Systems and methods are described for performing policy-managed, peer-to-peer service orchestration in a manner that supports the formation of self-organizing service networks that enable rich media experiences. In one embodiment, services are distributed across peer-to-peer communicating nodes, and
Systems and methods are described for performing policy-managed, peer-to-peer service orchestration in a manner that supports the formation of self-organizing service networks that enable rich media experiences. In one embodiment, services are distributed across peer-to-peer communicating nodes, and each node provides message routing and orchestration using a message pump and workflow collator. Distributed policy management of service interfaces helps to provide trust and security, supporting commercial exchange of value. Peer-to-peer messaging and workflow collation allow services to be dynamically created from a heterogeneous set of primitive services. The shared resources are services of many different types, using different service interface bindings beyond those typically supported in a web service deployments built on UDDI, SOAP, and WSDL. In a preferred embodiment, a media services framework is provided that enables nodes to find one another, interact, exchange value, and cooperate across tiers of networks from WANs to PANs.
대표청구항▼
1. A method of accessing content through a composite web service, comprising: communicating a request for content to a device;communicating, by the device, with one or more peer nodes using a service access point of the device, comprising: discovering a peer node providing content services,negotiati
1. A method of accessing content through a composite web service, comprising: communicating a request for content to a device;communicating, by the device, with one or more peer nodes using a service access point of the device, comprising: discovering a peer node providing content services,negotiating a trusted relationship with the peer node providing content services,receiving a content object from the peer node providing content services, the content object comprising a content id and an encrypted content item,receiving a license object from a peer node providing license services, the license object comprising: a control object including a control program containing instructions for querying an authorization graph for an existence of a first path from a first path node to a second path node and a second path from a third path node to a fourth path node,a contentkey object including an encrypted content key for decrypting the encrypted content item,receiving a digitally signed first link object from a peer node providing link objects;evaluating the license object using a DRM engine of the device, comprising: verifying, by the DRM engine, the license object,verifying, by the DRM engine, the digitally signed first link object based on a digital signature of the digitally signed first link object,constructing, by the DRM engine, the authorization graph, by processing the digitally signed first link object and one or more additional link objects,generating, by the DRM engine, a chain of keys, by processing the digitally signed first link object and the one or more additional link objects,querying, by the DRM engine, the authorization graph; wherein querying comprises the DRM engine executing the control program, and determining, by the control program, the existence of the first path from the first path node to the second path node and the second path from the third path node to the fourth path node, andgenerating, by the DRM engine, a target node key by processing the chain of keys; andbased on the determined existence of the first path from the first path node to the second path node and the second path from the third path node to the fourth path node: generating, by the device, an unencrypted content key by decrypting the encrypted content key using the target node key;generating, by the device, a decrypted content item by decrypting the encrypted content item using the unencrypted content key; andaccessing, by the device, the decrypted content item. 2. The method of claim 1, wherein the DRM engine comprises a virtual machine and executing the control program comprises using the virtual machine to execute the control program. 3. The method of claim 1, wherein the instructions for querying the authorization graph comprise byte code executed by the DRM engine. 4. The method of claim 1, wherein a workflow collator of the device coordinates communication with the one or more peer nodes. 5. The method of claim 4, wherein the workflow collator coordinates communication according to a service description. 6. The method of claim 5, wherein the service description is expressed in WSDL. 7. The method of claim 5, wherein the service description is expressed in a standard service choreography language. 8. The method of claim 7, wherein the standard service choreography language is WSCI, BPEL, or ebXML. 9. The method of claim 5, wherein the workflow collator uses a state machine to implement the service description. 10. The method of claim 5, wherein the workflow collator interacts with one or more service orchestration plugins to implement the service description. 11. The method of claim 5, wherein the workflow collator communicates with an external service coordinator to implement the service description. 12. The method of claim 1, wherein: the license object further comprises a controller object binding the control object to the contentkey object, and a protector object binding the contentkey object to the content object, andverifying the license object comprises verifying the binding between the control object and the contentkey object and verifying the binding between the contentkey object and the content object. 