Reducing time to first encrypted frame in a content stream

US 9,697,363 B1
Filed: 10/17/2012
Issued: 07/04/2017
Est. Priority Date: 12/12/2011
Status: Active Grant

First Claim

Patent Images

1. A client device, comprising:

a network interface coupled to a network; and

one or more processors coupled to the network interface that perform actions, including;

sending a request for a webpage that can be used to access a plurality of different content items from the client device to a first network device, wherein each of the plurality of different content items includes a plurality of encrypted frames, and wherein, for each of the plurality of different content items, one encrypted frame of the content item is presented before all other encrypted frames of the content item;

receiving a webpage load at the client device from the first network device, wherein the webpage load includes a plurality of key identifiers each associated with a different one of the plurality of different content items and a plurality of links and/or mechanisms that can each be used to access a different one of the plurality of different content items;

receiving a user selection of one of the plurality of links and/or mechanisms, wherein the user selection corresponds to a selected content item from the plurality of different content items;

in response to receiving the user selection, requesting the one encrypted frame of the selected content item;

prior to receiving the user selection, and prior to receiving the one encrypted frame of the selected content item at the client device, using one of the plurality of key identifiers to request access to a key from a second network device;

prior to or concurrent with receiving the one encrypted frame, receiving the key from the second network device; and

employing the key to decrypt the one encrypted frame.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are described for reducing time to decrypt a next encrypted frame in a content stream by optimizing a license/key acquisition process. When requesting content, a key identifier and/or license identifier may be included within a webpage using a link, script, or similar access point. When a client device sends a request for content, the loading of the webpage within the client device includes the embedded key identifier. Access to the key/license identifier at the client device then may initiate a key/license acquisition process by the client device. The key/license may be obtained from a key management device in parallel with, or prior to, downloading of at least a portion of the content stream.

182 Citations

18 Claims

1. A client device, comprising:
- a network interface coupled to a network; and
  
  one or more processors coupled to the network interface that perform actions, including;
  
  sending a request for a webpage that can be used to access a plurality of different content items from the client device to a first network device, wherein each of the plurality of different content items includes a plurality of encrypted frames, and wherein, for each of the plurality of different content items, one encrypted frame of the content item is presented before all other encrypted frames of the content item;
  
  receiving a webpage load at the client device from the first network device, wherein the webpage load includes a plurality of key identifiers each associated with a different one of the plurality of different content items and a plurality of links and/or mechanisms that can each be used to access a different one of the plurality of different content items;
  
  receiving a user selection of one of the plurality of links and/or mechanisms, wherein the user selection corresponds to a selected content item from the plurality of different content items;
  
  in response to receiving the user selection, requesting the one encrypted frame of the selected content item;
  
  prior to receiving the user selection, and prior to receiving the one encrypted frame of the selected content item at the client device, using one of the plurality of key identifiers to request access to a key from a second network device;
  
  prior to or concurrent with receiving the one encrypted frame, receiving the key from the second network device; and
  
  employing the key to decrypt the one encrypted frame.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The client device of claim 1, wherein the one or more processors perform actions, further including:
    - receiving within the webpage load and prior to or concurrent with receiving an other encrypted frame of the one of the plurality of different content items an other key associated with the other encrypted frame; and
      
      employing the other key to decrypt the other encrypted frame.
  - 3. The client device of claim 1, further comprising a memory device, wherein the client device pre-loads into the memory device and pre-initializes at least a decryption module usable to decrypt the one encrypted frame, wherein the decryption module is loaded prior to or concurrent with receiving of the key.
  - 4. The client device of claim 1, wherein multiple key identifiers are provided to the client device, the multiple key identifiers useable in a key rotation scheme implemented for protecting the one of the plurality of different content items.
  - 5. The client device of claim 1, wherein the one of the plurality of key identifiers is received within the webpage load using a script, or markup language.

6. A computer-based method operating on a client device, comprising:
- sending a request for a webpage that can be used to access a plurality of different content items from the client device to a first network device, wherein each of the plurality of different content items includes a plurality of encrypted frames, and wherein, for each of the plurality of different content items, one encrypted frame of the content item is presented before all other encrypted frames of the content item;
  
  receiving a webpage load at the client device from the first network device, wherein the webpage load includes a plurality of key identifiers each associated with a different one of the plurality of different content items and a plurality of links and/or mechanisms that can each be used to access a different one of the plurality of different content items;
  
  receiving a user selection of one of the plurality of links and/or mechanisms, wherein the user selection corresponds to a selected content item from the plurality of different content items;
  
  in response to receiving the user selection, requesting the one encrypted frame of the selected content item;
  
  prior to receiving the user selection, and prior to receiving the one encrypted frame of the selected content item at the client device, using one of the plurality of key identifiers to request access to a key from a second network device;
  
  prior to or concurrent with receiving the one encrypted frame, receiving the key from the second network device; and
  
  employing the key to decrypt the one encrypted frame.
- View Dependent Claims (7, 8, 9, 10, 11)
- - 7. The computer-based method of claim 6, wherein the one of the plurality of key identifiers is embedded within a uniform resource locator (URL) useable to identify the one of the plurality of different content items.
  - 8. The computer-based method of claim 6, wherein the one of the plurality of key identifiers is received within the webpage load using a script.
  - 9. The computer-based method of claim 6, wherein multiple key identifiers are provided to the client device, the multiple key identifiers useable in a key rotation scheme implemented for protecting the one of the plurality of different content items.
  - 10. The computer-based method of claim 6, wherein the client device pre-loads into a memory device at least a decryption module usable to decrypt the one encrypted frame, wherein the decryption module is loaded prior to or concurrent with receiving of the key.
  - 11. The computer-based method of claim 6, wherein the second network device is a key management device.

