Interoperable systems and methods for peer-to-peer service orchestration

US 9,466,054 B1
Filed: 07/27/2007
Issued: 10/11/2016
Est. Priority Date: 06/05/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A computing device comprising:

one or more processors, anda non-transitory computer readable memory containing instructions that, when executed by the one or more processors, cause the one or more processors to perform operations including;

operating a host application, a computing device node application that communicates with a gateway device, a digital rights management engine (DRM engine), and a cryptographic services module distinct from the DRM engine;

receiving, by the computing device node application from the gateway device, a license for an encrypted content object comprising license instructions, the encrypted content object, an encrypted cryptographic key for decrypting the encrypted content object, and a set of link objects;

querying an authorization graph by executing, using the DRM engine, the license instructions and determining an existence of a first path on the authorization graph from the computing device node application to an authorization node by processing two or more link objects from the set of link objects;

decrypting the encrypted cryptographic key for decrypting the encrypted content object using the DRM engine and the cryptographic services module, decryption comprising;

processing, using the DRM engine, a chain of link objects, from the set of link objects, connecting the computing device node application to a target node through a second path on the authorization graph that includes an intermediate node, and retrieving encrypted cryptographic keys contained in the link objects of the chain of link objects, the encrypted cryptographic keys including an encrypted cryptographic key of the intermediate node and an encrypted cryptographic key of the target node,decrypting, using the cryptographic services module interacting with the DRM engine, the encrypted cryptographic key of the intermediate node using a cryptographic key of the computing device node application,decrypting, using the cryptographic services module interacting with the DRM engine, the encrypted cryptographic key of the target node using the cryptographic key of the intermediate node, andbased on a result of querying the authorization graph;

decrypting, using the cryptographic services module interacting with the DRM engine, the encrypted cryptographic key for decrypting the encrypted content object using the cryptographic key of the target node,providing, by the DRM engine to the host application, the cryptographic key for decrypting the encrypted content object,decrypting, using the cryptographic services module interacting with the host application, the encrypted content object using the cryptographic key for decrypting the encrypted content object, andaccessing the content object using the host application interacting with the cryptographic services module.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are described for performing policy-managed, peer-to-peer service orchestration in a manner that supports the formation of self-organizing service networks that enable rich media experiences. In one embodiment, services are distributed across peer-to-peer communicating nodes, and each node provides message routing and orchestration using a message pump and workflow collator. Distributed policy management of service interfaces helps to provide trust and security, supporting commercial exchange of value. Peer-to-peer messaging and workflow collation allow services to be dynamically created from a heterogeneous set of primitive services. The shared resources are services of many different types, using different service interface bindings beyond those typically supported in a web service deployments built on UDDI, SOAP, and WSDL. In a preferred embodiment, a media services framework is provided that enables nodes to find one another, interact, exchange value, and cooperate across tiers of networks from WANs to PANs.

Citations

20 Claims

1. A computing device comprising:
- one or more processors, anda non-transitory computer readable memory containing instructions that, when executed by the one or more processors, cause the one or more processors to perform operations including;
  
  operating a host application, a computing device node application that communicates with a gateway device, a digital rights management engine (DRM engine), and a cryptographic services module distinct from the DRM engine;
  
  receiving, by the computing device node application from the gateway device, a license for an encrypted content object comprising license instructions, the encrypted content object, an encrypted cryptographic key for decrypting the encrypted content object, and a set of link objects;
  
  querying an authorization graph by executing, using the DRM engine, the license instructions and determining an existence of a first path on the authorization graph from the computing device node application to an authorization node by processing two or more link objects from the set of link objects;
  
  decrypting the encrypted cryptographic key for decrypting the encrypted content object using the DRM engine and the cryptographic services module, decryption comprising;
  
  processing, using the DRM engine, a chain of link objects, from the set of link objects, connecting the computing device node application to a target node through a second path on the authorization graph that includes an intermediate node, and retrieving encrypted cryptographic keys contained in the link objects of the chain of link objects, the encrypted cryptographic keys including an encrypted cryptographic key of the intermediate node and an encrypted cryptographic key of the target node,decrypting, using the cryptographic services module interacting with the DRM engine, the encrypted cryptographic key of the intermediate node using a cryptographic key of the computing device node application,decrypting, using the cryptographic services module interacting with the DRM engine, the encrypted cryptographic key of the target node using the cryptographic key of the intermediate node, andbased on a result of querying the authorization graph;
  
