Secure inter-company collaboration environment

US 7,143,136 B1
Filed: 06/06/2002
Issued: 11/28/2006
Est. Priority Date: 06/06/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A secure inter-company collaboration system, comprising:

a set of one or more utility servers maintained by a first company;

a data storage communicatively coupled to at least one of the utility servers via a secured subnet and storing access-controlled data, wherein the data storage is partitioned by projects to isolate the access-controlled data based on the projects;

a set of resources residing on the set of utility servers, the set of resources comprising an application;

a secure network connection between the set of utility servers and a second company;

an access control mechanism configured to control access to the set of resources and to the secure network connection by the first company and the second company, wherein access is limited to specific authorized individuals from the first company and specific authorized individuals from the second company;

a remote controller configured to enable an authorized individual from the second company to remotely view a user interface of the application while an authorized individual from the first company is executing the application on the set of utility servers; and

a file manager configured to manage data files that are shared, according to one or more rules, among a group of authorized individuals from the first and second companies, and configured to operate automatically in the background according to the one or more rules.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An environment is described in which multiple companies can securely collaborate on a design or other project. The environment includes a set of resources residing on a set of one or more utility servers maintained by a first company, an access control mechanism for controlling access to the set of resources, a secure network connection between the set of utility servers and a second company, and a remote controller for remotely viewing, by an authorized individual from the second company, a user interface of an application while an authorized individual from the first company is executing the application on the set of utility servers. The secure network connection includes a secure association mechanism for establishing a secure association between participating parties, a virtual point-to-point network connection for transmitting data between associated parties, and an encryption/decryption mechanism.

Citations

51 Claims

1. A secure inter-company collaboration system, comprising:
- a set of one or more utility servers maintained by a first company;
  
  a data storage communicatively coupled to at least one of the utility servers via a secured subnet and storing access-controlled data, wherein the data storage is partitioned by projects to isolate the access-controlled data based on the projects;
  
  a set of resources residing on the set of utility servers, the set of resources comprising an application;
  
  a secure network connection between the set of utility servers and a second company;
  
  an access control mechanism configured to control access to the set of resources and to the secure network connection by the first company and the second company, wherein access is limited to specific authorized individuals from the first company and specific authorized individuals from the second company;
  
  a remote controller configured to enable an authorized individual from the second company to remotely view a user interface of the application while an authorized individual from the first company is executing the application on the set of utility servers; and
  
  a file manager configured to manage data files that are shared, according to one or more rules, among a group of authorized individuals from the first and second companies, and configured to operate automatically in the background according to the one or more rules.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The system of claim 1, wherein the remote controller is further configured to enable the authorized individual from the second company to remotely control execution of the application while the application is executing.
  - 3. The system of claim 1, wherein the remote controller is further configured to enable the authorized individual from the second company to remotely start execution of the application.
  - 4. The system of claim 1 wherein security of the secure network connection includes:
    - a secure association mechanism configured to establish a secure association in which a first device that is attempting to access at least part of the set of resources is identified by a second secure association mechanism at a second device and the second device is identified by a first secure association mechanism at the first device, and wherein establishment of the secure association is based at least in part on recognition of the first device by the second device and recognition of the second device by the first device.
  - 5. The system of claim 4 wherein security of the secure network connection includes:
    - a virtual point-to-point network connection established upon establishment of the secure association, wherein communication between the first and second devices is limited during the secure association to communication only between the first and second devices; and
      
      a data encryption/decryption mechanism for encrypting and decrypting data that is transmitted across the virtual point-to-point network connection.
  - 6. The system of claim 4 wherein security of the secure network connection includes:
    - a virtual point-to-point network connection established upon establishment of the secure association, wherein communication is limited during the secure association to communication only between the subnets on which the first and second devices reside; and
      
