Supporting secure sessions in a cloud-based proxy service

Assignee

• CLOUDFLARE, INC. · US

Inventors

• Matthew Browning Prince · San Francisco, US
• Lee Hahn Holloway · Santa Cruz, US
• Srikanth N. Rao · San Francisco, US
• Ian Gerald Pye · San Francisco, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04W76/10
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A proxy server in a cloud-based proxy service receives a secure session request from a client device for a secure session. The secure session request is received at the proxy server as a result of a Domain Name System (DNS) request for a domain resolving to the proxy server. The proxy server participates in a secure session negotiation with the client device including transmitting a digital certificate to the client device that is bound to domain and multiple other domains. The proxy server receives an encrypted request from the client device for an action to be performed on a resource that is hosted at an origin server corresponding to the domain. The proxy server decrypts the request and participates in a secure session negotiation with the origin server including receiving a digital certificate from the origin server. The proxy server encrypts the decrypted request using the digital certificate from the origin server and transmits the encrypted request to the origin server.