Interoperable Systems and Methods for Peer-to-Peer Service Orchestration
First Claim
1. A method of distributing cryptographic keys for enabling access to encrypted digital content, the method comprising:
- creating a plurality of link objects, each link object representing a logical relationship between at least two nodes, each link object containing information identifying at least two nodes, and each link object further containing key derivation information, the key derivation information for use, in combination with key derivation information contained in other link objects, in obtaining a decryption key for use in obtaining access to digital content or rights thereto;
targeting the decryption key to a first node; and
distributing the plurality of link objects to a second node, the plurality of link objects logically connecting the second node to the first node, the key derivation information contained in the plurality of link objects, in combination with at least one cryptographic key stored in memory of a computer system associated with the second node, enabling the second node to obtain the decryption key.
0 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are described for performing policy-managed, peer-to-peer service orchestration in a manner that supports the formation of self-organizing service networks that enable rich media experiences. In one embodiment, services are distributed across peer-to-peer communicating nodes, and each node provides message routing and orchestration using a message pump and workflow collator. Distributed policy management of service interfaces helps to provide trust and security, supporting commercial exchange of value. Peer-to-peer messaging and workflow collation allow services to be dynamically created from a heterogeneous set of primitive services. The shared resources are services of many different types, using different service interface bindings beyond those typically supported in a web service deployments built on UDDI, SOAP, and WSDL. In a preferred embodiment, a media services framework is provided that enables nodes to find one another, interact, exchange value, and cooperate across tiers of networks from WANs to PANs.
129 Citations
34 Claims
-
1. A method of distributing cryptographic keys for enabling access to encrypted digital content, the method comprising:
-
creating a plurality of link objects, each link object representing a logical relationship between at least two nodes, each link object containing information identifying at least two nodes, and each link object further containing key derivation information, the key derivation information for use, in combination with key derivation information contained in other link objects, in obtaining a decryption key for use in obtaining access to digital content or rights thereto;
targeting the decryption key to a first node; and
distributing the plurality of link objects to a second node, the plurality of link objects logically connecting the second node to the first node, the key derivation information contained in the plurality of link objects, in combination with at least one cryptographic key stored in memory of a computer system associated with the second node, enabling the second node to obtain the decryption key.
-
-
2. The method of claim 126, further comprising:
executing a digital rights management engine to process the plurality of link objects to obtain the decryption key and to obtain access to the digital content in accordance with one or more control objects associated therewith.
-
3. The method of claim 126, further comprising:
verifying a digital signature associated with at least one link object. - View Dependent Claims (4)
-
5. A method comprising:
-
receiving a plurality of link objects, each link object containing node identification information identifying at least two nodes, and each link object further containing key derivation information, the key derivation information comprising at least one encrypted cryptographic key;
using a locally stored cryptographic key to decrypt an encrypted first cryptographic key, the encrypted first cryptographic key being contained in a first link object; and
using the first cryptographic key to decrypt an encrypted second cryptographic key, the encrypted second cryptographic key being contained in a second link object. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A system for distributing cryptographic keys, the system comprising:
-
means for creating a plurality of link objects, each link object representing a logical relationship between at least two nodes, each link object containing information identifying at least two nodes, and each link object further containing key derivation information, the key derivation information for use, in combination with key derivation information contained in other link objects, in obtaining a decryption key for use in obtaining access to digital content or rights thereto;
means for targeting the decryption key to a first node; and
means for distributing the plurality of link objects to a second node, the plurality of link objects logically connecting the second node to the first node, the key derivation information contained in the plurality of link objects, in combination with at least one cryptographic key stored in memory of a computer system associated with the second node, enabling the second node to obtain the decryption key. - View Dependent Claims (16, 17, 18)
-
-
19. A system comprising:
-
means for receiving a plurality of link objects, each link object containing node identification information identifying at least two nodes, and each link object further containing key derivation information, the key derivation information comprising at least one encrypted cryptographic key;
means for using a locally stored cryptographic key to decrypt an encrypted first cryptographic key, the encrypted first cryptographic key being contained in a first link object; and
means for using the first cryptographic key to decrypt an encrypted second cryptographic key, the encrypted second cryptographic key being contained in a second link object. - View Dependent Claims (20, 21, 22, 23, 24)
-
-
25. A computer-readable medium comprising program code, the program code being operable, when executed by a computer system, to cause the computer system to perform steps comprising:
-
creating a plurality of link objects, each link object representing a logical relationship between at least two nodes, each link object containing information identifying at least two nodes, and each link object further containing key derivation information, the key derivation information for use, in combination with key derivation information contained in other link objects, in obtaining a decryption key for use in obtaining access to digital content or rights thereto;
targeting the decryption key to a first node; and
distributing the plurality of link objects to a second node, the plurality of link objects logically connecting the second node to the first node, the key derivation information contained in the plurality of link objects, in combination with at least one cryptographic key stored in memory of a computer system associated with the second node, enabling the second node to obtain the decryption key. - View Dependent Claims (26, 27, 28)
-
-
29. A computer-readable medium comprising program code, the program code being operable, when executed by a computer system, to cause the computer system to perform steps comprising:
-
obtaining a plurality of link objects, each link object containing node identification information identifying at least two nodes, and each link object further containing key derivation information, the key derivation information comprising at least one encrypted cryptographic key;
using a cryptographic key stored in memory of the computer system to decrypt an encrypted first cryptographic key, the encrypted first cryptographic key being contained in a first link object; and
using the first cryptographic key to decrypt an encrypted second cryptographic key, the encrypted second cryptographic key being contained in a second link object. - View Dependent Claims (30, 31, 32, 33, 34)
-
Specification