WO2011098749A2 - A method and system for providing a collaborative working environment - Google Patents

A method and system for providing a collaborative working environment Download PDF

Info

Publication number
WO2011098749A2
WO2011098749A2 PCT/GB2011/000092 GB2011000092W WO2011098749A2 WO 2011098749 A2 WO2011098749 A2 WO 2011098749A2 GB 2011000092 W GB2011000092 W GB 2011000092W WO 2011098749 A2 WO2011098749 A2 WO 2011098749A2
Authority
WO
WIPO (PCT)
Prior art keywords
subgroup
users
working environment
shared virtual
workspace
Prior art date
Application number
PCT/GB2011/000092
Other languages
French (fr)
Other versions
WO2011098749A3 (en
Inventor
Doug Watson
Andy Vooght
Original Assignee
Thales Holdings Uk Plc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Thales Holdings Uk Plc filed Critical Thales Holdings Uk Plc
Publication of WO2011098749A2 publication Critical patent/WO2011098749A2/en
Publication of WO2011098749A3 publication Critical patent/WO2011098749A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/104Grouping of entities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/451Execution arrangements for user interfaces
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2117User registration
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2147Locking files

Definitions

  • the present invention relates to shared workspaces in computer networks.
  • a collaborative work environment previously developed by the present applicant is the nuVa (TM) system, which provides a hands-on, user centric collaborative work environment in the form of a software Graphical User Interface (GUI).
  • GUI Graphical User Interface
  • TM TM
  • users are immersed in a real-time digital representation of a desk-top working environment that mimics a real world "round-table" working situation.
  • a group of users can sit around a shared nuVa (TM) desk in a single room to collaborate securely with other individual users or groups of users in remotely located rooms or locations.
  • the nuVa (TM) system allows user input devices such as pens to be used by multiple users at the same desk, to facilitate group collaboration.
  • Any kind of electronic media e.g. documents, photographs, CAD drawings, etc, can be
  • the present inventors have devised improvements to such shared workspaces and shared working environments.
  • One aspect of the present invention provides a method and system for running a shared working environment for users on a plurality of networked computers, the system comprising: selection means for selecting a subgroup of users for display of restricted materials; access control means for maintaining details of users of the shared working environment, and details of user subgroups; display means for generating a display signal to represent a shared workspace for a particular subgroup of users; and secure connection means for allowing users in said particular subgroup to receive said signal and to use said shared workspace.
  • a further aspect of the invention provides a computer workstation for use in a shared virtual working environment, the shared virtual working environment comprising a plurality of networked computer workstations each having one or more users, the computer workstation comprising: a network interface for communicating with other computer workstations in the shared virtual working environment; a display controller for controlling a display to display a visual representation of the shared virtual working environment; a user interface controller for receiving a user input to define a subgroup of users in the shared virtual working environment; and a subgroup controller for setting up a subgroup workspace in the shared virtual working environment, the subgroup workspace being accessible only to said subgroup of users, and for enabling sharing of files or data allocated to the subgroup with other users in the subgroup.
  • the visual representation of the shared virtual working environment may be a shared virtual desktop.
  • the display controller may be configured to display the subgroup workspace as a tile or other area on the shared virtual desktop.
  • the display controller may be configured to display a private workspace area of a user of the workstation as a tile or other area on the shared virtual desktop.
  • the display controller may be configured to display a public workspace area that is accessible to all users of the shared virtual working environment as a tile or other area on the shared virtual desktop.
  • the display controller may be configured to use colour coding to indicate different workspace areas with different user access permissions in the visual representation of the shared virtual working environment.
  • the user interface controller may be configured to receive a user input corresponding to annotations on a shared document, to save the annotations as an overlay for the document, and to send the overlay to other users in the subgroup.
  • the display controller may be configured to display a high resolution screen area for display of documents, and a low resolution screen area for the parking of documents.
  • the low resolution area is located at the periphery of the high resolution area or in a separate window to the high resolution area.
  • At least some of the files or data allocated to the subgroup may be in an encrypted format and may be stored in secure digital containers.
  • the digital containers may use multiple security levels to allow different levels of access to different users.
  • the workstation may be configured to share key information for generating a decryption key for the digital containers with an authorisation server, to allow the authorisation server to distribute the decryption key to other users who have authorisation to decrypt the digital containers.
  • the subgroup controller may be configured to send information on users in a subgroup to the authorisation server, to enable the users in the subgroup to be authorised to receive a decryption key from the authorisation server for encrypted files allocated to the subgroup.
  • Embodiments of the invention may be implemented by software as a Graphical User Interface (GUI), for example, as an upgrade to the above-described nuVa (TM) system.
  • GUI Graphical User Interface
  • Figure 1 is a block diagram of a computer workstation in an embodiment of the invention
  • Figure 2 is a flowchart showing a process according to an embodiment of the invention
  • Figure 3 is a screenshot showing a dialog box for inviting users to a workspace
  • Figure 4 is a screenshot showing an example of a public shared desktop with an opened public document and tiles having private and subgroup workspaces;
  • Figure 5 is a screenshot showing a subgroup workspace desktop with an opened limited share document and a public workspace tile area
  • Figure 6 is an example screen layout showing a central high resolution working area for viewing documents, and a peripheral lower resolution area used as a document park;
  • Figure 7 is a block diagram showing the system architecture of the OBSCURE system for security protection by digital containers
  • Figure 8 is a block diagram showing the structure of a digital container for data encryption in an embodiment of the invention.
  • Figure 9 is a block diagram showing a system with multiple workstations and an authorisation server, according to an embodiment of the invention.
  • computers at several remote sites can connect together and form a remote collaboration sharing a common collaborative desktop.
  • One or more computers at each site joins in the remote collaboration, providing a number of workstations in the remote collaboration.
  • Each of these workstations may be suitable for use by a single user, or a plurality of users.
  • the workstation 100 includes a document store 101 for local storage of documents, a network interface 105, an access controller 102 for maintaining a list 103 of users of the remote collaboration and details 104 of subgroups defined within the remote collaboration, a display controller 106 for controlling a display and a user interface controller 107 for receiving user input data.
  • the access controller may be located at a remote server or other computer, instead of at the workstation.
  • the workstation 100 is shown as connected to a touchscreen 110, which provides a graphical display of the remote collaboration environment, and provides a user input device to open and annotate documents.
  • the touchscreen may be provided as a tabletop touchscreen that mimics a real work desk. In other embodiments, separate displays and input devices may be used. In another example, a screen may be used with light sensitive pen-type or pointer-type user interface devices.
  • On the screen 1 10, two files 1 15 and 1 16 are shown as open.
  • a first user may use a first user input device 1 1 1 such as a pen, stylus, wand, mouse, trackerball, etc, to annotate one of the open files 115.
  • a second user may use a second user input device 1 12 of any type to annotate the same open file 115 or a different file 1 16.
  • the two user input devices 1 11 , 112 may result in differently coloured annotations on the files, so that it is clear which user has made which annotation.
  • Some other files 1 17 are shown on the display in a minimised format, and these are currently not open. Either of the first and second user may open any of these files and annotate them. In other embodiments, only a single user, or more than two users may be set up to use the workstation at the same time.
  • the workstation 100 is connected to other workstations via the network interface 105 and a network connection, to form a remote collaboration with other workstations.
  • all workstations in the remote collaboration initially display a common shared desktop.
  • any member of the remote collaboration may set up a private workspace, which only that member can view. That member can then choose to share that private workspace and associated documents with a subset of the other members in the collaboration, so that only this subset of members will be able to view and interact with the documents in the limited share workspace.
  • the private workspace then effectively becomes a subgroup workspace.
  • a subgroup workspace may be created as a new workspace.
  • the subgroup workspace may be presented as an area of the desktop containing documents that only a subset of remote collaborators can view and interact with.
  • Each member of the subset of the collaboration is provided with a representation of the subgroup workspace on their desktop.
  • Documents can be added to the subgroup workspace by any collaborator that has visibility of it and the documents will only be visible to members of the subgroup workspace. Any interaction with documents or data in the subgroup workspace, such as annotations on a document, is configured as being only visible to members of that subgroup workspace. This models what may occur in a real meeting where a printed document is only shared among a subset of people at a meeting and allows commercially sensitive information to be shared only amongst trusted users.
  • workstations in the remote collaboration may be set up to initially display both a private and a public workspace.
  • the private workspace may provide access to local files and data on the workstation, and may be kept private from other members of the collaboration.
  • a member of the remote collaboration may choose to share their default private workspace with one or more other member, and/or they may set up a subgroup workspace for sharing with other members, which is used for just a limited set of files, data or links.
  • the workstation may be configured to allow a member to move or create files, data or links into or out of one or more of the private workspace, subgroup workspace and public workspace.
  • a plurality of further private workspaces may be created as required. For example, one private workspace may be created and shared with members in a first subgroup, and another private workspace may be created and shared with other members in a second subgroup.
  • FIG. 2 is a flowchart showing a process of setting up and utilisation of a subgroup workspace, according to an embodiment of the invention.
  • the process starts at step S201.
  • step S202 a number of workstations communicate with each other to set up a common shared subgroup workspace for members of the remote collaboration.
  • a member of the remote collaboration initiates a subgroup workspace
