Interoperable Systems and Methods for Peer-to-Peer Service Orchestration

US 20080056500A1
Filed: 07/27/2007
Published: 03/06/2008
Est. Priority Date: 06/05/2003
Status: Abandoned Application

First Claim

Patent Images

1. A method of distributing cryptographic keys for enabling access to encrypted digital content, the method comprising:

creating a plurality of link objects, each link object representing a logical relationship between at least two nodes, each link object containing information identifying at least two nodes, and each link object further containing key derivation information, the key derivation information for use, in combination with key derivation information contained in other link objects, in obtaining a decryption key for use in obtaining access to digital content or rights thereto;

targeting the decryption key to a first node; and

distributing the plurality of link objects to a second node, the plurality of link objects logically connecting the second node to the first node, the key derivation information contained in the plurality of link objects, in combination with at least one cryptographic key stored in memory of a computer system associated with the second node, enabling the second node to obtain the decryption key.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are described for performing policy-managed, peer-to-peer service orchestration in a manner that supports the formation of self-organizing service networks that enable rich media experiences. In one embodiment, services are distributed across peer-to-peer communicating nodes, and each node provides message routing and orchestration using a message pump and workflow collator. Distributed policy management of service interfaces helps to provide trust and security, supporting commercial exchange of value. Peer-to-peer messaging and workflow collation allow services to be dynamically created from a heterogeneous set of primitive services. The shared resources are services of many different types, using different service interface bindings beyond those typically supported in a web service deployments built on UDDI, SOAP, and WSDL. In a preferred embodiment, a media services framework is provided that enables nodes to find one another, interact, exchange value, and cooperate across tiers of networks from WANs to PANs.

129 Citations

View as Search Results

34 Claims

1. A method of distributing cryptographic keys for enabling access to encrypted digital content, the method comprising:
- creating a plurality of link objects, each link object representing a logical relationship between at least two nodes, each link object containing information identifying at least two nodes, and each link object further containing key derivation information, the key derivation information for use, in combination with key derivation information contained in other link objects, in obtaining a decryption key for use in obtaining access to digital content or rights thereto;
  
  targeting the decryption key to a first node; and
  
  distributing the plurality of link objects to a second node, the plurality of link objects logically connecting the second node to the first node, the key derivation information contained in the plurality of link objects, in combination with at least one cryptographic key stored in memory of a computer system associated with the second node, enabling the second node to obtain the decryption key.

2. The method of claim 126, further comprising:
- executing a digital rights management engine to process the plurality of link objects to obtain the decryption key and to obtain access to the digital content in accordance with one or more control objects associated therewith.

3. The method of claim 126, further comprising:
- verifying a digital signature associated with at least one link object.
- View Dependent Claims (4)
- - 4. The method of claim 3, further comprising:
    - verifying a certificate associated with a key used to sign the at least one link object to determine if the key was authorized to sign the at least one link object.

5. A method comprising:
- receiving a plurality of link objects, each link object containing node identification information identifying at least two nodes, and each link object further containing key derivation information, the key derivation information comprising at least one encrypted cryptographic key;
  
  using a locally stored cryptographic key to decrypt an encrypted first cryptographic key, the encrypted first cryptographic key being contained in a first link object; and
  
  using the first cryptographic key to decrypt an encrypted second cryptographic key, the encrypted second cryptographic key being contained in a second link object.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 6. The method of claim 5, further comprising:
    - using the second cryptographic key to decrypt an encrypted third cryptographic key, the encrypted third cryptographic key being contained in a third link object.
  - 7. The method of claim 6, further comprising:
    - using the third cryptographic key to decrypt a piece of electronic content and/or an object controlling rights thereto.
  - 8. The method of claim 5, further comprising:
    - using the second cryptographic key to decrypt a piece of electronic content and/or an object controlling rights thereto.
  - 9. The method of claim 5, further comprising:
    - receiving a request from a user to access a piece of electronic content; and
      
      using a digital rights management engine to determine if the request may be granted, including evaluating at least the first link object and the second link object to determine if a first node object associated with a first entity is reachable from a second node object associated with a second entity.
  - 10. The method of claim 9, in which the first entity comprises an entity that certifies other entities to be members of one or more classes, and in which the second entity comprises the user.
  - 11. The method of claim 6, further comprising:
    - receiving a request from a user to access a piece of electronic content; and
      
      using a digital rights management engine to determine if the request may be granted, including evaluating at least the first link object, the second link object, and the third link object to determine if a first node object associated with a first entity is reachable from a second node object associated with a second entity.
  - 12. The method of claim 5, in which the locally stored cryptographic key comprises a private key of an asymmetric key pair.
  - 13. The method of claim 12, in which the first cryptographic key comprises a second private key of a second asymmetric key pair.
  - 14. The method of claim 13, in which the second cryptographic key comprises a third private key of a third asymmetric key pair.

