Interoperable systems and methods for peer-to-peer service orchestration
Abstract
Systems and methods are described for performing policy-managed, peer-to-peer service orchestration in a manner that supports the formation of self-organizing service networks that enable rich media experiences. In one embodiment, services are distributed across peer-to-peer communicating nodes, and each node provides message routing and orchestration using a message pump and workflow collator. Distributed policy management of service interfaces helps to provide trust and security, supporting commercial exchange of value. Peer-to-peer messaging and workflow collation allow services to be dynamically created from a heterogeneous set of primitive services. The shared resources are services of many different types, using different service interface bindings beyond those typically supported in a web service deployments built on UDDI, SOAP, and WSDL. In a preferred embodiment, a media services framework is provided that enables nodes to find one another, interact, exchange value, and cooperate across tiers of networks from WANs to PANs.
Claims
exact text as granted — not AI-modified1 .- 20 . (canceled)
21 . A method of authorizing access to a piece of electronic content on a computer system, the method comprising:
receiving a request from a user of the computer system to access the piece of electronic content; retrieving a license associated with the piece of electronic content, the license comprising a control object, a controller object, a protector object, and a content key object; retrieving a control program from the control object; and executing the control program using a digital rights management engine running on the computer system to determine if the request may be granted, wherein executing the control program includes evaluating one or more link objects to determine if one or more conditions expressed by the control program are satisfied, wherein each link object represents a relationship between two entities, and wherein evaluating the one or more link objects includes determining whether a first node object associated with a first entity is reachable from a second node object associated with a second entity.
22 . The method of claim 21 , in which the controller object is operable to securely bind the control object with the content key object.
23 . The method of claim 21 , in which the protector object is operable to securely bind the content key object with the piece of electronic content.
24 . The method of claim 21 , in which the content key object includes an encrypted cryptographic key, the encrypted cryptographic key, when decrypted, being capable of decrypting the piece of electronic content.
25 . The method of claim 24 , further comprising:
deriving a decryption key from the one or more link objects, the decryption key being capable of decrypting the encrypted cryptographic key.
26 . The method of claim 24 , wherein at least one of the one or more link objects comprises an encrypted version of a first key, the first key being capable of decrypting the encrypted cryptographic key, the method further comprising:
decrypting the first key using a second key associated with the computer system; decrypting the encrypted cryptographic key using the first key; and decrypting the piece of electronic content using the cryptographic key.
27 . The method of claim 21 , in which the first entity comprises a user, and in which the second entity comprises a device capable of rendering electronic content.
28 . A method of authorizing a given action to be performed on a piece of electronic content, the method comprising:
executing a control program using a virtual machine running on a first digital rights management engine, the control program being operable to determine whether the given action can be performed on the piece of electronic content, wherein the control program is operable to evaluate a set of one or more conditions that must be satisfied in order for performance of the given action to be authorized, and wherein at least a first condition in the set of one or more conditions comprises a requirement that a first node representing a first entity be reachable from a second node representing a second entity; and evaluating one or more link objects available to the digital rights management engine to determine if the first node is reachable from the second node, each link objects expressing a relationship between two entities.
29 . The method of claim 28 , in which at least a second condition in the set of one or more conditions comprises a requirement that a third node representing a third entity be reachable from the second node.
30 . The method of claim 28 , further comprising:
deriving a first cryptographic key from the one or more link objects, the first cryptographic key being capable of decrypting a second cryptographic key, the second cryptographic key being capable of decrypting the piece of electronic content.
31 . The method of claim 28 , in which the control program is contained in a control object.
32 . The method of claim 31 , in which the control object is cryptographically bound to a content key object, the content key object comprising an encrypted cryptographic key, the cryptographic key being capable of decrypting the piece of electronic content.
33 . A method of managing a piece of electronic content, the method comprising:
encrypting the piece of electronic content; associating a license with the piece of electronic content, the license comprising a control program, the control program requiring, as a condition of authorizing decryption of the piece of electronic content, possession of a set of one or more link objects logically connecting a first node object with a second node object, the license further comprising an encrypted version of a first key operable to decrypt the piece of electronic content; sending the piece of electronic content to a remote computer system; determining that the remote computer system has possession of a set of one or more link objects logically connecting the first node object with the second node object, wherein at least one of the one or more link objects comprises an encrypted version of a second key operable to decrypt the first key; upon completion of the determining step, decrypting the second key using a key associated with the remote computer system; decrypting the first key using the second key; and decrypting the piece of electronic content using the first key.
34 . The method of claim 33 , in which the license further comprises a controller object securely binding the control program with the first key.
35 . The method of claim 34 , in which the controller object include a hash of a content key object and a control object, wherein the content key object comprises an encrypted version of the first key, and the control object comprises the control program.
36 . A system for controlling access to a piece of electronic content on a computer system, the system comprising:
means for receiving a request from a user of the computer system to access the piece of electronic content; means for retrieving a license associated with the piece of electronic content, the license comprising a control object, a controller object, a protector object, and a content key object; means for retrieving a control program from the control object; and means for executing the control program using a digital rights management engine running on the computer system to determine if the request may be granted, wherein executing the control program includes evaluating one or more link objects to determine if one or more conditions expressed by the control program are satisfied, wherein each link object represents a relationship between two entities, and wherein evaluating the one or more link objects includes determining whether a first node object associated with a first entity is reachable from a second node object associated with a second entity.
37 . The system of claim 36 , in which the controller object is operable to securely bind the control object with the content key object.
38 . The system of claim 36 , in which the protector object is operable to securely bind the content key object with the piece of electronic content.
39 . The system of claim 38 , in which the content key object includes an encrypted cryptographic key, the encrypted cryptographic key, when decrypted, being capable of decrypting the piece of electronic content.
40 . The system of claim 39 , further comprising:
means for deriving a decryption key from the one or more link objects, the decryption key being capable of decrypting the encrypted cryptographic key.Join the waitlist — get patent alerts
Track US2007283423A1 — get alerts on status changes and closely related new filings.
We store only your email — no account needed. See our privacy policy.