  • that member may choose which other members in the collaboration are authorised to see the information that will appear in the subgroup workspace. This is shown at step S203.
  • the selected members are given access to the subgroup workspace, and are able to view it, e.g. as a tile or other area on their desktop.
  • another user places one or more documents in the subgroup workspace, giving the other members of the subgroup workspace access to read and edit this document, thus allowing document sharing.
  • the annotation is transmitted to and made visible to other users in the subgroup workspace.
  • subgroups may be set up using existing predetermined lists of subgroup members, e.g. relating to particular committees, teams, or other organisational structures. Members of the collaboration may be able to initiate such a predetermined subgroup, by selecting an option to initiate it rather than having to individually specify all the members. This initiation option may be restricted to any member of the list, or to particular nominated members.
  • subgroups may be limited to members of the collaboration who are currently online. Even if a predetermined list of members was used to initiate a subgroup, only members within the list who were currently logged in would be allowed access.
  • subgroups may be set up to include members who were not currently online or logged on to the remote collaboration system. If these members did log on during the time in which the subgroup was active, they may be automatically connected to the subgroup, and given access to the shared documents. A tile or window may be automatically opened on their desktop to indicate to them that they had access to the subgroup workspace.
  • FIG. 3 shows a screenshot of a dialog box provided to allow a member of a remote collaboration to define a new subgroup by selecting individual users from a list of all users who are currently in the remote collaboration.
  • the list that is shown may be restricted according to predetermined conditions or criteria, for example, security privileges.
  • the selection may be made from all users who are registered to use the system, whether they are currently online or not. Then, if one of these users logs in to the system during a time when the subgroup workspace is active, that user may automatically be connected to the subgroup workspace.
  • the dialog box shown in figure 3 provides a list of current participants in the collaboration.
  • there are five members in the collaboration and these members provide a pool from which the subgroup can be selected.
  • the name, initials and IP address of each member is listed, although optionally, either less information or additional information could be shown, e.g. site location, job title, role, etc.
  • the member setting up the subgroup can select one or more of these other members from this list, and the selected members will then share the subgroup workspace.
  • selecting a member results in a highlighting of the member's name, e.g. in a colour associated with the subgroup.
  • any other type of selection display e.g. check boxes, an ordered list, etc, could alternatively be used.
  • the selection may be accepted, for example by clicking on the "OK" button or hitting an appropriate button or key.
  • the limited share subgroup workspace is then started. Only the selected participants can view and interact with documents in the newly created subgroup workspace.
  • the subgroup workspace may be represented as a 'Tile' in the public workspace.
  • FIG 4 is a screenshot showing a public workspace with a public document on the right hand side of the screen, a first "Tile” or window with a subgroup workspace on the bottom left part of the screen, and a second "Tile” or window with a private workspace on the top left part of the screen. All members of the collaboration can view and interact with the public document.
  • the subgroup workspace "Tile" is only displayed to members of the subgroup workspace.
  • the private workspace 'Tile' can be seen only by the user at the local workstation, and is not visible to any remote collaborator. Documents in the private workspace are only seen by the owner of the private workspace and only that person can interact with those documents.
  • Documents in the limited share subgroup workspace can only be seen by members of the subgroup workspace and only those members can interact with those documents.
  • a member of a limited share subgroup workspace interacts with a document in the subgroup workspace for that limited share subgroup, the updates are shown in the relevant subgroup workspace 'Tile'. So, in the example shown in figure 4, if another user moves the document "Limited Share Document" to another position inside the subgroup workspace, then the subgroup workspace 'Tile' is updated to show the new position of the document for all members of the subgroup. This permits users to work in any workspace available to them, and also keep track of what is occurring in the other workspaces available to them.
  • a workspace may be selected as the current workspace. For example, this may be done by clicking on an icon for the subgroup workspace 'Tile' or window. In the example illustrations, this is achieved by selecting a "maximise" icon in the bottom right hand corner of the relevant workspace tile.
  • MyWorkspace the subgroup workspace 'tile' labelled as "MyWorkspace" in figure 4
  • the result is shown in figure 5, in which the main desktop area shows the subgroup workspace, and the public workspace is now shown as a 'Tile' area on the desktop. Documents can be added or deleted from each workspace and documents in the workspaces can be moved and annotated.
  • the public workspace 'Tile' when another user interacts with a 'Tile', the corresponding updates are displayed in the public workspace 'Tile'. In some embodiments, in order to interact with documents in a workspace, then that workspace has to be selected as the current workspace.
  • a variety of methods may be implemented for terminating a limited share subgroup workspace, for example, by choosing a menu option or clicking on a toolbar option.
  • the subgroup workspace 'Tile' has a "close" icon that can be clicked to terminate a subgroup workspace session.
  • a high-resolution central working area is provided for working with documents and a surrounding lower resolution peripheral area of the same scale is provided for parking documents when not in use.
  • Figure 6 shows a screen layout with an example of such an arrangement. This arrangement may be provided within each workspace that is displayed to a user, for example, within the public workspace, and/or separately within one or more subgroup workspaces and/or private workspaces. Alternatively, it may be applied to the screen as a whole, and different areas of the border may represent different groups or subgroups.
  • Security protection may be provided to ensure that information transmitted between collaborators is not intercepted. This may be implemented by transmitting the information in an encrypted form.
  • a technique such as encrypted digital containers, e.g. as implemented in the Thales OBSCURE (Object Based Security) API used in the secure situational awareness tool developed by the present applicant, may be used to provide secure communications and information dissemination.
  • FIG. 7 shows the system architecture of the OBSCURE system for security protection by digital containers, in the form of a block diagram.
  • a first block 100 represents a data producer's computer, and the data producer's computer is connected to a distribution network or networks 160, represented by a cloud.
  • An authorised user's computer represented by a second block 120, is also connected to the distribution network or networks 160.
  • sensitive data is encrypted into digital containers, as indicated by the block labelled as "OBSCURE”, and the encrypted digital containers are transmitted to the authorised user's computer via the distribution network(s).
  • the users credentials are sent to an external authorisation server or servers.
  • the authorisation server checks the user's credentials, and if they are acceptable, it sends a key to the authorised user's computer.
  • the key is used at the authorised user's computer to decrypt the digital containers, making the sensitive data available to the user.
  • the data producer's computer may be a first workstation in a remote collaboration, and the authorised user's computer may be a second workstation in the remote collaboration.
  • Authorisation policies can be used and decryption keys required to allow only specified users access to the information.
  • Data access rights may be adapted as required. For example, data access rights can be set up so that information can be made available for a specified time period to specified users who may not normally have access to it. After the specified time period, these users can no longer decrypt the data, unless new rules are created.
  • FIG. 8 is a block diagram showing the structure of a digital container 300 in an embodiment of the invention.
  • the digital container 300 includes first encrypted content 303 and second encrypted content 304, which may be encrypted with different keys.
  • the digital container also includes sanitised metadata 301 describing the contents of the data, and may include search terms to allow a user to search for information that they require.
  • Authorisation policies 302 are also included in the digital container 300, and security attributes such as
  • classification labels may also be provided.
  • the creation of digital containers may be done at an individual workstation, before sending the digital container to other workstations, servers or other computers.
  • the workstation at which the digital container was created may then provide key
  • a key may be generated using the key information alone, or it may be generated using the key information plus information obtained from the digital container to be decrypted, e.g. including information from the authorisation policy and/or security attributes, etc.
  • a user requesting a key may obtain a key to decode only a particular digital container, without also obtaining access to decode other digital containers generated with the same key information.
  • a remote server may be provided to encrypt and store data, and it may send encrypted documents back to the originating workstation. This remote server may also function as the authorisation server, or it may be separate from the authorisation server.
  • the protected digital containers can be sent or resent over any combination of distribution networks. They can be stored on individual workstations and/or at servers or in databases.
  • the metadata may allow users to search for and retrieve the information that they require. Once data is placed in a digital container, it is protected throughout its lifetime.
  • a new subgroup workspace there may be files associated with the subgroup workspace, and new files may also be added to the subgroup workspace.
  • the files may already be encrypted using digital containers, and they may be automatically sent to other workstations in encrypted form. The other workstations must then obtain a key to decrypt the digital containers in order to view the files, and they will be given suitable permissions to do this as a result of their membership of the subgroup.
  • this request contains the authorisation policies from the digital container as well as the user's credentials (e.g. proof of the user holding a particular role).
  • the user's credentials are checked against the authorisation policies, and if acceptable, the authorisation server generates the appropriate decryption key and returns it to the user.
  • Authorisation policies for content can be written at any level of granularity, allowing much more fine-grained rules to be applied to content than simple classification levels.
  • Data can be protected at any granularity. For example, from large multimedia files down to individual sentences in a document.
  • the distribution architecture scales to multiple organisations through the use of a network of authorisation servers.
  • a particularly useful feature of such a digital container system is that decisions are made centrally, at the authorisation server.
  • authorisation decisions can be made at the time a user wishes to access the content, not when the content is protected and distributed. This separation between secure distribution and centralised access control can be used (depending on the scenario) to enable privileged users to