12. A network device, comprising:
- a memory device for storing key identifiers associated with content; and
  
  one or more processors coupled to the memory device that perform actions, including;
  
  receiving a request for a webpage that can be used to access a plurality of different content items from a client device, wherein each of the plurality of different content items includes a plurality of encrypted frames, and wherein, for each of the plurality of different content items, one encrypted frame of the content item is presented before all other encrypted frames of the content item;
  
  sending a webpage load to the client device, wherein the webpage load includes a plurality of key identifiers each associated with a different one of the plurality of different content items and a plurality of links and/or mechanisms that can each be used to access a different one of the plurality of different content items;
  
  receiving a request for the one encrypted frame, from the client device, wherein the request corresponds to a user selection of one of the plurality of links and/or mechanisms, and wherein the user selection corresponds to a selected content item from the plurality of different content items;
  
  prior to receiving the request, and prior to sending the one encrypted frame of the selected content item, using one of the plurality of key identifiers to request access to a key from a second network device;
  
  prior to or concurrent with sending the one encrypted frame, sending the key to the client device.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The network device of claim 12, wherein sending the webpage load includes embedding the one of the plurality of key identifiers within the webpage load using at least a uniform resource locator (URL) associated with the one of the plurality of different content items.
  - 14. The network device of claim 12, wherein sending the webpage load includes embedding the one of the plurality of key identifiers within the webpage load using a script.
  - 15. The network device of claim 12, wherein the actions further including:
    - determining that the one of the plurality of different content items is protected with a key rotation scheme; and
      
      providing a second key identifier to the client device such that the client device initiates a second key request for a second key prior to receipt by the client device of a second portion of the one of the plurality of different content items that is protected by the second key.
  - 16. The network device of claim 12, wherein sending the webpage load includes embedding a plurality of key identifiers usable in a key rotation scheme for the one of the plurality of different content items.
  - 17. The network device of claim 12, wherein receiving a request for the webpage comprises receiving a request for more information about the one of the plurality of different content items.
  - 18. The network device of claim 12, wherein receiving a request for the webpage comprises receiving a request for the one of the plurality of different content items.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
Dorwin, David Kimbal
Primary Examiner(s)
Kim, Tae
Assistant Examiner(s)
Ku, Shiuh-Huei

Application Number

US13/654,271
Time in Patent Office

1,721 Days
Field of Search

380200, 380223, 380226-227, 380277-279, 380 42- 43, 380 46, 713171, 713190-191, 713150, 726 26
US Class Current
CPC Class Codes

G06F 11/3003   Monitoring arrangements spe...

G06F 21/105   Arrangements for software l...

G06F 21/1062   Editing

G06F 21/1073   Conversion

G06F 21/50   Monitoring users, programs ...

G06F 21/60   Protecting data

G06F 21/602   Providing cryptographic fac...

G06F 21/62   Protecting access to data v...

G06F 21/6209   to a single file or object,...

G06F 40/143   Markup, e.g. Standard Gener...

G06T 11/00   2D [Two Dimensional] image ...

G11B 20/00086   Circuits for prevention of ...

H04L 2209/603   Digital right managament [DRM]

H04L 2463/101   applying security measures ...

H04L 2463/103   applying security measure f...

H04L 47/801   Real time traffic

H04L 47/805   QOS or priority aware

H04L 63/00   Network architectures or ne...

H04L 63/0428   wherein the data content is...

H04L 63/06   for supporting key manageme...

H04L 63/0876 : based on the identity of th...

H04L 63/102 : Entity profiles

H04L 65/1101 : Session protocols

H04L 65/1108 : Web based protocols, e.g. w...

H04L 65/613 : for the control of the sour...

H04L 65/762 : at the source reformatting...

H04L 65/80 : Responding to QoS

H04L 9/0631 : Substitution permutation ne...

H04L 9/0861 : Generation of secret inform...

H04L 9/32 : including means for verifyi...

H04N 21/2347 : involving video stream encr...

H04N 21/24 : Monitoring of processes or ...

H04N 21/25825 : involving client display ca...

H04N 21/25833 : involving client hardware c...

H04N 21/41407 : embedded in a portable devi...

H04N 21/4405 : involving video stream decr...

H04N 21/4516 : involving client characteri...

View All

Reducing time to first encrypted frame in a content stream

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

182 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Reducing time to first encrypted frame in a content stream

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

182 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others