SELECTIVELY ENCRYPTING DIFFERENT PORTIONS OF DATA SENT OVER A NETWORK

US 20070101123A1
Filed: 08/25/2006
Published: 05/03/2007
Est. Priority Date: 09/06/2000
Status: Active Grant

First Claim

Patent Images

1. An encryption bridge for selectively encrypting data to a client device, comprising:

a network card that is configured to send and receive data over a network; and

a processor that is operative to perform actions, including;

receiving a network packet;

parsing the network packet into a payload portion and a non-payload portion;

examining the payload portion of the parsed network packet for a predefined data type, and if the payload portion includes the predefined data type, selectively encrypting at least some of the payload portion;

combining at least the non-payload portion and the selectively encrypted payload portion; and

employing, in part, the network card, to send the combined portions in another network packet towards another network device, over the network.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus, system, and method are directed towards parsing and selectively encrypting different portions of data in real-time, decrypting the encrypted data in real-time, and passing the data to a media player on a client computer or other network capable device. Data in a network packet may be parsed into payload and non-payload portions. The payload portion of the packet data may then be examined to determine whether a predefined type of the data is recognized. For example, in one embodiment, the predefined data type may be media content. If the payload portion is recognized as a predefined data type, then it may be selectively encrypted. The selectively encrypted payload portion and non-payload portion of the packet may then be combined, such that the non-payload portion may be employed by firewalls, proxies, and/or NATs to route the packet towards the client computer or other network capable device.

Citations

15 Claims

1. An encryption bridge for selectively encrypting data to a client device, comprising:
- a network card that is configured to send and receive data over a network; and
  
  a processor that is operative to perform actions, including;
  
  receiving a network packet;
  
  parsing the network packet into a payload portion and a non-payload portion;
  
  examining the payload portion of the parsed network packet for a predefined data type, and if the payload portion includes the predefined data type, selectively encrypting at least some of the payload portion;
  
  combining at least the non-payload portion and the selectively encrypted payload portion; and
  
  employing, in part, the network card, to send the combined portions in another network packet towards another network device, over the network.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The encryption bridge of claim 1, wherein the processor is operative to perform actions, further comprising:
    - if the payload portion does not include a recognized predefined data type, based on the examination, then recombining the payload portion with the non-payload portion of the network packet; and
      
      employing, in part, the network card, to send the combined portions towards another network device, over the network.
  - 3. The encryption bridge of claim 1, wherein the processor is operative to perform actions, further comprising:
    - downloading onto the other network device, a component that is configured to enable the other component to decrypt the selectively encrypted payload portion of the network packet.
  - 4. The encryption bridge of claim 3, wherein the processor is operative to perform actions, further comprising:
    - exchanging encryption keys with the downloaded component for use in decrypting the selectively encrypted payload portion.
  - 5. The encryption bridge of claim 1, wherein the processor is operative to perform actions, further comprising:
    - if the other network device is compromised, terminating sending of network packets to the other network device.
  - 6. The encryption bridge of claim 1, wherein the predefined data types further comprises data associated with at least one of an electronic book, a medical record, a medical image, or financial data.

7. A computer-readable medium having computer-executable instructions for managing an data over a network, the computer-executable instructions when installed onto a computing device enable the computing device to perform actions, comprising:
- receiving a stream of network packets;
  
  parsing each network packet into a payload portion and a non-payload portion;
  
  examining the payload portion of each parsed network packet for a predefined data type, and if at least one of the payload portions includes the predefined data type, selectively encrypting on-the fly at least some of the at least one payload portion; and
  
  combining into network packets at least each of the non-payload portions and its respective selectively encrypted payload portion; and
  
  streaming the combined network packets over the network.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The computer-readable medium of claim 7, wherein the computing device to perform actions, further comprising:
    - negotiating an encryption/decryption key and key exchange with another computing device during streaming of the combined network packets over the network.
  - 9. The computer-readable medium of claim 7, wherein the computing device to perform actions, further comprising:
    - transparently to a user downloading and installing a component onto another computing device for use in decrypting the selectively encrypted payload portions of the streamed network packets.
  - 10. The computer-readable medium of claim 9, wherein the component is installed on the other computing device in volatile memory.
  - 11. The computer-readable medium of claim 7, wherein the computing device to perform actions, further comprising:
    - monitoring another computing device, to which the streamed network packets are being sent; and
      
      if it is determined that the other computing device is compromised, terminating the streaming of the network packets.
  - 12. The computer-readable medium of claim 7, wherein the computing device is configured to receive a different stream of network packets from a plurality of different servers, and to further provide streaming of combined network packets to a plurality of different client devices.
  - 13. The computer-readable medium of claim 12, wherein each of the plurality of different client devices receives a stream of combined network packets encrypted with a unique encryption key for the client device.

14. A system for managing data securely over a network, comprising:
- a first device that is operative to perform actions, including;
  
  receiving a network packet;
  
  parsing the network packet into a payload portion and a non-payload portion;
  
  examining the payload portion of the parsed network packet for a predefined data type, and if the payload portion includes the predefined data type, selectively encrypting at least some of the payload portion;
  
  combining at least the non-payload portion and the selectively encrypted payload portion; and
  
  communicating the combined portions over the network; and
  
  a second device that is operative to perform actions, including;
  
  receive and install a component transparently to a user of the second device;
  
  employ the installed component to;
  
  receive the combined portions of data in another network packet, parse the network packet into the payload and the non-payload portion, and decrypt the selectively encrypted payload portion.
- View Dependent Claims (15)
- - 15. The system of claim 14, wherein:
    - The first device and the second device are operative to negotiate and exchange a key for use in at least one of encrypting or decrypting the selectively encrypted payload portion.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Widevine Technologies Incorporated (Alphabet Inc.)
Inventors
Shapiro, Eric, Robertson, Dan, Baker, Brian, Walker, Amanda, Kollmyer, Aric, Taylor, Neal, Hunsche, Dick, Kollmyer, Brad, Rutman, Mike, MacLean, Duncan

Granted Patent

US 7,376,831 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/154
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 65/1101   Session protocols

H04L 65/70   Media network packetisation

H04L 65/765   intermediate

H04L 9/065   Encryption by serially and ...

H04N 21/23476   by partially encrypting, e....

H04N 21/8193   dedicated tools, e.g. video...

H04N 7/1675   Providing digital key or au...

SELECTIVELY ENCRYPTING DIFFERENT PORTIONS OF DATA SENT OVER A NETWORK

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

SELECTIVELY ENCRYPTING DIFFERENT PORTIONS OF DATA SENT OVER A NETWORK

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links