Interoperable systems and methods for peer-to-peer service orchestration
First Claim
1. A method of accessing content through a composite web service, comprising:
- communicating a request for content to a device;
communicating, by the device, with one or more peer nodes using a service access point of the device, comprising;
discovering a peer node providing content services,negotiating a trusted relationship with the peer node providing content services,receiving a content object from the peer node providing content services, the content object comprising a content id and an encrypted content item,receiving a license object from a peer node providing license services, the license object comprising;
a control object including a control program containing instructions for querying an authorization graph for an existence of a first path from a first path node to a second path node and a second path from a third path node to a fourth path node,a contentkey object including an encrypted content key for decrypting the encrypted content item,receiving a digitally signed first link object from a peer node providing link objects;
evaluating the license object using a DRM engine of the device, comprising;
verifying, by the DRM engine, the license object,verifying, by the DRM engine, the digitally signed first link object based on a digital signature of the digitally signed first link object,constructing, by the DRM engine, the authorization graph, by processing the digitally signed first link object and one or more additional link objects,generating, by the DRM engine, a chain of keys, by processing the digitally signed first link object and the one or more additional link objects,querying, by the DRM engine, the authorization graph;
wherein querying comprises the DRM engine executing the control program, and determining, by the control program, the existence of the first path from the first path node to the second path node and the second path from the third path node to the fourth path node, andgenerating, by the DRM engine, a target node key by processing the chain of keys; and
based on the determined existence of the first path from the first path node to the second path node and the second path from the third path node to the fourth path node;
generating, by the device, an unencrypted content key by decrypting the encrypted content key using the target node key;
generating, by the device, a decrypted content item by decrypting the encrypted content item using the unencrypted content key; and
accessing, by the device, the decrypted content item.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are described for performing policy-managed, peer-to-peer service orchestration in a manner that supports the formation of self-organizing service networks that enable rich media experiences. In one embodiment, services are distributed across peer-to-peer communicating nodes, and each node provides message routing and orchestration using a message pump and workflow collator. Distributed policy management of service interfaces helps to provide trust and security, supporting commercial exchange of value. Peer-to-peer messaging and workflow collation allow services to be dynamically created from a heterogeneous set of primitive services. The shared resources are services of many different types, using different service interface bindings beyond those typically supported in a web service deployments built on UDDI, SOAP, and WSDL. In a preferred embodiment, a media services framework is provided that enables nodes to find one another, interact, exchange value, and cooperate across tiers of networks from WANs to PANs.
-
Citations
32 Claims
-
1. A method of accessing content through a composite web service, comprising:
-
communicating a request for content to a device; communicating, by the device, with one or more peer nodes using a service access point of the device, comprising; discovering a peer node providing content services, negotiating a trusted relationship with the peer node providing content services, receiving a content object from the peer node providing content services, the content object comprising a content id and an encrypted content item, receiving a license object from a peer node providing license services, the license object comprising; a control object including a control program containing instructions for querying an authorization graph for an existence of a first path from a first path node to a second path node and a second path from a third path node to a fourth path node, a contentkey object including an encrypted content key for decrypting the encrypted content item, receiving a digitally signed first link object from a peer node providing link objects; evaluating the license object using a DRM engine of the device, comprising; verifying, by the DRM engine, the license object, verifying, by the DRM engine, the digitally signed first link object based on a digital signature of the digitally signed first link object, constructing, by the DRM engine, the authorization graph, by processing the digitally signed first link object and one or more additional link objects, generating, by the DRM engine, a chain of keys, by processing the digitally signed first link object and the one or more additional link objects, querying, by the DRM engine, the authorization graph;
