US20030220880A1 - Networked services licensing system and method - Google Patents

Networked services licensing system and method Download PDF

Info

Publication number
US20030220880A1
US20030220880A1 US10/374,729 US37472903A US2003220880A1 US 20030220880 A1 US20030220880 A1 US 20030220880A1 US 37472903 A US37472903 A US 37472903A US 2003220880 A1 US2003220880 A1 US 2003220880A1
Authority
US
United States
Prior art keywords
license
service
rights expression
expression information
distributed network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US10/374,729
Inventor
Guillermo Lao
Manuel Ham
Eddie Chen
Thomas DeMartini
Charles Gilliam
Michael Raley
Bijan Tadayon
Xin Wang
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Contentguard Holdings Inc
Original Assignee
Contentguard Holdings Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US10/046,695 external-priority patent/US7085741B2/en
Priority claimed from US10/159,272 external-priority patent/US7028009B2/en
Application filed by Contentguard Holdings Inc filed Critical Contentguard Holdings Inc
Priority to US10/374,729 priority Critical patent/US20030220880A1/en
Assigned to CONTENTGUARD HOLDINGS, INC. reassignment CONTENTGUARD HOLDINGS, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: RALEY, MICHAEL, CHEN, EDDIE J., DEMARTINI, THOMAS, HAM, MANUEL, LAO, GUILLERMO, WANG, XIN, TADAYON, BIJAN, GILLIAM, CHARLES P.
Publication of US20030220880A1 publication Critical patent/US20030220880A1/en
Priority to US10/856,865 priority patent/US7386513B2/en
Priority to US14/531,958 priority patent/US10540484B2/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/101Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measures for digital rights management

