Patents by Inventor John Graham Cumming

John Graham Cumming has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10348674
    Abstract: A method and apparatus for managing CNAME records such that CNAME records at the root domain are supported while complying with the RFC specification (an IP address is returned for any Address query for the root record). The authoritative DNS infrastructure acts as a DNS resolver where if there is a CNAME at the root record, rather than returning that record directly, a recursive lookup is used to follow the CNAME chain until an A record is located. The address associated with the A record is then returned. This effectively “flattens” the CNAME chain. This complies with the requirements of the DNS specification and is invisible to any service that interacts with the DNS server.
    Type: Grant
    Filed: September 4, 2018
    Date of Patent: July 9, 2019
    Assignee: CLOUDFLARE, INC.
    Inventors: Lee Hahn Holloway, Ray Raymond Bejjani, Dane Orion Knecht, Matthew Browning Prince, John Graham-Cumming
  • Patent number: 10331462
    Abstract: A compute server receives a request from a client device that triggers execution of a third-party code piece. The compute server is one of multiple compute servers that are part of a distributed cloud computing network. The request may be an HTTP request and directed to a zone. A single process at the compute server executes the third-party code piece in an isolated execution environment. The single process is also executing other third-party code pieces in other isolated execution environments respectively. A response is generated to the request based at least in part on the executed third-party code piece, and the generated response is transmitted to the client device.
    Type: Grant
    Filed: November 6, 2018
    Date of Patent: June 25, 2019
    Assignee: CLOUDFLARE, INC.
    Inventors: Kenton Taylor Varda, Zachary Aaron Bloom, Marek Przemyslaw Majkowski, Ingvar Stepanyan, Kyle Kloepper, Dane Orion Knecht, John Graham-Cumming, Dani Grant
  • Patent number: 10326853
    Abstract: A method and computing device for delta compression techniques for reducing network resource transmission size are described. A first version of a network resource is received. The first version of the network resource is stored regardless of a directive that a cached version is not to be used to respond to a future request for that network resource. A first request for the network resource is received. A second request for the network resource is transmitted, to a second computing device. A response including a set differences between the first version of the network resource with a most current version of the network resource is received from the second computing device without receiving the entire network resource. An updated version of the network resource is transmitted to the client device, where the updated version is generated by applying the set of differences to the first version of the network resource.
    Type: Grant
    Filed: October 26, 2018
    Date of Patent: June 18, 2019
    Assignee: CLOUDFARE, INC.
    Inventor: John Graham-Cumming
  • Patent number: 10305871
    Abstract: A server receives a request from a client to establish a secure session. The server analyzes the request to determine a set of one or more properties of the request. The server selects, based at least in part on the determined set of properties, one of multiple certificates for a hostname of the server, where each of the certificates is signed using a different signature and hash algorithm pair. The server returns the selected certificate to the client.
    Type: Grant
    Filed: December 9, 2015
    Date of Patent: May 28, 2019
    Assignee: CLOUDFLARE, INC.
    Inventors: Nicholas Thomas Sullivan, Lee Hahn Holloway, Piotr Sikora, Ryan Lackey, John Graham-Cumming, Dane Orion Knecht, Patrick Donahue, Zi Lin
  • Patent number: 10298601
    Abstract: A network address includes a predefined portion that identifies a hostname, where the predefined portion is less than all of the network address. A request is received for a secure session at the network address. The hostname is identified from the predefined portion of the network address and a secure session negotiation is made including returning a digital certificate for the identified hostname.
    Type: Grant
    Filed: February 27, 2017
    Date of Patent: May 21, 2019
    Assignee: CLOUDFLARE, INC.
    Inventor: John Graham-Cumming
  • Publication number: 20190144394
    Abstract: The present application relates to certain substituted imidazole and triazole compounds, pharmaceutical compositions containing them, and methods of using them, including methods for treating pain, musculoskeletal inflammation, neuroinflammatory disorders, airway inflammation, itch, dermatitis, colitis and related conditions. The compounds are of Formula (I) where X is N or CH, Z and Y are N or C (but both not N) and R1-R3 are as defined herein.
    Type: Application
    Filed: May 11, 2017
    Publication date: May 16, 2019
    Applicant: Heptares Therapeutics Limited
    Inventors: John Graham Cumming, Frank Xinhe Wu, Karl Henrik Edman, Hongming Chen, Dean Gordon Brown, Roland Werner Burli, Shawn Donald Johnstone, Giles Albert Brown, Benjamin Gerald Tehan, Barry John Teobald, Miles Stuart Congreve
  • Publication number: 20190140843
    Abstract: A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to the different server for decryption along with other information necessary to compute a master secret. The different server decrypts the encrypted premaster secret, generates the master secret, and transmits the master secret to the server. The server receives the master secret and continues with the handshake procedure including generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.
