US2021092060A1PendingUtilityA1

Decentralized content fabric

Assignee: ELUVIO INCPriority: Oct 16, 2018Filed: Sep 8, 2020Published: Mar 25, 2021
Est. expiryOct 16, 2038(~12.3 yrs left)· nominal 20-yr term from priority
H04L 45/484H04L 45/48H04L 45/64H04L 65/80H04L 67/568H04L 65/765H04L 65/612H04L 9/50G06F 9/45516H04L 2209/56H04L 9/3213H04L 45/7453H04L 67/108H04L 69/329H04L 9/14G06Q 20/3674H04L 9/3234G06Q 20/1235H04L 67/1076H04L 9/0637H04L 63/0478G06F 9/4552H04L 45/14H04L 67/1091H04L 49/1553G06Q 50/265G06Q 10/10H04L 9/0861H04L 69/325H04L 67/104H04L 49/25H04L 9/3247H04L 45/70G06N 20/00G06Q 20/3829H04L 9/083H04L 65/60H04L 45/04H04L 9/3239H04L 45/08H04L 9/0643G06F 21/602G06Q 20/3825H04L 41/20H04L 67/1065H04L 63/0428G06Q 20/401H04L 49/602G06Q 2220/10H04L 67/2842H04L 67/42H04L 2209/38H04L 67/60H04L 67/10H04L 69/321
72
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

Disclosed are examples of systems, apparatus, devices, computer program products, and methods implementing aspects of a decentralized content fabric. In some implementations, one or more processors are configured to execute a software stack to define a fabric node of a plurality of fabric nodes of an overlay network situated in an application layer differentiated from an internet protocol layer. The defined fabric node is configured to: obtain a request for digital content from a client device; obtain, from one or more of the plurality of fabric nodes, a plurality of content object parts of a content object representing, in the overlay network, at least a portion of the digital content; generate consumable media using: raw data stored in the content object parts, metadata stored in the content object parts, and build instructions stored in the content object parts; and provide the consumable media to the client device. In some instances, the consumable media is further generated using a digital contract stored in a blockchain.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . A decentralized system for secure access of digital content in an overlay network, the system comprising:
 a memory device; and   one or more processors in communication with the memory device, the one or more processors configured to:
 obtain, from a client, a first request to access encrypted digital content, the first request comprising a call on a digital contract, the call passing an ephemeral key set encrypted with a public key of a consumer associated with the client, 
 record, in the digital contract, a transaction identifying the first request in association with the encrypted ephemeral key set, the transaction being identified by a transaction identifier (ID), 
 send, to the client, the transaction ID, 
 obtain, from the client, a second request comprising: an authorization token comprising the transaction ID and a signature of the consumer, 
 verify, based on the authorization token, authorization of the consumer, 
 record, in the digital contract, a transaction identifying one or more KMS keys, 
 re-encrypt the digital content from a first key space to a second key space, and 
 send, to the client, the re-encrypted digital content. 
   
     
     
         2 . The system of  claim 1 , the one or more processors further configured to:
 request one or more keys from a key management service (KMS), the requesting of the one or more keys comprising passing the authorization token to the KMS, and   obtain, from the KMS, one or more KMS keys.   
     
     
         3 . The system of  claim 2 , wherein the requesting of the one or more keys from the KMS further comprises passing a signature to the KMS. 
     
     
         4 . The system of  claim 1 , the one or more KMS keys comprising:
 a proxy re-encryption key generated using a public/private key pair, and   an encrypted version of a content key of the ephemeral key set, the encrypted version of the content key encrypted with a public key of the consumer.   
     
     
         5 . The system of  claim 4 , wherein:
 re-encrypting the digital content from the first key space to the second key space comprises using the proxy re-encrypted key,   the first key space is an original key space, and   the second key space is an ephemeral key space.   
     
     
         6 . The system of  claim 1 , wherein the transaction identifying the one or more KMS keys is recorded in the digital contract responsive to a call from the KMS. 
     
     
         7 . The system of  claim 1 , wherein the re-encrypted digital content is configured to be decrypted by the client by:
 extracting a content decryption key from a key resource using a private key of the consumer,   decrypting the re-encrypted digital content using an ephemeral secret key to produce a result, and   decrypting the result using the content decryption key.   
     
