Apparatus, system and method for selectively encrypting different portions of data sent over a network
DCFirst Claim
1. An apparatus for selectively encrypting data for transmission over a network in packets between a server and a client, the apparatus comprising:
- a parser configured to parse a payload portion of the data in a packet from a non-payload portion of the packet data;
an encrypter configured to determine if the payload portion of the packet data is to be encrypted by examining the payload portion of the packet data to recognize a predefined data type, and if it is to be encrypted, to encrypt the payload portion of the packet data; and
a data combiner configured to combine the encrypted payload portion of the packet data with the non-payload portion of the packet data, wherein the non-payload portion of the packet data includes more than routing information.
6 Assignments
Litigations
0 Petitions
Reexamination
Accused Products
Abstract
An apparatus and method for selectively encrypting portions of data sent over a network between a server and a client. The apparatus includes parsing means for separating a first portion of the data from a second portion of the data, encrypting means for encrypting only of the first portion of the data, and combining means for combining the encrypted first portion of the data with the second portion of the data, wherein the second portion of the data is not encrypted. The apparatus further includes decrypting means installed at the client for decrypting the encrypted portion of the data. The apparatus is platform independent in terms of media format and data protocol. The encryption unit encrypts data transparently to the client based on the media format. The apparatus of the invention is implemented as one of an application and a plug-in object. The method for selectively encrypting portions of data which differ from each other in at least on characteristic sent over a network between a server and a client includes parsing the data into a first and second portion, encrypting only the first portion of the data, and sending the encrypted first portion and the second portion of the data over the network to the client. The method further includes receiving data from the server, determining whether a data stream is established between the server and the client, and negotiating an encryption key with a decryption shim of the client.
282 Citations
94 Claims
-
1. An apparatus for selectively encrypting data for transmission over a network in packets between a server and a client, the apparatus comprising:
-
a parser configured to parse a payload portion of the data in a packet from a non-payload portion of the packet data; an encrypter configured to determine if the payload portion of the packet data is to be encrypted by examining the payload portion of the packet data to recognize a predefined data type, and if it is to be encrypted, to encrypt the payload portion of the packet data; and a data combiner configured to combine the encrypted payload portion of the packet data with the non-payload portion of the packet data, wherein the non-payload portion of the packet data includes more than routing information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method for selectively encrypting data in a packet received from a data source, the data including payload and non-payload portions which differ from each other in at least one characteristic, the received data to be subsequently sent over a network to a client, the method comprising:
-
parsing the received packet data into portions including the payload and non-payload portions; determining if the payload portion is to be encrypted based on a format of the payload portion of the packet data by examining the payload portion of the packet data to recognize a predefined data type, and if it is to be encrypted, encrypting the payload portion of the received packet data; and sending the received packet data including the encrypted payload portion and the non-payload portion of the received packet data over the network to the client. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
-
-
37. A method for streaming data at a client, the data including payload and non-payload portions which differ from each other in at least one characteristic, the streaming data is included in a plurality of packets having been sent over a network to the client from an encryption source, the method comprising:
-
receiving the packet data sent over the network; parsing the packet data into portions including the payload and non-payload portions; if the payload portion of the packet data is encrypted based on a format of the payload portion of the packet data, as determined by an examination of the payload portion of the packet data to recognize a predefined data type, decrypting the payload portion of the packet data; and passing the decrypted payload portion of the packet data to a higher level of operations for play in the client. - View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49)
-
-
50. A method for selectively encrypting data for transmission over a network, the method comprising:
-
receiving a plurality of packets; examining the data of each received packet to identify a plurality of portions that include at least a payload portion and a non-payload portion; determining if at least one of the payload portion is to be encrypted by examining the at least one payload portion to recognize a predefined data type, and if the at least one payload portion is to be encrypted, encrypting the at least one payload portion; at least the non-payload portion of the packet to remain unencrypted, wherein the plurality of portions of encrypted payload and unencrypted non-payload for a packet being combined after such encryption determination. - View Dependent Claims (51, 52, 53, 54, 55, 56, 57)