  • the authorisation policies can be changed on the authorisation server. At the end of the file share period, the authorisation policies may be set back to their original values. Thus, when subgroups are initiated, the policies can be updated to allow subgroup members to access files in the subgroup workspace. However, after termination of a subgroup, the policies may be changed back to their original or previous settings, or otherwise adjusted to reduce or prevent access to the protected data by former subgroup members.
  • viewing rights to a document may be given to some users, and edit rights to other users, for example, by providing all of the users with decryption rights, but providing only some users with the ability to re-encrypt edited files.
  • an access control scheme may be provided for document annotations, so that only authorised users can make annotations or can have their annotations distributed.
  • a digital container with a multi-level key may be used to provide additional security on certain document portions, even within the subgroup.
  • the owner of a subgroup workspace may be able to nominate which users have which type of access rights, in addition to selecting users to be included in the subgroup.
  • the edit rights to a document may include one or both of the right to amend the document, and the right to amend the security settings of the document.
  • portions of a document may be protected to a higher level, preventing viewing rights for some users in the collaboration or in the subgroup.
  • the document may contain information informing the user that this is the case. This allows multi-level security to be implemented within a document and brings the ability to store the document securely with every member of a collaboration.
  • a document stored on a workstation may have various headings or section labels within it, e.g. relating to access rights, such as "commercially restricted”, “UK restricted”, etc.
  • Each section of the unencrypted document may be encrypted separately, according to the access rights defined in the section heading or label, to create an encrypted document that can be provided to everyone in the collaboration.
  • documents in the user's private space are only kept locally and not distributed, documents in the public workspace are automatically distributed to all users in the collaboration, and documents in the subgroup workspace are distributed automatically to other members of the subgroup.
  • a message is sent to the authorisation server to request authorisation details to decrypt the document.
  • the authorisation details are sent by the authorisation server to the user, and used to render the document on the user's desktop.
  • each of the other users in the collaboration may ask the authorisation server for decryption keys.
  • These users may have different images rendered on their desktops, dependent on how much of the document they are allowed to see, and thus able to decrypt.
  • the document may be provided to the desktops of members of the collaboration in a similar manner as a printout is created.
  • a modified file that corresponds to an image is sent.
  • the rendered document on the users' desktops may be annotated in a manner similar to a physical printout.
  • Each user may be able to write or draw on the document, and annotate the image. This may be implemented by adding a separate layer of annotation to the image rather than changing the base image itself.
  • the layer with the user's writing or drawing may be sent to all other users in the collaboration. Multiple users may each add separate layers, to build up multiple annotation layers. These annotation layers may be displayed using characteristics specific to the particular users who created them, e.g.
  • each user may be associated with a different ink colour, font type, or other formatting details, etc.
  • the user's writing or drawing may be stored and transmitted as a set of vectors, i.e. a series of lines representing the pen strokes made by the user.
  • a set of vectors may be superimposed onto a document (e.g. a word document) belonging to another user.
  • the annotation may be colour coded according to which user generated it. Colours may be allocated to each user during the start-up of the collaboration for a public space document, or during the start-up of a subgroup for a subgroup workspace document.
  • the vector annotations are the only way to amend the document, as the users do not have the ability to edit and re-encrypt the document itself.
  • users with suitable authorisation may be able to edit and re-encrypt a document, or create a copy or new version of the document and encrypt it, e.g. using key information which is shared with the authorisation server.
  • the document itself may be opened and edited.
  • bitmaps of each page are transmitted to other users instead of the document source file itself being distributed, if another user wants to modify the document, they may make a request to the document owner.
  • the word processor software or other application software
  • Users making annotations to a document may be notified that they shouldn't annotate the classified parts of a document, unless all other users are entitled to view it.
  • automatic detection of restricted areas of the page is implemented, to either notify users or to prevent annotations from being made or from appearing in this area.
  • the annotations may be encrypted by the authorisation server according to the security settings of the particular area of the document which the annotations were made on, and then distributed to all users, so that only the entitled users will be able to decrypt and view them.
  • warning messages may be displayed to alert the user to the fact that they are effectively publishing the document, and it can't then be unpublished in a completely secure way.
  • delete instructions could be forwarded to all other workstations to automatically delete the copy of the document at these workstations. This would not prevent a user from printing and keeping the document, prior to receiving the delete instruction.
  • the subgroup workspace owner may be able to nominate other subgroup members as co-owners of the subgroup workspace. This may provide these members with rights, e.g. to invite new members to join the subgroup, etc.
  • the subgroup workspace owner may be able to transfer their ownership rights to another member of the group or subgroup, so that they themselves become just an ordinary member of the subgroup.
  • individual members of a subgroup may be able to leave a subgroup without the subgroup being dissolved. They may be able to choose to leave the subgroup, or an authorised user such as the subgroup owner may be able to remove them. If the subgroup owner decides to leave, the subgroup may be dissolved as a result.
  • the subgroup ownership may pass to another person in the subgroup, e.g. by prior agreement or according to a predetermined schedule or procedure.
  • all read or edit rights to documents will be reverted to their previous values.
  • a user may be given access rights for a particular limited time period (e.g. 24 hours), regardless of the duration of the subgroup collaboration, or the time of disbanding of the subgroup. After the end of the time period, the user is denied access to the document. This may be implemented by modification of the authorisation rights, at the authorisation server.
  • a delete instruction for the relevant files and or the relevant decryption keys may be sent to the user's workstation after the nominated period of time. If a subgroup was closed, then any documents that had been in the subgroup workspace could be automatically deleted from the computers of users who were no longer authorised to view them and/or the revealant keys could be automatically deleted.
  • Files may be stored on a central server, and copies sent to each member of a group or subgroup.
  • files may be stored locally on workstations of members of a group or subgroup, and copies sent to other members as required.
  • a user may request a file from a server or from another member of a group or subgroup by clicking on a document shown in the subgroup workspace. After receiving the file, and provided that the user has the correct authorisation key, the user may open the digital container and view the file.
  • FIG. 9 A block diagram of a system according to an embodiment of the invention is shown in figure 9.
  • Three workstations 100, 120 and 140 are shown, labelled as workstations 1, 2, 3, and each is located at a different site, i.e. sites 1, 2 and 3 respectively.
  • Each workstation has a display and user input device, which is not shown in the figure.
  • Each workstation is connected to a computer network 160 such as the Internet, which is represented in the figure as a central cloud. In other embodiments, a different type of network could be used, e.g. a local area network, wide area network or a peer-to-peer network.
  • An authorisation server 180 is also shown connected to the network.
  • This authorisation server receives requests for keys to the digital containers from the workstations, checks if the users at the workstations have sufficient authorisation, and if so, it sends the keys to them.
  • the computing device hosting the authorisation server may also function as an additional user workstation.
  • the documents are stored at the local workstations, e.g. in local document stores.
  • a document may exist only as a single master copy on one workstation, with image data from the document being sent to the other workstations to allow user collaboration.
  • multiple copies of a document may be distributed, and controls may be implemented to indicate a master copy and restrict updating of other copies or to manage the updates.
  • Different sections of the document may be encrypted separately, and different users may have the right to update different sections.
  • Access control for the subgroup workspaces may also carried out locally at the workstations.
  • Each workstation in figure 9 includes an access controller, which maintains a list of users for the shared working environment, and member details for relevant subgroup workspaces.
  • the workstations may exchange access control details as required.
  • access control relating to a subgroup workspace may be implemented only on the workstations which are members of the subgroup workspace, but in other embodiments, a wider group of workstations or all workstations may be updated with this information.
  • Embodiments of the invention may be implemented on a system with an authorisation server and client computers (e.g. workstations). Alternatively, the system may be implemented within a peer-to-peer configuration.
  • an alternative security method may be used.
  • the security may be implemented by access control lists. Other standard implementations are also possible to provide suitable security.
  • the workstations used in the present invention may be fixed terminals, portable terminals or mobile terminals.
  • a standard personal computer with a display and a network connection may be used as a workstation.
  • any other type of computer or electronic computing device may be used as a workstation.
  • Workstations may be provided with any combination of touch sensitive screens, table-top screens, projection screens, handheld screens, etc.
  • the present invention can be implemented in dedicated hardware, using a
  • programmable digital controller suitably programmed, or using a combination of hardware and software.
  • the present invention can be implemented by software or programmable computing apparatus.
  • the code for each process in the methods according to the invention may be modular, or may be arranged in an alternative way to perform the same function.
  • the methods and apparatus according to the invention are applicable to any computer with a network connection.
  • the present invention encompasses a carrier medium carrying machine readable instructions or computer code for controlling a programmable controller, computer or number of computers as the apparatus of the mvention.
  • the carrier medium can comprise any storage medium such as a floppy disk, CD ROM, DVD ROM, hard disk, magnetic tape, or programmable memory device, or a transient medium such as an electrical, optical, microwave, RF, electromagnetic, magnetic or acoustical signal.
  • a signal is an encoded signal carrying a computer code over a communications network, e.g. a TCP/IP signal carrying computer code over an IP network such as the Internet, an intranet, or a local area network.

