AU2013299720A1 - Computerized method and system for managing secure content sharing in a networked secure collaborative exchange environment - Google Patents

Computerized method and system for managing secure content sharing in a networked secure collaborative exchange environment Download PDF

Info

Publication number
AU2013299720A1
AU2013299720A1 AU2013299720A AU2013299720A AU2013299720A1 AU 2013299720 A1 AU2013299720 A1 AU 2013299720A1 AU 2013299720 A AU2013299720 A AU 2013299720A AU 2013299720 A AU2013299720 A AU 2013299720A AU 2013299720 A1 AU2013299720 A1 AU 2013299720A1
Authority
AU
Australia
Prior art keywords
users
content
user
access
computer data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
AU2013299720A
Other versions
AU2013299720B2 (en
Inventor
Wade Callison
Christopher Ford
Mushegh HAKHINIAN
Fahim Siddiqui
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Intralinks Inc
Original Assignee
Intralinks Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Intralinks Inc filed Critical Intralinks Inc
Publication of AU2013299720A1 publication Critical patent/AU2013299720A1/en
Application granted granted Critical
Publication of AU2013299720B2 publication Critical patent/AU2013299720B2/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/104Grouping of entities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6272Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database by registering files or documents with a third party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution
    • H04L2209/603Digital right managament [DRM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/101Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measures for digital rights management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network

Abstract

In embodiments of the present invention improved capabilities are described for securely sharing computer data content that allows for the secure un-sharing of the content. The facility to un-share content may be implemented through a secure exchange server, where the content is being shared along with a secure protection feature that when altered results in the un-sharing of the content. This secure un-sharing facility may be used to securely share content beyond the secure protective facilities of an enterprise, out to users in other companies, into the public space, to users not intended to get the content, and the like, where the sender maintains control to access of the content no matter where or to who the content has been distributed. In this way, the secure sharing of content is made to be easy across corporate boundaries at the user level and at the individual document level.