13. The method of claim 12, wherein: the content object further comprises a content object id,the control object further comprises a control object id,the contentkey object further comprises a contentkey id,a controller object further comprises a reference to the control object id, and a controller reference to the contentkey id,a protector object further comprises a protector reference to the contentkey id and a reference to the content object,the binding between the control object and the contentkey object is verified based on the controller reference to the contentkey id and the reference to the control object id, andthe binding between the contentkey object and the content object is verified based on the protector reference to the contentkey id and the reference to the content object id. 14. The method of claim 13, wherein the controller object further includes a hash of the control object and a hash of the contentkey object, and verifying the license object further comprises: verifying the control object using the hash of the control object included in the controller object, andverifying the contentkey object using the hash of the contentkey object included in the controller object. 15. The method of claim 13, wherein the controller object is digitally signed using a message authentication code keyed with a key that encrypted the encrypted content key. 16. The method of claim 13, wherein the controller object is digitally signed using a private key, and the controller object binds the private key to the contentkey object based on a hash of the signing private key. 17. The method of claim 1, wherein the DRM engine generates the chain of keys by processing a chain of link objects connecting a first node to a target node. 18. The method of claim 17, wherein each link object in the chain of link objects comprises cryptographic data and a reference to a “from” node object and a “to” node object. 19. The method of claim 18, wherein the cryptographic data comprises a key of the “from” node object encrypted with a key of the “to” node object. 20. The method of claim 19, wherein the chain of link objects connects the first node to the target node through at least one intermediate node. 21. The method of claim 19, wherein the key of the “from” node object is a symmetric key. 22. The method of claim 19, wherein the key of the “from” node object is a private key. 23. The method of claim 17, wherein a DRM profile defines a first node object representing the first node, a target node object representing the target node, and the first link object. 24. The method of claim 23, wherein the DRM profile is expressed in WSDL and the first node object and the target node object are web services agents. 25. A non-transitory computer readable medium containing instructions that, when executed by a processor of a device, cause the device to perform operations comprising: communicating a request for content to a device;communicating, by the device, with one or more peer nodes using a service access point of the device, comprising: discovering a peer node providing content services,negotiating a trusted relationship with the peer node providing content services,receiving a content object from the peer node providing content services, the content object comprising a content id and an encrypted content item,receiving a license object from a peer node providing license services, the license object comprising: a control object including a control program containing instructions for querying an authorization graph for an existence of a first path from a first path node to a second path node and a second path from a third path node to a fourth path node,a contentkey object including an encrypted content key for decrypting the encrypted content item,receiving a digitally signed first link object from a peer node providing link objects;evaluating the license object using a DRM engine of the device, comprising: verifying, by the DRM engine, the license object,verifying, by the DRM engine, the digitally signed first link object based on a digital signature of the digitally signed first link object,constructing, by the DRM engine, the authorization graph, by processing the digitally signed first link object and one or more additional link objects,generating, by the DRM engine a chain of keys, by processing the digitally signed first link object and the one or more additional link objects;querying, by the DRM engine, the authorization graph; wherein querying comprises the DRM engine executing the control program using a virtual machine of the DRM engine, and determining, by the control program, the existence of the first path from the first path node to the second path node and the second path from the third path node to the fourth path node, andgenerating, by the DRM engine, a target node key by processing the chain of keys; andbased on the determined existence of the first path from the first path node to the second path node and the second path from the third path node to the fourth path node: generating, by the device, an unencrypted content key by decrypting the encrypted content key using the target node key,generating, by the device, a decrypted content item by decrypting the encrypted content item using the unencrypted content key, andaccessing, by the device, the decrypted content item. 26. The non-transitory computer readable medium of claim 25, wherein a workflow collator of the device coordinates communication with the one or more peer nodes according to a service description expressed in WSDL using a state machine, the workflow collator interacting with one or more service orchestration plugins and an external service coordinator to implement the service description. 