15. A system for distributing cryptographic keys, the system comprising:
- means for creating a plurality of link objects, each link object representing a logical relationship between at least two nodes, each link object containing information identifying at least two nodes, and each link object further containing key derivation information, the key derivation information for use, in combination with key derivation information contained in other link objects, in obtaining a decryption key for use in obtaining access to digital content or rights thereto;
  
  means for targeting the decryption key to a first node; and
  
  means for distributing the plurality of link objects to a second node, the plurality of link objects logically connecting the second node to the first node, the key derivation information contained in the plurality of link objects, in combination with at least one cryptographic key stored in memory of a computer system associated with the second node, enabling the second node to obtain the decryption key.
- View Dependent Claims (16, 17, 18)
- - 16. The system of claim 15, further comprising:
    - means for executing a digital rights management engine to process the plurality of link objects to obtain the decryption key and to obtain access to the digital content in accordance with one or more control objects associated therewith.
  - 17. The system of claim 15, further comprising:
    - means for verifying a digital signature associated with at least one link object.
  - 18. The system of claim 17, further comprising:
    - means for verifying a certificate associated with a key used to sign the at least one link object to determine if the key was authorized to sign the at least one link object.

19. A system comprising:
- means for receiving a plurality of link objects, each link object containing node identification information identifying at least two nodes, and each link object further containing key derivation information, the key derivation information comprising at least one encrypted cryptographic key;
  
  means for using a locally stored cryptographic key to decrypt an encrypted first cryptographic key, the encrypted first cryptographic key being contained in a first link object; and
  
  means for using the first cryptographic key to decrypt an encrypted second cryptographic key, the encrypted second cryptographic key being contained in a second link object.
- View Dependent Claims (20, 21, 22, 23, 24)
- - 20. The system of claim 19, further comprising:
    - means for using the second cryptographic key to decrypt an encrypted third cryptographic key, the encrypted third cryptographic key being contained in a third link object.
  - 21. The system of claim 20, further comprising:
    - means for using the third cryptographic key to decrypt a piece of electronic content and/or an object controlling rights thereto.
  - 22. The system of claim 19, further comprising:
    - means for using the second cryptographic key to decrypt a piece of electronic content and/or an object controlling rights thereto.
  - 23. The system of claim 19, further comprising:
    - means for receiving a request from a user to access a piece of electronic content; and
      
      means for using a digital rights management engine to determine if the request may be granted, including means for evaluating at least the first link object and the second link object to determine if a first node object associated with a first entity is reachable from a second node object associated with a second entity.
  - 24. The system of claim 20, further comprising:
    - means for receiving a request from a user to access a piece of electronic content; and
      
      means for using a digital rights management engine to determine if the request may be granted, including evaluating at least the first link object, the second link object, and the third link object to determine if a first node object associated with a first entity is reachable from a second node object associated with a second entity.

25. A computer-readable medium comprising program code, the program code being operable, when executed by a computer system, to cause the computer system to perform steps comprising:
- creating a plurality of link objects, each link object representing a logical relationship between at least two nodes, each link object containing information identifying at least two nodes, and each link object further containing key derivation information, the key derivation information for use, in combination with key derivation information contained in other link objects, in obtaining a decryption key for use in obtaining access to digital content or rights thereto;
  