wherein querying comprises the DRM engine executing the control program, and determining, by the control program, the existence of the first path from the first path node to the second path node and the second path from the third path node to the fourth path node, andgenerating, by the DRM engine, a target node key by processing the chain of keys; and based on the determined existence of the first path from the first path node to the second path node and the second path from the third path node to the fourth path node; generating, by the device, an unencrypted content key by decrypting the encrypted content key using the target node key; generating, by the device, a decrypted content item by decrypting the encrypted content item using the unencrypted content key; and accessing, by the device, the decrypted content item. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A non-transitory computer readable medium containing instructions that, when executed by a processor of a device, cause the device to perform operations comprising:
-
communicating a request for content to a device; communicating, by the device, with one or more peer nodes using a service access point of the device, comprising; discovering a peer node providing content services, negotiating a trusted relationship with the peer node providing content services, receiving a content object from the peer node providing content services, the content object comprising a content id and an encrypted content item, receiving a license object from a peer node providing license services, the license object comprising; a control object including a control program containing instructions for querying an authorization graph for an existence of a first path from a first path node to a second path node and a second path from a third path node to a fourth path node, a contentkey object including an encrypted content key for decrypting the encrypted content item, receiving a digitally signed first link object from a peer node providing link objects; evaluating the license object using a DRM engine of the device, comprising; verifying, by the DRM engine, the license object, verifying, by the DRM engine, the digitally signed first link object based on a digital signature of the digitally signed first link object, constructing, by the DRM engine, the authorization graph, by processing the digitally signed first link object and one or more additional link objects, generating, by the DRM engine a chain of keys, by processing the digitally signed first link object and the one or more additional link objects; querying, by the DRM engine, the authorization graph;
wherein querying comprises the DRM engine executing the control program using a virtual machine of the DRM engine, and determining, by the control program, the existence of the first path from the first path node to the second path node and the second path from the third path node to the fourth path node, andgenerating, by the DRM engine, a target node key by processing the chain of keys; and based on the determined existence of the first path from the first path node to the second path node and the second path from the third path node to the fourth path node; generating, by the device, an unencrypted content key by decrypting the encrypted content key using the target node key, generating, by the device, a decrypted content item by decrypting the encrypted content item using the unencrypted content key, and accessing, by the device, the decrypted content item. - View Dependent Claims (26, 27, 28)
-
-
29. A device for obtaining and accessing a content item, comprising:
-
at least one processor, and a non-transitory computer memory containing instructions that, when executed by the at least one processor, cause the device to perform operations comprising; communicating a request for content to the device; communicating, by the device, with one or more peer nodes using a service access point of the device, comprising; discovering a peer node providing content services, negotiating a trusted relationship with the peer node providing content services, receiving a content object from the peer node providing content services, the content object comprising a content id and an encrypted content item, receiving a license object from a peer node providing license services, the license object comprising a control object including a control program containing instructions for querying an authorization graph for an existence of a first path from a first path node to a second path node and a second path from a third path node to a fourth path node, and a contentkey object including an encrypted content key for decrypting the encrypted content item, and receiving a digitally signed first link object from a peer node providing link objects; evaluating the license object using a DRM engine of the device, comprising; verifying, by the DRM engine, the license object, verifying, by the DRM engine, the digitally signed first link object based on a digital signature of the digitally signed first link object, constructing, by the DRM engine, the authorization graph, by processing the digitally signed first link object and one or more additional link objects, generating, by the DRM engine a chain of keys, by processing the digitally signed first link object and the one or more additional link objects; querying, by the DRM engine, the authorization graph;
wherein querying comprises the DRM engine executing the control program, and determining, by the control program, the existence of the first path from the first path node to the second path node and the second path from the third path node to the fourth path node, andgenerating, by the DRM engine, a target node key by processing the chain of keys; and based on the determined existence of the first path from the first path node to the second path node and the second path from the third path node to the fourth path node; generating, by the device, an unencrypted content key by decrypting the encrypted content key using the target node key; generating, by the device, a decrypted content item by decrypting the encrypted content item using the unencrypted content key; and accessing, by the device, the decrypted content item. - View Dependent Claims (30, 31, 32)
-
Specification