Abstract

A computer workstation (100) for use in a shared virtual working environment, the shared virtual working environment comprising a plurality of networked computer workstations (100, 120, 140) each having one or more users, the computer workstation (100) comprising: a network interface (105) for communicating with other computer workstations in the shared virtual working environment; a display controller (106) for controlling a display to display a visual representation of the shared virtual working environment; a user interface controller (107) for receiving a user input to define a subgroup of users in the shared virtual working environment; and a subgroup controller (102) for setting up a subgroup workspace in the shared virtual working environment, the subgroup workspace being accessible only to said subgroup of users, and for enabling sharing of files or data allocated to the subgroup with other users in the subgroup.

Description

A Method and System for Providing a Collaborative Working Environment
The present invention relates to shared workspaces in computer networks.
With the increasing pace of globalisation in recent years, many groups and teams are becoming split between different sites and different countries. Travel between sites is expensive in terms of money, time, stress and impact on the environment. To address this issue, there has been an increasing demand for remote collaborative work environments, implemented over computer networks. These collaborative work environments can provide shared workspaces, where groups of users at different locations can collaborate with each other to share documents, while appropriate security measures are implemented to prevent access by outsiders.
A collaborative work environment previously developed by the present applicant is the nuVa (TM) system, which provides a hands-on, user centric collaborative work environment in the form of a software Graphical User Interface (GUI). This enables split-site teams to work effectively and hold multi-way meetings, securely and in real time. In the nuVa (TM) system, users are immersed in a real-time digital representation of a desk-top working environment that mimics a real world "round-table" working situation. A group of users can sit around a shared nuVa (TM) desk in a single room to collaborate securely with other individual users or groups of users in remotely located rooms or locations. The nuVa (TM) system allows user input devices such as pens to be used by multiple users at the same desk, to facilitate group collaboration. Any kind of electronic media, e.g. documents, photographs, CAD drawings, etc, can be
collaboratively viewed and annotated.
The present inventors have devised improvements to such shared workspaces and shared working environments.
One aspect of the present invention provides a method and system for running a shared working environment for users on a plurality of networked computers, the system comprising: selection means for selecting a subgroup of users for display of restricted materials; access control means for maintaining details of users of the shared working environment, and details of user subgroups; display means for generating a display signal to represent a shared workspace for a particular subgroup of users; and secure connection means for allowing users in said particular subgroup to receive said signal and to use said shared workspace.
A further aspect of the invention provides a computer workstation for use in a shared virtual working environment, the shared virtual working environment comprising a plurality of networked computer workstations each having one or more users, the computer workstation comprising: a network interface for communicating with other computer workstations in the shared virtual working environment; a display controller for controlling a display to display a visual representation of the shared virtual working environment; a user interface controller for receiving a user input to define a subgroup of users in the shared virtual working environment; and a subgroup controller for setting up a subgroup workspace in the shared virtual working environment, the subgroup workspace being accessible only to said subgroup of users, and for enabling sharing of files or data allocated to the subgroup with other users in the subgroup.
The visual representation of the shared virtual working environment may be a shared virtual desktop. The display controller may be configured to display the subgroup workspace as a tile or other area on the shared virtual desktop.
The display controller may be configured to display a private workspace area of a user of the workstation as a tile or other area on the shared virtual desktop. The display controller may be configured to display a public workspace area that is accessible to all users of the shared virtual working environment as a tile or other area on the shared virtual desktop. The display controller may be configured to use colour coding to indicate different workspace areas with different user access permissions in the visual representation of the shared virtual working environment. The user interface controller may be configured to receive a user input corresponding to annotations on a shared document, to save the annotations as an overlay for the document, and to send the overlay to other users in the subgroup.
The display controller may be configured to display a high resolution screen area for display of documents, and a low resolution screen area for the parking of documents. The low resolution area is located at the periphery of the high resolution area or in a separate window to the high resolution area.
At least some of the files or data allocated to the subgroup may be in an encrypted format and may be stored in secure digital containers. The digital containers may use multiple security levels to allow different levels of access to different users.
The workstation may be configured to share key information for generating a decryption key for the digital containers with an authorisation server, to allow the authorisation server to distribute the decryption key to other users who have authorisation to decrypt the digital containers. The subgroup controller may be configured to send information on users in a subgroup to the authorisation server, to enable the users in the subgroup to be authorised to receive a decryption key from the authorisation server for encrypted files allocated to the subgroup.
Embodiments of the invention may be implemented by software as a Graphical User Interface (GUI), for example, as an upgrade to the above-described nuVa (TM) system.
Embodiments of the present invention will now be described, by way of example only, with reference to the accompanying drawings, in which:
Figure 1 is a block diagram of a computer workstation in an embodiment of the invention;
Figure 2 is a flowchart showing a process according to an embodiment of the invention; Figure 3 is a screenshot showing a dialog box for inviting users to a workspace;
Figure 4 is a screenshot showing an example of a public shared desktop with an opened public document and tiles having private and subgroup workspaces;
Figure 5 is a screenshot showing a subgroup workspace desktop with an opened limited share document and a public workspace tile area;
Figure 6 is an example screen layout showing a central high resolution working area for viewing documents, and a peripheral lower resolution area used as a document park;
Figure 7 is a block diagram showing the system architecture of the OBSCURE system for security protection by digital containers;
Figure 8 is a block diagram showing the structure of a digital container for data encryption in an embodiment of the invention; and
Figure 9 is a block diagram showing a system with multiple workstations and an authorisation server, according to an embodiment of the invention.
In embodiments of the invention, computers at several remote sites can connect together and form a remote collaboration sharing a common collaborative desktop. One or more computers at each site joins in the remote collaboration, providing a number of workstations in the remote collaboration. Each of these workstations may be suitable for use by a single user, or a plurality of users.
An example of a workstation according to an embodiment of the invention is shown in figure 1. The workstation 100 includes a document store 101 for local storage of documents, a network interface 105, an access controller 102 for maintaining a list 103 of users of the remote collaboration and details 104 of subgroups defined within the remote collaboration, a display controller 106 for controlling a display and a user interface controller 107 for receiving user input data. In other embodiments, the access controller may be located at a remote server or other computer, instead of at the workstation.
The workstation 100 is shown as connected to a touchscreen 110, which provides a graphical display of the remote collaboration environment, and provides a user input device to open and annotate documents. The touchscreen may be provided as a tabletop touchscreen that mimics a real work desk. In other embodiments, separate displays and input devices may be used. In another example, a screen may be used with light sensitive pen-type or pointer-type user interface devices. On the screen 1 10, two files 1 15 and 1 16 are shown as open. A first user may use a first user input device 1 1 1 such as a pen, stylus, wand, mouse, trackerball, etc, to annotate one of the open files 115. A second user may use a second user input device 1 12 of any type to annotate the same open file 115 or a different file 1 16. The two user input devices 1 11 , 112 may result in differently coloured annotations on the files, so that it is clear which user has made which annotation. Some other files 1 17 are shown on the display in a minimised format, and these are currently not open. Either of the first and second user may open any of these files and annotate them. In other embodiments, only a single user, or more than two users may be set up to use the workstation at the same time.
The workstation 100 is connected to other workstations via the network interface 105 and a network connection, to form a remote collaboration with other workstations.
