Decentralized content fabric
Abstract
Disclosed are examples of systems, apparatus, devices, computer program products, and methods implementing aspects of a decentralized content fabric. In some implementations, one or more processors are configured to execute a software stack to define a fabric node of a plurality of fabric nodes of an overlay network situated in an application layer differentiated from an internet protocol layer. The defined fabric node is configured to: obtain a request for digital content from a client device; obtain, from one or more of the plurality of fabric nodes, a plurality of content object parts of a content object representing, in the overlay network, at least a portion of the digital content; generate consumable media using: raw data stored in the content object parts, metadata stored in the content object parts, and build instructions stored in the content object parts; and provide the consumable media to the client device. In some instances, the consumable media is further generated using a digital contract stored in a blockchain.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . A decentralized system for secure access of digital content in an overlay network, the system comprising:
a memory device; and one or more processors in communication with the memory device, the one or more processors configured to:
obtain, from a client, a first request to access encrypted digital content, the first request comprising a call on a digital contract, the call passing an ephemeral key set encrypted with a public key of a consumer associated with the client,
record, in the digital contract, a transaction identifying the first request in association with the encrypted ephemeral key set, the transaction being identified by a transaction identifier (ID),
send, to the client, the transaction ID,
obtain, from the client, a second request comprising: an authorization token comprising the transaction ID and a signature of the consumer,
verify, based on the authorization token, authorization of the consumer,
record, in the digital contract, a transaction identifying one or more KMS keys,
re-encrypt the digital content from a first key space to a second key space, and
send, to the client, the re-encrypted digital content.
2 . The system of claim 1 , the one or more processors further configured to:
request one or more keys from a key management service (KMS), the requesting of the one or more keys comprising passing the authorization token to the KMS, and obtain, from the KMS, one or more KMS keys.
3 . The system of claim 2 , wherein the requesting of the one or more keys from the KMS further comprises passing a signature to the KMS.
4 . The system of claim 1 , the one or more KMS keys comprising:
a proxy re-encryption key generated using a public/private key pair, and an encrypted version of a content key of the ephemeral key set, the encrypted version of the content key encrypted with a public key of the consumer.
5 . The system of claim 4 , wherein:
re-encrypting the digital content from the first key space to the second key space comprises using the proxy re-encrypted key, the first key space is an original key space, and the second key space is an ephemeral key space.
6 . The system of claim 1 , wherein the transaction identifying the one or more KMS keys is recorded in the digital contract responsive to a call from the KMS.
7 . The system of claim 1 , wherein the re-encrypted digital content is configured to be decrypted by the client by:
extracting a content decryption key from a key resource using a private key of the consumer, decrypting the re-encrypted digital content using an ephemeral secret key to produce a result, and decrypting the result using the content decryption key.
8 . A non-transitory computer-readable medium storing program code to be executed by one or more processors, the program code comprising instructions configured to cause:
obtaining, from a client, a first request to access encrypted digital content, the first request comprising a call on a digital contract, the call passing an ephemeral key set encrypted with a public key of a consumer associated with the client; recording, in the digital contract, a transaction identifying the first request in association with the encrypted ephemeral key set, the transaction being identified by a transaction identifier (ID); sending, to the client, the transaction ID; obtaining, from the client, a second request comprising: an authorization token comprising the transaction ID and a signature of the consumer; verifying, based on the authorization token, authorization of the consumer; recording, in the digital contract, a transaction identifying one or more KMS keys; re-encrypting the digital content from a first key space to a second key space; and sending, to the client, the re-encrypted digital content.
9 . The non-transitory computer-readable medium of claim 8 , the instructions further configured to cause:
requesting one or more keys from a key management service (KMS), the requesting of the one or more keys comprising passing the authorization token to the KMS; and obtaining, from the KMS, one or more KMS keys.
10 . The non-transitory computer-readable medium of claim 9 , wherein the requesting of the one or more keys from the KMS further comprises passing a signature to the KMS.
11 . The non-transitory computer-readable medium of claim 8 , the one or more KMS keys comprising:
a proxy re-encryption key generated using a public/private key pair, and an encrypted version of a content key of the ephemeral key set, the encrypted version of the content key encrypted with a public key of the consumer.
12 . The non-transitory computer-readable medium of claim 11 , wherein:
re-encrypting the digital content from the first key space to the second key space comprises using the proxy re-encrypted key, the first key space is an original key space, and the second key space is an ephemeral key space.
13 . The non-transitory computer-readable medium of claim 8 , wherein the transaction identifying the one or more KMS keys is recorded in the digital contract responsive to a call from the KMS.
14 . The non-transitory computer-readable medium of claim 8 , wherein the re-encrypted digital content is configured to be decrypted by the client by:
extracting a content decryption key from a key resource using a private key of the consumer, decrypting the re-encrypted digital content using an ephemeral secret key to produce a result, and decrypting the result using the content decryption key.
15 . A method comprising:
obtaining, from a client, a first request to access encrypted digital content, the first request comprising a call on a digital contract, the call passing an ephemeral key set encrypted with a public key of a consumer associated with the client; recording, in the digital contract, a transaction identifying the first request in association with the encrypted ephemeral key set, the transaction being identified by a transaction identifier (ID); sending, to the client, the transaction ID; obtaining, from the client, a second request comprising: an authorization token comprising the transaction ID and a signature of the consumer; verifying, based on the authorization token, authorization of the consumer; recording, in the digital contract, a transaction identifying one or more KMS keys; re-encrypting the digital content from a first key space to a second key space; and sending, to the client, the re-encrypted digital content.
16 . The method of claim 15 , the method further comprising:
requesting one or more keys from a key management service (KMS), the requesting of the one or more keys comprising passing the authorization token to the KMS; and obtaining, from the KMS, one or more KMS keys.
17 . The method of claim 16 , wherein the requesting of the one or more keys from the KMS further comprises passing a signature to the KMS.
18 . The method of claim 15 , the one or more KMS keys comprising:
a proxy re-encryption key generated using a public/private key pair, and an encrypted version of a content key of the ephemeral key set, the encrypted version of the content key encrypted with a public key of the consumer.
19 . The method of claim 18 , wherein:
re-encrypting the digital content from the first key space to the second key space comprises using the proxy re-encrypted key, the first key space is an original key space, and the second key space is an ephemeral key space.
20 . The method of claim 15 , wherein the transaction identifying the one or more KMS keys is recorded in the digital contract responsive to a call from the KMS.
21 . The method of claim 15 , wherein the re-encrypted digital content is configured to be decrypted by the client by:
extracting a content decryption key from a key resource using a private key of the consumer, decrypting the re-encrypted digital content using an ephemeral secret key to produce a result, and decrypting the result using the content decryption key.Join the waitlist — get patent alerts
Track US2021092060A1 — get alerts on status changes and closely related new filings.
We store only your email — no account needed. See our privacy policy.