      a data encryption/decryption mechanism for encrypting and decrypting data that is transmitted across the virtual point-to-point network connection.
  - 7. The system of claim 6 wherein open ports at each end of the virtual point-to-point network connection are limited to specific ports allocated for collaboration.
  - 8. The system of claim 4 wherein the secure association is periodically renewed by an automated request, from one of the first and second secure association mechanisms to the other secure association mechanism, for a key that is common among the first and second secure association mechanisms, and by an automated verification by the requesting secure association mechanism of the key received from the other secure association mechanism.
  - 9. The system of claim 1 wherein the access control mechanism is configured to monitor use of the set of resources.
  - 10. The system of claim 1 wherein the access control mechanism includes a first access control mechanism managed by the first company and a second access control mechanism managed by the second company, and wherein each of the companies control access to the set of resources with the respective first or second access control mechanisms.
  - 11. The system of claim 1 wherein more than two companies are allowed access via the access control mechanism, and wherein the access control mechanism includes more than two respective access control mechanisms, and wherein each of the respective access control mechanisms is managed by one of the more than two respective companies to control access.
  - 12. The system of claim 1 wherein the access control mechanism is implemented using computer software.
  - 13. The system of claim 1 wherein the capability for an authorized individual to remotely access the shared data is based on a data authorization mechanism.
  - 14. The system of claim 1 comprising a communication mechanism configured to receive, store, and retrieve textual messages from the authorized individuals.
  - 15. The system of claim 1 wherein the user interface of the application is a graphical user interface that displays a graphic representation, wherein the remote controller provides the capability to remotely view the graphical representation.
  - 16. The system of claim 1, wherein the set of resources comprises:
    - a navigation mechanism configured for guiding the group of authorized individuals through the system to locate particular resources of the set of resources and for providing the capability for the group of authorized individuals to see which applications are currently being used.

17. A secure inter-company collaboration system, comprising:
- a first set of one or more utility servers maintained by a first company;
  
  a second set of one or more utility servers maintained by a second company;
  
  a data storage communicatively coupled to the first set of utility servers via a secured subnet and storing access-controlled data, wherein the data storage is partitioned by projects to isolate the access-controlled data based on the projects;
  
  a first set of resources residing on the first set of utility servers, the first set of resources comprising a first application;
  
  a secure network connection between the first and second sets of utility servers;
  
  an access control mechanism configured to control access to the first and second sets of utility servers and to the secure network connection by the first and second companies, wherein access to the first set of utility servers is limited to specific authorized individuals from the first company and access to the second set of utility servers is limited to specific authorized individuals from the second company;
  
  a remote controller configured to enable an authorized individual from the second company, using the second set of utility servers, to remotely view a user interface of the first application while an authorized individual from the first company is executing the first application on the first set of utility servers; and
  
  a file manager configured to manage data files that are shared, according to one or more rules, among a group of authorized individuals from the first and second companies, and configured to operate automatically in the background according to the one or more rules.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
- - 18. The system of claim 17, wherein the remote controller is further configured to enable the authorized individual from the second company, using the second set of utility servers, to remotely control execution of the first application while the first application is executing on the first set of utility servers.
  - 19. The system of claim 17, wherein the remote controller is further configured to enable the authorized individual from the second company, using the second set of utility servers, to remotely start execution of the application.
  - 20. The system of claim 17, further comprising:
    - a second set of resources residing on the second set of utility servers, the second set of resources comprising a second application.
  - 21. The system of claim 20, wherein the remote controller is further configured to enable an authorized individual from the first company, using the first set of utility servers, to remotely view a user interface of the second application while an authorized individual from the second company is executing the second application on the second set of utility servers.
  - 22. The system of claim 20, wherein the remote controller is further configured to enable the authorized individual from the first company, using the first set of utility servers, to remotely control execution of the second application while the second application is executing on the second set of utility servers.
  - 23. The system of claim 20 wherein the access control mechanism includes a first access control mechanism managed by the first company and a second access control mechanism managed by the second company, and wherein each of the companies control access to the first and second set of resources with the respective first or second access control mechanisms.
  - 24. The system of claim 20 wherein the remote controller comprises:
    - a first client application on a client machine used by an authorized individual from the first company;
      
      a first host application on at least one of the first set of utility servers;
      
      a second client application on the at least one of the first set of utility servers; and
      
      a second host application on at least one of the second set of utility servers;
      
