&#xfeff;<html>
  <head>
    <META http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="html_style_eog.css"/>
<script type="text/javascript">
          function printpage()
          {
          window.print()
          }
        </script>
<script type="text/javascript" src="https://components.uspto.gov/js/ais/40-patentsgazette.js"></script></head>
  <body bgcolor='#FFFFFF' onload='javascript: if ((navigator.appName.indexOf("Netscape")!=-1) && parent.leftFrame!=null) parent.leftFrame.location.reload();'>
    <basefont face="Times New Roman, Times New Roman, Times New Roman " size="2">
      <div style="margin-left: +10pt">
        <table width="90%" border="0" rules="none" align="center">
          <tr align="center">
            <td width="20%" colspan="1" rowspan="2" align="left" valign="top"><a href="https://ppubs.uspto.gov/pubwebapp/external.html?q=11895227.pn.&amp;db=USPAT" target="popup"><input type="button" class="button" value="   Full Text   "></a></td>
            <td class="table_data"><b>US 11,895,227 B1</b></td>
            <td width="20%" colspan="1" rowspan="2" align="right" valign="top">
              <form><input type="button" value="Print this page" onclick="printpage()"></form>
            </td>
          </tr>
          <tr align="center">
            <td colspan="1" class="table_data" style="text-transform: uppercase"><b>Distributed key management system with a key lookup service</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b> Derek Chamorro,  Austin, TX (US); and  Michael Pak,  Denver, CO (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Assigned to  CLOUDFLARE, INC.,  San Francisco, CA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed by  CLOUDFLARE, INC.,  San Francisco, CA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed on May   23, 2023, as Appl. No. 18/322,265.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Int. Cl. </b><i><b>H04L 9/08</b></i> (2006.01)</td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="75%">
            <col width="15%">
          </colgroup>
          <tr align="left">
            <td class="table_data" align="left"><b>CPC </b><i><b>H04L 9/0825</b></i> (2013.01)&#xa0;[<i><b>H04L 9/0827</b></i> (2013.01)]</td>
            <td class="table_data" align="right"><b>21 Claims</b></td>
          </tr>
        </table>
        <center><img src="US11895227-20240206-D00000.gif" alt="OG exemplary drawing"></center>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">1. A method, comprising:<div class="claim_text">receiving, at a first intermediate key management system (KMS) server of a distributed KMS, a first key lookup service (KLS) query from a KMS client for determining an identity of one or more of a plurality of KMS servers that are capable of performing a first operation with a first managed key, wherein the first intermediate KMS server is one of the plurality of intermediate KMS servers of the distributed KMS;</div>
                <div class="claim_text">determining the identity of one or more of the plurality of KMS servers that are capable of performing the first operation with the first managed key;</div>
                <div class="claim_text">transmitting a first KLS response to the KMS client that includes the identity of one or more of the plurality of KMS servers that are capable of performing the first operation with the first managed key, wherein the first intermediate KMS server is not one of the one or more of the plurality of KMS servers that are capable of performing the first operation with the first managed key;</div>
                <div class="claim_text">receiving, at the first intermediate KMS server, a second KLS query from the KMS client for determining an identity of one or more of the plurality of KMS servers that are capable of performing a second operation with a second managed key, wherein the second operation is different from the first operation;</div>
                <div class="claim_text">determining the identity of one or more of the plurality of KMS servers that are capable of performing the second operation with the second managed key; and</div>
                <div class="claim_text">transmitting a second KLS response to the KMS client that includes the identity of one or more of the plurality of KMS servers that are capable of performing the second operation with the second managed key, wherein the first intermediate KMS server is not one of the one or more of the plurality of KMS servers that are capable of performing the second operation with the second managed key.</div>
              </div>
            </td>
          </tr>
        </table>
      </div>
    
  </body>
</html>