Description

WO 2014/025809 PCT/US2013/053835 COMP UTERIZED METHOD AND SYSTEM FOR MANAGING SECURE CONTENT SHARING IN A N ElTWORKED SECURE COLLABORATIVE EXCHANGE ENVIRON MENT CROSS-REFERENCE TO RELATED APPLiCATIONS [0001] This application cams the benefit oflie following provisional applications, each of which are hereby incorporated by reference in its entirety: U.S. Patent Application No. 61/680,115 fied August 6, 2012: U.S. Patent Application No. 61/702,587 filed September 18, 2012; U.S. Patent Application No. 61/715,989 filed October 19, 2012; U.S. Patent Application No. 61/734,890 filed December 7, 2012, and U.S. Patent Application No. 61/783,868 filed March 14, 2013, [0002] This application s a continuation-in-part of die following non-provisional application, which is hereby incorporated by reference in its entirety: 13/871,593 filed April 26, 2013, which claims the benefit of the following provisional applications, each of which Is incorporated by reference in ts entirety: U.S. Patent Apphcation No. 61/639,576 filed April 7, 2012, U.S. Patent Application No. 61/680,1 15 filed August 6,2012; U.S. Patent ApplicationNo. 61'702,587 filed September 18, 2012; U.S. Patent Application No. 61/715,989 filed October 19, 2012; U S. Patent Application No. 61/734,890 filed December 7. 2012. and U.S. Patent Application No. 61/783,868 filed March 14, 2013. FIELD OF THE INVENTION [0003] The present invention relates to networked secure content sharing and collaboration. BACKGROUND [0004] Despite the availability of the Internet, there is still no entirely satisfactory way for people at different companies or other entities to have the benefits of private network security, such as for collaborative work between enterprises on a daily basis and for ad hoc alliances, i.e., different sets of entities coming together to intion as one mega or meta entity, for the duration of some particular project. In such cases, the tune and expense of actually wiring a network between two or more companies or other entities and agreeing on one common software package or standard presents a barrier to conventional network solutions. In addition, any new process kor the sharing of content has in the past generally required the user to adopt new workflow components, applications, and habits that tend to be disruptive to the user's normal day-to-day workflow routine, e.g. when working internal to their enterprise and with piersonal use. Simply using the Internet remains imperfectly secure for the sharing of confidential information wthout some pire-arranged secure encryption processes has been cumbersome and unproductive, especially in today's increasing use of personal devices being incorporated into the workflow. There Is a need for such systems and for users to utilize the systems In sUch a Way that does not force them to adopt new' inrastructure, software, and business and personal processes in their daily workflow in order to achieve a shared and potentially secure extended work environment. [00051 Thus, there are still yet-unsolved probienis associated with different groups of companies or other entities to sharing securely over an expanding global network environment. S UMMARY [0006] The present disclosure describes methods and systems for securely sharing content (e.g., computer data content, such as documents, presentations, spreadsheets, emails, blog entries, texts, and the like) that allows for 'un sharing' of the content in a managed, secure manner. The facility to un-share content may be implemented through the content being shared along with a secure protection feature, such as being encrypted and wrapped in a unique fDRM wrapper where the protection feature specifies a user or group of users that are authorized to access the content tor view ing. When the content is shared with that user, access to the content may be revoked at any time (e.g. by clianging the DRM, removing access to the key, changing permissions, and the like). Further, if the sender of the content controls the protection feature, then the sender has complete lIfetime control of any content they distribute or provide access to. This secure un-sharing 1 WO 2014/025809 PCT/US2013/053835 facility may be used to securely share content beyond the secure protective facilities oftheir enterprise (e.g., allowing secure sharing beyond the firewall of the sender's enterprise), out to users in other companies, into the public space, to users not intended to get the content, and the like, where the send er maintain s complete control to access of the content, no matter where or to who the content has beei distribited. In this way, the secure sharing of content is made to be easy across corporate boundaries at the user level and at the individual content level (e.g., at the level of an individual document). 10007] In embodiments, a method for managing a networked secure collaborative computer data exchange environment may be provided, comprising establishing, by a secure exchange server managed by an intermediate business entity, a user login data authentication procedure that allows a user through at least one client computing device to access the secure exchange server, wherein the user s one of a plurality of users of a plurality of olher business entities and communications between the secure exchange server and the plurality of users is through a communications network; storing, by the secure exchange server, at least one user loin authentication data !or at least one of the plurality of users: receiving a computer data content from a first of the plurality of users, wherein the first of the plurality of users permits a sharing access to the computer data content to at least a second of the plurality of users, and wherein management for access to the computer data content is through an exchange content access facility managed by ihe intermediate business entity; granting, by the secure exchange server, sharing access to the computer data content to the at least second of the plurality of users when the secure exchange server receives from the second ofthe plurality of users its client login authentication data provided that the second of the plurality ofusers is one of the subset of the plurality of users to which snaring access is permitted; receiving a request from the at least second of the plurality of users to access a copy of the computer data content; granting, by the secure exchange server, the copy access request to the at least second of the plurality of users, wherein a copy of the computer data contend is made; receiving from the first of the plurality of users a request to revoke sharing access to the computer data content to the at least second of the plurality oftusers; revoking, by the secure exchange server, sharing access to the computer data content to the at least second of the plurality of users; and deleting access, by the secure exchange server, to the copy of the computer data content made by the at least second of the plurality of users. In embodiments, additional sharing of the computer data content within the plurality of users may be made, wherein the revoking of sharing access to the computer data content revokes access to all instances of the shared computer data content and all copies of the computer data content made by the plurality of users. The copy of the computer data content may be stored on the secure data server, wherein the copy of the computer data content may be deleted from the secure data server, arid wherein the deleting access to the computer data content nay make the computer data content inaccessible to the at least ithe second of the pluralty of users. The copy of the computer data content may be stored on a client coinuting device by the at least second of tie plurality of users. The deleting access to the copy ofthe computer data content may be revocation of digital rights management of the computer data content. The revocation of the digital rights management of the computer data content nay b nade by the first of the plurality of users. The computer data content may be a word processor document, a spreadsheet document, a presentation document, an email, a text, a blog entry, a multimedia file, and the like. The computer data content may be a secure encrypted computer data content. The computer data content may be viewed by the at least second of tie plurality of client users through a secure viewing facility. The at least second of the Plurality of users may be connected to a public network that is outside of the firewall for the business entity that minages the first or second of the plurality of users. The at least second of the plurality of users may access the computer data content through a personal computing device that is not owned by the business entity that manages the at least second of the plurality of users. The at least second of the plurality of users may access the computer data content through a mobile computing device. The exchange content access f3cility may be interfaced through a dashboard facility accessible though at least the first of the plurality of users. The dashboard facility may provide reports showing activity related the sharing of computer data content Tie dashboard facility may be accessible through third-party environments. The dashboard facility nay track the location and version of the shared computer data content on computing devices accessibe by the at least second of the plurality of users. The communications network may be a wide area network, such as the Internet. 2 WO 2014/025809 PCT/US2013/053835 10008] In embodiments, a method for managing a net-worked secure collaborative computer data exchange environment may be provided, comprising establishing, by a secure exchange server managed by an intermediate business entity, a user login data authentication procedure that allows a user through at least one client computing device to access tihe secure exchange server, wherein the user is one of a plurality of users of a plurality of other business entities and communications between the secure exchange server and the plurality of users is through a communications network; storing, by the secure exchange server, at least one user login authentication data for each of the plurality of users: receiving a computer data content from a first of the plurality of users, wherein the first of the plrality of users permits a sharing access to the computer darn content to a subset of the plurality of users, and wherein management for access to the computer data content is through an exchange content access facility managed by the intermediate business entity; granting, by the secure exchange server, sharing access to the computer data content to individuals within the subset of the plurality of users when the secure exchange server receives trom the individuals their client login authentication data: receiving a request from at least a second of the plurality of users to access a copy of the computer data content: granting, by the secure exchange server, the copy access request to the at least second of the plurality of users, wherein a copy of the computer data content is made; receiving firoii the first of the plurality of users a request to revoke snaring access to the computer data content to the subset of the plurality of users; and revoking, by the secure exchange server, sharing access to all instances of the computer data content ton the subset of the plurality of users. In embodiments, the revoking of shared access to all instances of the computer data content may be revoking, shared access to all instances of the computer data content on all comouer devices tat the subset of the plurality of users have stod the computer data contest. The stored computer data content nay be a copy of the computer data content. The stored computer data content nay be an annotated version of the computer data content. 100091 These and other systems, methods, objects, features, and advantages of the present invention will be apparent to those skilled in the art from the following detailed description of the preferred embodiment and the drawings. All documents iientioned herein are hereby incorporated in their entirety by reference. BRIEF DESCRIPTION OF THE FIGURES 10010] The invention and the allowing detailed description of certain embodiments thereof may be understood by reference to the following figures: [ooi1] Fig. I depicts a top-level block diagram of the present invention. 100121 Fig. 2 depicts functions of a host in an enibodinient of the present invention. [0013] Fig. 3 depicts a functional block diagran for the community facility in an embodinment of the present invention 100141 Figs. 3A-3R depict embodiments of the community facility user interface. [00151 Fig. 4 depicts a functional block diagram for the atnendient voting facility in an embodimtient of the present invention. [0016] Fig. 4A depicts a flow diagram for an embodiment process flow of the amendment voting facility. 100171 Figs. 4B-4H depict embodiments of the amendment voting facility user interface. 100181 Fig. 5 depicts a functional block diagram for the secure e-signing facility in an embodiient of the present invention. 100191 Figs. 5A--5G depict embodinlents of the e-signing process user interace. [0020] Fig. 6 depicts a national block diagram for the dashboard facility in an enbodinment of the present invention. 100211 Figs. 6A-6K depict embodiments of the dashboard facility user interface. 100221 Fig. 7 depicts a ftinctional block diagram for the enail-in facility in an enibodiment of the present invention. 100231 Figs. 7A-7M depict embodiments of the enlail-in facility user interface. 3 WO 2014/025809 PCT/US2013/053835 100241 Fig. 8 depicts a functional block diagram for the viewer facihty in an embodiment of the present invention. [0025] Figs. 8A-8G depict embodiments of the viewer facility. 00261 Fig 9 depicts a funtionai block diagram for the moble device interface facility in an embodiment of the present invention. 10027] Figs. 9A-9K depict embodiments of the mobile device viewing interface. [0028] Fig. 10 depicts a functional block diagram for an un-sharing facility in an embodiment of the present invention. 100291 Fig iOA depicts an ilMstrative process flow diagram that in part describes an interaction utilizing the on-sharing facility. 10030] While the invention has been described in connection wiih certain preferred embodiments, other embodiments would be understood by one of ordinary skill in the art and are encompassed herein. 10031] All documents referenced herein are hereby incorporated by reference. DETAILED DESCRIPTION 10032] The present invention may be used lor a secure exchange service (alternatively referred to as an changeg' or 'exchange service' throughout this disclosure) where many types of communications are required between different parties that are associating for a temporary transaction or project, but as competitors or for otiter reasons are not suitable for a pennanent communication network (such as an intranet or enterprise network, such as a LAN or WAN) as might be used for a single government agency, single corporation, or other single enterprise or institution. Transaction projects involving financial transactions and projects involving complex legal agreements (such as mergers, acquisitions, and the like) are situations in the which the methods and systems described herein are particularly suitable; however, these are not necessarily the only sort of projects appropriate, as any project hi which parties need to sitare confidential information across entities, outside the boundaries of the network of a single entity. may benefit from the methods and systems described herein. 10033] In an example, transactions within the banking industry may provide a situation where a secure exchange service may be particularly applicable, where ad hoc syndicates are formed under the leadership of one or more lead banks to permit a number of agent or associate banks to participate in a major loan to a borrower. Such loans have become niore common and may involve loans inm excess of one billion dollars. Syndication of such large loans is used since any one bank is not prepared to lend such a large amount to a single customer. Conventionally, proposed terms of a loan are negotiated between the borrower and the lead banks, each in consultation with is advisors such as legal counsel, public relations consultants, accountants and insurance carriers. In soie instances, some advisors may be i-itouse advisors as employees of a given entity and thus constitute an internal team. However, tite advisors in maity instances may be independently associated with external entities such as law finns or major accounting firns and thus constitute either external teams or combinations of tie above. The lead bank(s) negotiates with the borrower to arrive at terms and conditions for the loan, such as the interest rate, repayment schedule, security and the bank's fee for processing and syndicating the loan. The lead bank may agree to underwrite the entire loan in which case the lead bank uses syndication to create sub-loans between it and other banks to raise the funds for the loan. All of these transactions require management of voluminous amounts of documentation, most of which is confidential and whose disclosure could result in huge damages to the borrower or lenders. Thus, it would be desirable to provide an exchange as described here which enables secure document transmission between users over a global communication network without requiring the users to communicate in advance to establish an encryption method fit this example, the exchange service may provide a suitable level of security with respect to each of the shared transactions, among companies that commonly may be vigorous conipetitors, with numerous confidential documents that the companies do not want uncontrollably shared among other members of the loan-project group or accessible by outsiders generally. Substantially secure communications is particularly of the utmost concern to all 4 WO 2014/025809 PCT/US2013/053835 parties to a syndicated loan transaction: the borrower, the lead bank. and the associate banks. A virtual network system provided through the exchange may readily provide substantial security to ensure that information and communications among all the various parties are secure. [00341 In embodiments, the exchange may enable electronic transmission and reception of confidential documents over a global communication network such as the Internet for distributing electronic documents containing sensitive information or data to selected entities, for notifying intended recipients of the availability of such documents, for tracking access, downloading and uploading of such documents, and the like. [0035] In embodiments, the exchange may only be accessed by authorized computers using an acceptable log-in procedure, including user natne and password. Cotmmunications within the exchange imay establish a eomnrnunicaltion session based upon a selected security protocol, and thereafter messages are transmitted between using such secure encryption. Communications may be exchanged via a secure encrypted commnication session using a selected encryption protocol, and may deny access if a secure session cannot be established at a desired secure level. [0036] In embodiments, the exchange may provide a Ully provisioned, turnkey service for users, where once tite user's enterprise has established ait account through the exchange, documents in electronic form tnay be uploaded to the secure site maintained through the exchange host server, where a variety of secure collaborative communications options may be chosen including document storage, e-mail, video broadcasting, video conferencing, white boarding, andt the like, to augment and manage interactive access to the documents, including, a user graphical interface for managing user interactions with one or nore exchanges. [00371 In etmbodiments, the exchange may provide a secure site for placing documents and messages to be transmitted over a secure virtual network and allows authorized users to read or edit messages according to their level of authorization. Any documents that are edited may be immediately available on the system so that other persons involved in the exchange has access to the edited or modified documents immediately. In addition, the exchange may provide tracking of each document to allow selected users to see who has had access to the messages and documents and who has modified or edited any ofthe documents. [0038] In embodinments, the exchange may provide a centralized firewall that may be employed to protect confidential information so 1hat no unauthorized access to such information occurs. A firewall, such as may be effectively used for corporate intranets,. may be applied in each exchange. Groups of users, such as on a virtual network, may be treated like a remote corporate office and restricted by firewall protocols from uncontrollable access to the information from other users. In addition, if needed, respective inter-user firewalls may be established to prevent one user from accessing information in the host site of another user. The exchange may be particularly suitable fOr communication among multiple unrelated groups of users, since a centralzed firewall simplifies the logistics of each user having to separately provide access through their own respective local firewalls. In such a centralized architecture, tite host server, as opposed to being processed at each respective user, may con veiiendy process server access security data. Sitnilarly, system backup and recovery may be better handled by a centralized backup and recovery system, as opposed to such recovery tasks being separately handled at a multiplicity of local sites. [0039] As depicted i Fig. 1, a phirality of exchange service users 1 10 of the exchange service may exchange data, such as documents, melssages, data, and tihe like, between a secure host server 102 and a plurality of user computers 104, 104A, 10413 across a network 108 (e.g. the Internet) in a secure manner such as only accessed by authorized user cmuesuigan acetbelgi rcdr.In emoiet, the user computers may interface with the network through a network server, a mail server, and the like, and in association with an enterprise intranet, where a firewall is present between the user computer and the network, and here the exchange is conducted between the user computers and the host computer through a secure exchange across the network and through the network server, mail seiver, and the ike. In another embodiment, the user computers may interact in the exchange with the host server across the network while away from or in the absence of the enterprise intranet and enterprise firewall. For instance, the user may be able to access the 5 WO 2014/025809 PCT/US2013/053835 exchange while at home, such as using a mobile enterprise computer, a personal owned computer, a mobile device, and the like. [0040] In embodiments, the exchange host server 102 may be distributed over a plurality of server computers, and therefore host server 102 should be viewed as an illustrative example of one of such multiple servers. in this way, the server computers may work together to provide essentially seamless access to a large number of users on various platforms with varying communications speeds. The server computers may nm under server management software which in turn may be responsible for coordination of services, maintaining state and system status, monitoring, security, and other administrative functions. In embodiments, a user computer having a suitable Web browser may directly access the host server, where the exchange may not need to provide each user with subscriber application software, such as including software modules for access, activation. viewhig, communications, and the like, relative to the exchange service. [0041] In embodiments, whenever an exchange of data is initiated, such as by a document being received at the host server 102 connected to a host database 1 12, the host server may extract the address of the intended recipient and create a notification to the recipients) of the existence of the data at the host server. The notification may contain the URL for the host server However the recipient may not be able to access tite message Unless the recipient is authorized to use the system, such as the recipient needing to be a registered user and have an assigned password to access the data, or other repository at tdie host server where data is stored, such as on a user database 1(8, 108A, or 108B. If the intended recipient is granted access to the boss server, the recipient may then locate the message Intended for them by browsing through all messages to which the recipient has been granted access. [00421 While the notification sent to she intended recipient may be sent using standard Internet protocol without encryption, once the user computer contacts the host server, the server may establish a secure encrypted communication session using a selected encryption protocol. The host server nay deity access ifa secure session cannot be established at a desired secure level, such as I28-bit encryption. [0043 1 i embodiments. exchange services for different users may utilize separate software structured server databases 108, 108A, 108B. For example, company 'A' and company '13' may use the sane secure host server 102, but each company's data nay be maintained in separate databases 1 08A and 10813, although perhaps in the same physical data storage facility. This feature offers the advantage of allowing the host server to be customized for each company. For example, when the external user accesses the host server, the host server tnay recognize the user and associate the user with a particular one of the companies A and B. Using this recognition, tite host server may present a customized browser interface which makes the host server look like the selected company. To the external user, it may appear that they have been connected directly to tie company server rather than the host server. Thus, tdie present invention may allow a user to securely send data such that the network connectloi is substantially transparent to the user. Further, the system inay provide customzation of she remote host server for each of a plurality of different users such titat an external user accessing the remote server mtay appear to be connected to an internal client server. [0044] Fig. 2 shows further details in connection with the server software that may be readily incorporated in the host server 102, including a community facility 202, amendment voting facility 204, e-signing facility 208, dashboard facility 210, email-in facility 212, viewer facility 214, mobile device interface facility 218, network service facility 220, distribution facility 222, interface facility 224, formal conversion facility 228, sign-on facility 230, encryption facility 232, usage facility 234, syndication facility 238, transaction identification facility 2401 link facility 242, user authorization facility 244, authorized reader facility 248, authorized editor facility 250, notorization facility 252, mnltinedia facility 254, comment facility 258, and email facility 26. [0045] For example, the distribution facility 222 may allow the host server to electronically distribute data using seeire commimications among the plurality of users. 'The usage facility 234 may allow the host server to monitor the usage of the network to permit the users to he billed for the network service. The host server may be set up to manage a plurality of separate virta networks concurrently, with each such virtual network representing a different client, such as company A and company B. Further, a community facility 202 may provide for users of different coi.paties to be exposed 6 WO 2014/025809 PCT/US2013/053835 to one other even if the different companies have not had any previous contacts (e.g. through a shared exchange), and a dashboard facility 210 may provide companies to manage exchanges, documents, contacts, communications, preferences, and the like, 100461 The host server may offer a high level of security for all data by employing substantially secine network connections, and by means of security and encryption technologies developed for networks such as may be readily incorporated in the encryption facility 232. Additionally, the host server may provide highly secure access control by way of the user authorization lcility 244 that may allow only authorized personnel to access individual messages and related documents and comnmunications. The viewer facility 214 may be able to protect documents from unauthorized viewing, printing, saving, and the like, and a mobile device interface facility 218 'nay enable secure viewing on a mobile device, such as a personal tablet being used away from an enterprise network. The Email-in facility 212 may provide for the ability to add content to an exchange using regular e-mail, such as that is sent to a designated secure e-mail address. [0047] The host server may give each user the ability to electronically link or be interconnected via a link facility 242 with any number of other users. Although data may be preferably formatted in a particular form, such as may be readily implemented with a connnmercially available document exchange program other formats could be optionally accommodated using a suitable fonnat conversion facility 228. The multimedia facility 254 may also be used to process data into a format suitable lor presentation to the user in forms other than text, such as audio, still or moving images, and the like. [0048] The virtua-network viewer may also include a multimedia viewer facility configured to, for example, provide: viewing of interactive multimedia or mixed media memoranda through suitable decoders, such as audio decoders, Joint Photographic Experts Group (JPEG) stl: image decoders, and Moving Pictures Experts Group (MPEG) moving image decoders. 'De virtual-network viewer may also support varous collaborative communications options such as e-mail, video conferencing and white boarding wiJch are enabled lor a given transaction pursuant to instructions from th e appropriate user. Of course, the range of multimedia capability and the collaborative communications options may vary depending on tte various groupware facilities available to the user. 10049] The notarization facility 252 may be provided to electronically certify any electronic data forwarded to users. such as incorporating electronic signature technology, and the like. The network service taciiity 220 may conveniently be used to display various data us connection with the network service such as additional services that may be available by the network service to the tisers. The above facilities may work jointly with the e-mail facility 260, the interface facility 224, and te lite, to se d notices of data for exclaitge and interface witit to securely pass data. 10050] A virtal-network viewer or browser may convenienly provide the end user with an easy-to-use graphical interface to data and other particularly confidential information on the network service's virtual-network service. The virtua-network service may provide identification of services available over the virtual network as well as a variety of options for accessing and retrieving data. 'Ihe virtual-network viewer -miay include the transaction identification facility 240 that, for example, may enable a user to quickly find anid access information. The vh'tual-network viewer may automatically provide a suitable connection to the user to the vitual-network service through the sign-oin facility 230. The viewer may also prompt the user to input one or more passwords or identifications which should be recognized by either the authorized editor facility 250 or the authorized reader facility 248 In order to access information on a database. 