Interoperable systems and methods for peer-to-peer service orchestration

US 9,424,564 B2
Filed: 05/27/2010
Issued: 08/23/2016
Est. Priority Date: 06/05/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A method of accessing content according to a DRM policy using a device, comprising:

operating, by the device, a DRM engine and a cryptographic services module;

receiving, by the device, an encrypted content item, a first link object signed by a link object key, and a certificate comprising a constraint program for validating the link object key, wherein the first link object references a first object and a second object ;

authorizing, by the device, access to the encrypted content item using the DRM engine and the cryptographic services module, authorization comprising;

determining an authorization of the link object key to sign the first link object using the DRM engine by executing the constraint program using at least one of first attributes of the first object and second attributes of the second object, and based on the execution of the constraint program, determining satisfaction of usage conditions for the link object key;

based on the determined authorization of the link object key to sign the first link object, verifying the certificate using the cryptographic services module;

based on the verification of the certificate, constructing an authorization graph by processing two or more link objects including the first link object using the DRM engine;

querying the authorization graph using the DRM engine; and

based on a result of querying the authorization graph, authorizing access to the encrypted content item using the DRM engine; and

based on the access authorization, decrypting, by the device, the encrypted content item and accessing, by the device, the content item.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are described for performing policy-managed, peer-to-peer service orchestration in a manner that supports the formation of self-organizing service networks that enable rich media experiences. In one embodiment, services are distributed across peer-to-peer communicating nodes, and each node provides message routing and orchestration using a message pump and workflow collator. Distributed policy management of service interfaces helps to provide trust and security, supporting commercial exchange of value. Peer-to-peer messaging and workflow collation allow services to be dynamically created from a heterogeneous set of primitive services. The shared resources are services of many different types, using different service interface bindings beyond those typically supported in a web service deployments built on UDDI, SOAP, and WSDL. In a preferred embodiment, a media services framework is provided that enables nodes to find one another, interact, exchange value, and cooperate across tiers of networks from WANs to PANs.

Citations

14 Claims

1. A method of accessing content according to a DRM policy using a device, comprising:
- operating, by the device, a DRM engine and a cryptographic services module;
  
  receiving, by the device, an encrypted content item, a first link object signed by a link object key, and a certificate comprising a constraint program for validating the link object key, wherein the first link object references a first object and a second object ;
  
  authorizing, by the device, access to the encrypted content item using the DRM engine and the cryptographic services module, authorization comprising;
  
  determining an authorization of the link object key to sign the first link object using the DRM engine by executing the constraint program using at least one of first attributes of the first object and second attributes of the second object, and based on the execution of the constraint program, determining satisfaction of usage conditions for the link object key;
  
  based on the determined authorization of the link object key to sign the first link object, verifying the certificate using the cryptographic services module;
  
  based on the verification of the certificate, constructing an authorization graph by processing two or more link objects including the first link object using the DRM engine;
  
  querying the authorization graph using the DRM engine; and
  
  based on a result of querying the authorization graph, authorizing access to the encrypted content item using the DRM engine; and
  
  based on the access authorization, decrypting, by the device, the encrypted content item and accessing, by the device, the content item.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein querying the authorization graph comprises executing a control program and determining by the control program an existence of a first path from a first path node to a second path node.
  - 3. The method of claim 2, wherein querying the authorization graph further comprises determining by the control program an existence of a second path from a third path node to a fourth path node.
  - 4. The method of claim 3, wherein the first path node and the third path node are distinct.
  - 5. The method of claim 2, wherein the control program comprises byte code.
  - 6. The method of claim 1, wherein the first link object represents one or more of an ownership relationship and a membership relationship.
  - 7. The method of claim 1, wherein the DRM engine of the device and the cryptographic services module of the device communicate indirectly using a host services module of the device.