In one embodiment, all workstations in the remote collaboration initially display a common shared desktop. At any time, any member of the remote collaboration may set up a private workspace, which only that member can view. That member can then choose to share that private workspace and associated documents with a subset of the other members in the collaboration, so that only this subset of members will be able to view and interact with the documents in the limited share workspace. The private workspace then effectively becomes a subgroup workspace. Alternatively, instead of being connected from a private workspace, a subgroup workspace may be created as a new workspace. The subgroup workspace may be presented as an area of the desktop containing documents that only a subset of remote collaborators can view and interact with. Each member of the subset of the collaboration is provided with a representation of the subgroup workspace on their desktop. Documents can be added to the subgroup workspace by any collaborator that has visibility of it and the documents will only be visible to members of the subgroup workspace. Any interaction with documents or data in the subgroup workspace, such as annotations on a document, is configured as being only visible to members of that subgroup workspace. This models what may occur in a real meeting where a printed document is only shared among a subset of people at a meeting and allows commercially sensitive information to be shared only amongst trusted users.
In some embodiments, workstations in the remote collaboration may be set up to initially display both a private and a public workspace. The private workspace may provide access to local files and data on the workstation, and may be kept private from other members of the collaboration. A member of the remote collaboration may choose to share their default private workspace with one or more other member, and/or they may set up a subgroup workspace for sharing with other members, which is used for just a limited set of files, data or links. The workstation may be configured to allow a member to move or create files, data or links into or out of one or more of the private workspace, subgroup workspace and public workspace.
In some embodiments, a plurality of further private workspaces may be created as required. For example, one private workspace may be created and shared with members in a first subgroup, and another private workspace may be created and shared with other members in a second subgroup.
Figure 2 is a flowchart showing a process of setting up and utilisation of a subgroup workspace, according to an embodiment of the invention. The process starts at step S201. At step S202, a number of workstations communicate with each other to set up a common shared subgroup workspace for members of the remote collaboration.
When a member of the remote collaboration initiates a subgroup workspace, that member may choose which other members in the collaboration are authorised to see the information that will appear in the subgroup workspace. This is shown at step S203. Then, at step S204, the selected members are given access to the subgroup workspace, and are able to view it, e.g. as a tile or other area on their desktop. At step S205, another user places one or more documents in the subgroup workspace, giving the other members of the subgroup workspace access to read and edit this document, thus allowing document sharing. At step S206, in response to a user in the subgroup making an annotation on one of the shared documents, the annotation is transmitted to and made visible to other users in the subgroup workspace.
In some embodiments, subgroups may be set up using existing predetermined lists of subgroup members, e.g. relating to particular committees, teams, or other organisational structures. Members of the collaboration may be able to initiate such a predetermined subgroup, by selecting an option to initiate it rather than having to individually specify all the members. This initiation option may be restricted to any member of the list, or to particular nominated members.
In some embodiments, subgroups may be limited to members of the collaboration who are currently online. Even if a predetermined list of members was used to initiate a subgroup, only members within the list who were currently logged in would be allowed access. In alternative embodiments, subgroups may be set up to include members who were not currently online or logged on to the remote collaboration system. If these members did log on during the time in which the subgroup was active, they may be automatically connected to the subgroup, and given access to the shared documents. A tile or window may be automatically opened on their desktop to indicate to them that they had access to the subgroup workspace.
The screen layout of the collaborative environment may take a number of forms, but one example is shown in figures 3 to 5. Figure 3 shows a screenshot of a dialog box provided to allow a member of a remote collaboration to define a new subgroup by selecting individual users from a list of all users who are currently in the remote collaboration. Alternatively, the list that is shown may be restricted according to predetermined conditions or criteria, for example, security privileges. In another embodiment, the selection may be made from all users who are registered to use the system, whether they are currently online or not. Then, if one of these users logs in to the system during a time when the subgroup workspace is active, that user may automatically be connected to the subgroup workspace.
The dialog box shown in figure 3 provides a list of current participants in the collaboration. In this case, there are five members in the collaboration, and these members provide a pool from which the subgroup can be selected. The name, initials and IP address of each member is listed, although optionally, either less information or additional information could be shown, e.g. site location, job title, role, etc. The member setting up the subgroup can select one or more of these other members from this list, and the selected members will then share the subgroup workspace. In this example, selecting a member results in a highlighting of the member's name, e.g. in a colour associated with the subgroup. However, any other type of selection display, e.g. check boxes, an ordered list, etc, could alternatively be used. The selection may be accepted, for example by clicking on the "OK" button or hitting an appropriate button or key. The limited share subgroup workspace is then started. Only the selected participants can view and interact with documents in the newly created subgroup workspace.
The subgroup workspace may be represented as a 'Tile' in the public workspace. An example is shown in figure 4, which is a screenshot showing a public workspace with a public document on the right hand side of the screen, a first "Tile" or window with a subgroup workspace on the bottom left part of the screen, and a second "Tile" or window with a private workspace on the top left part of the screen. All members of the collaboration can view and interact with the public document. The subgroup workspace "Tile" is only displayed to members of the subgroup workspace. The private workspace 'Tile' can be seen only by the user at the local workstation, and is not visible to any remote collaborator. Documents in the private workspace are only seen by the owner of the private workspace and only that person can interact with those documents.
Documents in the limited share subgroup workspace can only be seen by members of the subgroup workspace and only those members can interact with those documents. When a member of a limited share subgroup workspace interacts with a document in the subgroup workspace for that limited share subgroup, the updates are shown in the relevant subgroup workspace 'Tile'. So, in the example shown in figure 4, if another user moves the document "Limited Share Document" to another position inside the subgroup workspace, then the subgroup workspace 'Tile' is updated to show the new position of the document for all members of the subgroup. This permits users to work in any workspace available to them, and also keep track of what is occurring in the other workspaces available to them.
In some embodiments, a workspace may be selected as the current workspace. For example, this may be done by clicking on an icon for the subgroup workspace 'Tile' or window. In the example illustrations, this is achieved by selecting a "maximise" icon in the bottom right hand corner of the relevant workspace tile. When applied to the subgroup workspace 'tile' labelled as "MyWorkspace" in figure 4, the result is shown in figure 5, in which the main desktop area shows the subgroup workspace, and the public workspace is now shown as a 'Tile' area on the desktop. Documents can be added or deleted from each workspace and documents in the workspaces can be moved and annotated. Within the public workspace 'Tile', when another user interacts with a 'Tile', the corresponding updates are displayed in the public workspace 'Tile'. In some embodiments, in order to interact with documents in a workspace, then that workspace has to be selected as the current workspace.
A variety of methods may be implemented for terminating a limited share subgroup workspace, for example, by choosing a menu option or clicking on a toolbar option. In figure 4, the subgroup workspace 'Tile' has a "close" icon that can be clicked to terminate a subgroup workspace session.
In some embodiments of the invention, a high-resolution central working area is provided for working with documents and a surrounding lower resolution peripheral area of the same scale is provided for parking documents when not in use. Figure 6 shows a screen layout with an example of such an arrangement. This arrangement may be provided within each workspace that is displayed to a user, for example, within the public workspace, and/or separately within one or more subgroup workspaces and/or private workspaces. Alternatively, it may be applied to the screen as a whole, and different areas of the border may represent different groups or subgroups.
Security protection may be provided to ensure that information transmitted between collaborators is not intercepted. This may be implemented by transmitting the information in an encrypted form. A technique such as encrypted digital containers, e.g. as implemented in the Thales OBSCURE (Object Based Security) API used in the secure situational awareness tool developed by the present applicant, may be used to provide secure communications and information dissemination.
