Systems and methods are described for performing policy-managed, peer-to-peer service orchestration in a manner that supports the formation of self-organizing service networks that enable rich media experiences. In one embodiment, services are distributed across peer-to-peer communicating nodes, and
Systems and methods are described for performing policy-managed, peer-to-peer service orchestration in a manner that supports the formation of self-organizing service networks that enable rich media experiences. In one embodiment, services are distributed across peer-to-peer communicating nodes, and each node provides message routing and orchestration using a message pump and workflow collator. Distributed policy management of service interfaces helps to provide trust and security, supporting commercial exchange of value. Peer-to-peer messaging and workflow collation allow services to be dynamically created from a heterogeneous set of primitive services. The shared resources are services of many different types, using different service interface bindings beyond those typically supported in a web service deployments built on UDDI, SOAP, and WSDL. In a preferred embodiment, a media services framework is provided that enables nodes to find one another, interact, exchange value, and cooperate across tiers of networks from WANs to PANs.
대표청구항▼
1. A method of accessing content according to a DRM policy, comprising: receiving, by a service access point of a device, from one or more web services agents: an encrypted content item,a control program containing executable code,an encrypted content key for decrypting the encrypted content item,a
1. A method of accessing content according to a DRM policy, comprising: receiving, by a service access point of a device, from one or more web services agents: an encrypted content item,a control program containing executable code,an encrypted content key for decrypting the encrypted content item,a first link object digitally-signed by a link key, the first link object representing a relationship between a first node object and a second node object and comprising references to first node attributes included in the first node object and second node attributes included in the second node object, anda certificate for validating the link key, the certificate comprising a constraint program, the constraint program imposing link conditions on use of the link key to digitally sign link objects, and the link conditions depending on the first node attributes and the second node attributes;determining, by the device, authorization to access the encrypted content item, comprising: validating the first link object, comprising executing the constraint program and determining by the constraint program satisfaction of the link conditions based on the first node attributes and the second node attributes referenced by the first link object, verifying the certificate based on satisfaction of the link conditions, validating the use of the link key to digitally sign the first link object based on verification of the certificate, and validating the first link object based on validation of the use of the link key to digitally sign the first link object,constructing an authorization graph by processing two or more link objects, including the validated first link object;generating a chain of keys by processing the two or more link objects, including the validated first link object;querying the authorization graph by executing the executable code contained in the control program, andgenerating a target node key by processing the chain of keys; andbased on a result of querying the authorization graph, generating by the device a decrypted version of the encrypted content key by decrypting the encrypted content key using the target node key, generating by the device a decrypted content item by decrypting the encrypted content item using the decrypted version of the encrypted content key, and accessing by the device the decrypted content item. 2. The method of claim 1, wherein a DRM profile defines the first link object, the first node attributes, and the second node attributes. 3. The method of claim 2, wherein the DRM profile defines a semantics of the relationship represented by the first link object. 4. The method of claim 3, wherein the DRM profile defines the relationship as one of ownership or membership. 5. The method of claim 2, wherein the DRM profile is expressed in WSDL and the first node object and the second node object are web services agents. 6. The method of claim 1, wherein generating the chain of keys comprises processing a chain of link objects connecting a first node to a target node. 7. The method of claim 6, wherein the chain of link objects connects the first node to the target node through at least one intermediate node. 8. The method of claim 6, wherein each link object in the chain of link objects comprises cryptographic data and a reference to a “from” node and a “to” node. 9. The method of claim 8, wherein the cryptographic data comprises a key of the “to” node encrypted with a key of the “from” node. 10. The method of claim 9, wherein the key of the “to” node is a symmetric key or a private key. 11. The method of claim 1, wherein the executable code comprises instructions for querying the authorization graph for an existence of a first path and a second path, and querying the authorization graph by executing the executable code contained in the control program comprises determining the existence of the first path and the second path. 12. The method of claim 11, wherein the first path connects a first path node to a second path node and the second path connects a third path node to a fourth path node. 13. The method of claim 11, wherein the executable code comprises byte code. 14. A non-transitory computer readable medium containing instructions that, when executed by a processor of a device, cause the device to perform operations comprising: receiving, by a service access point of the device, from one or more web services agents: an encrypted content item,a control program containing executable code,an encrypted content key for decrypting the encrypted content item,a first link object digitally-signed by a link key, the first link object representing a relationship between a first node object and a second node object and comprising references to first node attributes included in the first node object and second node attributes included in the second node object, anda certificate for validating the link key, the certificate comprising a constraint program, the constraint program imposing link conditions on use of the link key to digitally sign link objects, and the link conditions depending on the first node attributes and the