100511 For the convenience o- the users, soie data offered through the virtual-network service misay be designed as interactive multimedia documents that will include video, graphics, audio, and other multimedia elements. Multimedia communications may provide the user with a wide variety of information in addition to that provided by more standard text data. 10052] By way of an example, a syndication desk, i.e., one or more individuals authorized to be responsible for the ianagenent of a syndicated transaction, of a lead user may be able to broadcast and/or selectively send e-mail messages processed by the syndication facility 238 to associate users and vice-versa. For example, amendment data processed by the amendment voting facility 204 may be used to vote on changes to a transaction document amongst authorized users. The amended document may be conveniently distributed via email using the e-mail facility 260 for 7 WO 2014/025809 PCT/US2013/053835 providing associate users with up-to-the-in ute information about the transaction. Amendments or messages may be appended to the document at the host site of the network service where they may be ordinarily viewed by accessing the virtuai-netvork service that is authorized to access the document. E-mail messages or amendments may also be downloaded for printing or for attachment to local documents. Similarly, comment data in coiection with a transaction may be processed through the comment facility 258 for appropriate distribution to authorized users. Transaction documents may also be signed by authorized users through the e-signing facility 208. [0053] Referring to Fig. 3, the community faciliy 20I 2 may provide community, social, and the like facilities, as part of the system, such as to be able to expand a user's contacts ist through exposure to other users who use or are otherwise associated with the facilties and more generally to make it easier for users to find and connect with other users who may have mutual interests. The community facility 202 may allow community users 302, such as the plurality of exchange service users 1 10 and plurality of other community users 304, to find one another using industry-specific profiles, sucl as provided by a profile manager 308, to find other community users, invite users to comnicate by sending invitations through a communications manager 310, see status of invitation that Ihave been sent or received, and the like. Through a community user interface 312 and associated profile manager 308, communications manager 310. and profile search facility 314, the community facility 202 may provide the user with a larger visibility to the plurality of users in the system, allow them to declare how they want to be viewed, control whether they want to be viewed, determine whether they can participate or not, enable them to be anonymous (e.g. profile only), allow fhem to be fully visible to other users, allow them to be available to users within just a particular industry, and the like. If a user is in a particular industry, they may be able to view a basic description of that community, as well as to other idusuries that the user determines to be beneficial. The system may be provided a profile window in the community user interface 312 that is set up based on industry or technical specifications, such as for private equity, M&A, finance, legal, and the like. There may be a variety of different types of user profiles available, such as, in connection with transactions, a buyer side, an investor side, an advisor side, an expert side, a seller side, and the like. The community user interface 312 may provide a user set up through a step-through process wizard, where the user selects industries, subsets of industries, and the like. Users may be as specific or as general as they wish, and position themselves in the community as seeking opportunities, presenting opportunities, presenting themselves as an expert to be called on to facilitate, and the like. The system may provide for location information, specify a deal type, specify a deal size, and the like, to help people who are searching for these profiles. The user may be able to upload attachments, examples, and the like. A visibility setting may be provided, such as available to community members, where the user is optionally able to remain anonymous. If the user chooses to not be anonymous then they may be visible to users immediately, but still protected in the system. In an example, a user may be a "buyer" and an "advisor", where they can see their own profile or sub-profile, edit the sub-profile, add another profile, and the like. [00541 In embodiments, the community facility 202 may provide for search capabilities through the profile search facility 314, such as starting a new search, saving seashes, saving the history of a search, and the like, to begin interacting with the profiles of users. The searcher may be able to search by a particular industry, investors, deal size, deal type, geography, type of profile and the like. The user may begin a search and generate results including the sob-profiles in the system that matched the search criteria. in addition, there may be a variety of visibility levels associated with the searches. For example, a search may return three matches bit where oite match is a user that is an anonymous user. In this instance, information may be withheld as to specifics, but with the ability to see more general profile attributes, such as a user's title. There may also be search indicators associated with previous searches, matches, contacts, and the like, such as with an icon to indicate past communication, and the like. In embodiments, the user may use a filter set to find a group the user wants to multi-select, grab, and move into another list. [00551 Another f-eatur of the community facility may be an 'activity index', or similar measure, such as for judging how active a user is on the system. For instance, a user performing M&A activities oni the system may provide a qualified view indicating whether they are a current M&A buyer or not, such as showing how active they are. The system may also find information that indicates activity from other sources, and import that information to the system, thus 8 WO 2014/025809 PCT/US2013/053835 providing a fuller indication of the user's activity level within the system, such as how many deals they might be working on. [0056] Another feature of the community facility may enable a user to entice other users who are anonymous to be visible in order to initiate ait interaction wit them. For instance, a user may contact an anonymous user and add thens to an exchange after the invitation to connect has been accepted. The user may 'click on' an anonymous user and send an invitation to then. In this instance, the sending user may become iore visible to the anonymous user who is being invited. A subject ilie and a note regarding why the user is interested in contact them may be provided. An 'invitations list' nsay show vhat invitations have been sent, and the system may provide for a historical thread for the user's activity. [005/] In embodiments, the systern may keep a user's information anonymous until the user accepts an invitation from the inviting user, bit where the anonymous user can still interact with the inviting user while still staying anonymous. The system may therefore provide a robust interaction facility as the profile level (email, etc.) without requiring actual acceptance of the invitation, and enable a continued dialog without revealing who they were (e.g., so get additional information, clarification, etc.). As she interaction goes back and forth, the goal may be to wind up in an acceptance state, but the system may also provide a means of blocking communications, such as alter the user 'accepts' or 'declines'. The system may support an interaction until the user provides an acceptance, at which time the user's contact information may become visible, be provided a download of profile information, include the user in a contacts list, be recommended to an exchange, and the like, Once the user accepts, both parties mnay becorne visible to one another, including providing a history of the interaction. [0058] Referring to Fig. 3A, the community facility may provide a user interface for user interaction with the community facility, such as a with a profile tab for a user. In embodinents, a new profile may be added through the user interface. Referring to Fig. 3B, the user interface may provide for identification of a sub-file, selection of an idustrv, selection of a geography, setting profile details, setting visibility, adjusting a privacy policy, and tIse like. In eriboditients, a iew for setting visibility may be provided, where the user may specify visibility to community members, such as being visible to community membervisiisible but anonymous to community members (e.g. contact information and attachment(s) are hidden), visible only the user, and the like. Referring to Fig. 3C, an example profile is provided for an M&A seller seeking investors, the profile including as industry focus (materials), deal sizes (<S25 ixhllion), geography (Asia/Pacific), deal type (full entity sale/srnerger), visibility anonymouss), and tise like. 10059] The community facility user interface may provide for a plurality of tabs, such as a hub, exchanges, tasks, documents, people, approvals, maintenance, forms, calendar, dashboards, fond data, collaboration, and the like. Referring to Fig, 3D, a people tab may include contacts, groups, community, and the like, aid a community tab may show community invitations. When the community tab is displayed, there tmsay be search results displayed, no search results displayed, a button for starting a new search, and the like. Fig. 3E shows an example search result, including two visible users, an anonymous user, and the like. [0060] There may be actions the user may take with regard to a search result, such as to make contact, open an invitation, view detail, download a vCard, request so add a user to an exchange, manage a user exchange access, and the like. When a user is anonymuous, an indication of such msay be provided in place of their name, suc as user is Anonymous', blanks in place of location, phone number, email contact formation, company, and the like. Fig. 3F provides an example for an interface for composing an invitation. Users that receive an invitation may be asked to accept or decline the invitation, and the sending user may receive rephes as email alerts (e.g., such as available under the community invitations section of the user interface). The invitation may incisude a subject, note, number of users the invitation is being sei to, itiforurration about the sending user (e.g. naie, email ID, phone numberr, a ce function, and tie like. An invitation may be provide to a visible user, an anomymo us user, logged-li users, logged-out users, and the like. Successiblly sending an invitation may result in an acknowledgement, such as an invitation alert, a text alert, and the like. Fig. 3G shows an example of an 'alert sent' indication, An indication of a successful alert sent may also include a dialog indication, a title of 9 WO 2014/025809 PCT/US2013/053835 the invitation, the body of the invitation, and the like. Isers that receive a note inay be able to reply directly to the sending user's email address, as shown in an example in Fig. 31H. Figure 31, shows an example of what user information may be left blank when the user is an anonymous user, such as e-mail contact information, organatition, position, industry, functional area, address information, phone number(s), fax number, and the like. Fig. 3J shows at least a porton of the information that may be bidder, such as in this example that the user is an M&A advisor/expert, area of expertise is investment banking, industry focus areas (e.g. industrials, financials, utilities, telecommunication services, health care, information technology, energy, consumer discretionary, materials, consumer staples), deal sizes, geography, and the like. Fig. 3K shows an example of a user inbox showing the invitation alert. Fig. 31 shows an example of options available to the recipient of an invitation, such as to accept or decline the invitation, where Fig. 3M shows an emboditnent 'decline invitation' screen, and Figs. 3N and 30 shows an embodiment overview for invitations sent, received, accepted, declined, and the like. Fig. 3P shows a running commnnications thread between two users in association with an invitation, where as shown, the accept-decline options may continue to be presented to the recipient of the invitation until they accept or decline the invitation, Fig. 3Q shows an embodiment contacts search. [00611 Fig 3R depicts an example contact flow between two users. As shown, user I has set up a sub profile that includes setting their visibility to anonymous. User 2 conducts a community search and finds user 1. where user 2 opens a uiser details page(s). User 2 then sends an inquiry to the anonymous user 1, where iser l receives the inquiry (such as in their mail inbox) and views the invitation in the comnumity user interface. User I then has the option to accept or decline the invitation, where user i then c'Oses the reply window. User 2 is able to see the inquiry status, such as through searching, where user 2 sees the inquiry sees the status of accept or decline. User 1 is able to view the tread of the accepted/declined notes. [0062] In embodiments, a method for managing a networked secure collaborative computer data exchange environment may be provided, the method including establishing, by a secure exchange server controlled by an intermediate business entity, a client login data authentication procedure that allows at least one client computing device of a plurality of client computing devices operated by users of a plurality of business entities to access the secure exchange server, wherein communications between the secure exchange server and the plurality of client computing devices is through a communications network; storing, by the secure exchange server, at least one client login authentication data for each of the phrality of client computing devices; receiving content from a first of the plurality of client computing devices; by the secure exchange server, permitting access to the content for a subset of the plurality of computing devices through an exchange content access facility, wherein the exchange content access facility is managed by at least one business entity of the plurality of business entities; granting, by the exchange server, access to the content to a second of the plurality of client computing devices vhen the secure exchange server receives from the second of the plurality of client computing devices its client login authentication data provided that the second of she plurality of chent computing devices is one of the subset of ite plurality of computing devices; and providing an exchange community facility where the users of the plurality of client computing devices establish an inlrmational profile that is inade accessible to other users ofthe plurality of client computers and are enabled to interact with one another based on the content of the informational profile. [0063] In embodiments, access to the exchange server by client processors may be through a host server controlled by tie business entity that controls the client processor. The client computing devices may be at least one of owned and nianaged by at least one ofthe plurality of business entities. The client computnig devices may be owned by individual users. The secure exchange server may be at least one of a plurality of exchange servers. The content may be at least one of a document, a spreadsheet, a message, data, an image, audio content, video content, nultimedia content, and the like, The content may be transferred to the secure exchange server via encrypted darn transmission. [00641 In embodiments, the comment of the infonnational profile smay include contact formation, business association, and the like. The exchange community facility may provide users with facilities for sending an invitation to another user lor communication. After the invitation is sent the exchange community facility may provide a status of the invitation related to the invitation being, at least one of being sent, received, and read, The informational profile for the 10 WO 2014/025809 PCT/US2013/053835 sending user may be restricted as anonymous until the receiving user accepts the invitation for communicaton. The exchange community facility may provide for informational profile viewing control, where the viewing control allows the informational profile to be viewed by other users, by a selected group of users, and the like. The exchange community facility may provide a graphical user interface through which a user manages their informational profile and interactions with other users, where the graphical user interface includes a search engine interface, provides an activity index measure of how active a user is on the exchange community facility, and the like. An informational profile inay be categorized by professional activity, such as including a buyer, seller, investor, expert, and the like. The informational profile may include credentials for an individual, an indication of an area of interest (e.g. a type of project in vhich an individual is interested in participating), and the like. [065] In embodiments, a method for managing a networked secure collaborative computer data exchange environment may be provided, ebiis a ecurexchang server controlled an intermediate b e ei an authentication procedure for a client login authentication data that allows at least one of a plurality of user client computing devices operated by users of at least two business entities to access the at least one secure exchange server, wherein communications between the secure exchangec server and die plurality of user client computing devices is through a communications network storing, by the secure exchange sener, the at least one client login authentication data for each of the plurality of client computing devices; receiving, from a first of the plurality of user client computing devices, content; associating access, by the secure exchange server, to she content to a subset of the plurality of user computing devices through an exchange content access filedity, the exchange content access facility managed by at least one of tie plurality of business entities; granting, by the exchange server, access to the contest of the secure exchange server to a second of the plurality of user client comipuming devices when the secure exchange server receives a client login authentication data from the second of the plurality of user client computing devices and dependent upon the second of the plurality of user client coinputing devices being one of the subset of the plurality of user client computhig devices; and providing an exchange connunity facility where the users of ste pluiaiity of client com'puting d-evices establish an imforrmational profile that is made accessible to other users of the plurality of client computers and are enabled to interact with one another based on the content of the informational profile, wherein the interaction is executed as an anonymous interaction, where the anonymous interaction provides a subset of content from the informational profile. [0066] Referring to Fig. 4, the amendment voting facility 204 may provide for managing, integrating, and facilitating a process where agency clients executing a transaction (e.g. a syndicated loan) may vote on modifications or amendments to a transaction or transaction content, including an auditable process 402, aggregated vote metrics 404, centralized vote processing 408, and the like. The auditing process 402 may utilize vote documentation, consent forms, signature page tracking, digital distribution, vote collection, and signature page submission, and the like, where the these documents may be faily traceable. 'lhe distribution, vote collection arid sigiiature page submission may all occur onine, speeding the process and better ensuing transparency. Aggregating vote metrics 404 may utilize weighted voting calculations for consent percentage, visualization of responses (e.g. which lenders have done what), and the like, where vote calculations may be weighted by commitment percentage, and where a visual display of titer responces may make it easy to see which users have taken action, and what those actions are. Centralized vote processing 408 may include sending reminder alerts, completion of approval tasks, completion of a vote, and the like. Features of the amendment voting facility 404 may include amendment templates for quick configuration and launch, lender voting that includes signature pate collection (e.g. with electronic submission of signature pages), task lists for consent, an amendment voting user interlace 410 to track progress and statistics (e.g. group tracking, simplified reminders, export for vote tally and reporting), amendments within existing exchanges, and the like. [00671 Referring to Fig. 4A depicts an embodiment flow process diagram for site amendment voting facility, where an agency team initiates a vote response inquiry 420, such as including documents, amendments, signature pages, due dates, automatic alerts, and the like. Lenders may then receive an alert 422, including task assignments, such as for external counsel, the agency team, participants (e.g. lenders), and die like. Documents (e.g., memos, signature pages) 11 WO 2014/025809 PCT/US2013/053835 may be downloaded and tracked 424. Signature pages, such as a meno 428 with a signature page 430, inay be signed 432 and submitted 434 as a response. Participants e.g., administrator agency, external counsel) may receive the vote response 438. In an external process votes may be weighted 440, such as based on committed dollar amounts on an agent's records TIe process may be finalized 442, such as with posting totals (e.g, for an agent back team), where members of the process (e.g. lenders and borrowers in a loan process) are notified. In embodiments, the amendment voting facility may reduce or eliminate the manual process surrounding a vote collection and consent process, such as associated with a load process, and helps the user efficiently prioritize a vote collection strategy. [0068] In an example, on a syndicated loan, one agency bank may be in charge and have a number of lenders supporting that loan, often hundreds or even in excess of a thousand suci lenders. As proposed modifications or amendments are made, each may need to be disseminated, have users react to it (such as providing infonnation, making selections, and the like), be returned with appropriate documentation to the agency bank, and the like. A typical process is conventionally performed offline, where banks are required to have signing authorities pen-ink sign and re-submit to the agency bank. Further to the example, when a new amendment comes up, the agency bank may create a new transaction exchange environment for the amendment process. Through a data link the lender groups of members of those groups tmay be pushed into the new exchange environment, such that each of them appears as a participant in the exchange. Data relating to all current positions of the lenders (the amounts of their financial positions with respect to the particular loan or loans) may also be pushed into the exchange, so that it is available for further processing. In embodiuents, the current position of a user with respect to the transaction structure may have a bearing on the voting, such as 'he weight given to a user's vote, minimum amounts related to the amendment, and the like. Such amounts may be stored and retrieved for processing by the exchange. For instance, an agency bank may ask lenders to confirm their understanding of their positions in the process, some or all of the data with respect to positions nay be pre-populated into the system and carried through into the transaction, and the like. [00691 In embodittents, the atnendment voting facility may allow for the naming of an amendment vote, a date for the vote, a vote disribution, inclusion of associated documents, facility for signature providing page submmissions, inclusion of instructions to voters, a process of approval, a step for outside counsel to review, and the like. Once the announcement for lhe vote is sent out, an administrator agent may be able to view the tasks that hav gone out, to what individuals and groups, and the status of the voting, Features of the amendment voting facility may inchide import and export of commitment data, support of amendment vote collection workflow, creation of voe tmplate configurations, configuration of election Orms, display of an amendment voting graphical user interface dashboard, configuration of signature pages, access for an administrator to complete tasks, facility for client-specific amendment vote deinition, and the like. Import and export may include users ability to populate a deal structure automatically (e.g., from a source file), create a hst of lenders groups and trancles commitment information on a new deal exchange, reconcile an existing deal structure, generate reports (e.g. listig commitment amounts fOr each participant, updating conunitmuients, and the like. Support of amendment vote collection workflow may include support of a plurality of different amendment types and allow users to create process definitions available for run-time execution, and the like, where the different amendment types may include a simple yes-no, a yes-no with signature, consent-no consent, amend and extend, and the like. Amendment vote collection workflow mayinclude specification of due dates and time, collection of election options, distribution of documentation, the ability to edit voting parameters, and the like. Creation of vote template configurations may include support of vote template configuration creation, such as to encapsulate the amendment vote process for document control management, including users setting up owners, monitors, and vote elements once, and reusing for subsequent votes: providing consistent language and instructions and documentation across transactions and votes; seeing up vote types that may be adjusted as-needed, and the like. The election form may be configured to allow users to dynamically generate election forms based on group participant relationships (e.g. lenders only having visibility to cases they have access to). Display of an amendment voting dashboard may include view of a list of multiple amendments initiated for a particular transaction. view of details of the process (e.g., list of lenders and their related status such s progress against a task), view of participant contact and additional 12 WO 2014/025809 PCT/US2013/053835 information, and the like. Configuration of the signature page may include custom text, a logo, and the like, where users may update and maintain their own custom signature pages, such as for all transactions, per transaction, per vote, and the like, 10070] Continuing with the syndicated loan example, a lender may receive an email alert that they are invited into a new amendment task process. They may then be asked to login, where they are brought into the ask flow that caine fom the alert. Tasks may include instructions, document review, election options, and the like. Pre-populated information may also be provided in association with the task. The user may record their vote and save any anmendments associated with their elections. Their election and amendments may be printable, where the user may then take that document to the ssiaorv to have it signed In this instance, all of the inferrnation, including instructions rny be included in the hard copy for the lender, and where the signing indicates legal consent. In this way, there may be one single entry point of information, where the lender receives the document to be signed, has it signed, and is provided a facility for loading the document back into the system. In embodiments, an e-signature a'nd described herein may also be utilized for signing the document and entry into the system. [00711 In eibodiments, a user may be provided the user iterfacte 410 to view the exchanges that are running amendments, to see tasks generated and what state they are in, to view individual tasks for a particular lender, to view signature pages (e.g., where all of the election option information is carried), and the like. Custom fields nmay also be provided, such as to allow users to change commitments. in embodiments, users may see information as the data is populated, even before signatures are applied. A user may need to perform a calculation, such as to weight each vote to see how close they are to carrying the anendinent. The system may enable the user to export data to a document (e.g., a spreadsheet) for performing the calculation separate from the system, and to monitor the amendment process and changes thereto. For instance, and continuing with the loan syndication example, an administrator agent may he most interested in monitoring response levels and challenges to the current commitment levels. For instance, if only three users are seen to have any challenge on their commitment amounts, thien the admiistrator may need to handle those first, which rnay be a priority if there is a discrepancy. The user may also be interested in those who are planning to take action (e.g., increase their commitment, reduce their commitment, by how much their commitment may change, and the like). Ultimately, the agency bank may have the final say, and so the system may provide them with priority, and so enable them to decide on whether to allow the changes or not [00721 Figs. 4B-41I depict ernibodimnents of the ainendient voting facility user interface, Fig. 4B illustrates an embodiment dashboard listing and graphic showing the status of a user's aendiment voting, where the graphic shown displays a pie graph of 'no consent', 'consent', and 'no response', as well as a listing of specific amendment voting statuses. Fig. 4C shows a user notification of being assigned an amendment vote task. Fig. 41D shows a user interface for distribution of an amendments vote. Fig, 4E shows options available to the user for making the asnendment vote, including to 'agree' or to 'disagree' with the '30,000,000 USD' cormitment. Fig, 4F shows a listing of an amendment voting task status for a user. Fig. 4G shows a signature page being submitted by a user, including a note stating, "Please find my signature page attached, for review". Fig. 411 shows an updated listing and status for the user's amendment voting tasks. [0073] In embodiments, a method for managing a networked secure collaborative computer data exchange environment, the method including establishing, y a secure exchange server controlled by an intermediate business entity, a client login data authentication procedure that allows at least one client computing device of a plurality of client computing devices operated by users of a plurality of business entities to access the secure exchange server, wherein communications between the secure exchange server and the plurality of client computing devices is through a communications network: storing, by the secure exchange server, at least one client login authentication data for each of the plurality of client computing devices; receiving content from a first of the plurality of client computing devices; by the secure exchange server, permitting access to the content for a subset of the plurality of computing devices through an exchange content access facility, wherein the exchange content access facility is managed by at least one business entity of the plurality of business entities; granting, by the exchange server, access to the content to a second of the plurality of client computing devices when 13 WO 2014/025809 PCT/US2013/053835 the secure exchange server receives from the second of the plurality of client computing devices its client login authentication data provided that the second of the plurality of client computing devices is one of the subset of the plurality of computing devices; and providing an amendment voting facility for conducting a process of voting when the content relates to a proposed arnendmen to an agreement wherein the amendment voting facility enables users of the subset of the plurality of computing devices to vote on the proposed amendment. [0074] In embodiments, access to the exchange server by client processors may be through a host server controlled by the business entity that controls the client processor. The client computing devices may be at least one of owned and managed by at least one of the plurality of business entities. The client computing devices may be owned by individual users. The secure exchange server may be at least one of a piuralnty of exchange servers. The content may be at least one of a document, a spreadsheet, a message, data,. an image. audio content, video content, multimedia content, and the like. The content may be transferred to the secure exchange server via encrypted data transmission. [0075] In embodiments, ise process of voting on the proposed amendment may be traceable, such as traceability including tracing vote doemnsentation, consent forms, signature pages, digital distribution, vote collection, signature page subission, and the like. The amendment voting facility may provide fohr the aggregating of vote metrics toe tracking the process of voting amongst the users of the subset of the plurality of computing devices, such as aggregating vote metrics utilizhg weighsted voting calculations for consent percentage and visualization of responses. The amendment vothg facility may provide for a vote graphical user interface dashboard to track progress and statistics, such as where ithe tracking of progress and statistics includes group tracking, renders, export for vote tally and reporting, and the like. The amendment voting facility may provide for relative weighltig of votes anongst the voting users. The amendment votig facility may provide for management of the voting process including a date ftr the vote, a vote distribution list, inclusion of associated documents, facility for signature-providing page submissions, inclusion of instructions to voters, a process of approval, a step for outside counsel to review, and tise like. A vote may be cast as a yes-no vote, a yes-no vote with signature, a consent, and the like. A voting fonn may be provided, wh er the voting form is configured to allow users to dynamically generate voting forms, such as where the dynanically generated voting forns are based on user participant relationships. The voting torm may include a user customizable text or logo. [0076] Referring to Fie. 5, the secure electronic signaure facility 208 (also referred to herein as "e signature facility' or 'c-signing' herein) may support the process of providing documents for signature and for a user e signing and sending the e-signed documents back to the sender. In eimbodimsents, the electronic signature facility 208 may provide for secure viewing of the document signing, such as through face recognition 504 to determine the number of people viewing the monitor on which the signing is being executed and/or utilizing a digital photo of a user to verify the user is who they say they are, utilizing biometric authentication 508, utilizing screen obfuscation 510 to ensure only authorized users are viewing the documented signing, and the like. For instance, a conputig device being used for e-signature may have a camera that views and detects the surrounding environment to determine how many people are currently viewing the screen, and if a condition exists where there is not only one person viewing the screen, the screen may obfuscate the document being e-signed, such as blurring, blanking, screening, and tise like. For example, if the computer device detects that no one is viewhing or multiple people are viewing, the screen, the screen may blank out the document In another instance, the computing device may utilize a camera to match the face of the person viewing the screen with a stored image of the person that is authorized to c-sign, and if the match is made, permitting the process of e-signing to proceed. In another instance, a bionelric match may be required to permit the process of e-signing to proceed, such as through the use of a match to an iris as viewed through a camera, an e- ingerprint through a fingerprint pad for input to the computing device, or any other biometric verification method known to the art. In embodiments, conditions for enabling an e-signature process to proceed may be stored in a user profile 512, where if the conditions (e.g. number of people viewing, authorization matching though images and/or biometrics) are not met, the document inay be obfuscated. [0077] Fig. 5A shows a user interface embodiment for turning on an e- signature process for an exchange. Note that a user may only be able to view the docunsent, or portion of ihe document, for which the e-signature applies. For 14 WO 2014/025809 PCT/US2013/053835 instance, through the viewer facility, non-applicable portions of the document moay be blocked out in some way as described herein. Fig. 5B shows a toolbar for e-signature, where the user may click on an e-signature icon to initiate (or terminate) an e-signature process. Fig. 5C shows an embodiment of how a user may move around an c-signature by dragging the signature with the miouse. The user may be able to perform a number of document functions, such as find, zoon, rotate, page up-down, and the like. In embodiments, if any portion of the c-signature is moved by the user to a position that places it off the page, the signature function may be disabled (e.g. e-signature disappears) to avoid placement of the e-signature in a position that won't show the entire e-signature on the document once the process is complete. Once the user has placed the e-signaturC they may apply the signature and complete the process. Fi, 5D shows an example confirmation dialog, box for completion ofthe e-signature process, including a confirmation note to 'he user about the final placement of the e-signature, where the user may be allowed to return to placement of the e-signature if they are not satisfied. 