Systems and methods are described for performing policy-managed, peer-to-peer service orchestration in a manner that supports the formation of self-organizing service networks that enable rich media experiences. In one embodiment, services are distributed across peer-to-peer communicating nodes, and
Systems and methods are described for performing policy-managed, peer-to-peer service orchestration in a manner that supports the formation of self-organizing service networks that enable rich media experiences. In one embodiment, services are distributed across peer-to-peer communicating nodes, and each node provides message routing and orchestration using a message pump and workflow collator. Distributed policy management of service interfaces helps to provide trust and security, supporting commercial exchange of value. Peer-to-peer messaging and workflow collation allow services to be dynamically created from a heterogeneous set of primitive services. The shared resources are services of many different types, using different service interface bindings beyond those typically supported in a web service deployments built on UDDI, SOAP, and WSDL. In a preferred embodiment, a media services framework is provided that enables nodes to find one another, interact, exchange value, and cooperate across tiers of networks from WANs to PANs.
대표청구항▼
1. A computing device comprising: one or more processors, anda non-transitory computer readable memory containing instructions that, when executed by the one or more processors, cause the one or more processors to perform operations including: operating a host application, a computing device node ap
1. A computing device comprising: one or more processors, anda non-transitory computer readable memory containing instructions that, when executed by the one or more processors, cause the one or more processors to perform operations including: operating a host application, a computing device node application that communicates with a gateway device, a digital rights management engine (DRM engine), and a cryptographic services module distinct from the DRM engine;receiving, by the computing device node application from the gateway device, a license for an encrypted content object comprising license instructions, the encrypted content object, an encrypted cryptographic key for decrypting the encrypted content object, and a set of link objects;querying an authorization graph by executing, using the DRM engine, the license instructions and determining an existence of a first path on the authorization graph from the computing device node application to an authorization node by processing two or more link objects from the set of link objects;decrypting the encrypted cryptographic key for decrypting the encrypted content object using the DRM engine and the cryptographic services module, decryption comprising: processing, using the DRM engine, a chain of link objects, from the set of link objects, connecting the computing device node application to a target node through a second path on the authorization graph that includes an intermediate node, and retrieving encrypted cryptographic keys contained in the link objects of the chain of link objects, the encrypted cryptographic keys including an encrypted cryptographic key of the intermediate node and an encrypted cryptographic key of the target node,decrypting, using the cryptographic services module interacting with the DRM engine, the encrypted cryptographic key of the intermediate node using a cryptographic key of the computing device node application,decrypting, using the cryptographic services module interacting with the DRM engine, the encrypted cryptographic key of the target node using the cryptographic key of the intermediate node, andbased on a result of querying the authorization graph: decrypting, using the cryptographic services module interacting with the DRM engine, the encrypted cryptographic key for decrypting the encrypted content object using the cryptographic key of the target node,providing, by the DRM engine to the host application, the cryptographic key for decrypting the encrypted content object,decrypting, using the cryptographic services module interacting with the host application, the encrypted content object using the cryptographic key for decrypting the encrypted content object, andaccessing the content object using the host application interacting with the cryptographic services module. 2. The computing device of claim 1, wherein the operations further include: providing, by the computing device node application to the gateway device, a digitally-signed personalization request message identifying the computing device;receiving, by the computing device node application from the gateway device in response to the digitally-signed personalization request message, a personalization message;associating, by the computing device node application and in response to the personalization message, the cryptographic key of the computing device node application with the computing device node application. 3. The computing device of claim 2, wherein the digitally-signed personalization request message includes a digital certificate associated with the computing device. 4. The computing device of claim 1, wherein the computing device node application communicates with the gateway device over a personal area network. 5. The computing device of claim 1, wherein the computing device node application communicates with the gateway device using a service access point that accesses web services exposed by the gateway device. 6. The computing device of claim 1, wherein the computing device comprises a portable media player. 7. The computing device of claim 1, wherein a link object of the intermediate node connects a “from” node to the intermediate node. 8. The computing device of claim 7, wherein the encrypted cryptographic key of the intermediate node includes a private key of the intermediate node encrypted with a public key of the “from” node. 9. The computing device of claim 1, wherein the DRM engine comprises a virtual machine and executing the license instructions comprises using the virtual machine to execute the license instructions. 