	US 12,348,614 B2
	Distributed key management system with a key lookup service
Derek Chamorro, Austin, TX (US); and Michael Pak, Denver, CO (US)
Assigned to CLOUDFLARE, INC., San Francisco, CA (US)
Filed by CLOUDFLARE, INC., San Francisco, CA (US)
Filed on Feb. 5, 2024, as Appl. No. 18/433,124.
Application 18/433,124 is a continuation of application No. 18/322,265, filed on May 23, 2023, granted, now 11,895,227.
Prior Publication US 2024/0396713 A1, Nov. 28, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/08 (2006.01)

CPC H04L 9/0825 (2013.01) [H04L 9/0827 (2013.01)]

21 Claims

1. A method, comprising:

receiving, at a first intermediate key management system (KMS) server of a distributed KMS, a KMS service request from a KMS client for performing managed key operations, wherein the first intermediate KMS server receives the KMS service request in response to a key lookup service (KLS) query process that determined the first intermediate KMS server is one of one or more of a plurality of KMS servers that are capable of performing the managed key operations;

performing, at the first intermediate KMS server, a first operation of the managed key operations using a first managed key;

proxying, by the first intermediate KMS server to a second intermediate KMS server, a second operation of the managed key operations using the first managed key, wherein the first intermediate KMS server is not one of the one or more of the plurality of KMS servers that are capable of performing the second operation with the first managed key, and wherein the second intermediate KMS server is one of the one or more of the plurality of KMS servers that are capable of performing the second operation with the first managed key; and

transmitting, from the first intermediate KMS server to the KMS client, a KMS service response to the KMS service request that includes results of the first operation performed by the first intermediate KMS server and the second operation performed by the second intermediate KMS server.