Reducing time to first encrypted frame in a content stream

US 10,645,430 B2
Filed: 06/07/2017
Issued: 05/05/2020
Est. Priority Date: 12/12/2011
Status: Active Grant

First Claim

Patent Images

1. A network device, comprising:

a memory; and

one or more processors coupled to the memory that perform actions including;

receiving, from a client device, a request for a webpage that includes a link and/or mechanism that can be used to present an encrypted content item;

in response to receiving the request for the webpage, determining that the webpage includes encrypted content and retrieving a key identifier corresponding to the encrypted content item from the memory;

transmitting to the client device a webpage script, corresponding to the request for the webpage, that includes the key identifier corresponding to the encrypted content item and that is configured to cause the client device to transmit a request to a second network device for access to a key associated with the encrypted content item;

subsequent to transmitting the key identifier corresponding to the encrypted content item, receiving, from the client device, an indication of a user selection of the link and/or mechanism and a request for a first encrypted frame of the encrypted content item, the user selection corresponding to the encrypted content item; and

responsive to receiving the indication and the request for the first encrypted frame, transmitting to the client device at least a portion of the encrypted content item including the first encrypted frame, wherein a key associated with the key identifier is usable to decrypt the first encrypted frame.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are described for reducing time to decrypt a next encrypted frame in a content stream by optimizing a license/key acquisition process. When requesting content, a key identifier and/or license identifier may be included within a webpage using a link, script, or similar access point. When a client device sends a request for content, the loading of the webpage within the client device includes the embedded key identifier. Access to the key/license identifier at the client device then may initiate a key/license acquisition process by the client device. The key/license may be obtained from a key management device in parallel with, or prior to, downloading of at least a portion of the content stream.

177 Citations

18 Claims

1. A network device, comprising:
- a memory; and
  
  one or more processors coupled to the memory that perform actions including;
  
  receiving, from a client device, a request for a webpage that includes a link and/or mechanism that can be used to present an encrypted content item;
  
  in response to receiving the request for the webpage, determining that the webpage includes encrypted content and retrieving a key identifier corresponding to the encrypted content item from the memory;
  
  transmitting to the client device a webpage script, corresponding to the request for the webpage, that includes the key identifier corresponding to the encrypted content item and that is configured to cause the client device to transmit a request to a second network device for access to a key associated with the encrypted content item;
  
  subsequent to transmitting the key identifier corresponding to the encrypted content item, receiving, from the client device, an indication of a user selection of the link and/or mechanism and a request for a first encrypted frame of the encrypted content item, the user selection corresponding to the encrypted content item; and
  
  responsive to receiving the indication and the request for the first encrypted frame, transmitting to the client device at least a portion of the encrypted content item including the first encrypted frame, wherein a key associated with the key identifier is usable to decrypt the first encrypted frame.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The network device of claim 1, wherein the one or more processors perform actions further including:
    - transmitting to the client device a subsequent key identifier that corresponds to a subsequent portion of the encrypted content item, wherein the subsequent portion of the encrypted content item is a portion of the encrypted content item that is presented subsequent to a portion of the encrypted content item that corresponds to the key identifier.
  - 3. The network device of claim 1, wherein the webpage script is further configured to cause the client device to pre-initialize at least a decryption module usable to decrypt the encrypted content item.
  - 4. The network device of claim 1, wherein the one or more processors perform actions further including:
    - determining that the encrypted content item is associated with a key rotation scheme; and
      
      transmitting to the client device a subsequent key identifier based on the key rotation scheme.
  - 5. The network device of claim 1, wherein the one or more processors perform actions further including:
    - subsequent to transmitting the webpage script to the client device, transmitting at least one portion of the encrypted content item to the client device.
  - 6. The network device of claim 5, wherein the one or more processors perform actions further including:
    - concurrent with transmitting the at least one portion of the encrypted content item to the client device, transmitting a subsequent key identifier corresponding to a subsequent portion of the encrypted content item, wherein the subsequent portion of the encrypted content item is presented subsequent to the at least one portion of the encrypted content item.

7. A method, comprising:
- receiving, from a client device, a request for a webpage that includes a link and/or mechanism that can be used to present an encrypted content item;
  
  in response to receiving the request for the webpage, determining, using a hardware processor, that the webpage includes encrypted content and retrieving a key identifier corresponding to the encrypted content item;
  
  transmitting to the client device a webpage script, corresponding to the request for the webpage, that includes the key identifier corresponding to the encrypted content item and that is configured to cause the client device to transmit a request for access to a key associated with the encrypted content item;
  
  subsequent to transmitting the key identifier corresponding to the encrypted content item, receiving, from the client device, an indication of a user selection of the link and/or mechanism and a request for a first encrypted frame of the encrypted content item, the user selection corresponding to the encrypted content item; and
  
  responsive to receiving the indication and the request for the first encrypted frame, transmitting to the client device at least a portion of the encrypted content item including the first encrypted frame, wherein a key associated with the key identifier is usable to decrypt the first encrypted frame.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of claim 7, further comprising:
    - transmitting to the client device a subsequent key identifier that corresponds to a subsequent portion of the encrypted content item, wherein the subsequent portion of the encrypted content item is a portion of the encrypted content item that is presented subsequent to a portion of the encrypted content item that corresponds to the key identifier.
  - 9. The method of claim 7, wherein the webpage script is further configured to cause the client device to pre-initialize at least a decryption module usable to decrypt the encrypted content item.
  - 10. The method of claim 7, further comprising:
    - determining that the encrypted content item is associated with a key rotation scheme; and
      
      transmitting to the client device a subsequent key identifier based on the key rotation scheme.
  - 11. The method of claim 7, further comprising:
    - subsequent to transmitting the webpage script to the client device, transmitting at least one portion of the encrypted content item to the client device.
  - 12. The method of claim 11, further comprising:
    - concurrent with transmitting the at least one portion of the encrypted content item to the client device, transmitting a subsequent key identifier corresponding to a subsequent portion of the encrypted content item, wherein the subsequent portion of the encrypted content item is presented subsequent to the at least one portion of the encrypted content item.