'The oser, once satisfied, may save the e-signature application and placement, such as illustrated in Fig. 5F. As shown in Fig. 5F, if there are unsaved changes a' a tine when the user attempt to close the application a prompt may appear notifying the user that there are unsaved changes and asking them if they want to save or close without saving. Fig. 5G shows an embodiment dialog box for cancelling an e-signature, showing control buttons for confirming whether to cancel or to continue. [0078] In embodiments, a method for managing a networked secure collaborative computer data exchange environment may be provided, the method including establishing, by a secure exchange server controlled by an intermediate business entity, a client login data authentication procedure that allows at least one client computing device of a plurality of client computing devices operated by users of a plurality of business entities to access the secure exchange server, whereii communications between the secure exchange server and the plurality of client computing devices is through a communications network; storing, by the secure exchange server. at least one client login authentication data for each of he plurality of client computing devices; receiving content from a first of the plurality of client computing devices; by the secure exchange server, permitting access to the content for a subset of the phirality of computing devices through an exchange content access facility, wherein the exchange content access facility is managed by at least one business entity of the plurality of business entities: granting, by the exchange server, access to the content to a second of the plurality of client computing devices when the secure exchange server receives front the second of the plunlity of client computing devices its client login authentication data provided that the second of the plunlity of client computing devices is one of the subset of the plurality of computing devices; and providing an electroniic signature facility for managing a process of signing the received content by at least one of the subset of the plurality of composting devices, wherein the electronic signature facility includes a signature viewer interface that restricts viewing of the content for signing. [0079] In embodinments, access to the exchange server by client processors may be through a host server controlled by the business entity that controls the client processor. The client computing devices may be at least one of ow-ned and iaianaged by at least one of the plurality of business entities. The client computing devices may be owned by individual users. The secure exchange server itay be at least one of a plurality of exchange servers. The content may be at least one of a document, a spreadsheet, a message, data, aii image, audio content, video content, multimedia content, and the like. The content may be transferred to the secure exchange server via encrypted data transmission. [0080] In embodinients, the electroniic signature facility may include an electronic signature graphical user interface for presentitng the content for signing. The restricted viewing may be a signing user being restricted to only those portions of the content that the signing user is autiihorized to view. The restricted viewing may be a signing user being restricted to only those portions of the content for vhich the signing applies. [0081] In embodinments, a method for managing a networked secret collaboriive computer data exchange environment may be provided, establishing, by a secure exchange server controlled by an intermediate business entity, an autheItication procedure for a client login autlietication data that allows at least one of a plurality ofuser client computing devices operated by users of at least two business entities to access the at least one secure exchange server, wherein communications between the secure exchange server and the plurality of user client computing devices is through a communications network; storing, by the secure exchange server, the at least one client login authentication data for each of 15 WO 2014/025809 PCT/US2013/053835 the plurality of client computing devices; receiving, from a first of the plurality of user client computing devices, content: associating access, by the secure exchange server, to the content to a subset of the plurality of user computing devices through an exchange content access facility, the exchange content access facility managed by at least one of the plurality of business entities; granting, by tie exchange server, access to the' content of the secure exchange server to a second of the plurality of user client computing devices when the secure exchange server receives a client login authentication data from the second of the plurality of user client computing devices and dependent upon the second of the plurality of user client computing devices being one of the subset of the plurality of user client computing devices; and providing an electronic signature facility for managing a process of signing the received content by at least one of the subset of the phirality of computing devices, wherein the electronic signatu facility veriies the identity of-the signing user through biometre profiling utilizing previously stored biometric data from the signing user. [0082] In embodiments, a method for managing a networked secure collaborative computer data exchange environment may be provided, establishing, by a secure exchange server controlled by an intermediate business entity, an authentication procedure for a client login authentication data that allows at least one of a plurality of user client computing devices operated by users of at least two business entities to access the at least one secure exchange server, where communications between the secure exchange server and the plurality of user client computing devices is through a communications network; storing, by the secure exchage- server, the at least one client login authentication data for each of the plurality of client computing devices; receiving, from a first of the plurality of user client computing devices, content; associating access, by the secure exchange server, to the content to a subset of the plurality of user computing devices through an exchange content access facility, the exchange content access facility managed by at least one of the phirahty of business entities granting, by the exchange server, access to the content of the secure exchange server to a second of the plurality of user client computing devices when the secure exchange server receives a client login authentication data from the second of the phirality of user client computing devices and dependent upon the second of the plurality of user client computing devices being one of the subset of the plurality of user client computing devices; and providing an electronic signature facility for managing a process of signing the received content by at least one of the subset of the plurality of computing devices, the electronic signature facility assembling an electronically signed document including signatures from a plurality of users, each of which has had access to only a subset ofthe content for which they were the signatory. [0083] In embodiments, a method for managinga networked secure collaborative computer data exchange environment may be provided, establishing, by a secure exchange server controlled by an intermediate business entity, an authentication procedure for a client login authentication data that allows at least one of a plurality of user client computing devices operated by users of at least two business entries to access the at least one secure exchange server, wherein communications between the secure exchange server and the plurality of user client computing devices is through a communications network; storing, by the secure exchange server, the at least one cent login atithentication data for each of the plurality of client computing devices; receiving, from a first of the plurality of user client computing devices, content; associating access, by the secure exchange server, to the content to a subset of the plurality of user computing devices through an exchange content access facility. the exchange content access facility managed by at least one of the plurality of business entiies; granting, by the exchange server, access to the content of the secure exchange server to a second of the plurality of user client computing devices wheit the secure exchange server receives a client login autheitcation data from the second ofthe plurality of user client computing devices and dependent upon the second of the plurality of user client computing devices being one of the subset of the plurality of user client computing devices; and providing an electronic signature facility for managing a process of signing the received content by at least one of the subset of the plurality of computing devices, wherein the elec-onic signature facility provides for secure viewing of the content as presented to a signing user through a computer display of the signing user's client computing deice, witerein the user's cent computing device includes an integrated camera for viewing the environment around the signing user and a face detection facility for recognizing the signing user, detecting if the signing user is the only individual present in the viewed environment, and if not, obfuscates the viewing of the content. Tie obfuscation may be blanking the screen, distorting the viewing of the 16 WO 2014/025809 PCT/US2013/053835 content, and the like. The detection of the signing user by the face detection facility may be accomplished by comparing an image of a previously stored facial image of the signing user to the face detected in the viewed environment. [0084] Referring to Fig. 6, the dashboard facility 210 may provide organized facilities for managing exchanges anongst the plurality of exchange service users 110, disseminate to users of multiple groups of users, separating exchange environments, and the like. For example, for a corporate M&A or private equity group, the dashboard may provide users with the ability to take their infonnation, create a profile and expose the information to other parties (e.g., to prvate equity investors showing performance of their individual foods). The dashboard may present information in an organized manner, allow for loading of information through an information inporter 602, provide permissions 604 to view information, allow for the exporting of infornnation through an information exporter 608, and the hke. The dashboard facility may provide for user access and display of both structured and unstructured data, access to views that provide a custom format or familiar terms to a particular category of transaction client (e.g., find, investment documents, capital account statement, investment team), and the like, which also may restrict a user's view to content applicable to them or to the targeted category of transaction. In a private equity example, the user may configure the dashboard to their specific needs, such as including useful widgets 610 to display, information relating to the market (e.g. available findsl. A hunds widget may provide for selection of a fund, providing overview and performance information, and the like. There may also be sub-widgets that provide further functionality to a widget. The user may also have multiple dashboards, such as for different exchanges, different markets, different deals, and the like. One dashboard may handle information that is available to other users, and another dashboard may handle all personal files that are both available and unavailable to other users. Tite dashboard facility miay also provide a compliance feature, such as to track changes made in each dashboard. [085] In an example of setting up a file exchange, an administrator 612 user may place files within an input file directory, where the files may have a nomenclature that tells what widget they will populate. The system may create a configuration, run a process to populate it, ensure it is correct before allowing access, and the like. In this way, data may be considered 'stage data' prior to allowing access, and 'production data' once approved. Once the user is comfortable with a view, they can proceed and publish the staged data into 'production'. 'The system may be able to upload data as CSV file, create permissions files, and the like. In embodiments, a specific user might be provided a view within a dashboard but be given only access to one or more records within the dashboard. For example, the user might only see a particular fund, rather fhan all nd s. If they select that fund, they may be able to see child data associated with that hund. But without permission, the other funds (or child data) would not be displayed. A permissions model may give users access to specific records within the dashboard. In an M&A example. a user may be able to see all the live deals an organization is managing a certain human resources team might be allowed to see the dashboard, and the like, where specific entities are provided permission. [00861 The dashboard may have both optional and standard functionality, such as standard filtering options, converting documents, to a PDF forinat, and the like. There may be a widget catalog provided, such as for textual displays, graphs and charts, document tracking, and the like. [0087] The dashboard may enable management of files at a document level, at a record level, and the like, such as to allow a user to add records and manage information. A user may be able to add new content, put in the required information, refresh the screen (e.g. on a per-deal basis), and the like. The user may be able to edit and delete existing records, show a parent-child relationship, and the like. The user might want to choose the parent and find the document within the exchange and link it op to the parent document. The system may have the abihtv to manage individual records, such as for dashboard data, but also to pernissions. The user may be able to take a parent record and provide permission to one of the many users to enable access to those parents. i embodiments, the system may provide for an auditing facility, such as for tracking who is adding records and permission. [0088] Referring to Fig. 6A, an example layout for listing available ftnds and fund information is shown, providing a plurality of columns for content. Figs. 63-6D illustrate editing the example fund, such as editing specific cotumn content. Fig. E shows ass alert for a condition under which the user cannot save edits, such because tne user no 17 WO 2014/025809 PCT/US2013/053835 longer has the latest version ofithe data (e.g. with new data was uploaded or another user edited the content since the time the dashboard was opened). In this instance, a control button may be provided to update the dashboard data. Fig. 6F shows an example dialog box for creating a new fund i the example layout. Figs. 6G-6-H shows dialog boxes for attaching a document. Figs. 6i-6K show a user interface for providing peritissions in association with tite example fund, including providing an I) of [te user wanting to change permissions. 10089] Refening to Fig. 7, the Email-in facility 212 may provide for the ability to add content to an exchange using regular email, such as sent to a designated email address. This facility may be especially important with respect to users that circulate critical information and documents via e-mail, and where there is a tendency to lose track of it at some point. Users may use the system's email-in facility to store email in a secure repository 702, and to be able to tell people to send email to this repository as part of a regular business process. The exchange manager 712 may then review and process the information further. This may simplify the learning curve of using any web application. If the manager is very knowledgeable, he may not need all of the counter-partis to spend time learning the application. They simply send the content into an exchange. Other features may include an e-mail address being associated with a folder in an exchange, a maxi'nun numbn'her of allowed emtails in art exchange (e.g. a user may define a cap), an esnail conversion facility 704, a white list and black-list 708 of users, notifications 710 of success and/or error, and the like. In embodiments, email-in may be limited to authorized users only, such as already in the exchange, listed on a white list, and the like. [o090] Use cases for email-in may include submission of analysis documents for review, a method for having a third party review applications (e.g. in order to create accounts while ensuring tite third party does not gain control over attachiments that contain private information), and the like. In addition, the system may provide for folder pernissions itn the mail folder that can be used to prevent misuse. ton compliance, ste user nay be able to store communications in an archive 714 and track what was done in association with the communications. [o091] In embodimtsns any exchange may be set up with email-in as a feature. An administrator or client isay go through the process, such as defining where the sender's e-mail address is stored in the system, using custom fields for the 'front' field, storing the message as an e-mail, cap the maximum emails it can accept, choosing the folder it will he associated with, and the like. A folder location may thus be mapped to an e-mail address with the domain pre-defined but the pre-fix available for end user definition). The user may select users to be included for the feature, set alert settings and notification settings (e.g. problem alerts, that something was added), and the like A white list may be included, such as for who should be able to send etmails into the exchange (e.g. could be domains or even addresses). If a user is not on the white list, tey may not be able to send emails to the exchange. A black list may be included, wltere a user tnay choose users to retuse acceptance onto the exchange. [0092] The email-in facility may create a folder structure within a pre-defined mapped folder, and create a sub-folder for each mail that is sent into the exchange, sucl as with the subject as the title of that folder Contents of the folders smay thess nluude any attached documents. The enail-in content smay be organize ike any excAange, where new emails are added as thtey come in. The system may be configured to send to a group, or to only one. For instance, a user may send the folder to one person to review but not give the recipient the right to do resend, print or save the document. Permission may be applied to the documents like any other document as described herein, such as who can review the correspondence, who can snodify it, save t, print it and the like. In embodiments, an event trgger facility 718 Say be provided where received email may trigger an event, surch as a task, a process, and the like. For instance, if a contract contes in it may trigger a renewal process. In another instance, an amendment process may be triggered with the reception of an email. [0093] In embodiments, the email-in facility may include the collection of emails from various parties into a structured database for later masnagemnut and processing by a critical information exchange manager., eliminate the learning curve of using a welb application to upload document to the cloud, allow specific internal-external parties to post documents into a web folder that may be shared with predefined individuals at various control levels, and the like. Components may include an email address associated with a folder in an exchange, a maximum number of allowed emails in 18 WO 2014/025809 PCT/US2013/053835 an exchange, a definition of email conversion options, a white list, a black list, notifications on success and/or error, and the like. In an example, client or prospect requests may be processed, such as for an investment firm with a need to submit documents for analysis, a bank looking for a way to have a third part review applications to create new accounts while ensuring that the third party does not gam control over the attachments that contain private information, a bank having compliance needs such as needing to archive all communications they have leg. cc'ing and replying to the system on all correspondences), and the like. Pig. 7A shows an introduction to email-in to the user, and a control button to begin the process. In embodiments, there may be a number of steps/options in the execution of email-in, such as choosing basic options, mapping folders, selecting alert recipients, creation of a white list, creation ofa black list, enabling-disabling of the system, and the like. Fig. 7B shows an example dialog box for selection of basic options, including a custom feld selection for the 'from' of an emai, h ow incoming email body content be stored, definitions for the maximum number of emails that should be accepted into hie exchange, and the like. Figs. 7C-7F shows a dialog boxes for selection of a folder in association with map ping folders, with Fig 7E showing an alert for when a duplicate email address is used. Pig. 7G illustrates the selection of users and their alert settings. Fig. 7H shows an embodiment warning for a duplicate domain or etail address associated with the create of a blacklist. Fig. 71 shows a possible checklist in association with tie enabling of the system, such as shown in the figure for selection of a custom field, Inapping to two finders, folders for mapping email into, no maximum specified for number of emails, two domains listed on a white list, and one domain listed on a black list. Fig. 7J shows a user interface presented to die user once email-in is enabled, showing tabs for ii sting options, mapped folders, alert recipients, white lists, black ists, and the like, and showing specifically the email-in options. Figs. 7K-7M show exattiples of the conteitt and dialog boxes provided in association with the lapped folders tab. [0094] In embodiments, a method ior managing a networked secure collaborative coniputer data exchange environment may be provided, the method including establishing, by a secure exchange server controlled by an intermediate business entity, a client locin data authentication procedure tiat allows at least one client computing device ofa plurality of client computing devices operated by users of a plurality of business entities to access the secure exchange server, witerein communications between the secure exchange server and the plurality of client computing devices is through a communications network: storing, by the secure exchange server, at least one client login authentication data for each of the plurality of clientcomputing devices; receiving content from a first of the plurality of client computing devices; by the secure exchange server, permitting access to the content for a subset of the plurality of computing devices through an exchange content access faciity, wherein the exchange content access facility is managed by at least one business entity of the plurality of business entities: granting, by the exchange server, access to the content to a second of the plurality of client computing devices when the secure exchange server receives from the second of the plunlity of client computing devices its client login authentication data provided that the second of the plurality of client computing devices is one of the subset of the plurality of computing devices; aitd providing a secure emad input facility for accepting non-secure email front outside tite exchange into the secure collaboratrve computer data exchange environment, wherein the non-secure enail s received and stored as secure e-mail in the secure exchange server. [0095] In embodimnents, access to the exchange server by client processors may be through a host server controlled by the business entity that controls the client processor. The client computing devices may be at least one of owned and managed by at least one of the plurality of business entities. The client computing devices may be owned by individual users. The secure exchange server mmay be at least one of a plurality of exchange servers. 'Te content mmay be at least one of a document, a spreadsheet, a message, data, an image, audio content, video content, multimedia content, and the like. The content may be transferred to the secure exchange server via encrypted data transmission. [0096] In embodinients, the acceptance of the non-secure e-mail may be dependent upon a controlled listing stored in the secure exchange server, where the listiig is a white listing specifying e-mails that are allowed, a black listing specifying email that are not allowed, and the like. The reception of a non-secure e-mail may trigger at event, where the triggered event is the initiation of a content amendment process, the initiation of a new exchange, the distribution ofthe e-mail within the exchange, storage of the entail hi a secure archive facility, and the like. The e-mail may be automatically 19 WO 2014/025809 PCT/US2013/053835 associated with an area of content on the exchange based on the sender of the e-mail. the subject line of the mail, the destination address of the email within the exchange and the content of the e-mail, and the like. [0097] Referring to Fig. 8, the viewer facility 214 may provide for a secure viewing 802 protection of doesnonts from unauthorized viewing, printing, saving, and the like, such as without having to install custom cent software (e.g. without installing anything beyond Adobe Flash). Documents in certain formats, such as Microsoft Office products, PDF documents, and the like, may be supported for protection. For example. for a PDF document a security warning may appear that a user is only allowed to view the document. However, if the user tries to mint the screen, the screen may distort, such as transitioning to a fuzzy state. In embodiments, the user may need to hold the enter key down to make the document viewable. 'Ihe user may be able to page up and down, rotate, zoom, and the like. The system may provide for watermarking the document so that if a user is permitted to print screen, the document will print with the watermarking. The viewer facility may also include nations such as viewing annotations 804 in the viewer, connectivity with the e-signinc facility 208 (e.g. with a 'stamping' tool), documnent visibility based on face detection, document protection trom eavesdroppers (e.g. automatic limitation of document viewing, also referred herein as spotlighting, based on detection of a second face), granular / page level document access reports 808, document protection 810 using facial recognition based encryptor, text to voice feature 812 (eg. such as in Applef Siri), hand gestnre based controls 814 (e.g. scrolling control based on hand-list movement), real-time white-boarding 818, secure video chat 820 (e.g. one-on-one, group), and the like. In embodiments, the viewer facility may include an audio comment component, such as to allow a user to input comments into the document though audio dictation, to have the viewer facility play back the comments in audio, to provide audio output for various aspects of the document, and the like. [0098] In embodiments, the viewer may be able to detect faces and enhance security based on face detection, such as through utilization of a camera connected to or integrated with the computing device being used to view content. The viewer may also utilize a 'secure view', such as where only a portion of a document is made viewable by die person viewing the document. Secure view may mplement security measures (e.g. blanking the screen, distorting the screen, putting up a screen) based on eye motion, movement of the face, the presence of a second face, and the like. Viewing time may be monitored and reported, audited, and the like, based on how long the user's face has looked at the document, where the monitoring, reporting, auditing, and the like may be provided automatically. Document encryption and deciyption may be provided based on document permissions. For instance, if the document can only be opened by a specific imnmber of people, ftee detection may use the author, or any other pennissioned user's face to encrypt the document and require tthe same face to be detected to allow 'un-locking' of the document. Encryption of the face may then be 'recorded' and used as an electronic signature, thereby tying the face to the user's profile. Recording of viewing time nay be on a document level, on a per page basis, and the like. Viewing statistics may be mined for business intelligence by sellers in a strategic transaction, such as through a CI with an enterprise, a marketing analyst, or any such user who may benefit from knowing with content is being read and what content is not being read. 10099] In embodiments, the viewer may provide a search facility to search within a document. The system nmay allow for highlighting a search result, highlighting a selected portion of the document, and the like. The system may provide facilities for annotating, marking, commenting, and the like, to a document, such as a private anotation for the user, a shared annotation for other users, and the like. The system may provide for a secure document view, where only some portions of the document are viewable. For instance, a user may only want to show another user a selected portion of a document. The secure document view may also allow a user to increase the size of the document view window, which may better ensure that people proximate to you only see the relevant portions of the document. Another feature of the secure document view may include distorting those portions of the document that are not selected for viewing, such as making those sections fuzzy. The secure document view may react to the eye movement of tIme user. such as scrolling the document as the user's eye gaze direction shifts, distorting or blocking t-he document !'xom view if tie user looks away liomn the viewer, and the like. 20 WO 2014/025809 PCT/US2013/053835 1001001 The viewing facility may have capabilities for dealing with certain document formats in a standard way. For instance, the system may automatically convert Microsoft Word and PowerPoint documents to a PDF lormat, open spreadsheets (e.g. Microsoft Excel) in a spreadsheet viewer, and the like For instance, when an Excel document is opened, it may be rendered on the- fly, decrypted on the fly as a user scrolls down, retrieved fnrom the server and encrypted on the fly. and the like. 100101] Figs. 8A-8G depict embodiments of the viewing facility. such as for use in a spreadsheet, word processor, and the like, where Figs. 8B-8D depict embodiments of the viewing facility as applied to a spreadsheet, and Figs. SE-8G depict embodiments of the viewing facility as applied to word processors. Fig. 8A illustrates functions of the viewing facility with respect to a sample spreadsheet document, where (1) shows a toolbar, (2) shows a page/sheet count, (3) shows a document search box. (4) shows the spotlight interface. and (6) shows a scrollbar. Fig. 813 shows a search limetion and sample results, where (1) shows the search window, (2) shows a search results window, (3) Shows how the results may be grouped by page/worksheet ntame, (4) shows a search tenu highlighted, and (5) shows a message displayed, such as if some search results are displayed before the entire documentt search is conmlete. Fig. 8C illustrates an embodiment of the spotlight fiction, where only a portion of the document is viewable. Fig. 8D shows a dialog box responding to a user clicking on the print icon. Note that printing may be restricted as described herein, where the dialog box may send an alert to the user identifying the restrictions. Fig. SE illustrates fmtions of the viewing facility with respect to a sample word processing docunent, where () shows a toolbar, (2) shows a page/she count, (3) shows a docuntent search box, (4) shows the spotlight interface, and (6) shows a scrolibar. Fig. SF shows a sample search results set. Fig. SG illustrates a number of viewer facity functions related to a print connand, including (1) a print icon, (2) a document window grayed out, (3) a print window. (4) printer options, (5) range of pages for print, (6) a cancel control button where if the user cancels the print the gray-out nnction may be turned off and again revel the document, (7) a 'next' control bulton to close the pre-print window and open an operating system print dialog. 