Patents by Inventor Matthew Browning

Matthew Browning has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20140059668
    Abstract: A proxy server receives, from multiple visitors of multiple client devices, a plurality of requests for actions to be performed on identified network resources belonging to a plurality of origin servers. At least some of the origin servers belong to different domains and are owned by different entities. The proxy server and the origin servers are also owned by different entities. The proxy server analyzes each request it receives to determine whether that request poses a threat and whether the visitor belonging to the request poses a threat. The proxy server blocks those requests from visitors that pose a threat or in which the request itself poses a threat. The proxy server transmits the requests that are not a threat and is from a visitor that is not a threat to the appropriate origin server.
    Type: Application
    Filed: October 29, 2013
    Publication date: February 27, 2014
    Inventors: Lee Hahn Holloway, Matthew Browning Prince, Ian Gerald Pye, Matthieu Philippe François Tourne, Michelle Marie Zatlyn
  • Publication number: 20140047542
    Abstract: A proxy server in a cloud-based proxy service receives a message that indicates that a domain, whose traffic passes through the proxy server, may be under a denial-of-service (DoS) attack. The proxy server enables a rule for the domain that specifies that future requests for resources at that domain are subject to at least initially passing a set of one or more challenges. In response to receiving a request for a resource of that domain from a visitor, the proxy server presents the set of challenges that, if not passed, are an indication that that the visitor is part of the DoS attack. If the set of challenges are passed, the request may be processed. If the set of challenges are not passed, the request may be dropped.
    Type: Application
    Filed: October 31, 2012
    Publication date: February 13, 2014
    Inventors: Lee Hahn Holloway, Srikanth N. Rao, Matthew Browning Prince, Matthieu Philippe François Tourne, Ian Gerald Pye, Ray Raymond Bejjani, Terry Paul Rodery, JR.
  • Publication number: 20140047539
    Abstract: Message(s) are received from each one of multiple proxy servers, which are anycasted to the same IP address, that indicate source IP addresses of packets that are received that are directed to that same IP address. These proxy servers receive the packets as result of domain(s) resolving to that same IP address, and a particular one of the proxy servers receives the packets as a result of an anycast protocol implementation selecting that proxy server. Based on these message(s) from each of the proxy servers, a determination of the likelihood of a packet having a particular source IP address being legitimately received at each of the proxy servers is determined A message is transmitted to each of the proxy servers that indicates which source IP addresses of packets are not likely to be legitimately received at that proxy server.
    Type: Application
    Filed: October 31, 2012
    Publication date: February 13, 2014
    Inventors: Lee Hahn Holloway, Srikanth N. Rao, Matthew Browning Prince, Matthieu Philippe François Tourne, Ian Gerald Pye, Ray Raymond Bejjani, Terry Paul Rodery, JR.
  • Patent number: 8646064
    Abstract: Message(s) are received from each one of multiple proxy servers, which are anycasted to the same IP address, that indicate source IP addresses of packets that are received that are directed to that same IP address. These proxy servers receive the packets as result of domain(s) resolving to that same IP address, and a particular one of the proxy servers receives the packets as a result of an anycast protocol implementation selecting that proxy server. Based on these message(s) from each of the proxy servers, a determination of the likelihood of a packet having a particular source IP address being legitimately received at each of the proxy servers is determined A message is transmitted to each of the proxy servers that indicates which source IP addresses of packets are not likely to be legitimately received at that proxy server.
    Type: Grant
    Filed: October 31, 2012
    Date of Patent: February 4, 2014
    Assignee: Cloudflare, Inc.
    Inventors: Lee Hahn Holloway, Srikanth N. Rao, Matthew Browning Prince, Matthieu Philippe François Tourne, Ian Gerald Pye, Ray Raymond Bejjani, Terry Paul Rodery, Jr.
  • Patent number: 8621038
    Abstract: A first packet of a first protocol version type that includes an incoming request for an action to be performed on an identified resource is received from a client at a proxy server as a result of a DNS request resolving to a network address of the proxy server. The proxy server transmits an outgoing request for the action to be performed on the identified resource to a network address of the destination origin server in a second packet that is of the second protocol version type. The proxy server receives a third packet that includes an incoming response from the destination origin server, the third packet being of the second protocol version type. The proxy server transmits a fourth packet to the client, the fourth packet being of the first protocol version type, wherein the fourth packet includes an outgoing response that is based on the incoming response.