second node attributes;determining, by the device, authorization to access the encrypted content item, comprising: validating the first link object, comprising executing the constraint program and determining by the constraint program satisfaction of the link conditions based on the first node attributes and the second node attributes referenced by the first link object, verifying the certificate based on satisfaction of the link conditions, validating the use of the link key to digitally sign the first link object based on verification of the certificate, and validating the first link object based on validation of the use of the link key to digitally sign the first link object,constructing an authorization graph by processing two or more link objects, including the validated first link object;generating a chain of keys by processing the two or more link objects, including the validated first link object;querying the authorization graph by executing the executable code contained in the control program, andgenerating a target node key by processing the chain of keys; andbased on a result of querying the authorization graph, generating by the device a decrypted version of the encrypted content key by decrypting the encrypted content key using the target node key, generating by the device a decrypted content item by decrypting the encrypted content item using the decrypted version of the encrypted content key, and accessing by the device the decrypted content item. 15. The non-transitory computer readable medium of claim 14, wherein a DRM profile expressed in WSDL defines the first link object, a semantics of the relationship represented by the first link object, the first node attributes, and the second node attributes; and wherein the first node object and the second node object are web services agents. 16. The non-transitory computer readable medium of claim 14, wherein generating the chain of keys comprises processing a chain of link objects connecting a first node to a target node through at least one intermediate node. 17. The non-transitory computer readable medium of claim 16, wherein each link object in the chain of link objects comprises cryptographic data and a reference to a “from” node and a “to” node. 18. The non-transitory computer readable medium of claim 17, wherein the cryptographic data comprises a key of the “to” node encrypted with a key of the “from” node. 19. The non-transitory computer readable medium of claim 14, wherein the executable code comprises instructions for querying the authorization graph for an existence of a first path connecting a first path node to a second path node and a second path connecting a third path node to a fourth path node, and querying the authorization graph by executing the executable code contained in the control program comprises determining the existence of the first path and the second path. 20. A device for obtaining and accessing an encrypted content item, comprising at least one processor, and a non-transitory computer memory containing instructions that, when executed by the at least one processor, cause the processor to perform operations comprising: receiving, by a service access point of the device, from one or more web services agents: the encrypted content item,a control program containing executable code,an encrypted content key for decrypting the encrypted content item,a first link object digitally-signed by a link key, the first link object representing a relationship between a first node object and a second node object and comprising references to first node attributes included in the first node object and second node attributes included in the second node object, anda certificate for validating the link key, the certificate comprising a constraint program, the constraint program imposing link conditions on use of the link key to digitally sign link objects, and the link conditions depending on the first node attributes and the second node attributes;determining, by the device, authorization to access the encrypted content item, comprising: validating the first link object, comprising executing the constraint program and determining by the constraint program satisfaction of the link conditions based on the first node attributes and the second node attributes referenced by the first link object, verifying the certificate based on satisfaction of the link conditions the constraint program, validating the use of the link key based on the certificate, and validating the first link object based on validation of the use of the link key to digitally sign the first link object,constructing an authorization graph by processing two or more link objects, including the validated first link object;generating a chain of keys by processing the two or more link objects, including the validated first link object;querying the authorization graph by executing the executable code contained in the control program; andgenerating a target node key by processing the chain of keys; andbased on a result of querying the authorization graph, generating by the device a decrypted version of the encrypted content key by decrypting the encrypted content key using the target node key, generating by the device a decrypted content item by decrypting the encrypted content item using the decrypted version of the encrypted content key, and accessing by the device the decrypted content item. 21. The device of claim 20, wherein a DRM profile expressed in WSDL defines the first link object, a semantics of the relationship represented by the first link object, the first node attributes, and the second node attributes; and wherein the first node object and the second node object are web services agents. 22. The device of claim 20, wherein generating the chain of keys comprises processing a chain of link objects connecting a first node to a target node through at least one intermediate node, each link object in the chain of link objects comprising cryptographic data and a reference to a “from” node and a “to” node, the cryptographic data comprising a key of the “to” node encrypted with a key of the “from” node. 23. The device of claim 20, wherein the executable code comprises instructions for querying the authorization graph for an existence of a first path connecting a first path node to a second path node and a second path connecting a third path node to a fourth path node; and querying the authorization graph by executing the executable code contained in the control program comprises determining the existence of the first path and the second path.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (102)
Lal,Vishal; Singhal,Umesh; Chakravorthy,Jyothirmoy; Reddy,Rajesh T S, Application rights management in a mobile environment.