Definitions

  • CIP Continuation-In-Part
  • This invention generally relates to networked communications systems, and more particularly to a system and method for licensing of networked services, such as Web services, and the like.
  • an improved method for controlling consumption of a distributed network service in accordance with rights expression information associated with the distributed network service and specifying a manner of use of the distributed network service includes determining the rights expression information associated with the distributed network service, the rights expression information indicating a manner of use of the distributed network service; and controlling consumption of the distributed network service based on the rights expression information.
  • an improved computer system for controlling consumption of a distributed network service in accordance with rights expression information associated with the distributed network service and specifying a manner of use of the distributed network service.
  • the computer system includes a distributed network services provider configured to provide the distributed network service; a client of the provider configured to consume the distributed network service; a license issuing server configured to determine the rights expression information associated with the distributed network service, the rights expression information indicating a manner of use of the distributed network service; and a license issuing server configured to control consumption of the distributed network service based on the rights expression information.
  • an improved computer-readable medium carrying one or more sequences of one or more instructions for controlling consumption of a distributed network service in accordance with rights expression information associated with the distributed network service and specifying a manner of use of the distributed network service.
  • the one or more sequences of one or more instructions including instructions which, when executed by one or more processors, cause the one or more processors to perform the steps of determining the rights expression information associated with the distributed network service, the rights expression information indicating a manner of use of the distributed network service; and controlling consumption of the distributed network service based on the rights expression information.
  • an improved system for controlling consumption of a distributed network service in accordance with rights expression information associated with the distributed network service and specifying a manner of use of the distributed network service including means for determining the rights expression information associated with the distributed network service, the rights expression information indicating a manner of use of the distributed network service; and means for controlling consumption of the distributed network service based on the rights expression information.
  • FIG. 1 is a schematic illustration of an exemplary Networked Services Licensing System, according to an exemplary embodiment
  • FIG. 2 is a schematic illustration of exemplary interactions between a Web Services Provider, and a Web Services Client of the Networked Services Licensing System of FIG. 1, according to an exemplary embodiment
  • FIG. 3 is a schematic illustration of exemplary interactions between one or more Business Networks, and a License Issuing and/or Generation Service of the Networked Services Licensing System of FIG. 1, according to an exemplary embodiment
  • FIG. 4 is a schematic illustration of exemplary interactions between a Web Service Provider, and a License Interpretation Service of the Networked Services Licensing System, according to an exemplary embodiment
  • FIG. 5 is a schematic illustration of exemplary interactions between a Web Service Provider, a License Interpretation Service, and a State Tracking Service of the Networked Services Licensing System, according to an exemplary embodiment
  • FIG. 6 illustrates an exemplary workflow for when a Web Services Client knows, in advance, that a license is to be included in a message for service initiation in the Networked Services Licensing System of FIG. 1, according to an exemplary embodiment
  • FIG. 7 illustrates an exemplary workflow for when a Web Services Client knows, via a service description language file, that a license is to be included in a message for a service initiation in the Networked Services Licensing System of FIG. 1, according to an exemplary embodiment
  • FIG. 8 illustrates an exemplary workflow for when a Web Services Client knows, via a service description language file, that a license is to be is to be obtained from a License Generation Service of the Networked Services Licensing System of FIG. 1, according to an exemplary embodiment
  • FIG. 9 illustrates an exemplary workflow for when a Web Services Client does not know that a license is to be employed for gaining access to a service in the Networked Services Licensing System of FIG. 1, according to an exemplary embodiment
  • FIG. 10 illustrates an exemplary workflow for when a Web Services Client attempts to gain access to a service without a license, is informed that the license is to be employed, and obtains the license for gaining access to a service in the Networked Services Licensing System of FIG. 1, according to an exemplary embodiment
  • FIG. 11 illustrates an exemplary workflow for when an Enterprise out-sources license generation for gaining access to a service in the Networked Services Licensing System of FIG. 1, according to an exemplary embodiment
  • FIG. 12 illustrates an exemplary workflow for when a plurality of Enterprises out-source license generation for gaining access to a service in the Networked Services Licensing System of FIG. 1, according to an exemplary embodiment
  • FIG. 13 illustrates an exemplary method for license generation, based on license templates, that can be used in the Networked Services Licensing System of FIG. 1, according to an exemplary embodiment
  • FIG. 14 illustrates an exemplary method for license generation, based on an authorizing license, that can be used in the Networked Services Licensing System of FIG. 1, according to an exemplary embodiment
  • FIG. 15 illustrates an exemplary method for license generation, based on an exemplary a license prototype, that can be used in the Networked Services Licensing System of FIG. 1, according to an exemplary embodiment
  • FIG. 16 illustrates an exemplary method for license generation, from scratch, that can be used in the Networked Services Licensing System of FIG. 1, according to an exemplary embodiment
  • FIG. 17 illustrates an exemplary workflow for license validation that can be used in the Networked Services Licensing System of FIG. 1, according to an exemplary embodiment
  • FIG. 18 illustrates exemplary workflows for license interpretation and state tracking that can be used in the Networked Services Licensing System of FIG. 1, according to an exemplary embodiments;
  • FIG. 19 illustrates an exemplary workflow for specifying a license that can be used in the Networked Services Licensing System of FIG. 1, according to an exemplary embodiment
  • FIG. 20 illustrates an exemplary workflow for interpreting a license that can be used in the Networked Services Licensing System of FIG. 1, according to an exemplary embodiment
  • FIG. 21 illustrates an exemplary workflow for controlling consumption of a service that can be used in the Networked Services Licensing System of FIG. 1, according to an exemplary embodiment
  • FIG. 22 illustrates an exemplary workflow for issuing licenses by a third party that can be used in the Networked Services Licensing System of FIG. 1, according to an exemplary embodiment
  • FIG. 23 illustrates an exemplary workflow for syndication of a service that can be used in the Networked Services Licensing System of FIG. 1, according to an exemplary embodiment.
  • DRM Digital Rights Management
  • the exemplary embodiments described herein advantageously, leverage DRM system components to address issues related to the licensing of networked services, such as Web services. Accordingly, the exemplary embodiments can employ authentication, authorization, accounting, payment and financial clearing, rights specification, rights verification, rights enforcement, document protection components, and the like, of a Digital Rights Management system, for example, as further described in commonly assigned U.S. Pat. No. 5,530,235, U.S. Pat. No. 5,629,980, U.S. Pat. No.
  • a rights expression for example, in the form of a license used to define usage rights for specifying a permitted manner of use, such as consumption, and the like, of a service, advantageously, switches the control, the responsibility for control, and the like, from the computing environment to the rightful owner of the service.
  • usage rights can be associated with one or more conditions, such as payment, and the like, that can be a prerequisite for exercising the specified manner of use of the service.
  • a rights expression language such as eXtensible Rights Markup Language (XrML), and the like, for example, including predefined syntax and semantics, can be employed to express the usage rights.
  • Consume, consuming, consumption, and the like, of the service can include access to or use of the service, access to or use of parts or devices of the service, access to or use of results of the service, receiving or rendering content of the service, executing software of the service, and the like.
  • access control typically is about deploying “my” services “out-there,” while at the same time issuing rights to users of such services to control access to the services.
  • other methods and systems for access control primarily are focused on protecting “my” services against use by others.
  • DRM is employed in a networked services environment, such as a Web services environment, for example, by leveraging components of the DRM system, such as license generation, license interpretation, and the like.
  • the exemplary embodiments provide a system and method for authorization for networked services, for example, through a license expressed in a rights language.
  • the exemplary embodiments are directed how a license can be generated, used, processed, and the like, by the various entities of the networked services ecosystem to reach an authorization decision that allows access by a client, devices, services, and the like, to the networked services.
  • a requester of for a service presents a license in order to get access to the service.
  • the exemplary embodiments advantageously, enable more flexible business models.
  • a service can be deployed “anywhere,” and the control to access the service can be centralized and determined by the owner of the service. The points of deployment typically do not have to worry about establishing local security policies, as this becomes unnecessary.
  • the model of “distributed access management” of the exemplary embodiments advantageously, can be applied in the syndication of networked services, such as Web services, for example, including multiple layers of participants.
  • FIG. 1 there is illustrated an exemplary Networked Services Licensing System 100 that can be used in connection with the described exemplary embodiments for licensing of networked services, such as Web services, and the like.
  • FIG. 1 there is illustrated an exemplary Networked Services Licensing System 100 that can be used in connection with the described exemplary embodiments for licensing of networked services, such as Web services, and the like.
  • the Networked Services Licensing System 100 includes a Web Services Provider 101 , a Web Services Client 103 , a License Generation and Issuing Service 105 and that can interface with one or more Business Networks 107 , a License Generation, Validation and/or Interpretation Service 109 for relaying a license 127 , a State Tracking Service 111 for relaying state information 115 , and a Trust Authority Service 113 for relaying keys and/or certificates 117 .
  • the services 105 - 111 advantageously, can be configured as a middle-tier or layer that can be plugged-in between the Trust Authority Service 113 , and the Web Services Provider 101 and the Web Services Client 103 .
  • existing Web services systems can be modified to practice the exemplary embodiments based on such middle layer configuration.
  • a rights language such as eXtensible Rights Markup Language (XrML), eXtensible Access Control Markup Language (XACML), Open Digital Rights Language (ODRL), and the like, can be used to specify a rights expression, rights expression information, and the like, for example, in the form of the license 127 .
  • the license 127 can be specified in any suitable manner.
  • the license 127 can be based on a pre-defined specification, template, prototype, and the like, that can be associated with the Web service, according to further exemplary embodiments.
  • the process of specifying the license 127 can include any suitable process for associating rights, conditions, and the like, with access to services, such as Web services.
  • An exemplary workflow for the Networked Services Licensing System 100 can include a user operating within the Web Services Client 103 environment being issued the license 127 by the License Issuing Service 105 for accessing a service of the Web Services Provider 101 .
  • the user can make a request 121 for the service 119 from the Web Services Provider 101 along with the issued license 127 .
  • the license 127 can specify any suitable usage rights associated with the service 119 .
  • the interpretation and enforcement of the usage rights are further described in commonly assigned U.S. Pat. No. 5,530,235, U.S. Pat. No. 5,629,980, U.S. Pat. No. 5,634,012, U.S. Pat. No. 5,638,443, U.S. Pat. No. 5,715,403, U.S. Pat. No. 6,233,684, and U.S. Pat. No. 6,236,971, for example.
  • the steps above can take place sequentially or approximately simultaneously or in various orders.
  • FIG. 1 illustrates exemplary participants in a generalized Web service model, where the access to services and/or content is specified by a license expressed in a rights language, such as XrML, and the like.
  • a rights language such as XrML, and the like.
  • the context can include information, an identification, and the like, of the client that is authorized to exercise the rights, the associated resources and conditions that have to be met in order to exercise the rights.
  • the top and bottom layers of FIG. 1 can be used to contrast a typical model for providing Web services, wherein the Web Services Provider 101 controls access through simple processes, such as user-name and password, and local policy evaluation.
  • the middle layer is involved in defining processes and/or determining authorization for access the service 119 provided by the Web Services Provider 101 .
  • This middle layer can be referred to as a “rights layer.”
  • tasks related to determining authorization to the service 119 , authentication, accounting, and the like can be managed, outsourced, handled, and the like, by the specialized services provided by the middle layer.
  • the Web Services Provider 101 can enjoy the luxury of focusing solely on the business logic of the service 119 , while outsourcing other activities, such as the processing of payments, the maintaining of customer databases, and the like, that typically would be employed in a more monolithic e-commerce model.
  • the Web Services Provider 101 processes the rights expression in the form of the license 127 that is presented by the Web Services Client 103 in order to determine what services to provide and how to provide such services.
  • the license interpretation, the state information tracking for example, such as how many times the service 119 has been rendered, which can be the accounting part, and the like, can be outsourced to third party providers.
  • the exemplary embodiments thus, provide the authorizing of the access to the service 119 , for example, via the generation of the license 127 .
  • other Web services systems and methods typically control access by remembering a client's identity and by requesting a credential, such as user-name and password.
  • credentials are augmented in the form of the license 127 .
  • the issuing of the license 127 can be accomplished by the rights layer, but can include processes performed by the Web Services Provider 101 .
  • the rights layer can include the Business Network(s) 107 , such as a partner that bought the service 119 and is now allowing its customer base access to the service 119 .
  • anyone with a business arrangement with the Web Services Provider 101 can be capable of issuing the license 127 , according to further exemplary embodiments.
  • the interaction of the Web Service Client 103 with the Web Services Provider 101 can involve various mechanisms and transactions, such as a request for service, a financial transaction, a rendering of the service 119 , and the like.
  • a request for service a financial transaction
  • a rendering of the service 119 a rendering of the service 119
  • the access to the service 119 also can include various transactions, such as access, rendering, execution of code, send-back of data, collecting payment, and the like.
  • the access to the service 119 can include any suitable interactions and/or results between the Web Service Client 103 and the Web Services Provider 101 .
  • the Networked Services Licensing System 100 is of an exemplary nature and can be implemented in numerous other arrangements.
  • a clearinghouse (not shown) can be used to process payment transactions and verify payment prior to the Issuing Service 105 issuing the license 127 .
  • the various processes and transactions can be performed, for example, via online and/or offline environments and/or combinations thereof, according to further exemplary embodiments.
  • the various devices and/or components of the Networked Services Licensing System 100 can, but need not, communicate directly with one another and information can be exchanged in any suitable manner, such as by physically moving media between the devices the various devices and/or components of the Networked Services Licensing System 100 .
  • the devices and subsystems of the Networked Services Licensing System 100 of FIG. 1 can communicate, for example, over one or more communications networks (not shown), and can include, for example, any suitable servers, workstations, personal computers (PCs), laptop computers, PDAs, Internet appliances, set top boxes, modems, handheld devices, telephones, cellular telephones, wireless devices, other devices, and the like, capable of performing the processes of the exemplary embodiments.
  • the devices and subsystems can communicate with each other using any suitable protocol and can be implemented using a general-purpose computer system, for example.
  • One or more interface mechanisms can be used in the Networked Services Licensing System 100 , for example, including Internet access, telecommunications in any suitable form, such as voice, modem, and the like, wireless communications media, and the like.
  • communications network(s) can include, for example, wireless communications networks, cellular communications networks, satellite communications networks, Public Switched Telephone Networks (PSTNs), Packet Data Networks (PDNs), the Internet, intranets, and the like.
  • PSTNs Public Switched Telephone Networks
  • PDNs Packet Data Networks
  • the Internet intranets, and the like.
  • such communications network(s) can be the same or different networks.
  • the Networked Services Licensing System 100 of FIG. 1 is for exemplary purposes, as many variations of the specific hardware used to implement the exemplary embodiments are possible.
  • the functionality of the devices and the subsystems of the Networked Services Licensing System 100 can be implemented via one or more programmed computer systems or devices.
  • a single computer system can be programmed to perform the special purpose functions of one or more of the devices and subsystems of the Networked Services Licensing System 100 .
  • two or more programmed computer systems or devices can be substituted for any one of the devices and subsystems of the Networked Services Licensing System 100 .
  • principles and advantages of distributed processing such as redundancy, replication, and the like, also can be implemented, as desired, to increase the robustness and performance of the Networked Services Licensing System 100 , for example.
  • the components of the Networked Services Licensing System 100 for example, including the license 127 , the Web Services Provider 101 , the Web Services Client 103 , the License Generation and/or Issuing Service 105 , the License Validation and/or Interpretation Service 109 , the State Tracking Service 111 , and the Trust Authority Service 113 , according to various embodiments, will now be further described.
  • the license 127 can be based on rights language-based functions, such as XrML functions, and the like, in the exemplary embodiments.
  • the Web Services Client 103 can present the license 127 to the Web Services Provider 101 , when the Web Services Client 103 requests the service 119 .
  • the license 127 can convey the rights and conditions governing the rendering of services, such the service 119 , the manner of use of the services, and the like.
  • the license 127 for example, can convey the context in which transactions between the Services Client 103 and the Web Services Provider 101 can take place, and the like.
  • the license 127 can convey information, for example, including the service 119 , parts of the service 119 , a principal to whom the license 127 has been granted, the rights that are granted, the conditions under which the service 119 can be accessed, obligations that the Web Services Provider 101 and/or the Web Services Client 103 may have to perform while allowing access to a protected resource of the service 119 , trust domains, for example, including the issuer of the license 127 and/or the authority under which the license 127 has been issued, information to leverage or utilize security mechanisms, such as signatures and/or encryption mechanisms, any other suitable information, which can be mandatory and/or optionally employed by the Networked Services Licensing System 100 , and the like.
  • security mechanisms such as signatures and/or encryption mechanisms, any other suitable information, which can be mandatory and/or optionally employed by the Networked Services Licensing System 100 , and the like.
  • An exemplary license 127 for example, written in XrML, is shown below that conveys, for example, a right to access the service 119 offered by the Web Services Provider 101 , “www.foo.com/quoteService,” and that has been granted to a holder of a specific cryptographic key, such as the principal, and the like, by the issuer, represented by another key value.
  • ⁇ license> ⁇ grant> ⁇ keyholder> . . .
  • the identification of the service 119 can be encoded in the license 127 . Such encoding can be used to indicate that the license 127 refers to the service 119 in question. Additionally, any suitable granular identification of the service 119 in question can be specified. For example, the license 127 can describe that the license 127 pertains to a portion of the service 119 , a certain Application Programming Interfaces (APIs) exposed by the service 119 , and the like. Alternatively, the license 127 also can identify the service 119 including a set of services. For example, the service 119 can be described as “any service that originates from www.foo.com.” Further, the service 119 identified can include any suitable combination of the models described above.
  • APIs Application Programming Interfaces
  • the principal specified in the license 127 can be used to verify the identity of the requester of the service 119 , for example, a user of the service 119 , such as the Web Services Client 103 .
  • the principal thus, can be used to authenticate the requester of the service 119 .
  • the requester may have to present some form of credential at the time of the request 121 , and such credential can verified against the identity of, for example, the principal specified in the license 127 .
  • the credential presented can employ various mechanisms, such as digital certificates, including a key, a security token, and the like.
  • the principal also can be specified, identified, and the like, in various ways.
  • the principal can be a specific principal, such as the holder of a cryptographic key, and the like.
  • the principal also can specified as “anyone,” such as “anyone in the universe,” and the like.
  • the principal also can be specified as a member of a set of principals, such as “any client that is a member of company ABC,” and the like.
  • one or more credentials may be employed to fully resolve, match, and the like, the identity of the principal.
  • the process to match credentials can include, for example, any suitable technology, traditional, proprietary or new, that can be used to authenticate a principal specified in a license.
  • the rights specified in the license 127 can be the granted or allowed “operations,” that is, the manner of use, that the recipient of the grant, such as a principal, and the like, can exercise on the service 119 , such as a Web service, and the like.
  • Such operations can take various forms, such as “accessing the information on a Web service,” “executing the software residing in a Web service,” “retrieving some data that has been generated by a Web service,” and the like.
  • the license 127 can include one or more conditions associated with a right to access the service 119 .
  • the conditions that can be specified in the license 127 and that may have to be satisfied in order to exercise the manner of use.
  • the conditions can include temporal conditions, such as a validity period, quantity conditions, such as the number of times the service can be accessed, payment conditions, accounting conditions, such as having the transaction tracked and recorded, and the like.
  • conditions can include any suitable restrictions, parameters, obligations, states, and the like, that may have to be to be met before, during, after, in order to exercise the right.
  • the trust domain that can be specified in the license 127 can relate to the identity of the issuer of the license 127 .
  • the Web Services Provider 101 may have to determine if the Web Services Provider 101 can trust the information included in the license 127 .
  • the entity that issued the license 127 can be identified by the issuer of the license 127 .
  • the license 127 can employ, for example, security technologies in order to safeguard the information included in the license 127 .
  • security technologies for example, the Web Services Provider 101 can employ mechanisms to determine if the issuer of the license can be trusted, to determine if the license has not been tampered with, and the like.
  • digital signatures technologies, and the like can be employed to ensure the integrity of the license 127
  • encryption technologies, and the like can be used to keep certain information in the license 127 confidential.
  • FIG. 2 is a schematic illustration of exemplary interactions between the Web Services Provider 101 and the Web Services Client 103 of the Networked Services Licensing System 100 , according to an exemplary embodiment.
  • the license 127 can be conveyed, transmitted, and the like, by the Web Services Client 103 to the Web Services Provider 101 when making the request 121 for the service 119 .
  • the Web Services Provider 101 then can render the service 119 based on rights, conditions, and the like, specified in the license 127 .
  • the Web Services Client 103 and the Web Services Provider 101 can arrange before-hand that the license 127 is to be transmitted in a data stream including the service request 121 , based on a license protocol that includes the process of negotiating and/or submitting the license 127 , and the like.
  • the Web Services Provider 101 typically focuses on providing the service 119 .
  • authorization and/or commerce-related tasks can be managed elsewhere, as proposed in the exemplary embodiments, then tasks, such as the managing payments, the maintaining customers databases, and the like, can be eliminated.
  • this allows the Web Services Provider 101 to more efficiently focus on providing the service 119 .
  • the Web Services Provider 101 also can handle the service requests 121 .
  • Mechanisms to handle the service requests 121 can include, for example, proprietary mechanisms, standard mechanisms, such as Simple Object Access Protocol (SOAP), Web Service Description Language (WSDL), other messaging protocols, and the like. However, any suitable mechanisms that can handle and/or process a service request can be employed.
  • SOAP Simple Object Access Protocol
  • WSDL Web Service Description Language
  • any suitable mechanisms that can handle and/or process a service request can be employed.
  • the Web Services Provider 101 can employ a license protocol.
  • a license protocol can include, for example, any suitable open or proprietary licensing mechanisms, a prior agreement to embed the license 127 in the request 121 , a protocol that determines the need for the license 127 , sending the requester to a site to obtain the license 127 , and the like.
  • the Web Services Provider 101 consumes and/or accepts the license 127 that has been conveyed by the Web Services Client 103 for gaining access to the service 119 .
  • the Web Services Provider 101 can render the service 119 , for example, based on rights and/or conditions specified in the license 127 . If the license 127 is deemed invalid or untrustworthy, the Web Services Provider 101 , for example, may not provide and/or render the service 119 , and can generate an error message, for example, indicating that access to the service 119 is denied. Further, the Web Services Provider 101 may have to satisfy, as a condition of the license 127 , obligations that result from the rendering the service 119 , such as tracking of a state, and the like, and that can be specified in the license 127 .
  • the Web Services Client 103 typically is the consumer device of the service 119 , that is, the user device.
  • the Web Services Client 103 can determine how to access the service 119 , for example, via manual processes, through various technologies, such as Universal Description Discovery and Integration Standard (UDDI) registries, WSDL definitions, and the like.
  • the Web Services Client 103 can present, convey, transmit, and the like, the license 127 to the Web Services Provider 101 , for example, at the time of service request 121 or at a different time, in order to access the service 119 .
  • UDDI Universal Description Discovery and Integration Standard
  • the Web Services Client 103 can be aware that the license 127 can be employed in order to access the service 119 .
  • the Web Services Client 103 understands that access to the service 119 can entail the possession of the license 127 , knows where to obtain the license 127 , and the like.
  • Such processes can be accomplished by a license protocol, wherein the request 121 for service 119 is followed by a response indicating that certain credentials, for example, such as the license 127 , are employed for gaining access to the service 119 .
  • Such processing can be accomplished, for example, by manual processes, such as via agreements, for example, wherein the Web Services Provider 101 informs the Web Services Client 103 that a license is employed for accessing the service 119 , and the like.
  • Web Services Client 103 consumes the service 119 , for example, executes code, renders content, and the like, after the Web Services Provider 101 has accepted the license 127 .
  • the Web Services Provider 101 also can be a Web Services Client, such as when the Web Services Provider 101 is a client of another Web service, and the like.
  • the modes of operation of the exemplary embodiments are not so limited, but rather include other possible permutations of the exemplary.
  • the Web Services Client 103 might use a third party to present the license 127 and the presenter of the license 127 need not be the consumer of the service 119 .
  • the Web Services Client 103 can provide, for example, additional information indicating that the license 127 can be presented by a third party.
  • the exemplary embodiments can include a lifecycle for rights, referred to as the “rights lifecycle.”
  • the rights lifecycle can begin with the creation of the license 127 , which can be used to associate some rights and/or conditions with some resource, such as the service 119 .
  • the license 127 then can be issued to the Web Services Client 103 who would then use the license 127 to obtain the service 119 .
  • the license 127 is consumed by the Web Services Provider 101 , for example, during the rendering of the service 119 , completing the rights lifecycle.
  • the issuing of a licenses typically is controlled by a single and/or centralized entity.
  • entity typically is responsible for the computational tasks of issuing the license, which can include creating the license, validating the license, signing the license, and license recovery.
  • the authorization assertions are generated by a centralized entity, where security policies are defined and managed.
  • the generation of the license 127 can be logically separated from the issuing of the license 127 .
  • the license 127 generation includes the computational functions to create the license 127 , such as creating an XrML file, and the like, constructing the elements, storing the license in a database, and the like.
  • the license issuing can be the actual authorization of the rights that are granted in the license 127 , for example, including digitally signing the license 127 and/or attesting that the rights conveyed in the license 127 are authorized by the issuer, and the like.
  • the License Generation Service 105 can provide additional services, such as data backup, license version control, upgrades, license revocation, and the like.
  • additional services such as data backup, license version control, upgrades, license revocation, and the like.
  • such services can add further value, to the valued added by the process of generating the license 127 .
  • the tasks of generating and issuing the license 127 can be performed by a single application, and/or system.
  • the separation of authority between license 127 generation and the license 127 issuing advantageously, supports various exemplary business embodiments.
  • this approach allows a business entity the option to outsource the data intensive part of generating the license 127 , and to focus on the authority part of signing and issuing the license 127 .
  • This approach advantageously, enables a single service that can generate and issue licenses 127 on behalf of different business entities, as will now be discussed.
  • FIG. 3 is a schematic illustration of exemplary interactions between one or more of the Business Networks 107 and the License Issuing and/or Generation Service 105 of the Networked Services Licensing System 100 , according to an exemplary embodiment.
  • the authority to issue licenses 127 can be conveyed in the form of the license 305 to issue licenses 127 , referred to as a “distribution” license, and as shown in FIG. 3.
  • the distribution license 305 grants the right to issue one or more of the licenses 127 .
  • the distribution license 305 also can specify a manner of use that can be granted and conditions, such as the maximum number of licenses 127 that the License Generation Service 105 can issue, and the like.
  • the distribution license 305 also can be used to attest that the issuer of the license 127 has the authority to issue the licenses 127 , and can be referenced when the issuer's signature is not recognized, but the signature of the issuer of the distribution license 305 is recognized.
  • the presence of distribution licenses 305 establishes a trust model, wherein signatures in the licenses 127 can be checked, for example, during license 127 interpretation, up the chain of distribution until a signature, signatures, and the like, are recognized, trusted, and the like.
  • a trust model fits well in the exemplary embodiments, where an owner of a service can grant the right, in the form of a license, to issue licenses to business partners, for example, after some contract or business arrangements.
  • an exemplary workflow for license generation and issuing can include business partner 301 (Business Entity A), and business partner 303 (Business entity B).
  • the Business Entity A owns and operates a Web service
  • Business Entity B wishes to bundle the Web service as part of a product line of Business Entity B.
  • the Business Entity A issues the distribution license 305 to the Business Entity B granting the Business Entity B the right to issue the licenses 127 to the customers, for example, the Web Services Client 103 , of the Business Entity B, for example, to access the Web service provided by the Business Entity A.
  • the Business Entity B issues the licenses 127 to the customers, for example, by utilizing the License Issuing Service 105 to generate the license 127 .
  • the Web Services Client 103 accesses the Web service provided by the Business Entity A, the license 127 is presented and the Web service can check the authority of the license 127 by recognizing that the Business Entity B was granted the right to issue such licenses 127 .
  • the License Generation Service 105 can perform the computational process of generating an unsigned license 309 , the distribution license 305 , and/or the license 127 based on a request 307 , and including schema validation, and the like.
  • the License Generation Service 105 can provide a generalized interface to handle the service requests 307 , for example, requests for licenses 127 , 305 and/or 309 .
  • the License Generation Service 105 typically does not sign the license 127 , but, according to a further exemplary embodiment, the License Generation Service 105 can sign the licenses 127 on behalf of a license 127 issuer, such as the Business Entity B.
  • the License Generation Service 105 can provide, for example, data management functions, such as the back-up issued licenses, the re-issue of licenses, reporting functions, and the like.
  • FIG. 4 is a schematic illustration of exemplary interactions between the Web Service Provider 101 and the License Interpretation Service 109 of the Networked Services Licensing System 100 , according to an exemplary embodiment.
  • the license 127 can be validated, and then interpreted based on the interpretation request 125 to determine if rights, conditions, such as obligations 123 , specified therein allow such operation.
  • the capabilities for validating and/or interpreting the license 127 can be built into the Web Services Provider 101 and/or a rendering application. However, according to further exemplary embodiments, such capabilities can be separated from the Web Services Provider 101 and/or the rendering application, and can be provided by a service, such as the License Interpretation Service 109 .
  • the license 127 is validated and then interpreted by the License Interpretation Service 109 .
  • this process can be performed in reverse order, and in which case the interpretation can be performed subject to a later validation step.
  • the License Interpretation Service 109 can be employed for the task of interpreting licenses 127 , which is a counterpart of the license generation model of the License Interpretation Service 105 , whereby the Web Services Provider 101 can offload computational tasks not directly associated with providing the service 119 .
  • the Web Services Provider 101 operating as such can offload the task of interpreting the license 127 to the License Interpretation Service 105 , and, advantageously, focus in building the service 119 .
  • potentially other services 401 can be employed, as shown in FIG. 4.
  • the service 401 can be contacted to authenticate the principal, to retrieve information stored in a remote service, such as a trusted time clock, and the like.
  • FIG. 5 is a schematic illustration of exemplary interactions between the Web Service Provider 101 , the License Interpretation Service 109 , and the State Tracking Service 111 of the Networked Services Licensing System 100 , according to an exemplary embodiment.
  • the use of the State Tracking Service 111 during the license 127 interpretation stage 501 , and during the exercise of rights stage 503 , is shown.
  • the interpretation of the license 127 and/or the exercise of a right can involve information that is stored outside of the license 127 .
  • a condition of the license 127 can be that there is a limit to the number of times a resource provided by the Web Services Provider 101 can be accessed. Accordingly, during the interpretation of the license 127 , including of such condition, the information regarding the number of times the resource has already been accessed may have to be retrieved in order to accurately and truthfully interpret whether a further access right can be granted.
  • state information 115 can include various types of information, such as information regarding the status of the license 127 , the amount of time a resource has been used, information regarding payment for the service 119 , information regarding the time of the day the service 119 , the license 127 , and/or the conditions, were issued, accessed, consumed, presented, and the like. Accordingly, the state information 115 can include any suitable information regarding the Networked Services Licensing System 100 , and the like.
  • the state information 115 can reside and/or be recorded in persistent storage, such as a database, a memory, a service, and the like, of the Networked Services Licensing System 100 .
  • the state information 115 such as the number of times the service 119 has been accessed by the Web Services Client 103 , and the like, can be recorded in some persistent storage of the Networked Services Licensing System 100 .
  • the interpretation of the license 127 can result in the obligations 123 that may have to be fulfilled while allowing the exercise of the rights.
  • the State Tracking Service 111 addresses the noted and other problems associated with the tracking of state information by the Web Services Provider 101 .
  • a rights language as previously described, can be used to specify, for example, where the Tracking Service 111 is referenced, where the state information 115 related to the conditions of the rights can be managed, and the like.
  • the State Tracking Service 111 can be used for tracking, providing, and the like, the state information 115 that can be specified in the license 127 .
  • the Trust Authority Service 113 can include elements and/or services that, for example, establish, manage, and the like, trust relations for the various entities of the exemplary embodiments.
  • the Trust Authority Service 113 can include a Certificate Authority (CA) function for issuing the digital certificates, digital credentials and/or encryption keys 117 that can be employed to sign the licenses 127 .
  • CA Certificate Authority
  • the Trust Authority Service 113 can include a corporation's Public Key Infrastructure (PKI), a service provided by a PKI and/or security provider, a separate service employed to establish a trust relation between business partners, and the like.
  • PKI Public Key Infrastructure
  • the Trust Authority Service 113 can include the function issuing of digital credentials 117 , for example, used to identify the principals.
  • digital credentials 117 can include, for example, an X509 digital certificate, a Microsoft Passport, a Kerberos authentication token, and the like.
  • the credentials 117 of the type described above can be used to specify and/or certify the identity of the holder, but typically convey little additional information about the holder, as most of such additional information typically is provided in a fixed format and/or is implied. For example, a passport holder typically is simply someone that has been authenticated with the Microsoft passport service.
  • a rights language as previously described, and according to a further exemplary embodiment, advantageously, can be used define a certificate 117 that can be used to convey credentials in a more expressive manner, for example, to express the role of the principal, a membership association for a principal, and the like.
  • the credentials 117 then can be used to associate the holder with additional properties, such as a membership in a business circle, a relationship in a business environment, and the like.
  • a Certificate Authority can attest to the authenticity of the information included in a digital certificate. If the information in the digital certificate can be limited in scope, for example, such as a company name, the functions of the Certificate Authority can be well defined. For example, a Certificate Authority may have an established process to check a company's name before issuing a digital certificate. However, when the credentials become more expressive, as described above, it becomes more difficult for a Certificate Authority to attest to the authenticity of the credential information. For example, if a credential includes some membership information, the Certificate Authority would have to establish some additional process to validate such membership.
  • a generic Certificate Authority typically cannot verify such additional information.
  • the Certificate Authority, a signer, and the like, of the credential can become the system where the credential is to be used.
  • the trust model becomes less open and more monolithic, for example, since the system typically can trust the system.
  • the Trust Authority Service 113 can be employed to attest to additional information that can be included in the certificates 117 .
  • a Certificate Authority can be configured to fulfill the above-note needs.
  • a “trust broker,” such as the Trust Authority Service 113 of the exemplary embodiments advantageously, can be employed to address the noted and other problems with a Certificate Authority being employed to verify the above-noted additional information.
  • the licenses can be signed and/or verified, for example, through cryptographic techniques.
  • the verification of the license 127 signature can be used, for example, to attest to the integrity of the license 127 , the authenticity of the signer, such as the license 127 issuer, and the like.
  • such verification does not establish a “rights trust,” for example, to trust that the license 127 was issued with proper authorization, unless the verifier authorized the issuing of the license 127 . This is a difference between the license 127 validation, and the license 127 interpretation, as previously discussed.
  • Company B issues a license B′ to Company A granting Company A the right to issue licenses A′ on behalf of Company B. Then, Company A issues a license A′ to user X, and user X presents the license A′ to Company B to access a protected resource of Company B.
  • company B since company B issued the license B′, the trust of license A′ can be traced back to license B′, which is trusted by default by company B.
  • Company C also accepts licenses A′ for access to a protected resource of Company C.
  • Company C may have to either decide to trust licenses from Company A or issue a license C′ to Company A with the right to issue licenses A′ on behalf of Company C.
  • every license A′ would have to be accompanied with each of the authorizing licenses B′, C′, and so on.
  • a “trust broker,” such as the Trust Authority Service 113 of the exemplary embodiments can as the “trust broker,” for example, to broker deals between companies, issues licenses under its own signature, and the like.
  • the signature of the Trust Authority Service 113 can be trusted.
  • the Web Services Client 103 can transmit the license 127 , for example, as part of a messaging protocol.
  • the information for transmitting the license 127 at the time of the service 119 initiation can be provided in advance, for example, by reading some documentation on a Web site, and the like.
  • the Web Services Client 103 can transmit the license 127 , for example, as part of a messaging protocol.
  • the information for transmitting the license 127 at the time of the service 119 initiation can be provided in advance, by reading some documentation on a Web site, and the like, there is a need for a protocol, where the need for the license 127 can be communicated through a messaging mechanism.
  • a protocol is provided, as will be further described. Exemplary embodiments for the service 119 initiation, for example, involving the license 127 , will now be described.
  • FIG. 6 illustrates an exemplary workflow for when the Web Services Client 103 knows, for example, in advance, that the license 127 is to be included in the message 121 for the service 119 initiation in the Networked Services Licensing System 100 of FIG. 1.
  • such information can be obtained through various mechanisms, such as by obtaining information from a Web site, e-mail, facsimile, phone call, and the like.
  • the license 127 can be encoded as part of the service 119 request message 121 , which, at step 605 , is transmitted to the Web Services Provider 101 .
  • the license 127 can be encoded in the message 121 , manually, automatically, and the like, and employ a messaging protocol, for example, including a SOAP header, the messaging protocols of the further described exemplary embodiments, and the like.
  • FIG. 7 illustrates an exemplary workflow for when the Web Services Client 103 knows, for example, via a service description language file 709 , such as a WSDL file stored in a UDDI-based service discovery server 707 , and the like, that the license 127 is to be included in the message 121 for the service 119 initiation in the Networked Services Licensing System 100 of FIG. 1.
  • a service description language file 709 such as a WSDL file stored in a UDDI-based service discovery server 707 , and the like, that the license 127 is to be included in the message 121 for the service 119 initiation in the Networked Services Licensing System 100 of FIG. 1.
  • the WSDL file 709 is retrieved from the UDDI server 707 , manually, automatically, and the like.
  • the license can be encoded 127 as part of the service 119 request message 121 , which, at step 705 , is transmitted to the Web Services Provider 101 .
  • the license 127 can be encoded in the message 121 , manually, automatically, and the like, and employ a messaging protocol, for example, including a SOAP header, the messaging protocols of the further described exemplary embodiments, and the like.
  • FIG. 8 illustrates an exemplary workflow for when the Web Services Client 103 knows, for example, via a service description language file 709 , such as a WSDL file stored in the UDDI-based service discovery server 707 , and the like, that the license 127 can be obtained from the License Generation Service 105 of the Networked Services Licensing System 100 of FIG. 1. As shown in FIG.
  • a user at the Web Services Client 103 retrieves, manually, automatically, and the like, the WSDL file 709 from the UDDI server 707 , wherein the service description in the WDSL file 709 includes a reference to a service, such as the License Generation Service 105 , and the like, that can be used to issue the license 127 for the service 119 .
  • the user at the Web Services Client 103 initiates the License Generation Service 105 .
  • the Web Services Client 103 obtain the license 127 , manually, automatically, and the like, from the License Generation Service 105 .
  • the user at the Web Services Client 103 encodes the license 127 as part of the service 119 request message 121 , which then is transmitted to the Web Services Provider 101 .
  • the license 127 can be encoded in the message 121 , manually, automatically, and the like, and employ a messaging protocol, for example, including a SOAP header, the messaging protocols of the further described exemplary embodiments, and the like.
  • FIG. 9 illustrates an exemplary workflow for when the Web Services Client 103 does not know that the license 127 is to be employed for gaining access to the service 119 in the Networked Services Licensing System 100 of FIG. 1.
  • the Web Services Client 103 attempts to invoke and/or request the service 119 from the Web Services Provider 101 , via the service 119 request message 121 , which does not include the license 127 .
  • the Web Services Provider 101 processes the service 119 request message 121 , and determines that service 119 request message 121 does not include the license 127 .
  • the Web Services Provider 101 transmits, for example, an error message 907 , and the like, indicating that the license 127 is to be employed for gaining access to the service 119 of the Web Services Provider 101 .
  • the Web Services Client 103 can attempt to obtain the license 127 , for example, employing the previously described methods of FIGS. 6 - 8 , and as will be further described.
  • the messages 907 and 121 can employ a messaging protocol, for example, including a SOAP header, the messaging protocols of the further described exemplary embodiments, and the like.
  • FIG. 10 illustrates an exemplary workflow for when the Web Services Client 103 attempts to gain access to the service 119 without the license 127 , is informed that the license 127 is to be employed, as shown in FIG. 9, and obtains the license 127 for gaining access to the service 119 , using the method described in FIG. 8, in the Networked Services Licensing System 100 of FIG. 1.
  • any suitable method for obtaining a license such as the methods of FIGS. 6 - 8 , and the like, can be employed to obtain the license 127 .
  • the Web Services Client 103 attempts to invoke and/or request the service 119 from the Web Services Provider 101 , via the service 119 request message 121 , which does not include the license 127 .
  • the Web Services Provider 101 processes the service 119 request message 121 , and determines that service 119 request message 121 does not include the license 127 .
  • the Web Services Provider 101 transmits, for example, the error message 907 , and the like, indicating that the license 127 is to be employed for gaining access to the service 119 of the Web Services Provider 101 .