    Type: Grant
    Filed: September 27, 2011
    Date of Patent: December 31, 2013
    Assignee: Cloudflare, Inc.
    Inventors: Matthew Browning Prince, Lee Hahn Holloway, David Randolph Conrad, Matthieu Philippe François Tourne
  • Patent number: 8613089
    Abstract: A cloud-based proxy service identifies a denial-of-service (DoS) attack including determining that there is a potential DoS attack being directed to an IP address of the cloud-based proxy service; and responsive to determining that there are a plurality of domains that resolve to that IP address, identifying the one of the plurality of domains that is the target of the DoS attack. The domain that is under attack is identified by scattering the plurality of domains to resolve to different IP addresses, where a result of the scattering is that each of those domains resolves to a different IP address, and identifying one of those plurality of domains as the target of the DoS attack by determining that there is an abnormally high amount of traffic being directed to the IP address in which that domain resolves.
    Type: Grant
    Filed: October 31, 2012
    Date of Patent: December 17, 2013
    Assignee: Cloudflare, Inc.
    Inventors: Lee Hahn Holloway, Srikanth N. Rao, Matthew Browning Prince, Matthieu Philippe François Tourne, Ian Gerald Pye, Ray Raymond Bejjani, Terry Paul Rodery, Jr.
  • Patent number: 8607252
    Abstract: Embodiments of the present invention provide a method, system and computer program product for automated LAMP stack data migration. In an embodiment of the invention, a method for automated LAMP stack data migration can be provided. The method can include retrieving a profile for a LAMP stack executing in a source operating platform, selecting a LAMP stack for deployment onto a target operating platform and deploying the selected LAMP stack onto the target operating platform. The method further can include translating the retrieved profile for compatibility with the selected LAMP stack, directing a reboot of the target operating platform, and applying the translated profile to the target operating platform.
    Type: Grant
    Filed: December 11, 2008
    Date of Patent: December 10, 2013
    Assignee: International Business Machines Corporation
    Inventors: Murillo Fernandes Bernardes, Rodrigo Ceron Ferreira de Castro, Alex Zanetti de Lima, Andre Fernandes de Macedo, Paulo Ricardo Paz Vital, Luke Matthew Browning
  • Publication number: 20130311593
    Abstract: A proxy server automatically includes web applications in web pages at the network level. The proxy server receives, from a client device, a request for a network resource at a domain and is hosted at an origin server. The proxy server retrieves the requested network resource. The retrieved network resource does not include the web applications. The proxy server determines that the web applications are to be installed within the network resource. The proxy server automatically modifies the retrieved network resource to include the web applications. The proxy server transmits a response to the client device that includes the modified network resource. The network resource may remain unchanged at the origin server.
    Type: Application
    Filed: May 17, 2012
    Publication date: November 21, 2013
    Inventors: Matthew Browning Prince, Matthieu Philippe François Tourne, Christopher Stephen Joel, John Brinton Roberts, Michael Jonas Sofaer, Jason Thomas Walter Benterou
  • Patent number: 8572737
    Abstract: A proxy server receives, from multiple visitors of multiple client devices, a plurality of requests for actions to be performed on identified network resources belonging to a plurality of origin servers. At least some of the origin servers belong to different domains and are owned by different entities. The proxy server and the origin servers are also owned by different entities. The proxy server analyzes each request it receives to determine whether that request poses a threat and whether the visitor belonging to the request poses a threat. The proxy server blocks those requests from visitors that pose a threat or in which the request itself poses a threat. The proxy server transmits the requests that are not a threat and is from a visitor that is not a threat to the appropriate origin server.
    Type: Grant
    Filed: September 30, 2011
    Date of Patent: October 29, 2013
    Assignee: Cloudflare, Inc.
    Inventors: Lee Hahn Holloway, Matthew Browning Prince, Ian Gerald Pye, Matthieu Philippe François Tourne, Michelle Marie Zatlyn
  • Publication number: 20130227167
    Abstract: A first packet is received at a proxy server from a client and includes a first incoming request for an action to be performed on an identified resource. The first packet is received at the proxy server as a result of a DNS request for a domain corresponding to the identified resource resolving to an IP address of the proxy server. The proxy server selects, based on at least in part on a set of parameters associated with the first packet, one of multiple IP addresses for use as a source IP address for a second packet that carries an outgoing request and transmits the second packet. The proxy server receives a third packet that includes an incoming response from the destination origin server in response to the outgoing request and transmits a fourth packet to the client that includes an outgoing response based on the incoming response.
