Interoperable systems and methods for peer-to-peer service orchestration
First Claim
1. A computing device comprising:
- one or more processors, anda non-transitory computer readable memory containing instructions that, when executed by the one or more processors, cause the one or more processors to perform operations including;
operating a host application, a computing device node application that communicates with a gateway device, a digital rights management engine (DRM engine), and a cryptographic services module distinct from the DRM engine;
receiving, by the computing device node application from the gateway device, a license for an encrypted content object comprising license instructions, the encrypted content object, an encrypted cryptographic key for decrypting the encrypted content object, and a set of link objects;
querying an authorization graph by executing, using the DRM engine, the license instructions and determining an existence of a first path on the authorization graph from the computing device node application to an authorization node by processing two or more link objects from the set of link objects;
decrypting the encrypted cryptographic key for decrypting the encrypted content object using the DRM engine and the cryptographic services module, decryption comprising;
processing, using the DRM engine, a chain of link objects, from the set of link objects, connecting the computing device node application to a target node through a second path on the authorization graph that includes an intermediate node, and retrieving encrypted cryptographic keys contained in the link objects of the chain of link objects, the encrypted cryptographic keys including an encrypted cryptographic key of the intermediate node and an encrypted cryptographic key of the target node,decrypting, using the cryptographic services module interacting with the DRM engine, the encrypted cryptographic key of the intermediate node using a cryptographic key of the computing device node application,decrypting, using the cryptographic services module interacting with the DRM engine, the encrypted cryptographic key of the target node using the cryptographic key of the intermediate node, andbased on a result of querying the authorization graph;
decrypting, using the cryptographic services module interacting with the DRM engine, the encrypted cryptographic key for decrypting the encrypted content object using the cryptographic key of the target node,providing, by the DRM engine to the host application, the cryptographic key for decrypting the encrypted content object,decrypting, using the cryptographic services module interacting with the host application, the encrypted content object using the cryptographic key for decrypting the encrypted content object, andaccessing the content object using the host application interacting with the cryptographic services module.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are described for performing policy-managed, peer-to-peer service orchestration in a manner that supports the formation of self-organizing service networks that enable rich media experiences. In one embodiment, services are distributed across peer-to-peer communicating nodes, and each node provides message routing and orchestration using a message pump and workflow collator. Distributed policy management of service interfaces helps to provide trust and security, supporting commercial exchange of value. Peer-to-peer messaging and workflow collation allow services to be dynamically created from a heterogeneous set of primitive services. The shared resources are services of many different types, using different service interface bindings beyond those typically supported in a web service deployments built on UDDI, SOAP, and WSDL. In a preferred embodiment, a media services framework is provided that enables nodes to find one another, interact, exchange value, and cooperate across tiers of networks from WANs to PANs.
-
Citations
20 Claims
-
1. A computing device comprising:
-
one or more processors, and a non-transitory computer readable memory containing instructions that, when executed by the one or more processors, cause the one or more processors to perform operations including; operating a host application, a computing device node application that communicates with a gateway device, a digital rights management engine (DRM engine), and a cryptographic services module distinct from the DRM engine; receiving, by the computing device node application from the gateway device, a license for an encrypted content object comprising license instructions, the encrypted content object, an encrypted cryptographic key for decrypting the encrypted content object, and a set of link objects; querying an authorization graph by executing, using the DRM engine, the license instructions and determining an existence of a first path on the authorization graph from the computing device node application to an authorization node by processing two or more link objects from the set of link objects; decrypting the encrypted cryptographic key for decrypting the encrypted content object using the DRM engine and the cryptographic services module, decryption comprising; processing, using the DRM engine, a chain of link objects, from the set of link objects, connecting the computing device node application to a target node through a second path on the authorization graph that includes an intermediate node, and retrieving encrypted cryptographic keys contained in the link objects of the chain of link objects, the encrypted cryptographic keys including an encrypted cryptographic key of the intermediate node and an encrypted cryptographic key of the target node, decrypting, using the cryptographic services module interacting with the DRM engine, the encrypted cryptographic key of the intermediate node using a cryptographic key of the computing device node application, decrypting, using the cryptographic services module interacting with the DRM engine, the encrypted cryptographic key of the target node using the cryptographic key of the intermediate node, and based on a result of querying the authorization graph; decrypting, using the cryptographic services module interacting with the DRM engine, the encrypted cryptographic key for decrypting the encrypted content object using the cryptographic key of the target node, providing, by the DRM engine to the host application, the cryptographic key for decrypting the encrypted content object, decrypting, using the cryptographic services module interacting with the host application, the encrypted content object using the cryptographic key for decrypting the encrypted content object, and accessing the content object using the host application interacting with the cryptographic services module. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer-implemented method comprising,
