Philippe François Tourne, Michelle Marie Zatlyn
-
Patent number: 10621263Abstract: A proxy server for limiting Internet connection speed of visitors that pose a threat. The proxy server receives from a client device a request to perform an action on an identified resource that is hosted at an origin server for a domain. The proxy server analyzes the request to determine whether a visitor belonging to the request poses a threat. If the proxy server determines that the visitor poses a threat, the proxy server reduces the speed at which the proxy server processes the request while keeping a connection to the client device open.Type: GrantFiled: December 31, 2018Date of Patent: April 14, 2020Assignee: CLOUDFLARE, INC.Inventors: Lee Hahn Holloway, Matthew Browning Prince, Ian Gerald Pye
-
Patent number: 10581904Abstract: Message(s) are received from each one of multiple proxy servers, which are anycasted to the same IP address, that indicate source IP addresses of packets that are received that are directed to that same IP address. These proxy servers receive the packets as result of domain(s) resolving to that same IP address, and a particular one of the proxy servers receives the packets as a result of an anycast protocol implementation selecting that proxy server. Based on these message(s) from each of the proxy servers, a determination of the likelihood of a packet having a particular source IP address being legitimately received at each of the proxy servers is determined. A message is transmitted to each of the proxy servers that indicates which source IP addresses of packets are not likely to be legitimately received at that proxy server.Type: GrantFiled: May 2, 2017Date of Patent: March 3, 2020Assignee: CLOUDFARE, INC.Inventors: Lee Hahn Holloway, Srikanth N. Rao, Matthew Browning Prince, Matthieu Philippe François Tourne, Ian Gerald Pye, Ray Raymond Bejjani, Terry Paul Rodery, Jr.
-
Patent number: 10574690Abstract: A cloud-based proxy service identifies a denial-of-service (DoS) attack including determining that there is a potential DoS attack being directed to an IP address of the cloud-based proxy service; and responsive to determining that there are a plurality of domains that resolve to that IP address, identifying the one of the plurality of domains that is the target of the DoS attack. The domain that is under attack is identified by scattering the plurality of domains to resolve to different IP addresses, where a result of the scattering is that each of those domains resolves to a different IP address, and identifying one of those plurality of domains as the target of the DoS attack by determining that there is an abnormally high amount of traffic being directed to the IP address in which that domain resolves.Type: GrantFiled: April 17, 2017Date of Patent: February 25, 2020Assignee: CLOUDFLARE, INC.Inventors: Lee Hahn Holloway, Srikanth N. Rao, Matthew Browning Prince, Matthieu Philippe François Tourne, Ian Gerald Pye, Ray Raymond Bejjani, Terry Paul Rodery, Jr.
-
Patent number: 10511624Abstract: A proxy server in a cloud-based proxy service receives a message that indicates that a domain, whose traffic passes through the proxy server, may be under a denial-of-service (DoS) attack. The proxy server enables a rule for the domain that specifies that future requests for resources at that domain are subject to at least initially passing a set of one or more challenges. In response to receiving a request for a resource of that domain from a visitor, the proxy server presents the set of challenges that, if not passed, are an indication that that the visitor is part of the DoS attack. If the set of challenges are passed, the request may be processed. If the set of challenges are not passed, the request may be dropped.Type: GrantFiled: November 12, 2018Date of Patent: December 17, 2019Assignee: CLOUDFLARE, INC.Inventors: Lee Hahn Holloway, Srikanth N. Rao, Matthew Browning Prince, Matthieu Philippe François Tourne, Ian Gerald Pye, Ray Raymond Bejjani, Terry Paul Rodery, Jr.