1001021 In embodiments, a method for managing a networked secure collaborative computer data exchange environment may be provided, the method including establishig, by a secure exchange server controlled by an intermediate business entity, a client login data authentication procedure that allows at least one client computing device of a plurality of client computing devices operated by users of a plurality of business entities to access the secure exchange server, wherein communications between the secure exchange server and the plurality of client computing devices is through a conniunications network; storing, by tie secure exchange server, at least one client login authentication data for each of the plurality of client computing devices; receiving content from a first of the pinrality of client computing devices; by the secure exchange server, permitting access to the content for a subset of the plurality of computing devices through an exchange contentt access facility, wherein te exchange content access facility is managed by at least one business entity of the plurality of business entities: granting, by the exchaiige server, access to the content to a second of the plurality of client computing devices when time secure exchaiige server receives from the second of the plurality of chent computing devices ts client login authentication data provided that the second of the plurality of client computing devices is one of the subset of the plurality of computing devices; and providing a secure content viewer facility for the user to securely view the content on the user's client computing device, wherein tihe secure view is provided through a viewing restriction based on a user action. 1001031 In embodiments, access to the exchange server by client processors may be through a host server controlled by the business entity that controls the client processor. ile client computing devices may be at least one of owned and managed by at east one of the plurality of business entries. The client computing devices may be owned by individual users. The secure exchange server may be at least one of a plurality of exchange servers. The content may be at least onte of a document, a spreadsheet, a message, data, an iage, audio content, video content, multimedia content, and the hke. The content may be transferred to te secure exchange server via encrypted data transmission. [001041 In embodiments, tihe viewing restriction may be obfuscating he content view when the user action is an attempt to print screen, a secunty warning when the user action is an attempt to view the document, a water mark being inserted on the content 'when the action is a user printing the content, and the like. The client computing, device May be a 21 WO 2014/025809 PCT/US2013/053835 mobile client computing device, such as personally owned by the user, and configured for secure content viewing through the business entity. [00105] i embodiments, a method for managing a networked secure collaborative computer data exchange environment may be provided, establishing, by a secure exchange server controlled by an intermediate business entity, an authentication procedure for a client login authentication data that allows at least one of a plurality of user client computing devices operated by users of at least two business entities to access the at least one secure exchange server, wherein communications between the secure exchange server and the plurality of user client computing devices is through a communications network storing, by the secure exchange server, the at least one client login authentication data for each of the plurality of client computing devices; receiving, from a first of the plurality of user ciieist cotnputing devices, content: associating access, by the secure exchange server, to the content to a subset of the plurality of user computing devices through an exchange content access facility, the exchange content access facility managed by at least one of the plurality of business entities; granting, by the exchange server, access to the content of the secure exchange server to a second of the plurality of user client computing devices when the secure exchange server receives a client login authentication data from the second of she plurality of user client computing devices and dependent uponi the second of the plurality of user client coiputig devices being one of the subset of the plurality of user client computing devices; and providing a secure content viewer facility for the user to securely view the content on the user's client computing device, wherein a secure view is provided through a viewing, restriction based on a user action, the user action detected through an integrated camera operating in conjunction with face recognition facility on tite client computing device and the viewing restriction being an obfuscation of the cnitent view when the user is observed such that viewing of the content by others is at risk. 'Fle user imay be observed with other people i view of the camera, with ani eye-gaze that is away from the client computing device, and the like. [001061 In embodiments, a method for managing a networked secure collaborative computer data exchange erivironment tmay be provided, establishing, by a secure exchange server controlled by an itermediate business entity, aii authentication procedure for a client login authentication data that allows at least one of a plurality of user client computing devices operated by users of at least two business entities to access the at least one secure exchange server, wherein comnmunications between the secure exchange server and the plurality of user client computing devices is through a communications network; storing, by the secure exchange server, the at least one client login authentication data for each of the plurality of client coiputisig devices; receiving, from a first of the plurality of user client computing devices, content; associating access, by the securee exchange server, to the content to a subset of the plurality ofuser coniputing devices through an exchange content access facility, the exchange content access facility managed by at least one of the plurality of business entities granting, by the exchange server, access to the content of the secure exchange server to a second of the plurality of user client computing devices whes the secure exchange server receives a client login authientcation data front the second of the plurality of user client computing devices and dependent upon the second of the plurality of user client computing devices being one of the subset of the plurality ofuser client conputhig devices; and providing a content viewer monitoring facility for monitoring the user viewing the content on their client computing device, wherein 1he monitoring is provided through an integrated camera operating un conlunction with a face recognition facility on the client computing device. [00107] In embodiments, a method for managing a networked secure collaborative cousputer data exchange environment may be provided, establishing, by a secure exchange server controlled by an intermediate business "nty, an authentication procedure for a client login authentication data that allows at least one of a plurality of user client computing devices operated by users of at least two business entities to access the at least one secure exchange server, wherein communications between the secure exchange server and the plurality of user client computing devices is through a communications network storing, by the secure exchange server, the at least one client login authentication data for each of the plurality of client computing devices; receiving, from a first of the plurality of user client computing devices, content; associating access, by die secure exchange server, to the content to a subset of the pluraity of user computing devices 22 WO 2014/025809 PCT/US2013/053835 through an exchange content access facility, the exchange content access facility managed by at least one of the plurality of business entities: granting, by the exchange server, access to the content of the secure exchange server to a second of the plurality ofuser client computing devices when the secure exchange senver receives a client login authentication data from the second of the plurality of user client competing devices and dependent upon the second of the plurality of user client computing devices being one of the subset of the plurality of user client computing devices: and providing a content viewer monitoring facility for monitoring th user vi viewing the content on their client computing device, wherein a content viewing access report is generated that provides statistics related to the time the user spends viewing portions of the content. The portion of the content may be at a granular level of a page of the content, at a granular level of the entire document, and the like. The content viewing access report may provide for tracking and audit reporting for the user viewing the content The statistics may be used to develop business intelligence. [00108] In embodiments, a method for managing a networked secure collaborative computer data exchange environment may be provided, establishing, by a secure exchange senver controlled by an intermediate business entity, an authentication procedure for a client login authentication data that allows at least one of a plurality of user client computing devices operated by users of at least two business entities to access the at least one secure exchange server, wherein communications between the secure exchange server and the plurality of user client computing devices is through a communications network; storing, by the secure exchange server, the at least one client login authentication data for each of the plurality of client computing devices; receiving, from a first of the plurality of user client computing devices, content; associating access, by the secure exchange server, to the content to a subset of the plurality of user computing devices through an exchange content access facility, the exchange content access facility managed by at least one of the plurahty of business entities granting, by the exchange server, access to ithe content of the secure exchange server to a second of the plurality of user client computing devices when the secure exchange server receives a client login authentication data !rom the second of the plurality of user client computing devices and dependent upon the second of the plurality of user client computing devices being one of the subset of the plurality of user client computing devices; and providing a content viewer control facility for user-controlled viewing of the content on their client computing device wherein th control is at least in part enabled through an integrated camera operating in conjunction with a motion recognition facility on the client computing device. The control may be actualized through monitoring user hand gestures, monitoring user eye movements, through monitoring user head movements, and the like. The control may be enabling the viewing of the content, tuning a page in viewing the content, inserting a signature ino the content, closing a viewing session for the content, and the like. 1001091 Referring to Fig. 9, the mobile device interlace facility 218 may provide for facilities such that a m-obile device 902 can be used while maintaining the secure exchange environment provided by the host server 102 as described herein, such as for a tablet (e.g. an iPad), a smart plone, and the like, where for instance the mobile device is provided fitctionality provided through the e-signing facility 208, the viewer facility 214, and the lIke. Facilities normally provided through the host server 102 as shown in Fig. 2 may be provided in par or whole on the mobile device, such that the mobile device may be utilized when the mobile device does not have connectivity with the host server 101. For instance, the user may be able to login to the same interface as when they are working through a non-mobile computer, such as on their personal computer, and see their list of exchanges, all of their documents, all of their contacts, and the like Using an iPad as an example, all of the user's documents may be encrypted when sent to the iPad and decrypted for viewing, such that none of the information is decrypted and stored on the iePad. A user may not be able to print or save from the mobile device. and be provided with a secure document viewer, as described herein, such as partial viewing, eye gaze motion control, watermarking, and the like. [00110] Figs. 9A-9K depict embodiments of the mobile device viewing interface. Fig. 9A shows public vs. private exchange views, where 3 exchanges are visible as restricted by public-private declarations, 31 exchanges are viewed when all exchanges are able to be viewed, and 15 exchanges are viewable with viewing only mobile exchanges. Fig.913 shows functions for accessing exchanges, folders, files, and the like. Note that a message may be displayed if a user attempts to access an exchange or entity without the required declaration. Fig. 9C shows examples of public vs. private document 23 WO 2014/025809 PCT/US2013/053835 iews. Fig. 91D shows examples of adding a document classification, where a document control button may be provided for uploading, an appropriation may be specified, and 1he like. Fig. 9E shows examples of public and private users and groups. Figs. 9F-9G show examples of document access reports. Fig. 91H shows public vs. private views of documents. Figs. 9I-9K sh1ow examples of file uploads to exchanges. [0111] In embodinents, the present invention may provide for technology aspects related to architecture, structural components, facilities, data, communications, analytics. reporting, materials. inbound components, processes. algorithms, and the like. Architecture, structural components, and facility may include ulti-lan-guage support, metadata association, document content processing, documnent content distribution, distributed geo-storage andthe like. Relationships among components may include CRMvI integration, sales force collector, H1CM mtegration, ERP integration, ECM inegration, e-Learning integration, and the like. Data, communications, analytics, and reporting may include user history reporting, activity reporting, permission reporting acce s reporting, audit and compliance reporting, configurable dashboards, self-service reporting (e.g. custom, scheduled, ad-hoc) IMAP folder management, exadata iegration ad the like, [001121 In embodiments, the present invention may provide for product aspects related to features, attributes, benefits, outputs, functional benefits, security, and the like. Products may include integration from a secure data room, public-private bitbrcation in the loan market, secure mobile devices, and the like. Features, attributes, and benefits may include iPad protected documents, bounce-back reporting, branding, channels, alerts, task management, multi-task process management, automatic indexing, migration, automation (e.g. ILIA automation), specialization (e.g. custom fields. custom workflow), very large file support, document management (e.g. review and approve, check-in and out, version control), customizable user interface unified inbox, and the like. Product features may include custom alerts, buyer utilities, bulk addition of files and folders, dynamically indexing information, advanced and federated search and filtering, custom fields and tags, integration with third-party document formats (e.g. Microsoft Office products), add and management of users and groups, multi-file uploads, commenting, compliant archiving, native-format file viewing, business intelligence based on activity reporting, question and answer components. link mapping, secure viewing without plug-ins, unified communication and collaboration (e.g. presence notification, IM-chat-discussion threads, forums and wikis), administration capability, e forms, and the like. Security may include on-demand rights management, access and authentication (e.g. document and content leave] access. multi-factor authentication, single sign-on), data encryption, tracking and audit, intra-structure security (eg. systems protection, security audits), personnel security, process security, encryption, watermarking, and the like. 1001131 In embodiments, the present invention may provide for market aspects related uses, applications, environments of deployment, use scenarios, ecosystems. value chains, system integration, and the like. Applications may include corporate repository, extended team coflaboration, managed file transfer, secure extranet, project lifecycle management, board reportin, lcal extrat, legal repository, legal collaboration, managed file transfer, regulatory audit and reporting, secure extranet, nnancial audit management, fundraising, ivestor communication, contract management, regulatory filings, board of directors' communication, Compliance feed integration, access gatekeeper, project capital finance, project collaboration, supply chain management, contract manufacturing, and the like. Markets may include finance, loan syndication, M&A (e.g. relationship management and marketing activities, client interactions, sending, legal documents and contacts for cornmint, edit, and signature), alternative investments, commercial banking, invesmnit banking, bankruptcy and restructuring, corporate development, construction, life sciences, pharmaceutical, biotechnology, energy and utilities, utility rate case management, insurance, telecommunications, project life cycle management, information technology, legal services, government, manufacturing, real estate. media and entertainment, and the like. Environments of deployment may include corporate development, corporate repository, corporate finance, corporate legal, engineerig, human resources, marketing, general services, research and development, compliance and security, iine of business, and the like. Use scenarios may include, bankruptcy & restructuring, board reporting, business development and licensing, clinical site activation, extended team collaboration, fundraising, initial public offerings (IPOs), investor portals, investor reporting, legal extranet, managed file transfer, mergers and acquisitions, private placements, project lifecycle 24 WO 2014/025809 PCT/US2013/053835 management, regulatory audit and reporting, regulatory case management, safety document distribution, secure extranet, structured finances, syndicated lending, virtual data room, and the like. [00114] Current methods for sharing computer files are not adequately secure in that a user may make errors in sending information, such as with a single, errant click, and send sensitive information into the wrong hands with no way to recover the sent materials. Alternately, sensitive information may be provided to a trusted associate that subsequently leaves a company or department, to a vendor where the user's company subsequently switches vendors, to someone outside the company that is subsequently identified as a risk to the spread of sensitive information, and the like, where the sender would like to revoke access to the shared content. 'The present invention may provide for methods and systems for securely sharing content (e.g . computer data connt, such as documents, presentations, spreadsheets, emnails, biog entries, texts, and the like) that allows for 'un-sharing' of contentt that has been previously shared. The facility to un-share content may be implemented through the content being associated wiih a secure protection feature, such as through digital rights management (DRM I), encryption, pemiussons, and the like. In etbodiments, each content item may shared with the protection feature, where the protection feature sp ecifies a user or group of use-rs that are authorized to access the content for viewing. Then wisen the content is shared wih tihat user, access to the content may be revoked at any titse (e.g. by changing tie DRM. removing access to the key, changing permissions, and the like). Further, if the sender of the content controls the protection feature, then the sender has complete lifetime control of any content they distribute or provide access to. [001I5] 'Ehe secure un-sharing facility may be used to securely share content beyond the secure protective facilities of their enterprise (e.g., allowing secure sharing beyond the firewall of the sender's enterprise), out to users m other companies, into the public space, to users not intended to get the content, and ite like, where the sender imaintains complete control to access of die content, no matter where or to who the content has been distributed. In this way, the secure sharing or content is made to be easy across corporate boundaries at the user level and at the individual content level (e.g., at the level of an individual document). Further, the process allows a user wishing to unshared a content to be discrete in its execution, allowing the sender to revoke access without having to contact or to track down site recipients, who may stot have aly indication sent to them t1at access htas beent revoked. With the unsharing facility, the cogent Simple stops being accessible. And the revoking of access may be for not only the original content, but for all instances of the content, such as copies stored on various devices and computer environments (e.g., stored on desktop, tablet, mobile smart phone, in an application, through a web browser, and the like), copies sent to third parties, and the like. And since the protection feature may apply to all versions, that have been modified (eg., edited versions, redlune versions, conninented versions, signed versions, and the like), access to modified versions of the content may also be revoked when the access to the original content is revoked. [00116] In embodinsents, access to a shared content may require an access authentication to a secure facility, such as the secure exchange server. That is, even if content has been shared with a user, the user may only be able to view tise content if their access is authenticated. Authentication may be a manual login to verify that ste user attempting access to the document is a user that is listed to have access to the content. Alternately, a user that has access may establish a computer device that is tied to their personal authentication, such as through the secure facility. For instance, an authorized user may associate their personal authorization to their portable computing device (e.g., tablet, smart phone), such as where the portable computing device has a password to access the device, tius ensuring that the person requesting the access front the mobile device is the authorized user. [00117] In embodiments, the security process that protects the content, such as a document to be uploaded and armed , may incorporate a plurality of protective steps. For exanmpie, when a document is uploaded a virus scan may he run, permissions may be established, a search idex may be created, digital protection tuay be applied, the document may be converted (e.g. formatted), the document miay be encrypted, and the like, where encryption ay be applied individually so each new content, such as through a randomly generated encryption key. When a download of the document is requested, such as when an authorized user is downloading as part of the document being shared, a random key with a key ID may be generated for that particular document where the document is encrypted with the random key. A tuaster key may be split 25 WO 2014/025809 PCT/US2013/053835 between a database and a file system, where the encrypted random key and random key ID are stored in the database, and the random key may be encrypted with the master key, and the like. Perrmissions, virus scan, watermark, digital protection, and the like may then be applied before delivery of the document. 001181 In embodiments, the un-sharing facility may enable the control of access down to the individual content level., such as with the creation of a new document, which may be part of or be the start of a collaborative social work stream. allowing users to share content, and then initiate and perpetuate conversations and interactions around those contents. Social work streams may support discussion threads, activity streams, and other common social interaction facilities, which may utilize the content as the organizing basis. The process of un-sharing a content May result from removal of the content frnm the work streak. retiring the work stream, removing the individual content entirely, and the like. [00119j The present disclosure describes a secure content sharing and productivity solution for organizations to share confidential and non-confidential content between and aimongst enterprises over a global communication network such as the Internet, including outside enterprise firewalls. The present disclosure may provide a secure content sharing, and collaboration environment that goes beyond the enterprise firewall; establishing a seamless dual use user Workflow environmemt that accostmodates both secure and personal exchange of content without the need for the user to adopt substantially new workflow process and applications; providing sene interfaces for viewing documents using mobile computing devices, such as touch-interface tablets (e.g. including the incorporation of -personal user devices); and the like. [00120] The need for beyond-the-firewall content sharing space has been created by the confluence of technology evolution (e g. cloud computing and virtualzation, portable form factor innovation, 'big data' Bi tools), organizational shifts (e.g. rapidly growing cross-enterprise collaboration, global fragmentation of enterprise, cross-functional teams, demographics shifts), changes in the role of integration technology (e.g. cost and complexity reduction, pressure tor measureabie businessvase, 'computerization' of enterprise IT and 'bring your own device'), government and regulatory issues (e.g. increasing regulations, cyber security threats), and the like that collectively increase the ismportance of easy and secure collaboration of documents and content beyond the enterprise firewall. Other solutions have taken a variety of approaches to address fragments of these requirements, but important unnmet needs remain !or information technology directors, business leaders, and users remain, including in the areas of integration of security/control, ease of use, seamless operation across different 'ways of sharing, and the like. [00121] In embodiments, the system may include methods and systems for providing a single fabric to enhance the most common forms of beyond-the-firewall content sharing, improving individual and team productivity across the extended enterprise while providing unified security and compliance for IT and business leaders; allow users to continue beyond-the-firewvai sharing however they prefer with a single user interface enhancing the security and productivity ofe mail, syne-and-sshare folders. externalized enterprise contests management. and enterprise social collaboration tools; integrate with consumier-focused syne-and-share services where possible to enable their secure and comtpliant use within the enterprise; enhance fonns of collaboration to which users are already accustomed, and not require adoption of a new way of working or collaboration destination; target the unique collaboration and sharing requirements of the extended enterprise and conpiement other enterprise systs; and Use like. [00122] In esmbodiments, a need for a comiprehsensive sharing system stsay include an ease of use and intuitive user interface: with granular security pernissions, to help ensure that unauthorized individuals can't open documents: ability to control consent post-sharing (e.g. the ability to pull back a document), enabling a user to recover and destroy data remotely, such as in using a virtual data rooim; productivity tools integrated with content sharing, consolidating a plurality ofuser iog-iss and passwords; the ability to integrate with existing infrastructure, to eliminate the need for a piurality of sharing tools; providing multiple channels for collaboration in Order to integrate the rmethods and systems into as many productivity plathornns as possible; and the like. [00123] Referring to Fig. 10, the present disclosure describes an exchange content access facility 1008 in association with the secure exchange server 1002 that improves the security with which a plurality of users 1004 collaborate 26 WO 2014/025809 PCT/US2013/053835 freely, including through a plurality of different content sharing devices and facilities, while providing lifetime control of their content. For example, suppose a user sent quarterly sales data to an old accounting firm, employee records to someone outside of HR. the wrong contract to the wrong vendor. When a user 'un-shares', content access may he instantly revoked. including any content that may have been fromt copies of the original content. In embodiments, the user may have total lifetie control of each and every content item. such as documents, emails, communications, and the like. In embodiments, the content may be stored and tracked in a secure database 1012. Users may share and revoke access to content all the way down to the document level, providing a secure place to upload files and share them across devices. In this way, users may be provided a secure storage facility for company sensitive information, where users are able to work more securely, such as wit their existing infrastructure (e.g. seamtiless integration with applications like Microsoft Outlook, SharePoint, and the like). The un-share facility inay allow a user to create a new work stream, securely upload the documents. and work with teams that are enabled to securely collaborate. In addition, the un-sharing facility may provide for reports, audits, summaries, and the like through a dashboard facility, such as a sumunary view of all work streams, customized security settings, ability to add new participants, provide automated reporting, and the like. The exchange content access facility 1008 may utilize a user login data authentication facility 1010 to authenticate users' access to content, where there tmay be the option of having a single sign-on in association with other user logins. In etbodiments, the login may utilize security hashing in a redirect URI., such as to secure the login against Phishing attacks. The single sign-in may extend to mobile devices, including personal mobile devices, were a looktp table may be used to verify that the user has single sign-on capa bilties or not, [001241 In etmbodiments, a tmuethod for nuanaging a networed secure collaborative computer data exchange environment may be provided. The secure exchange server 1002, such as inanaged by an interinediate business entity, may establish a user login data authentication procedure that allows a user to access the secure exchange server, where the secure exchange server may store user login authentication darn for each of the plurality of users, such as in a secure database. Users may access the secure excitange server througit a plurality of different computer devices, applications, communications channels, and the Uike. The user may be one of a plurality ofusers 1004 that work for a plurality of other business entities (e.g., users may be employees of the same business entity or users may be working !or different business entities), where the users of the other business entities communicate with the secure exchange server through a commntuntcations network, such as a wide area network (eg., the Internet). To share a computer content item, a first of the plurality of users mtay request a sharing access from the secure exchange server to a content item to at least a second of the plurality of users. Management for access to the content may be through an exchange content access facility 1008 inanaged by the intermediate business entity. After the exchange server receives the content from the first of the plurality of users, it may grant sharing access to the content when the secure exchange server receives from the second of the plurality of users its client login authentication data (provided tiat the second of the plurality of users is one of the subset of tie plurality ofusers so which staring access is permitted
T