    Type: Application
    Filed: June 26, 2018
    Publication date: May 9, 2019
    Inventors: Sébastien Andreas Henry Pahl, Matthieu Philippe François Tourne, Piotr Sikora, Ray Raymond Bejjani, Dane Orion Knecht, Matthew Browning Prince, John Graham-Cumming, Lee Hahn Holloway, Nicholas Thomas Sullivan, Albertus Strasheim
  • Publication number: 20190098343
    Abstract: A server in a content delivery network (CDN) receives a request for a web page of a domain handled by an origin server. The server retrieves the web page and the web page references a video. The server retrieves a file that indicates a list of locations of the domain in which segments of the video are located. The server fetches at least an initial portion of the segments. The server receives a request for the video. The server transmits to the requester at least the initial portion of the segments. The server receives a subsequent request of a different portion of the segments. The server transmits a response to the requester that instructs the requester to transmit the request for the different portion of segments to a second server in the CDN.
    Type: Application
    Filed: October 5, 2017
    Publication date: March 28, 2019
    Inventors: Dane Orion Knecht, Igor Postelnik, Oliver Yu, John Graham-Cumming, Dani Grant, Nitin Rao
  • Publication number: 20190097983
    Abstract: A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to another server for decryption. The server receives the decrypted premaster secret and continues with the handshake procedure including generating a master secret from the decrypted premaster secret and generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.
    Type: Application
    Filed: November 12, 2018
    Publication date: March 28, 2019
    Inventors: Sébastien Andreas Henry Pahl, Matthieu Philippe François Tourne, Piotr Sikora, Ray Raymond Bejjani, Dane Orion Knecht, Matthew Browning Prince, John Graham-Cumming, Lee Hahn Holloway, Albertus Strasheim
  • Publication number: 20190068740
    Abstract: A method and computing device for delta compression techniques for reducing network resource transmission size are described. A first version of a network resource is received. The first version of the network resource is stored regardless of a directive that a cached version is not to be used to respond to a future request for that network resource. A first request for the network resource is received. A second request for the network resource is transmitted, to a second computing device. A response including a set differences between the first version of the network resource with a most current version of the network resource is received from the second computing device without receiving the entire network resource. An updated version of the network resource is transmitted to the client device, where the updated version is generated by applying the set of differences to the first version of the network resource.
    Type: Application
    Filed: October 26, 2018
    Publication date: February 28, 2019
    Inventor: John GRAHAM-CUMMING
  • Patent number: 10218805
    Abstract: A method and apparatus for delaying responses to requests in a server are described. Upon receipt, from a client device, of a first request for a resource at a first location, a response that includes a redirection instruction to a second location is transmitted, where the response includes a first number of redirects that the client device is to complete prior to the first request being fulfilled. Upon receipt of a following request including a number of redirects, determining whether the number of redirects has been performed. When the number of redirects has not been performed the transmission of the redirection instruction is repeated with a number of redirects smaller than the first number of redirects until the receipt of a request indicating that the number of redirects has been performed. When the number of redirects has been performed the request is fulfilled.
    Type: Grant
    Filed: June 10, 2016
    Date of Patent: February 26, 2019
    Assignee: CLOUDFLARE, INC.
    Inventors: Dane Orion Knecht, John Graham-Cumming
  • Publication number: 20190044924
    Abstract: A first server receives a set of cryptographic parameters from a second server. The set of cryptographic parameters is received from the second server as part of a secure session establishment between a client device and the second server. The first server accesses a private key that is not stored on the second server. The first server signs the set of cryptographic parameters using the private key. The first server transmits the signed set of cryptographic parameters to the second server. The first server receives, from the second server, a request to generate a premaster secret using a value generated by the second server that is included in the request and generates the premaster secret. The first server transmits the premaster secret to the second server for use in the secure session establishment between the client device and the second server.
    Type: Application
    Filed: October 12, 2018
    Publication date: February 7, 2019
    Inventors: Sébastien Andreas Henry Pahl, Matthieu Philippe François Tourne, Piotr Sikora, Ray Raymond Bejjani, Dane Orion Knecht, Matthew Browning Prince, John Graham-Cumming, Lee Hahn Holloway, Albertus Strasheim
  • Publication number: 20190045023
    Abstract: A browser receives a web page that includes a script that is configured to control subsequent requests of the browser for at least the web page and caches a first portion of the web page that includes reference(s) to other web resource(s). A subsequent request for the web page is dispatched to the script which returns the cached first portion of the web page to the browser and a request for the full web page is made. Request(s) are also transmitted for the web resource(s) referenced in the first portion of the web page without waiting for the full web page to be received. When the full web page is received, if the first portion of the page matches the corresponding portion of the full page, that corresponding portion is removed from the full page and the remaining page is returned to the browser.
    Type: Application
    Filed: October 9, 2018
    Publication date: February 7, 2019
    Inventors: John Graham-Cumming, Andrew Galloni, Terin Stock
  • Publication number: 20180375819
    Abstract: A method and apparatus for managing CNAME records such that CNAME records at the root domain are supported while complying with the RFC specification (an IP address is returned for any Address query for the root record). The authoritative DNS infrastructure acts as a DNS resolver where if there is a CNAME at the root record, rather than returning that record directly, a recursive lookup is used to follow the CNAME chain until an A record is located. The address associated with the A record is then returned. This effectively “flattens” the CNAME chain. This complies with the requirements of the DNS specification and is invisible to any service that interacts with the DNS server.