-
Publication number: 20190312813Abstract: A network monitoring engine uses the routing and interface data of a monitored network to enrich received flow records with exit information. The routing data of the same network device at which the flow record is received is used to determine a next hop based upon the destination IP address of the flow record. In addition, interface data of the other devices is used to determine an egress device and interface of the network used to transmit traffic to the identified next hop. The flow record is enriched with exit information indicating an interface of the network the data packets of the flow record are expected to exit the network. By enriching the flow records as they are received, the exit information reflects how traffic is routed through the network at that time, even if the routing or interface information of the network later changes.Type: ApplicationFiled: April 8, 2019Publication date: October 10, 2019Inventors: Daniel P. Ellis, Ian Gerald Pye, Greg Villain, Dhammika Pathirana
-
Publication number: 20190303415Abstract: A proxy server receives, from multiple visitors of multiple client devices, a plurality of requests for actions to be performed on identified network resources belonging to a plurality of origin servers. At least some of the origin servers belong to different domains and are owned by different entities. The proxy server and the origin servers are also owned by different entities. The proxy server analyzes each request it receives to determine whether that request poses a threat and whether the visitor belonging to the request poses a threat. The proxy server blocks those requests from visitors that pose a threat or in which the request itself poses a threat. The proxy server transmits the requests that are not a threat and is from a visitor that is not a threat to the appropriate origin server.Type: ApplicationFiled: March 25, 2019Publication date: October 3, 2019Inventors: Lee Hahn Holloway, Matthew Browning Prince, Ian Gerald Pye, Matthieu Philippe François Tourne, Michelle Marie Zatlyn
-
Publication number: 20190215166Abstract: A proxy server in a cloud-based proxy service receives a secure session request from a client device as a result of a Domain Name System (DNS) request for a domain resolving to the proxy server. The proxy server participates in a secure session negotiation with the client device including transmitting a digital certificate to the client device that is bound to domain and multiple other domains. The proxy server receives an encrypted request from the client device for an action to be performed on a resource that is hosted at an origin server corresponding to the domain. The proxy server decrypts the request and participates in a secure session negotiation with the origin server including receiving a digital certificate from the origin server. The proxy server encrypts the decrypted request using the digital certificate from the origin server and transmits the encrypted request to the origin server.Type: ApplicationFiled: March 18, 2019Publication date: July 11, 2019Inventors: Matthew Browning Prince, Srikanth N. Rao, Lee Hahn Holloway, Ian Gerald Pye
-
Publication number: 20190158533Abstract: A proxy server in a cloud-based proxy service receives a message that indicates that a domain, whose traffic passes through the proxy server, may be under a denial-of-service (DoS) attack. The proxy server enables a rule for the domain that specifies that future requests for resources at that domain are subject to at least initially passing a set of one or more challenges. In response to receiving a request for a resource of that domain from a visitor, the proxy server presents the set of challenges that, if not passed, are an indication that that the visitor is part of the DoS attack. If the set of challenges are passed, the request may be processed. If the set of challenges are not passed, the request may be dropped.Type: ApplicationFiled: November 12, 2018Publication date: May 23, 2019Inventors: Lee Hahn Holloway, Srikanth N. Rao, Matthew Browning Prince, Matthieu Philippe François Tourne, Ian Gerald Pye, Ray Raymond Bejjani, Terry Paul Rodery, JR.
-
Publication number: 20190138560Abstract: A proxy server for limiting Internet connection speed of visitors that pose a threat. The proxy server receives from a client device a request to perform an action on an identified resource that is hosted at an origin server for a domain. The proxy server analyzes the request to determine whether a visitor belonging to the request poses a threat. If the proxy server determines that the visitor poses a threat, the proxy server reduces the speed at which the proxy server processes the request while keeping a connection to the client device open.Type: ApplicationFiled: December 31, 2018Publication date: May 9, 2019Inventors: Lee Hahn Holloway, Matthew Browning Prince, Ian Gerald Pye
-
Patent number: 10243927Abstract: A proxy server receives, from multiple visitors of multiple client devices, a plurality of requests for actions to be performed on identified network resources belonging to a plurality of origin servers. At least some of the origin servers belong to different domains and are owned by different entities. The proxy server and the origin servers are also owned by different entities. The proxy server analyzes each request it receives to determine whether that request poses a threat and whether the visitor belonging to the request poses a threat. The proxy server blocks those requests from visitors that pose a threat or in which the request itself poses a threat. The proxy server transmits the requests that are not a threat and is from a visitor that is not a threat to the appropriate origin server.Type: GrantFiled: October 29, 2013Date of Patent: March 26, 2019Assignee: CLOUDFLARE, INCInventors: Lee Hahn Holloway, Matthew Browning Prince, Ian Gerald Pye, Matthieu Philippe François Tourne, Michelle Marie Zatlyn
-
Patent number: 10237078Abstract: A proxy server in a cloud-based proxy service receives a secure session request from a client device as a result of a Domain Name System (DNS) request for a domain resolving to the proxy server. The proxy server participates in a secure session negotiation with the client device including transmitting a digital certificate to the client device that is bound to domain and multiple other domains. The proxy server receives an encrypted request from the client device for an action to be performed on a resource that is hosted at an origin server corresponding to the domain. The proxy server decrypts the request and participates in a secure session negotiation with the origin server including receiving a digital certificate from the origin server. The proxy server encrypts the decrypted request using the digital certificate from the origin server and transmits the encrypted request to the origin server.Type: GrantFiled: April 21, 2015Date of Patent: March 19, 2019Assignee: CLOUDFLARE, INC.Inventors: Matthew Browning Prince, Srikanth N. Rao, Lee Hahn Holloway, Ian Gerald Pye
-
Patent number: 10169479Abstract: A proxy server for limiting Internet connection speed of visitors that pose a threat. The proxy server receives from a client device a request to perform an action on an identified resource that is hosted at an origin server for a domain. The proxy server receives the request as a result of a DNS request for the domain resolving to the proxy server. The origin server is one of multiple origin servers that belong to different domains that resolve to the proxy server and are owned by different entities. The proxy server analyzes the request to determine whether a visitor belonging to the request poses a threat. If the proxy server determines that the visitor poses a threat, the proxy server reduces the speed at which the proxy server processes the request while keeping a connection to the client device open.Type: GrantFiled: April 14, 2015Date of Patent: January 1, 2019Assignee: CLOUDFLARE, INC.Inventors: Lee Hahn Holloway, Matthew Browning Prince, Ian Gerald Pye
-
Patent number: 10129296Abstract: A proxy server in a cloud-based proxy service receives a message that indicates that a domain, whose traffic passes through the proxy server, may be under a denial-of-service (DoS) attack. The proxy server enables a rule for the domain that specifies that future requests for resources at that domain are subject to at least initially passing a set of one or more challenges. In response to receiving a request for a resource of that domain from a visitor, the proxy server presents the set of challenges that, if not passed, are an indication that that the visitor is part of the DoS attack. If the set of challenges are passed, the request may be processed. If the set of challenges are not passed, the request may be dropped.Type: GrantFiled: May 23, 2017Date of Patent: November 13, 2018Assignee: CLOUDFLARE, INC.Inventors: Lee Hahn Holloway, Srikanth N. Rao, Matthew Browning Prince, Matthieu Philippe François Tourne, Ian Gerald Pye, Ray Raymond Bejjani, Terry Paul Rodery, Jr.