  • the Web Services Client 103 determines that the License Generation Service 105 , and the like, that can be used to issue the license 127 for the service 119 .
  • a user at the Web Services Client 103 initiates the License Generation Service 105 .
  • the Web Services Client 103 obtain the license 127 , manually, automatically, and the like, from the License Generation Service 105 .
  • the user at the Web Services Client 103 encodes the license 127 as part of the service 119 request message 121 , which then is transmitted to the Web Services Provider 101 .
  • the license 127 can be encoded in the message 121 , manually, automatically, and the like, and employ a messaging protocol, for example, including a SOAP header, the messaging protocols of the further described exemplary embodiments, and the like.
  • a separation of authority between the generation of the license 127 and the issuing of the license 127 can be provided.
  • the issuing of the license 127 can signify that the issuer of the license 127 authorizes the rights in the license 127 .
  • separation of authority provides for various exemplary embodiments, for example, as illustrated by the following exemplary workflows.
  • FIG. 11 illustrates an exemplary workflow for when an Enterprise 1111 out-sources the license 127 generation for gaining access to a service in the Networked Services Licensing System 100 of FIG. 1.
  • the exemplary workflow of FIG. 11 can be used, for example, in combination with the exemplary embodiments described herein.
  • the Enterprise 1111 such as the Business Entity B 303 , and the like, can out-source the license 127 generation to a service, such as the License Generation Service 105 , and the like, according to an exemplary embodiment.
  • resources related to the task of the license 127 generation can be freed up for the Enterprise 1111 .
  • Services of the Enterprise 1111 for which authorization to allow access is desired, and for which the licenses 127 can be generated can include, for example, services owned by the Enterprise 1111 , services owned by business partners of the Enterprise 1111 , the service 119 provided by the Web Services Provider 101 , and the like.
  • the task of authorizing grants in the license 127 for example, the license 127 issuing, can include digitally signing the license 127 , via license signing mechanism 1115 , and the like, and can remain with the Enterprise 1111 .
  • the Enterprise 1111 would have authorization to issue the licenses 127 , for example, implicitly, as when the Enterprise 1111 owns the service in question, explicitly, as through the distribution license 305 granting the Enterprise the right to issue the licenses 127 on behalf of another business entity, and the like.
  • one or more clients and/or end users 1113 can request the licenses 127 from the Enterprise 1111 .
  • the Enterprise 1111 decides to issue the requested licenses 127 to the clients and/or end users 1113 , at step 1103 , for example, the Enterprise 1111 requests unsigned licenses from the License Generation Service 105 .
  • the Enterprise 1111 can make such request for the unsigned licenses, for example, because the Enterprise 1111 may wish to “push” the licenses 127 onto the clients, such as for advertising purposes, promotional purposes, and the like.
  • the Enterprise 1111 can communicate with the License Generation Service 105 , and make the request for the unsigned licenses, using any suitable messaging protocol, such as the license protocol of the exemplary embodiments described herein.
  • the License Generation Service 105 processes the request for the unsigned licenses, creates the unsigned licenses using any suitable license generation technique, such as the license generation techniques of the exemplary embodiments described herein, and delivers the unsigned licenses to the Enterprise 1111 .
  • the Enterprise 1111 signs the license, and, at step 1109 , delivers, transmits, conveys, issues, and the like, the signed licenses 127 to the clients and/or end users 1113 .
  • the exemplary workflow, wherein the Enterprise 1111 out-sources the license generation and signing, is similar to that of FIG. 11, except that the License Generation Service 105 also can perform the signing of the unsigned licenses to generate the licenses 127 .
  • the License Generation Service 105 can be configured, for example, as a “proxy” signer, and the like, for the Enterprise 1111 .
  • the License Generation Service 105 can safeguard a signing key used to sign the unsigned licenses on behalf of the Enterprise 1111 . Accordingly, although the issuing party is the Enterprise 1111 , the License Generation Service 105 can act as a proxy for the Enterprise 111 . Since the License Generation Service 105 maintains, safeguards, and the like, the signing keys, a requester of the license 127 , advantageously, can be authenticated to prevent spoofing of the service, and the like.
  • FIG. 12 illustrates an exemplary workflow for when a plurality of Enterprises 1111 out-source the license 127 generation for gaining access to a service in the Networked Services Licensing System 100 of FIG. 1.
  • the exemplary workflow of FIG. 12 can be used, for example, in combination with the exemplary embodiments described herein.
  • the License Generation Service 105 can provide the license request, at step 1103 , license delivery, at step 1105 , and the like, services to the plurality of Enterprises 1111 .
  • each of the Enterprises 1111 can be associated with a corresponding account, and the License Generation Service 105 can be configured to manage the licenses 127 issued on behalf of the plurality of Enterprises 1111 , for example, on a per-account basis, and the like.
  • the License Generation Service 105 can utilize any suitable method for generating the licenses of the exemplary embodiments, for example, including the following exemplary methods, as will be described.
  • the exemplary methods advantageously, can be used to generate various types of licenses, such as the licenses 127 , the distribution license 305 , and the like.
  • FIG. 13 illustrates an exemplary method for license generation, based on license templates 1301 , that can be used in the Networked Services Licensing System 100 of FIG. 1.
  • the License Generation Service 105 manages local license templates 1301 , and license generation policies 1303 , under which the templates 1301 are used to generate a license, and the like.
  • the templates 1301 and the policies 1303 can be created under the agreement of the authorizing entity, for example, an entity that can utilize the License Generation Service 105 in an out-source type of arrangement, and the like.
  • the license templates 1301 can include predefined licenses, wherein one or more fields thereof are replaced, filled-in, and the like, when the license is generated.
  • the license templates 1301 can include a license template where the principal is not defined, and can replaced by a specific principal, where a resource, such as the service 119 , is undefined, and replaced by a specific resource, and the like, at the time of license generation.
  • the license generation policies 1303 can include rules for determining which templates to use, based on the request, and the like.
  • a policy can include a rule, such as “every request for a license involving a specific resource shall use template 123 ,” “every request from company ABC will use the template ID 456 and resolve/replace the principal with the principal transmitted in the request,” and the like.
  • a license request message 1305 transmitted to the License Generation Service 105 can include parameters 1307 , such as a principal identification/key, resource ID, template ID, and the like, to allow for the generation of a corresponding license based thereon.
  • the specification for the parameters 1307 for example, can be arranged manually, automatically, before-hand, codified in a WSDL description of the service, predetermined, and the like.
  • FIG. 14 illustrates an exemplary method for license generation, based on an authorizing license 1401 , that can be used in the Networked Services Licensing System 100 of FIG. 1.
  • the License Generation Service 105 receives along with the request 1305 , the authorizing license 1401 that authorizes the issuing of a license, and which includes the grant or grants that are to be issued.
  • the authorizing license 1401 can include, for example, a license prototype, recipe, and the like.
  • local templates typically do have to be employed, as the templates can be defined in the authorizing license 1401 .
  • This method can be employed, for example, using a rights language, such as XrML, and the like, that is capable of encoding the recipe to generate the grants within the authorizing license 1401 .
  • the license request message 1305 transmitted to the License Generation Service 105 can include the parameters 1307 , such as a principal identification/key, resource ID, and the like, to allow for the generation of a corresponding license based thereon.
  • the specification for the parameters 1307 for example, can be arranged manually, automatically, before-hand, codified in a WSDL description of the service, predetermined, and the like.
  • the method of the exemplary embodiment can provides more flexibility than the exemplary method of FIG. 13.
  • the License Generation Service 105 can produce various types of licenses, not just licenses defined by the license templates 1301 .
  • the License Generation Service 105 can determine by, for example, evaluating and/or interpreting the authorizing license 1401 transmitted along with the request 1305 , if issuance of a license has been authorized.
  • the license prototypes can include, for example, grants that are part of the authorizing licenses 1401 within the grant to issue licenses.
  • the license prototypes can include, for example, grants from which final grants can be created. Such grants are related to the right to issue licenses included in the authorizing license 1401 .
  • FIG. 15 illustrates an exemplary method for the license 127 generation, based on a license prototypes 1503 , for example, within a context of rights language, such as the XrML language, and the like, and that can be in the Networked Services Licensing System 100 of FIG. 1.
  • an incoming request 1305 includes the authorizing license 1401 , including the license prototype 1503 having zero or more variables “X.”
  • the License Generation Service 105 processes the request 1305 to generate the resultant license 127 , by employing the license prototype 1503 , and resolving the variables from license prototype 1503 with information 1507 from an issued license 1501 .
  • FIG. 16 illustrates an exemplary method for license generation, from scratch, that can be used in the Networked Services Licensing System 100 of FIG. 1.
  • another exemplary method of generating licenses for example, includes generating licenses from “scratch.”
  • the License Generation Service 105 typically does not rely on the license templates 1301 , and/or the authorizing licenses 1401 . Instead, the License Generation Service 105 takes instructions received in the form of detailed parameters 1601 received along with the request 1305 to generate a license, and then generates custom license therefrom. With this exemplary method, the License Generation Service 105 can generate various types of licenses, rights expressions, and the like, based on appropriate detailed parameters 1601 .
  • the richness of the type of license than can be produced by this exemplary method can depend on the API employed for programming, and/or messaging, the capabilities of the underlying software, and the like.
  • the employed programming and/or messaging interface can be configured so as to be sufficiently detailed to be able to transmit the information included in the detailed parameters 1601 needed to construct a full custom license.
  • information can include information about the principal, information about the resource, information about the rights, information about conditions, and the like, that can be employed to construct a license.
  • Interpretation of a license can include determining what right has been granted in the license, what conditions, if any, are associated with such grant, and the like.
  • the related process of validating the license can be bundled, associated, related, and the like, with the task of interpreting the license.
  • the license validation process can be separate from the process of license interpretation.
  • FIG. 17 illustrates an exemplary workflow for license validation that can be used in the Networked Services Licensing System 100 of FIG. 1.
  • Validating a license such as the license 127 , the distribution license 305 , and the like, as the name implies, for example, can include determining if a license is “valid,” which typically involves employing a cryptographic technique, and the like.
  • the License Validation and Interpretation Service 109 can perform the license validation process.
  • a license is received for validation.
  • the received license can be encrypted, for example, in order to keep the content thereof confidential, and the like.
  • License Decryption for example, the license can be decrypted. If, however, the license is not encrypted, as determined by step 1717 , for example, the processes of step 1703 can be bypassed.
  • the decryption process on the received license fails, as determined by step 1713 , at step 1715 , for example, the license can be deemed invalid.
  • the encryption and/or decryption processes employed can be performed based on asymmetric cryptographic techniques, symmetrical cryptographic techniques, public key cryptographic techniques, private key cryptographic techniques, and the like.
  • Step 1705 Signature Verification and/or Integrity Check, for example, the integrity of the license can be checked, including determining the integrity of the license to insure that the license has not been changed from the when the license was created, digitally signed, and the like, by an authorized issuer, and the like. If, however, the license is not signed, as determined by step 1719 , for example, the processes of step 1705 can be bypassed. In addition, if the verification process on the license fails, as determined by step 1713 , at step 1715 , for example, the license can be deemed invalid.
  • a license that fails the integrity check may not be trusted
  • a license that passes the integrity check may still entail the trusting of the key that was used to sign the license.
  • the signer of the license is the issuer of the license.
  • the trusting of the issuer can be part of the license interpretation processes, and the verification process of step 1705 also can be performed based on asymmetric cryptographic techniques, symmetrical cryptographic techniques, public key cryptographic techniques, private key cryptographic techniques, and the like.
  • License Revocation Check for example, in a similar as in the revocation of digitally signed documents, such as digital certificates, and the like, the license also can be revoked for various reasons. If, however, the license is not revoked, as determined by step 1721 , for example, the processes of step 1707 can be bypassed. In addition, if the license revocation check on the license fails, as determined by step 1713 , at step 1715 , for example, the license can be deemed invalid. In an exemplary embodiment, the license revocation step can determine, for example, through appropriate methods, channels, and the like, whether or not the license has been revoked. In addition, in an exemplary embodiment, a revoked license is no longer a valid, and cannot be used to authorize the granting of rights.
  • step 1709 Other Validation, for example, other validity checks, and the like, can be performed on the license. If the license passes the other validity checks employed, at step 1711 , for example, the license can be deemed valid. Similarly, if no other validity checks are employed, as determined by step 1723 , for example, the processes of step 1709 can be bypassed, and, at step 1711 , for example, the license also can be deemed valid. In addition, if the other validity checks on the license fail, as determined by step 1713 , at step 1715 , for example, the license can be deemed invalid. In an exemplary embodiment, the license can include additional information to attest the validity of the license, such as a validity interval, a specific issuer for the license, and the like, and expired licenses can be considered no longer valid.
  • steps 1707 and 1709 can include determining information within the license, which can entail looking inside the license, and the like, as part of the validation process, according to an exemplary embodiment, because such steps can be more closely related to the validation of a license. However, from a computational point of view, such steps can be considered as part of a license interpretation process, according to a further exemplary embodiment.
  • FIG. 18 illustrates exemplary workflows for license interpretation and state tracking that can be used in the Networked Services Licensing System 100 of FIG. 1.
  • Interpreting a license such as the license 127 , the distribution license 305 , and the like, for example, can include determining what the license has actually has authorized, conditions of such authorization, and the like.
  • license interpretation can be implemented as a service, wherein the License Validation and Interpretation Service 109 , and the like, can perform the license interpretation processes.
  • a license interpreter can include, for example, any suitable component, device, system, sub-system, mechanism, software, and the like, capable of interpreting a license.
  • the Web Services Provider 101 upon receiving the request 121 for the service 119 along with the license 127 from the Web Services Client 103 , can validate the license 127 , for example, to ensure the integrity, authenticity, and the like, of the license 127 .
  • the Web Services Provider 101 for example, can off-load the license 127 validation task to the License Interpretation Service 109 .
  • the License Interpretation Service 109 can maintain and/or check with external revocation mechanisms, and the like, for example, to determine if a signature associated with the license 127 is valid at the time the license 127 is used, and the like, thus, freeing up such resources and tasks for the Web Services Provider 101 .
  • the Web Services Provider 101 can make the license interpretation request 125 , and transmit the license 127 to the License Interpretation Service 109 .
  • the Web Services Provider 101 can pass the request 127 , for example, via any suitable communications protocol that can allow for the exchange of such queries, and the like.
  • the interpretation of the license 127 can include determining if the request 121 for the service 119 is authorized, under what conditions, if any, such authorization can be granted, and the like.
  • such query can be, for example, in the form of “is requester X authorized to access resource Y?” and the like.
  • the interpretation of the license 127 also can involve determining, for example, if an issuer trusted by the Web Services Provider 101 has authorized the license 127 . If, however, the Web Services Provider 101 does not recognize, cannot trust, and the like, the issuer of the license 127 , then a license authorizing the issuer to issue the license 127 , such as the distribution license 305 , and the like, also can be checked.
  • the result of the license interpretation process can include a response, and the like, from the License Interpretation Service 109 to the Web Services Provider 101 , indicating whether or not requested operations, access to services, and the like, granted in a license, such as the license 127 , the distribution license 305 , and the like, are authorized.
  • a license such as the license 127 , the distribution license 305 , and the like
  • the Web Services Provider can provide a service, such as the service 119 , to a client, such as the Web Services Client 103 .
  • zero or more obligations 123 that the Web Services Provider 101 may have to perform, for example, as conditions for supplying the service 119 , and the like, can result from License Interpretation Service 109 evaluating such conditions specified in the license 127 .
  • the obligation 123 can include the Web Services Provider 101 recording the access to the service 119 , imposing a time limit for which the services 119 are rendered, and the like.
  • the License Interpretation Service 109 also can leverage other services, for example, as specified in the license 127 and/or the distribution license 305 , such as retrieving the state information 115 , for example, including a count, a limit value, and the like, from some the other service, such as the State Tracking service 111 , and the like.
  • a license such as the license 127 , the distribution license 305 , and the like, can be used to specify information, such as location information, and the like, for other services, entities, and the like, such as the services, systems, sub-systems, components, devices, and the like, of the Networked Services Licensing System 100 of FIG. 1.
  • the license interpretation workflow of the exemplary embodiments can employ any suitable license interpretation protocol, such as the exemplary license interpretation protocol described herein.
  • the License Interpretation Service 109 in the process of interpreting a license, such as the license 127 , the distribution license 305 , and the like, for example, can employ state information, such as the state information 115 , and the like, that can be stored in a state tracking service, such as the State Tracking Service 111 , and the like.
  • state information such as the state information 115 , and the like
  • the location, protocol, and the like, for obtaining the state information 115 can be encoded in the license, for example, based on Web services and/or languages, such as UDDI, WSDL, and the like.
  • the License Interpretation Service 109 can assure that a link, reference, and the like, specified in the license is for an authorized service, such as the State Tracking Service 111 , and the like. Accordingly, at step 1803 , for example, the License Interpretation Service 109 transmits a request for state tracking to the State Tracking Service 111 .
  • the State Tracking Service 111 may have to ensure that a requesting entity, such as the License Interpretation Service 109 , can be authenticated.
  • the License Interpretation Service 109 can be authenticated, for example, by any suitable method, such as by presenting a license, such as the license 127 , the distribution license 305 , and the like.
  • the State Tracking Service 111 provides the requested state 115 information to the License Interpretation Service 109 .
  • the transfer of the state information 115 can be made using any suitable protocol, such as the exemplary protocols described herein, and can be made secure, for example, via secured transmission Internet technologies, such as Secure Sockets Layer (SSL) technologies, and the like.
  • SSL Secure Sockets Layer
  • the License Interpretation Service 109 then can use the state information 115 received from the State Tracking Service 111 , at step 1807 , for example, to complete the interpretation of the license.
  • the state information 115 can in clued, for example, how many times the service 119 has been accessed, a payment record, a time span, and the like.
  • the License Interpretation Service 109 also can send interpretation information to the Web Services Provider 101 , at step 1807 , for example, including the obligations 123 , and the like. Once the obligations 123 are satisfied, at step 1809 , for example, the Web Services Client 103 can exercise a right included in the license 127 , such access to the service 119 of the Web Services Provider 101 .
  • the use of the service 119 of the Web Services Provider 101 by Web Services Client 103 can entail obligations that may have to be fulfilled by the Web Services Provider 101 , for example, such as transfer of updated state information 115 , and the like.
  • the Web Services Provider 101 establishes contact with the State Tracking Service 111 to transfer the updated state information 115 , and the like.
  • the location, protocol, and the like, for transferring the updated state information 115 to the State Tracking Service 111 can be encoded in the license, for example, based on Web services and/or languages, such as UDDI, WSDL, and the like.
  • the Web Services Provider 101 can have assurance that a link, reference, and the like, specified in the license is for an authorized service, such as the State Tracking Service 111 , and the like.
  • the State Tracking Service 111 may have to ensure that a requesting entity, such as the Web Services Provider 101 , can be authenticated.
  • the Web Services Provider 101 can be authenticated, for example, by any suitable method, such as by presenting a license, such as the license 127 , the distribution license 305 , and the like. Once validations, assurances, obligations, and the like, are satisfied, at step 1811 , for example, the Web Services Provider 101 can transfer the updated state information 115 to the State Tracking Service 111 .
  • the messages associated with the workflows can be encoded, using any suitable messaging protocol, such as the exemplary license protocol described herein.
  • the exemplary license protocol for example, can be encoded with XrML, XML, and the like, and can be included in messages that are sent between, for example, the Web Service Client and the Web Services Provider 101 .
  • an exemplary embodiment of the license protocol employing XML and leveraging the messaging framework of SOAP, is illustrated in Table 1.
  • SOAP elements such as the indication of a fault through a ⁇ fault> element during the processing of a message, and the like, can be used in accordance to the SOAP specification.
  • ⁇ details> ⁇ lic:faultDetails> element shown in ⁇ lic:faultDetails> bold, and can include a “message” part ⁇ message> license missing ⁇ /message> that can be human readable, and an ⁇ errorcode> 0001 ⁇ /errorcode> “errorcode” part for machine ⁇ lic:faultDetails> processing.
  • the message part can be ⁇ /details> used for debugging.
  • condition with the license 127 can be ⁇ details> encapsulated in the ⁇ lic:faultDetails> ⁇ lic:faultDetails> element, shown in bold, and can ⁇ message> Expired License ⁇ /message> include: a “message” part that can be ⁇ errorcode> 0034 ⁇ /errorcode> human readable, and an “errorcode” ⁇ lic:faultDetails> part for machine processing.
  • the ⁇ /details> message part can be used for ⁇ /fault> debugging.
  • the errorcode part can be ⁇ /body> a number or a string and can include a ⁇ /envelope> list of error codes indicating different types of fault conditions.
  • ⁇ x:serviceKey> a license with a grant of ⁇ x:uddi>E234s-asdfa-. . . ⁇ /x:uddi> principal equal to the identity of the ⁇ /x:serviceKey> requester and of right ⁇ /x:uddi> “retrieveAnyDocument” can be ⁇ /x:serviceReference> employed.
  • ⁇ x:principal varRef “requester” />
  • the license prototype 1503 or the type ⁇ ws:retrieveAnyDocument /> of license 127 employed to access the ⁇ /x:grant> service 119 can be encoded with a ⁇ x:issuer> rights language (for example, XrML, . . . . as in this example).
  • the Web Services Client 103 ⁇ ?xml version ‘1.0’> requesting the license 127.
  • ⁇ Envelop xmlns “http://www.w3c.org/2002/06/soap-envelope”
  • the output of such request (for ⁇ /x:serviceReference> example, if authorized) can be a ⁇ /x:grant> license 127 that can be transmitted ⁇ /lic:request> inside a message to the requester.
  • ⁇ /body> There are numerous ways to pass the ⁇ /envelope> information in the message. The example is one of such many ways. Each of the previously described methods can employ a separate “flavor” of the protocol.
  • xmlns:lic “http://www.xrml.org/2002/license”
  • SOAP typically, there is no need ⁇ /header> for an additional protocol, as shown in ⁇ body> the example.
  • there may be a need to ⁇ x:grant> include the license within a “wrapper” . . . in the form of ⁇ /x:grant> ⁇ lic:Response>. .
  • xmlns:x “http://www.xrml.org/2002/xrmlCore”>
  • SOAP typically, there is no need ⁇ /x:grant> for an additional protocol, as shown in . . . the example.
  • ⁇ /wsse:security> include the license within a “wrapper” . . . in the form of ⁇ /header> ⁇ lic:security>. . . ⁇ /lic:security> to ⁇ body> indicate that the enclosed license 127 . . . is a license to gain access to the ⁇ /body> service 119.
  • the exemplary license interpretation protocol can be part of the license protocol.
  • the license interpretation protocol is discussed separately, for the sake clarity.
  • the Web Services Provider 101 can use the license interpretation protocol, for example, when invoking the License Interpretation Service 109 .
  • the license interpretation protocol can be implemented so as to leverage a messaging exchange protocol, for example, SOAP, and the like, and transmit XrML messages, XML messages, and the like.
  • Table 2 shows the exemplary license interpretation protocol, for example, as XML leveraging the messaging framework of SOAP, and the rights language XrML. TABLE 2 Exemplary Interpretation Protocol (XML/SOAP Messaging Framework) Soap Message.
  • Elements of the license protocol are prefixed Step in Workflow with “lic:”
  • the message can . . .
  • ⁇ wsse:security xmlns:wsse “. . .”>
  • the Web Services . . . Provider 101 can sends credential, ⁇ /wsse:security> including a license that authorizes the ⁇ x:license> access or use of the service ⁇ x:grant>
  • the body of the message starts with . . . the request of type “licenseInterpret,” ⁇ /x:grant> shown in bold. This is to indicate that . . . the request is for interpreting a license.
  • ⁇ /x:license> Within this element are the parameters ⁇ /wsse:security> that the interpreter employs as input. . . .
  • xmlns:x “http://www.xrml.org/2002/xrmlCore” >
  • a response 123 ⁇ header> corresponding to the request is . . . encapsulated within the ⁇ lic:response> ⁇ /header> element, shown in bold.
  • ⁇ x:grant> conditions can also be resolved in the ⁇ ws:execute/> license interpreter and the result could ⁇ x:trackReport> be “simpler conditions” that are easier ⁇ x:serviceReference> to validate by the requester.
  • ⁇ x:uddi>E234s-asdfa-. . . ⁇ /x:uddi> The result in this example indicates ⁇ x:details> that the access right has been granted . . .
  • ⁇ /x:details> and the right to execute has also been ⁇ /x:serviceReference> granted, but with the obligation to ⁇ /x:trackReport> track the exercise of this right as ⁇ /x:grant> specified by the ⁇ x:trackReport> . . . element (for example, defined in the ⁇ /lic:response> rights language XrML) . . . ⁇ /body> ⁇ /envelope>
  • the state tracking protocol can include any suitable protocol, public, private, proprietary, standardized, the exemplary protocols as described herein, and the like, that can be used to retrieve, transfer, and the like, information, such as the state information 115 , and the like, to and from a service, such as the State Tracking Service 111 , and the like. Accordingly, the state tracking protocol can be used for retrieving a count of how many times a service, such as the service 119 , and the like, has been exercised, for sending the exercise count, for storing an exercise count, and the like.
  • the exchange of certain types of information may already be standardized in a protocol by other industries, in which case, according to a further exemplary embodiment, such a standardized protocol can be included in the state tracking protocol.
  • a protocol may employed that can depend on the specialization, implementation, and the like, of the State Tracking Service 111 . For example, if the State Tracking Service includes a database, then the retrieval and storage of information can be performed via a database query mechanism, and the like.
  • FIG. 19 illustrates an exemplary workflow for specifying a license that can be used in the Networked Services Licensing System 100 of FIG. 1.
  • a service such as a Web-based License Generation and Interpretation Service 1907 based on, for example, the License Generation 105 and Interpretation 109 Services of the exemplary embodiments, and the like, can allow for the specification of rights, the interpretation of rights, and the like, for generating a license, such as the license 127 and/or the distribution license 305 , and the like.
  • the License Generation and Interpretation Service 1907 for example, can be employed as a building block for systems, such as a Rights Clearing Service, a Digital Asset Management System, a Digital Rights Management System, and the like.
  • the License Generation and Interpretation Service 1907 can include, for example, providing a user interface, such as a Graphical User Interface (GUI), and the like, converting user input into a rights expression, such as a license, based on a rights language, such as XrML, and the like.
  • the License Generation and Interpretation Service 1907 can also provide one or more user interfaces, each specializing in a particular format, industry, and the like.
  • the License Generation and Interpretation Service 1907 can provide a user interface for video formats, another user interface for music formats, a still further user interface for electronic books, and the like.
  • providing user interfaces tailored to the specific details and/or intricacies of a particular audience for example, can be a value-added feature, and the like, of the License Generation and Interpretation Service 1907 .
  • the License Generation and Interpretation Service 1907 can include accepting rights queries, processing the rights queries against corresponding rights expressions, and the like.
  • an exemplary rights query can be of the form “Does John M., who is an employee of Company N, have the right to purchase up to $1000 worth of supplies from Supplier P?,” and the like.
  • the output from such a query can include an assertion about what rights are available, what conditions are attached to such rights, and the like.
  • the License Generation and Interpretation Service 1907 can add further value, for example, by providing one or more user interfaces that facilitate user input for a particular type of rights query, and the like.
  • the same entity for providing both rights specification, and rights interpretation functions allows for an increase in consistency, accuracy, and the like, in interpreting the rights.
  • a system that creates the rights specification typically is better equipped to apply the same rules when interpreting such rights.
  • the rights expression, the rights expression definitions, the rights expression interpretations, and the like can be based on any suitable standard, including industry standards, and the like.
  • a user 1919 an author, for example, wishes to specify the rights associated with some type content in relation to a contract with a publisher.
  • An authoring application 1909 that the user 1919 employs does not provide a way to specify rights metadata for the content, but can call a Web service, such as the License Generation and Interpretation Service 1907 that provides such a function.
  • the authoring application connects to License Generation and Interpretation Service 1907 that provides rights specification, interpretation, and the like.
  • the License Generation and Interpretation Service 1907 can specialize in certain industries and provide a user interface with terminology, contract templates, and the like, that can be used and understood in that particular industry, trade, and the like.
  • the user 1919 interacts with the License Generation and Interpretation Service 1907 , and, at step 1903 , for example, the License Generation and Interpretation Service 1907 converts the information the user 1919 provides into a rights expression, for example, an unsigned license, based on XrML, and the like.
  • the unsigned license is then returned, conveyed, transmitted, and the like, to the user 1919 , and the user 1919 can digitally sign the license.
  • the user 1919 can send the signed license, for example, together with the associated content, to a Digital Asset Management System 1913 of the publisher, and, for example, including a license store 1915 , such as a database and the like.
  • the content can now be managed by the Digital Asset Management System 1913 , for example, within a domain, and the like, of the publisher.
  • FIG. 20 illustrates an exemplary workflow for interpreting a license that can be used in the Networked Services Licensing System 100 of FIG. 1.
  • Bob a rights specialist
  • the rights of the asset are encapsulated, for example, by an XrML license.
  • the Digital Asset Management System 1913 for example, not having a capability to interpret licenses, for example, by design, because a Web service can provide more specialized capabilities, and the like, accesses the License Generation and Interpretation Service 1907 , which provides, for example, an intuitive user interface, such as a GUI, and the like.
  • the License Generation and Interpretation Service 1907 can specialize in interpretation of certain types contracts, licenses, and the like, and allow the operation of the user interface to query the rights that can be employed for a particular publication.
  • the License Generation and Interpretation Service 1907 can include, for example, an indexed database where licenses are stored, organized, and the like.
  • step 2001 for example, Bob sends a query along with the XrML license, for example, through the Digital Asset Management System 1913 , to the License Generation and Interpretation Service 1907 .
  • step 2003 for example, the License Generation and Interpretation Service 1907 interprets the rights included in the license based on the query request, and returns the result of the query to Bob.
  • the exemplary rights processing workflow described above can be a function provided by a Web service, such as the License Generation and Interpretation Service 1907
  • the workflow does not describe the process for calling, accessing, and the like, the License Generation and Interpretation Service 1907 .
  • the XrML license is not used for accessing the License Generation and Interpretation Service 1907 .
  • the rights processing functions can be generic functions provided by a Web service, such as the License Generation and Interpretation Service 1907 , and the like, and, for example, can be described with any suitable standards-based language for describing Web services, such as WSDL, and the like.
  • a service such as the License Generation and Interpretation Service 1907 , and the like.
  • a user 2005 the owner of the Web-based License Issuing and Interpretation Service 1907 has been providing the service to anyone that can discover his offering, can use the service, and the like.
  • the License Generation and Interpretation Service 1907 of the user 2005 has become quite successful, and the user 2005 now wishes to commercialize the License Issuing and Interpretation Service 1907 .
  • the user 2005 can add an e-commerce capability to the License Issuing and Interpretation Service 1907 .
  • the user 2005 could add an e-commerce package to the License Issuing and Interpretation Service 1907 , which can entail the creation of various mechanisms, such as a customer account processing mechanism, a financial transaction processing mechanism, a login and password processing mechanism, and the like.
  • a service can create barriers for the service and its customers. For example, the login process, the handling forgotten passwords, the processing of payments, the determining of how much to charge, the determining of what methods to employ, and the like, could become cumbersome.
  • the user 2005 can configure the License Issuing and Interpretation Service 1907 , for example, such that access is granted based on a presentation of a license, for example, manually, automatically, and the like.
  • a system can include, for example, submitting a license during the initial communication protocol with the License Issuing and Interpretation Service 1907 .
  • a client of the License Issuing and Interpretation Service 1907 and the License Issuing and Interpretation Service 1907 can follow any suitable license protocol, such as the exemplary license protocol described herein.
  • a license such as an XrML license, and the like, can be presented, for example, when an application communicates with the License Issuing and Interpretation Service 1907 . If the license validates, the services of the License Issuing and Interpretation Service 1907 can be rendered.
  • the authoring application can be configured to include the capability to present a license, for example, when the application requests services from License Issuing and Interpretation Service 1907 .
  • FIG. 21 illustrates an exemplary workflow for controlling consumption of a service that can be used in the Networked Services Licensing System 100 of FIG. 1.
  • authoring application 1909 of the user 1919 communicates with the License Issuing and Interpretation Service 1907 and requests service.
  • a license is presented in order to access the services of the License Issuing and Interpretation Service 1907 .
  • the License Issuing and Interpretation Service 1907 can render its services.
  • the user 2005 now ponders the question of who would issue the licenses that are used to access the License Issuing and Interpretation Service 1907 .
  • the user 2005 can configure the License Issuing and Interpretation Service 1907 to manage the issuing of the licenses. However, this can become quite taxing to the system and himself.
  • the user 2005 would have develop and maintain an e-commerce site and a database for his customers.
  • the user 2005 figures that managing a customer database is not something that will add value to the License Issuing and Interpretation Service 1907 , and does not see the economic potential of maintaining and/or data-mining the customer database.
  • the user 2005 would rather keep the License Issuing and Interpretation Service 1907 simple, allowing the user 2005 to focus on the basic capabilities and functionality of the service. Therefore, according to a further exemplary embodiment, the user 2005 can configure the License Issuing and Interpretation Service 1907 to employ licenses, for example, that can be issued by a trusted third party, bundled with the authoring application 1909 , and the like.
  • FIG. 22 illustrates an exemplary workflow for issuing licenses by a third party that can be used in the Networked Services Licensing System 100 of FIG. 1.
  • the user 2005 can issue licenses to business partners of the user 2005 , for example, granting the right to issue licenses for access to License Issuing and Interpretation Service 1907 , such as the distribution license 305 , and the like.
  • the business partners of the user 2005 then can issue the distribution licenses to end-users, such as the user 1919 .
  • the business partners the user 2005 can include companies, for example, such as Company ABC 2207 that creates and sells the authoring applications 1909 , such as word processors, image creation software, and the like.
  • the user 2005 can make a business deal with the Company ABC 2207 , for example, based on granting the Company ABC 2207 the right to issue licenses for access to the License Issuing and Interpretation Service 1907 , and the like, at step 2203 .
  • the licenses for accessing the License Issuing and Interpretation Service 1907 can be issued on-demand, bundled with the authoring applications 1909 , and the like, by the Company ABC 2207 .
  • the user 2005 can bundle access to the License Issuing and Interpretation Service 1907 with a third party application, such as the authoring applications 1909 , and the like.
  • the user 2005 and/or the Company ABC can use a third party service, such the License Generation and Issuing Service 105 , and the like, to generate the licenses of the exemplary embodiments.
  • a third party service such as the License Generation and Issuing Service 105 , and the like
  • signature keys can to be obtained to sign the licenses, for example, through security services, such as the Trust Authority Service 113 , and the like.
  • the user 2005 can commercialize the Web-based License Issuing and Interpretation Service 1907 , advantageously, without adding the resources employed to run and manage an e-commerce system.
  • the user 2005 can determine the conditions for access to the License Issuing and Interpretation Service 1907 , for example, by employing the licenses of the exemplary embodiments, such as XrML licenses, and the like.
  • the user 2005 does not have to deal, for example, with managing of the customer base, and the like.
  • the improved License Issuing and Interpretation Service 1907 can entail some improvement to the Web services software, such as the capability to process licenses, but the such changes can be negligible in comparison with the deployment of a full-fledge e-commerce setup.
  • the user 2005 can employ various compensation methods that, advantageously, can be described in a rights language, such as XrML, and the like.
  • a non-tracked, not encoded in a license, out of band, and the like, compensation method can be employed.
  • the user 2005 can arrange a flat-fee, per-use, and the like, deal, whereby the user 2005 can issue a distribution license, for example, granting the Company ABC 2207 an unlimited right to issues licenses for accessing the License Issuing and Interpretation Service 1907 .
  • the Company ABC 2207 can compensate the user 2005 , for example, based on the number of licenses for accessing the License Issuing and Interpretation Service 1907 the Company ABC 2207 bundles with its software, such as the authoring applications 1909 , based on a one-time payment, and the like. In this embodiment, the user 2005 would have to trust the data that the Company ABC 2207 collects, for example, with respect to software sales, and the like.
  • a tracked, encoded in a license, per distributor use, and the like, compensation method can be employed.
  • the user 2005 can employ, for example, compensation rules, and the like, that can be encoded in the distribution license the user 2005 issues to the Company ABC 2207 .
  • the distribution license can be configured to specify that every time the right to issue a license for accessing the License Issuing and Interpretation Service 1907 is exercised by the Company ABC 2207 , conditions may have to be met, such as the making of a payment of a certain amount to an account of the user 2005 , that each use of the distribution license is tracked and settled through other means, and the like.
  • accurate, trustworthy, and the like sales information can be made possible, because accurate tracking can be enabled.
  • a tracked, encoded in a license, per end-user use, and the like, compensation method can be employed.
  • the distribution license that the user 2005 issues to the Company ABC 2207 can also specify, for example, that when an end-user license is issued, for example, by the Company ABC 2207 , certain rights, conditions, and the like, may have to be specified in the end-user licenses that the Company ABC 2207 issues.
  • the user 2005 can specify in the distribution license that the end-user usage of the licenses issued by the Company ABC 2207 for accessing the License Issuing and Interpretation Service 1907 be tracked, and the like.
  • the License Issuing and Interpretation Service 1907 of the user 2005 receives, processes, and the like, a license from the user 1919 , the license can specify the parameters to track the usage of the license.
  • the license can specify the parameters to track the usage of the license.
  • at the end of an accounting period such data can be gathered, processed, and the like, for payment.
  • the Company ABC 2207 may realize that by bundling additional services, the Company ABC 2207 can increase its competitive advantage in the marketplace.
  • the Company ABC 2207 can reach out to other companies, Web services, and the like, such as document translator services, multilingual spell checker services, editorial tool services, and the like. Then, the Company ABC 2207 can make business deals with such other companies and include licenses that can be used to access such additional services.
  • the Company ABC can aggregate several services to bundle with its products.
  • each license such as an XrML license, and the like, can be used to express individual rights, conditions, and the like, for each the aggregated services.
  • the license for Web service B can be expressed with a right for an unlimited use
  • the license for Web service C can be expressed with a condition for a maximum count of 10 uses, and the like.
  • employing licenses that can determine the rules for access and use of a service can facilitate service aggregation.
  • the user 2005 can issue distribution licenses to his business partners, and, in turn, his business partners can issue licenses to the end-users for accessing the License Issuing and Interpretation Service 1907 .
  • This exemplary embodiment illustrates a single tier distribution model, wherein the business partners of the user 2005 can be the distributors for access to the services of the user 2005 .
  • FIG. 23 illustrates an exemplary workflow for syndication of a service that can be used in the Networked Services Licensing System 100 of FIG. 1.
  • the user 2005 can focus on the technical details of the Web-based License Issuing and Interpretation Service 1907 , and, for example, outsource business dealings, and the like, with companies, such as the Company ABC 2207 , and the like.
  • the user 2005 can grant a syndication agent, such as a Syndication Company 2311 , a syndication license that grants the Syndication Company 2311 the right to issue distribution licenses that grant the ABC Company 2207 the right to issue licenses for accessing the License Issuing and Interpretation Service 1907 .
  • a syndication agent such as a Syndication Company 2311
  • a syndication license that grants the Syndication Company 2311 the right to issue distribution licenses that grant the ABC Company 2207 the right to issue licenses for accessing the License Issuing and Interpretation Service 1907 .
  • the Networked Services Licensing System 100 can store information relating to various processes described herein. This information can be stored in one or more memories, such as a hard disk, optical disk, magneto-optical disk, RAM, and the like, of the devices and sub-systems of Networked Services Licensing System 100 .
  • One or more databases of the devices and subsystems of the Networked Services Licensing System 100 of FIG. 1 can store the information used to implement the exemplary embodiments.
  • the databases can be organized using data structures, for example, records, tables, arrays, fields, graphs, trees, lists, and the like, included in one or more memories, such as the memories listed above, and the like.
  • All or a portion of the Networked Services Licensing System 100 can be conveniently implemented using one or more general-purpose computer systems, microprocessors, digital signal processors, micro-controllers, and the like, programmed according to the teachings of the exemplary embodiments. Appropriate software can be readily prepared by programmers of ordinary skill based on the teachings of the exemplary embodiments.
  • the Networked Services Licensing System 100 can be implemented by the preparation of application-specific integrated circuits or by interconnecting an appropriate network of conventional component circuits.
  • a license is presented at the time of service request.
  • the license could be presented at another time, cached, and the like, so that further service request do not entail the submission of a license.
  • a license could be “pre-presented” and retained by the Web service, the client, and the like.
  • the license could, after being pre-presented, be “pre-validated.” In such a case, when a request for accessing services is made it would be determined if the request is from an authorized requestor, and the license would be interpreted.
  • the exemplary workflows are described as functional steps associated with the exemplary devices of the Networked Services Licensing System 100 , one or more of the functional steps of the exemplary workflows can be performed by any suitable device or devices, such as one or more general-purpose computer systems, microprocessors, digital signal processors, micro-controllers, and the like, programmed according to the teachings of the exemplary embodiments, as will be appreciated by those skilled in the relevant art(s).
  • a third party collects services from service providers and makes them available singly or in combination to users as a third party service.
  • the Web Services Provider 101 may not or, cannot provide the syndication function, but they can set some of the conditions, rights, and the like, for the services.
  • This exemplary embodiment thus, enables the third party service provider to provide, for example, access and tracking services to a user of the third party service on behalf of the owners of the services.
  • the services market, especially for component services can be greatly enabled, accelerated, and the like, with this exemplary embodiment.
  • conditional access typically cannot handle such examples well and/or may be impractical.
  • a hard drive on a personal computer can include license generating software, a license, and license interpretation software.
  • the communications protocol of the exemplary embodiments, in this example, can be employed for communications within the hard drive.
  • the Web Services Client 103 can present a validated license and obtain access to a Web service without having to be on-line at the time the service is obtained.
  • the service could reside on the PC hard drive, such as where the service includes the execution of a computer program, or could be obtained from or through another device, such as a server or CD or other storage medium.
  • the on-line session can be conducted at a time other than at the time the request for the use of the service is made.
  • the transaction can be made off-line using a digital storage device, such as a pre-paid “smart card” and the like.
  • a digital storage device such as a pre-paid “smart card” and the like.
  • any suitable information to be exchanged can be exchanged using a physical storage device instead of an on-line communication. For example, a license can be presented by inserting a smart card into the PC.