ie second of the plurality of users may then request a copy of tihe content from the secure exchange server, wherein a copy of the content is made. Further, the second of the plurality of users imtay father copy the content onto a plurality of different computing devices, nake changes, revisions, annotations, and the like to a new version of the content, send the content to other users, seno the content to people and contputing devices beyond the boundaries of the business entities, and the like. To un-share te contentt, tie first of the phlrality of users rmuay them nake a request to the secure exchange server to revoke sharing access to the content to the second of the plurality of users As a result, the secure exchange server revokes access by the second user to the content, such as through encryption and DRM facilities described herein. Further. this revocation of the second user's access to the content may similarly be applied to all instances of the content within the plurality of users, wherein the revoking of sharing access to the content revokes access to all instances of te shared content antd all copies of the contentt made by tie plurality of users. it a similar fashion, amy individual that does not have authority to access time content mnay iot have the ability to access amy instance of tIe content. In embodiments, copies of the content may be deleted from the secure data server, wherein the deleting access to the copy of the content is revocation of digital rights management of the content. The digital rights management of the content may be 27 WO 2014/025809 PCT/US2013/053835 controlled in part by the first of the pluralty of users, including revoking access to the content through changes in the digital tights management associated with the content. The content may be a secure enciypted content. Users may securely view the content through a secure viewing facility. Users may be connected to a public network that is outside of the firewall for the business entity that manages them. Users may access the content through a personal comuputing device that is not owned by the business entity that manages them, such as through a personal computer, personal inobile device, and the like. Users through a dashboard facility may interface the exchange content access facility, where the dashboard facility may provide reports showing activity related the sharing of content. Tbe dashboard facility may be accessible through third-party environments. The dashboard facility may track the location and version of the shared content on computing, devices accessible by site at least second of the plurality of users. [001251 Fig. IA provides a non-limiting example of how the Present invention may provide an improved workflow between collaborating individuals. In this workflow scenario, an enterprise knowledge worker 'Fred' (e.g. internal counsel) is collaborating with a chief information officer 'George' who works at the same company as Fred, and an external partner 'Pam' (e.g. external counsel). As shown, in a first step 1021, Fred may sync filet from his personal computer, such as with resources in the cloud. These resources may include syneing with virtual secure data rooi facilities, third-pasty computer sync facilities that are compatible with the present invention, and the like, and may be made available through the dashboard facility. I a second step 1022, Fred may also access his files and have the ability to sync to devices that George has approved, such as through a virtual secure data room, an enterprise or shared enterprise policy facility, and the like. Jn a step thrce 1023, Fred smay view status of a project lie and Paim are working oni, such as through lthe dashboard facility. As part of a process template, he itmay be reminded to send a file to Pam for review, hi a step four 1024, Pam iay receive the file on her iPad, where she opeis it to review, such as through the oobile device viewing facility. In a step five 1025, Fred may now want to share some confidential files with Pam. such as though a virtual secure data room facility, with the ability to 'pull-back' the document from Pam at anytime through the un-sharing facility. In addition, Fred may task Pam to ansotate, review, suarkup, revise, and the like, the file he's sharing, such as through a content creation application (e.g., word processor, spreadsheet application, presentation application, media tool), the ainendient voting facility, the e-signing facility, via the secure viewer facility. and the like. In a step six 1026, based on content inspection and destination, Fred may see his actions are risky and decides to remediate, such as by un-sharing tiae document from Pam's access, as implemented through rie dashboard facility, and rte like. He may then, for instance, choose to share the files as read-only. In a step seven 1027, Pam receives system notificauio on her Macintosh computer, such as through she dashboard facility. In a step eight 1028, Pam annotates the read-only file in the Mac application, and competes the task, such as through an application that Pain is familiar with and integrated for ease of use in the familiar workflow environment created by the present invention. in a step nine 1029, Fred sees that Pam has finished her task, such as though the dashboard facility, opens the annotated file and syncs (eg. via SharePoint). in a step ten 1030, Fred manages teairwork itens against a schedule, and with all tasks competed, closes the project. For instance, the project may have been a loan syndication project, and once complete. Fred msay completely eliminate accessibility to documents and communications that were traismuitted during the transaction, such as removing access to any documents tiat w.re transmitted during execution of the project. In a step eleven 103t, Pam may also revoke files when the project is completed, and files are wiped from her devices, such as the systemu pulling back the files as tracked by the system its a secure database created for the project (which in itself inay be deleted once time project is complete). hi a step twelve 1032, George may see risky sharing activity in his security event management system, and in a step thirteen 1033, see compliance reports and audit information in a govertance, risk management, and compliance (GRC) system, such as through monitoring via the dashboard facility. In embodiments, a workflow thread tmay be initiated within an exchange amongst other business entities, with selected individuals in a micro traissaction, froitm an enail thread, and the like. Int embodimetnts, a user itmay be enabled to create a concept of a big project and use micro-transaction capabilities to break the big project down into smaller projects tiat can link back up to the big project. A user may be able to create tasks out ot their email inbox, turn an email thread into a task, clear a task by converting the e-mail into a work-stream, make an exchange an extension of an enail, and the like. 28 WO 2014/025809 PCT/US2013/053835 1001261 In embodiments, the system may provide for the ability to remotely delete content from a device while the device is off-line or not connected to a network. This capability may be implemented by providing a lease to a desktop application when it starts up and has a successful logon, such as configured by a policy through an administer console. When a device is powered up and a lease period is expired 'without a successfid logon during the lease period, the system may initiate a deletion of files, such as would be the case if the device had been lost or stolen. This application may be a separate desktop service running on the device in the background leg., sleep and awake in pre-defined time intervals). When a device is powered up, the application may record the values of a lease expiration date/time ofa previous successful login. in another instance, the service may try to connect to a server, and if is detects connection failures continuously past the lease expiration date and time, it may assume that eiither ite device no longer needs to rui the application, or it could be lost or stolen. In the case of the device that is subsequently found or re-used, the content may be re-synced for the user once they login to the application successfbly. There may be hard or soft leases implemented in the system. In the instance of a hard lease, files may be deleted permanently on the local machine when the lease is expired. In a soft lease, rather than deleting data, the system may move the data to a random location on the disk where a user cannot find it. For example, the systeis may modify the folder attribute for the data, such as to "-S 1H'. Setting those attributes will mark it as an important operating system file so that the operating system won' display the data ever if settings allow the displav of hidden files and folders. In embodinents, the system may provide for automatically deleting documents, whether the device is online or not, based on a date/time -ange For instance, setting a range of dates for the life of doc-umnts to be between on date/time and another, at which tine all related documents and folders are deleted, The system may also delete documents, folders, desktop, and the like, after a predetermined number of login failure attempts, where the system may provide access again upon restoration of access privileges. 1001271 In embodiments, the system may provide for remotely deleting documents through a limited local access facility, where the user may have access to a document, folder, and the like, only through an encrypted local application i this way, files stay encrypted oni a user inachine and the only way to access them is to use the application titat 'will decrypt the documents. The local application may also be enibedded, as described herein, such as through a browser, where a user may only be able to access documents with credentials that tie to the encryption key. The local application nmay be a viewer application, where documents are distributed through a distribution engine, but where the user can only view the documents using the viewer that would decrypt die document for viewing. 1001281 In embodimnents, the system may integirate the sharing capability with other titird-party environments, such as including existing file sharing solutions (e.g. Drop Box, Google Drive, Skydrive, Boxxcom, Mediarire, SugarSvnc. TitanFile, YouSendIt, SparkleShare, Ubunso One) providing cloud storage, file synchronization, client software, aid the like. In addition to sharing resources, the present invention may also provide a 'share' option withist other third-party day-to-day workilow solutions, such as desktop tools (e.g. Microsoft Office, iWork, Googie Does, OpenOffice, and the like) and enterprise too's (enterprise DBs, CRM tools, analytical tools), and the like, where without departing the interface of the third-party tool or application, the present invention may allow content to be shared outside the enterorise with another party, bit with the secure data room and secure viewing features as described herein (e.g. the ability to track access and viewing, ability to have 'r-ad only' viewing and annotation, secure viewig on a mobile device, ability to pull back a document), and the like likFrher, the present invention may be able to interface with templated secure sharing processes, s as b h nput events and output actions consist with those (e.g., Outlook receives an email from a secure process and signals an action; Linkedln lets a user view and approve a corporate voting item). [001291 In embodiments, the system may enable an organization to maximize the value of contenthy balancing the freedom to share with the necessary control and monitoring provided by the system, which extends the way as organization works, such as by allowing them to share and access content wherever it is needed, controlling and monitoring content wherever it goes, coordinate work across people, organizations and devices as a natural extension of familiar tools and experiences. The system may provide for a full-service, global facility as a 'partner' wherever the user may go, providing visibility and conr-ol of work-centric content, freedom to collaborate, asd the like. The system may provide a 29 WO 2014/025809 PCT/US2013/053835 trusted standard for infonnation security 'beyond the firewall', providing automation and monitoring of corporate information policy, extending a familiar user experience and existing infrastructure, and the like. Collectively, the methods and systetns of the present invention may provide for an intent-based sharing 'fabric' for enabling comprehensive collaboration. [00130] In embodiments, the system may provide for improved connectivity, security, productivity, and the like, as related to a shared collaborative work environment. Productivity may include the ability to assign and manage document-centric business actions (e.g. e-signature), project task management, and the like, such as to provide more structured document sharing platforms (e.g. more than just e-mail, which may be an ad-hoc communication). Security may include role and file-based permission, outside the firewall pullback of document permissions, automatic document content and security classification, and the like. Connectivity may include single secure connection to document sharing tools across devices, secure access to internal ECM platforn for external parties, integration of enterprise-class security into existing sync-and-share tools, and the like, such as to enable access anywhere the client needs it and the ability to make updates to documents easily, regardless of where the user is located. The system may provide advanced analytical features to improve productivity, such as audit cottipliance, document versioning and tracking, document contextualization, historical perfonnance analysis. predictive analytics, task productivity optimization, and the like. The system may also include social collaborative features to improve interactions within projects, such as improved communications within the workflow, secure project management, tablet-based collaboration, synchronous co-editing, social collaboration, a social layer around business applications, and tbe like. 1001311 In emtibodiments, the system imay provide for synchronization and sharing for the individual business professional, including a plurality of channels leg. Windows desktop client, web browser, Microsoft Outlook for Windows, iOS support [such as a native app for the iPhone and iPad]), features (e.g. desktop fie and folder synchronization; secure file sharing from desktop, browser, and iOS; push notifications, collaborative discussion threads and commenting; user self sign-up), for work with business intent (e.g. sending a copy for download, sharing access to a centrally located file for review), administration (e.g. canned activity audit reports, such as for compliance canned accounting reports, such as for billing); centralized group policy, such as 1or security defaults), security (e.g. with strong, per-file encryption and permissions; browser-based, read-only file access; integrated tile information rights management (fIM) and digital rights management (DRM); file access revocation; mobile device security; full compliance audit), and th1 lke. The term 'work with business intent' may include the ability of users to share files 'with intent'. For instance, the intent may come in the form of document tasks that may be assigned to recipients, where the system may let users send files for review, send for signature, send for annotation, comment, and the like. For instance, the system may want to give users the ability to combine document tasks (verbs) into ad-hoc workflows and save as a template, which may also be rferred to as a verb cluster. In atn example, f a manager has to get slides ready fbr a board of directors (BOD) meeting, they may start up a "BOD" workflow that included several document tasks and 'ndividuals responsible. One employees may get a task to comment oni the slide deck, another gets a task to review and appiove the material, and the manager gets a task to sign the document for auditors after the first two tusks are complete. [00132] In embodiments, the system may provide for document collaboration and intent-based 'work', including a plurality of clannels (e.g. native Android, iPhone, and the lik support; pingins for Microsoft Office apps; SharePoint Connector integration; Mac Client [such as file/folder sync]), features (e.g. desktop file and folder synchronization for Mac; tile sharing with intent, such as for document-centric work assignment and task management; calendaring; in-document task completion; collaborative editing and annotation; 'in-app' publishing and collaborati, such as c i/out), for work with business intent (e.g. work items such as send for review and approval, send for feedback and annotation, request edits to a document, send for electronic signature, request form completion), administration (en.g bulk user administration through active directory, UIl customization and branding, report creation and scheduling), security (e.g. device registration, data loss prevention filters, such as reminders to users when they share files in a risky way; remote device wipe), and the like. 30 WO 2014/025809 PCT/US2013/053835 [00133] In enbodiments, the system may provide for enterprise integration and business process management, including a plurality of channels (e.g. published integration API, third-party app integration, Outlook for Mac), features (e.g. work terlate creation, team collaboration spaces, milestone and project management, in-browser docutnent editing), for work with business intent (eg. work itom customization, such as combining document tasks to create lightweight ad-hoc business processes). administration (e.g. user and administator-authored business process), security (e.g. data loss prevention, such as blocking unsafe actions; security information manager (SIM) and security event manager (SEM) integration; customer managed encryption keys; governance, risk management, and compliance (GRC) system integration), and the like. For instance, disclosed features (e.g. an un-sharing feature to pull back documents as described herein) may be embedded into daily use tools, such as into communications software (e.g. Microsoft Outlook, Gmail), browsers (e.g. Windows Explorer, Firefox, Saiari), Enterprise Resource Planning (ERP) applications, legal systems, colaboration systems, and the like, and to make it easily available and easy to nse. All these systems have a need to distribute documents outside the enterprise firewall to users who are not logging into these systems on a daily basis, and by embedding these capabilities enables users for secure sharing, auditirg, compliance, and the like for documents within user applications. In an example, suppose sales personnel are building a quote for a customer in a third-party application, such as Salesforce.com for instance. Typically, users would have the ability to mail the quote directly, or to download the document and email it, where there is no audit or compliance within the third-party application for these quotes. With the use of an embedded capability, the document would be sent directly from the third-paity application with the system's secure sharing audit and compliance capabilities, ability to pull back (un-sharing) documents, and would be available from within 1th third party application. The embedded service tmlay have the standard components to make this service possible, such as SSO authentication, file viewer, policy definition, auditing, device provisioning, user profiles and compliance, and the like, where these would be built like a service and may be integrated directly into the standard enterprise applications. Security rules may also be implemented in the embedded system, such as with a range of security (e.g., ranging from public to highly secure), screen capture and viewing protection, device control, auditing enforced, and the like. [00134] While the invention has been described in connection with certain preferred embodiments, other embodiments would be understood by one of ordinary skill in the art and are encompassed herein. [00135] The methods and systems described herein may be deployed in part or in whole through a machine that executes computer software, program codes, and/or instructions on a processor. The present invention may be inplemnented as a method on the machine, as a system or apparatus as part of or in relation to the machine, or as a computer program product embodied in a computer readable medium executing on one or more of the machines. The processor may be part of a server, client, network infrastructure, mobile computing platform, stationary computing platform, or other computing platform. A processor may be any kind of computational or processing device capable of executing program instructions, codes, binary instuctions and the like. The processor mnlay be or include a signal processor, digital processor, cmbedded processor, microprocessor or any variant such as a co-processor (snath co-processor, graphic co-processor, communication co-processor and the like) and the like that inay directly or indirectly facilitate execution of prograin code or program instructions stored thereon. In addition, lhe processor may enable execution of multiple programs. threads. and codes. The threads may be executed simultaneously to enhance the performance of the processor and to facilitate simultaneous operations of the application. By way of implententation. methods, program codes, program instructions and the like described herein may be implemented in one or miore thread. The thread may spawn other threads that may have assigned priorities associated with them; the processor may execute these threads based on priority or any other order based on insirnctions provided in the program code. The processor may include memory that stores methods, codes, instructions and programs as described herein and elsewhere. The processor may access a storage medium through an interface that may store methods, codes, and instructions as described hereis and elsewhere. The storage medium associated with the processor for storing methods, prograins, codes, prograin instructions or other type of instructions capable of being executed by the computing or processing device may include but may not be limited to one or more of a CD-ROM, DVD,. memory, hard disk, flash drive, RAM, ROM, cache and the like. 31 WO 2014/025809 PCT/US2013/053835 [00136] A processor may include one or more cores that may enhance speed and performance of a mustiprocessor. In embodiments, the process may be a dual core processor, quad core processors, other chip-level muttiprocessor and the like that combine two or more independent cores (called a die). [001371 'he methods and systems described herein may be deployed in part or in whole through a machine that executes computer software on a server, client, firewall, gateway, hub, router, or other such computer and/or networking hardware. The software program may be associated with a server that may include a file server, print server, domain server, internet server, intranet server and other variants such as secondary server, host server, distributed server and the like. The server may include one or more ot memories, processors, computer readable media, storage media, ports (physical and vrsual), comni icaio devices, and interfaces capable of accessing other servers, clients, machines, and devices through a wired or a wireless medium, and the like. The methods, programs or codes as described herein and elsewhere may be executed by the server. In addition, other devices required for execution of methods as described in this application may be considered as a part of the infrastructure associated with the server. [00138] The server may provide an interface to other devices including, without limitation, clients, other servers, printers, database servers, print servers, file servers, communications servers distributed servers and tie like. Additionally, this coupling and/or connection may facilitate remote execution of program across the network. The networking of some or all of these devices may facilitate parallel processing of a program or method at one or more location 'without deviating from the scope of the invention. In addition, any of the devices attached to the server through an interface may include at least one storage medium capable of storing methods, programs, code and/or instructions. A central repository may provide program instructions to be executed Oni dfferent devices. in this implementation, the remote repository may act as a storage medium hor program code, instructions, and programs. [00139] The software program may be associated with a client that may include a file client, print client, domain client, internet client, intranet client and other variants such as secondary client, host client, distributed client and the like. The ciiet may include one or more of memories, processors, computer readable media, storage media, ports (pihysical and virtual), communication devices, and interfaces capable of accessing other clients, servers, machines, and devices through a wired or a wireless medium, and the like. The methods, programs or codes as described herein and elsewhere may be executed by the client. In addition, other devices required for execution of methods as described in this application may be considered as a part of the infrastructure associated with the client. [00140] The client may provide ait interface to other devices including, without limitation, servers, other clients, printers, database servers. print servers, file servers, communication servers, distributed servers and the like. Additionally, this coupling and/or connection may tacilitate remote execution of program across the network. The networking of some or all of these devices may facilitate parallel processing of a program or method at one or more location without deviating from the scope of the invention. In addition, any of the devices attached to tihe client through an interface may include at least one storage medium capable of storing methods, programs, applications, code and/or instructions. A central repository may provide program instructions to be executed on different devices. In this implementation, the remote repository may act as a storage medium for program code, instructions, and programs. [00141] The methods and systems described herein may be deployed in part or in whole through network infrastructures. The network infrastructure may include elements such as computing devices, servers, routers, hubs, firewalls, clients, personal computers, communication devices, routing devices and other active and passive devices, facilitys and/or components as known in the art. The computing and/or non-computing devices) associated with the network infrastructure may include, apart from other components, a storage medium such as flash memory, buffer, stack, RAM, ROM and the like. The processes, methods, program codes, instructions described herein and elsewhere may be executed by one or more of the network infrastructure elements [00142] The methods, program codes, and instructions described herein and elsewhere may be implemented on a cellular network having unfltiple cells. The cellular network may either be frequency division mutipie access (FDMA) network or code division multiple access (CDMA) network. fhe cellular network may inside mobile devices, cell sites, 32 WO 2014/025809 PCT/US2013/053835 base stations, repeaters, antennas, towers, and the like. The cell network may be a (iSM, GPRS, 3G, EVDO, mesh, or other networks types. [00143] The methods, programs codes, and instructions described herein and elsewhere may be implemented on or through mobile devices. The mobile devices may include navigation devices, cell phones, mobile phones, mobile personal digital assistants, laptops, palmtops, netbooks. pagers, electronic books readers, music players and the like. These devices may include, apart from other components, a storage medium such as a flash memory, buffer, RAM, ROM and one or more computing devices. The computing devices associated with mobile devices may be enabled to execute program codes, methods, and instructions stored thereon, Alternatively, the mobile devices may be configured to execute instructions ir collaboration wish other devices. The mobile devices may communicate with base stations interfaced with servers and configured to execute program codes. The mobile devices may communicate on a peer to peer network, mesh network, or other communications network. The program code may be stored on the storage medium associated with the server and executed by a computing device embedded within the server. The base station may include a computing device and a storage medium. The storage device may store program codes and instructions executed by the computing devices associated with the base station. [00144] The computer software, program codes, and/or instructions may be stored and/or accessed on machine readable media that may include: computer components, devices, and recording media that retain digital data used for computing for some interval of time: semiconductor storage known as random access memory (RAM); mass storage typically for more permanent storage, such as optical dishes, forms of magnetic storage like hard disks, tapes, drums, cards and other types; processor registers, cache memory, volatile memory, non-volatile memory; optical storage such as CD, VD; removable media such as flash memory (e.g. ISB sticks or keys), floppy disks, magnetic tape, paper tape, punch cards, standalone RAM disks, Zip drives, removable mass storage, off-line, and the like; other computer memory such as dynamic memory, static memory, read/write storage, mutable storage, read only, random access, sequential access, location addressable. file addressable, content addressable, network attached storage, storage area network, bar codes, magnetic ink, and the like. [00145] The nethods and systems described herein may transforms physical and/or or intangible items from one state to another. The methods and systems described herein may also transfbrm data representing physical and/or intangible items from one state to another. [00146] The elements described and depicted herein including in flow charts and binek diagrams throughout tie figures, imply logical boundaries between the elements. However, according to software or hardware engineering practices, the depicted elements and the functions thereof may be implemented on machines 1hrou.h computer executable media having a processor capable of executing program instructions stored thereon as a monolithic software structure, as standalone software facilities, or as facilities that employ external routines, code, services, and so forth, or any combination of these, and all such implemientations may be within she scope of the present disclosure. Examples of such machines miay include, but may not be limited to, personal digital assistants, laptops, personal computers. mobile phones, other handheld computing devices, medical equipment, wired or wireless communication devices, transducers, chips, calculators, satellites, tablet PCs, electronic books, gadgets, electronic devices, devices having artificial intelligence, computing devices, networking equipients, servers, routers and the like. Furthermore, the elemisents depicted in the flow chart and block diagrams or any other logical components may be iuplemented on a machine capable of executing program instructions. Thus, while the foregoing drawings and descriptions set forth functional aspects of the disclosed systems, no particular arrangement of software tor implementing these finictional aspects should be inferred from these descriptions unless expicitly stated or otherwise clear from the context. Similarly, it will be appreciated that the various steps identified and described above may be varied, and that the order of steps may be adapted to particular applications of the techniques disclosed herein. All such variations and modifications are intended to fall within the scope of this disclosure. As such, thie depiction and/or description of an order for various steps should not be understood to require a particular order of execution for those steps, unless required by a particular application, or explicitly stated or otherwise clear from the context. 33 WO 2014/025809 PCT/US2013/053835 1001471 The methods and/or processes described above, and steps thereof, may he realized in hardware. software or any combination of hardware and software suitable for a particular application. The hardware may include a general purpose computer and/or dedicated computing device or specific computing device or particular aspect or component of a specific computing device. 'fiTe processes may be realized in one or iore microprocessors, microcontrollers, embedded microcontrollers, programmable digital signal processors or other programmable device, along with internal and/or external memory. 'ihe processes may also, or instead, be emrbodied in ar application specific integrated circuit, a progranmable gate array, programmable array logic, or any other device or combination of devices that may be configured to process electronic signals. It will further be appreciated that one or more of the processes may be realized as a computer executable code capable of being executed on a irracine-readable medium. 1001481 The computer executable code inay be created using a structured programming language such as C. an object oriented programming language such as C-+ or any other high-level or low-level programming language (including assembly languages, hardware description languages, and database programming languages and technologies) that may be stored, compiled or interpreted to ni on one of the above devices, as well as heterogeneous combinations of processors, processor architectures, or combinations of different hardware and software, or any other machine capable of executing program instructions. 1001491 Thus, in one aspect, each method described above and combinations thereof may be embodied in computer executable code that., when executing on one or more computing devices, performs the steps thereof In another aspect, the methods may be embodied in systems that perform the steps thereof, and rmay be distributed across devices n a number of ways, or all of the -functionality rmsay be integrated into a dedicated, standalone device or other hardware. In another aspect, the means for performing the steps associated with the processes described above may include any of 'ie hardware and/or software described above. All such permutations and combinations are intended to fall within the scope of the present disclosure. 00150] While tie invention has been disclosed in connection with the preferred embodimirents shown and described in detail, various inodifications and improvements thereon will become readily apparent to those skilled in 'die art. Accordingly, the spirit and scope of the present invention is not to be limited by the foregoing examples, hutls to be understood in the broadest sense allowable by law. [00151] All documents referenced herein are hereby incorporated by reference. 34