      wherein the authorized individual from the first company can use the first client application, the first host application, the second client application, and the second host application to remotely view a user interface of the second application while an authorized individual from the second company is executing the second application on the second set of utility servers.
  - 25. The system of claim 24 wherein the authorized individual from the first company can use the first client application, the first host application, the second client application, and the second host application to remotely control execution of the second application while the second application is executing on the second set of utility servers.
  - 26. The system of claim 20 wherein the first application and the second application are configured to automatically communicate with each other.
  - 27. The system of claim 17 wherein security of the secure network connection includes:
    - a secure association mechanism configured to establish a secure association in which a second device that is attempting to access at least part of the first set of resources is identified by a first secure association mechanism at a first device and the first device is identified by a second secure association mechanism at the second device, and wherein establishment of the secure association is based at least in part on recognition of the second device by the first device and recognition of the first device by the second device.
  - 28. The system of claim 27 wherein security of the secure network connection includes:
    - a virtual point-to-point network connection established upon establishment of the secure association, wherein communication between the first and second devices is limited during the secure association to communication only between the first and second devices; and
      
      a data encryption/decryption mechanism for encrypting and decrypting data that is transmitted across the virtual point-to-point network connection.
  - 29. The system of claim 28 wherein open ports at each end of the virtual point-to-point network connection are limited to specific ports allocated for collaboration.
  - 30. The system of claim 27 wherein security of the secure network connection includes:
    - a virtual point-to-point network connection established upon establishment of the secure association, wherein communication is limited during the secure association to communication only between the subnets on which the first and second devices reside; and
      
      a data encryption/decryption mechanism for encrypting and decrypting data that is transmitted across the virtual point-to-point network connection.
  - 31. The system of claim 27 wherein the secure association is periodically renewed by an automated request, from one of the first and second secure association mechanisms to the other secure association mechanism, for a key that is common among the first and second secure association mechanisms, and by an automated verification by the requesting secure association mechanism of the key received from the other secure association mechanism.
  - 32. The system of claim 17 wherein the access control mechanism is configured to monitor accesses to the set of resources.
  - 33. The system of claim 17 wherein the capability for an authorized individual to remotely access the shared data is based on a data authorization mechanism.
  - 34. The system of claim 17 comprising a communication mechanism configured to receive, store, and retrieve textual messages from the authorized individuals of the first and second companies.
  - 35. The system of claim 17 wherein the user interface of the application is a graphical user interface that displays a graphic representation, wherein the remote controller provides the capability to remotely view the graphical representation.

36. A method for providing a secure inter-company collaboration environment for a design project, the method comprising:
- controlling access to a first set of one or more utility servers maintained by a first company, wherein access to the first set of utility servers is limited to specific authorized individuals from the first company;
  
  controlling access to a second set of one or more utility servers maintained by a second company, wherein access to the second set of utility servers is limited to specific authorized individuals from the second company;
  
  controlling access to a data storage communicatively coupled to the first set of utility servers via a secured subnet and storing access-controlled data, wherein the data storage is partitioned by projects to isolate the access-controlled data based on the projects;
  
  controlling access to a first set of resources residing on the first set of utility servers, wherein the first set of resources comprises a first application;
  
  controlling access to a secure network connection between the first and second sets of utility servers, wherein access to the secure network connection is limited to specific authorized individuals from the first and second companies;
  
  controlling access to a remote controller that enables an authorized individual from the second company, using the second set of utility servers, to remotely view a user interface of the first application while an authorized individual from the first company is executing the first application on the first set of utility servers; and
  
  controlling access to a file manager configured to manage data files that are shared, according to one or more rules, among a group of authorized individuals from the first and second companies, and configured to operate automatically in the background according to the one or more rules.
- View Dependent Claims (37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50)
- - 37. The method of claim 36, wherein the remote controller is further configured to enable the authorized individual from the second company, using the second set of utility servers, to remotely control execution of the first application while the first application is executing on the first set of utility servers, and wherein the step of controlling access to the remote controller is performed accordingly.
  - 38. The method of claim 36, wherein the remote controller is further configured to enable the authorized individual from the second company, using the second set of utility servers, to remotely start execution of the first application on the first set of utility servers, and wherein the step of controlling access to the remote controller is performed accordingly.
  - 39. The method of claim 36 comprising:
    - controlling access to a second set of resources residing on the second set of utility servers, wherein the second set of resources comprises a second application.
  - 40. The method of claim 39, wherein the remote controller is further configured to enable an authorized individual from the first company, using the first set of utility servers, to remotely view a user interface of the second application while an authorized individual from the second company is executing the second application on the second set of utility servers, and wherein the step of controlling access to the remote controller is performed accordingly.
  - 41. The method of claim 40, wherein the remote controller is further configured to enable the authorized individual from the first company, using the first set of utility servers, to remotely control execution of the second application while the second application is executing on the second set of utility servers, and wherein the step of controlling access to the remote controller is performed accordingly.
  - 42. The method of claim 39, wherein the first application from the first set of resources residing on the first set of one or more utility servers performs the steps of:
    - monitoring a first execution of the second application from the second set of resources residing on the second set of one or more utility servers;
      