-
Publication number: 20180176237Abstract: The Kentik Data Engine (KDE) is an integrated real-time, big data software system able to analyze what exactly is happening on a network at the present moment, and what happened on the network over the a prior period of time. KDE collects live operational data from computer network infrastructure devices (routers and switches) and computer hosts, consisting of multiple data types, categories, and protocols, and correlates them to analyze network activity and health. KDE does this in a lossless manner, meaning that it retains all raw data rather than summarizing or aggregating prior to storage. In this way, KDE provides a combination of precise, actionable information in real-time as well as a complete forensic data store for detailed exploratory analysis.Type: ApplicationFiled: February 13, 2018Publication date: June 21, 2018Inventors: Avraham Tzur Freedman, Ian Gerald Pye, Daniel P. Ellis, Ian Applegate
-
Patent number: 9942253Abstract: The Kentik Data Engine (KDE) is an integrated real-time, big data software system able to analyze what exactly is happening on a network at the present moment, and what happened on the network over the a prior period of time. KDE collects live operational data from computer network infrastructure devices (routers and switches) and computer hosts, consisting of multiple data types, categories, and protocols, and correlates them to analyze network activity and health. KDE does this in a lossless manner, meaning that it retains all raw data rather than summarizing or aggregating prior to storage. In this way, KDE provides a combination of precise, actionable information in real-time as well as a complete forensic data store for detailed exploratory analysis.Type: GrantFiled: January 12, 2017Date of Patent: April 10, 2018Assignee: Kentlik Technologies, Inc.Inventors: Avraham Tzur Freedman, Ian Gerald Pye, Daniel P. Ellis, Ian Applegate
-
Publication number: 20180007085Abstract: A proxy server in a cloud-based proxy service receives a message that indicates that a domain, whose traffic passes through the proxy server, may be under a denial-of-service (DoS) attack. The proxy server enables a rule for the domain that specifies that future requests for resources at that domain are subject to at least initially passing a set of one or more challenges. In response to receiving a request for a resource of that domain from a visitor, the proxy server presents the set of challenges that, if not passed, are an indication that that the visitor is part of the DoS attack. If the set of challenges are passed, the request may be processed. If the set of challenges are not passed, the request may be dropped.Type: ApplicationFiled: May 23, 2017Publication date: January 4, 2018Inventors: Lee Hahn Holloway, Srikanth N. Rao, Matthew Browning Prince, Matthieu Philippe François Tourne, Ian Gerald Pye, Ray Raymond Bejjani, Terry Paul Rodery, JR.
-
Patent number: 9769240Abstract: A method and apparatus for improving loading of web resources. A server receives a request for a Hypertext Markup Language (HTML) document requested by a client network application. The server retrieves the requested document. The server automatically modifies objects referenced in the HTML document that have an external source such that loading of those objects by the client network application will be deferred. The server inserts a client-side script loader or a reference to the client-side script loader into the HTML document. The client-side script loader is configured to, when executed by the client network application, attempt to load the objects that have been deferred. The server transmits the modified HTML document to the client network application.Type: GrantFiled: May 16, 2016Date of Patent: September 19, 2017Assignee: CLOUDFLARE, INC.Inventors: Christopher Stephen Joel, Jason Thomas Walter Benterou, Lee Hahn Holloway, Matthew Browning Prince, Ian Gerald Pye
-
Publication number: 20170237757Abstract: Message(s) are received from each one of multiple proxy servers, which are anycasted to the same IP address, that indicate source IP addresses of packets that are received that are directed to that same IP address. These proxy servers receive the packets as result of domain(s) resolving to that same IP address, and a particular one of the proxy servers receives the packets as a result of an anycast protocol implementation selecting that proxy server. Based on these message(s) from each of the proxy servers, a determination of the likelihood of a packet having a particular source IP address being legitimately received at each of the proxy servers is determined. A message is transmitted to each of the proxy servers that indicates which source IP addresses of packets are not likely to be legitimately received at that proxy server.Type: ApplicationFiled: May 2, 2017Publication date: August 17, 2017Inventors: Lee Hahn Holloway, Srikanth N. Rao, Matthew Browning Prince, Matthieu Philippe François Tourne, Ian Gerald Pye, Ray Raymond Bejjani, Terry Paul Rodery, JR.