operating, using at least one processor of a computing device, a host application, a computing device node application that communicates with a gateway device, a DRM engine, and a cryptographic services module distinct from the DRM engine; -
receiving, by the computing device node application from the gateway device, a license for an encrypted content object comprising license instructions, the encrypted content object, an encrypted cryptographic key for decrypting the encrypted content object, and a set of link objects; querying an authorization graph by executing, using the DRM engine, the license instructions and determining, using the DRM engine, an existence of a first path on the authorization graph from the computing device node application to an authorization node by processing two or more link objects from the set of link objects; decrypting the encrypted cryptographic key for decrypting the encrypted content object using the DRM engine and the cryptographic services module, decryption comprising; processing, using the DRM engine, a chain of link objects, from the set of link objects, connecting the computing device node application to a target node through a second path on the authorization graph that includes an intermediate node, and retrieving, using the DRM engine, encrypted cryptographic keys contained in the link objects of the chain of link objects, the encrypted cryptographic keys including an encrypted cryptographic key of the intermediate node and an encrypted cryptographic key of the target node, decrypting, using the cryptographic services module interacting with the DRM engine, the encrypted cryptographic key of the intermediate node using a cryptographic key of the computing device node application, decrypting, using the cryptographic services module interacting with the DRM engine, the encrypted cryptographic key of the target node using the cryptographic key of the intermediate node, and based on a result of querying the authorization graph; decrypting, using the cryptographic services module interacting with the DRM engine, the encrypted cryptographic key for decrypting the encrypted content object using the cryptographic key of the target node, providing, by the DRM engine to the host application, the cryptographic key for decrypting the encrypted content object, decrypting, using the cryptographic services module interacting with the host application, the encrypted content object using the cryptographic key for decrypting the encrypted content object, and accessing the content object using the host application interacting with the cryptographic services module. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A non-transitory computer readable medium containing instructions that, when executed by one or more processors of a computing device, cause the one or more processors to perform operations including:
-
operating a host application, a computing device node application that communicates with a gateway device, a DRM engine, and a cryptographic services module distinct from the DRM engine; receiving, by the computing device node application from the gateway device, a license for an encrypted content object comprising license instructions, the encrypted content object, an encrypted cryptographic key for decrypting the encrypted content object, and a set of link objects; querying an authorization graph by executing, using the DRM engine, the license instructions and determining an existence of a first path on the authorization graph from the computing device node application to an authorization node by processing two or more link objects from the set of link objects; decrypting the encrypted cryptographic key for decrypting the encrypted content object using the DRM engine and the cryptographic services module, decryption comprising; processing, using the DRM engine, a chain of link objects, from the set of link objects, connecting the computing device node application to a target node through a second path on the authorization graph that includes an intermediate node, and to retrieving encrypted cryptographic keys contained in the link objects of the chain of link objects, the encrypted cryptographic keys including an encrypted cryptographic key of the intermediate node and an encrypted cryptographic key of the target node, decrypting, using the cryptographic services module interacting with the DRM engine, the encrypted cryptographic key of the intermediate node using a cryptographic key of the computing device node application, decrypting, using the cryptographic services module interacting with the DRM engine, the encrypted cryptographic key of the target node using the cryptographic key of the intermediate node, and based on a result of querying the authorization graph; decrypting, using the cryptographic services module interacting with the DRM engine, the encrypted cryptographic key for decrypting the encrypted content object using the cryptographic key of the target node, providing, by the DRM engine to the host application, the cryptographic key for decrypting the encrypted content object, decrypting, using the cryptographic services module interacting with the host application, the encrypted content object using the cryptographic key for decrypting the encrypted content object, and accessing the content object using the host application interacting with the cryptographic services module. - View Dependent Claims (18, 19, 20)
-
Specification