-
-
58. An apparatus for selectively encrypting streaming data packets received from a streaming data source for transmission over a network to a client, the apparatus comprising:
-
a parser configured to parse a plurality of portions of the streaming data packets, wherein the plurality of portions include a payload portion and a non-payload portion in each of the streaming data packets; an encrypter configured to encrypt at least the payload portion if it is determined, based on an examination of a format of the payload portion to recognize a predefined data type, payload portion is to be encrypted, but not encrypt at least one other data portion of the plurality of data portions; and a data combiner configured to combine the encrypted payload portion with at least one unencrypted non-payload data portion. - View Dependent Claims (59, 60, 61, 62, 63)
-
-
64. An apparatus for selectively encrypting data received from a data source for transmission in packets over a network to a client, comprising:
-
a parser configured to parse at least two portions of the packet data, at least one of the two portions of the packet data including more than routing information for a packet; an encrypter configured to determine if a payload portion of the packet data is to be encrypted based on an examination of the payload portion the packet data to recognize a predefined data type, and if it is to be encrypted, encrypting the payload portion of packet data not including the routing information for the packet; and a data combiner configured to combine the parsed at least two portions of the packet data following encryption of the payload portion of data not including the routing information for the packet. - View Dependent Claims (65, 66, 67, 68, 69)
-
-
70. An apparatus for selectively encrypting data received from a data source during a downloading operation, the data being received from the data source for transmission in packets over a network to a client receiving the downloaded packetized data, comprising:
-
a parser configured to parse at least two portions of the data in a packet, wherein the packet data includes a payload portion and a non-payload portion; an encrypter configured to determine if the payload portion of the packet data is to be encrypted based on a format of the payload portion of the packet data, wherein the format is determined based on an examination of the payload portion of the packet data to recognize a predefined data type, and if it is to be encrypted, encrypting the payload portion of the packet data; and a data combiner configured to combine the encrypted payload portion of the packet data with an unencrypted portion of packet data for transmission over the network. - View Dependent Claims (71, 72, 73)
-
-
74. An apparatus for selectively encrypting data, received from a data source during a downloading operation and for selectively encrypting data received in packets from a data source during a streaming operation, the packet data being received from the data source for transmission over a network to a client receiving the downloaded or streaming data, comprising:
-
a means for parsing at least two portions of the data included in a packet, wherein the packet data comprises at least a payload portion and a non-payload portion; a means for determining if the payload portion of the at least two portions of data is to be encrypted based on a format of the one portion of packet data that is determined by recognizing a predefined data type in the payload portion of the at least two portions, and if the a payload portion of data is to be encrypted, employing a means for encrypting only the payload portion of the at least two portions of data; and a means for combining the encrypted payload portion of the packet data with at least the unencrypted portion of the packet data for transmission over the network. - View Dependent Claims (75, 76, 77, 78, 79, 80)
-
-
81. A shim deployed on a client, the shim comprising:
-
a data receiver configured to receive partially encrypted packet data transmitted to the client, wherein another device parsed the packet data into a payload portion and a non-payload portion and determined the payload portion of the packet data to be encrypted based on a format of the payload portion of the packet data, wherein the format is determined by an examination of that payload portion of the packet data to recognize a predefined data type; a parser configured to parse the partially encrypted packet data to select the payload portion of the packet data to be decrypted; a decrypter configured to decrypt the payload portion of the packet data selected for decrypting by the parser; and a data transmitter configured to send the decrypted packet data to a higher level operation resident on the client. - View Dependent Claims (82, 83, 84, 85, 86, 87, 88, 89, 90, 91)
-
-
92. A method for providing data in packets over a network, comprising:
-
determining a plurality of portions of data in a packet that includes a payload portion and a non-payload portion; determining if at least the payload portion of the plurality of portions of the packet data is to be encrypted based an examination of the payload portion, wherein the examination is to recognize a predefined data type and if the payload portion is to be encrypted, selectively encrypting the payload portion in the plurality of portions, wherein at least one other non-payload portion remains unencrypted; authenticating a client to receive the packet that includes the selectively encrypted payload portion; and transmitting the packet that includes the selectively encrypted payload portion to the authenticated client. - View Dependent Claims (93, 94)
-
Specification