Search

US-12621522-B2 - Delegation within end to end encryption

US12621522B2US 12621522 B2US12621522 B2US 12621522B2US-12621522-B2

Abstract

A method includes receiving, via a processor, a subkey generated concurrently with a video. The video has a first format. A compute device requests the video. The compute device is configured to play videos having a second format. The compute device is not configured to play videos having the first format. The method also includes receiving, via the processor, an encrypted video. The video is encrypted to generate the encrypted video. The method further includes decrypting, via the processor, the encrypted video using the subkey to obtain the video. The method further includes reformatting, via the processor, the video to generate a reformatted video having the second format. The method further includes sending the reformatted video to the second compute device. The method further includes deleting the subkey in response to reformatting the video to generate the reformatted video.

Inventors

  • Benjamin J. BERCOVITZ
  • Anurag ARORA
  • Jingwen Li
  • Samuel J. YUEN
  • Aleksandr AVSEYEV
  • John TURKSON

Assignees

  • VERKADA INC.

Dates

Publication Date
20260505
Application Date
20250826

Claims (20)

  1. 1 . A method, comprising: receiving, via a processor of a first compute device, from a second compute device, and in response to the second compute device requesting a video, a subkey generated concurrently with generating the video that has a first format, the second compute device configured to play videos having a second format and not configured to play videos having the first format, the second compute device configured to decrypt an encrypted version of the subkey to obtain the subkey, the first compute device not configured to decrypt the encrypted version of the subkey; receiving, via the processor, an encrypted video including an encrypted version of the video; decrypting, via the processor, the encrypted video using the subkey to obtain the video; reformatting the video, via the processor, to generate a reformatted video having the second format; sending, via the processor, the reformatted video to the second compute device; and deleting, via the processor, the subkey in response to reformatting the video to generate the reformatted video.
  2. 2 . The method of claim 1 , wherein the encrypted video is received from a camera.
  3. 3 . The method of claim 1 , wherein the subkey is a first key, the method further comprising: sending, via the processor and to the second compute device, a second key encrypted by an encrypting version of a third key, the second compute device configured to decrypt the second key encrypted by the encrypting version of the third key using a decrypting version of the third key stored at the second compute device to obtain the second key.
  4. 4 . The method of claim 1 , wherein the subkey is a first subkey, the video is a portion of a composite video, and remaining portions of the composite video are associated with a second subkey different from the first subkey.
  5. 5 . The method of claim 1 , wherein the subkey is a first subkey, the video is a first video, a composite video includes the first video and a second video, the encrypted video is a first encrypted video, the reformatted video is a first reformatted video, and the method further includes: receiving, via the processor, from the second compute device, and in response to the second compute device requesting the second video, a second subkey generated concurrently with generating the second video that has the first format, the second compute device configured to decrypt an encrypted version of the second subkey to obtain the second subkey, the first compute device not configured to decrypt the encrypted version of the second subkey; receiving, via the processor, a second encrypted video including an encrypted version of the second video, the second encrypted video encrypted using an encrypting version of the second subkey and not encrypted using an encrypting version of the first subkey; decrypting, via the processor, the second encrypted video using the second subkey and not using the first subkey, to obtain the second video; reformatting the second video, via the processor, to generate a second reformatted video having the second format; sending, via the processor, the second reformatted video to the second compute device; and deleting, via the processor, the second subkey in response to reformatting the second video to generate the second reformatted video.
  6. 6 . The method of claim 1 , wherein the second compute device is configured to request the video (1) based on user input at a browser of the second compute device and (2) while the second compute device is logged into a user account.
  7. 7 . The method of claim 1 , further comprising: refraining from sending the video to the second compute device.
  8. 8 . The method of claim 1 , further comprising: refraining from sending the encrypted video to the second compute device.