Abstract

A method, system, and computer program product for controlling consumption of a distributed network service in accordance with rights expression information associated with the distributed network service and specifying a manner of use of the distributed network service, including determining the rights expression information associated with the distributed network service, the rights expression information indicating a manner of use of the distributed network service; and controlling consumption of the distributed network service based on the rights expression information.

Description

    CROSS REFERENCE TO RELATED DOCUMENTS
  • The present invention claims benefit of priority under 35 U.S.C. §119(e) to commonly assigned, co-pending, U.S. Provisional Patent Application Serial No. 60/359,667 of Lao et al., entitled “XrML FRAMEWORK FOR WEB SERVICES,” filed on Feb. 27, 2002, the entire disclosure of which is hereby incorporated by reference herein. This application is a Continuation-In-Part (CIP) of commonly assigned, co-pending, U.S. patent application Ser. No. 10/159,272 of Wang et al., entitled “METHOD AND APPARATUS FOR DISTRIBUTING ENFORCEABLE PROPERTY RIGHTS,” filed on Jun. 3, 2002, which claims benefit of priority to commonly assigned U.S. Provisional Patent Applications Serial Nos. 60/331,625, filed on Nov. 20, 2001, 60/296,117, filed on Jun. 7, 2001, 60/296,118, filed on Jun. 7, 2001, and 60/296,113, filed on Jun. 7, 2001, and which is Continuation-In-Part (CIP) of commonly assigned U.S. patent application Ser. No. 10/046,695, filed on Jan. 17, 2002, which claims benefit of priority to commonly assigned U.S. Provisional Patent Application Serial No. 60/261,753, filed on Jan. 17, 2001, the entire disclosures of all of which are hereby incorporated by reference herein.[0001]
  • BACKGROUND OF THE INVENTION
  • 1. Field of the Invention [0002]
  • This invention generally relates to networked communications systems, and more particularly to a system and method for licensing of networked services, such as Web services, and the like. [0003]
  • 2. Description of Related Art [0004]
  • Recently, networked services technologies, such as Web services technologies, are introducing at a rapid pace the capability to access various services over the Internet in an interoperable and automated manner. As enterprises make their content (such as software) and services available as networked services, there exists a need to control their indiscriminate access and use. The typical method of access control has been one where an identity or credentials about an identity are matched against a set of policies that are managed locally by the provider of the service. One example is when a user enters a user name and password to access some resource in a Web service. This method of access control is widely used in computer systems and is primarily about protecting “my” services against unauthorized use. In other words, access to a service typically is solely based on an identity of a user requesting access to the service. [0005]
  • With a desire to manage or restrict access, proliferate and commercialize services, there exist scenarios where computational environments are merely intermediaries and typically cannot decide on their own security policies. An example of such intermediaries includes hosting and replicating devices used in outsourcing and bandwidth management scenarios. However, in such environments, it is difficult to propagate and manage central security policies. Accordingly, there is still a need for systems and methods for licensing of networked services, such as Web services. [0006]
  • SUMMARY OF THE INVENTION
  • The above and other needs are addressed by exemplary embodiments of the present invention, which provide an improved system and method for licensing of networked services, such as Web services, and the like. [0007]
  • Accordingly, in an exemplary embodiment, there is provided an improved method for controlling consumption of a distributed network service in accordance with rights expression information associated with the distributed network service and specifying a manner of use of the distributed network service. The method includes determining the rights expression information associated with the distributed network service, the rights expression information indicating a manner of use of the distributed network service; and controlling consumption of the distributed network service based on the rights expression information. [0008]
  • According to another exemplary embodiment, there is provided an improved computer system for controlling consumption of a distributed network service in accordance with rights expression information associated with the distributed network service and specifying a manner of use of the distributed network service. The computer system includes a distributed network services provider configured to provide the distributed network service; a client of the provider configured to consume the distributed network service; a license issuing server configured to determine the rights expression information associated with the distributed network service, the rights expression information indicating a manner of use of the distributed network service; and a license issuing server configured to control consumption of the distributed network service based on the rights expression information. [0009]
  • According to a further exemplary embodiment, there is provided an improved computer-readable medium carrying one or more sequences of one or more instructions for controlling consumption of a distributed network service in accordance with rights expression information associated with the distributed network service and specifying a manner of use of the distributed network service. The one or more sequences of one or more instructions including instructions which, when executed by one or more processors, cause the one or more processors to perform the steps of determining the rights expression information associated with the distributed network service, the rights expression information indicating a manner of use of the distributed network service; and controlling consumption of the distributed network service based on the rights expression information. [0010]
  • According to a still further exemplary embodiment, there is provided an improved system for controlling consumption of a distributed network service in accordance with rights expression information associated with the distributed network service and specifying a manner of use of the distributed network service, including means for determining the rights expression information associated with the distributed network service, the rights expression information indicating a manner of use of the distributed network service; and means for controlling consumption of the distributed network service based on the rights expression information. [0011]
  • Still other aspects, features, and advantages of the present invention are readily apparent from the following detailed description, simply by illustrating a number of exemplary embodiments and implementations, including the best mode contemplated for carrying out the present invention. The present invention is also capable of other and different embodiments, and its several details can be modified in various respects, all without departing from the spirit and scope of the present invention. Accordingly, the drawings and descriptions are to be regarded as illustrative in nature, and not as restrictive.[0012]
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • The present invention is illustrated by way of example, and not by way of limitation, in the figures of the accompanying drawings and in which like reference numerals refer to similar elements and in which: [0013]
  • FIG. 1 is a schematic illustration of an exemplary Networked Services Licensing System, according to an exemplary embodiment; [0014]
  • FIG. 2 is a schematic illustration of exemplary interactions between a Web Services Provider, and a Web Services Client of the Networked Services Licensing System of FIG. 1, according to an exemplary embodiment; [0015]
  • FIG. 3 is a schematic illustration of exemplary interactions between one or more Business Networks, and a License Issuing and/or Generation Service of the Networked Services Licensing System of FIG. 1, according to an exemplary embodiment; [0016]
  • FIG. 4 is a schematic illustration of exemplary interactions between a Web Service Provider, and a License Interpretation Service of the Networked Services Licensing System, according to an exemplary embodiment; [0017]
  • FIG. 5 is a schematic illustration of exemplary interactions between a Web Service Provider, a License Interpretation Service, and a State Tracking Service of the Networked Services Licensing System, according to an exemplary embodiment; [0018]
  • FIG. 6 illustrates an exemplary workflow for when a Web Services Client knows, in advance, that a license is to be included in a message for service initiation in the Networked Services Licensing System of FIG. 1, according to an exemplary embodiment; [0019]
  • FIG. 7 illustrates an exemplary workflow for when a Web Services Client knows, via a service description language file, that a license is to be included in a message for a service initiation in the Networked Services Licensing System of FIG. 1, according to an exemplary embodiment; [0020]
  • FIG. 8 illustrates an exemplary workflow for when a Web Services Client knows, via a service description language file, that a license is to be is to be obtained from a License Generation Service of the Networked Services Licensing System of FIG. 1, according to an exemplary embodiment; [0021]
  • FIG. 9 illustrates an exemplary workflow for when a Web Services Client does not know that a license is to be employed for gaining access to a service in the Networked Services Licensing System of FIG. 1, according to an exemplary embodiment; [0022]
  • FIG. 10 illustrates an exemplary workflow for when a Web Services Client attempts to gain access to a service without a license, is informed that the license is to be employed, and obtains the license for gaining access to a service in the Networked Services Licensing System of FIG. 1, according to an exemplary embodiment; [0023]
  • FIG. 11 illustrates an exemplary workflow for when an Enterprise out-sources license generation for gaining access to a service in the Networked Services Licensing System of FIG. 1, according to an exemplary embodiment; [0024]
  • FIG. 12 illustrates an exemplary workflow for when a plurality of Enterprises out-source license generation for gaining access to a service in the Networked Services Licensing System of FIG. 1, according to an exemplary embodiment; [0025]
  • FIG. 13 illustrates an exemplary method for license generation, based on license templates, that can be used in the Networked Services Licensing System of FIG. 1, according to an exemplary embodiment; [0026]
  • FIG. 14 illustrates an exemplary method for license generation, based on an authorizing license, that can be used in the Networked Services Licensing System of FIG. 1, according to an exemplary embodiment; [0027]
  • FIG. 15 illustrates an exemplary method for license generation, based on an exemplary a license prototype, that can be used in the Networked Services Licensing System of FIG. 1, according to an exemplary embodiment; [0028]
  • FIG. 16 illustrates an exemplary method for license generation, from scratch, that can be used in the Networked Services Licensing System of FIG. 1, according to an exemplary embodiment; [0029]
  • FIG. 17 illustrates an exemplary workflow for license validation that can be used in the Networked Services Licensing System of FIG. 1, according to an exemplary embodiment; [0030]
  • FIG. 18 illustrates exemplary workflows for license interpretation and state tracking that can be used in the Networked Services Licensing System of FIG. 1, according to an exemplary embodiments; [0031]
  • FIG. 19 illustrates an exemplary workflow for specifying a license that can be used in the Networked Services Licensing System of FIG. 1, according to an exemplary embodiment; [0032]
  • FIG. 20 illustrates an exemplary workflow for interpreting a license that can be used in the Networked Services Licensing System of FIG. 1, according to an exemplary embodiment; [0033]
  • FIG. 21 illustrates an exemplary workflow for controlling consumption of a service that can be used in the Networked Services Licensing System of FIG. 1, according to an exemplary embodiment; [0034]
  • FIG. 22 illustrates an exemplary workflow for issuing licenses by a third party that can be used in the Networked Services Licensing System of FIG. 1, according to an exemplary embodiment; and [0035]
  • FIG. 23 illustrates an exemplary workflow for syndication of a service that can be used in the Networked Services Licensing System of FIG. 1, according to an exemplary embodiment.[0036]
  • DETAILED DESCRIPTION OF THE INVENTION
  • A system and method for licensing of networked services, such as Web services, and the like, are described. In the following description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the present invention. It is apparent to one skilled in the art, however, that the present invention can be practiced without these specific details or with equivalent arrangements. In some instances, well-known structures and devices are shown in block diagram form in order to avoid unnecessarily obscuring the present invention. [0037]
  • Generally, a more flexible method for access control can be developed through technologies, referred to as Digital Rights Management (DRM) herein, wherein access to a resource is controlled by a license, wherein the license can be encoded in a rights language. The exemplary embodiments described herein, advantageously, leverage DRM system components to address issues related to the licensing of networked services, such as Web services. Accordingly, the exemplary embodiments can employ authentication, authorization, accounting, payment and financial clearing, rights specification, rights verification, rights enforcement, document protection components, and the like, of a Digital Rights Management system, for example, as further described in commonly assigned U.S. Pat. No. 5,530,235, U.S. Pat. No. 5,629,980, U.S. Pat. No. 5,634,012, U.S. Pat. No. 5,638,443, U.S. Pat. No. 5,715,403, U.S. Pat. No. 6,233,684, and U.S. Pat. No. 6,236,971, the entire disclosures of all of which are hereby incorporated by reference herein. [0038]
  • The use of a rights expression, for example, in the form of a license used to define usage rights for specifying a permitted manner of use, such as consumption, and the like, of a service, advantageously, switches the control, the responsibility for control, and the like, from the computing environment to the rightful owner of the service. Such usage rights can be associated with one or more conditions, such as payment, and the like, that can be a prerequisite for exercising the specified manner of use of the service. A rights expression language, such as eXtensible Rights Markup Language (XrML), and the like, for example, including predefined syntax and semantics, can be employed to express the usage rights. Consume, consuming, consumption, and the like, of the service, for example, can include access to or use of the service, access to or use of parts or devices of the service, access to or use of results of the service, receiving or rendering content of the service, executing software of the service, and the like. [0039]
  • In the above model, according to the exemplary embodiments, access control typically is about deploying “my” services “out-there,” while at the same time issuing rights to users of such services to control access to the services. By contrast, other methods and systems for access control primarily are focused on protecting “my” services against use by others. [0040]
  • According to the exemplary embodiments, DRM is employed in a networked services environment, such as a Web services environment, for example, by leveraging components of the DRM system, such as license generation, license interpretation, and the like. In addition, the exemplary embodiments provide a system and method for authorization for networked services, for example, through a license expressed in a rights language. Further, the exemplary embodiments are directed how a license can be generated, used, processed, and the like, by the various entities of the networked services ecosystem to reach an authorization decision that allows access by a client, devices, services, and the like, to the networked services. In general, a requester of for a service presents a license in order to get access to the service. [0041]
  • Accordingly, the exemplary embodiments, advantageously, enable more flexible business models. For example, a service can be deployed “anywhere,” and the control to access the service can be centralized and determined by the owner of the service. The points of deployment typically do not have to worry about establishing local security policies, as this becomes unnecessary. In addition, the model of “distributed access management” of the exemplary embodiments, advantageously, can be applied in the syndication of networked services, such as Web services, for example, including multiple layers of participants. [0042]
  • Referring now to the drawings, wherein like reference numerals designate identical or corresponding parts throughout the several views, and more particularly to FIG. 1 thereof, there is illustrated an exemplary Networked [0043] Services Licensing System 100 that can be used in connection with the described exemplary embodiments for licensing of networked services, such as Web services, and the like. In FIG. 1, the Networked Services Licensing System 100, for example, includes a Web Services Provider 101, a Web Services Client 103, a License Generation and Issuing Service 105 and that can interface with one or more Business Networks 107, a License Generation, Validation and/or Interpretation Service 109 for relaying a license 127, a State Tracking Service 111 for relaying state information 115, and a Trust Authority Service 113 for relaying keys and/or certificates 117. The services 105-111, advantageously, can be configured as a middle-tier or layer that can be plugged-in between the Trust Authority Service 113, and the Web Services Provider 101 and the Web Services Client 103. Advantageously, existing Web services systems can be modified to practice the exemplary embodiments based on such middle layer configuration.
  • A rights language, such as eXtensible Rights Markup Language (XrML), eXtensible Access Control Markup Language (XACML), Open Digital Rights Language (ODRL), and the like, can be used to specify a rights expression, rights expression information, and the like, for example, in the form of the [0044] license 127. However, the license 127 can be specified in any suitable manner. In addition, the license 127 can be based on a pre-defined specification, template, prototype, and the like, that can be associated with the Web service, according to further exemplary embodiments. Accordingly, the process of specifying the license 127 can include any suitable process for associating rights, conditions, and the like, with access to services, such as Web services.
  • An exemplary workflow for the Networked [0045] Services Licensing System 100 can include a user operating within the Web Services Client 103 environment being issued the license 127 by the License Issuing Service 105 for accessing a service of the Web Services Provider 101. When the user wishes to use a service 119 provided by the Web Services Provider 101, the user can make a request 121 for the service 119 from the Web Services Provider 101 along with the issued license 127. When associated conditions (for example, obligations 123), such as the collection of a fee, the authentication of the user, and the like, are satisfied based on a license interpretation request 125, as verified, for example, by the License Interpretation Service 109, and the State Tracking Service 111, the user can be allowed access to the service 119 of the Web Services Provider 101 in accordance with a manner of use specified in the license 127.
  • Advantageously, the [0046] license 127 can specify any suitable usage rights associated with the service 119. The interpretation and enforcement of the usage rights are further described in commonly assigned U.S. Pat. No. 5,530,235, U.S. Pat. No. 5,629,980, U.S. Pat. No. 5,634,012, U.S. Pat. No. 5,638,443, U.S. Pat. No. 5,715,403, U.S. Pat. No. 6,233,684, and U.S. Pat. No. 6,236,971, for example. The steps above can take place sequentially or approximately simultaneously or in various orders.
  • FIG. 1 illustrates exemplary participants in a generalized Web service model, where the access to services and/or content is specified by a license expressed in a rights language, such as XrML, and the like. Advantageously, the use of a rights language to define access fits the Web services paradigm of distributed policies and access points because a rights language can capture both the rights and the context on which those rights can be exercised. The context can include information, an identification, and the like, of the client that is authorized to exercise the rights, the associated resources and conditions that have to be met in order to exercise the rights. [0047]
  • The top and bottom layers of FIG. 1 can be used to contrast a typical model for providing Web services, wherein the [0048] Web Services Provider 101 controls access through simple processes, such as user-name and password, and local policy evaluation. By contrast, according to the exemplary embodiments, the middle layer is involved in defining processes and/or determining authorization for access the service 119 provided by the Web Services Provider 101. This middle layer can be referred to as a “rights layer.”
  • Advantageously, tasks related to determining authorization to the [0049] service 119, authentication, accounting, and the like, can be managed, outsourced, handled, and the like, by the specialized services provided by the middle layer. In this way, the Web Services Provider 101 can enjoy the luxury of focusing solely on the business logic of the service 119, while outsourcing other activities, such as the processing of payments, the maintaining of customer databases, and the like, that typically would be employed in a more monolithic e-commerce model. Accordingly, the Web Services Provider 101 processes the rights expression in the form of the license 127 that is presented by the Web Services Client 103 in order to determine what services to provide and how to provide such services. According to an exemplary embodiment, the license interpretation, the state information tracking, for example, such as how many times the service 119 has been rendered, which can be the accounting part, and the like, can be outsourced to third party providers.
  • The exemplary embodiments, thus, provide the authorizing of the access to the [0050] service 119, for example, via the generation of the license 127. By contrast, other Web services systems and methods typically control access by remembering a client's identity and by requesting a credential, such as user-name and password. In the exemplary embodiments, however, such credentials are augmented in the form of the license 127. The issuing of the license 127 can be accomplished by the rights layer, but can include processes performed by the Web Services Provider 101. The rights layer can include the Business Network(s) 107, such as a partner that bought the service 119 and is now allowing its customer base access to the service 119. Thus, anyone with a business arrangement with the Web Services Provider 101 can be capable of issuing the license 127, according to further exemplary embodiments.
  • The interaction of the [0051] Web Service Client 103 with the Web Services Provider 101 can involve various mechanisms and transactions, such as a request for service, a financial transaction, a rendering of the service 119, and the like. For example, of the Web Service Client 103 can contact the Web Services Provider 101 and request some type of service 119. The access to the service 119 also can include various transactions, such as access, rendering, execution of code, send-back of data, collecting payment, and the like. Accordingly, the access to the service 119 can include any suitable interactions and/or results between the Web Service Client 103 and the Web Services Provider 101.
  • The Networked [0052] Services Licensing System 100 is of an exemplary nature and can be implemented in numerous other arrangements. For example, a clearinghouse (not shown) can be used to process payment transactions and verify payment prior to the Issuing Service 105 issuing the license 127. Moreover, the various processes and transactions can be performed, for example, via online and/or offline environments and/or combinations thereof, according to further exemplary embodiments. Accordingly, the various devices and/or components of the Networked Services Licensing System 100 can, but need not, communicate directly with one another and information can be exchanged in any suitable manner, such as by physically moving media between the devices the various devices and/or components of the Networked Services Licensing System 100.
  • The devices and subsystems of the Networked [0053] Services Licensing System 100 of FIG. 1 can communicate, for example, over one or more communications networks (not shown), and can include, for example, any suitable servers, workstations, personal computers (PCs), laptop computers, PDAs, Internet appliances, set top boxes, modems, handheld devices, telephones, cellular telephones, wireless devices, other devices, and the like, capable of performing the processes of the exemplary embodiments. The devices and subsystems can communicate with each other using any suitable protocol and can be implemented using a general-purpose computer system, for example. One or more interface mechanisms can be used in the Networked Services Licensing System 100, for example, including Internet access, telecommunications in any suitable form, such as voice, modem, and the like, wireless communications media, and the like. Accordingly, such communications network(s) can include, for example, wireless communications networks, cellular communications networks, satellite communications networks, Public Switched Telephone Networks (PSTNs), Packet Data Networks (PDNs), the Internet, intranets, and the like. In addition, such communications network(s) can be the same or different networks.
  • As noted above, it is to be understood that the Networked [0054] Services Licensing System 100 of FIG. 1 is for exemplary purposes, as many variations of the specific hardware used to implement the exemplary embodiments are possible. For example, the functionality of the devices and the subsystems of the Networked Services Licensing System 100 can be implemented via one or more programmed computer systems or devices. To implement such variations as well as other variations, a single computer system can be programmed to perform the special purpose functions of one or more of the devices and subsystems of the Networked Services Licensing System 100. On the other hand, two or more programmed computer systems or devices can be substituted for any one of the devices and subsystems of the Networked Services Licensing System 100. Accordingly, principles and advantages of distributed processing, such as redundancy, replication, and the like, also can be implemented, as desired, to increase the robustness and performance of the Networked Services Licensing System 100, for example.
  • The components of the Networked [0055] Services Licensing System 100, for example, including the license 127, the Web Services Provider 101, the Web Services Client 103, the License Generation and/or Issuing Service 105, the License Validation and/or Interpretation Service 109, the State Tracking Service 111, and the Trust Authority Service 113, according to various embodiments, will now be further described.
  • The [0056] license 127, for example, can be based on rights language-based functions, such as XrML functions, and the like, in the exemplary embodiments. The Web Services Client 103 can present the license 127 to the Web Services Provider 101, when the Web Services Client 103 requests the service 119. The license 127, for example, can convey the rights and conditions governing the rendering of services, such the service 119, the manner of use of the services, and the like. In addition, the license 127, for example, can convey the context in which transactions between the Services Client 103 and the Web Services Provider 101 can take place, and the like.
  • Accordingly, the [0057] license 127 can convey information, for example, including the service 119, parts of the service 119, a principal to whom the license 127 has been granted, the rights that are granted, the conditions under which the service 119 can be accessed, obligations that the Web Services Provider 101 and/or the Web Services Client 103 may have to perform while allowing access to a protected resource of the service 119, trust domains, for example, including the issuer of the license 127 and/or the authority under which the license 127 has been issued, information to leverage or utilize security mechanisms, such as signatures and/or encryption mechanisms, any other suitable information, which can be mandatory and/or optionally employed by the Networked Services Licensing System 100, and the like.
  • An [0058] exemplary license 127, for example, written in XrML, is shown below that conveys, for example, a right to access the service 119 offered by the Web Services Provider 101, “www.foo.com/quoteService,” and that has been granted to a holder of a specific cryptographic key, such as the principal, and the like, by the issuer, represented by another key value.
    <license>
    <grant>
    <keyholder>
    . . .
    </keyhoder>
    <ws:execute />
    <serviceReference>
    <foo: location uri=www.foo.com/quoteService/>
    </serviceReference>
    </grant>
    <issuer>
    <dsig:keyValue>
     . . .
    </dsig:keyValue>
    </license>
  • The identification of the [0059] service 119 can be encoded in the license 127. Such encoding can be used to indicate that the license 127 refers to the service 119 in question. Additionally, any suitable granular identification of the service 119 in question can be specified. For example, the license 127 can describe that the license 127 pertains to a portion of the service 119, a certain Application Programming Interfaces (APIs) exposed by the service 119, and the like. Alternatively, the license 127 also can identify the service 119 including a set of services. For example, the service 119 can be described as “any service that originates from www.foo.com.” Further, the service 119 identified can include any suitable combination of the models described above.
  • The principal specified in the [0060] license 127 can be used to verify the identity of the requester of the service 119, for example, a user of the service 119, such as the Web Services Client 103. The principal, thus, can be used to authenticate the requester of the service 119. Typically, the requester may have to present some form of credential at the time of the request 121, and such credential can verified against the identity of, for example, the principal specified in the license 127. The credential presented can employ various mechanisms, such as digital certificates, including a key, a security token, and the like.
  • The principal also can be specified, identified, and the like, in various ways. For example, the principal can be a specific principal, such as the holder of a cryptographic key, and the like. The principal also can specified as “anyone,” such as “anyone in the universe,” and the like. The principal also can be specified as a member of a set of principals, such as “any client that is a member of company ABC,” and the like. Thus, depending on how the principal is specified, one or more credentials may be employed to fully resolve, match, and the like, the identity of the principal. The process to match credentials can include, for example, any suitable technology, traditional, proprietary or new, that can be used to authenticate a principal specified in a license. [0061]
  • The rights specified in the [0062] license 127 can be the granted or allowed “operations,” that is, the manner of use, that the recipient of the grant, such as a principal, and the like, can exercise on the service 119, such as a Web service, and the like. Such operations can take various forms, such as “accessing the information on a Web service,” “executing the software residing in a Web service,” “retrieving some data that has been generated by a Web service,” and the like.
  • The [0063] license 127 can include one or more conditions associated with a right to access the service 119. The conditions that can be specified in the license 127 and that may have to be satisfied in order to exercise the manner of use. For example, the conditions can include temporal conditions, such as a validity period, quantity conditions, such as the number of times the service can be accessed, payment conditions, accounting conditions, such as having the transaction tracked and recorded, and the like. Thus, conditions can include any suitable restrictions, parameters, obligations, states, and the like, that may have to be to be met before, during, after, in order to exercise the right.
  • The trust domain that can be specified in the [0064] license 127 can relate to the identity of the issuer of the license 127. For example, when the Web Services Provider 101 accepts the license 127 from the Web Services Client 103, the Web Services Provider 101 may have to determine if the Web Services Provider 101 can trust the information included in the license 127. In an exemplary embodiment, the entity that issued the license 127 can be identified by the issuer of the license 127.
  • The [0065] license 127 can employ, for example, security technologies in order to safeguard the information included in the license 127. For example, the Web Services Provider 101 can employ mechanisms to determine if the issuer of the license can be trusted, to determine if the license has not been tampered with, and the like. Thus, digital signatures technologies, and the like, can be employed to ensure the integrity of the license 127, and encryption technologies, and the like, can be used to keep certain information in the license 127 confidential.
  • FIG. 2 is a schematic illustration of exemplary interactions between the [0066] Web Services Provider 101 and the Web Services Client 103 of the Networked Services Licensing System 100, according to an exemplary embodiment. As shown in FIG. 2, the license 127 can be conveyed, transmitted, and the like, by the Web Services Client 103 to the Web Services Provider 101 when making the request 121 for the service 119. The Web Services Provider 101 then can render the service 119 based on rights, conditions, and the like, specified in the license 127. For example, the Web Services Client 103 and the Web Services Provider 101 can arrange before-hand that the license 127 is to be transmitted in a data stream including the service request 121, based on a license protocol that includes the process of negotiating and/or submitting the license 127, and the like.
  • According to the exemplary embodiments, the [0067] Web Services Provider 101 typically focuses on providing the service 119. In addition, since authorization and/or commerce-related tasks can be managed elsewhere, as proposed in the exemplary embodiments, then tasks, such as the managing payments, the maintaining customers databases, and the like, can be eliminated. Advantageously, this allows the Web Services Provider 101 to more efficiently focus on providing the service 119.
  • The [0068] Web Services Provider 101 also can handle the service requests 121. Mechanisms to handle the service requests 121 can include, for example, proprietary mechanisms, standard mechanisms, such as Simple Object Access Protocol (SOAP), Web Service Description Language (WSDL), other messaging protocols, and the like. However, any suitable mechanisms that can handle and/or process a service request can be employed.
  • In addition, the [0069] Web Services Provider 101 can employ a license protocol. Such protocol can include, for example, any suitable open or proprietary licensing mechanisms, a prior agreement to embed the license 127 in the request 121, a protocol that determines the need for the license 127, sending the requester to a site to obtain the license 127, and the like.
  • The [0070] Web Services Provider 101, thus, consumes and/or accepts the license 127 that has been conveyed by the Web Services Client 103 for gaining access to the service 119. After determining that the license 127 can be trusted, the Web Services Provider 101 can render the service 119, for example, based on rights and/or conditions specified in the license 127. If the license 127 is deemed invalid or untrustworthy, the Web Services Provider 101, for example, may not provide and/or render the service 119, and can generate an error message, for example, indicating that access to the service 119 is denied. Further, the Web Services Provider 101 may have to satisfy, as a condition of the license 127, obligations that result from the rendering the service 119, such as tracking of a state, and the like, and that can be specified in the license 127.
  • According to the exemplary embodiments, the [0071] Web Services Client 103 typically is the consumer device of the service 119, that is, the user device. The Web Services Client 103 can determine how to access the service 119, for example, via manual processes, through various technologies, such as Universal Description Discovery and Integration Standard (UDDI) registries, WSDL definitions, and the like. The Web Services Client 103 can present, convey, transmit, and the like, the license 127 to the Web Services Provider 101, for example, at the time of service request 121 or at a different time, in order to access the service 119.
  • In addition, the [0072] Web Services Client 103 can be aware that the license 127 can be employed in order to access the service 119. In other words, the Web Services Client 103 understands that access to the service 119 can entail the possession of the license 127, knows where to obtain the license 127, and the like. Such processes can be accomplished by a license protocol, wherein the request 121 for service 119 is followed by a response indicating that certain credentials, for example, such as the license 127, are employed for gaining access to the service 119. Such processing can be accomplished, for example, by manual processes, such as via agreements, for example, wherein the Web Services Provider 101 informs the Web Services Client 103 that a license is employed for accessing the service 119, and the like. Thus, Web Services Client 103 consumes the service 119, for example, executes code, renders content, and the like, after the Web Services Provider 101 has accepted the license 127.
  • In an exemplary embodiment, the [0073] Web Services Provider 101 also can be a Web Services Client, such as when the Web Services Provider 101 is a client of another Web service, and the like. Thus, the modes of operation of the exemplary embodiments are not so limited, but rather include other possible permutations of the exemplary. In a further exemplary embodiment, for example, the Web Services Client 103 might use a third party to present the license 127 and the presenter of the license 127 need not be the consumer of the service 119. In this exemplary embodiment, the Web Services Client 103 can provide, for example, additional information indicating that the license 127 can be presented by a third party.
  • The exemplary embodiments can include a lifecycle for rights, referred to as the “rights lifecycle.” For example, the rights lifecycle can begin with the creation of the [0074] license 127, which can be used to associate some rights and/or conditions with some resource, such as the service 119. The license 127 then can be issued to the Web Services Client 103 who would then use the license 127 to obtain the service 119. Eventually, the license 127 is consumed by the Web Services Provider 101, for example, during the rendering of the service 119, completing the rights lifecycle.
  • In a typical DRM system, the issuing of a licenses typically is controlled by a single and/or centralized entity. Such entity typically is responsible for the computational tasks of issuing the license, which can include creating the license, validating the license, signing the license, and license recovery. Similarly, in a typical access control system, the authorization assertions are generated by a centralized entity, where security policies are defined and managed. By contrast, in an exemplary embodiment, the generation of the [0075] license 127 can be logically separated from the issuing of the license 127. Typically, the license 127 generation includes the computational functions to create the license 127, such as creating an XrML file, and the like, constructing the elements, storing the license in a database, and the like. The license issuing can be the actual authorization of the rights that are granted in the license 127, for example, including digitally signing the license 127 and/or attesting that the rights conveyed in the license 127 are authorized by the issuer, and the like.
  • According to the exemplary embodiments, the [0076] License Generation Service 105, a task, and the like, can provide additional services, such as data backup, license version control, upgrades, license revocation, and the like. Advantageously, such services can add further value, to the valued added by the process of generating the license 127.
  • The tasks of generating and issuing the [0077] license 127 can be performed by a single application, and/or system. However, the separation of authority between license 127 generation and the license 127 issuing, advantageously, supports various exemplary business embodiments. For example, this approach allows a business entity the option to outsource the data intensive part of generating the license 127, and to focus on the authority part of signing and issuing the license 127. This approach, advantageously, enables a single service that can generate and issue licenses 127 on behalf of different business entities, as will now be discussed.
  • FIG. 3 is a schematic illustration of exemplary interactions between one or more of the [0078] Business Networks 107 and the License Issuing and/or Generation Service 105 of the Networked Services Licensing System 100, according to an exemplary embodiment. In FIG. 3, the authority to issue licenses 127 can be conveyed in the form of the license 305 to issue licenses 127, referred to as a “distribution” license, and as shown in FIG. 3. Accordingly, the distribution license 305 grants the right to issue one or more of the licenses 127. The distribution license 305 also can specify a manner of use that can be granted and conditions, such as the maximum number of licenses 127 that the License Generation Service 105 can issue, and the like. The distribution license 305 also can be used to attest that the issuer of the license 127 has the authority to issue the licenses 127, and can be referenced when the issuer's signature is not recognized, but the signature of the issuer of the distribution license 305 is recognized.
  • In other words, the presence of [0079] distribution licenses 305 establishes a trust model, wherein signatures in the licenses 127 can be checked, for example, during license 127 interpretation, up the chain of distribution until a signature, signatures, and the like, are recognized, trusted, and the like. Such a model fits well in the exemplary embodiments, where an owner of a service can grant the right, in the form of a license, to issue licenses to business partners, for example, after some contract or business arrangements.
