Interoperable systems and methods for peer-to-peer service orchestration
First Claim
1. A method of accessing content according to a DRM policy using a device, comprising:
- operating, by the device, a DRM engine and a cryptographic services module;
receiving, by the device, an encrypted content item, a first link object signed by a link object key, and a certificate comprising a constraint program for validating the link object key, wherein the first link object references a first object and a second object ;
authorizing, by the device, access to the encrypted content item using the DRM engine and the cryptographic services module, authorization comprising;
determining an authorization of the link object key to sign the first link object using the DRM engine by executing the constraint program using at least one of first attributes of the first object and second attributes of the second object, and based on the execution of the constraint program, determining satisfaction of usage conditions for the link object key;
based on the determined authorization of the link object key to sign the first link object, verifying the certificate using the cryptographic services module;
based on the verification of the certificate, constructing an authorization graph by processing two or more link objects including the first link object using the DRM engine;
querying the authorization graph using the DRM engine; and
based on a result of querying the authorization graph, authorizing access to the encrypted content item using the DRM engine; and
based on the access authorization, decrypting, by the device, the encrypted content item and accessing, by the device, the content item.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are described for performing policy-managed, peer-to-peer service orchestration in a manner that supports the formation of self-organizing service networks that enable rich media experiences. In one embodiment, services are distributed across peer-to-peer communicating nodes, and each node provides message routing and orchestration using a message pump and workflow collator. Distributed policy management of service interfaces helps to provide trust and security, supporting commercial exchange of value. Peer-to-peer messaging and workflow collation allow services to be dynamically created from a heterogeneous set of primitive services. The shared resources are services of many different types, using different service interface bindings beyond those typically supported in a web service deployments built on UDDI, SOAP, and WSDL. In a preferred embodiment, a media services framework is provided that enables nodes to find one another, interact, exchange value, and cooperate across tiers of networks from WANs to PANs.
-
Citations
14 Claims
-
1. A method of accessing content according to a DRM policy using a device, comprising:
-
operating, by the device, a DRM engine and a cryptographic services module; receiving, by the device, an encrypted content item, a first link object signed by a link object key, and a certificate comprising a constraint program for validating the link object key, wherein the first link object references a first object and a second object ; authorizing, by the device, access to the encrypted content item using the DRM engine and the cryptographic services module, authorization comprising; determining an authorization of the link object key to sign the first link object using the DRM engine by executing the constraint program using at least one of first attributes of the first object and second attributes of the second object, and based on the execution of the constraint program, determining satisfaction of usage conditions for the link object key; based on the determined authorization of the link object key to sign the first link object, verifying the certificate using the cryptographic services module; based on the verification of the certificate, constructing an authorization graph by processing two or more link objects including the first link object using the DRM engine; querying the authorization graph using the DRM engine; and based on a result of querying the authorization graph, authorizing access to the encrypted content item using the DRM engine; and based on the access authorization, decrypting, by the device, the encrypted content item and accessing, by the device, the content item. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for accessing content according to a DRM policy, comprising:
-
at least one processor; and at least one non-transitory computer-readable medium containing instructions that when executed by the at least one processor cause the at least one processor to perform operations including; operating a DRM engine and a cryptographic services module; receiving an encrypted content item, a first link object signed by a link object key, and a certificate comprising a constraint program for validating the link object key, wherein the first link object references a first object and a second object; authorizing access to the encrypted content item using the DRM engine and the cryptographic services module, authorization comprising; determining an authorization of the link object key to sign the first link object using the DRM engine by executing the constraint program using at least one of first attributes of the first object and second attributes of the second object, and based on the execution of the constraint program, determining satisfaction of usage conditions for the link object key; based on the determined authorization of the link object key to sign the first link object, verifying the certificate using the cryptographic services module; based on the verification of the certificate, constructing an authorization graph by processing two or more link objects including the first link object using the DRM engine; querying the authorization graph using the DRM engine; and based on a result of querying the authorization graph, authorizing access to the encrypted content item using the DRM engine; and based on the access authorization, decrypting the encrypted content item and accessing the content item. - View Dependent Claims (9, 10, 11)
-
-
12. A non-transitory computer readable medium containing instructions that when executed by at least one processor cause the at least one processor to perform operations for accessing content according to a DRM policy, comprising:
-
operating a DRM engine and a cryptographic services module; receiving an encrypted content item, a first link object signed by a link object key, and a certificate comprising a constraint program for validating the link object key, wherein the first link object references a first object and a second object; authorizing access to the encrypted content item using the DRM engine and the cryptographic services module, authorization comprising; determining an authorization of the link object key to sign the first link object using the DRM engine by executing the constraint program using at least one of first attributes of the first object and second attributes of the second object, and based on the execution of the constraint program, determining satisfaction of usage conditions for the link object key; based on the determined authorization of the link object key to sign the first link object, verifying the certificate using the cryptographic services module; based on the verification of the certificate, constructing an authorization graph by processing two or more link objects including the first link object using the DRM engine; querying the authorization graph using the DRM engine; and based on a result of querying the authorization graph, authorizing access to the encrypted content item using the DRM engine; and based on the access authorization, decrypting the encrypted content item and accessing the content item. - View Dependent Claims (13, 14)
-
Specification