  9. 9 . An apparatus, comprising: a memory; and a processor operatively coupled to the memory, the processor configured to: receive, from a first compute device, and in response to a second compute device requesting a video, a first key encrypted by an encrypting version of a second key, the first key generated concurrently with generating the video that has a first format, the second compute device configured to play videos having a second format and not configured to play videos having the first format; send, to the second compute device, the second key encrypted by an encrypting version of a third key; receive, from the second compute device, a decrypting version of the second key, the second compute device configured to decrypt the second key encrypted by the encrypting version of the third key using a decrypting version of the third key to obtain the decrypting version of the second key; decrypt the first key encrypted by the encrypting version of the second key using the decrypting version of the second key to obtain a decrypting version of the first key; receive, from the first compute device, the video encrypted by an encrypting version of the first key; decrypt the video encrypted by the encrypting version of first key using the decrypting version of the first key to obtain the video; reformat the video to generate a reformatted video having the second format; send the reformatted video to the second compute device; and delete the first key in response to reformatting the video to generate the reformatted video.
  10. 10 . The apparatus of claim 9 , wherein the first key is generated at the first compute device.
  11. 11 . The apparatus of claim 9 , wherein the video includes video captured by the first compute device.
  12. 12 . The apparatus of claim 9 , wherein the video is a first video, the first video is a portion of a composite video that includes a second video, the reformatted video is a first reformatted video, and the processor is further configured to: receive, from the first compute device, and in response to the second compute device requesting the second video, a fourth key encrypted by the encrypting version of a second key, the fourth key generated concurrently with generating the second video, the second video having the first format; decrypt the fourth key encrypted by the encrypting version of the second key using the decrypting version of the second key to obtain a decrypting version of the fourth key; receive, from the first compute device, the second video encrypted by an encrypting version of the fourth key; decrypt the second video encrypted by the encrypting version of fourth key using the decrypting version of the fourth key to obtain the second video; reformat the second video to generate a second reformatted video having the second format; send the second reformatted video to the second compute device; and delete the fourth key in response to reformatting the second video to generate the second reformatted video.
  13. 13 . A non-transitory, processor-readable medium storing instructions that, when executed by a processor, cause the processor to: receive, at a first compute device, from a second compute device, and in response to the second compute device requesting a video, a subkey, the video having a first format, the second compute device configured to play videos having a second format and not configured to play videos having the first format, the second compute device configured to decrypt an encrypted version of the subkey to obtain the subkey, the first compute device not configured to decrypt the encrypted version of the subkey; receive an encrypted video including an encrypted version of the video; decrypt the encrypted video using the subkey to obtain the video; and modify the video to generate a modified video having the second format, the modifying the video to generate the modified video including obfuscating an identifier.
  14. 14 . The non-transitory, processor-readable medium of claim 13 , wherein the non-transitory, processor-readable medium further stores instructions that, when executed by the processor, cause the processor to: encrypt the modified video to generate an encrypted modified video; and send the encrypted modified video to the second compute device.
  15. 15 . The non-transitory, processor-readable medium of claim 13 , wherein the non-transitory, processor-readable medium further stores instructions that, when executed by the processor, cause the processor to: delete the subkey in response to passage of a predefined period of time.
  16. 16 . The non-transitory, processor-readable medium of claim 13 , wherein the non-transitory, processor-readable medium further stores instructions that, when executed by the processor, cause the processor to: receive a request to save or copy the subkey; and in response to receiving the request to save or copy the subkey, delete the subkey.
  17. 17 . The non-transitory, processor-readable medium of claim 13 , wherein the identifier is at least one of a face or a license plate.
  18. 18 . The non-transitory, processor-readable medium of claim 13 , wherein the video is a first video, the subkey is a first subkey, the encrypted video is a first encrypted video, the modified video is a first modified video, and the non-transitory, processor-readable medium further stores instructions that, when executed by the processor, cause the processor to: receive, at the first compute device, from the second compute device, and in response to the second compute device requesting a second video, a second subkey, the second video having the first format, the second compute device configured to decrypt an encrypted version of the second subkey to obtain the second subkey, the first compute device not configured to decrypt the encrypted version of the second subkey; receive a second encrypted video including an encrypted version of the second video; decrypt the second encrypted video using the second subkey to obtain the second video; and modify the second video to generate a second modified video having the second format.
  19. 19 . The non-transitory, processor-readable medium of claim 13 , wherein the subkey is generated in response to generating the video.
  20. 20 . The non-transitory, processor-readable medium of claim 13 , wherein the subkey is generated concurrently with generating the video.