10. The computing device of claim 1, wherein the instructions comprise byte code, and executing the license instructions comprises executing the byte code. 11. A computer-implemented method comprising, operating, using at least one processor of a computing device, a host application, a computing device node application that communicates with a gateway device, a DRM engine, and a cryptographic services module distinct from the DRM engine;receiving, by the computing device node application from the gateway device, a license for an encrypted content object comprising license instructions, the encrypted content object, an encrypted cryptographic key for decrypting the encrypted content object, and a set of link objects;querying an authorization graph by executing, using the DRM engine, the license instructions and determining, using the DRM engine, an existence of a first path on the authorization graph from the computing device node application to an authorization node by processing two or more link objects from the set of link objects;decrypting the encrypted cryptographic key for decrypting the encrypted content object using the DRM engine and the cryptographic services module, decryption comprising: processing, using the DRM engine, a chain of link objects, from the set of link objects, connecting the computing device node application to a target node through a second path on the authorization graph that includes an intermediate node, and retrieving, using the DRM engine, encrypted cryptographic keys contained in the link objects of the chain of link objects, the encrypted cryptographic keys including an encrypted cryptographic key of the intermediate node and an encrypted cryptographic key of the target node,decrypting, using the cryptographic services module interacting with the DRM engine, the encrypted cryptographic key of the intermediate node using a cryptographic key of the computing device node application,decrypting, using the cryptographic services module interacting with the DRM engine, the encrypted cryptographic key of the target node using the cryptographic key of the intermediate node, andbased on a result of querying the authorization graph: decrypting, using the cryptographic services module interacting with the DRM engine, the encrypted cryptographic key for decrypting the encrypted content object using the cryptographic key of the target node,providing, by the DRM engine to the host application, the cryptographic key for decrypting the encrypted content object,decrypting, using the cryptographic services module interacting with the host application, the encrypted content object using the cryptographic key for decrypting the encrypted content object, andaccessing the content object using the host application interacting with the cryptographic services module. 12. The method of claim 11, wherein the method further includes: providing, by the computing device node application to the gateway device, a digitally-signed personalization request message identifying the computing device;receiving, by the computing device node application from the gateway device in response to the digitally-signed personalization request message, a personalization message;associating, by the computing device node application and in response to the personalization message, the cryptographic key of the computing device node application with the computing device node application. 13. The method of claim 11, wherein the computing device comprises a portable media player, and wherein the computing device node application communicates with the gateway device over a personal area network. 14. The method of claim 11, wherein the computing device node application communicates with the gateway device using a service access point that accesses web services exposed by the gateway device. 15. The method of claim 11, wherein a link object of the intermediate node connects a “from” node to the intermediate node and wherein the encrypted cryptographic key of the intermediate node includes a private key of the intermediate node encrypted with a public key of the “from” node. 16. The method of claim 11, wherein the DRM engine comprises a virtual machine, the license instructions comprise byte code, and executing the license instructions comprises using the virtual machine to execute the byte code. 17. A non-transitory computer readable medium containing instructions that, when executed by one or more processors of a computing device, cause the one or more processors to perform operations including: operating a host application, a computing device node application that communicates with a gateway device, a DRM engine, and a cryptographic services module distinct from the DRM engine;receiving, by the computing device node application from the gateway device, a license for an encrypted content object comprising license instructions, the encrypted content object, an encrypted cryptographic key for decrypting the encrypted content object, and a set of link objects;querying an authorization graph by executing, using the DRM engine, the license instructions and determining an existence of a first path on the authorization graph from the computing device node application to an authorization node by processing two or more link objects from the set of link objects;decrypting the encrypted cryptographic key for decrypting the encrypted content object using the DRM engine and the cryptographic services module, decryption comprising: processing, using the DRM engine, a chain of link objects, from the set of link objects, connecting the computing device node application to a target node through a second path on the authorization graph that includes an intermediate node, and to retrieving encrypted cryptographic keys contained in the link objects of the chain of link objects, the encrypted cryptographic keys including an encrypted cryptographic key of the intermediate node and an encrypted cryptographic key of the target node,decrypting, using the cryptographic services module interacting with the DRM engine, the encrypted cryptographic key of the intermediate node using a cryptographic key of the computing device node application,decrypting, using the cryptographic services module interacting with the DRM engine, the encrypted cryptographic key of the target node using the cryptographic key of the intermediate node, andbased on a result of querying the authorization graph: decrypting, using the cryptographic services module interacting with the DRM engine, the encrypted cryptographic key for decrypting the encrypted content object using the cryptographic key of the target node,providing, by the DRM engine to the host application, the cryptographic key for decrypting the encrypted content object,decrypting, using the cryptographic services module interacting with the host application, the encrypted content object using the cryptographic key for decrypting the encrypted content object, andaccessing the content object using the host application interacting with the cryptographic services module. 18. The medium of claim 17, wherein the operations further include: providing, by the computing device node application to the gateway device, a digitally-signed personalization request message identifying the computing device;receiving, by the computing device node application from the gateway device in response to the digitally-signed personalization request message, a personalization message;associating, by the computing device node application and in response to the personalization message, the cryptographic key of the computing device node application with the computing device node application. 19. The medium of claim 17, wherein the computing device node application communicates with the gateway device using a service access point that accesses web services exposed by the gateway device. 20. The medium of claim 17, wherein a link object of the intermediate node connects a “from” node to the intermediate node and wherein the encrypted cryptographic key of the intermediate node includes a private key of the intermediate node encrypted with a public key of the “from” node.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (105)
Lal,Vishal; Singhal,Umesh; Chakravorthy,Jyothirmoy; Reddy,Rajesh T S, Application rights management in a mobile environment.