27. The non-transitory computer readable medium of claim 25, wherein: the content object further comprises a content object id,the control object further comprises a control object id,the contentkey object further comprises a contentkey id,the license object further comprises: a controller object binding the control object to the contentkey object and including a reference to the control object id and a controller reference to the contentkey id, anda protector object binding the contentkey object to the content object and including a protector reference to the contentkey id and a reference to the content object; andverifying the license object comprises: verifying the binding between the control object and the contentkey object based on the reference to the contentkey id and the controller reference to the control object id, andverifying the binding between the contentkey object and the content object based on the protector reference to the contentkey id and the reference to the content object id. 28. The non-transitory computer readable medium of claim 25, wherein the DRM engine generates the chain of keys by processing a chain of link objects connecting a first node to a target node, each link object in the chain of link objects comprising cryptographic data and a reference to a “from” node object and a “to” node object, the cryptographic data comprising a key of the “from” node object encrypted with a key of the “to” node object, the chain of link objects connecting the first node to the target node through at least one intermediate node. 29. A device for obtaining and accessing a content item, comprising: at least one processor, anda non-transitory computer memory containing instructions that, when executed by the at least one processor, cause the device to perform operations comprising: communicating a request for content to the device;communicating, by the device, with one or more peer nodes using a service access point of the device, comprising: discovering a peer node providing content services,negotiating a trusted relationship with the peer node providing content services,receiving a content object from the peer node providing content services, the content object comprising a content id and an encrypted content item,receiving a license object from a peer node providing license services, the license object comprising a control object including a control program containing instructions for querying an authorization graph for an existence of a first path from a first path node to a second path node and a second path from a third path node to a fourth path node, and a contentkey object including an encrypted content key for decrypting the encrypted content item, andreceiving a digitally signed first link object from a peer node providing link objects;evaluating the license object using a DRM engine of the device, comprising: verifying, by the DRM engine, the license object,verifying, by the DRM engine, the digitally signed first link object based on a digital signature of the digitally signed first link object,constructing, by the DRM engine, the authorization graph, by processing the digitally signed first link object and one or more additional link objects,generating, by the DRM engine a chain of keys, by processing the digitally signed first link object and the one or more additional link objects;querying, by the DRM engine, the authorization graph; wherein querying comprises the DRM engine executing the control program, and determining, by the control program, the existence of the first path from the first path node to the second path node and the second path from the third path node to the fourth path node, andgenerating, by the DRM engine, a target node key by processing the chain of keys; andbased on the determined existence of the first path from the first path node to the second path node and the second path from the third path node to the fourth path node: generating, by the device, an unencrypted content key by decrypting the encrypted content key using the target node key;generating, by the device, a decrypted content item by decrypting the encrypted content item using the unencrypted content key; andaccessing, by the device, the decrypted content item. 30. The device for obtaining and accessing a content item of claim 29, wherein a workflow collator of the device coordinates communication with the one or more peer nodes according to a service description expressed in WSDL using a state machine, the workflow collator interacting with one or more service orchestration plugins and an external service coordinator to implement the service description. 31. The device for obtaining and accessing a content item of claim 29, wherein: the content object further comprises a content object id,the control object further comprises a control object id,the contentkey object further comprises a contentkey id,the license object further comprises: a controller object binding the control object to the contentkey object and including a reference to the control object id and a controller reference to the contentkey id, anda protector object binding the contentkey object to the content object and including a protector reference to the contentkey id and a reference to the content object; andverifying the license object comprises: verifying the binding between the control object and the contentkey object based on the controller reference to the contentkey id and the reference to the control object id, andverifying the binding between the contentkey object and the content object based on the protector reference to the contentkey id and the reference to the content object id. 32. The device for obtaining and accessing a content item of claim 29, wherein the DRM engine generates the chain of keys by processing a chain of link objects connecting a first node to a target node, each link object in the chain of link objects comprising cryptographic data and a reference to a “from” node object and a “to” node object, the cryptographic data comprising a key of the “from” node object encrypted with a key of the “to” node object, the chain of link objects connecting the first node to the target node through at least one intermediate node.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (102)
Lal,Vishal; Singhal,Umesh; Chakravorthy,Jyothirmoy; Reddy,Rajesh T S, Application rights management in a mobile environment.
