Interoperable systems and methods for peer-to-peer service orchestration

US 20090094453A1
Filed: 08/20/2007
Published: 04/09/2009
Est. Priority Date: 06/05/2003
Status: Abandoned Application

First Claim

Patent Images

1. A system for authorizing a given action to be performed on a piece of electronic content, the system comprising:

means for executing a control program, the control program being operable to determine whether the given action can be performed on the piece of electronic content, wherein the control program is operable to evaluate a set of one or more conditions that must be satisfied in order for performance of the given action to be authorized, and wherein at least a first condition in the set of one or more conditions comprises a requirement that a first node representing a first entity be reachable from a second node representing a second entity; and

means for evaluating one or more link objects to determine if the first node is reachable from the second node, each link object expressing a relationship between two entities.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are described for performing policy-managed, peer-to-peer service orchestration in a manner that supports the formation of self-organizing service networks that enable rich media experiences. In one embodiment, services are distributed across peer-to-peer communicating nodes, and each node provides message routing and orchestration using a message pump and workflow collator. Distributed policy management of service interfaces helps to provide trust and security, supporting commercial exchange of value. Peer-to-peer messaging and workflow collation allow services to be dynamically created from a heterogeneous set of primitive services. The shared resources are services of many different types, using different service interface bindings beyond those typically supported in a web service deployments built on UDDI, SOAP, and WSDL. In a preferred embodiment, a media services framework is provided that enables nodes to find one another, interact, exchange value, and cooperate across tiers of networks from WANs to PANs.

59 Citations

View as Search Results

23 Claims

1. A system for authorizing a given action to be performed on a piece of electronic content, the system comprising:
- means for executing a control program, the control program being operable to determine whether the given action can be performed on the piece of electronic content, wherein the control program is operable to evaluate a set of one or more conditions that must be satisfied in order for performance of the given action to be authorized, and wherein at least a first condition in the set of one or more conditions comprises a requirement that a first node representing a first entity be reachable from a second node representing a second entity; and
  
  means for evaluating one or more link objects to determine if the first node is reachable from the second node, each link object expressing a relationship between two entities.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The system of claim 1, in which at least a second condition in the set of one or more conditions comprises a requirement that a third node representing a third entity be reachable from the second node.
  - 3. The system of claim 1, further comprising:
    - means for deriving a first cryptographic key from the one or more link objects, the first cryptographic key being capable of decrypting a second cryptographic key, the second cryptographic key being capable of decrypting the piece of electronic content.
  - 4. The system of claim 1, in which the control program is contained in a control object.
  - 5. The system of claim 4, in which the control object is cryptographically bound to a content key object, the content key object comprising an encrypted cryptographic key, the cryptographic key being configured for use in decrypting the piece of electronic content.

6. A system comprising:
- means for encrypting a piece of electronic content;
  
  means for associating a license with the piece of electronic content, the license comprising a control program, the control program requiring, as a condition of authorizing decryption of the piece of electronic content, possession of a set of one or more link objects logically connecting a first node object with a second node object, the license further comprising an encrypted version of a first key for use in decrypting the piece of electronic content;
  
  means for sending the piece of electronic content to a remote computer system;
  
  means for determining that the remote computer system has possession of a set of one or more link objects logically connecting the first node object with the second node object, wherein at least one of the one or more link objects comprises an encrypted version of a second key for use in decrypting the first key;
  
  means for decrypting the second key using a key associated with the remote computer system;
  
  means for decrypting the first key using the second key; and
  
  means for decrypting the piece of electronic content using the first key.
- View Dependent Claims (7, 8)
- - 7. The system of claim 6, in which the license further comprises a controller object securely binding the control program with the first key.
  - 8. The system of claim 7, in which the controller object include a hash of a content key object and a control object, wherein the content key object comprises an encrypted version of the first key, and the control object comprises the control program.

9. A computer-readable medium comprising program code, the program code being operable, when executed by a computer system, to cause the computer system to perform actions comprising:
- receiving a request from a user of the computer system to access a piece of electronic content;
  
  retrieving a license associated with the piece of electronic content, the license comprising a control object, a controller object, a protector object, and a content key object;
  