Glover John J., Computer system and process for accessing an encrypted and self-decrypting digital information product while restricting access to decrypted digital information.
Peinado, Marcus; Liu, Donna; Ganesan, Krishnamurthy, Digital rights management system operating on computing device and having black box tied to computing device.
Stefik Mark J. (Woodside CA) Russell Daniel M. (Palo Alto CA) Bobrow Daniel G. (Palo Alto CA) Henderson ; Jr. D. Austin (La Honda CA), Document processing system utilizing document service cards to provide document processing services.
Downs Edgar ; Gruse George Gregory ; Hurtado Marco M. ; Lehman Christopher T. ; Milsted Kenneth Louis ; Lotspiech Jeffrey B., Electronic content delivery system.
Abburi,Rajasekhar; Alkove,James M.; McNeill,William P.; McKune,Jeffrey R., Enforcement architecture and method for digital rights management system for roaming a license to a plurality of user devices.
Stefik Mark J. (Woodside CA) Bobrow Daniel G. (Palo Alto CA) Card Stuart K. (Los Altos CA) Casey Michalene M. (Morgan Hill CA) Goldstein Richard J. (San Francisco CA) Lamming Michael G. (Cambridge CA, Interactive contents revealing storage device.
Elley, Yassir K.; Anderson, Anne H.; Hanna, Stephen R.; Mullan, Sean J.; Perlman, Radia J., Method and system for dynamic issuance of group certificates.
Benantar,Messaoud, Method and system for managing a distributed trust path locator for public key certificates relating to the trust path of an X.509 attribute certificate.
Woo,Je Hak; Lee,Hwan Chul; Cho,Sang Young; Jeong,Seong Ho; Ha,Young Soo; Shin,Seog Kyoon; Kim,Seong Il, Method and system for the information protection of digital content.
Faybishenko, Yaroslav; Kan, Gene H.; Botros, Sherif; Beatty, John; Cutting, Douglass R., Method and system of routing messages in a distributed search network.
Graunke Gary L. ; Carbajal John ; Maliszewski Richard L. ; Rozas Carlos V., Method for securely distributing a conditional use private key to a trusted entity on a remote system.
Foster, Eric M.; Lotspiech, Jeffrey B.; Naor, Dalit; Nin, Sigfredo I.; Pestoni, Florian; Plouffe, Jr., Wilfred E.; Schaffa, Frank A., Method, system and program product for modifying content usage conditions during content distribution.
Day Michael Norman ; Russell Lance Warren ; Wood Donald Edwin ; Yeung Leo Yue Tak, Methods for real-time deterministic delivery of multimedia data in a client/server system.
Behm Jason L. (Kingston NY) Balakrishnan Govind (Kingston NY) Eisenhauer Daniel G. (Kingston NY), Network-based computer system with improved network scheduling system.
Rabne Michael W. ; Barker James A. ; Alrashid Tareq M.T. ; Christian Brian S. ; Cox Steven C. ; Slotta Elizabeth A. ; Upthegrove Luella R., Rights management system for digital media.
Cottrille, Scott C.; Waxman, Peter David; Krishnaswamy, Vinay; Venkatesh, Chandramouli; Narin, Attilla; Kostal, Gregory; Malik, Prashant; Yarmolenko, Vladimir; Byrum, Frank; Lindeman, Thomas K., Secure server plug-in architecture for digital rights management systems.
Puhl Larry C. ; Vogler Dean H. ; Dabbish Ezzat A., Secure wireless electronic-commerce system with digital product certificates and digital license certificates.
Van Wie David M. ; Weber Robert P., Steganographic techniques for securely delivering electronic digital rights management control information over insecure.