Glover John J., Computer system and process for accessing an encrypted and self-decrypting digital information product while restricting access to decrypted digital information.
Peinado, Marcus; Liu, Donna; Ganesan, Krishnamurthy, Digital rights management system operating on computing device and having black box tied to computing device.
Stefik Mark J. (Woodside CA) Russell Daniel M. (Palo Alto CA) Bobrow Daniel G. (Palo Alto CA) Henderson ; Jr. D. Austin (La Honda CA), Document processing system utilizing document service cards to provide document processing services.
Downs Edgar ; Gruse George Gregory ; Hurtado Marco M. ; Lehman Christopher T. ; Milsted Kenneth Louis ; Lotspiech Jeffrey B., Electronic content delivery system.
Abburi,Rajasekhar; Alkove,James M.; McNeill,William P.; McKune,Jeffrey R., Enforcement architecture and method for digital rights management system for roaming a license to a plurality of user devices.
Stefik Mark J. (Woodside CA) Bobrow Daniel G. (Palo Alto CA) Card Stuart K. (Los Altos CA) Casey Michalene M. (Morgan Hill CA) Goldstein Richard J. (San Francisco CA) Lamming Michael G. (Cambridge CA, Interactive contents revealing storage device.
Elley, Yassir K.; Anderson, Anne H.; Hanna, Stephen R.; Mullan, Sean J.; Perlman, Radia J., Method and system for dynamic issuance of group certificates.
Benantar,Messaoud, Method and system for managing a distributed trust path locator for public key certificates relating to the trust path of an X.509 attribute certificate.
Woo,Je Hak; Lee,Hwan Chul; Cho,Sang Young; Jeong,Seong Ho; Ha,Young Soo; Shin,Seog Kyoon; Kim,Seong Il, Method and system for the information protection of digital content.
Faybishenko, Yaroslav; Kan, Gene H.; Botros, Sherif; Beatty, John; Cutting, Douglass R., Method and system of routing messages in a distributed search network.
Graunke Gary L. ; Carbajal John ; Maliszewski Richard L. ; Rozas Carlos V., Method for securely distributing a conditional use private key to a trusted entity on a remote system.
Foster, Eric M.; Lotspiech, Jeffrey B.; Naor, Dalit; Nin, Sigfredo I.; Pestoni, Florian; Plouffe, Jr., Wilfred E.; Schaffa, Frank A., Method, system and program product for modifying content usage conditions during content distribution.
Day Michael Norman ; Russell Lance Warren ; Wood Donald Edwin ; Yeung Leo Yue Tak, Methods for real-time deterministic delivery of multimedia data in a client/server system.
Behm Jason L. (Kingston NY) Balakrishnan Govind (Kingston NY) Eisenhauer Daniel G. (Kingston NY), Network-based computer system with improved network scheduling system.
Rabne Michael W. ; Barker James A. ; Alrashid Tareq M.T. ; Christian Brian S. ; Cox Steven C. ; Slotta Elizabeth A. ; Upthegrove Luella R., Rights management system for digital media.
Cottrille, Scott C.; Waxman, Peter David; Krishnaswamy, Vinay; Venkatesh, Chandramouli; Narin, Attilla; Kostal, Gregory; Malik, Prashant; Yarmolenko, Vladimir; Byrum, Frank; Lindeman, Thomas K., Secure server plug-in architecture for digital rights management systems.
Puhl Larry C. ; Vogler Dean H. ; Dabbish Ezzat A., Secure wireless electronic-commerce system with digital product certificates and digital license certificates.
Van Wie David M. ; Weber Robert P., Steganographic techniques for securely delivering electronic digital rights management control information over insecure.
