Patents by Inventor Nicholas Thomas Sullivan
Nicholas Thomas Sullivan has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11647008Abstract: A DNS server receives, from a client device, a DNS query for a resource record type at a domain name. The DNS server determines that the resource record type does not exist at the domain name and generates an answer that indicates that the queried resource record type does not exist at the domain name and also indicates that a plurality of other resource record types exist at the domain name regardless of whether those plurality of other resource record types actually exist at the domain name. The DNS server transmits the generated answer to the client device.Type: GrantFiled: April 24, 2018Date of Patent: May 9, 2023Assignee: CLOUDFLARE, INC.Inventors: Daniel Morsing, Marek Majkowski, Nicholas Thomas Sullivan, Olafur Gudmundsson, Filippo Valsorda
-
Publication number: 20220321354Abstract: A client device receives a challenge request from a server to prove that internet traffic was initiated by a human user through verifying a physical interaction between a human user and a hardware component. The client device causes a prompt to be displayed to perform the physical interaction with the hardware component. A cryptographic attestation is received that includes an attestation signature that is generated after confirmation that the physical interaction was performed with the hardware component. A zero-knowledge proof of the attestation signature is generated and transmitted to the server for verification. The client device receives the requested content responsive to the server verifying the validity of the zero-knowledge proof.Type: ApplicationFiled: March 30, 2021Publication date: October 6, 2022Inventors: Watson Bernard Ladd, Alexander Andrew Davidson, Marwan Fayed, Armando Faz Hernández, Sai Krishna Deepak Maram, Nicholas Thomas Sullivan
-
Patent number: 11438178Abstract: A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to the different server for decryption along with other information necessary to compute a master secret. The different server decrypts the encrypted premaster secret, generates the master secret, and transmits the master secret to the server. The server receives the master secret and continues with the handshake procedure including generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.Type: GrantFiled: March 16, 2020Date of Patent: September 6, 2022Assignee: CLOUDFLARE, INC.Inventors: Sébastien Andreas Henry Pahl, Matthieu Philippe François Tourne, Piotr Sikora, Ray Raymond Bejjani, Dane Orion Knecht, Matthew Browning Prince, John Graham-Cumming, Lee Hahn Holloway, Nicholas Thomas Sullivan, Albertus Strasheim
-
Patent number: 11044083Abstract: A first server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different, second, server. The first server transmits messages between the client device and the second server where the second server has access to a private key that is not available on the first server. The first server receives from the second server a set of session key(s) used in the secure session for encrypting/decrypting communication between the client device and the first server. The session key(s) are generated using a master secret that is generated using a premaster secret generated using Diffie-Hellman public values selected by the client device and the second server. The first server uses the session key(s) to encrypt/decrypt communication with the client device.Type: GrantFiled: July 24, 2018Date of Patent: June 22, 2021Assignee: CLOUDFLARE, INC.Inventors: Sébastien Andreas Henry Pahl, Matthieu Philippe François Tourne, Piotr Sikora, Ray Raymond Bejjani, Dane Orion Knecht, Matthew Browning Prince, John Graham-Cumming, Lee Hahn Holloway, Nicholas Thomas Sullivan, Albertus Strasheim
-
Patent number: 10938554Abstract: Managing private key access in multiple nodes is described. A piece of data (e.g., a private key) is encrypted using identity-based broadcast encryption and identity-based revocation encryption so that only certain servers in a distributed network of servers can decrypt the piece of data. The piece of data is encrypted with a key encryption key (KEK). The KEK is split into two pieces. The first piece is encrypted using identity-based broadcast encryption with a first set of identities as input such that only servers of the first set of identities can decrypt the first piece, and the second piece is encrypted using identity-based revocation encryption so that all servers except those that have the second set of identities can decrypt the second piece. The keys are transmitted to the servers.Type: GrantFiled: January 7, 2019Date of Patent: March 2, 2021Assignee: CLOUDFLARE, INC.Inventors: Nicholas Thomas Sullivan, Brendan Scott McMillion
-
Patent number: 10904227Abstract: A request for a web page is received and the requested web page is retrieved. The web page is modified to obfuscate a set of form attribute values into a corresponding set of obfuscated form attribute values. The modified web page is transmitted to the requesting device. The modified web page does not include the set of form attribute values in their original form. Form data for the set of obfuscated form attribute values is received from the requesting device. The set of obfuscated form attribute values is deobfuscated thereby revealing the original set of form attribute values. The form data for the set of original form attribute values is further processed.Type: GrantFiled: December 12, 2017Date of Patent: January 26, 2021Assignee: CLOUDFLARE, INC.Inventors: Nicholas Thomas Sullivan, Zi Lin, Rajeev Devendra Sharma