    Type: Application
    Filed: September 4, 2018
    Publication date: December 27, 2018
    Inventors: Lee Hahn Holloway, Ray Raymond Bejjani, Dane Orion Knecht, Matthew Browning Prince, John Graham-Cumming
  • Publication number: 20180375952
    Abstract: A near end point of presence (PoP) of a cloud proxy service receives, from a client device, a request for a network resource. A far end PoP from a plurality of PoPs of the cloud proxy service is identified. Responsive to determining that a version of the network resource is stored in the near end PoP, a request for the network resource is transmitted to the far end PoP with a version identifier that identifies that version. The far end PoP receives, from the near end PoP, a response that includes difference(s) between the version of the network resource stored in the near end PoP with a most current version of the network resource. The response does not include the entire network resource. The near end PoP applies the specified difference(s) to the version that it has stored to generate an updated version of the network resource, and transmits it to the client device.
    Type: Application
    Filed: August 7, 2018
    Publication date: December 27, 2018
    Inventors: Dane Orion KNECHT, John GRAHAM-CUMMING, Matthew Browning PRINCE
  • Patent number: 10142434
    Abstract: A network optimizer receives, from a client device, a request for a network resource including a first version identifier identifying a first version of the network resource. A request for the network resource is transmitted to a far end network optimizer with a second version identifier that identifies a second version of the network resource. The network optimizer receives, from the far end network optimizer, a response that includes a first differences file that specifies first difference(s) between the second version with a most current version of the network resource. The response does not include the entire network resource. The network optimizer transmits to the client device a second response including a second differences file that identifies differences between the most current version of the network resource and the first version of the network resource causing the generation of an updated version of the network resource at the client device.
    Type: Grant
    Filed: June 7, 2018
    Date of Patent: November 27, 2018
    Assignee: CLOUDFLARE, INC.
    Inventor: John Graham-Cumming
  • Patent number: 10129224
    Abstract: A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to another server for decryption. The server receives the decrypted premaster secret and continues with the handshake procedure including generating a master secret from the decrypted premaster secret and generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.
    Type: Grant
    Filed: January 23, 2017
    Date of Patent: November 13, 2018
    Assignee: CLOUDFLARE, INC.
    Inventors: Sébastien Andreas Henry Pahl, Matthieu Phillippe François Tourne, Piotr Sikora, Ray Raymond Bejjani, Dane Orion Knecht, Matthew Browning Prince, John Graham-Cumming, Lee Hahn Holloway, Albertus Strasheim
  • Publication number: 20180324270
    Abstract: A near end point of presence (PoP) of a cloud proxy service receives, from a client device, a request for a network resource. A far end PoP from a plurality of PoPs of the cloud proxy service is identified. Responsive to determining that a version of the network resource is stored in the near end PoP, a request for the network resource is transmitted to the far end PoP with a version identifier that identifies that version. The far end PoP receives, from the near end PoP, a response that includes difference(s) between the version of the network resource stored in the near end PoP with a most current version of the network resource. The response does not include the entire network resource. The near end PoP applies the specified difference(s) to the version that it has stored to generate an updated version of the network resource, and transmits it to the client device.
    Type: Application
    Filed: July 2, 2018
    Publication date: November 8, 2018
    Inventors: Dane Orion KNECHT, John GRAHAM-CUMMING, Matthew Browning PRINCE
  • Publication number: 20180323969
    Abstract: A first server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different, second, server. The first server transmits messages between the client device and the second server where the second server has access to a private key that is not available on the first server. The first server receives from the second server a set of session key(s) used in the secure session for encrypting/decrypting communication between the client device and the first server. The session key(s) are generated using a master secret that is generated using a premaster secret generated using Diffie-Hellman public values selected by the client device and the second server. The first server uses the session key(s) to encrypt/decrypt communication with the client device.
    Type: Application
    Filed: July 24, 2018
    Publication date: November 8, 2018
    Inventors: Sébastien Andreas Henry Pahl, Matthieu Philippe François Tourne, Piotr Sikora, Ray Raymond Bejjani, Dane Orion Knecht, Matthew Browning Prince, John Graham-Cumming, Lee Hahn Holloway, Nicholas Thomas Sullivan, Albertus Strasheim
  • Patent number: 10104039
    Abstract: An edge server of a distributed edge compute and routing service receives a tunnel connection request from a tunnel client residing on an origin server, that requests a tunnel be established between the edge server and the tunnel client. The request identifies the hostname that is to be tunneled. An IP address is assigned for the tunnel. DNS record(s) are added or changed that associate the hostname with the assigned IP address. Routing rules are installed in the edge servers of the distributed edge compute and routing service to reach the edge server for the tunneled hostname. The edge server receives a request for a resource of the tunneled hostname from another edge server that received the request from a client, where the other edge server is not connected to the origin server. The request is transmitted from the edge server to the origin server over the tunnel.
    Type: Grant
    Filed: September 28, 2017
    Date of Patent: October 16, 2018
    Assignee: CLOUDFLARE, INC.
    Inventors: Dane Orion Knecht, John Graham-Cumming, Dani Grant, Christopher Philip Branch, Tom Paseka