Figure 7 shows the system architecture of the OBSCURE system for security protection by digital containers, in the form of a block diagram. A first block 100 represents a data producer's computer, and the data producer's computer is connected to a distribution network or networks 160, represented by a cloud. An authorised user's computer, represented by a second block 120, is also connected to the distribution network or networks 160. At the data producer's computer, sensitive data is encrypted into digital containers, as indicated by the block labelled as "OBSCURE", and the encrypted digital containers are transmitted to the authorised user's computer via the distribution network(s). At the authorised user's computer, the users credentials are sent to an external authorisation server or servers. The authorisation server checks the user's credentials, and if they are acceptable, it sends a key to the authorised user's computer. The key is used at the authorised user's computer to decrypt the digital containers, making the sensitive data available to the user. The data producer's computer may be a first workstation in a remote collaboration, and the authorised user's computer may be a second workstation in the remote collaboration.
The use of digital containers for data security works by applying protection to the information itself, rather than to the underlying communications infrastructure.
Authorisation policies can be used and decryption keys required to allow only specified users access to the information. Data access rights may be adapted as required. For example, data access rights can be set up so that information can be made available for a specified time period to specified users who may not normally have access to it. After the specified time period, these users can no longer decrypt the data, unless new rules are created.
To form digital containers, data producers may encrypt their data, and then append metadata describing the contents of the data and append authorisation policies (rules) relating to the rights required to decrypt the data. Figure 8 is a block diagram showing the structure of a digital container 300 in an embodiment of the invention. The digital container 300 includes first encrypted content 303 and second encrypted content 304, which may be encrypted with different keys. The digital container also includes sanitised metadata 301 describing the contents of the data, and may include search terms to allow a user to search for information that they require. Authorisation policies 302 are also included in the digital container 300, and security attributes such as
classification labels may also be provided.
The creation of digital containers may be done at an individual workstation, before sending the digital container to other workstations, servers or other computers. The workstation at which the digital container was created may then provide key
information to an authorisation server, to allow the authorisation server to generate decryption keys and send the keys to authorised users. A key may be generated using the key information alone, or it may be generated using the key information plus information obtained from the digital container to be decrypted, e.g. including information from the authorisation policy and/or security attributes, etc. Thus, a user requesting a key may obtain a key to decode only a particular digital container, without also obtaining access to decode other digital containers generated with the same key information. In other embodiments, a remote server may be provided to encrypt and store data, and it may send encrypted documents back to the originating workstation. This remote server may also function as the authorisation server, or it may be separate from the authorisation server. The protected digital containers can be sent or resent over any combination of distribution networks. They can be stored on individual workstations and/or at servers or in databases. The metadata may allow users to search for and retrieve the information that they require. Once data is placed in a digital container, it is protected throughout its lifetime.
When a new subgroup workspace is created in embodiments of the invention, there may be files associated with the subgroup workspace, and new files may also be added to the subgroup workspace. The files may already be encrypted using digital containers, and they may be automatically sent to other workstations in encrypted form. The other workstations must then obtain a key to decrypt the digital containers in order to view the files, and they will be given suitable permissions to do this as a result of their membership of the subgroup.
Once a user has obtained a particular digital container, the user sends an authenticated request for the decryption key to the authorisation server. In some embodiments, this request contains the authorisation policies from the digital container as well as the user's credentials (e.g. proof of the user holding a particular role). At the authorisation server, the user's credentials are checked against the authorisation policies, and if acceptable, the authorisation server generates the appropriate decryption key and returns it to the user.
The use of digital containers to protect the data has the following advantages:
• Lifetime protection of data. In addition, authorisation policies persist with data, making misuse or inappropriate release much harder.
• By protecting data rather than infrastructure, multiple organisations can securely share data without the current problems of connecting different organisations' secure networks.
• Authorisation policies for content can be written at any level of granularity, allowing much more fine-grained rules to be applied to content than simple classification levels. • Data can be protected at any granularity. For example, from large multimedia files down to individual sentences in a document.
• It is simple to add new users. Once the new user has been provided with their credentials, they will automatically be able to access all appropriate content via the authorisation server.
• The distribution architecture scales to multiple organisations through the use of a network of authorisation servers.
• The solution can be implemented with minor modifications to current
technologies, and is heavily based on existing standards.
A particularly useful feature of such a digital container system is that decisions are made centrally, at the authorisation server. In addition, authorisation decisions can be made at the time a user wishes to access the content, not when the content is protected and distributed. This separation between secure distribution and centralised access control can be used (depending on the scenario) to enable privileged users to
dynamically change policies according to changing context. It can also allow time-based policies to be easily enforced.
When a file is to be temporarily made available to others, the authorisation policies can be changed on the authorisation server. At the end of the file share period, the authorisation policies may be set back to their original values. Thus, when subgroups are initiated, the policies can be updated to allow subgroup members to access files in the subgroup workspace. However, after termination of a subgroup, the policies may be changed back to their original or previous settings, or otherwise adjusted to reduce or prevent access to the protected data by former subgroup members.
In some embodiments, viewing rights to a document may be given to some users, and edit rights to other users, for example, by providing all of the users with decryption rights, but providing only some users with the ability to re-encrypt edited files.
Alternatively, an access control scheme may be provided for document annotations, so that only authorised users can make annotations or can have their annotations distributed.
A digital container with a multi-level key may be used to provide additional security on certain document portions, even within the subgroup. The owner of a subgroup workspace may be able to nominate which users have which type of access rights, in addition to selecting users to be included in the subgroup. The edit rights to a document may include one or both of the right to amend the document, and the right to amend the security settings of the document.
In some embodiments, portions of a document may be protected to a higher level, preventing viewing rights for some users in the collaboration or in the subgroup. The document may contain information informing the user that this is the case. This allows multi-level security to be implemented within a document and brings the ability to store the document securely with every member of a collaboration.
For example, a document stored on a workstation may have various headings or section labels within it, e.g. relating to access rights, such as "commercially restricted", "UK restricted", etc. Each section of the unencrypted document may be encrypted separately, according to the access rights defined in the section heading or label, to create an encrypted document that can be provided to everyone in the collaboration.
In one embodiment, documents in the user's private space are only kept locally and not distributed, documents in the public workspace are automatically distributed to all users in the collaboration, and documents in the subgroup workspace are distributed automatically to other members of the subgroup.
When another user loads the document onto their desktop, a message is sent to the authorisation server to request authorisation details to decrypt the document. The authorisation details, according to the user's level of security clearance, are sent by the authorisation server to the user, and used to render the document on the user's desktop. Similarly, each of the other users in the collaboration may ask the authorisation server for decryption keys. These users may have different images rendered on their desktops, dependent on how much of the document they are allowed to see, and thus able to decrypt.
The document may be provided to the desktops of members of the collaboration in a similar manner as a printout is created. Thus instead of the original document file structure being sent, a modified file that corresponds to an image is sent. The rendered document on the users' desktops may be annotated in a manner similar to a physical printout. Each user may be able to write or draw on the document, and annotate the image. This may be implemented by adding a separate layer of annotation to the image rather than changing the base image itself. The layer with the user's writing or drawing may be sent to all other users in the collaboration. Multiple users may each add separate layers, to build up multiple annotation layers. These annotation layers may be displayed using characteristics specific to the particular users who created them, e.g. each user may be associated with a different ink colour, font type, or other formatting details, etc. The user's writing or drawing may be stored and transmitted as a set of vectors, i.e. a series of lines representing the pen strokes made by the user. For example, a set of vectors may be superimposed onto a document (e.g. a word document) belonging to another user. The annotation may be colour coded according to which user generated it. Colours may be allocated to each user during the start-up of the collaboration for a public space document, or during the start-up of a subgroup for a subgroup workspace document.