  • For example, an exemplary workflow for license generation and issuing, can include business partner [0080] 301 (Business Entity A), and business partner 303 (Business entity B). In this example, the Business Entity A owns and operates a Web service, and Business Entity B wishes to bundle the Web service as part of a product line of Business Entity B. Accordingly, the Business Entity A issues the distribution license 305 to the Business Entity B granting the Business Entity B the right to issue the licenses 127 to the customers, for example, the Web Services Client 103, of the Business Entity B, for example, to access the Web service provided by the Business Entity A. The Business Entity B issues the licenses 127 to the customers, for example, by utilizing the License Issuing Service 105 to generate the license 127. When the Web Services Client 103 accesses the Web service provided by the Business Entity A, the license 127 is presented and the Web service can check the authority of the license 127 by recognizing that the Business Entity B was granted the right to issue such licenses 127.
  • Accordingly, the [0081] License Generation Service 105, for example, can perform the computational process of generating an unsigned license 309, the distribution license 305, and/or the license 127 based on a request 307, and including schema validation, and the like. In addition, the License Generation Service 105 can provide a generalized interface to handle the service requests 307, for example, requests for licenses 127, 305 and/or 309. The License Generation Service 105 typically does not sign the license 127, but, according to a further exemplary embodiment, the License Generation Service 105 can sign the licenses 127 on behalf of a license 127 issuer, such as the Business Entity B. Further, the License Generation Service 105 can provide, for example, data management functions, such as the back-up issued licenses, the re-issue of licenses, reporting functions, and the like.
  • FIG. 4 is a schematic illustration of exemplary interactions between the [0082] Web Service Provider 101 and the License Interpretation Service 109 of the Networked Services Licensing System 100, according to an exemplary embodiment. For example, in order to consume the service 119, such as allowing execution of code of the Web Services Provider 101, rendering encrypted and/or protected content of the Web Services Provider 101, and the like, the license 127 can be validated, and then interpreted based on the interpretation request 125 to determine if rights, conditions, such as obligations 123, specified therein allow such operation. The capabilities for validating and/or interpreting the license 127 can be built into the Web Services Provider 101 and/or a rendering application. However, according to further exemplary embodiments, such capabilities can be separated from the Web Services Provider 101 and/or the rendering application, and can be provided by a service, such as the License Interpretation Service 109.
  • Thus, according to an exemplary embodiment, the [0083] license 127 is validated and then interpreted by the License Interpretation Service 109. However, according to a further exemplary embodiment, this process can be performed in reverse order, and in which case the interpretation can be performed subject to a later validation step.
  • The [0084] License Interpretation Service 109 can be employed for the task of interpreting licenses 127, which is a counterpart of the license generation model of the License Interpretation Service 105, whereby the Web Services Provider 101 can offload computational tasks not directly associated with providing the service 119. The Web Services Provider 101 operating as such can offload the task of interpreting the license 127 to the License Interpretation Service 105, and, advantageously, focus in building the service 119. During license 127 interpretation, potentially other services 401 can be employed, as shown in FIG. 4. For example, the service 401 can be contacted to authenticate the principal, to retrieve information stored in a remote service, such as a trusted time clock, and the like.
  • FIG. 5 is a schematic illustration of exemplary interactions between the [0085] Web Service Provider 101, the License Interpretation Service 109, and the State Tracking Service 111 of the Networked Services Licensing System 100, according to an exemplary embodiment. In FIG. 5, the use of the State Tracking Service 111, during the license 127 interpretation stage 501, and during the exercise of rights stage 503, is shown.
  • The interpretation of the [0086] license 127 and/or the exercise of a right, can involve information that is stored outside of the license 127. For example, a condition of the license 127 can be that there is a limit to the number of times a resource provided by the Web Services Provider 101 can be accessed. Accordingly, during the interpretation of the license 127, including of such condition, the information regarding the number of times the resource has already been accessed may have to be retrieved in order to accurately and truthfully interpret whether a further access right can be granted.
  • Such information can be referred to as the [0087] state information 115, and the tracking of the state information 115 can be referred to as “state tracking.” The state information 115 can include various types of information, such as information regarding the status of the license 127, the amount of time a resource has been used, information regarding payment for the service 119, information regarding the time of the day the service 119, the license 127, and/or the conditions, were issued, accessed, consumed, presented, and the like. Accordingly, the state information 115 can include any suitable information regarding the Networked Services Licensing System 100, and the like.
  • The [0088] state information 115 can reside and/or be recorded in persistent storage, such as a database, a memory, a service, and the like, of the Networked Services Licensing System 100. For example, the state information 115, such as the number of times the service 119 has been accessed by the Web Services Client 103, and the like, can be recorded in some persistent storage of the Networked Services Licensing System 100. Additionally, as previously described, the interpretation of the license 127 can result in the obligations 123 that may have to be fulfilled while allowing the exercise of the rights.
  • Although the tracking of the [0089] state information 115 can be implemented locally, for example, by the Web Services Provider 101, this can create an additional burden for the Web Services Provider 101. In addition, local tracking by the Web Services Provider 101 may be difficult to implement, because the Web Services Provider 101 may not be able to accommodate the local storage of the state information 115. Advantageously, the State Tracking Service 111 addresses the noted and other problems associated with the tracking of state information by the Web Services Provider 101. A rights language, as previously described, can be used to specify, for example, where the Tracking Service 111 is referenced, where the state information 115 related to the conditions of the rights can be managed, and the like. Thus, the State Tracking Service 111 can be used for tracking, providing, and the like, the state information 115 that can be specified in the license 127.
  • The [0090] Trust Authority Service 113 can include elements and/or services that, for example, establish, manage, and the like, trust relations for the various entities of the exemplary embodiments. For example, the Trust Authority Service 113 can include a Certificate Authority (CA) function for issuing the digital certificates, digital credentials and/or encryption keys 117 that can be employed to sign the licenses 127. Accordingly, the Trust Authority Service 113, for example, can include a corporation's Public Key Infrastructure (PKI), a service provided by a PKI and/or security provider, a separate service employed to establish a trust relation between business partners, and the like.
  • Therefore, according to an exemplary embodiment, the [0091] Trust Authority Service 113 can include the function issuing of digital credentials 117, for example, used to identify the principals. Exemplary digital credentials 117 can include, for example, an X509 digital certificate, a Microsoft Passport, a Kerberos authentication token, and the like. The credentials 117 of the type described above can be used to specify and/or certify the identity of the holder, but typically convey little additional information about the holder, as most of such additional information typically is provided in a fixed format and/or is implied. For example, a passport holder typically is simply someone that has been authenticated with the Microsoft passport service.
  • Accordingly, a need exists to attach additional information about identities, for example, of the principals, in a more expressive and/or robust manner, for example, to express the role of the principal, a membership association for the principal, and the like. A rights language, as previously described, and according to a further exemplary embodiment, advantageously, can be used define a [0092] certificate 117 that can be used to convey credentials in a more expressive manner, for example, to express the role of the principal, a membership association for a principal, and the like. The credentials 117 then can be used to associate the holder with additional properties, such as a membership in a business circle, a relationship in a business environment, and the like.
  • Typically, a Certificate Authority can attest to the authenticity of the information included in a digital certificate. If the information in the digital certificate can be limited in scope, for example, such as a company name, the functions of the Certificate Authority can be well defined. For example, a Certificate Authority may have an established process to check a company's name before issuing a digital certificate. However, when the credentials become more expressive, as described above, it becomes more difficult for a Certificate Authority to attest to the authenticity of the credential information. For example, if a credential includes some membership information, the Certificate Authority would have to establish some additional process to validate such membership. [0093]
  • Accordingly, a generic Certificate Authority typically cannot verify such additional information. Typically, the Certificate Authority, a signer, and the like, of the credential can become the system where the credential is to be used. In this exemplary embodiment, the trust model becomes less open and more monolithic, for example, since the system typically can trust the system. To use credentials with more expressive information in a more open system, for example, within a business network of affiliated services, the [0094] Trust Authority Service 113, advantageously, can be employed to attest to additional information that can be included in the certificates 117. According to an exemplary embodiment, a Certificate Authority can be configured to fulfill the above-note needs. However, a “trust broker,” such as the Trust Authority Service 113 of the exemplary embodiments, advantageously, can be employed to address the noted and other problems with a Certificate Authority being employed to verify the above-noted additional information.
  • Just like the [0095] certificates 117, the licenses can be signed and/or verified, for example, through cryptographic techniques. The verification of the license 127 signature can be used, for example, to attest to the integrity of the license 127, the authenticity of the signer, such as the license 127 issuer, and the like. Typically, however, such verification does not establish a “rights trust,” for example, to trust that the license 127 was issued with proper authorization, unless the verifier authorized the issuing of the license 127. This is a difference between the license 127 validation, and the license 127 interpretation, as previously discussed.
  • For example, Company B issues a license B′ to Company A granting Company A the right to issue licenses A′ on behalf of Company B. Then, Company A issues a license A′ to user X, and user X presents the license A′ to Company B to access a protected resource of Company B. In this exemplary embodiment, since company B issued the license B′, the trust of license A′ can be traced back to license B′, which is trusted by default by company B. [0096]
  • Now, consider the case where Company C also accepts licenses A′ for access to a protected resource of Company C. In order to trust the license A′, Company C may have to either decide to trust licenses from Company A or issue a license C′ to Company A with the right to issue licenses A′ on behalf of Company C. As the network becomes large, every license A′ would have to be accompanied with each of the authorizing licenses B′, C′, and so on. [0097]
  • In the above case, processing of such licenses A′ quickly can become cumbersome and/or impractical. According to an exemplary embodiment, however, a “trust broker,” such as the [0098] Trust Authority Service 113 of the exemplary embodiments, advantageously, can as the “trust broker,” for example, to broker deals between companies, issues licenses under its own signature, and the like. In this exemplary embodiment, during the license 127 interpretation process, the signature of the Trust Authority Service 113 can be trusted.
  • When the [0099] Web Services Client 103 initiates, requests, and the like, the service 119, the Web Services Client 103 can transmit the license 127, for example, as part of a messaging protocol. Advantageously, according to an exemplary embodiment, the information for transmitting the license 127 at the time of the service 119 initiation can be provided in advance, for example, by reading some documentation on a Web site, and the like.
  • When the [0100] Web Services Client 103 initiates, requests, and the like, the service 119, the Web Services Client 103 can transmit the license 127, for example, as part of a messaging protocol. Although, according to an exemplary embodiment, the information for transmitting the license 127 at the time of the service 119 initiation can be provided in advance, by reading some documentation on a Web site, and the like, there is a need for a protocol, where the need for the license 127 can be communicated through a messaging mechanism. Advantageously, according to a further exemplary embodiment, such a protocol is provided, as will be further described. Exemplary embodiments for the service 119 initiation, for example, involving the license 127, will now be described.
  • FIG. 6 illustrates an exemplary workflow for when the [0101] Web Services Client 103 knows, for example, in advance, that the license 127 is to be included in the message 121 for the service 119 initiation in the Networked Services Licensing System 100 of FIG. 1. As shown in FIG. 6, at step 601, for example, such information can be obtained through various mechanisms, such as by obtaining information from a Web site, e-mail, facsimile, phone call, and the like. At step 603, for example, the license 127 can be encoded as part of the service 119 request message 121, which, at step 605, is transmitted to the Web Services Provider 101. According to an exemplary embodiment, the license 127 can be encoded in the message 121, manually, automatically, and the like, and employ a messaging protocol, for example, including a SOAP header, the messaging protocols of the further described exemplary embodiments, and the like.
  • FIG. 7 illustrates an exemplary workflow for when the [0102] Web Services Client 103 knows, for example, via a service description language file 709, such as a WSDL file stored in a UDDI-based service discovery server 707, and the like, that the license 127 is to be included in the message 121 for the service 119 initiation in the Networked Services Licensing System 100 of FIG. 1. As shown in FIG. 7, at step 701, for example, the WSDL file 709 is retrieved from the UDDI server 707, manually, automatically, and the like. At step 703, for example, the license can be encoded 127 as part of the service 119 request message 121, which, at step 705, is transmitted to the Web Services Provider 101. According to an exemplary embodiment, the license 127 can be encoded in the message 121, manually, automatically, and the like, and employ a messaging protocol, for example, including a SOAP header, the messaging protocols of the further described exemplary embodiments, and the like.
  • FIG. 8 illustrates an exemplary workflow for when the [0103] Web Services Client 103 knows, for example, via a service description language file 709, such as a WSDL file stored in the UDDI-based service discovery server 707, and the like, that the license 127 can be obtained from the License Generation Service 105 of the Networked Services Licensing System 100 of FIG. 1. As shown in FIG. 8, at step 801, for example, a user at the Web Services Client 103 retrieves, manually, automatically, and the like, the WSDL file 709 from the UDDI server 707, wherein the service description in the WDSL file 709 includes a reference to a service, such as the License Generation Service 105, and the like, that can be used to issue the license 127 for the service 119. At step 803, the user at the Web Services Client 103, for example, initiates the License Generation Service 105.
  • At [0104] step 805, for example, after satisfying conditions, such as payment of a fee for the license 127, and the like, the Web Services Client 103 obtain the license 127, manually, automatically, and the like, from the License Generation Service 105. At step 807, the user at the Web Services Client 103, for example, encodes the license 127 as part of the service 119 request message 121, which then is transmitted to the Web Services Provider 101. According to an exemplary embodiment, the license 127 can be encoded in the message 121, manually, automatically, and the like, and employ a messaging protocol, for example, including a SOAP header, the messaging protocols of the further described exemplary embodiments, and the like.
  • FIG. 9 illustrates an exemplary workflow for when the [0105] Web Services Client 103 does not know that the license 127 is to be employed for gaining access to the service 119 in the Networked Services Licensing System 100 of FIG. 1. As shown in FIG. 9, at step 901, for example, the Web Services Client 103 attempts to invoke and/or request the service 119 from the Web Services Provider 101, via the service 119 request message 121, which does not include the license 127. At step 903, the Web Services Provider 101 processes the service 119 request message 121, and determines that service 119 request message 121 does not include the license 127. At step 905, the Web Services Provider 101 transmits, for example, an error message 907, and the like, indicating that the license 127 is to be employed for gaining access to the service 119 of the Web Services Provider 101. At this point, the Web Services Client 103 can attempt to obtain the license 127, for example, employing the previously described methods of FIGS. 6-8, and as will be further described. According to an exemplary embodiment, the messages 907 and 121 can employ a messaging protocol, for example, including a SOAP header, the messaging protocols of the further described exemplary embodiments, and the like.
  • FIG. 10 illustrates an exemplary workflow for when the [0106] Web Services Client 103 attempts to gain access to the service 119 without the license 127, is informed that the license 127 is to be employed, as shown in FIG. 9, and obtains the license 127 for gaining access to the service 119, using the method described in FIG. 8, in the Networked Services Licensing System 100 of FIG. 1. However, any suitable method for obtaining a license, such as the methods of FIGS. 6-8, and the like, can be employed to obtain the license 127.
  • Accordingly, as shown in FIG. 10, at [0107] step 1001, for example, the Web Services Client 103 attempts to invoke and/or request the service 119 from the Web Services Provider 101, via the service 119 request message 121, which does not include the license 127. At step 1003, the Web Services Provider 101 processes the service 119 request message 121, and determines that service 119 request message 121 does not include the license 127. At step 1005, the Web Services Provider 101 transmits, for example, the error message 907, and the like, indicating that the license 127 is to be employed for gaining access to the service 119 of the Web Services Provider 101.
  • The Web Services [0108] Client 103, then, determines that the License Generation Service 105, and the like, that can be used to issue the license 127 for the service 119. At step 1007, a user at the Web Services Client 103, for example, initiates the License Generation Service 105. At step 1009, for example, after satisfying conditions, such as payment of a fee for the license 127, and the like, the Web Services Client 103 obtain the license 127, manually, automatically, and the like, from the License Generation Service 105. At step 1011, the user at the Web Services Client 103, for example, encodes the license 127 as part of the service 119 request message 121, which then is transmitted to the Web Services Provider 101. According to an exemplary embodiment, the license 127 can be encoded in the message 121, manually, automatically, and the like, and employ a messaging protocol, for example, including a SOAP header, the messaging protocols of the further described exemplary embodiments, and the like.
  • According to the exemplary embodiments, a separation of authority between the generation of the [0109] license 127 and the issuing of the license 127 can be provided. For example, the issuing of the license 127 can signify that the issuer of the license 127 authorizes the rights in the license 127. Advantageously, such separation of authority provides for various exemplary embodiments, for example, as illustrated by the following exemplary workflows.
  • FIG. 11 illustrates an exemplary workflow for when an [0110] Enterprise 1111 out-sources the license 127 generation for gaining access to a service in the Networked Services Licensing System 100 of FIG. 1. The exemplary workflow of FIG. 11 can be used, for example, in combination with the exemplary embodiments described herein. In FIG. 11, the Enterprise 1111, such as the Business Entity B 303, and the like, can out-source the license 127 generation to a service, such as the License Generation Service 105, and the like, according to an exemplary embodiment. Advantageously, in this manner, resources related to the task of the license 127 generation can be freed up for the Enterprise 1111.
  • Services of the [0111] Enterprise 1111 for which authorization to allow access is desired, and for which the licenses 127 can be generated, can include, for example, services owned by the Enterprise 1111, services owned by business partners of the Enterprise 1111, the service 119 provided by the Web Services Provider 101, and the like. The task of authorizing grants in the license 127, for example, the license 127 issuing, can include digitally signing the license 127, via license signing mechanism 1115, and the like, and can remain with the Enterprise 1111. In this exemplary embodiment, the Enterprise 1111 would have authorization to issue the licenses 127, for example, implicitly, as when the Enterprise 1111 owns the service in question, explicitly, as through the distribution license 305 granting the Enterprise the right to issue the licenses 127 on behalf of another business entity, and the like.
  • Accordingly, at [0112] step 1101, for example, one or more clients and/or end users 1113, such the Web Services Client 103, and the like, can request the licenses 127 from the Enterprise 1111. If the Enterprise 1111 decides to issue the requested licenses 127 to the clients and/or end users 1113, at step 1103, for example, the Enterprise 1111 requests unsigned licenses from the License Generation Service 105. In a further exemplary embodiment, the Enterprise 1111 can make such request for the unsigned licenses, for example, because the Enterprise 1111 may wish to “push” the licenses 127 onto the clients, such as for advertising purposes, promotional purposes, and the like. The Enterprise 1111 can communicate with the License Generation Service 105, and make the request for the unsigned licenses, using any suitable messaging protocol, such as the license protocol of the exemplary embodiments described herein.
  • At [0113] step 1105, for example, the License Generation Service 105 processes the request for the unsigned licenses, creates the unsigned licenses using any suitable license generation technique, such as the license generation techniques of the exemplary embodiments described herein, and delivers the unsigned licenses to the Enterprise 1111. At step 1107, for example, the Enterprise 1111 signs the license, and, at step 1109, delivers, transmits, conveys, issues, and the like, the signed licenses 127 to the clients and/or end users 1113.
  • The exemplary workflow, wherein the [0114] Enterprise 1111 out-sources the license generation and signing, is similar to that of FIG. 11, except that the License Generation Service 105 also can perform the signing of the unsigned licenses to generate the licenses 127. In this exemplary embodiment, the License Generation Service 105 can be configured, for example, as a “proxy” signer, and the like, for the Enterprise 1111. The License Generation Service 105, for example, can safeguard a signing key used to sign the unsigned licenses on behalf of the Enterprise 1111. Accordingly, although the issuing party is the Enterprise 1111, the License Generation Service 105 can act as a proxy for the Enterprise 111. Since the License Generation Service 105 maintains, safeguards, and the like, the signing keys, a requester of the license 127, advantageously, can be authenticated to prevent spoofing of the service, and the like.
  • FIG. 12 illustrates an exemplary workflow for when a plurality of [0115] Enterprises 1111 out-source the license 127 generation for gaining access to a service in the Networked Services Licensing System 100 of FIG. 1. The exemplary workflow of FIG. 12 can be used, for example, in combination with the exemplary embodiments described herein. As shown in FIG. 12, from the perspective of the License Generation Service 105, advantageously, the License Generation Service 105 can provide the license request, at step 1103, license delivery, at step 1105, and the like, services to the plurality of Enterprises 1111. In this exemplary embodiment, each of the Enterprises 1111, for example, can be associated with a corresponding account, and the License Generation Service 105 can be configured to manage the licenses 127 issued on behalf of the plurality of Enterprises 1111, for example, on a per-account basis, and the like.
  • The [0116] License Generation Service 105 can utilize any suitable method for generating the licenses of the exemplary embodiments, for example, including the following exemplary methods, as will be described. The exemplary methods, advantageously, can be used to generate various types of licenses, such as the licenses 127, the distribution license 305, and the like.
  • FIG. 13 illustrates an exemplary method for license generation, based on [0117] license templates 1301, that can be used in the Networked Services Licensing System 100 of FIG. 1. As shown in FIG. 13, in this exemplary method, the License Generation Service 105, for example, manages local license templates 1301, and license generation policies 1303, under which the templates 1301 are used to generate a license, and the like. The templates 1301 and the policies 1303 can be created under the agreement of the authorizing entity, for example, an entity that can utilize the License Generation Service 105 in an out-source type of arrangement, and the like.
  • The [0118] license templates 1301, for example, can include predefined licenses, wherein one or more fields thereof are replaced, filled-in, and the like, when the license is generated. For example, the license templates 1301 can include a license template where the principal is not defined, and can replaced by a specific principal, where a resource, such as the service 119, is undefined, and replaced by a specific resource, and the like, at the time of license generation.
  • The [0119] license generation policies 1303, for example, can include rules for determining which templates to use, based on the request, and the like. For example, a policy can include a rule, such as “every request for a license involving a specific resource shall use template 123,” “every request from company ABC will use the template ID 456 and resolve/replace the principal with the principal transmitted in the request,” and the like.
  • Accordingly, a [0120] license request message 1305 transmitted to the License Generation Service 105 can include parameters 1307, such as a principal identification/key, resource ID, template ID, and the like, to allow for the generation of a corresponding license based thereon. The specification for the parameters 1307, for example, can be arranged manually, automatically, before-hand, codified in a WSDL description of the service, predetermined, and the like.
  • FIG. 14 illustrates an exemplary method for license generation, based on an authorizing [0121] license 1401, that can be used in the Networked Services Licensing System 100 of FIG. 1. In this exemplary method, the License Generation Service 105 receives along with the request 1305, the authorizing license 1401 that authorizes the issuing of a license, and which includes the grant or grants that are to be issued. Accordingly, the authorizing license 1401 can include, for example, a license prototype, recipe, and the like. In this manner, local templates typically do have to be employed, as the templates can be defined in the authorizing license 1401. This method can be employed, for example, using a rights language, such as XrML, and the like, that is capable of encoding the recipe to generate the grants within the authorizing license 1401.
  • Accordingly, the [0122] license request message 1305 transmitted to the License Generation Service 105 can include the parameters 1307, such as a principal identification/key, resource ID, and the like, to allow for the generation of a corresponding license based thereon. The specification for the parameters 1307, for example, can be arranged manually, automatically, before-hand, codified in a WSDL description of the service, predetermined, and the like.
  • The method of the exemplary embodiment can provides more flexibility than the exemplary method of FIG. 13. For example, by transmitting the instructions, recipe, license prototype, and the like, for creating a license, advantageously, the [0123] License Generation Service 105 can produce various types of licenses, not just licenses defined by the license templates 1301. In addition, the License Generation Service 105 can determine by, for example, evaluating and/or interpreting the authorizing license 1401 transmitted along with the request 1305, if issuance of a license has been authorized.
  • The license prototypes can include, for example, grants that are part of the authorizing [0124] licenses 1401 within the grant to issue licenses. Thus, the license prototypes can include, for example, grants from which final grants can be created. Such grants are related to the right to issue licenses included in the authorizing license 1401.
  • FIG. 15 illustrates an exemplary method for the [0125] license 127 generation, based on a license prototypes 1503, for example, within a context of rights language, such as the XrML language, and the like, and that can be in the Networked Services Licensing System 100 of FIG. 1. As shown in FIG. 15, an incoming request 1305 includes the authorizing license 1401, including the license prototype 1503 having zero or more variables “X.” Then, at step 1501, for example, the License Generation Service 105 processes the request 1305 to generate the resultant license 127, by employing the license prototype 1503, and resolving the variables from license prototype 1503 with information 1507 from an issued license 1501.
  • FIG. 16 illustrates an exemplary method for license generation, from scratch, that can be used in the Networked [0126] Services Licensing System 100 of FIG. 1. In FIG. 16, another exemplary method of generating licenses, for example, includes generating licenses from “scratch.” In this exemplary method, the License Generation Service 105 typically does not rely on the license templates 1301, and/or the authorizing licenses 1401. Instead, the License Generation Service 105 takes instructions received in the form of detailed parameters 1601 received along with the request 1305 to generate a license, and then generates custom license therefrom. With this exemplary method, the License Generation Service 105 can generate various types of licenses, rights expressions, and the like, based on appropriate detailed parameters 1601. However, the richness of the type of license than can be produced by this exemplary method, for example, can depend on the API employed for programming, and/or messaging, the capabilities of the underlying software, and the like. Accordingly, in this exemplary method, the employed programming and/or messaging interface can be configured so as to be sufficiently detailed to be able to transmit the information included in the detailed parameters 1601 needed to construct a full custom license. For example, such information can include information about the principal, information about the resource, information about the rights, information about conditions, and the like, that can be employed to construct a license.
  • Interpretation of a license, such as the [0127] license 127, the distribution license 305, and the like, for example, can include determining what right has been granted in the license, what conditions, if any, are associated with such grant, and the like. In an exemplary embodiment, the related process of validating the license can be bundled, associated, related, and the like, with the task of interpreting the license. However, according to a further exemplary embodiment, the license validation process can be separate from the process of license interpretation.
  • FIG. 17 illustrates an exemplary workflow for license validation that can be used in the Networked [0128] Services Licensing System 100 of FIG. 1. Validating a license, such as the license 127, the distribution license 305, and the like, as the name implies, for example, can include determining if a license is “valid,” which typically involves employing a cryptographic technique, and the like. In an exemplary embodiment, the License Validation and Interpretation Service 109, and the like, can perform the license validation process.
  • Accordingly, in FIG. 17, at [0129] step 1701, for example, a license is received for validation. In an exemplary embodiment, the received license can be encrypted, for example, in order to keep the content thereof confidential, and the like. Accordingly, at step 1703, License Decryption, for example, the license can be decrypted. If, however, the license is not encrypted, as determined by step 1717, for example, the processes of step 1703 can be bypassed. In addition, if the decryption process on the received license fails, as determined by step 1713, at step 1715, for example, the license can be deemed invalid. In an exemplary embodiment, the encryption and/or decryption processes employed can be performed based on asymmetric cryptographic techniques, symmetrical cryptographic techniques, public key cryptographic techniques, private key cryptographic techniques, and the like.
  • At [0130] step 1705, Signature Verification and/or Integrity Check, for example, the integrity of the license can be checked, including determining the integrity of the license to insure that the license has not been changed from the when the license was created, digitally signed, and the like, by an authorized issuer, and the like. If, however, the license is not signed, as determined by step 1719, for example, the processes of step 1705 can be bypassed. In addition, if the verification process on the license fails, as determined by step 1713, at step 1715, for example, the license can be deemed invalid.
  • Although a license that fails the integrity check may not be trusted, a license that passes the integrity check may still entail the trusting of the key that was used to sign the license. Typically, the signer of the license is the issuer of the license. In an exemplary embodiment, the trusting of the issuer can be part of the license interpretation processes, and the verification process of [0131] step 1705 also can be performed based on asymmetric cryptographic techniques, symmetrical cryptographic techniques, public key cryptographic techniques, private key cryptographic techniques, and the like.
  • At [0132] step 1707, License Revocation Check, for example, in a similar as in the revocation of digitally signed documents, such as digital certificates, and the like, the license also can be revoked for various reasons. If, however, the license is not revoked, as determined by step 1721, for example, the processes of step 1707 can be bypassed. In addition, if the license revocation check on the license fails, as determined by step 1713, at step 1715, for example, the license can be deemed invalid. In an exemplary embodiment, the license revocation step can determine, for example, through appropriate methods, channels, and the like, whether or not the license has been revoked. In addition, in an exemplary embodiment, a revoked license is no longer a valid, and cannot be used to authorize the granting of rights.
  • At [0133] step 1709, Other Validation, for example, other validity checks, and the like, can be performed on the license. If the license passes the other validity checks employed, at step 1711, for example, the license can be deemed valid. Similarly, if no other validity checks are employed, as determined by step 1723, for example, the processes of step 1709 can be bypassed, and, at step 1711, for example, the license also can be deemed valid. In addition, if the other validity checks on the license fail, as determined by step 1713, at step 1715, for example, the license can be deemed invalid. In an exemplary embodiment, the license can include additional information to attest the validity of the license, such as a validity interval, a specific issuer for the license, and the like, and expired licenses can be considered no longer valid.
  • The processes of [0134] steps 1707 and 1709 can include determining information within the license, which can entail looking inside the license, and the like, as part of the validation process, according to an exemplary embodiment, because such steps can be more closely related to the validation of a license. However, from a computational point of view, such steps can be considered as part of a license interpretation process, according to a further exemplary embodiment.
  • FIG. 18 illustrates exemplary workflows for license interpretation and state tracking that can be used in the Networked [0135] Services Licensing System 100 of FIG. 1. Interpreting a license, such as the license 127, the distribution license 305, and the like, for example, can include determining what the license has actually has authorized, conditions of such authorization, and the like. In an exemplary embodiment, as described below, license interpretation can be implemented as a service, wherein the License Validation and Interpretation Service 109, and the like, can perform the license interpretation processes. However, according further exemplary embodiments, a license interpreter can include, for example, any suitable component, device, system, sub-system, mechanism, software, and the like, capable of interpreting a license.
  • According to an exemplary embodiment, the [0136] Web Services Provider 101, upon receiving the request 121 for the service 119 along with the license 127 from the Web Services Client 103, can validate the license 127, for example, to ensure the integrity, authenticity, and the like, of the license 127. However, according a further exemplary embodiment as described below, the Web Services Provider 101, for example, can off-load the license 127 validation task to the License Interpretation Service 109. Advantageously, the License Interpretation Service 109 can maintain and/or check with external revocation mechanisms, and the like, for example, to determine if a signature associated with the license 127 is valid at the time the license 127 is used, and the like, thus, freeing up such resources and tasks for the Web Services Provider 101.
  • Accordingly, in FIG. 18, at [0137] step 1801, for example, the Web Services Provider 101 can make the license interpretation request 125, and transmit the license 127 to the License Interpretation Service 109. The Web Services Provider 101 can pass the request 127, for example, via any suitable communications protocol that can allow for the exchange of such queries, and the like. The interpretation of the license 127, for example, can include determining if the request 121 for the service 119 is authorized, under what conditions, if any, such authorization can be granted, and the like. Thus, such query can be, for example, in the form of “is requester X authorized to access resource Y?” and the like.
  • The interpretation of the [0138] license 127 also can involve determining, for example, if an issuer trusted by the Web Services Provider 101 has authorized the license 127. If, however, the Web Services Provider 101 does not recognize, cannot trust, and the like, the issuer of the license 127, then a license authorizing the issuer to issue the license 127, such as the distribution license 305, and the like, also can be checked.
  • At step, [0139] 1807, for example, the result of the license interpretation process can include a response, and the like, from the License Interpretation Service 109 to the Web Services Provider 101, indicating whether or not requested operations, access to services, and the like, granted in a license, such as the license 127, the distribution license 305, and the like, are authorized. Assuming a positive response from the License Interpretation Service 109, and assuming that no further conditions, such obligations 123, are employed, at step 1809, for example, the Web Services Provider can provide a service, such as the service 119, to a client, such as the Web Services Client 103.
  • In addition, zero or [0140] more obligations 123 that the Web Services Provider 101 may have to perform, for example, as conditions for supplying the service 119, and the like, can result from License Interpretation Service 109 evaluating such conditions specified in the license 127. For example, the obligation 123 can include the Web Services Provider 101 recording the access to the service 119, imposing a time limit for which the services 119 are rendered, and the like. At step 1811, in an exemplary embodiment, for example, the License Interpretation Service 109 also can leverage other services, for example, as specified in the license 127 and/or the distribution license 305, such as retrieving the state information 115, for example, including a count, a limit value, and the like, from some the other service, such as the State Tracking service 111, and the like.
  • Thus, according to an exemplary embodiment, a license, such as the [0141] license 127, the distribution license 305, and the like, can be used to specify information, such as location information, and the like, for other services, entities, and the like, such as the services, systems, sub-systems, components, devices, and the like, of the Networked Services Licensing System 100 of FIG. 1. In addition, the license interpretation workflow of the exemplary embodiments, for example, can employ any suitable license interpretation protocol, such as the exemplary license interpretation protocol described herein.