-
Patent number: 10904005Abstract: A server receives a piece of data for encryption. The server encrypts the piece of data such that no single key can decrypt the encrypted piece of data and any combination of a first multiple of unique keys taken a second multiple at a time are capable of decrypting the encrypted piece of data. Each of the first multiple of unique keys is tied to account credentials of a different user. The second multiple is less than or equal to the first multiple. The encrypted piece of data is returned.Type: GrantFiled: November 18, 2019Date of Patent: January 26, 2021Assignee: CLOUDFLARE, INC.Inventor: Nicholas Thomas Sullivan
-
Patent number: 10893031Abstract: A server receives a request from a client to establish a secure session. The server analyzes the request to determine a set of one or more properties of the request. The server selects, based at least in part on the determined set of properties, one of multiple certificates for a hostname of the server, where each of the certificates is signed using a different signature and hash algorithm pair. The server returns the selected certificate to the client.Type: GrantFiled: May 24, 2019Date of Patent: January 12, 2021Assignee: CLOUDFLARE, INC.Inventors: Nicholas Thomas Sullivan, Lee Hahn Holloway, Piotr Sikora, Ryan Lackey, John Graham-Cumming, Dane Orion Knecht, Patrick Donahue, Zi Lin
-
Patent number: 10791110Abstract: A server receives a single certificate signature request from a requestor and determines that the requestor is authorized for a certificate corresponding to the single certificate signature request. The server generates a first certificate corresponding to the single certificate signature request, wherein the first certificate has a first expiry value. The server transmits the generated first certificate to the requestor. Responsive to an amount of time elapsing, the server automatically generating a second certificate corresponding to the single certificate signature request, wherein the amount of time expiring is less than the first expiry value. The server transmits the generated second certificate to the requestor.Type: GrantFiled: July 8, 2016Date of Patent: September 29, 2020Assignee: CLOUDFLARE, INC.Inventors: Lee Hahn Holloway, Nicholas Thomas Sullivan
-
Publication number: 20200280452Abstract: A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to the different server for decryption along with other information necessary to compute a master secret. The different server decrypts the encrypted premaster secret, generates the master secret, and transmits the master secret to the server. The server receives the master secret and continues with the handshake procedure including generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.Type: ApplicationFiled: March 16, 2020Publication date: September 3, 2020Inventors: Sébastien Andreas Henry Pahl, Matthieu Philippe François Tourne, Piotr Sikora, Ray Raymond Bejjani, Dane Orion Knecht, Matthew Browning Prince, John Graham-Cumming, Lee Hahn Holloway, Nicholas Thomas Sullivan, Albertus Strasheim
-
Publication number: 20200186351Abstract: A server receives a piece of data for encryption. The server encrypts the piece of data such that no single key can decrypt the encrypted piece of data and any combination of a first multiple of unique keys taken a second multiple at a time are capable of decrypting the encrypted piece of data. Each of the first multiple of unique keys is tied to account credentials of a different user. The second multiple is less than or equal to the first multiple. The encrypted piece of data is returned.Type: ApplicationFiled: November 18, 2019Publication date: June 11, 2020Inventor: Nicholas Thomas Sullivan
-
Patent number: 10645061Abstract: Methods and apparatuses for identifying a domain of a command and control server of a botnet are described. Upon receipt of a request to register a domain for a service that includes a proxy server, where the proxy server is to receive and process traffic for that domain if registration is successful, a determination of whether the domain was generated by a domain generation algorithm (DGA) is performed. Responsive to determining that the domain was generated by the DGA, accepting registration of the domain for the service and causing the proxy server to monitor communications received to and from the domain.Type: GrantFiled: September 5, 2018Date of Patent: May 5, 2020Assignee: CLOUDFLARE, INC.Inventor: Nicholas Thomas Sullivan
-
Patent number: 10594496Abstract: A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to the different server for decryption along with other information necessary to compute a master secret. The different server decrypts the encrypted premaster secret, generates the master secret, and transmits the master secret to the server. The server receives the master secret and continues with the handshake procedure including generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.Type: GrantFiled: June 26, 2018Date of Patent: March 17, 2020Assignee: CLOUDFLARE, INC.Inventors: Sébastien Andreas Henry Pahl, Matthieu Philippe François Tourne, Piotr Sikora, Ray Raymond Bejjani, Dane Orion Knecht, Matthew Browning Prince, John Graham-Cumming, Lee Hahn Holloway, Nicholas Thomas Sullivan, Albertus Strasheim
