SELECTIVELY ENCRYPTING DIFFERENT PORTIONS OF DATA SENT OVER A NETWORK
First Claim
1. An encryption bridge for selectively encrypting data to a client device, comprising:
- a network card that is configured to send and receive data over a network; and
a processor that is operative to perform actions, including;
receiving a network packet;
parsing the network packet into a payload portion and a non-payload portion;
examining the payload portion of the parsed network packet for a predefined data type, and if the payload portion includes the predefined data type, selectively encrypting at least some of the payload portion;
combining at least the non-payload portion and the selectively encrypted payload portion; and
employing, in part, the network card, to send the combined portions in another network packet towards another network device, over the network.
6 Assignments
0 Petitions
Accused Products
Abstract
An apparatus, system, and method are directed towards parsing and selectively encrypting different portions of data in real-time, decrypting the encrypted data in real-time, and passing the data to a media player on a client computer or other network capable device. Data in a network packet may be parsed into payload and non-payload portions. The payload portion of the packet data may then be examined to determine whether a predefined type of the data is recognized. For example, in one embodiment, the predefined data type may be media content. If the payload portion is recognized as a predefined data type, then it may be selectively encrypted. The selectively encrypted payload portion and non-payload portion of the packet may then be combined, such that the non-payload portion may be employed by firewalls, proxies, and/or NATs to route the packet towards the client computer or other network capable device.
-
Citations
15 Claims
-
1. An encryption bridge for selectively encrypting data to a client device, comprising:
-
a network card that is configured to send and receive data over a network; and
a processor that is operative to perform actions, including;
receiving a network packet;
parsing the network packet into a payload portion and a non-payload portion;
examining the payload portion of the parsed network packet for a predefined data type, and if the payload portion includes the predefined data type, selectively encrypting at least some of the payload portion;
combining at least the non-payload portion and the selectively encrypted payload portion; and
employing, in part, the network card, to send the combined portions in another network packet towards another network device, over the network. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer-readable medium having computer-executable instructions for managing an data over a network, the computer-executable instructions when installed onto a computing device enable the computing device to perform actions, comprising:
-
receiving a stream of network packets;
parsing each network packet into a payload portion and a non-payload portion;
examining the payload portion of each parsed network packet for a predefined data type, and if at least one of the payload portions includes the predefined data type, selectively encrypting on-the fly at least some of the at least one payload portion; and
combining into network packets at least each of the non-payload portions and its respective selectively encrypted payload portion; and
streaming the combined network packets over the network. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. A system for managing data securely over a network, comprising:
-
a first device that is operative to perform actions, including;
receiving a network packet;
parsing the network packet into a payload portion and a non-payload portion;
examining the payload portion of the parsed network packet for a predefined data type, and if the payload portion includes the predefined data type, selectively encrypting at least some of the payload portion;
combining at least the non-payload portion and the selectively encrypted payload portion; and
communicating the combined portions over the network; and
a second device that is operative to perform actions, including;
receive and install a component transparently to a user of the second device;
employ the installed component to;
receive the combined portions of data in another network packet, parse the network packet into the payload and the non-payload portion, anddecrypt the selectively encrypted payload portion. - View Dependent Claims (15)
-
Specification