  • As described above, the [0142] License Interpretation Service 109, in the process of interpreting a license, such as the license 127, the distribution license 305, and the like, for example, can employ state information, such as the state information 115, and the like, that can be stored in a state tracking service, such as the State Tracking Service 111, and the like. The location, protocol, and the like, for obtaining the state information 115 can be encoded in the license, for example, based on Web services and/or languages, such as UDDI, WSDL, and the like. By virtue of validating the license, the License Interpretation Service 109 can assure that a link, reference, and the like, specified in the license is for an authorized service, such as the State Tracking Service 111, and the like. Accordingly, at step 1803, for example, the License Interpretation Service 109 transmits a request for state tracking to the State Tracking Service 111.
  • The [0143] State Tracking Service 111, however, may have to ensure that a requesting entity, such as the License Interpretation Service 109, can be authenticated. In an exemplary embodiment, the License Interpretation Service 109 can be authenticated, for example, by any suitable method, such as by presenting a license, such as the license 127, the distribution license 305, and the like. Then, at step 1805, for example, the State Tracking Service 111 provides the requested state 115 information to the License Interpretation Service 109. In an exemplary embodiment, the transfer of the state information 115 can be made using any suitable protocol, such as the exemplary protocols described herein, and can be made secure, for example, via secured transmission Internet technologies, such as Secure Sockets Layer (SSL) technologies, and the like.
  • The [0144] License Interpretation Service 109 then can use the state information 115 received from the State Tracking Service 111, at step 1807, for example, to complete the interpretation of the license. In an exemplary embodiment, the state information 115 can in clued, for example, how many times the service 119 has been accessed, a payment record, a time span, and the like.
  • As noted above, the [0145] License Interpretation Service 109 also can send interpretation information to the Web Services Provider 101, at step 1807, for example, including the obligations 123, and the like. Once the obligations 123 are satisfied, at step 1809, for example, the Web Services Client 103 can exercise a right included in the license 127, such access to the service 119 of the Web Services Provider 101.
  • As noted above, however, the use of the [0146] service 119 of the Web Services Provider 101 by Web Services Client 103, can entail obligations that may have to be fulfilled by the Web Services Provider 101, for example, such as transfer of updated state information 115, and the like. Accordingly, at step 1811, for example, the Web Services Provider 101 establishes contact with the State Tracking Service 111 to transfer the updated state information 115, and the like. The location, protocol, and the like, for transferring the updated state information 115 to the State Tracking Service 111 can be encoded in the license, for example, based on Web services and/or languages, such as UDDI, WSDL, and the like.
  • By virtue of the validity of the license, the [0147] Web Services Provider 101 can have assurance that a link, reference, and the like, specified in the license is for an authorized service, such as the State Tracking Service 111, and the like. The State Tracking Service 111, however, may have to ensure that a requesting entity, such as the Web Services Provider 101, can be authenticated. In an exemplary embodiment, the Web Services Provider 101 can be authenticated, for example, by any suitable method, such as by presenting a license, such as the license 127, the distribution license 305, and the like. Once validations, assurances, obligations, and the like, are satisfied, at step 1811, for example, the Web Services Provider 101 can transfer the updated state information 115 to the State Tracking Service 111.
  • In order to support the exemplary workflows of the described embodiments, the messages associated with the workflows, for example, used to indicate that a license may have to be employed, to request a license, to indicate that a license is valid, to indicate that a license invalid, and the like, can be encoded, using any suitable messaging protocol, such as the exemplary license protocol described herein. The exemplary license protocol, for example, can be encoded with XrML, XML, and the like, and can be included in messages that are sent between, for example, the Web Service Client and the [0148] Web Services Provider 101.
  • For example, an exemplary embodiment of the license protocol, employing XML and leveraging the messaging framework of SOAP, is illustrated in Table 1. In an exemplary embodiment, SOAP elements, such as the indication of a fault through a <fault> element during the processing of a message, and the like, can be used in accordance to the SOAP specification. [0149]
    TABLE 1
    Exemplary License Protocol (XML/SOAP Messaging Framework)
    Soap Message. Elements of the license protocol are prefixed
    Step in Workflow with “lic:”
    The Web Services Provider 101 <?xml version = ‘1.0’>
    response after the service 119 <Envelop xmlns= “http://www.w3c.org/2002/06/soap-envelope”
    initiation without the license 127 by xmlns:lic= “http://www.xrml.org/2002/license”>
    the Web Services Client 103. <body>
    In this example, the protocol to <fault>
    indicate that the license 127 was not . . .
    provided can be encapsulated in the <details>
    <lic:faultDetails> element, shown in <lic:faultDetails>
    bold, and can include a “message” part <message> license missing </message>
    that can be human readable, and an <errorcode> 0001 </errorcode>
    “errorcode” part for machine <lic:faultDetails>
    processing. The message part can be </details>
    used for debugging. </fault>
    </body>
    </envelope>
    The Web Services Provider 101 <?xml version = ‘1.0’>
    response after the Web Services Client <Envelop xmlns= “http://www.w3c.org/2002/06/soap-envelope”
    103 service 119 initiation with an error xmlns:lic= “http://www.xrml.org/2002/license”>
    in the license 127. <body>
    In this example, the protocol to <fault>
    indicate that there was a fault . . .
    condition with the license 127 can be <details>
    encapsulated in the <lic:faultDetails> <lic:faultDetails>
    element, shown in bold, and can <message> Expired License </message>
    include: a “message” part that can be <errorcode> 0034 </errorcode>
    human readable, and an “errorcode” <lic:faultDetails>
    part for machine processing. The </details>
    message part can be used for </fault>
    debugging. The errorcode part can be </body>
    a number or a string and can include a </envelope>
    list of error codes indicating different
    types of fault conditions. For
    example, 0034 for expired license,
    0035 for un-trusted license, and the
    like.
    The error message can be followed by <?xml version =‘1.0’>
    this message, including information <Envelop xmlns= “http://www.w3c.org/2002/06/soap-envelope”
    for how to obtain the license 127. xmlns:lic= “http://www.xrml.org/2002/license”
    In this example, the fault message and xmlns:x= “http://www.xrml.org/2002/xrmlCore”>
    the license information message can <body>
    be bundled together. In the sample <fault>
    message, the fault message indicates . . .
    that the license 127 was not provided, <details>
    and the other message provides <lic:faultDetails>
    information on where to obtain the <message> License Missing </message>
    license 127. <errorcode> 0034 </errorcode>
    The element <lic:RetrievalInfo>, <lic:faultDetails>
    shown in bold, provides information </details>
    on where to get the license 127 and </fault>
    what kind of license can be employed. <lic:RetrievalInfo>
    In the sample message, a UDDI <x:serviceReference>
    reference can be given, corresponding <x:uddi>
    to the License Generation Service 105. <x:serviceKey>
    In addition, a license with a grant of <x:uddi>E234s-asdfa-. . . </x:uddi>
    principal equal to the identity of the </x:serviceKey>
    requester and of right </x:uddi>
    “retrieveAnyDocument” can be </x:serviceReference>
    employed. Further, a particular issuer <x:forAll varName= “requester” />
    can be employed as the issuer of the <x:grant>
    license 127. <x:principal varRef= “requester” />
    The license prototype 1503 or the type <ws:retrieveAnyDocument />
    of license 127 employed to access the </x:grant>
    service 119 can be encoded with a <x:issuer>
    rights language (for example, XrML, . . . .
    as in this example). </x:issuer
    </lic retrievalInfo>
    </body>
    </envelope>
    The Web Services Client 103 <?xml version =‘1.0’>
    requesting the license 127. <Envelop xmlns= “http://www.w3c.org/2002/06/soap-envelope”
    In this example, a requester, such as xmlns:lic= “http://www.xrml.org/2002/license”
    the Web Services Client 103, sends a xmlns:x= “http://www.xrml.org/2002/xrmlCore” >
    message to the License Generation <header>
    Service 105 in order to obtain the <wsse:security xmlns:wsse= “. . .”>
    license 127. (For example, it can be <wsse:binarySecurityToken
    assumed that the requester has been id= “myToken”
    authorized to get a license and knows valueType= “wsse:x509v3”
    how to locate and interface with the MIIEZzCCA9CgAwIBgIQEmtJZC0. . .
    License Generation Service 105). </wsse:binarySecurityToken>
    The message encapsulates the </wsse:security>
    following elements, for example: </header>
    A credential element in the <body>
    <wsse:security> element in the <lic:request type= “licenseGen”>
    <header> section -in the form of an <x:forAll varName= “requester” >
    X509 certificate <“the wsse:security value” />
    A request in the <lic:request> element </forAll>
    in the <body> section, shown in bold. <x:grant>
    The <lic:request> element can include <x:principal varRef= “requester” />
    a prototype grant identifying the <ws:access />
    service in question. It also can say <x:serviceReference>
    that the principal is to be resolved at <x:uddi>E234s-asdfa-. . . </x:uddi>
    the time the license 127 is created. <x:details>
    Also, there can be a type associated . . .
    with the <lic:request> element. </x:details>
    The output of such request (for </x:serviceReference>
    example, if authorized) can be a </x:grant>
    license 127 that can be transmitted </lic:request>
    inside a message to the requester. </body>
    There are numerous ways to pass the </envelope>
    information in the message. The
    example is one of such many ways.
    Each of the previously described
    methods can employ a separate
    “flavor” of the protocol.
    The License Generation Service 105 <?xml version =‘1.0’>
    delivers the license 127 to a requester, <Envelop xmlns= “http://www.w3c.org/2002/06/soap-envelope”
    such as Web Services Client 103. xmlns:lic= “http://www.xrml.org/2002/license”
    In this example, the license can be xmlns:x= “http://www.xrml.org/2002/xrmlCore” >
    returned as a fully formed license as <header>
    part of the body of the message. . . .
    With SOAP, typically, there is no need </header>
    for an additional protocol, as shown in <body>
    the example. However, with other <x:license>
    mechanisms, there may be a need to <x:grant>
    include the license within a “wrapper” . . .
    in the form of </x:grant>
    <lic:Response>. . .</lic:Response> to . . .
    indicate that the enclosed license is a </x:license>
    response to a request and not a license . . .
    that was generated for other purposes. </body>
    </envelope>
    The Web Services Client 103 <?xml version =‘1.0’>
    transmits the license 127 (for example, <Envelop xmlns= “http://www.w3c.org/2002/06/soap-envelope”
    as token to gain access to the service xmlns:lic= “http://www.xrml.org/2002/license”
    119) with service initiation message. xmlns:x= “http://www.xrml.org/2002/xrmlCore”>
    In this example, transmitting the <header>
    license 127 as a token for access to the <wsse:security xmlns:wsse=“. . .”>
    service 119, leverages the semantics of </wsse:security>
    the messaging protocol, in SOAP, <x:license>
    which is a security token passed in the <x:grant>
    header portion of the message. . . .
    With SOAP, typically, there is no need </x:grant>
    for an additional protocol, as shown in . . .
    the example. However, with other </x:license>
    mechanisms, there may be a need to </wsse:security>
    include the license within a “wrapper” . . .
    in the form of </header>
    <lic:security>. . .</lic:security> to <body>
    indicate that the enclosed license 127 . . .
    is a license to gain access to the </body>
    service 119. </envelope>
  • The exemplary license interpretation protocol, as illustrated in Table 2, for example, can be part of the license protocol. The license interpretation protocol is discussed separately, for the sake clarity. The [0150] Web Services Provider 101 can use the license interpretation protocol, for example, when invoking the License Interpretation Service 109. Similar to the license protocol, the license interpretation protocol can be implemented so as to leverage a messaging exchange protocol, for example, SOAP, and the like, and transmit XrML messages, XML messages, and the like. Table 2 shows the exemplary license interpretation protocol, for example, as XML leveraging the messaging framework of SOAP, and the rights language XrML.
    TABLE 2
    Exemplary Interpretation Protocol (XML/SOAP Messaging Framework)
    Soap Message. Elements of the license protocol are prefixed
    Step in Workflow with “lic:”
    The Web Services Provider 101 sends <?xml version =‘1.0’>
    a request message 125 to the License <Envelop xmlns= “http://www.w3c.org/2002/06/soap-envelope”
    Interpretation Service 109 to request xmlns:lic= “http://www.xrml.org/2002/license”
    the interpretation of a license, such as xmlns:x= “http://www.xrml.org/2002/xrmlCore” >
    the license 127. <header>
    In this example, the message can . . .
    include several parts: <wsse:security xmlns:wsse= “. . .”>
    In the header, the Web Services . . .
    Provider 101 can sends credential, </wsse:security>
    including a license that authorizes the <x:license>
    access or use of the service <x:grant>
    The body of the message starts with . . .
    the request of type “licenseInterpret,” </x:grant>
    shown in bold. This is to indicate that . . .
    the request is for interpreting a license. </x:license>
    Within this element are the parameters </wsse:security>
    that the interpreter employs as input. . . .
    The example shows that a principal </header>
    and a resource are passed as <body>
    parameters signifying that the service <lic:request type= “licenseInterpret”
    will find the granted rights that match ID= “1234-1234-1234-1234”>
    those parameters. <lic:parameter principal= “x:keyholder”>
    Following the request is the license or MIIEZzCCA9CgAwIBgIQEmtJZC0. . .
    licenses to be interpreted. </lic:parameter>
    <lic:parameter resource= “x:uddi”>
    E234s-asdfa-. . .
    </lic:parameter>
    . . .
    </lic:request>
    <x:license>
    <x:grant>
    . . .
    </x:grant>
    . . .
    </x:license>
    . . .
    </body>
    </envelope>
    The License Interpretation Service <?xml version =‘1.0’>
    109, after the license interpretation <Envelop xmlns= “http://www.w3c.org/2002/06/soap-envelope”
    request 125, returns the results in a xmlns:lic= “http://www.xrml.org/2002/license”
    message. xmlns:x= “http://www.xrml.org/2002/xrmlCore” >
    In this example, a response 123 <header>
    corresponding to the request is . . .
    encapsulated within the <lic:response> </header>
    element, shown in bold. In this <body>
    example, the returned parameters are <lic:response type= ID= “1234-1234-1234-1234”>
    grant fragments (for example, as <x:grant>
    defined in the rights language) that <ws:access/>
    match the principal and the resource in </x:grant>
    the original request. Certain <x:grant>
    conditions can also be resolved in the <ws:execute/>
    license interpreter and the result could <x:trackReport>
    be “simpler conditions” that are easier <x:serviceReference>
    to validate by the requester. <x:uddi>E234s-asdfa-. . . </x:uddi>
    The result in this example indicates <x:details>
    that the access right has been granted . . .
    -with no conditions or obligations, </x:details>
    and the right to execute has also been </x:serviceReference>
    granted, but with the obligation to </x:trackReport>
    track the exercise of this right as </x:grant>
    specified by the <x:trackReport> . . .
    element (for example, defined in the </lic:response>
    rights language XrML) . . .
    </body>
    </envelope>
  • In an exemplary embodiment, the state tracking protocol can include any suitable protocol, public, private, proprietary, standardized, the exemplary protocols as described herein, and the like, that can be used to retrieve, transfer, and the like, information, such as the [0151] state information 115, and the like, to and from a service, such as the State Tracking Service 111, and the like. Accordingly, the state tracking protocol can be used for retrieving a count of how many times a service, such as the service 119, and the like, has been exercised, for sending the exercise count, for storing an exercise count, and the like.
  • In addition, the exchange of certain types of information, such as payment information, time information, and the like, may already be standardized in a protocol by other industries, in which case, according to a further exemplary embodiment, such a standardized protocol can be included in the state tracking protocol. Further, according to a still further exemplary embodiment, a protocol may employed that can depend on the specialization, implementation, and the like, of the [0152] State Tracking Service 111. For example, if the State Tracking Service includes a database, then the retrieval and storage of information can be performed via a database query mechanism, and the like.
  • Exemplary use scenarios, business applications, and the like, that can be supported by the exemplary embodiments of the Networked [0153] Services Licensing System 100 of FIG. 1, as will now be described.
  • FIG. 19 illustrates an exemplary workflow for specifying a license that can be used in the Networked [0154] Services Licensing System 100 of FIG. 1. In this example, a service, such as a Web-based License Generation and Interpretation Service 1907 based on, for example, the License Generation 105 and Interpretation 109 Services of the exemplary embodiments, and the like, can allow for the specification of rights, the interpretation of rights, and the like, for generating a license, such as the license 127 and/or the distribution license 305, and the like. According to an exemplary embodiment, the License Generation and Interpretation Service 1907, for example, can be employed as a building block for systems, such as a Rights Clearing Service, a Digital Asset Management System, a Digital Rights Management System, and the like.
  • The License Generation and [0155] Interpretation Service 1907, in an exemplary embodiment, can include, for example, providing a user interface, such as a Graphical User Interface (GUI), and the like, converting user input into a rights expression, such as a license, based on a rights language, such as XrML, and the like. The License Generation and Interpretation Service 1907, according to a further exemplary embodiment, for example, can also provide one or more user interfaces, each specializing in a particular format, industry, and the like. For example, the License Generation and Interpretation Service 1907 can provide a user interface for video formats, another user interface for music formats, a still further user interface for electronic books, and the like. Advantageously, providing user interfaces tailored to the specific details and/or intricacies of a particular audience, for example, can be a value-added feature, and the like, of the License Generation and Interpretation Service 1907.
  • Accordingly to an exemplary embodiment, the License Generation and [0156] Interpretation Service 1907, for example, can include accepting rights queries, processing the rights queries against corresponding rights expressions, and the like. For example, an exemplary rights query can be of the form “Does John M., who is an employee of Company N, have the right to purchase up to $1000 worth of supplies from Supplier P?,” and the like. The output from such a query, for example, can include an assertion about what rights are available, what conditions are attached to such rights, and the like. The License Generation and Interpretation Service 1907 can add further value, for example, by providing one or more user interfaces that facilitate user input for a particular type of rights query, and the like.
  • Advantageously, employing the same entity for providing both rights specification, and rights interpretation functions, for example, allows for an increase in consistency, accuracy, and the like, in interpreting the rights. In other words, a system that creates the rights specification typically is better equipped to apply the same rules when interpreting such rights. In an exemplary embodiment, the rights expression, the rights expression definitions, the rights expression interpretations, and the like, can be based on any suitable standard, including industry standards, and the like. [0157]
  • Accordingly, in an exemplary embodiment, a [0158] user 1919, an author, for example, wishes to specify the rights associated with some type content in relation to a contract with a publisher. An authoring application 1909 that the user 1919 employs does not provide a way to specify rights metadata for the content, but can call a Web service, such as the License Generation and Interpretation Service 1907 that provides such a function.
  • Accordingly, at [0159] step 1901, for example, the authoring application connects to License Generation and Interpretation Service 1907 that provides rights specification, interpretation, and the like. For example, the License Generation and Interpretation Service 1907 can specialize in certain industries and provide a user interface with terminology, contract templates, and the like, that can be used and understood in that particular industry, trade, and the like. The user 1919 interacts with the License Generation and Interpretation Service 1907, and, at step 1903, for example, the License Generation and Interpretation Service 1907 converts the information the user 1919 provides into a rights expression, for example, an unsigned license, based on XrML, and the like. The unsigned license is then returned, conveyed, transmitted, and the like, to the user 1919, and the user 1919 can digitally sign the license.
  • At [0160] step 1905, for example, the user 1919 can send the signed license, for example, together with the associated content, to a Digital Asset Management System 1913 of the publisher, and, for example, including a license store 1915, such as a database and the like. The content can now be managed by the Digital Asset Management System 1913, for example, within a domain, and the like, of the publisher.
  • FIG. 20 illustrates an exemplary workflow for interpreting a license that can be used in the Networked [0161] Services Licensing System 100 of FIG. 1. For example, in FIG. 20, during a production workflow for a publication, Bob, a rights specialist, wishes to query the rights of a particular asset of the Digital Asset Management System 1913. In this example, the rights of the asset are encapsulated, for example, by an XrML license. The Digital Asset Management System 1913, for example, not having a capability to interpret licenses, for example, by design, because a Web service can provide more specialized capabilities, and the like, accesses the License Generation and Interpretation Service 1907, which provides, for example, an intuitive user interface, such as a GUI, and the like. Advantageously, the License Generation and Interpretation Service 1907 can specialize in interpretation of certain types contracts, licenses, and the like, and allow the operation of the user interface to query the rights that can be employed for a particular publication. In an exemplary embodiment, the License Generation and Interpretation Service 1907 can include, for example, an indexed database where licenses are stored, organized, and the like.
  • Accordingly, at [0162] step 2001, for example, Bob sends a query along with the XrML license, for example, through the Digital Asset Management System 1913, to the License Generation and Interpretation Service 1907. Then, at step 2003, for example, the License Generation and Interpretation Service 1907 interprets the rights included in the license based on the query request, and returns the result of the query to Bob.
  • Exemplary Workflow for Accessing the License Issuing and Interpretation Service 1907
  • Although the exemplary rights processing workflow described above can be a function provided by a Web service, such as the License Generation and [0163] Interpretation Service 1907, the workflow does not describe the process for calling, accessing, and the like, the License Generation and Interpretation Service 1907. For example, in an exemplary embodiment, the XrML license is not used for accessing the License Generation and Interpretation Service 1907. Accordingly, the rights processing functions can be generic functions provided by a Web service, such as the License Generation and Interpretation Service 1907, and the like, and, for example, can be described with any suitable standards-based language for describing Web services, such as WSDL, and the like.
  • In many business scenarios, however, it can become advantageous to manage access to a service, such as the License Generation and [0164] Interpretation Service 1907, and the like. For example, a user 2005, the owner of the Web-based License Issuing and Interpretation Service 1907 has been providing the service to anyone that can discover his offering, can use the service, and the like. However, the License Generation and Interpretation Service 1907 of the user 2005 has become quite successful, and the user 2005 now wishes to commercialize the License Issuing and Interpretation Service 1907. According to an exemplary embodiment, the user 2005 can add an e-commerce capability to the License Issuing and Interpretation Service 1907.
  • Accordingly, the [0165] user 2005, for example, could add an e-commerce package to the License Issuing and Interpretation Service 1907, which can entail the creation of various mechanisms, such as a customer account processing mechanism, a financial transaction processing mechanism, a login and password processing mechanism, and the like. However, such a service can create barriers for the service and its customers. For example, the login process, the handling forgotten passwords, the processing of payments, the determining of how much to charge, the determining of what methods to employ, and the like, could become cumbersome.
  • Therefore, according to a further exemplary embodiment, the [0166] user 2005 can configure the License Issuing and Interpretation Service 1907, for example, such that access is granted based on a presentation of a license, for example, manually, automatically, and the like. Conceptually, such a system can include, for example, submitting a license during the initial communication protocol with the License Issuing and Interpretation Service 1907. In an exemplary embodiment, a client of the License Issuing and Interpretation Service 1907 and the License Issuing and Interpretation Service 1907 can follow any suitable license protocol, such as the exemplary license protocol described herein. In this exemplary embodiment, a license, such as an XrML license, and the like, can be presented, for example, when an application communicates with the License Issuing and Interpretation Service 1907. If the license validates, the services of the License Issuing and Interpretation Service 1907 can be rendered.
  • In the examples of FIGS. 19 and 20, the authoring application can be configured to include the capability to present a license, for example, when the application requests services from License Issuing and [0167] Interpretation Service 1907. FIG. 21 illustrates an exemplary workflow for controlling consumption of a service that can be used in the Networked Services Licensing System 100 of FIG. 1. In FIG. 21, at step 2101, for example, authoring application 1909 of the user 1919 communicates with the License Issuing and Interpretation Service 1907 and requests service. At step 2103, for example, during the initial protocol, a license is presented in order to access the services of the License Issuing and Interpretation Service 1907. Then, at step 2105, for example, upon acceptance of the license, the License Issuing and Interpretation Service 1907 can render its services.
  • The [0168] user 2005 now ponders the question of who would issue the licenses that are used to access the License Issuing and Interpretation Service 1907. According to an exemplary embodiment, the user 2005 can configure the License Issuing and Interpretation Service 1907 to manage the issuing of the licenses. However, this can become quite taxing to the system and himself.
  • In addition, the [0169] user 2005 would have develop and maintain an e-commerce site and a database for his customers. However, the user 2005 figures that managing a customer database is not something that will add value to the License Issuing and Interpretation Service 1907, and does not see the economic potential of maintaining and/or data-mining the customer database.
  • Accordingly, the [0170] user 2005 would rather keep the License Issuing and Interpretation Service 1907 simple, allowing the user 2005 to focus on the basic capabilities and functionality of the service. Therefore, according to a further exemplary embodiment, the user 2005 can configure the License Issuing and Interpretation Service 1907 to employ licenses, for example, that can be issued by a trusted third party, bundled with the authoring application 1909, and the like.
  • FIG. 22 illustrates an exemplary workflow for issuing licenses by a third party that can be used in the Networked [0171] Services Licensing System 100 of FIG. 1. For example, in an exemplary embodiment, the user 2005 can issue licenses to business partners of the user 2005, for example, granting the right to issue licenses for access to License Issuing and Interpretation Service 1907, such as the distribution license 305, and the like. The business partners of the user 2005 then can issue the distribution licenses to end-users, such as the user 1919.
  • For example, the business partners the [0172] user 2005 can include companies, for example, such as Company ABC 2207 that creates and sells the authoring applications 1909, such as word processors, image creation software, and the like. At step 2201, for example, the user 2005 can make a business deal with the Company ABC 2207, for example, based on granting the Company ABC 2207 the right to issue licenses for access to the License Issuing and Interpretation Service 1907, and the like, at step 2203. Then, at step 2205, for example, the licenses for accessing the License Issuing and Interpretation Service 1907 can be issued on-demand, bundled with the authoring applications 1909, and the like, by the Company ABC 2207. Advantageously, in this exemplary embodiment, the user 2005 can bundle access to the License Issuing and Interpretation Service 1907 with a third party application, such as the authoring applications 1909, and the like.
  • In an exemplary embodiment, the [0173] user 2005 and/or the Company ABC can use a third party service, such the License Generation and Issuing Service 105, and the like, to generate the licenses of the exemplary embodiments. In addition, signature keys can to be obtained to sign the licenses, for example, through security services, such as the Trust Authority Service 113, and the like.
  • According to the exemplary embodiments, the [0174] user 2005 can commercialize the Web-based License Issuing and Interpretation Service 1907, advantageously, without adding the resources employed to run and manage an e-commerce system. The user 2005 can determine the conditions for access to the License Issuing and Interpretation Service 1907, for example, by employing the licenses of the exemplary embodiments, such as XrML licenses, and the like. Advantageously, according to the exemplary embodiments, the user 2005 does not have to deal, for example, with managing of the customer base, and the like. The improved License Issuing and Interpretation Service 1907, for example, can entail some improvement to the Web services software, such as the capability to process licenses, but the such changes can be negligible in comparison with the deployment of a full-fledge e-commerce setup.
  • According to exemplary embodiments, the [0175] user 2005 can employ various compensation methods that, advantageously, can be described in a rights language, such as XrML, and the like. For example, according to an exemplary embodiment, a non-tracked, not encoded in a license, out of band, and the like, compensation method can be employed. In this exemplary compensation method, the user 2005 can arrange a flat-fee, per-use, and the like, deal, whereby the user 2005 can issue a distribution license, for example, granting the Company ABC 2207 an unlimited right to issues licenses for accessing the License Issuing and Interpretation Service 1907. The Company ABC 2207 can compensate the user 2005, for example, based on the number of licenses for accessing the License Issuing and Interpretation Service 1907 the Company ABC 2207 bundles with its software, such as the authoring applications 1909, based on a one-time payment, and the like. In this embodiment, the user 2005 would have to trust the data that the Company ABC 2207 collects, for example, with respect to software sales, and the like.
  • According to an exemplary embodiment, a tracked, encoded in a license, per distributor use, and the like, compensation method can be employed. In this exemplary compensation method, the [0176] user 2005 can employ, for example, compensation rules, and the like, that can be encoded in the distribution license the user 2005 issues to the Company ABC 2207. For example, the distribution license can be configured to specify that every time the right to issue a license for accessing the License Issuing and Interpretation Service 1907 is exercised by the Company ABC 2207, conditions may have to be met, such as the making of a payment of a certain amount to an account of the user 2005, that each use of the distribution license is tracked and settled through other means, and the like. Advantageously, with this exemplary embodiment, accurate, trustworthy, and the like, sales information can be made possible, because accurate tracking can be enabled.
  • According to an exemplary embodiment, a tracked, encoded in a license, per end-user use, and the like, compensation method can be employed. In this exemplary compensation method, the distribution license that the [0177] user 2005 issues to the Company ABC 2207 can also specify, for example, that when an end-user license is issued, for example, by the Company ABC 2207, certain rights, conditions, and the like, may have to be specified in the end-user licenses that the Company ABC 2207 issues. For example, the user 2005 can specify in the distribution license that the end-user usage of the licenses issued by the Company ABC 2207 for accessing the License Issuing and Interpretation Service 1907 be tracked, and the like. Accordingly, when the License Issuing and Interpretation Service 1907 of the user 2005 receives, processes, and the like, a license from the user 1919, the license can specify the parameters to track the usage of the license. Advantageously, with this exemplary embodiment, at the end of an accounting period, such data can be gathered, processed, and the like, for payment.
  • In an exemplary embodiment, the [0178] Company ABC 2207 may realize that by bundling additional services, the Company ABC 2207 can increase its competitive advantage in the marketplace. In this exemplary embodiment, for example, the Company ABC 2207 can reach out to other companies, Web services, and the like, such as document translator services, multilingual spell checker services, editorial tool services, and the like. Then, the Company ABC 2207 can make business deals with such other companies and include licenses that can be used to access such additional services. Advantageously, with this exemplary embodiment, the Company ABC can aggregate several services to bundle with its products.
  • In an exemplary embodiment, each license, such as an XrML license, and the like, can be used to express individual rights, conditions, and the like, for each the aggregated services. For example, the license for Web service B can be expressed with a right for an unlimited use, the license for Web service C can be expressed with a condition for a maximum count of 10 uses, and the like. Advantageously, with this exemplary embodiment, employing licenses that can determine the rules for access and use of a service can facilitate service aggregation. [0179]
  • According to an exemplary embodiment, the [0180] user 2005 can issue distribution licenses to his business partners, and, in turn, his business partners can issue licenses to the end-users for accessing the License Issuing and Interpretation Service 1907. This exemplary embodiment illustrates a single tier distribution model, wherein the business partners of the user 2005 can be the distributors for access to the services of the user 2005.
  • FIG. 23 illustrates an exemplary workflow for syndication of a service that can be used in the Networked [0181] Services Licensing System 100 of FIG. 1. According to a further exemplary embodiment, however, the user 2005 can focus on the technical details of the Web-based License Issuing and Interpretation Service 1907, and, for example, outsource business dealings, and the like, with companies, such as the Company ABC 2207, and the like. In this exemplary embodiment, in essence a syndication model, the user 2005 can grant a syndication agent, such as a Syndication Company 2311, a syndication license that grants the Syndication Company 2311 the right to issue distribution licenses that grant the ABC Company 2207 the right to issue licenses for accessing the License Issuing and Interpretation Service 1907.
  • The Networked [0182] Services Licensing System 100, for example, as described with respect to FIGS. 1-23, can store information relating to various processes described herein. This information can be stored in one or more memories, such as a hard disk, optical disk, magneto-optical disk, RAM, and the like, of the devices and sub-systems of Networked Services Licensing System 100. One or more databases of the devices and subsystems of the Networked Services Licensing System 100 of FIG. 1 can store the information used to implement the exemplary embodiments. The databases can be organized using data structures, for example, records, tables, arrays, fields, graphs, trees, lists, and the like, included in one or more memories, such as the memories listed above, and the like.
  • All or a portion of the Networked [0183] Services Licensing System 100, for example, as described with respect to FIGS. 1-23, can be conveniently implemented using one or more general-purpose computer systems, microprocessors, digital signal processors, micro-controllers, and the like, programmed according to the teachings of the exemplary embodiments. Appropriate software can be readily prepared by programmers of ordinary skill based on the teachings of the exemplary embodiments. In addition, the Networked Services Licensing System 100 can be implemented by the preparation of application-specific integrated circuits or by interconnecting an appropriate network of conventional component circuits.
  • Although the present invention is described in terms of exemplary workflows, other workflows are possible, as will be appreciated by those skilled in the relevant art(s). For example, during services initiation, typically a license is presented at the time of service request. However, it is possible that the license be presented at another time, cached, and the like, so that further service request do not entail the submission of a license. A license could be “pre-presented” and retained by the Web service, the client, and the like. The license could, after being pre-presented, be “pre-validated.” In such a case, when a request for accessing services is made it would be determined if the request is from an authorized requestor, and the license would be interpreted. [0184]
  • Although the exemplary workflows are described as functional steps associated with the exemplary devices of the Networked [0185] Services Licensing System 100, one or more of the functional steps of the exemplary workflows can be performed by any suitable device or devices, such as one or more general-purpose computer systems, microprocessors, digital signal processors, micro-controllers, and the like, programmed according to the teachings of the exemplary embodiments, as will be appreciated by those skilled in the relevant art(s).
  • Although the present invention is described in terms of Web services, the present invention is applicable to other services, such as any suitable distributed network service, and the like, as will be appreciated by those skilled in the relevant art(s). [0186]
  • Although the present invention is described in terms of a Web services model, the present invention is applicable to other models, such as a syndication model that is replicated for services, and the like, as will be appreciated by those skilled in the relevant art(s). For example, in an exemplary embodiment, a third party collects services from service providers and makes them available singly or in combination to users as a third party service. [0187]
  • In such an example, the [0188] Web Services Provider 101 may not or, cannot provide the syndication function, but they can set some of the conditions, rights, and the like, for the services. This exemplary embodiment, thus, enables the third party service provider to provide, for example, access and tracking services to a user of the third party service on behalf of the owners of the services. Advantageously, the services market, especially for component services, can be greatly enabled, accelerated, and the like, with this exemplary embodiment. By contrast, conditional access typically cannot handle such examples well and/or may be impractical.
  • Although the present invention is described in terms of an “on-line” mode of operation, the present invention is applicable to other modes of operation, such as “offline” modes, and the like, as will be appreciated by those skilled in the relevant art(s). For example, a hard drive on a personal computer (PC) can include license generating software, a license, and license interpretation software. The communications protocol of the exemplary embodiments, in this example, can be employed for communications within the hard drive. [0189]
  • Advantageously, the [0190] Web Services Client 103 can present a validated license and obtain access to a Web service without having to be on-line at the time the service is obtained. For example, the service could reside on the PC hard drive, such as where the service includes the execution of a computer program, or could be obtained from or through another device, such as a server or CD or other storage medium.
  • To the extent an on-line transaction is employed for some reason, such as for making a financial payment, the on-line session can be conducted at a time other than at the time the request for the use of the service is made. In the case of a financial transaction, the transaction can be made off-line using a digital storage device, such as a pre-paid “smart card” and the like. In addition, any suitable information to be exchanged can be exchanged using a physical storage device instead of an on-line communication. For example, a license can be presented by inserting a smart card into the PC. [0191]
  • While the present invention have been described in connection with a number of exemplary embodiments and implementations, the present invention is not so limited, but rather covers various modifications, equivalent arrangements, and the like, which fall within the purview of the appended claims. [0192]