  targeting the decryption key to a first node; and
  
  distributing the plurality of link objects to a second node, the plurality of link objects logically connecting the second node to the first node, the key derivation information contained in the plurality of link objects, in combination with at least one cryptographic key stored in memory of a computer system associated with the second node, enabling the second node to obtain the decryption key.
- View Dependent Claims (26, 27, 28)
- - 26. The computer-readable medium of claim 25, further including program code that is operable, when executed by the computer system, to cause the computer system to perform the step of:
    - executing a digital rights management engine to process the plurality of link objects to obtain the decryption key and to obtain access to the digital content in accordance with one or more control objects associated therewith.
  - 27. The computer-readable medium of claim 25, further including program code that is operable, when executed by the computer system, to cause the computer system to perform the step of:
    - verifying a digital signature associated with at least one link object.
  - 28. The computer-readable medium of claim 27, further including program code that is operable, when executed by the computer system, to cause the computer system to perform the step of:
    - verifying a certificate associated with a key used to sign the at least one link object to determine if the key was authorized to sign the at least one link object.

29. A computer-readable medium comprising program code, the program code being operable, when executed by a computer system, to cause the computer system to perform steps comprising:
- obtaining a plurality of link objects, each link object containing node identification information identifying at least two nodes, and each link object further containing key derivation information, the key derivation information comprising at least one encrypted cryptographic key;
  
  using a cryptographic key stored in memory of the computer system to decrypt an encrypted first cryptographic key, the encrypted first cryptographic key being contained in a first link object; and
  
  using the first cryptographic key to decrypt an encrypted second cryptographic key, the encrypted second cryptographic key being contained in a second link object.
- View Dependent Claims (30, 31, 32, 33, 34)
- - 30. The computer-readable medium of claim 29, further including program code that is operable, when executed by the computer system, to cause the computer system to perform the step of:
    - using the second cryptographic key to decrypt an encrypted third cryptographic key, the encrypted third cryptographic key being contained in a third link object.
  - 31. The computer-readable medium of claim 30, further including program code that is operable, when executed by the computer system, to cause the computer system to perform the step of:
    - using the third cryptographic key to decrypt a piece of electronic content and/or an object controlling rights thereto.
  - 32. The computer-readable medium of claim 29, further including program code that is operable, when executed by the computer system, to cause the computer system to perform the step of:
    - using the second cryptographic key to decrypt a piece of electronic content and/or an object controlling rights thereto.
  - 33. The computer-readable medium of claim 29, further including program code that is operable, when executed by the computer system, to cause the computer system to perform steps comprising:
    - receiving a request from a user to access a piece of electronic content; and
      
      using a digital rights management engine running on the computer system to determine if the request may be granted, including evaluating at least the first link object and the second link object to determine if a first node object associated with a first entity is reachable from a second node object associated with the computer system or the user.
  - 34. The computer-readable medium of claim 30, further including program code that is operable, when executed by the computer system, to cause the computer system to perform steps comprising:
    - receiving a request from a user of the computer system to access a piece of electronic content; and
      
      using a digital rights management engine running on the computer system to determine if the request may be granted, including evaluating at least the first link object, the second link object, and the third link object to determine if a first node object associated with a first entity is reachable from a second node object associated with a second entity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Original Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Inventors
Bradley, William, Boccon-Gibod, Gilles, Maher, David

Application Number

US11/829,751
Publication Number

US 20080056500A1
Time in Patent Office

Days
Field of Search
US Class Current

380/279
CPC Class Codes

G06F 16/951   Indexing; Web crawling tech...

G06F 21/1073   Conversion

G06F 21/1084   via third party

G06F 21/1085   Content sharing, e.g. peer-...

G06Q 20/1235   with control of digital rig...

G06Q 2220/10   Usage protection of distrib...

G06Q 2220/18   Licensing

H04L 2209/603   Digital right managament [DRM]

H04L 2463/101   applying security measures ...

H04L 2463/102   applying security measure f...

H04L 63/0281   Proxies

H04L 63/0428   wherein the data content is...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/08   for authentication of entit...

H04L 63/0823   using certificates cryptogr...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

H04L 67/1061   using node-based peer disco...

H04L 67/51   Discovery or management the...

H04L 9/0822   using key encryption key

H04L 9/0825 : using asymmetric-key encryp...

H04L 9/0861 : Generation of secret inform...

H04L 9/3263 : involving certificates, e.g...

H04L 9/3271 : using challenge-response

View All

Interoperable Systems and Methods for Peer-to-Peer Service Orchestration

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

129 Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

Interoperable Systems and Methods for Peer-to-Peer Service Orchestration

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

129 Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links