&#xfeff;<html>
  <head>
    <META http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="html_style_eog.css"/>
<script type="text/javascript">
          function printpage()
          {
          window.print()
          }
        </script>
<script type="text/javascript" src="https://components.uspto.gov/js/ais/40-patentsgazette.js"></script></head>
  <body bgcolor='#FFFFFF' onload='javascript: if ((navigator.appName.indexOf("Netscape")!=-1) && parent.leftFrame!=null) parent.leftFrame.location.reload();'>
    <basefont face="Times New Roman, Times New Roman, Times New Roman " size="2">
      <div style="margin-left: +10pt">
        <table width="90%" border="0" rules="none" align="center">
          <tr align="center">
            <td width="20%" colspan="1" rowspan="2" align="left" valign="top"><a href="https://ppubs.uspto.gov/pubwebapp/external.html?q=12457101.pn.&amp;db=USPAT" target="popup"><input type="button" class="button" value="   Full Text   "></a></td>
            <td class="table_data"><b>US 12,457,101 B1</b></td>
            <td width="20%" colspan="1" rowspan="2" align="right" valign="top">
              <form><input type="button" value="Print this page" onclick="printpage()"></form>
            </td>
          </tr>
          <tr align="center">
            <td colspan="1" class="table_data" style="text-transform: uppercase"><b>Systems and methods using DNS tunneling for fast symmetric session encryption key establishment using a computing device</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b> James E. Bennison,  Oakton, VA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed by  James E. Bennison,  Oakton, VA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed on Jan.  7, 2025, as Appl. No. 19/012,244.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Int. Cl. </b><i><b>H04L 9/08</b></i> (2006.01); <i><b>H04L 61/4511</b></i> (2022.01)</td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="75%">
            <col width="15%">
          </colgroup>
          <tr align="left">
            <td class="table_data" align="left"><b>CPC </b><i><b>H04L 9/0861</b></i> (2013.01)&#xa0;[<i><b>H04L 9/0825</b></i> (2013.01); <i><b>H04L 61/4511</b></i> (2022.05)]</td>
            <td class="table_data" align="right"><b>11 Claims</b></td>
          </tr>
        </table>
        <center><img src="US12457101-20251028-D00000.gif" alt="OG exemplary drawing"></center>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">1. A method performed by a client computing device for negotiating session encryption-keys with another computing device, which is part of a system registered with an Internet domain name service as an authoritative name-server for an Internet domain name, and which is connected to the client computing device by a network, the method utilizing Internet domain name service tunneling to employ pre-shared shared-secret key-derivation keys to generate and securely exchange symmetric session encryption-keys, the method comprising:<div class="claim_text">obtaining from a machine-readable data storage mechanism associated with the client computing device a device-unique identity token cryptographically bound to said computing device;</div>
                <div class="claim_text">generating a domain name by appending a &#x201c;dot&#x201d; character to said device-unique identity token and then concatenating the appended device-unique identity token with the Internet domain name registered to said authoritative name-server;</div>
                <div class="claim_text">transmitting said domain name in a request for said authoritative name-server's internet protocol address to an arbitrary public domain name service device over the network communicatively coupled to the client computing device thereby causing the public domain name service device to, upon not finding a match between the generated domain name and an Internet address database, forward a domain name service request for said generated domain name to the authoritative name-server;</div>
                <div class="claim_text">receiving a domain name service response including an Internet Protocol address provided by the authoritative name-server, an encrypted handshake message and a random nonce;</div>
                <div class="claim_text">obtaining from the machine-readable data storage mechanism associated with the client computing device a shared-secret key-derivation key;</div>
                <div class="claim_text">generate a matching symmetric session encryption-key by combining the random nonce and the shared-secret key-derivation key and performing cryptographic operations on the appended device-unique identity token;</div>
                <div class="claim_text">decrypting the encrypted handshake message with said session encryption-key; and</div>
                <div class="claim_text">verifying the handshake message was successfully decrypted.</div>
              </div>
            </td>
          </tr>
        </table>
      </div>
    
  </body>
</html>