In some embodiments, for a secure document, the vector annotations are the only way to amend the document, as the users do not have the ability to edit and re-encrypt the document itself. In other embodiments, users with suitable authorisation may be able to edit and re-encrypt a document, or create a copy or new version of the document and encrypt it, e.g. using key information which is shared with the authorisation server.
For a non-secure document, the document itself may be opened and edited. In some implementations, where bitmaps of each page are transmitted to other users instead of the document source file itself being distributed, if another user wants to modify the document, they may make a request to the document owner. Thus, only one version of the word processor software (or other application software) is running and everyone else just has an image of this application software. Moving the mouse or pointer, or pressing a button on the user interface, etc, may send a message back to the real version of the application software, which creates the update.
Users making annotations to a document may be notified that they shouldn't annotate the classified parts of a document, unless all other users are entitled to view it. In one embodiment, automatic detection of restricted areas of the page is implemented, to either notify users or to prevent annotations from being made or from appearing in this area. In a further embodiment, the annotations may be encrypted by the authorisation server according to the security settings of the particular area of the document which the annotations were made on, and then distributed to all users, so that only the entitled users will be able to decrypt and view them.
If a user attempts to change the authorisation level of a document, e.g. by moving it from a private area to a public area, warning messages may be displayed to alert the user to the fact that they are effectively publishing the document, and it can't then be unpublished in a completely secure way. However, if the user did chose to unpublish or delete the document, delete instructions could be forwarded to all other workstations to automatically delete the copy of the document at these workstations. This would not prevent a user from printing and keeping the document, prior to receiving the delete instruction.
In some embodiments, the subgroup workspace owner may be able to nominate other subgroup members as co-owners of the subgroup workspace. This may provide these members with rights, e.g. to invite new members to join the subgroup, etc. In some embodiments, the subgroup workspace owner may be able to transfer their ownership rights to another member of the group or subgroup, so that they themselves become just an ordinary member of the subgroup. In some embodiments, individual members of a subgroup may be able to leave a subgroup without the subgroup being dissolved. They may be able to choose to leave the subgroup, or an authorised user such as the subgroup owner may be able to remove them. If the subgroup owner decides to leave, the subgroup may be dissolved as a result. Alternatively, the subgroup ownership may pass to another person in the subgroup, e.g. by prior agreement or according to a predetermined schedule or procedure. In some embodiments, after a subgroup is terminated, all read or edit rights to documents will be reverted to their previous values.
In some circumstances, it may be necessary for all users to be able to view a particular file in the public space, but only certain users to be able to view annotations or comments or amendments to that file. In that case, one or more further copies of the file may be made, and amended as required while the first copy is left unamended.
If a user in the subgroup tries to move a document off the subgroup tile, then they will only succeed if they have access rights to modify the security settings of the document.
In some embodiments, a user may be given access rights for a particular limited time period (e.g. 24 hours), regardless of the duration of the subgroup collaboration, or the time of disbanding of the subgroup. After the end of the time period, the user is denied access to the document. This may be implemented by modification of the authorisation rights, at the authorisation server. A delete instruction for the relevant files and or the relevant decryption keys may be sent to the user's workstation after the nominated period of time. If a subgroup was closed, then any documents that had been in the subgroup workspace could be automatically deleted from the computers of users who were no longer authorised to view them and/or the revelant keys could be automatically deleted.
Files may be stored on a central server, and copies sent to each member of a group or subgroup. Alternatively, files may be stored locally on workstations of members of a group or subgroup, and copies sent to other members as required. A user may request a file from a server or from another member of a group or subgroup by clicking on a document shown in the subgroup workspace. After receiving the file, and provided that the user has the correct authorisation key, the user may open the digital container and view the file.
A block diagram of a system according to an embodiment of the invention is shown in figure 9. Three workstations 100, 120 and 140 are shown, labelled as workstations 1, 2, 3, and each is located at a different site, i.e. sites 1, 2 and 3 respectively. Each workstation has a display and user input device, which is not shown in the figure. Each workstation is connected to a computer network 160 such as the Internet, which is represented in the figure as a central cloud. In other embodiments, a different type of network could be used, e.g. a local area network, wide area network or a peer-to-peer network. An authorisation server 180 is also shown connected to the network. This authorisation server receives requests for keys to the digital containers from the workstations, checks if the users at the workstations have sufficient authorisation, and if so, it sends the keys to them. In some embodiments, the computing device hosting the authorisation server may also function as an additional user workstation.
In the embodiment of figure 9, the documents are stored at the local workstations, e.g. in local document stores. A document may exist only as a single master copy on one workstation, with image data from the document being sent to the other workstations to allow user collaboration. Alternatively, multiple copies of a document may be distributed, and controls may be implemented to indicate a master copy and restrict updating of other copies or to manage the updates. Different sections of the document may be encrypted separately, and different users may have the right to update different sections.
Access control for the subgroup workspaces may also carried out locally at the workstations. Each workstation in figure 9 includes an access controller, which maintains a list of users for the shared working environment, and member details for relevant subgroup workspaces. The workstations may exchange access control details as required. In some embodiments, access control relating to a subgroup workspace may be implemented only on the workstations which are members of the subgroup workspace, but in other embodiments, a wider group of workstations or all workstations may be updated with this information.
Embodiments of the invention may be implemented on a system with an authorisation server and client computers (e.g. workstations). Alternatively, the system may be implemented within a peer-to-peer configuration.
In further embodiments of the invention, instead of digital containers being used to protect the data, an alternative security method may be used. For example, in one embodiment, the security may be implemented by access control lists. Other standard implementations are also possible to provide suitable security.
The workstations used in the present invention may be fixed terminals, portable terminals or mobile terminals. A standard personal computer with a display and a network connection may be used as a workstation. Alternatively, any other type of computer or electronic computing device may be used as a workstation. Workstations may be provided with any combination of touch sensitive screens, table-top screens, projection screens, handheld screens, etc.
The present invention can be implemented in dedicated hardware, using a
programmable digital controller suitably programmed, or using a combination of hardware and software.
Alternatively, the present invention can be implemented by software or programmable computing apparatus. This includes any computer, including PDAs (personal digital assistants), mobile phones, etc. The code for each process in the methods according to the invention may be modular, or may be arranged in an alternative way to perform the same function. The methods and apparatus according to the invention are applicable to any computer with a network connection. Thus the present invention encompasses a carrier medium carrying machine readable instructions or computer code for controlling a programmable controller, computer or number of computers as the apparatus of the mvention. The carrier medium can comprise any storage medium such as a floppy disk, CD ROM, DVD ROM, hard disk, magnetic tape, or programmable memory device, or a transient medium such as an electrical, optical, microwave, RF, electromagnetic, magnetic or acoustical signal. An example of such a signal is an encoded signal carrying a computer code over a communications network, e.g. a TCP/IP signal carrying computer code over an IP network such as the Internet, an intranet, or a local area network.
While the invention has been described in terms of what are at present its preferred embodiments, it will be apparent to those skilled in the art that various changes can be made to the preferred embodiments without departing from the scope of the invention, which is defined by the claims.