-
Patent number: 10484176Abstract: A server receives a piece of data for encryption. The server encrypts the piece of data such that no single key can decrypt the encrypted piece of data and any combination of a first multiple of unique keys taken a second multiple at a time are capable of decrypting the encrypted piece of data. Each of the first multiple of unique keys is tied to account credentials of a different user. The second multiple is less than or equal to the first multiple. The encrypted piece of data is returned.Type: GrantFiled: April 10, 2018Date of Patent: November 19, 2019Assignee: CLOUDFLARE, INC.Inventor: Nicholas Thomas Sullivan
-
Publication number: 20190281032Abstract: A server receives a request from a client to establish a secure session. The server analyzes the request to determine a set of one or more properties of the request. The server selects, based at least in part on the determined set of properties, one of multiple certificates for a hostname of the server, where each of the certificates is signed using a different signature and hash algorithm pair. The server returns the selected certificate to the client.Type: ApplicationFiled: May 24, 2019Publication date: September 12, 2019Inventors: Nicholas Thomas Sullivan, Lee Hahn Holloway, Piotr Sikora, Ryan Lackey, John Graham-Cumming, Dane Orion Knecht, Patrick Donahue, Zi Lin
-
Patent number: 10305871Abstract: A server receives a request from a client to establish a secure session. The server analyzes the request to determine a set of one or more properties of the request. The server selects, based at least in part on the determined set of properties, one of multiple certificates for a hostname of the server, where each of the certificates is signed using a different signature and hash algorithm pair. The server returns the selected certificate to the client.Type: GrantFiled: December 9, 2015Date of Patent: May 28, 2019Assignee: CLOUDFLARE, INC.Inventors: Nicholas Thomas Sullivan, Lee Hahn Holloway, Piotr Sikora, Ryan Lackey, John Graham-Cumming, Dane Orion Knecht, Patrick Donahue, Zi Lin
-
Publication number: 20190140843Abstract: A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to the different server for decryption along with other information necessary to compute a master secret. The different server decrypts the encrypted premaster secret, generates the master secret, and transmits the master secret to the server. The server receives the master secret and continues with the handshake procedure including generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.Type: ApplicationFiled: June 26, 2018Publication date: May 9, 2019Inventors: Sébastien Andreas Henry Pahl, Matthieu Philippe François Tourne, Piotr Sikora, Ray Raymond Bejjani, Dane Orion Knecht, Matthew Browning Prince, John Graham-Cumming, Lee Hahn Holloway, Nicholas Thomas Sullivan, Albertus Strasheim
-
Publication number: 20190140825Abstract: Managing private key access in multiple nodes is described. A piece of data (e.g., a private key) is encrypted using identity-based broadcast encryption and identity-based revocation encryption so that only certain servers in a distributed network of servers can decrypt the piece of data. The piece of data is encrypted with a key encryption key (KEK). The KEK is split into two pieces. The first piece is encrypted using identity-based broadcast encryption with a first set of identities as input such that only servers of the first set of identities can decrypt the first piece, and the second piece is encrypted using identity-based revocation encryption so that all servers except those that have the second set of identities can decrypt the second piece. The keys are transmitted to the servers.Type: ApplicationFiled: January 7, 2019Publication date: May 9, 2019Inventors: Nicholas Thomas Sullivan, Brendan Scott McMillion
-
Publication number: 20190116039Abstract: A server receives a piece of data for encryption. The server encrypts the piece of data such that no single key can decrypt the encrypted piece of data and any combination of a first multiple of unique keys taken a second multiple at a time are capable of decrypting the encrypted piece of data. Each of the first multiple of unique keys is tied to account credentials of a different user. The second multiple is less than or equal to the first multiple. The encrypted piece of data is returned.Type: ApplicationFiled: April 10, 2018Publication date: April 18, 2019Inventor: Nicholas Thomas Sullivan
-
Publication number: 20190020623Abstract: Methods and apparatuses for identifying a domain of a command and control server of a botnet are described. Upon receipt of a request to register a domain for a service that includes a proxy server, where the proxy server is to receive and process traffic for that domain if registration is successful, a determination of whether the domain was generated by a domain generation algorithm (DGA) is performed. Responsive to determining that the domain was generated by the DGA, accepting registration of the domain for the service and causing the proxy server to monitor communications received to and from the domain.Type: ApplicationFiled: September 5, 2018Publication date: January 17, 2019Inventor: Nicholas Thomas SULLIVAN