Glover John J., Computer system and process for accessing an encrypted and self-decrypting digital information product while restricting access to decrypted digital information.
Peinado, Marcus; Liu, Donna; Ganesan, Krishnamurthy, Digital rights management system operating on computing device and having black box tied to computing device.
Stefik Mark J. (Woodside CA) Russell Daniel M. (Palo Alto CA) Bobrow Daniel G. (Palo Alto CA) Henderson ; Jr. D. Austin (La Honda CA), Document processing system utilizing document service cards to provide document processing services.
Downs Edgar ; Gruse George Gregory ; Hurtado Marco M. ; Lehman Christopher T. ; Milsted Kenneth Louis ; Lotspiech Jeffrey B., Electronic content delivery system.
Abburi,Rajasekhar; Alkove,James M.; McNeill,William P.; McKune,Jeffrey R., Enforcement architecture and method for digital rights management system for roaming a license to a plurality of user devices.
Stefik Mark J. (Woodside CA) Bobrow Daniel G. (Palo Alto CA) Card Stuart K. (Los Altos CA) Casey Michalene M. (Morgan Hill CA) Goldstein Richard J. (San Francisco CA) Lamming Michael G. (Cambridge CA, Interactive contents revealing storage device.
Elley, Yassir K.; Anderson, Anne H.; Hanna, Stephen R.; Mullan, Sean J.; Perlman, Radia J., Method and system for dynamic issuance of group certificates.
Benantar,Messaoud, Method and system for managing a distributed trust path locator for public key certificates relating to the trust path of an X.509 attribute certificate.
Woo,Je Hak; Lee,Hwan Chul; Cho,Sang Young; Jeong,Seong Ho; Ha,Young Soo; Shin,Seog Kyoon; Kim,Seong Il, Method and system for the information protection of digital content.
Faybishenko, Yaroslav; Kan, Gene H.; Botros, Sherif; Beatty, John; Cutting, Douglass R., Method and system of routing messages in a distributed search network.
Graunke Gary L. ; Carbajal John ; Maliszewski Richard L. ; Rozas Carlos V., Method for securely distributing a conditional use private key to a trusted entity on a remote system.
Foster, Eric M.; Lotspiech, Jeffrey B.; Naor, Dalit; Nin, Sigfredo I.; Pestoni, Florian; Plouffe, Jr., Wilfred E.; Schaffa, Frank A., Method, system and program product for modifying content usage conditions during content distribution.
Day Michael Norman ; Russell Lance Warren ; Wood Donald Edwin ; Yeung Leo Yue Tak, Methods for real-time deterministic delivery of multimedia data in a client/server system.
Behm Jason L. (Kingston NY) Balakrishnan Govind (Kingston NY) Eisenhauer Daniel G. (Kingston NY), Network-based computer system with improved network scheduling system.
Rabne Michael W. ; Barker James A. ; Alrashid Tareq M.T. ; Christian Brian S. ; Cox Steven C. ; Slotta Elizabeth A. ; Upthegrove Luella R., Rights management system for digital media.
Cottrille, Scott C.; Waxman, Peter David; Krishnaswamy, Vinay; Venkatesh, Chandramouli; Narin, Attilla; Kostal, Gregory; Malik, Prashant; Yarmolenko, Vladimir; Byrum, Frank; Lindeman, Thomas K., Secure server plug-in architecture for digital rights management systems.