Description

CROSS REFERENCE TO RELATED APPLICATION This application claims priority to U.S. Provisional Patent Application No. 63/688,115, filed Aug. 28, 2024 and titled “DELEGATION WITHIN END TO END ENCRYPTION,” the contents of which are incorporated by reference herein in their entirety. FIELD One or more embodiments are related to a system and method for performing delegated end to end encryption. BACKGROUND Where data is exchanged amongst compute devices, limiting compute devices' access to that data and/or other data can be desirable in at least some situations. SUMMARY In an embodiment, a method includes receiving, via a processor of a first compute device, from a second compute device, and in response to the second compute device requesting a video, a subkey generated concurrently with (or overlapping in time with) the video. The video has a first format. The second compute device is configured to play videos having a second format. The second compute device is not configured to play videos having the first format. The second compute device is configured to decrypt an encrypted version of the subkey to obtain the subkey. The first compute device is not configured to decrypt the encrypted version of the subkey. The method further includes receiving, via the processor, an encrypted video including an encrypted version of the video. The method further includes decrypting, via the processor, the encrypted video using the subkey to obtain the video. The method further includes reformatting the video, via the processor, to generate a reformatted video having the second format. The method further includes sending the reformatted video to the second compute device. The method further includes deleting the subkey in response to reformatting the video to generate the reformatted video. In an embodiment, a first key encrypted by an encryption version of a second key is received from a first compute device and in response to a second compute device requesting a video. The first key is generated concurrently with (or overlapping in time with) generating the video that has a first format. The second compute device is configured to play videos having a second format. The second compute device is not configured to play videos having the first format. The second key encrypted by an encrypting version of a third key is sent to the second compute device. A decrypting version of the second key is received from the second compute device. The second compute device is configured to decrypt the second key encrypted by the encrypting version of the third key using a decrypting version of the third key to obtain the decrypting version of the second key. The first key encrypted by the encrypting version of the second key is decrypted using the decrypting version of the second key to obtain a decrypting version of the first key. The video encrypted by an encrypting version of the first key is received from the first compute device. The video encrypted by the encrypting version of first key is decrypted using the decrypting version of the first key to obtain the video. The video is reformatted to generate a reformatted video having the second format. The reformatted video is sent to the second compute device. The first key is deleted in response to reformatting the video to generate the reformatted video. In an embodiment, a subkey is received at a first compute device, from a second compute device, and in response to the second compute device requesting a video. The video has a first format. The second compute device is configured to play videos having the second format. The second compute device is not configured to play videos having the first format. The second compute device is configured to decrypt an encrypted version of the subkey to obtain the subkey. The first compute device is not configured to decrypt the encrypted version of the subkey. An encrypted video including an encrypted version of the video is received. The encrypted video is decrypted using the subkey to obtain the video. The video is modified to generate a modified video. The modified video has the second format. Modifying the video to generate the modified video includes obfuscating an identifier. BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 shows a block diagram of a system for performing delegated end to end encryption, according to an embodiment. FIG. 2 illustrates a process to transcode video, according to an embodiment. FIG. 3 illustrates a process to decrypt for background processing, according to an embodiment. FIG. 4 illustrates a process to transcode a video, according to an embodiment. FIG. 5 illustrates a dataflow for transcoding, according to an embodiment. FIG. 6 shows a flowchart of a method to generate and use a subkey, according to an embodiment. FIG. 7 shows a flowchart of a method for a delegated compute device to use a subkey, according to an embodiment. FIG. 8 illustrates a delegation system that does not include an agent, according to an embodiment.