    Type: Application
    Filed: April 8, 2013
    Publication date: August 29, 2013
    Inventors: Matthew Browning Prince, Lee Hahn Holloway, Matthieu Philippe François Tourne
  • Patent number: 8438240
    Abstract: A first packet is received at a proxy server from a client and includes a first incoming request for an action to be performed on an identified resource. The first packet is received at the proxy server as a result of a DNS request for a domain corresponding to the identified resource resolving to an IP address of the proxy server. The proxy server selects, based on at least in part on a set of parameters associated with the first packet, one of multiple IP addresses for use as a source IP address for a second packet that carries an outgoing request and transmits the second packet. The proxy server receives a third packet that includes an incoming response from the destination origin server in response to the outgoing request and transmits a fourth packet to the client that includes an outgoing response based on the incoming response.
    Type: Grant
    Filed: September 27, 2011
    Date of Patent: May 7, 2013
    Assignee: Cloudflare, Inc.
    Inventors: Matthew Browning Prince, Lee Hahn Holloway, Matthieu Philippe François Tourne
  • Publication number: 20130080574
    Abstract: A first packet of a first protocol version type that includes an incoming request for an action to be performed on an identified resource is received from a client at a proxy server as a result of a DNS request resolving to a network address of the proxy server. The proxy server transmits an outgoing request for the action to be performed on the identified resource to a network address of the destination origin server in a second packet that is of the second protocol version type. The proxy server receives a third packet that includes an incoming response from the destination origin server, the third packet being of the second protocol version type. The proxy server transmits a fourth packet to the client, the fourth packet being of the first protocol version type, wherein the fourth packet includes an outgoing response that is based on the incoming response.
    Type: Application
    Filed: September 27, 2011
    Publication date: March 28, 2013
    Inventors: Matthew Browning Prince, Lee Hahn Holloway, David Randolph Conrad, Matthieu Philippe François Tourne
  • Publication number: 20130080575
    Abstract: A first packet is received at a proxy server from a client and includes a first incoming request for an action to be performed on an identified resource. The first packet is received at the proxy server as a result of a DNS request for a domain corresponding to the identified resource resolving to an IP address of the proxy server. The proxy server selects, based on at least in part on a set of parameters associated with the first packet, one of multiple IP addresses for use as a source IP address for a second packet that carries an outgoing request and transmits the second packet. The proxy server receives a third packet that includes an incoming response from the destination origin server in response to the outgoing request and transmits a fourth packet to the client that includes an outgoing response based on the incoming response.
    Type: Application
    Filed: September 27, 2011
    Publication date: March 28, 2013
    Inventors: Matthew Browning Prince, Lee Hahn Holloway, Matthieu Philippe François Tourne
  • Publication number: 20130041946
    Abstract: A method and apparatus for improving loading of web resources. A server receives a request for a Hypertext Markup Language (HTML) document requested by a client network application. The server retrieves the requested document. The server automatically modifies objects referenced in the HTML document that have an external source such that loading of those objects by the client network application will be deferred. The server inserts a client-side script loader or a reference to the client-side script loader into the HTML document. The client-side script loader is configured to, when executed by the client network application, attempt to load the objects that have been deferred. The server transmits the modified HTML document to the client network application.
    Type: Application
    Filed: October 9, 2012
    Publication date: February 14, 2013
    Inventors: Christopher Stephen Joel, Jason Thomas Walter Benterou, Lee Hahn Holloway, Matthew Browning Prince, Ian Gerald Pye
  • Patent number: 8370940
    Abstract: A proxy server receives, from multiple visitors of multiple client devices, a plurality of requests for actions to be performed on identified network resources belonging to a plurality of origin servers. At least some of the origin servers belong to different domains and are owned by different entities. The proxy server and the origin servers are also owned by different entities. The proxy server analyzes each request it receives to determine whether that request poses a threat and whether the visitor belonging to the request poses a threat. The proxy server blocks those requests from visitors that pose a threat or in which the request itself poses a threat. The proxy server transmits the requests that are not a threat and is from a visitor that is not a threat to the appropriate origin server.