Claims (19)

What is claimed is:
1. A method for controlling consumption of a distributed network service in accordance with rights expression information associated with said distributed network service and specifying a manner of use of said distributed network service, said method comprising:
determining said rights expression information associated with said distributed network service, said rights expression information indicating a manner of use of said distributed network service; and
controlling consumption of said distributed network service based on said rights expression information.
2. The method as recited in claim 1, further comprising:
transmitting said rights expression information from a client to a provider of said distributed network service.
3. The method as recited in claim 2, further comprising:
receiving said rights expression information at said client from a rights expression information issuing service.
4. The method as recited in claim 3, further comprising:
receiving a right to issue said rights expression information at said rights expression information issuing service from a business network associated with said rights expression information issuing service.
5. The method as recited in claim 3, further comprising:
interpreting said rights expression information transmitted from said client to said provider at a rights expression information interpretation service to determine if said provider has allowed access to said distributed network service.
6. The method as recited in claim 5, further comprising:
interpreting said rights expression information transmitted from said client to said provider based on state data associated with said rights expression information and received from a state tracking service.
7. The method as recited in claim 6, further comprising:
receiving at least a portion of said state data at said state tracking service from said provider.
8. The method as recited in claim 6, further comprising:
configuring said rights expression information issuing service, said rights expression information interpretation service, and said state tracking service as a middle layer provided between a trust authority service and said service provider and said client, wherein said trust authority service manages trust relationships between said rights expression information issuing service, said rights expression information interpretation service, and said state tracking service.
9. The method as recited in claim 6, further comprising:
configuring said rights expression information issuing service, said rights expression information interpretation service, and said state tracking service as specialized services provided by a specialized service provider provided between a trust authority service and said service provider and said client, wherein said trust authority service manages trust relationships between said rights expression information issuing service, said rights expression information interpretation service, and said state tracking service.
10. The method as recited in claim 9, wherein said trust authority service attests to information included in a trust certificate associated with said rights expression information.
11. The method as recited in claim 1, further comprising:
expressing said rights expression information using a rights expression language.
12. The method as recited in claim 11, wherein said rights expression language includes a grammar-based rights expression language.
13. The method as recited in claim 12, wherein said grammar-based rights expression language includes eXtensible rights Markup Language (XrML).
14. The method as recited in claim 1, wherein said step of controlling access, comprises:
authorizing access to said distributed network service based on said rights expression information.
15. The method as recited in claim 1, further comprising:
specifying in said rights expression information identification information for said distributed network service.
16. The method as recited in claim 1, further comprising:
specifying in said rights expression information identification information for a service that is associated with said distributed network service.
17. A computer system for controlling consumption of a distributed network service in accordance with rights expression information associated with said distributed network service and specifying a manner of use of said distributed network service, said system comprising:
a distributed network services provider configured to provide said distributed network service;
a client of said provider configured to consume said distributed network service;
a license issuing server configured to determine said rights expression information associated with said distributed network service, said rights expression information indicating a manner of use of said distributed network service; and
a license interpretation server configured to control consumption of said distributed network service based on said rights expression information.
18. A computer-readable medium carrying one or more sequences of one or more instructions for controlling consumption of a distributed network service in accordance with rights expression information associated with said distributed network service and specifying a manner of use of said distributed network service, the one or more sequences of one or more instructions including instructions which, when executed by one or more processors, cause the one or more processors to perform the following steps:
determining said rights expression information associated with said distributed network service, said rights expression information indicating a manner of use of said distributed network service; and
controlling consumption of said distributed network service based on said rights expression information.
19. A system for controlling consumption of a distributed network service in accordance with rights expression information associated with said distributed network service and specifying a manner of use of said distributed network service, said system comprising:
means for determining said rights expression information associated with said distributed network service, said rights expression information indicating a manner of use of said distributed network service; and
means for controlling consumption of said distributed network service based on said rights expression information.
US10/374,729 2001-01-17 2003-02-27 Networked services licensing system and method Abandoned US20030220880A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
US10/374,729 US20030220880A1 (en) 2002-01-17 2003-02-27 Networked services licensing system and method
US10/856,865 US7386513B2 (en) 2001-01-17 2004-06-01 Networked services licensing system and method
US14/531,958 US10540484B2 (en) 2001-01-17 2014-11-03 Networked services licensing system and method

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US10/046,695 US7085741B2 (en) 2001-01-17 2002-01-17 Method and apparatus for managing digital content usage rights
US35966702P 2002-02-27 2002-02-27
US10/159,272 US7028009B2 (en) 2001-01-17 2002-06-03 Method and apparatus for distributing enforceable property rights
US10/374,729 US20030220880A1 (en) 2002-01-17 2003-02-27 Networked services licensing system and method

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US10/159,272 Continuation-In-Part US7028009B2 (en) 2001-01-17 2002-06-03 Method and apparatus for distributing enforceable property rights

Related Child Applications (2)

Application Number Title Priority Date Filing Date
US10/856,865 Continuation US7386513B2 (en) 2001-01-17 2004-06-01 Networked services licensing system and method
US14/531,958 Continuation US10540484B2 (en) 2001-01-17 2014-11-03 Networked services licensing system and method

Publications (1)

Publication Number Publication Date
US20030220880A1 true US20030220880A1 (en) 2003-11-27

Family

ID=46282058

Family Applications (2)

Application Number Title Priority Date Filing Date
US10/374,729 Abandoned US20030220880A1 (en) 2001-01-17 2003-02-27 Networked services licensing system and method
US14/531,958 Expired - Fee Related US10540484B2 (en) 2001-01-17 2014-11-03 Networked services licensing system and method

Family Applications After (1)

Application Number Title Priority Date Filing Date
US14/531,958 Expired - Fee Related US10540484B2 (en) 2001-01-17 2014-11-03 Networked services licensing system and method

Country Status (1)

Country Link
US (2) US20030220880A1 (en)

Cited By (48)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040034770A1 (en) * 2002-08-15 2004-02-19 Microsoft Corporation Method and system for using a web service license
US20040148514A1 (en) * 2000-06-21 2004-07-29 Fee Gregory D Evidence-based application security
US20040177044A1 (en) * 2003-03-03 2004-09-09 General Instrument Corporation Processing of copy control information for digital rights management
US20040215476A1 (en) * 2002-08-26 2004-10-28 Computer Associates Think, Inc. Web services apparatus and methods
US20050027871A1 (en) * 2003-06-05 2005-02-03 William Bradley Interoperable systems and methods for peer-to-peer service orchestration
US20050055315A1 (en) * 2003-09-09 2005-03-10 Microsoft Corporation System and method for manifest generation
US20050071276A1 (en) * 2003-09-30 2005-03-31 International Business Machines Corporation Method for automatic creation and configuration of license models and policies
US20060225055A1 (en) * 2005-03-03 2006-10-05 Contentguard Holdings, Inc. Method, system, and device for indexing and processing of expressions
US20060230397A1 (en) * 2005-03-30 2006-10-12 Cook Johanna M Method for third-party registration of software components
US20070055743A1 (en) * 2005-09-02 2007-03-08 Pirtle Ross M Remote control media player
US7281274B2 (en) 2003-10-16 2007-10-09 Lmp Media Llc Electronic media distribution system
US20080022267A1 (en) * 2004-04-26 2008-01-24 Google Inc. Method and System for Dynamically Composing Distributed Interactive Applications from High-Level Programming Languages
US7386483B1 (en) * 2004-03-01 2008-06-10 Sprint Communications Company L.P. Electronic marketplace system and method for selling web services
US20080208954A1 (en) * 2003-02-25 2008-08-28 Novell, Inc.- A Delaware Corporation Method for performing distributed administration
US20090138891A1 (en) * 2007-11-27 2009-05-28 Winig Robert J Integrating service-oriented architecture applications with a common messaging interface
US20090187633A1 (en) * 2006-05-02 2009-07-23 Airwide Solutions Oy Capability broker and messaging system
US20090320093A1 (en) * 2007-12-31 2009-12-24 Enterra Solutions, Llc Holistic xacml and obligation code automatically generated from ontologically defined rule set
US20100185868A1 (en) * 2010-03-21 2010-07-22 William Grecia Personilized digital media access system
US20100199105A1 (en) * 2009-02-02 2010-08-05 Samsung Electronics Co., Ltd. Method for playing digital contents and managing license and apparatus therefor
US20100299264A1 (en) * 2007-09-12 2010-11-25 Sony Corporation Open market content distribution
US20120136749A1 (en) * 2009-07-17 2012-05-31 Alcatel- Lucnet Shanghai Bell Co., Ltd Digital rights management (drm) method and apparatus in small and medium enterprise (sme) and method for providing drm service
US8229858B1 (en) * 2004-09-30 2012-07-24 Avaya Inc. Generation of enterprise-wide licenses in a customer environment
US8402555B2 (en) 2010-03-21 2013-03-19 William Grecia Personalized digital media access system (PDMAS)
US20130204966A1 (en) * 2010-01-15 2013-08-08 Endurance International Group, Inc. Guided workflows for establishing a web presence
US20130340085A1 (en) * 2010-05-17 2013-12-19 Katherine K. Nadell Migration between digital rights management systems without content repackaging
US8688997B2 (en) * 2005-04-20 2014-04-01 Adobe Systems Incorporated Using digital certificates in document distribution
US8688583B2 (en) 2005-10-18 2014-04-01 Intertrust Technologies Corporation Digital rights management engine systems and methods
US8768850B2 (en) 2004-11-18 2014-07-01 Contentguard Holdings, Inc. Method, system, and device for license-centric content consumption
US20140222955A1 (en) * 2013-02-01 2014-08-07 Junaid Islam Dynamically Configured Connection to a Trust Broker
US9197517B2 (en) 2010-01-15 2015-11-24 Endurance International Group, Inc. Migrating a web hosting service via a virtual network from one architecture to another
US9361435B1 (en) * 2015-01-14 2016-06-07 Flexera Software Llc Multi-tier digital supply chain management
US9589110B2 (en) 2011-04-11 2017-03-07 Intertrust Technologies Corporation Information security systems and methods
US9626667B2 (en) 2005-10-18 2017-04-18 Intertrust Technologies Corporation Digital rights management engine systems and methods
US9883008B2 (en) 2010-01-15 2018-01-30 Endurance International Group, Inc. Virtualization of multiple distinct website hosting architectures
US10049190B1 (en) * 2007-12-21 2018-08-14 Symantec Corporation Method and apparatus for remotely managing a resource at a computer
US10469262B1 (en) 2016-01-27 2019-11-05 Verizon Patent ad Licensing Inc. Methods and systems for network security using a cryptographic firewall
US10554480B2 (en) 2017-05-11 2020-02-04 Verizon Patent And Licensing Inc. Systems and methods for maintaining communication links
US10839402B1 (en) * 2014-03-24 2020-11-17 EMC IP Holding Company LLC Licensing model for tiered resale
US20210021633A1 (en) * 2019-07-19 2021-01-21 JFrog Ltd. Software release tracking and logging
US10972289B2 (en) 2019-07-19 2021-04-06 JFrog, Ltd. Software release verification
US11106554B2 (en) 2019-04-30 2021-08-31 JFrog, Ltd. Active-active environment control
US11244031B2 (en) 2017-03-09 2022-02-08 Microsoft Technology Licensing, Llc License data structure including license aggregation
US11328096B2 (en) 2019-04-30 2022-05-10 JFrog, Ltd. Data bundle generation and deployment
US11340894B2 (en) 2019-04-30 2022-05-24 JFrog, Ltd. Data file partition and replication
US11379560B2 (en) * 2019-03-18 2022-07-05 ServiceNow Inc. Systems and methods for license analysis
US11695829B2 (en) 2020-01-09 2023-07-04 JFrog Ltd. Peer-to-peer (P2P) downloading
US11860680B2 (en) 2020-11-24 2024-01-02 JFrog Ltd. Software pipeline and release validation
US11886390B2 (en) 2019-04-30 2024-01-30 JFrog Ltd. Data file partition and replication

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9774586B1 (en) * 2015-08-31 2017-09-26 EMC IP Holding Company LLC Dynamic authorization of users in a multi-tenant environment using tenant authorization profiles

Citations (90)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US556855A (en) * 1896-03-24 Automatic car-switching system
US3263158A (en) * 1963-08-15 1966-07-26 Motorola Inc Saturable reactor voltage control circuit
US3790700A (en) * 1971-12-17 1974-02-05 Hughes Aircraft Co Catv program control system
US3798605A (en) * 1971-06-30 1974-03-19 Ibm Centralized verification system
US4159468A (en) * 1977-11-17 1979-06-26 Burroughs Corporation Communications line authentication device
US4278837A (en) * 1977-10-31 1981-07-14 Best Robert M Crypto microprocessor for executing enciphered programs
US4323921A (en) * 1979-02-06 1982-04-06 Etablissement Public De Diffusion Dit "Telediffusion De France" System for transmitting information provided with means for controlling access to the information transmitted
US4442486A (en) * 1981-11-25 1984-04-10 U.S. Philips Corporation Protected programmable apparatus
US4529870A (en) * 1980-03-10 1985-07-16 David Chaum Cryptographic identification, financial transaction, and credential device
US4593376A (en) * 1983-04-21 1986-06-03 Volk Larry N System for vending program cartridges which have circuitry for inhibiting program usage after preset time interval expires
US4644493A (en) * 1984-09-14 1987-02-17 International Business Machines Corporation Implementing a shared higher level of privilege on personal computers for copy protection of software
US4658093A (en) * 1983-07-11 1987-04-14 Hellman Martin E Software distribution system
US4796220A (en) * 1986-12-15 1989-01-03 Pride Software Development Corp. Method of controlling the copying of software
US4817140A (en) * 1986-11-05 1989-03-28 International Business Machines Corp. Software protection system using a single-key cryptosystem, a hardware-based authorization system and a secure coprocessor
US4827508A (en) * 1986-10-14 1989-05-02 Personal Library Software, Inc. Database usage metering and protection system and method
US4891838A (en) * 1985-11-04 1990-01-02 Dental Data Service, Inc. Computer accessing system
US4924378A (en) * 1988-06-13 1990-05-08 Prime Computer, Inc. License mangagement system and license storage key
US4932056A (en) * 1989-03-16 1990-06-05 Yeda Research And Development Company Limited Method and apparatus for user identification based on permuted kernels
US4937863A (en) * 1988-03-07 1990-06-26 Digital Equipment Corporation Software licensing management system
US4953209A (en) * 1988-10-31 1990-08-28 International Business Machines Corp. Self-verifying receipt and acceptance system for electronically delivered data objects
US4999806A (en) * 1987-09-04 1991-03-12 Fred Chernow Software distribution system
US5010571A (en) * 1986-09-10 1991-04-23 Titan Linkabit Corporation Metering retrieval of encrypted data stored in customer data retrieval terminal
US5014234A (en) * 1986-08-25 1991-05-07 Ncr Corporation System with software usage timer and counter for allowing limited use but preventing continued unauthorized use of protected software
US5023907A (en) * 1988-09-30 1991-06-11 Apollo Computer, Inc. Network license server
US5103476A (en) * 1990-11-07 1992-04-07 Waite David P Secure system for activating personal computer software at remote locations
US5113519A (en) * 1989-05-15 1992-05-12 International Business Machines Corporation Maintenance of file attributes in a distributed data processing system
US5136643A (en) * 1989-10-13 1992-08-04 Fischer Addison M Public/key date-time notary facility
US5138712A (en) * 1989-10-02 1992-08-11 Sun Microsystems, Inc. Apparatus and method for licensing software on a network of computers
US5183404A (en) * 1992-04-08 1993-02-02 Megahertz Corporation Systems for connection of physical/electrical media connectors to computer communications cards
US5191193A (en) * 1989-10-13 1993-03-02 Gemplus Card International System of payment or information transfer by money card with electronic memory
US5204897A (en) * 1991-06-28 1993-04-20 Digital Equipment Corporation Management interface for license management system
US5222134A (en) * 1990-11-07 1993-06-22 Tau Systems Corporation Secure system for activating personal computer software at remote locations
US5235642A (en) * 1992-07-21 1993-08-10 Digital Equipment Corporation Access control subsystem and method for distributed computer system using locally cached authentication credentials
US5276735A (en) * 1992-04-17 1994-01-04 Secure Computing Corporation Data enclave and trusted path system
US5276444A (en) * 1991-09-23 1994-01-04 At&T Bell Laboratories Centralized security control system
US5291596A (en) * 1990-10-10 1994-03-01 Fuji Xerox Co., Ltd. Data management method and system with management table indicating right of use
US5301231A (en) * 1992-02-12 1994-04-05 International Business Machines Corporation User defined function facility
US5311591A (en) * 1992-05-15 1994-05-10 Fischer Addison M Computer system security method and apparatus for creating and using program authorization information data structures
US5319705A (en) * 1992-10-21 1994-06-07 International Business Machines Corporation Method and system for multimedia access control enablement
US5337357A (en) * 1993-06-17 1994-08-09 Software Security, Inc. Method of software distribution protection
US5339091A (en) * 1986-07-07 1994-08-16 Semiconductor Energy Laboratory Co., Ltd. Paperless portable book
US5341429A (en) * 1992-12-04 1994-08-23 Testdrive Corporation Transformation of ephemeral material
US5381526A (en) * 1992-09-11 1995-01-10 Eastman Kodak Company Method and apparatus for storing and retrieving generalized image data
US5394469A (en) * 1994-02-18 1995-02-28 Infosafe Systems, Inc. Method and apparatus for retrieving secure information from mass storage media
US5410598A (en) * 1986-10-14 1995-04-25 Electronic Publishing Resources, Inc. Database usage metering and protection system and method
US5428606A (en) * 1993-06-30 1995-06-27 Moskowitz; Scott A. Digital information commodities exchange
US5432849A (en) * 1990-08-22 1995-07-11 International Business Machines Corporation Secure cryptographic operations using control vectors generated inside a cryptographic facility
US5438508A (en) * 1991-06-28 1995-08-01 Digital Equipment Corporation License document interchange format for license management system
US5444779A (en) * 1993-10-18 1995-08-22 Xerox Corporation Electronic copyright royalty accounting system using glyphs
US5499298A (en) * 1994-03-17 1996-03-12 National University Of Singapore Controlled dissemination of digital information
US5504837A (en) * 1993-05-10 1996-04-02 Bell Communications Research, Inc. Method for resolving conflicts among distributed entities through the generation of counter proposals by transversing a goal hierarchy with acceptable, unacceptable, and indeterminate nodes
US5504818A (en) * 1991-04-19 1996-04-02 Okano; Hirokazu Information processing system using error-correcting codes and cryptography
US5504814A (en) * 1991-07-10 1996-04-02 Hughes Aircraft Company Efficient security kernel for the 80960 extended architecture
US5509070A (en) * 1992-12-15 1996-04-16 Softlock Services Inc. Method for encouraging purchase of executable and non-executable software
US5530235A (en) * 1995-02-16 1996-06-25 Xerox Corporation Interactive contents revealing storage device
US5532920A (en) * 1992-04-29 1996-07-02 International Business Machines Corporation Data processing system and method to enforce payment of royalties when copying softcopy books
US5534975A (en) * 1995-05-26 1996-07-09 Xerox Corporation Document processing system utilizing document service cards to provide document processing services
US5619570A (en) * 1992-10-16 1997-04-08 Sony Corporation Information furnishing and collection system
US5621797A (en) * 1994-04-28 1997-04-15 Citibank, N.A. Electronic ticket presentation and transfer method
US5629980A (en) * 1994-11-23 1997-05-13 Xerox Corporation System for controlling the distribution and use of digital works
US5633932A (en) * 1995-12-19 1997-05-27 Intel Corporation Apparatus and method for preventing disclosure through user-authentication at a printing node
US5634012A (en) * 1994-11-23 1997-05-27 Xerox Corporation System for controlling the distribution and use of digital works having a fee reporting mechanism
US5638443A (en) * 1994-11-23 1997-06-10 Xerox Corporation System for controlling the distribution and use of composite digital works
US5649013A (en) * 1994-12-23 1997-07-15 Compuserve Incorporated Royalty tracking method and apparatus
US5655077A (en) * 1994-12-13 1997-08-05 Microsoft Corporation Method and system for authenticating access to heterogeneous computing services
US5708717A (en) * 1995-11-29 1998-01-13 Alasia; Alfred Digital anti-counterfeiting software method and apparatus
US5734891A (en) * 1991-11-04 1998-03-31 Saigh; Michael M. Systems and apparatus for electronic communication and storage of time encoded information
US5734823A (en) * 1991-11-04 1998-03-31 Microtome, Inc. Systems and apparatus for electronic communication and storage of information
US5737416A (en) * 1994-04-25 1998-04-07 International Business Machines Corporation Method and apparatus for enabling trial period use of software products: method and apparatus for utilizing a decryption stub
US5737413A (en) * 1992-04-24 1998-04-07 Fujitsu Limited Information distribution system wherein storage medium storing ciphered information is distributed
US5745569A (en) * 1996-01-17 1998-04-28 The Dice Company Method for stega-cipher protection of computer code
US5748783A (en) * 1995-05-08 1998-05-05 Digimarc Corporation Method and apparatus for robust information coding
US5757907A (en) * 1994-04-25 1998-05-26 International Business Machines Corporation Method and apparatus for enabling trial period use of software products: method and apparatus for generating a machine-dependent identification
US5761686A (en) * 1996-06-27 1998-06-02 Xerox Corporation Embedding encoded information in an iconic version of a text image
US5765152A (en) * 1995-10-13 1998-06-09 Trustees Of Dartmouth College System and method for managing copyrighted electronic media
US5768426A (en) * 1993-11-18 1998-06-16 Digimarc Corporation Graphics processing system employing embedded code signals
US5892900A (en) * 1996-08-30 1999-04-06 Intertrust Technologies Corp. Systems and methods for secure transaction management and electronic rights protection
US5910987A (en) * 1995-02-13 1999-06-08 Intertrust Technologies Corp. Systems and methods for secure transaction management and electronic rights protection
US5920861A (en) * 1997-02-25 1999-07-06 Intertrust Technologies Corp. Techniques for defining using and manipulating rights management data structures
US6047067A (en) * 1994-04-28 2000-04-04 Citibank, N.A. Electronic-monetary system
US6169976B1 (en) * 1998-07-02 2001-01-02 Encommerce, Inc. Method and apparatus for regulating the use of licensed products
US6233684B1 (en) * 1997-02-28 2001-05-15 Contenaguard Holdings, Inc. System for controlling the distribution and use of rendered digital works through watermaking
US6237099B1 (en) * 1996-02-14 2001-05-22 Fuji Xerox Co., Ltd. Electronic document management system
US6240185B1 (en) * 1996-08-12 2001-05-29 Intertrust Technologies Corporation Steganographic techniques for securely delivering electronic digital rights management control information over insecure communication channels
US6266618B1 (en) * 1997-12-15 2001-07-24 Elf Exploration Production Method for automatic detection of planar heterogeneities crossing the stratification of an environment
US6505300B2 (en) * 1998-06-12 2003-01-07 Microsoft Corporation Method and system for secure running of untrusted content
US20040006651A1 (en) * 2002-06-28 2004-01-08 Microsoft Corporation Type extensions to web services description language
US6678733B1 (en) * 1999-10-26 2004-01-13 At Home Corporation Method and system for authorizing and authenticating users
US20050060266A1 (en) * 2000-06-27 2005-03-17 Microsoft Corporation Method and system for limiting the use of user-specific software features
US7159007B2 (en) * 2000-08-31 2007-01-02 Schneider Automation Communication system for automation equipment based on the WSDL language