David M. Van Wie ; Robert P. Weber, Steganographic techniques for securely delivering electronic digital rights management control information over insecure communication channels.
Van Wie David M. ; Weber Robert P., Steganographic techniques for securely delivering electronic digital rights management control information over insecure communication channels.
Van Wie, David M.; Weber, Robert P., Steganographic techniques for securely delivering electronic digital rights management control information over insecure communication channels.
Alve,Jukka; Chiu,Peter K.; Yan,Zheng; Hietasarka,Juha, System and method for controlled copying and moving of content between devices and domains based on conditional encryption of content key depending on usage.
Koved,Lawrence; Mourad,Magda M.; Munson,Jonathan P.; Pacifici,Giovanni; Pistoia,Marco; Youssef,Alaa S., System and method for supporting digital rights management in an enhanced Java짰 2 runtime environment.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., System and methods for secure transaction management and electronic rights protection.
Stefik Mark J. (Woodside CA) Bobrow Daniel G. (Palo Alto CA) Pirolli Peter L. T. (El Cerrito CA), System for controlling the distribution and use of composite digital works.
Stefik Mark J. (Woodside CA) Merkle Ralph C. (Sunnyvale CA) Pirolli Peter L. T. (El Cerrito CA), System for controlling the distribution and use of digital works having a fee reporting mechanism.
Valenzuela, Edgardo; Chen, Eddie J.; DeMartini, Thomas; Fung, Joseph Zhung Yee; Nguyen, Mai; Tieu, Vincent Hsiang; Tran, Duc, Systems and methods for creating, manipulating and processing rights and contract expressions using tokenized templates.
Shear Victor H. ; Van Wie David M. ; Weber Robert P., Systems and methods for matching, selecting, narrowcasting, and/or classifying based on rights management and/or other information.
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter, Karl L.; Shear, Victor H.; Spahn, Francis J.; Van Wie, David M., Systems and methods for secure transaction management and electronic rights protection.
Karl L. Ginter ; Victor H. Shear ; Francis J. Spahn ; David M. Van Wie, Systems and methods for secure transaction management and electronic rights protection.
Karl L. Ginter ; Victor H. Shear ; Francis J. Spahn ; David M. Van Wie, Systems and methods for secure transaction management and electronic rights protection.
Karl L. Ginter ; Victor H. Shear ; Francis J. Spahn ; David M. Van Wie, Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for the secure transaction management and electronic rights protection.
Jin, Hongxia; Leake, Jr., Donald E.; Lotspiech, Jeffrey B.; Nin, Sigfredo I.; Plouffe, Wilfred E., Tamper-resistant trusted java virtual machine and method of using the same.
King, Julie H.; Kirkman, Susan D.; Labrecque, Daniel J.; Overby, Jr., Linwood H.; Pogue, Steven Wayne, Technique for handling subsequent user identification and password requests with identity change within a certificate-based host session.
Hall Edwin J. ; Shear Victor H. ; Tomasello Luke S. ; Van Wie David M. ; Weber Robert P. ; Worsencroft Kim ; Xu Xuejun, Techniques for defining using and manipulating rights management data structures.
Hall Edwin J. ; Shear Victor H. ; Tomasello Luke S. ; Van Wie David M. ; Weber Robert P. ; Worsencroft Kim ; Xu Xuejun, Techniques for defining, using and manipulating rights management data structures.
Mourad,Magda M.; Munson,Jonathan P.; Nadeem,Tamer; Pacifici,Giovanni; Pistoia,Marco; Youssef,Alaa S., Transparent digital rights management for extendible content viewers.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M. ; Weber Robert P., Trusted and secure techniques, systems and methods for item delivery and execution.
Ginter, Karl L.; Shear, Victor H.; Spahn, Francis J.; Van Wie, David M.; Weber, Robert P., Trusted infrastructure support system, methods and techniques for secure electronic commerce transaction and rights management.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.