    Type: Grant
    Filed: November 4, 2010
    Date of Patent: February 5, 2013
    Assignee: Cloudflare, Inc.
    Inventors: Lee Hahn Holloway, Matthew Browning Prince, Ian Gerald Pye, Matthieu Phillippe François Tourne, Michelle Marie Zatlyn
  • Publication number: 20130031356
    Abstract: A proxy server in a cloud-based proxy service receives a secure session request from a client device for a secure session. The secure session request is received at the proxy server as a result of a Domain Name System (DNS) request for a domain resolving to the proxy server. The proxy server participates in a secure session negotiation with the client device including transmitting a digital certificate to the client device that is bound to domain and multiple other domains. The proxy server receives an encrypted request from the client device for an action to be performed on a resource that is hosted at an origin server corresponding to the domain. The proxy server decrypts the request and participates in a secure session negotiation with the origin server including receiving a digital certificate from the origin server. The proxy server encrypts the decrypted request using the digital certificate from the origin server and transmits the encrypted request to the origin server.
    Type: Application
    Filed: July 28, 2011
    Publication date: January 31, 2013
    Inventors: Matthew Browning Prince, Lee Hahn Holloway, Srikanth N. Rao, Ian Gerald Pye
  • Publication number: 20120324113
    Abstract: A domain name is received from a customer. DNS is queried for multiple possible subdomains of the domain. For each subdomain that resolves, information about that subdomain's corresponding resource record is stored in a zone file that also includes a resource record for the domain name. The zone file is presented to the customer. A designation from the customer of which of the resource records are to point to an IP address of a proxy server is received. The resource records are modified according to the input of the customer and the zone file is propagated including the modified resource records.
    Type: Application
    Filed: April 19, 2012
    Publication date: December 20, 2012
    Inventors: Matthew Browning Prince, Lee Hahn Holloway, Michelle Marie Zatlyn
  • Patent number: 8327128
    Abstract: A proxy server in a cloud-based proxy service receives a secure session request from a client device as a result of a Domain Name System (DNS) request for a domain resolving to the proxy server. The proxy server participates in a secure session negotiation with the client device including transmitting a digital certificate to the client device that is bound to domain and multiple other domains. The proxy server receives an encrypted request from the client device for an action to be performed on a resource that is hosted at an origin server corresponding to the domain. The proxy server decrypts the request and participates in a secure session negotiation with the origin server including receiving a digital certificate from the origin server. The proxy server encrypts the decrypted request using the digital certificate from the origin server and transmits the encrypted request to the origin server.
    Type: Grant
    Filed: September 30, 2011
    Date of Patent: December 4, 2012
    Assignee: Cloudflare, Inc.
    Inventors: Matthew Browning Prince, Lee Hahn Holloway, Srikanth N. Rao, Ian Gerald Pye
  • Patent number: 8285808
    Abstract: A method and apparatus for improving loading of web resources. A server receives a request for a Hypertext Markup Language (HTML) document requested by a client network application. The server retrieves the requested document. The server automatically modifies objects referenced in the HTML document that have an external source such that loading of those objects by the client network application will be deferred. The server inserts a client-side script loader or a reference to the client-side script loader into the HTML document. The client-side script loader is configured to, when executed by the client network application, attempt to load the objects that have been deferred. The server transmits the modified HTML document to the client network application.
    Type: Grant
    Filed: October 4, 2011
    Date of Patent: October 9, 2012
    Assignee: CloudFlare, Inc.
    Inventors: Christopher Stephen Joel, Jason Thomas Walter Benterou, Lee Hahn Holloway, Matthew Browning Prince, Ian Gerald Pye
  • Publication number: 20120116896
    Abstract: A proxy server receives from a client device a request for a network resource that is hosted at an origin server for a domain. The request is received at the proxy server as a result of a DNS request for the domain resolving to the proxy server. The origin server is one of multiple origin servers that belong to different domains that resolve to the proxy server and are owned by different entities. The proxy server retrieves the requested network resource. The proxy server determines that the requested resource is an HTML page, automatically modifies the HTML page, and transmits the modified HTML page to the client device.
    Type: Application
    Filed: November 4, 2010
    Publication date: May 10, 2012
    Inventors: Lee Hahn Holloway, Matthew Browning Prince, Matthieu Philippe François Tourne