Family Cites Families (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4977594A (en) 1986-10-14 1990-12-11 Electronic Publishing Resources, Inc. Database usage metering and protection system and method
EP0268139A3 (en) 1986-11-05 1991-04-10 International Business Machines Corporation Manipulating rights-to-execute in connection with a software copy protection mechanism
US5109413A (en) 1986-11-05 1992-04-28 International Business Machines Corporation Manipulating rights-to-execute in connection with a software copy protection mechanism
US5260999A (en) 1991-06-28 1993-11-09 Digital Equipment Corporation Filters in license management system
US5940504A (en) 1991-07-01 1999-08-17 Infologic Software, Inc. Licensing management system and method in which datagrams including an address of a licensee and indicative of use of a licensed product are sent from the licensee's site
US6135646A (en) 1993-10-22 2000-10-24 Corporation For National Research Initiatives System for uniquely and persistently identifying, managing, and tracking digital objects
US5477263A (en) 1994-05-26 1995-12-19 Bell Atlantic Network Services, Inc. Method and apparatus for video on demand with fast forward, reverse and channel pause
US6963859B2 (en) 1994-11-23 2005-11-08 Contentguard Holdings, Inc. Content rendering repository
JPH08263438A (en) 1994-11-23 1996-10-11 Xerox Corp Distribution and use control system of digital work and access control method to digital work
US5717604A (en) 1995-05-25 1998-02-10 Wiggins; Christopher Network monitoring system for tracking, billing and recovering licenses
US5673316A (en) 1996-03-29 1997-09-30 International Business Machines Corporation Creation and distribution of cryptographic envelope
US5918013A (en) * 1996-06-03 1999-06-29 Webtv Networks, Inc. Method of transcoding documents in a network environment using a proxy server
US6044466A (en) 1997-11-25 2000-03-28 International Business Machines Corp. Flexible and dynamic derivation of permissions
US6226618B1 (en) 1998-08-13 2001-05-01 International Business Machines Corporation Electronic content delivery system
US6327652B1 (en) 1998-10-26 2001-12-04 Microsoft Corporation Loading and identifying a digital rights management operating system
US6331207B1 (en) * 1999-02-10 2001-12-18 Ronald Frank Gebhardt Method of treating cement kiln dust for recovery and recycle
US20020077984A1 (en) 2000-12-19 2002-06-20 Mark Ireton Enabling protected digital media to be shared between playback devices
US8001053B2 (en) 2001-05-31 2011-08-16 Contentguard Holdings, Inc. System and method for rights offering and granting using shared state variables
US7774280B2 (en) 2001-06-07 2010-08-10 Contentguard Holdings, Inc. System and method for managing transfer of rights using shared state variables
US8001054B1 (en) 2001-07-10 2011-08-16 American Express Travel Related Services Company, Inc. System and method for generating an unpredictable number using a seeded algorithm

Patent Citations (99)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US556855A (en) * 1896-03-24 Automatic car-switching system
US3263158A (en) * 1963-08-15 1966-07-26 Motorola Inc Saturable reactor voltage control circuit
US3798605A (en) * 1971-06-30 1974-03-19 Ibm Centralized verification system
US3790700A (en) * 1971-12-17 1974-02-05 Hughes Aircraft Co Catv program control system
US4278837A (en) * 1977-10-31 1981-07-14 Best Robert M Crypto microprocessor for executing enciphered programs
US4159468A (en) * 1977-11-17 1979-06-26 Burroughs Corporation Communications line authentication device
US4323921A (en) * 1979-02-06 1982-04-06 Etablissement Public De Diffusion Dit "Telediffusion De France" System for transmitting information provided with means for controlling access to the information transmitted
US4529870A (en) * 1980-03-10 1985-07-16 David Chaum Cryptographic identification, financial transaction, and credential device
US4442486A (en) * 1981-11-25 1984-04-10 U.S. Philips Corporation Protected programmable apparatus
US4593376A (en) * 1983-04-21 1986-06-03 Volk Larry N System for vending program cartridges which have circuitry for inhibiting program usage after preset time interval expires
US4658093A (en) * 1983-07-11 1987-04-14 Hellman Martin E Software distribution system
US4644493A (en) * 1984-09-14 1987-02-17 International Business Machines Corporation Implementing a shared higher level of privilege on personal computers for copy protection of software
US4891838A (en) * 1985-11-04 1990-01-02 Dental Data Service, Inc. Computer accessing system
US5339091A (en) * 1986-07-07 1994-08-16 Semiconductor Energy Laboratory Co., Ltd. Paperless portable book
US5014234A (en) * 1986-08-25 1991-05-07 Ncr Corporation System with software usage timer and counter for allowing limited use but preventing continued unauthorized use of protected software
US5010571A (en) * 1986-09-10 1991-04-23 Titan Linkabit Corporation Metering retrieval of encrypted data stored in customer data retrieval terminal
US4827508A (en) * 1986-10-14 1989-05-02 Personal Library Software, Inc. Database usage metering and protection system and method
US5410598A (en) * 1986-10-14 1995-04-25 Electronic Publishing Resources, Inc. Database usage metering and protection system and method
US4817140A (en) * 1986-11-05 1989-03-28 International Business Machines Corp. Software protection system using a single-key cryptosystem, a hardware-based authorization system and a secure coprocessor
US4796220A (en) * 1986-12-15 1989-01-03 Pride Software Development Corp. Method of controlling the copying of software
US4999806A (en) * 1987-09-04 1991-03-12 Fred Chernow Software distribution system
US4937863A (en) * 1988-03-07 1990-06-26 Digital Equipment Corporation Software licensing management system
US4924378A (en) * 1988-06-13 1990-05-08 Prime Computer, Inc. License mangagement system and license storage key
US5023907A (en) * 1988-09-30 1991-06-11 Apollo Computer, Inc. Network license server
US4953209A (en) * 1988-10-31 1990-08-28 International Business Machines Corp. Self-verifying receipt and acceptance system for electronically delivered data objects
US4932056A (en) * 1989-03-16 1990-06-05 Yeda Research And Development Company Limited Method and apparatus for user identification based on permuted kernels
US5113519A (en) * 1989-05-15 1992-05-12 International Business Machines Corporation Maintenance of file attributes in a distributed data processing system
US5138712A (en) * 1989-10-02 1992-08-11 Sun Microsystems, Inc. Apparatus and method for licensing software on a network of computers
US5136643A (en) * 1989-10-13 1992-08-04 Fischer Addison M Public/key date-time notary facility
US5191193A (en) * 1989-10-13 1993-03-02 Gemplus Card International System of payment or information transfer by money card with electronic memory
US5432849A (en) * 1990-08-22 1995-07-11 International Business Machines Corporation Secure cryptographic operations using control vectors generated inside a cryptographic facility
US5291596A (en) * 1990-10-10 1994-03-01 Fuji Xerox Co., Ltd. Data management method and system with management table indicating right of use
US5103476A (en) * 1990-11-07 1992-04-07 Waite David P Secure system for activating personal computer software at remote locations
US5222134A (en) * 1990-11-07 1993-06-22 Tau Systems Corporation Secure system for activating personal computer software at remote locations
US5504818A (en) * 1991-04-19 1996-04-02 Okano; Hirokazu Information processing system using error-correcting codes and cryptography
US5438508A (en) * 1991-06-28 1995-08-01 Digital Equipment Corporation License document interchange format for license management system
US5204897A (en) * 1991-06-28 1993-04-20 Digital Equipment Corporation Management interface for license management system
US5504814A (en) * 1991-07-10 1996-04-02 Hughes Aircraft Company Efficient security kernel for the 80960 extended architecture
US5276444A (en) * 1991-09-23 1994-01-04 At&T Bell Laboratories Centralized security control system
US5734891A (en) * 1991-11-04 1998-03-31 Saigh; Michael M. Systems and apparatus for electronic communication and storage of time encoded information
US5734823A (en) * 1991-11-04 1998-03-31 Microtome, Inc. Systems and apparatus for electronic communication and storage of information
US5301231A (en) * 1992-02-12 1994-04-05 International Business Machines Corporation User defined function facility
US5183404A (en) * 1992-04-08 1993-02-02 Megahertz Corporation Systems for connection of physical/electrical media connectors to computer communications cards
US5276735A (en) * 1992-04-17 1994-01-04 Secure Computing Corporation Data enclave and trusted path system
US5502766A (en) * 1992-04-17 1996-03-26 Secure Computing Corporation Data enclave and trusted path system
US5737413A (en) * 1992-04-24 1998-04-07 Fujitsu Limited Information distribution system wherein storage medium storing ciphered information is distributed
US5532920A (en) * 1992-04-29 1996-07-02 International Business Machines Corporation Data processing system and method to enforce payment of royalties when copying softcopy books
US5412717A (en) * 1992-05-15 1995-05-02 Fischer; Addison M. Computer system security method and apparatus having program authorization information data structures
US5311591A (en) * 1992-05-15 1994-05-10 Fischer Addison M Computer system security method and apparatus for creating and using program authorization information data structures
US5235642A (en) * 1992-07-21 1993-08-10 Digital Equipment Corporation Access control subsystem and method for distributed computer system using locally cached authentication credentials
US5381526A (en) * 1992-09-11 1995-01-10 Eastman Kodak Company Method and apparatus for storing and retrieving generalized image data
US5619570A (en) * 1992-10-16 1997-04-08 Sony Corporation Information furnishing and collection system
US5319705A (en) * 1992-10-21 1994-06-07 International Business Machines Corporation Method and system for multimedia access control enablement
US5341429A (en) * 1992-12-04 1994-08-23 Testdrive Corporation Transformation of ephemeral material
US5509070A (en) * 1992-12-15 1996-04-16 Softlock Services Inc. Method for encouraging purchase of executable and non-executable software
US5504837A (en) * 1993-05-10 1996-04-02 Bell Communications Research, Inc. Method for resolving conflicts among distributed entities through the generation of counter proposals by transversing a goal hierarchy with acceptable, unacceptable, and indeterminate nodes
US5337357A (en) * 1993-06-17 1994-08-09 Software Security, Inc. Method of software distribution protection
US5428606A (en) * 1993-06-30 1995-06-27 Moskowitz; Scott A. Digital information commodities exchange
US5539735A (en) * 1993-06-30 1996-07-23 Moskowitz; Scott A. Digital information commodities exchange
US5444779A (en) * 1993-10-18 1995-08-22 Xerox Corporation Electronic copyright royalty accounting system using glyphs
US5768426A (en) * 1993-11-18 1998-06-16 Digimarc Corporation Graphics processing system employing embedded code signals
US5394469A (en) * 1994-02-18 1995-02-28 Infosafe Systems, Inc. Method and apparatus for retrieving secure information from mass storage media
US5499298A (en) * 1994-03-17 1996-03-12 National University Of Singapore Controlled dissemination of digital information
US5737416A (en) * 1994-04-25 1998-04-07 International Business Machines Corporation Method and apparatus for enabling trial period use of software products: method and apparatus for utilizing a decryption stub
US5757907A (en) * 1994-04-25 1998-05-26 International Business Machines Corporation Method and apparatus for enabling trial period use of software products: method and apparatus for generating a machine-dependent identification
US6047067A (en) * 1994-04-28 2000-04-04 Citibank, N.A. Electronic-monetary system
US5621797A (en) * 1994-04-28 1997-04-15 Citibank, N.A. Electronic ticket presentation and transfer method
US5638443A (en) * 1994-11-23 1997-06-10 Xerox Corporation System for controlling the distribution and use of composite digital works
US5634012A (en) * 1994-11-23 1997-05-27 Xerox Corporation System for controlling the distribution and use of digital works having a fee reporting mechanism
US5629980A (en) * 1994-11-23 1997-05-13 Xerox Corporation System for controlling the distribution and use of digital works
US5655077A (en) * 1994-12-13 1997-08-05 Microsoft Corporation Method and system for authenticating access to heterogeneous computing services
US5649013A (en) * 1994-12-23 1997-07-15 Compuserve Incorporated Royalty tracking method and apparatus
US6185683B1 (en) * 1995-02-13 2001-02-06 Intertrust Technologies Corp. Trusted and secure techniques, systems and methods for item delivery and execution
US6389402B1 (en) * 1995-02-13 2002-05-14 Intertrust Technologies Corp. Systems and methods for secure transaction management and electronic rights protection
US5910987A (en) * 1995-02-13 1999-06-08 Intertrust Technologies Corp. Systems and methods for secure transaction management and electronic rights protection
US5915019A (en) * 1995-02-13 1999-06-22 Intertrust Technologies Corp. Systems and methods for secure transaction management and electronic rights protection
US6237786B1 (en) * 1995-02-13 2001-05-29 Intertrust Technologies Corp. Systems and methods for secure transaction management and electronic rights protection
US6253193B1 (en) * 1995-02-13 2001-06-26 Intertrust Technologies Corporation Systems and methods for the secure transaction management and electronic rights protection
US5917912A (en) * 1995-02-13 1999-06-29 Intertrust Technologies Corporation System and methods for secure transaction management and electronic rights protection
US5530235A (en) * 1995-02-16 1996-06-25 Xerox Corporation Interactive contents revealing storage device
US5748783A (en) * 1995-05-08 1998-05-05 Digimarc Corporation Method and apparatus for robust information coding
US5534975A (en) * 1995-05-26 1996-07-09 Xerox Corporation Document processing system utilizing document service cards to provide document processing services
US5765152A (en) * 1995-10-13 1998-06-09 Trustees Of Dartmouth College System and method for managing copyrighted electronic media
US5708717A (en) * 1995-11-29 1998-01-13 Alasia; Alfred Digital anti-counterfeiting software method and apparatus
US5633932A (en) * 1995-12-19 1997-05-27 Intel Corporation Apparatus and method for preventing disclosure through user-authentication at a printing node
US5745569A (en) * 1996-01-17 1998-04-28 The Dice Company Method for stega-cipher protection of computer code
US6237099B1 (en) * 1996-02-14 2001-05-22 Fuji Xerox Co., Ltd. Electronic document management system
US5761686A (en) * 1996-06-27 1998-06-02 Xerox Corporation Embedding encoded information in an iconic version of a text image
US6240185B1 (en) * 1996-08-12 2001-05-29 Intertrust Technologies Corporation Steganographic techniques for securely delivering electronic digital rights management control information over insecure communication channels
US5892900A (en) * 1996-08-30 1999-04-06 Intertrust Technologies Corp. Systems and methods for secure transaction management and electronic rights protection
US5920861A (en) * 1997-02-25 1999-07-06 Intertrust Technologies Corp. Techniques for defining using and manipulating rights management data structures
US6233684B1 (en) * 1997-02-28 2001-05-15 Contenaguard Holdings, Inc. System for controlling the distribution and use of rendered digital works through watermaking
US6266618B1 (en) * 1997-12-15 2001-07-24 Elf Exploration Production Method for automatic detection of planar heterogeneities crossing the stratification of an environment
US6505300B2 (en) * 1998-06-12 2003-01-07 Microsoft Corporation Method and system for secure running of untrusted content
US6169976B1 (en) * 1998-07-02 2001-01-02 Encommerce, Inc. Method and apparatus for regulating the use of licensed products
US6678733B1 (en) * 1999-10-26 2004-01-13 At Home Corporation Method and system for authorizing and authenticating users
US20050060266A1 (en) * 2000-06-27 2005-03-17 Microsoft Corporation Method and system for limiting the use of user-specific software features
US7159007B2 (en) * 2000-08-31 2007-01-02 Schneider Automation Communication system for automation equipment based on the WSDL language
US20040006651A1 (en) * 2002-06-28 2004-01-08 Microsoft Corporation Type extensions to web services description language

Cited By (96)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040148514A1 (en) * 2000-06-21 2004-07-29 Fee Gregory D Evidence-based application security
US7669238B2 (en) * 2000-06-21 2010-02-23 Microsoft Corporation Evidence-based application security
US20040034770A1 (en) * 2002-08-15 2004-02-19 Microsoft Corporation Method and system for using a web service license
US7512782B2 (en) * 2002-08-15 2009-03-31 Microsoft Corporation Method and system for using a web service license
US20040215476A1 (en) * 2002-08-26 2004-10-28 Computer Associates Think, Inc. Web services apparatus and methods
US20080208954A1 (en) * 2003-02-25 2008-08-28 Novell, Inc.- A Delaware Corporation Method for performing distributed administration
US8769179B2 (en) * 2003-02-25 2014-07-01 Apple Inc. Method for performing distributed administration
US20040177044A1 (en) * 2003-03-03 2004-09-09 General Instrument Corporation Processing of copy control information for digital rights management
WO2004079722A2 (en) * 2003-03-03 2004-09-16 General Instrument Corporation Processing of copy control information for digital rights management
WO2004079722A3 (en) * 2003-03-03 2005-06-16 Gen Instrument Corp Processing of copy control information for digital rights management
US20050027871A1 (en) * 2003-06-05 2005-02-03 William Bradley Interoperable systems and methods for peer-to-peer service orchestration
US9235834B2 (en) 2003-06-05 2016-01-12 Intertrust Technologies Corporation Interoperable systems and methods for peer-to-peer service orchestration
US9424564B2 (en) 2003-06-05 2016-08-23 Intertrust Technologies Corporation Interoperable systems and methods for peer-to-peer service orchestration
US9235833B2 (en) 2003-06-05 2016-01-12 Intertrust Technologies Corporation Interoperable systems and methods for peer-to-peer service orchestration
US9317843B2 (en) 2003-06-05 2016-04-19 Intertrust Technologies Corporation Interoperable systems and methods for peer-to-peer service orchestration
US9466054B1 (en) 2003-06-05 2016-10-11 Intertrust Technologies Corporation Interoperable systems and methods for peer-to-peer service orchestration
US8234387B2 (en) * 2003-06-05 2012-07-31 Intertrust Technologies Corp. Interoperable systems and methods for peer-to-peer service orchestration
US20050055315A1 (en) * 2003-09-09 2005-03-10 Microsoft Corporation System and method for manifest generation
US7814551B2 (en) * 2003-09-09 2010-10-12 Microsoft Corporation System and method for manifest generation
US20050071276A1 (en) * 2003-09-30 2005-03-31 International Business Machines Corporation Method for automatic creation and configuration of license models and policies
US11157915B2 (en) 2003-09-30 2021-10-26 Green Market Square Limited Automatic creation and configuration of license models and policies
US10521800B2 (en) * 2003-09-30 2019-12-31 International Business Machines Corporation Method for automatic creation and configuration of license models and policies
US9491215B2 (en) 2003-10-16 2016-11-08 Gula Consulting Limited Liability Company Electronic media distribution system
US8973160B2 (en) 2003-10-16 2015-03-03 Precisionist Fund Ii, Llc Electronic media distribution systems
US7281274B2 (en) 2003-10-16 2007-10-09 Lmp Media Llc Electronic media distribution system
US7917965B2 (en) 2003-10-16 2011-03-29 Lmp Media Llc Electronic media distribution system
US9648069B2 (en) 2003-10-16 2017-05-09 Gula Consulting Limited Liability Company Electronic media distribution system
US10257243B2 (en) 2003-10-16 2019-04-09 Gula Consulting Limited Liability Company Electronic media distribution system
US7386483B1 (en) * 2004-03-01 2008-06-10 Sprint Communications Company L.P. Electronic marketplace system and method for selling web services
US8745579B2 (en) 2004-04-26 2014-06-03 Google Inc. Methods and systems for dynamically composing distributed interactive applications from high-level programming languages
US20080022267A1 (en) * 2004-04-26 2008-01-24 Google Inc. Method and System for Dynamically Composing Distributed Interactive Applications from High-Level Programming Languages
US8229858B1 (en) * 2004-09-30 2012-07-24 Avaya Inc. Generation of enterprise-wide licenses in a customer environment
US10503877B2 (en) 2004-09-30 2019-12-10 Avaya Inc. Generation of enterprise-wide licenses in a customer environment
US8768850B2 (en) 2004-11-18 2014-07-01 Contentguard Holdings, Inc. Method, system, and device for license-centric content consumption
US20060225055A1 (en) * 2005-03-03 2006-10-05 Contentguard Holdings, Inc. Method, system, and device for indexing and processing of expressions
US20060230397A1 (en) * 2005-03-30 2006-10-12 Cook Johanna M Method for third-party registration of software components
US8688997B2 (en) * 2005-04-20 2014-04-01 Adobe Systems Incorporated Using digital certificates in document distribution
US20070055743A1 (en) * 2005-09-02 2007-03-08 Pirtle Ross M Remote control media player
US8776216B2 (en) 2005-10-18 2014-07-08 Intertrust Technologies Corporation Digital rights management engine systems and methods
US8688583B2 (en) 2005-10-18 2014-04-01 Intertrust Technologies Corporation Digital rights management engine systems and methods
US9626667B2 (en) 2005-10-18 2017-04-18 Intertrust Technologies Corporation Digital rights management engine systems and methods
US7886052B2 (en) * 2006-05-02 2011-02-08 Airwide Solutions Oy Capability broker and messaging system
US20090187633A1 (en) * 2006-05-02 2009-07-23 Airwide Solutions Oy Capability broker and messaging system
US20100299264A1 (en) * 2007-09-12 2010-11-25 Sony Corporation Open market content distribution
US10909491B2 (en) 2007-09-12 2021-02-02 Sony Corporation Open market content distribution
US9412125B2 (en) 2007-09-12 2016-08-09 Sony Corporation Open market content distribution
US20090138891A1 (en) * 2007-11-27 2009-05-28 Winig Robert J Integrating service-oriented architecture applications with a common messaging interface
US10049190B1 (en) * 2007-12-21 2018-08-14 Symantec Corporation Method and apparatus for remotely managing a resource at a computer
US9323938B2 (en) * 2007-12-31 2016-04-26 Enterra Solutions, Llc Holistic XACML and obligation code automatically generated from ontologically defined rule set
US20090320093A1 (en) * 2007-12-31 2009-12-24 Enterra Solutions, Llc Holistic xacml and obligation code automatically generated from ontologically defined rule set
US20100199105A1 (en) * 2009-02-02 2010-08-05 Samsung Electronics Co., Ltd. Method for playing digital contents and managing license and apparatus therefor
US20120136749A1 (en) * 2009-07-17 2012-05-31 Alcatel- Lucnet Shanghai Bell Co., Ltd Digital rights management (drm) method and apparatus in small and medium enterprise (sme) and method for providing drm service
US9883008B2 (en) 2010-01-15 2018-01-30 Endurance International Group, Inc. Virtualization of multiple distinct website hosting architectures
US9277022B2 (en) * 2010-01-15 2016-03-01 Endurance International Group, Inc. Guided workflows for establishing a web presence
US9197517B2 (en) 2010-01-15 2015-11-24 Endurance International Group, Inc. Migrating a web hosting service via a virtual network from one architecture to another
US10536544B2 (en) 2010-01-15 2020-01-14 Endurance International Group, Inc. Guided workflows for establishing a web presence
US20130204966A1 (en) * 2010-01-15 2013-08-08 Endurance International Group, Inc. Guided workflows for establishing a web presence
US20100185868A1 (en) * 2010-03-21 2010-07-22 William Grecia Personilized digital media access system
US20110099382A1 (en) * 2010-03-21 2011-04-28 William Grecia Personalized digital media access system (pdmas)
US8402555B2 (en) 2010-03-21 2013-03-19 William Grecia Personalized digital media access system (PDMAS)
US10657507B2 (en) * 2010-05-17 2020-05-19 Adobe Inc. Migration between digital rights management systems without content repackaging
US20130340085A1 (en) * 2010-05-17 2013-12-19 Katherine K. Nadell Migration between digital rights management systems without content repackaging
US10009384B2 (en) 2011-04-11 2018-06-26 Intertrust Technologies Corporation Information security systems and methods
US9589110B2 (en) 2011-04-11 2017-03-07 Intertrust Technologies Corporation Information security systems and methods
US9398050B2 (en) * 2013-02-01 2016-07-19 Vidder, Inc. Dynamically configured connection to a trust broker
US9692743B2 (en) 2013-02-01 2017-06-27 Vidder, Inc. Securing organizational computing assets over a network using virtual domains
US9648044B2 (en) 2013-02-01 2017-05-09 Vidder, Inc. Securing communication over a network using client system authorization and dynamically assigned proxy servers
US9282120B2 (en) 2013-02-01 2016-03-08 Vidder, Inc. Securing communication over a network using client integrity verification
US20140222955A1 (en) * 2013-02-01 2014-08-07 Junaid Islam Dynamically Configured Connection to a Trust Broker
US9942274B2 (en) 2013-02-01 2018-04-10 Vidder, Inc. Securing communication over a network using client integrity verification
US10652226B2 (en) 2013-02-01 2020-05-12 Verizon Patent And Licensing Inc. Securing communication over a network using dynamically assigned proxy servers
US10839402B1 (en) * 2014-03-24 2020-11-17 EMC IP Holding Company LLC Licensing model for tiered resale
US9361435B1 (en) * 2015-01-14 2016-06-07 Flexera Software Llc Multi-tier digital supply chain management
US10848313B2 (en) 2016-01-27 2020-11-24 Verizon Patent And Licensing Inc. Methods and systems for network security using a cryptographic firewall
US10469262B1 (en) 2016-01-27 2019-11-05 Verizon Patent ad Licensing Inc. Methods and systems for network security using a cryptographic firewall
US11265167B2 (en) 2016-01-27 2022-03-01 Verizon Patent And Licensing Inc. Methods and systems for network security using a cryptographic firewall
US11244031B2 (en) 2017-03-09 2022-02-08 Microsoft Technology Licensing, Llc License data structure including license aggregation
US10873497B2 (en) 2017-05-11 2020-12-22 Verizon Patent And Licensing Inc. Systems and methods for maintaining communication links
US10554480B2 (en) 2017-05-11 2020-02-04 Verizon Patent And Licensing Inc. Systems and methods for maintaining communication links
US11379560B2 (en) * 2019-03-18 2022-07-05 ServiceNow Inc. Systems and methods for license analysis
US11106554B2 (en) 2019-04-30 2021-08-31 JFrog, Ltd. Active-active environment control
US11921902B2 (en) 2019-04-30 2024-03-05 JFrog Ltd. Data bundle generation and deployment
US11886390B2 (en) 2019-04-30 2024-01-30 JFrog Ltd. Data file partition and replication
US11328096B2 (en) 2019-04-30 2022-05-10 JFrog, Ltd. Data bundle generation and deployment
US11340894B2 (en) 2019-04-30 2022-05-24 JFrog, Ltd. Data file partition and replication
US11726777B2 (en) 2019-04-30 2023-08-15 JFrog, Ltd. Data file partition and replication
US11386233B2 (en) 2019-04-30 2022-07-12 JFrog, Ltd. Data bundle generation and deployment
US11709744B2 (en) 2019-04-30 2023-07-25 JFrog Ltd. Active-active environment control
US11533331B2 (en) * 2019-07-19 2022-12-20 JFrog Ltd. Software release tracking and logging
US11502851B2 (en) 2019-07-19 2022-11-15 JFrog Ltd. Software release verification
US20210021633A1 (en) * 2019-07-19 2021-01-21 JFrog Ltd. Software release tracking and logging
US10972289B2 (en) 2019-07-19 2021-04-06 JFrog, Ltd. Software release verification
US11909890B2 (en) 2019-07-19 2024-02-20 JFrog Ltd. Software release verification
US10999314B2 (en) * 2019-07-19 2021-05-04 JFrog Ltd. Software release tracking and logging
US11695829B2 (en) 2020-01-09 2023-07-04 JFrog Ltd. Peer-to-peer (P2P) downloading
US11860680B2 (en) 2020-11-24 2024-01-02 JFrog Ltd. Software pipeline and release validation

Also Published As

Publication number Publication date
US10540484B2 (en) 2020-01-21
US20150059005A1 (en) 2015-02-26

Similar Documents

Publication Publication Date Title
US10540484B2 (en) Networked services licensing system and method
US7386513B2 (en) Networked services licensing system and method
EP1455479B1 (en) Enrolling/sub-enrolling a digital rights management (DRM) server into a DRM architecture
US7814025B2 (en) Methods and apparatus for title protocol, authentication, and sharing
US8719171B2 (en) Issuing a publisher use license off-line in a digital rights management (DRM) system
JP4892640B2 (en) Dynamic negotiation of security configuration between web services
AU2017225928A1 (en) Systems and methods for distributed data sharing with asynchronous third-party attestation
US20070271618A1 (en) Securing access to a service data object
Michiels et al. Towards a software architecture for DRM
AU2003219907B2 (en) Networked services licensing system and method
Mehta et al. Security in e-services and applications
JP2009104615A (en) Computer execution method and system for exercising rights
Shin Web services
Anand Java based GUI editor for SAML assertion manipulation
Kim et al. Trusted Information Sharing Model in Collaborative Systems
Singh et al. RESOLVE-Impervious Trusted Semantic Web

Legal Events

Date Code Title Description
AS Assignment

Owner name: CONTENTGUARD HOLDINGS, INC., DELAWARE

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:LAO, GUILLERMO;HAM, MANUEL;CHEN, EDDIE J.;AND OTHERS;REEL/FRAME:014181/0673;SIGNING DATES FROM 20030430 TO 20030505

STCB Information on status: application discontinuation

Free format text: ABANDONED -- AFTER EXAMINER'S ANSWER OR BOARD OF APPEALS DECISION