  retrieving a control program from the control object; and
  
  executing the control program to determine if the request may be granted, wherein executing the control program includes evaluating one or more link objects to determine if one or more conditions expressed by the control program are satisfied, wherein each link object represents a relationship between two entities, and wherein evaluating the one or more link objects includes determining whether a first node object associated with a first entity is reachable from a second node object associated with a second entity.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The computer-readable medium of claim 9, in which the controller object is configured to securely bind the control object with the content key object.
  - 11. The computer-readable medium of claim 9, in which the protector object is configured to securely bind the content key object with the piece of electronic content.
  - 12. The computer-readable medium of claim 11, in which the content key object includes an encrypted cryptographic key, the encrypted cryptographic key, when decrypted, being configured for use in decrypting the piece of electronic content.
  - 13. The computer-readable medium of claim 12, further comprising program code that, when executed by the computer system, is operable to cause the computer system to derive a decryption key from the one or more link objects, the decryption key being configured for use in decrypting the encrypted cryptographic key.
  - 14. The computer-readable medium of claim 12, wherein at least one of the one or more link objects comprises an encrypted version of a first key, the first key being configured for use in decrypting the encrypted cryptographic key, wherein the computer-readable medium further comprises program code that, when executed by the computer system, is operable to cause the computer system to perform actions comprising:
    - decrypting the first key using a second key associated with the computer system;
      
      decrypting the encrypted cryptographic key using the first key; and
      
      decrypting the piece of electronic content using the cryptographic key.
  - 15. The computer-readable medium of claim 9, in which the first entity comprises a user, and in which the second entity comprises a device capable of rendering electronic content.

16. A computer-readable medium comprising program code, the program code being operable, when executed by a computer system, to cause the computer system to perform actions comprising:
- executing a control program, the control program being operable to determine whether a given action can be performed on a piece of electronic content, wherein the control program is configured to evaluate a set of one or more conditions that must be satisfied in order for performance of the given action to be authorized, and wherein at least a first condition in the set of one or more conditions comprises a requirement that a first node representing a first entity be reachable from a second node representing a second entity; and
  
  evaluating one or more link objects to determine if the first node is reachable from the second node, each link object expressing a relationship between two entities.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computer-readable medium of claim 16, in which at least a second condition in the set of one or more conditions comprises a requirement that a third node representing a third entity be reachable from the second node.
  - 18. The computer-readable medium of claim 16, further comprising:
    - means for deriving a first cryptographic key from the one or more link objects, the first cryptographic key being capable of decrypting a second cryptographic key, the second cryptographic key being capable of decrypting the piece of electronic content.
  - 19. The computer-readable medium of claim 16, in which the control program is contained in a control object.
  - 20. The computer-readable medium of claim 19, in which the control object is cryptographically bound to a content key object, the content key object comprising an encrypted cryptographic key, the cryptographic key being configured for use in decrypting the piece of electronic content.

21. A computer-readable medium comprising program code, the program code being operable, when executed by a computer system, to cause the computer system to perform actions comprising:
- encrypting a piece of electronic content;
  
  associating a license with the piece of electronic content, the license comprising a control program, the control program requiring, as a condition of authorizing decryption of the piece of electronic content, possession of a set of one or more link objects logically connecting a first node object with a second node object, the license further comprising an encrypted version of a first key for use in decrypting the piece of electronic content;
  
  sending the piece of electronic content to a remote computer system;
  
  determining that the remote computer system has possession of a set of one or more link objects logically connecting the first node object with the second node object, wherein at least one of the one or more link objects comprises an encrypted version of a second key for use in decrypting the first key;
  
  decrypting the second key using a key associated with the remote computer system;
  
  decrypting the first key using the second key; and
  
  decrypting the piece of electronic content using the first key.
- View Dependent Claims (22, 23)
- - 22. The computer-readable medium of claim 21, in which the license further comprises a controller object securely binding the control program with the first key.
  - 23. The computer-readable medium of claim 22, in which the controller object include a hash of a content key object and a control object, wherein the content key object comprises an encrypted version of the first key, and the control object comprises the control program.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Original Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Inventors
Boccon-Gibod, Gilles, Bradley, William, Maher, David

Application Number

US11/894,624
Publication Number

US 20090094453A1
Time in Patent Office

Days
Field of Search
US Class Current

713/153
CPC Class Codes

G06F 16/951   Indexing; Web crawling tech...

G06F 21/1073   Conversion

G06F 21/1084   via third party

G06F 21/1085   Content sharing, e.g. peer-...

G06Q 20/1235   with control of digital rig...

G06Q 2220/10   Usage protection of distrib...

G06Q 2220/18   Licensing

H04L 2209/603   Digital right managament [DRM]

H04L 2463/101   applying security measures ...

H04L 2463/102   applying security measure f...

H04L 63/0281   Proxies

H04L 63/0428   wherein the data content is...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/08   for authentication of entit...

H04L 63/0823   using certificates cryptogr...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

H04L 67/1061   using node-based peer disco...

H04L 67/51   Discovery or management the...

H04L 9/0822   using key encryption key

H04L 9/0825 : using asymmetric-key encryp...

H04L 9/0861 : Generation of secret inform...

H04L 9/3263 : involving certificates, e.g...

H04L 9/3271 : using challenge-response

View All

Interoperable systems and methods for peer-to-peer service orchestration

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

59 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Interoperable systems and methods for peer-to-peer service orchestration

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

59 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links