Claims (25)

1. A method for nanaging a networked secure collaborative computer data exchange environment, the method comprising: establishing, by a secure exchange server managed by an intermediate business entity, a user login data authentication procedure that allows a user through at least one client computing device to access the secure exchange seer, wherein the user is one of a plurality of users of a plurality of other business entities and communications between the secure exchange server and the plurality of users is through a communications network; storing, by the secure exchange server, at least one user login authentication data Ibr at least one of the plurality of users: receiving a computer data content from a first of the plurality of users, wherein the first of the plurality of users permits a sharing access to the computer data content to at least a second of the plurality of users, and where management for access lo the computer data content is through an exchange content access facility managed by the intermediate business entity; granting, by the secure exchange server, sharing access to the computer data content to the at least second of the plurality of users when the secure exchange server receives from the second of the plurality of users its client login authentication data provided that the second of the plurality of users is one of the subset of the plurality of users to which sharing access is permitted; receiving a request from the at least second of the plurality of users to access a copy of the computer data content; granting, by the secure exchange server, the copy access request to the at least second of the plurality ofiusers, wherein a copy of the computer data contentis made; receiving from the first of the plurality of users a request to revoke sharing access to the computer data content to the at least second ofthe plurality of users; revoking, by the secure exchange server, sharing access to the computer data content to the at least second of the plurality of users; and deleting access, by the secure exchange server, to the copy of the computer data content made by the at least second of the plurality ofusers.
2. The method of claim I, further comprising additional sharing of the computer data content within the plurality ofusers, wherein the revoking of sharing access to the computer data content revokes access to all instances of the shared computer data content and all copies of the computer data content made by the plurality of users.
3. The method of claim 1, wherein the copy of the computer data content is stored on the secure data server.
4. The method of claim 3, wherein the copy of the computer data content is deleted from the secure data server.
5. The method of claim 3, wherein the deleting access to the computer data content makes the computer data content inaccessible to the at least the second of the plurality of users.
6. The method of claim 1, wherein the copy of the computer data content is stored on a client computing device by the at least second of the plurality of users. 35 WO 2014/025809 PCT/US2013/053835
7. The method of claim 6, wherein the deleting access to the copy of the computer data content is revocation of digital rights management of the computer data content.
8. The method of claim 7, wherein the revocation of the digital rights management of the computer data content is made by the first of the plurality of users.
9. The method of claim 1, wherein the computer data content is at least one of a word processor document, a spreadsheet document, and a presentation document.
10. The method of claim 1, wherein the computer data content is at least one of an mail, a text, and a biog entry.
I1. The method of claim 1, wherein the computer data content is a multimedia file.
12. The method of claim 1, wherein the computer data content is a secure encrypted computer data content.
13. The method of claim 1, wherein the computer data content is viewed by the at least second of the plurality of client users through a secure viewing facility.
14. The method of claim 1, wherein the at least second of the plurality of users is connected to a pubhe network that is outside of the firewall for the business entity that manages the first or second of the plurality of users.
15. The method of claim 1, wherein the at least second of the plurality of users accesses the computer data content through a personal computing device that is not owned by the business atity that manages the at least second of the phuality of users.
16. The method of clain 1, wherein the at least second of the plurality ofusers accesses the computer data content through a mobile computing device.
17. The metitod ofclim 1, wi-rein the exchange content access facility is iterfaced through a dasihoard facility accessible though at least the first of the plurality of users.
18. The method of claim 17, wherein the dashboard facility provides reports showing activity related the sharing. of computer data content.
19. The method of claim 17, wherein the dashboard facility is accessible through third-party environments.
20. The method of claim 17, wherein the dashboard facility tracks the location and version of the shared computer data content on cotuputing devices accessible by the at least second of tite plurality of users.
21. The method of claim 1, wherein the communications network is the Internet.
22. A method for managing a networked secure collaborative computer data exchange environment, the method compising: establishing, by a secure exchange server managed by an intermediate business entity, a user login data authentication procedure that allows a user through at least one client computing device to access the secure exchange server, wherein the user is one of a plurality of users of a plurality of other business entities and 36 WO 2014/025809 PCT/US2013/053835 communications between the secure exchange server and the plurality of users is through a communications network; storing, by the secure exchange server, at least one user login authentication data for each of the plurality of users; receiving a computer data content from a first of the plurality ofusers. wherein the first of the plurality of users permits a sharing access to the computer data content to a subset of the plurality of users, and wherein management for access to the computer data content is through an exchange content access facility managed by the intermediate business entity; granting, by the secure exchange server, sharing access to the computer data content to individuals within the subset of the plurality of users when the secure exchange server receives from the individuals their chent login authentication data; receiving a request trom at least a second of the plurality of users to access a copy of the computer data content; granting, by the secure exchange server, the copy access request to the at least second of the plurality of users, wherein a copy of the comr'pier data content is made; receiving from tite first of the lurality of users a request to revoke staring access to the computer data content to the subset of the pluralt of users; and revoking, by the secure exchange server, sharing access to all instances of the computer data content to the subset of the plurality of use
23. The method of claim 22, wherein tih revoking of shared access to all instances of the computer data content is revoking shared access to all instances of the computer data content on all computer devices that the subset of the plurality of users have stored the computer data content.
24 The method of claim 23, vherein the stored computer data content is a copy of the computer data content
25. The method of clain 23, wherein the stored computer data content is an annotated version of the computer data content. 37
AU2013299720A 2012-08-06 2013-08-06 Computerized method and system for managing secure content sharing in a networked secure collaborative exchange environment Active AU2013299720B2 (en)

