Selectively encrypting different portions of data sent over a network

US 7,376,831 B2
Filed: 08/25/2006
Issued: 05/20/2008
Est. Priority Date: 09/06/2000
Status: Expired due to Term

- Alert
- Pin

First Claim

Patent Images

1. An encryption bridge for selectively encrypting data to a client device, comprising:

a network component that is configured to send and receive data over a network; and

a processor that is operative to perform actions, including;

receiving a packet;

examining a payload portion of the packet for a predefined data type, and if the payload portion includes the predefined data type, selectively encrypting the payload portion and;

employing, in part, the network component, to send the selectively encrypted payload portion in another packet towards another network device, over the network.

View all claims

6 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Reexamination

Accused Products

Abstract

An apparatus, system, and method are directed towards parsing and selectively encrypting different portions of data in real-time, decrypting the encrypted data in real-time, and passing the data to a media player on a client computer or other network capable device. Data in a network packet may be parsed into payload and non-payload portions. The payload portion of the packet data may then be examined to determine whether a predefined type of the data is recognized. For example, in one embodiment, the predefined data type may be media content. If the payload portion is recognized as a predefined data type, then it may be selectively encrypted. The selectively encrypted payload portion and non-payload portion of the packet may then be combined, such that the non-payload portion may be employed by firewalls, proxies, and/or NATs to route the packet towards the client computer or other network capable device.

Citations

17 Claims

1. An encryption bridge for selectively encrypting data to a client device, comprising:
- a network component that is configured to send and receive data over a network; and
  
  a processor that is operative to perform actions, including;
  
  receiving a packet;
  
  examining a payload portion of the packet for a predefined data type, and if the payload portion includes the predefined data type, selectively encrypting the payload portion and;
  
  employing, in part, the network component, to send the selectively encrypted payload portion in another packet towards another network device, over the network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The encryption bridge of claim 1, wherein the processor is operative to perform actions, further comprising:
    - if the payload portion does not include a recognized predefined data type, based on the examination, thenemploying, in part, the network component, to send the payload and non-payload portions towards another network device, over the network.
  - 3. The encryption bridge of claim 1, wherein the processor is operative to perform actions, further comprising:
    - downloading onto the other network device, a component that is configured to enable the other network device to decrypt the selectively encrypted payload portion of the other packet.
  - 4. The encryption bridge of claim 3, wherein the processor is operative to perform actions, further comprising:
    - exchanging encryption keys with the downloaded component for use in decrypting the selectively encrypted payload portion.
  - 5. The encryption bridge of claim 1, wherein the processor is operative to perform actions, further comprising:
    - if the other network device is compromised, terminating sending of packets to the other network device.
  - 6. The encryption bridge of claim 1, wherein the predefined data types further comprises data associated with at least one of multimedia content, an electronic book,a medical record, a medical image, or financial data.
  - 7. The encryption bridge of claim 1, where the processor is operative to perform actions, further comprising:
    - parsing the packet into a payload portion and a non-payload portion.
  - 8. The encryption bridge of claim 1, where the processor is operative to perform actions, further comprising:
    - combining at least the non-payload portion and the selectively encrypted payload portion.

9. A computer-readable storage medium having computer-executable instructions for managing data over a network, the computer-executable instructions when installed onto a computing device enable the computing device to perform actions, comprising:
- receiving a stream of packets;
  
  examining a payload portion of each packet for a predefined data type, and if at least one of the payload portions includes the predefined data type, selectively encrypting the at least one payload portion; and
  
  streaming at least the selectively encrypted payload portions in packets over the network.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The computer-readable storage medium of claim 9, further comprising:
    - negotiating an encryption/decryption key and key exchange with another computing device for use in decrypting of the streaming packets.
  - 11. The computer-readable storage medium of claim 9, wherein the computing device to perform actions, further comprising:
    - enabling downloading and installing of a component onto another computing device for use in decrypting the selectively encrypted payload portions of the streamed packets.
  - 12. The computer-readable storage medium of claim 11, wherein the component is installed on the other computing device in volatile memory.
  - 13. The computer-readable storage medium of claim 9, wherein the computing device to perform actions, further comprising:
    - monitoring another computing device, to which the streamed network packets are being sent; and
      
      if it is determined that the other computing device is compromised, terminating the streaming of the packets.
  - 14. The computer-readable storage medium of claim 9, wherein the computing device is configured to receive a different stream of network packets from a plurality of different servers, and to further provide streaming of network packets to a plurality of different client devices.
  - 15. The computer-readable storage medium of claim 14, wherein each of the plurality of different client devices receives a stream of network packets selectively encrypted with a unique encryption key for the client device.

16. A system for managing data securely over a network, comprising:
- a first device that is operative to perform actions, including;
  
  receiving a packet;
  
  examining a payload portion of the packet for a predefined data type, and if the payload portion includes the predefined data type, selectively encrypting the payload portion and;
  
  communicating the selectively encrypted portions over the network in a packet; and
  
  a second device that is operative to perform actions, including;
  
  receiving the communicated packet,parsing the received packet into the payload and the non-payload portion, anddecrypting the selectively encrypted payload portion.
- View Dependent Claims (17)
- - 17. The system of claim 16, wherein:
    - The second device is operative to negotiate and exchange a key for use in at least one of encrypting or decrypting the selectively encrypted payload portion with another device.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Widevine Technologies Incorporated (Alphabet Inc.)
Inventors
Robertson, Dan, Walker, Amanda, Kollmyer, Aric, Taylor, Neal, Hunsche, Dick, Kollmyer, Brad, Rutman, Mike, Shapiro, Eric Bradley, Baker, Brian A., MacLean, Charles Duncan
Primary Examiner(s)
Zand; Kambiz
Assistant Examiner(s)
Nalven; Andrew L

Application Number

US11/467,510
Publication Number

US 20070101123A1
Time in Patent Office

634 Days
Field of Search

713/160, 713/154, 380/42, 380/283, 709/250, 709/246, 709/232
US Class Current

713/154
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 65/1101   Session protocols

H04L 65/70   Media network packetisation

H04L 65/765   intermediate

H04L 9/065   Encryption by serially and ...

H04N 21/23476   by partially encrypting, e....

H04N 21/8193   dedicated tools, e.g. video...

H04N 7/1675   Providing digital key or au...

Selectively encrypting different portions of data sent over a network

First Claim

6 Assignments

Litigations

0 Petitions

Reexamination

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Selectively encrypting different portions of data sent over a network

First Claim

6 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Reexamination

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links