  decrypting, using the cryptographic services module interacting with the DRM engine, the encrypted cryptographic key for decrypting the encrypted content object using the cryptographic key of the target node,providing, by the DRM engine to the host application, the cryptographic key for decrypting the encrypted content object,decrypting, using the cryptographic services module interacting with the host application, the encrypted content object using the cryptographic key for decrypting the encrypted content object, andaccessing the content object using the host application interacting with the cryptographic services module.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computing device of claim 1, wherein the operations further include:
    - providing, by the computing device node application to the gateway device, a digitally-signed personalization request message identifying the computing device;
      
      receiving, by the computing device node application from the gateway device in response to the digitally-signed personalization request message, a personalization message;
      
      associating, by the computing device node application and in response to the personalization message, the cryptographic key of the computing device node application with the computing device node application.
  - 3. The computing device of claim 2, wherein the digitally-signed personalization request message includes a digital certificate associated with the computing device.
  - 4. The computing device of claim 1, wherein the computing device node application communicates with the gateway device over a personal area network.
  - 5. The computing device of claim 1, wherein the computing device node application communicates with the gateway device using a service access point that accesses web services exposed by the gateway device.
  - 6. The computing device of claim 1, wherein the computing device comprises a portable media player.
  - 7. The computing device of claim 1, wherein a link object of the intermediate node connects a “
    - from”
      
      node to the intermediate node.
  - 8. The computing device of claim 7, wherein the encrypted cryptographic key of the intermediate node includes a private key of the intermediate node encrypted with a public key of the “
    - from”
      
      node.
  - 9. The computing device of claim 1, wherein the DRM engine comprises a virtual machine and executing the license instructions comprises using the virtual machine to execute the license instructions.
  - 10. The computing device of claim 1, wherein the instructions comprise byte code, and executing the license instructions comprises executing the byte code.

11. A computer-implemented method comprising,operating, using at least one processor of a computing device, a host application, a computing device node application that communicates with a gateway device, a DRM engine, and a cryptographic services module distinct from the DRM engine;
- receiving, by the computing device node application from the gateway device, a license for an encrypted content object comprising license instructions, the encrypted content object, an encrypted cryptographic key for decrypting the encrypted content object, and a set of link objects;
  
  querying an authorization graph by executing, using the DRM engine, the license instructions and determining, using the DRM engine, an existence of a first path on the authorization graph from the computing device node application to an authorization node by processing two or more link objects from the set of link objects;
  
  decrypting the encrypted cryptographic key for decrypting the encrypted content object using the DRM engine and the cryptographic services module, decryption comprising;
  
  processing, using the DRM engine, a chain of link objects, from the set of link objects, connecting the computing device node application to a target node through a second path on the authorization graph that includes an intermediate node, and retrieving, using the DRM engine, encrypted cryptographic keys contained in the link objects of the chain of link objects, the encrypted cryptographic keys including an encrypted cryptographic key of the intermediate node and an encrypted cryptographic key of the target node,decrypting, using the cryptographic services module interacting with the DRM engine, the encrypted cryptographic key of the intermediate node using a cryptographic key of the computing device node application,decrypting, using the cryptographic services module interacting with the DRM engine, the encrypted cryptographic key of the target node using the cryptographic key of the intermediate node, andbased on a result of querying the authorization graph;
  
  decrypting, using the cryptographic services module interacting with the DRM engine, the encrypted cryptographic key for decrypting the encrypted content object using the cryptographic key of the target node,providing, by the DRM engine to the host application, the cryptographic key for decrypting the encrypted content object,decrypting, using the cryptographic services module interacting with the host application, the encrypted content object using the cryptographic key for decrypting the encrypted content object, andaccessing the content object using the host application interacting with the cryptographic services module.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The method of claim 11, wherein the method further includes:
    - providing, by the computing device node application to the gateway device, a digitally-signed personalization request message identifying the computing device;
      
      receiving, by the computing device node application from the gateway device in response to the digitally-signed personalization request message, a personalization message;
      
      associating, by the computing device node application and in response to the personalization message, the cryptographic key of the computing device node application with the computing device node application.
  - 13. The method of claim 11, wherein the computing device comprises a portable media player, and wherein the computing device node application communicates with the gateway device over a personal area network.
  - 14. The method of claim 11, wherein the computing device node application communicates with the gateway device using a service access point that accesses web services exposed by the gateway device.
  - 15. The method of claim 11, wherein a link object of the intermediate node connects a “
    - from”
      
      node to the intermediate node and wherein the encrypted cryptographic key of the intermediate node includes a private key of the intermediate node encrypted with a public key of the “
      
      from”
      
      node.
  - 16. The method of claim 11, wherein the DRM engine comprises a virtual machine, the license instructions comprise byte code, and executing the license instructions comprises using the virtual machine to execute the byte code.