13. A non-transitory computer-readable medium containing computer-executable instructions that, when executed by a processor, cause the processor to perform a method, the method comprising:
- receiving, from a client device, a request for a webpage that includes a link and/or mechanism that can be used to present an encrypted content item;
  
  in response to receiving the request for the webpage, determining that the webpage includes encrypted content and retrieving a key identifier corresponding to the encrypted content item;
  
  transmitting to the client device a webpage script, corresponding to the request for the webpage, that includes the key identifier corresponding to the encrypted content item and that is configured to cause the client device to transmit a request for access to a key associated with the encrypted content item;
  
  subsequent to transmitting the key identifier corresponding to the encrypted content item, receiving, from the client device, an indication of a user selection of the link and/or mechanism and a request for a first encrypted frame of the encrypted content item, the user selection corresponding to the encrypted content item; and
  
  responsive to receiving the indication and the request for the first encrypted frame, transmitting to the client device at least a portion of the encrypted content item including the first encrypted frame, wherein a key associated with the key identifier is usable to decrypt the first encrypted frame.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The non-transitory computer-readable medium of claim 13, wherein the method further comprises:
    - transmitting to the client device a subsequent key identifier that corresponds to a subsequent portion of the encrypted content item, wherein the subsequent portion of the encrypted content item is a portion of the encrypted content item that is presented subsequent to a portion of the encrypted content item that corresponds to the key identifier.
  - 15. The non-transitory computer-readable medium of claim 13, wherein the webpage script is further configured to cause the client device to pre-initialize at least a decryption module usable to decrypt the encrypted content item.
  - 16. The non-transitory computer-readable medium of claim 13, wherein the method further comprises:
    - determining that the encrypted content item is associated with a key rotation scheme; and
      
      transmitting to the client device a subsequent key identifier based on the key rotation scheme.
  - 17. The non-transitory computer-readable medium of claim 13, wherein the method further comprises:
    - subsequent to transmitting the webpage script to the client device, transmitting at least one portion of the encrypted content item to the client device.
  - 18. The non-transitory computer-readable medium of claim 17, wherein the method further comprises:
    - concurrent with transmitting the at least one portion of the encrypted content item to the client device, transmitting a subsequent key identifier corresponding to a subsequent portion of the encrypted content item, wherein the subsequent portion of the encrypted content item is presented subsequent to the at least one portion of the encrypted content item.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google LLC (Alphabet Inc.)
Inventors
Dorwin, David Kimbal
Primary Examiner(s)
Rahim, Monjur

Application Number

US15/616,417
Publication Number

US 20170270306A1
Time in Patent Office

1,063 Days
Field of Search

713150
US Class Current
CPC Class Codes

G06F 11/3003   Monitoring arrangements spe...

G06F 21/105   Arrangements for software l...

G06F 21/1062   Editing

G06F 21/1073   Conversion

G06F 21/50   Monitoring users, programs ...

G06F 21/60   Protecting data

G06F 21/602   Providing cryptographic fac...

G06F 21/62   Protecting access to data v...

G06F 21/6209   to a single file or object,...

G06F 40/143   Markup, e.g. Standard Gener...

G06T 11/00   2D [Two Dimensional] image ...

G11B 20/00086   Circuits for prevention of ...

H04L 2209/603   Digital right managament [DRM]

H04L 2463/101   applying security measures ...

H04L 2463/103   applying security measure f...

H04L 47/801   Real time traffic

H04L 47/805   QOS or priority aware

H04L 63/00   Network architectures or ne...

H04L 63/0428   wherein the data content is...

H04L 63/06   for supporting key manageme...

H04L 63/0876 : based on the identity of th...

H04L 63/102 : Entity profiles

H04L 65/1101 : Session protocols

H04L 65/1108 : Web based protocols, e.g. w...

H04L 65/613 : for the control of the sour...

H04L 65/762 : at the source reformatting...

H04L 65/80 : Responding to QoS

H04L 9/0631 : Substitution permutation ne...

H04L 9/0861 : Generation of secret inform...

H04L 9/32 : including means for verifyi...

H04N 21/2347 : involving video stream encr...

H04N 21/24 : Monitoring of processes or ...

H04N 21/25825 : involving client display ca...

H04N 21/25833 : involving client hardware c...

H04N 21/41407 : embedded in a portable devi...

H04N 21/4405 : involving video stream decr...

H04N 21/4516 : involving client characteri...

View All

Reducing time to first encrypted frame in a content stream

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

177 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Reducing time to first encrypted frame in a content stream

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

177 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links