David M. Van Wie ; Robert P. Weber, Steganographic techniques for securely delivering electronic digital rights management control information over insecure communication channels.
Van Wie David M. ; Weber Robert P., Steganographic techniques for securely delivering electronic digital rights management control information over insecure communication channels.
Van Wie, David M.; Weber, Robert P., Steganographic techniques for securely delivering electronic digital rights management control information over insecure communication channels.
Alve,Jukka; Chiu,Peter K.; Yan,Zheng; Hietasarka,Juha, System and method for controlled copying and moving of content between devices and domains based on conditional encryption of content key depending on usage.
Koved,Lawrence; Mourad,Magda M.; Munson,Jonathan P.; Pacifici,Giovanni; Pistoia,Marco; Youssef,Alaa S., System and method for supporting digital rights management in an enhanced Java짰 2 runtime environment.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., System and methods for secure transaction management and electronic rights protection.
Stefik Mark J. (Woodside CA) Bobrow Daniel G. (Palo Alto CA) Pirolli Peter L. T. (El Cerrito CA), System for controlling the distribution and use of composite digital works.
Stefik Mark J. (Woodside CA) Merkle Ralph C. (Sunnyvale CA) Pirolli Peter L. T. (El Cerrito CA), System for controlling the distribution and use of digital works having a fee reporting mechanism.
Valenzuela, Edgardo; Chen, Eddie J.; DeMartini, Thomas; Fung, Joseph Zhung Yee; Nguyen, Mai; Tieu, Vincent Hsiang; Tran, Duc, Systems and methods for creating, manipulating and processing rights and contract expressions using tokenized templates.
Shear Victor H. ; Van Wie David M. ; Weber Robert P., Systems and methods for matching, selecting, narrowcasting, and/or classifying based on rights management and/or other information.
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter, Karl L.; Shear, Victor H.; Spahn, Francis J.; Van Wie, David M., Systems and methods for secure transaction management and electronic rights protection.
Karl L. Ginter ; Victor H. Shear ; Francis J. Spahn ; David M. Van Wie, Systems and methods for secure transaction management and electronic rights protection.
Karl L. Ginter ; Victor H. Shear ; Francis J. Spahn ; David M. Van Wie, Systems and methods for secure transaction management and electronic rights protection.
Karl L. Ginter ; Victor H. Shear ; Francis J. Spahn ; David M. Van Wie, Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for the secure transaction management and electronic rights protection.
Jin, Hongxia; Leake, Jr., Donald E.; Lotspiech, Jeffrey B.; Nin, Sigfredo I.; Plouffe, Wilfred E., Tamper-resistant trusted java virtual machine and method of using the same.
King, Julie H.; Kirkman, Susan D.; Labrecque, Daniel J.; Overby, Jr., Linwood H.; Pogue, Steven Wayne, Technique for handling subsequent user identification and password requests with identity change within a certificate-based host session.
Hall Edwin J. ; Shear Victor H. ; Tomasello Luke S. ; Van Wie David M. ; Weber Robert P. ; Worsencroft Kim ; Xu Xuejun, Techniques for defining using and manipulating rights management data structures.
Hall Edwin J. ; Shear Victor H. ; Tomasello Luke S. ; Van Wie David M. ; Weber Robert P. ; Worsencroft Kim ; Xu Xuejun, Techniques for defining, using and manipulating rights management data structures.
Mourad,Magda M.; Munson,Jonathan P.; Nadeem,Tamer; Pacifici,Giovanni; Pistoia,Marco; Youssef,Alaa S., Transparent digital rights management for extendible content viewers.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M. ; Weber Robert P., Trusted and secure techniques, systems and methods for item delivery and execution.
Ginter, Karl L.; Shear, Victor H.; Spahn, Francis J.; Van Wie, David M.; Weber, Robert P., Trusted infrastructure support system, methods and techniques for secure electronic commerce transaction and rights management.
Gupta, Chitrak; Seal, Abhirup; Khemani, Lucky Pratap; Venkatachalam, Hari; Basavarajaiah, Sushma, System and method for dynamic discovery of web services for a management console.
Hardy, Steven Alexander; Swaanenburg, Mark; Huijbers, Enrico, Translating requests/responses between communication channels having different protocols.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.