Applications Claiming Priority (11)

Application Number Priority Date Filing Date Title
US201261680115P 2012-08-06 2012-08-06
US61/680,115 2012-08-06
US201261702587P 2012-09-18 2012-09-18
US61/702,587 2012-09-18
US201261715989P 2012-10-19 2012-10-19
US61/715,989 2012-10-19
US201261734890P 2012-12-07 2012-12-07
US61/734,890 2012-12-07
US201361783868P 2013-03-14 2013-03-14
US61/783,868 2013-03-14
PCT/US2013/053835 WO2014025809A1 (en) 2012-08-06 2013-08-06 Computerized method and system for managing secure content sharing in a networked secure collaborative exchange environment

Publications (2)

Publication Number Publication Date
AU2013299720A1 true AU2013299720A1 (en) 2015-02-26
AU2013299720B2 AU2013299720B2 (en) 2019-07-18

Family

ID=50068528

Family Applications (1)

Application Number Title Priority Date Filing Date
AU2013299720A Active AU2013299720B2 (en) 2012-08-06 2013-08-06 Computerized method and system for managing secure content sharing in a networked secure collaborative exchange environment

Country Status (4)

Country Link
EP (1) EP2880582A4 (en)
AU (1) AU2013299720B2 (en)
CA (1) CA2880904A1 (en)
WO (1) WO2014025809A1 (en)

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9069436B1 (en) 2005-04-01 2015-06-30 Intralinks, Inc. System and method for information delivery based on at least one self-declared user attribute
US9251360B2 (en) 2012-04-27 2016-02-02 Intralinks, Inc. Computerized method and system for managing secure mobile device content viewing in a networked secure collaborative exchange environment
US9253176B2 (en) 2012-04-27 2016-02-02 Intralinks, Inc. Computerized method and system for managing secure content sharing in a networked secure collaborative exchange environment
US9553860B2 (en) 2012-04-27 2017-01-24 Intralinks, Inc. Email effectivity facility in a networked secure collaborative exchange environment
AU2013251304B2 (en) 2012-04-27 2018-12-20 Intralinks, Inc. Computerized method and system for managing networked secure collaborative exchange
WO2015073708A1 (en) 2013-11-14 2015-05-21 Intralinks, Inc. Litigation support in cloud-hosted file sharing and collaboration
US9613190B2 (en) 2014-04-23 2017-04-04 Intralinks, Inc. Systems and methods of secure data exchange
US9621357B2 (en) * 2014-10-16 2017-04-11 Verato, Inc. System and method for providing consent management
US10033702B2 (en) 2015-08-05 2018-07-24 Intralinks, Inc. Systems and methods of secure data exchange
US10148826B2 (en) 2015-08-28 2018-12-04 At&T Intellectual Property I, L.P. Methods and apparatus to interface with different service provider information technology systems supporting service ordering
CN108259514B (en) * 2018-03-26 2020-11-24 平安科技(深圳)有限公司 Vulnerability detection method and device, computer equipment and storage medium
EP4195618A1 (en) 2020-04-30 2023-06-14 Beijing Bytedance Network Technology Co., Ltd. Information sharing method, information display method, apparatus, electronic device, and storage medium
CN113595855B (en) * 2020-04-30 2022-04-12 北京字节跳动网络技术有限公司 Information sharing method and device, electronic equipment and storage medium
CN113938452A (en) * 2021-10-12 2022-01-14 田景和 Restrictive content sharing method and system for WeChat client, and storable medium
CN116562627A (en) * 2023-05-19 2023-08-08 中国电信股份有限公司湖州分公司 Security risk management method, system, equipment, medium and product

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020016910A1 (en) * 2000-02-11 2002-02-07 Wright Robert P. Method for secure distribution of documents over electronic networks
JP4327377B2 (en) * 2001-04-23 2009-09-09 富士フイルム株式会社 Image management server, server control method, terminal device, terminal control method, and client server system
US7574488B2 (en) * 2002-05-31 2009-08-11 Hitachi, Ltd. Method and apparatus for peer-to-peer file sharing
WO2007086015A2 (en) * 2006-01-30 2007-08-02 Koninklijke Philips Electronics N.V. Secure transfer of content ownership
US7991838B2 (en) * 2006-03-31 2011-08-02 Business Objects Software Ltd. Apparatus and method for report sharing within an instant messaging framework
US20090328171A1 (en) * 2007-05-25 2009-12-31 Si Corporation Method and system for secure remote storage of electronic media
US20100005520A1 (en) * 2008-06-06 2010-01-07 Mekey Llc Personal area social networking
US20110184998A1 (en) * 2010-01-22 2011-07-28 Palahnuk Samuel L Universally accessible encrypted internet file system for wired and wireless computing devices supplanting synchronization, backup and email file attachment
US8931034B2 (en) * 2010-06-25 2015-01-06 Telefonaktiebolaget L M Ericsson (Publ) System, method, and policy engine for granting temporary access to electronic content
WO2012070930A1 (en) * 2010-11-24 2012-05-31 Greenflower Intercode Holding B.V. User -friendly method and system for compiling a unique sample code for a digital sample with the help of a user - interface

Also Published As

Publication number Publication date
AU2013299720B2 (en) 2019-07-18
CA2880904A1 (en) 2014-02-13
EP2880582A1 (en) 2015-06-10
EP2880582A4 (en) 2016-04-20
WO2014025809A1 (en) 2014-02-13

Similar Documents

Publication Publication Date Title
US9654450B2 (en) Computerized method and system for managing secure content sharing in a networked secure collaborative exchange environment with customer managed keys
US10013566B2 (en) System and method for managing collaboration in a networked secure exchange environment
US10356095B2 (en) Email effectivity facilty in a networked secure collaborative exchange environment
US10346937B2 (en) Litigation support in cloud-hosted file sharing and collaboration
AU2013251304B2 (en) Computerized method and system for managing networked secure collaborative exchange
AU2013299720B2 (en) Computerized method and system for managing secure content sharing in a networked secure collaborative exchange environment
CA2887211C (en) Computerized method and system for managing networked secure collaborative exchange environment
US20140245015A1 (en) Offline file access
US20140304836A1 (en) Digital rights management through virtual container partitioning
US20140189483A1 (en) Spreadsheet viewer facility
AU2017208203A1 (en) Customizable secure data exchange environment
CA2901630A1 (en) Computerized method and system for managing networked secure collaborative exchange environment

Legal Events

Date Code Title Description
DA3 Amendments made section 104

Free format text: THE NATURE OF THE AMENDMENT IS: AMEND THE NAME OF THE INVENTOR TO READ FORD, CHRISTOPHER; CALLISON, WADE; SIDDIQUI, FAHIM AND HAKHINIAN, MUSHEGH

FGA Letters patent sealed or granted (standard patent)