17. A non-transitory computer readable medium containing instructions that, when executed by one or more processors of a computing device, cause the one or more processors to perform operations including:
- operating a host application, a computing device node application that communicates with a gateway device, a DRM engine, and a cryptographic services module distinct from the DRM engine;
  
  receiving, by the computing device node application from the gateway device, a license for an encrypted content object comprising license instructions, the encrypted content object, an encrypted cryptographic key for decrypting the encrypted content object, and a set of link objects;
  
  querying an authorization graph by executing, using the DRM engine, the license instructions and determining an existence of a first path on the authorization graph from the computing device node application to an authorization node by processing two or more link objects from the set of link objects;
  
  decrypting the encrypted cryptographic key for decrypting the encrypted content object using the DRM engine and the cryptographic services module, decryption comprising;
  
  processing, using the DRM engine, a chain of link objects, from the set of link objects, connecting the computing device node application to a target node through a second path on the authorization graph that includes an intermediate node, and to retrieving encrypted cryptographic keys contained in the link objects of the chain of link objects, the encrypted cryptographic keys including an encrypted cryptographic key of the intermediate node and an encrypted cryptographic key of the target node,decrypting, using the cryptographic services module interacting with the DRM engine, the encrypted cryptographic key of the intermediate node using a cryptographic key of the computing device node application,decrypting, using the cryptographic services module interacting with the DRM engine, the encrypted cryptographic key of the target node using the cryptographic key of the intermediate node, andbased on a result of querying the authorization graph;
  
  decrypting, using the cryptographic services module interacting with the DRM engine, the encrypted cryptographic key for decrypting the encrypted content object using the cryptographic key of the target node,providing, by the DRM engine to the host application, the cryptographic key for decrypting the encrypted content object,decrypting, using the cryptographic services module interacting with the host application, the encrypted content object using the cryptographic key for decrypting the encrypted content object, andaccessing the content object using the host application interacting with the cryptographic services module.
- View Dependent Claims (18, 19, 20)
- - 18. The medium of claim 17, wherein the operations further include:
    - providing, by the computing device node application to the gateway device, a digitally-signed personalization request message identifying the computing device;
      
      receiving, by the computing device node application from the gateway device in response to the digitally-signed personalization request message, a personalization message;
      
      associating, by the computing device node application and in response to the personalization message, the cryptographic key of the computing device node application with the computing device node application.
  - 19. The medium of claim 17, wherein the computing device node application communicates with the gateway device using a service access point that accesses web services exposed by the gateway device.
  - 20. The medium of claim 17, wherein a link object of the intermediate node connects a “
    - from”
      
      node to the intermediate node and wherein the encrypted cryptographic key of the intermediate node includes a private key of the intermediate node encrypted with a public key of the “
      
      from”
      
      node.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Original Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Inventors
Bradley, William, Maher, David, Boccon-Gibod, Gilles
Primary Examiner(s)
Nilforoush, Mohammad A

Application Number

US11/829,837
Time in Patent Office

3,364 Days
Field of Search

705 50- 59
US Class Current

1/1
CPC Class Codes

G06F 16/951   Indexing; Web crawling tech...

G06F 21/1073   Conversion

G06F 21/1084   via third party

G06F 21/1085   Content sharing, e.g. peer-...

G06Q 20/1235   with control of digital rig...

G06Q 2220/10   Usage protection of distrib...

G06Q 2220/18   Licensing

H04L 2209/603   Digital right managament [DRM]

H04L 2463/101   applying security measures ...

H04L 2463/102   applying security measure f...

H04L 63/0281   Proxies

H04L 63/0428   wherein the data content is...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/08   for authentication of entit...

H04L 63/0823   using certificates cryptogr...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

H04L 67/1061   using node-based peer disco...

H04L 67/51   Discovery or management the...

H04L 9/0822   using key encryption key

H04L 9/0825 : using asymmetric-key encryp...

H04L 9/0861 : Generation of secret inform...

H04L 9/3263 : involving certificates, e.g...

H04L 9/3271 : using challenge-response

View All

Interoperable systems and methods for peer-to-peer service orchestration

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Interoperable systems and methods for peer-to-peer service orchestration

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links