     
         8 . A non-transitory computer-readable medium storing program code to be executed by one or more processors, the program code comprising instructions configured to cause:
 obtaining, from a client, a first request to access encrypted digital content, the first request comprising a call on a digital contract, the call passing an ephemeral key set encrypted with a public key of a consumer associated with the client;   recording, in the digital contract, a transaction identifying the first request in association with the encrypted ephemeral key set, the transaction being identified by a transaction identifier (ID);   sending, to the client, the transaction ID;   obtaining, from the client, a second request comprising: an authorization token comprising the transaction ID and a signature of the consumer;   verifying, based on the authorization token, authorization of the consumer;   recording, in the digital contract, a transaction identifying one or more KMS keys;   re-encrypting the digital content from a first key space to a second key space; and   sending, to the client, the re-encrypted digital content.   
     
     
         9 . The non-transitory computer-readable medium of  claim 8 , the instructions further configured to cause:
 requesting one or more keys from a key management service (KMS), the requesting of the one or more keys comprising passing the authorization token to the KMS; and   obtaining, from the KMS, one or more KMS keys.   
     
     
         10 . The non-transitory computer-readable medium of  claim 9 , wherein the requesting of the one or more keys from the KMS further comprises passing a signature to the KMS. 
     
     
         11 . The non-transitory computer-readable medium of  claim 8 , the one or more KMS keys comprising:
 a proxy re-encryption key generated using a public/private key pair, and   an encrypted version of a content key of the ephemeral key set, the encrypted version of the content key encrypted with a public key of the consumer.   
     
     
         12 . The non-transitory computer-readable medium of  claim 11 , wherein:
 re-encrypting the digital content from the first key space to the second key space comprises using the proxy re-encrypted key,   the first key space is an original key space, and   the second key space is an ephemeral key space.   
     
     
         13 . The non-transitory computer-readable medium of  claim 8 , wherein the transaction identifying the one or more KMS keys is recorded in the digital contract responsive to a call from the KMS. 
     
     
         14 . The non-transitory computer-readable medium of  claim 8 , wherein the re-encrypted digital content is configured to be decrypted by the client by:
 extracting a content decryption key from a key resource using a private key of the consumer,   decrypting the re-encrypted digital content using an ephemeral secret key to produce a result, and   decrypting the result using the content decryption key.   
     
     
         15 . A method comprising:
 obtaining, from a client, a first request to access encrypted digital content, the first request comprising a call on a digital contract, the call passing an ephemeral key set encrypted with a public key of a consumer associated with the client;   recording, in the digital contract, a transaction identifying the first request in association with the encrypted ephemeral key set, the transaction being identified by a transaction identifier (ID);   sending, to the client, the transaction ID;   obtaining, from the client, a second request comprising: an authorization token comprising the transaction ID and a signature of the consumer;   verifying, based on the authorization token, authorization of the consumer;   recording, in the digital contract, a transaction identifying one or more KMS keys;   re-encrypting the digital content from a first key space to a second key space; and   sending, to the client, the re-encrypted digital content.   
     
     
         16 . The method of  claim 15 , the method further comprising:
 requesting one or more keys from a key management service (KMS), the requesting of the one or more keys comprising passing the authorization token to the KMS; and   obtaining, from the KMS, one or more KMS keys.   
     
     
         17 . The method of  claim 16 , wherein the requesting of the one or more keys from the KMS further comprises passing a signature to the KMS. 
     
     
         18 . The method of  claim 15 , the one or more KMS keys comprising:
 a proxy re-encryption key generated using a public/private key pair, and   an encrypted version of a content key of the ephemeral key set, the encrypted version of the content key encrypted with a public key of the consumer.   
     
     
         19 . The method of  claim 18 , wherein:
 re-encrypting the digital content from the first key space to the second key space comprises using the proxy re-encrypted key,   the first key space is an original key space, and   the second key space is an ephemeral key space.   
     
     
         20 . The method of  claim 15 , wherein the transaction identifying the one or more KMS keys is recorded in the digital contract responsive to a call from the KMS. 
     
     
         21 . The method of  claim 15 , wherein the re-encrypted digital content is configured to be decrypted by the client by:
 extracting a content decryption key from a key resource using a private key of the consumer,   decrypting the re-encrypted digital content using an ephemeral secret key to produce a result, and   decrypting the result using the content decryption key.

Join the waitlist — get patent alerts

Track US2021092060A1 — get alerts on status changes and closely related new filings.

We store only your email — no account needed. See our privacy policy.