Puhl Larry C. ; Vogler Dean H. ; Dabbish Ezzat A., Secure wireless electronic-commerce system with digital product certificates and digital license certificates.
Van Wie David M. ; Weber Robert P., Steganographic techniques for securely delivering electronic digital rights management control information over insecure.
David M. Van Wie ; Robert P. Weber, Steganographic techniques for securely delivering electronic digital rights management control information over insecure communication channels.
Van Wie David M. ; Weber Robert P., Steganographic techniques for securely delivering electronic digital rights management control information over insecure communication channels.
Van Wie, David M.; Weber, Robert P., Steganographic techniques for securely delivering electronic digital rights management control information over insecure communication channels.
Alve,Jukka; Chiu,Peter K.; Yan,Zheng; Hietasarka,Juha, System and method for controlled copying and moving of content between devices and domains based on conditional encryption of content key depending on usage.
Issa, Alfredo; Amidon, Christopher; Walsh, Richard, System and method for rights propagation and license management in conjunction with distribution of digital content in a social network.
Koved,Lawrence; Mourad,Magda M.; Munson,Jonathan P.; Pacifici,Giovanni; Pistoia,Marco; Youssef,Alaa S., System and method for supporting digital rights management in an enhanced Java짰 2 runtime environment.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., System and methods for secure transaction management and electronic rights protection.
Stefik Mark J. (Woodside CA) Bobrow Daniel G. (Palo Alto CA) Pirolli Peter L. T. (El Cerrito CA), System for controlling the distribution and use of composite digital works.
Stefik Mark J. (Woodside CA) Merkle Ralph C. (Sunnyvale CA) Pirolli Peter L. T. (El Cerrito CA), System for controlling the distribution and use of digital works having a fee reporting mechanism.
Valenzuela, Edgardo; Chen, Eddie J.; DeMartini, Thomas; Fung, Joseph Zhung Yee; Nguyen, Mai; Tieu, Vincent Hsiang; Tran, Duc, Systems and methods for creating, manipulating and processing rights and contract expressions using tokenized templates.
Shear Victor H. ; Van Wie David M. ; Weber Robert P., Systems and methods for matching, selecting, narrowcasting, and/or classifying based on rights management and/or other information.
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter, Karl L.; Shear, Victor H.; Spahn, Francis J.; Van Wie, David M., Systems and methods for secure transaction management and electronic rights protection.
Karl L. Ginter ; Victor H. Shear ; Francis J. Spahn ; David M. Van Wie, Systems and methods for secure transaction management and electronic rights protection.
Karl L. Ginter ; Victor H. Shear ; Francis J. Spahn ; David M. Van Wie, Systems and methods for secure transaction management and electronic rights protection.
Karl L. Ginter ; Victor H. Shear ; Francis J. Spahn ; David M. Van Wie, Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for the secure transaction management and electronic rights protection.
Jin, Hongxia; Leake, Jr., Donald E.; Lotspiech, Jeffrey B.; Nin, Sigfredo I.; Plouffe, Wilfred E., Tamper-resistant trusted java virtual machine and method of using the same.
King, Julie H.; Kirkman, Susan D.; Labrecque, Daniel J.; Overby, Jr., Linwood H.; Pogue, Steven Wayne, Technique for handling subsequent user identification and password requests with identity change within a certificate-based host session.
Hall Edwin J. ; Shear Victor H. ; Tomasello Luke S. ; Van Wie David M. ; Weber Robert P. ; Worsencroft Kim ; Xu Xuejun, Techniques for defining using and manipulating rights management data structures.
Hall Edwin J. ; Shear Victor H. ; Tomasello Luke S. ; Van Wie David M. ; Weber Robert P. ; Worsencroft Kim ; Xu Xuejun, Techniques for defining, using and manipulating rights management data structures.
Mourad,Magda M.; Munson,Jonathan P.; Nadeem,Tamer; Pacifici,Giovanni; Pistoia,Marco; Youssef,Alaa S., Transparent digital rights management for extendible content viewers.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M. ; Weber Robert P., Trusted and secure techniques, systems and methods for item delivery and execution.
Ginter, Karl L.; Shear, Victor H.; Spahn, Francis J.; Van Wie, David M.; Weber, Robert P., Trusted infrastructure support system, methods and techniques for secure electronic commerce transaction and rights management.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.