8. A system for accessing content according to a DRM policy, comprising:
- at least one processor; and
  
  at least one non-transitory computer-readable medium containing instructions that when executed by the at least one processor cause the at least one processor to perform operations including;
  
  operating a DRM engine and a cryptographic services module;
  
  receiving an encrypted content item, a first link object signed by a link object key, and a certificate comprising a constraint program for validating the link object key, wherein the first link object references a first object and a second object;
  
  authorizing access to the encrypted content item using the DRM engine and the cryptographic services module, authorization comprising;
  
  determining an authorization of the link object key to sign the first link object using the DRM engine by executing the constraint program using at least one of first attributes of the first object and second attributes of the second object, and based on the execution of the constraint program, determining satisfaction of usage conditions for the link object key;
  
  based on the determined authorization of the link object key to sign the first link object, verifying the certificate using the cryptographic services module;
  
  based on the verification of the certificate, constructing an authorization graph by processing two or more link objects including the first link object using the DRM engine;
  
  querying the authorization graph using the DRM engine; and
  
  based on a result of querying the authorization graph, authorizing access to the encrypted content item using the DRM engine; and
  
  based on the access authorization, decrypting the encrypted content item and accessing the content item.
- View Dependent Claims (9, 10, 11)
- - 9. The system of claim 8, wherein querying the authorization graph comprises executing a control program and determining by the control program an existence of a first path from a first path node to a second path node.
  - 10. The system of claim 9, wherein querying the authorization graph further comprises determining by the control program an existence of a second path from a third path node to a fourth path node, wherein the first path node and the third path node are distinct.
  - 11. The system of claim 9, wherein the control program comprises byte code.

12. A non-transitory computer readable medium containing instructions that when executed by at least one processor cause the at least one processor to perform operations for accessing content according to a DRM policy, comprising:
- operating a DRM engine and a cryptographic services module;
  
  receiving an encrypted content item, a first link object signed by a link object key, and a certificate comprising a constraint program for validating the link object key, wherein the first link object references a first object and a second object;
  
  authorizing access to the encrypted content item using the DRM engine and the cryptographic services module, authorization comprising;
  
  determining an authorization of the link object key to sign the first link object using the DRM engine by executing the constraint program using at least one of first attributes of the first object and second attributes of the second object, and based on the execution of the constraint program, determining satisfaction of usage conditions for the link object key;
  
  based on the determined authorization of the link object key to sign the first link object, verifying the certificate using the cryptographic services module;
  
  based on the verification of the certificate, constructing an authorization graph by processing two or more link objects including the first link object using the DRM engine;
  
  querying the authorization graph using the DRM engine; and
  
  based on a result of querying the authorization graph, authorizing access to the encrypted content item using the DRM engine; and
  
  based on the access authorization, decrypting the encrypted content item and accessing the content item.
- View Dependent Claims (13, 14)
- - 13. The computer readable medium of claim 12, wherein querying the authorization graph comprises executing a control program and determining by the control program an existence of a first path from a first path node to a second path node.
  - 14. The computer readable medium of claim 13, wherein querying the authorization graph further comprises determining by the control program an existence of a second path from a third path node to a fourth path node, wherein the first path node and the third path node are distinct.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Original Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Inventors
Bradley, William, Maher, David, Boccon-Gibod, Gilles
Primary Examiner(s)
Nilforoush, Mohammad A

Application Number

US12/789,004
Publication Number

US 20100313038A1
Time in Patent Office

2,280 Days
Field of Search

705 50- 59
US Class Current

1/1
CPC Class Codes

G06F 16/951   Indexing; Web crawling tech...

G06F 21/1073   Conversion

G06F 21/1084   via third party

G06F 21/1085   Content sharing, e.g. peer-...

G06Q 20/1235   with control of digital rig...

G06Q 2220/10   Usage protection of distrib...

G06Q 2220/18   Licensing

H04L 2209/603   Digital right managament [DRM]

H04L 2463/101   applying security measures ...

H04L 2463/102   applying security measure f...

H04L 63/0281   Proxies

H04L 63/0428   wherein the data content is...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/08   for authentication of entit...

H04L 63/0823   using certificates cryptogr...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

H04L 67/1061   using node-based peer disco...

H04L 67/51   Discovery or management the...

H04L 9/0822   using key encryption key

H04L 9/0825 : using asymmetric-key encryp...

H04L 9/0861 : Generation of secret inform...

H04L 9/3263 : involving certificates, e.g...

H04L 9/3271 : using challenge-response

View All

Interoperable systems and methods for peer-to-peer service orchestration

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Interoperable systems and methods for peer-to-peer service orchestration

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links