Claims

CLAIMS:
1. A computer workstation for use in a shared virtual working environment, the shared virtual working environment comprising a plurality of networked computer workstations each having one or more users, the computer workstation comprising: a network interface for communicating with other computer workstations in the shared virtual working environment;
a display controller for controlling a display to display a visual representation of the shared virtual working environment;
a user interface controller for receiving a user input to define a subgroup of users in the shared virtual working environment; and
a subgroup controller for setting up a subgroup workspace in the shared virtual working environment, the subgroup workspace being accessible only to said subgroup of users, and for enabling sharing of files or data allocated to the subgroup with other users in the subgroup.
2. The computer workstation of claim 1 , wherein the visual representation of the shared virtual working environment comprises a shared virtual desktop.
3. The computer workstation of claim 2, wherein the display controller is configured to display the subgroup workspace as a tile or other area on the shared virtual desktop.
4. The computer workstation of claim 2 or claim 3, wherein the display controller is configured to display a private workspace area of a user of the workstation as a tile or other area on the shared virtual desktop.
5. The computer workstation of any one of claims 2 to 4, wherein the display controller is configured to display a public workspace area that is accessible to all users of the shared virtual working environment as a tile or other area on the shared virtual desktop.
6. The computer workstation of any previous claim, wherein the display controller is configured to use colour coding to indicate different workspace areas with different user access permissions in the visual representation of the shared virtual working environment.
7. The computer workstation of any previous claim, wherein the user interface controller is configured to receive a user input corresponding to annotations on a shared document, to save the annotations as an overlay for the document, and to send the overlay to other users in the subgroup.
8. The computer workstation of any previous claim, wherein the display controller is configured to display a high resolution screen area for display of documents, and a low resolution screen area for the parking of documents.
9. The computer workstation of claim 8, wherein the low resolution area is located at the periphery of the high resolution area.
10. The computer workstation of claim 8, wherein the low resolution area is located in a separate window to the high resolution area.
11. The computer workstation of any previous claim, wherein at least some of the files or data allocated to the subgroup are in an encrypted format and are stored in secure digital containers.
12. The computer workstation of claim 11 , where the digital containers use multiple security levels to allow different levels of access to different users.
13. The computer workstation of claim 11 or claim 12, configured to share key information for generating a decryption key for the digital containers with an authorisation server, to allow the authorisation server to distribute the decryption key to other users who have authorisation to decrypt the digital containers.
14. The computer workstation of claim 13, wherein the subgroup controller is configured to send information on users in a subgroup to said authorisation server, to enable the users in the subgroup to be authorised to receive a decryption key from the authorisation server for encrypted files allocated to the subgroup.
15. A system for running a shared virtual working environment for users on a plurality of networked computer workstations, the system comprising:
a plurality of computer workstations, each workstation comprising
a network interface for communicating with other computer workstations in the shared virtual working environment;
a display controller for controlling a display to display a visual representation of the shared virtual working environment;
a user interface controller for receiving a user input to define a subgroup of users in the shared virtual working environment; and
the system further comprising a subgroup controller for setting up a subgroup workspace in the shared virtual working environment, the subgroup workspace being accessible only to said subgroup of users, and for enabling sharing of files or data allocated to the subgroup with other users in the subgroup.
16. An access controller for use with a plurality of workstations in a shared virtual working environment, the subgroup controller comprising:
a network interface for communicating with workstations in the shared virtual working environment;
a data store for storing details of users in the shared virtual working
environment; and
a subgroup controller for setting up subgroup workspaces in the shared virtual working environment, a subgroup workspace being accessible only to a nominated subgroup of users, and for enabling sharing of files or data allocated to the subgroup with other users in the subgroup.
17. A method of running a shared virtual working environment for users on a plurality of networked computer workstations, the method comprising: connecting a computer workstation to other computer workstations to form a shared working environment via a computer network;
controlling a display to display a visual representation of the shared virtual working environment;
receiving a user input to define a subgroup of users in the shared virtual working environment;
setting up a subgroup workspace in the shared virtual working environment, the subgroup workspace being accessible only to said subgroup of users, and
enabling sharing of files or data allocated to the subgroup with other users in the subgroup.
18. The method of claim 17, wherein the access control means is implemented to protect data by means of secure digital containers.
19. The method of claim 17 or claim 18, further comprising:
displaying a high resolution area for display of documents, and
displaying a low resolution area for parking of documents.
20. A carrier medium carrying computer readable code for configuring a computer as the apparatus of any one of claims 1 to 16.
21. A carrier medium carrying computer readable code for controlling a computer to carry out the method of any one of claims 17 to 19.
PCT/GB2011/000092 2010-02-11 2011-01-25 A method and system for providing a collaborative working environment WO2011098749A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB1002332.3 2010-02-11
GB1002332A GB2477762A (en) 2010-02-11 2010-02-11 Collaborative working environment with defined subgroup of users.

Publications (2)

Publication Number Publication Date
WO2011098749A2 true WO2011098749A2 (en) 2011-08-18
WO2011098749A3 WO2011098749A3 (en) 2011-11-24

Family

ID=42110576

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB2011/000092 WO2011098749A2 (en) 2010-02-11 2011-01-25 A method and system for providing a collaborative working environment

Country Status (2)

Country Link
GB (1) GB2477762A (en)
WO (1) WO2011098749A2 (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9684799B2 (en) 2015-05-01 2017-06-20 International Business Machines Corporation Audience-based sensitive information handling for shared collaborative documents
US10380081B2 (en) 2017-03-31 2019-08-13 Microsoft Technology Licensing, Llc Pre-building containers
US10511553B2 (en) 2013-12-30 2019-12-17 International Business Machines Corporation Pass through sharing of resources
US10592689B2 (en) 2016-10-20 2020-03-17 Microsoft Technology Licensing, Llc Selective container use for device usage sessions
CN113360775A (en) * 2015-03-23 2021-09-07 卓普网盘股份有限公司 Integrated workspace supporting shared folders
WO2021183976A1 (en) * 2020-03-12 2021-09-16 Haworth, Inc. User experience container level identity federation and content security

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6564246B1 (en) * 1999-02-02 2003-05-13 International Business Machines Corporation Shared and independent views of shared workspace for real-time collaboration
US20090055483A1 (en) * 2007-08-20 2009-02-26 Rooma Madan Enhanced Collaboration in Instant Messaging
US20090234721A1 (en) * 2007-12-21 2009-09-17 Bigelow David H Persistent collaborative on-line meeting space
US8473851B2 (en) * 2008-02-27 2013-06-25 Cisco Technology, Inc. Multi-party virtual desktop
US9824333B2 (en) * 2008-02-29 2017-11-21 Microsoft Technology Licensing, Llc Collaborative management of activities occurring during the lifecycle of a meeting
US8464161B2 (en) * 2008-06-10 2013-06-11 Microsoft Corporation Managing permissions in a collaborative workspace

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
None

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10511553B2 (en) 2013-12-30 2019-12-17 International Business Machines Corporation Pass through sharing of resources
US11362971B2 (en) 2013-12-30 2022-06-14 International Business Machines Corporation Pass through sharing of resources
CN113360775A (en) * 2015-03-23 2021-09-07 卓普网盘股份有限公司 Integrated workspace supporting shared folders
US9684799B2 (en) 2015-05-01 2017-06-20 International Business Machines Corporation Audience-based sensitive information handling for shared collaborative documents
US9684798B2 (en) 2015-05-01 2017-06-20 International Business Machines Corporation Audience-based sensitive information handling for shared collaborative documents
US9824237B2 (en) 2015-05-01 2017-11-21 International Business Machines Corporation Audience-based sensitive information handling for shared collaborative documents
US9830477B2 (en) 2015-05-01 2017-11-28 International Business Machines Corporation Audience-based sensitive information handling for shared collaborative documents
US10592689B2 (en) 2016-10-20 2020-03-17 Microsoft Technology Licensing, Llc Selective container use for device usage sessions
US10380081B2 (en) 2017-03-31 2019-08-13 Microsoft Technology Licensing, Llc Pre-building containers
WO2021183976A1 (en) * 2020-03-12 2021-09-16 Haworth, Inc. User experience container level identity federation and content security

Also Published As

Publication number Publication date
GB2477762A (en) 2011-08-17
GB201002332D0 (en) 2010-03-31
WO2011098749A3 (en) 2011-11-24

Similar Documents

Publication Publication Date Title
US10356095B2 (en) Email effectivity facilty in a networked secure collaborative exchange environment
US10346937B2 (en) Litigation support in cloud-hosted file sharing and collaboration
US20180307381A1 (en) Systems and methods for managing documents and other electronic content
US20140304836A1 (en) Digital rights management through virtual container partitioning
US20140245015A1 (en) Offline file access
US20140189483A1 (en) Spreadsheet viewer facility
US20140298207A1 (en) Systems and Methods for Managing Documents and Other Electronic Content
US20190050587A1 (en) Generating electronic agreements with multiple contributors
US20130061335A1 (en) Method, Apparatus, Computer Readable Media for a Storage Virtualization Middleware System
WO2011098749A2 (en) A method and system for providing a collaborative working environment
US20140365396A1 (en) Computer implemented system and method for facilitating a board meeting
AU2014236602A1 (en) Computerized method and system for managing networked secure collaborative exchange environment
CN109213945B (en) License management for cloud-based documents
US8495753B2 (en) Electronic meeting management system for mobile wireless devices
US20230237005A1 (en) Board portal subsidiary management system, method, and computer program product
CN104036162A (en) Delegate access in distributed scan system
US20210201371A1 (en) System and method for managing electronic files and data in a centralized collaborative workspace
WO2023246723A1 (en) Object access method and apparatus, and electronic device, storage medium and program product
JP2013210912A (en) Data processing device, data processing system and program
JP2004303023A (en) Access managing method
JP6150381B2 (en) Cloud system, cloud server, and program
KR101969161B1 (en) Providing apparatus for hierarchical type real time canvas
KR101969162B1 (en) Providing apparatus for hierarchical type real time canvas
JP7196425B2 (en) Information processing device and program
JP2018005592A (en) Document browsing control device, document browsing control system, and program

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11705221

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11705221

Country of ref document: EP

Kind code of ref document: A2