      analyzing output from the second application;
      
      modifying input parameters to the second application based on analysis of the output;
      
      initiating a second execution of the second application on at least one of the second set of one or more utility servers, wherein the second execution is based on the modified input parameters; and
      
      monitoring the second execution of the second application.
  - 43. The method of claim 36 wherein the step of controlling access to the secure network connection comprises:
    - requiring establishment of a secure association in which a first device that is attempting to access the secure network connection is identified by a second device and the second device is identified by the first device, and wherein establishment of the secure association is based at least in part on recognition of the first device by the second device and recognition of the second device by the first device.
  - 44. The method of claim 43 comprising:
    - upon establishment of the secure association, maintaining a virtual point-to-point network connection wherein communication between the first and second devices is limited to communication only between the first and second devices; and
      
      encrypting communications that are transmitted across the virtual point-to-point network connection.
  - 45. The method of claim 43 comprising:
    - upon establishment of the secure association, maintaining a virtual point-to-point network connection wherein communication is limited during the secure association to communication only between the subnets on which the first and second devices reside; and
      
      encrypting communications that are transmitted across the virtual point-to-point network connection.
  - 46. The method of claim 43 comprising:
    - periodically renewing the secure association byautomatically requesting, by one of the first and second devices from the other device, a key that is common to the first and second devices, andautomatically verifying, by the requesting device, the key received from the other device.
  - 47. The method of claim 36 comprising:
    - logging accesses to the secure network connection.
  - 48. The method of claim 36 comprising:
    - maintaining a communication mechanism configured to receive, store, and retrieve at least textual messages from the authorized individuals.
  - 49. The method of claim 36, comprising:
    - wherein the remote controller comprises a first remote controller and a second remote controller that is different than the first remote controller,wherein the first remote controller enables an authorized individual from the second company, using the second set of utility servers, to remotely control execution of the first application while the first application is executing on the first set of utility servers;
      
      wherein the second remote controller enables an authorized individual from the first company, using the first set of utility servers, to remotely control execution of the second application while the second application is executing on the second set of utility servers; and
      
      wherein the step of controlling access to the remote controller is performed according to the first and second remote controllers.
  - 50. The method of claim 36 comprising:
    - controlling access to a navigation mechanism configured for guiding the group of authorized individuals through the system to locate particular resources of the set of resources and for providing the capability for the group of authorized individuals to see which applications are currently being used.

51. A system for providing a secure inter-company collaboration environment for a design project, the method comprising:
- means for controlling access to a first set of one or more utility servers maintained by a first company, wherein access to the first set of utility servers is limited to specific authorized individuals from the first company;
  
  means for controlling access to a second set of one or more utility servers maintained by a second company, wherein access to the second set of utility servers is limited to specific authorized individuals from the second company;
  
  means for controlling access to a data storage communicatively coupled to the first set of utility servers via a secured subnet and storing access-controlled data, wherein the data storage is partitioned by projects to isolate the access-controlled data based on the projects;
  
  means for controlling access to a first set of resources residing on the first set of utility servers, wherein the first set of resources comprises a first application;
  
  means for controlling access to a secure network connection between the first and second sets of utility servers, wherein access to the secure network connection is limited to specific authorized individuals from the first and second companies;
  
  means for controlling access to a remote controller that enables an authorized individual from the second company, using the second set of utility servers, to remotely view a user interface of the first application while an authorized individual from the first company is executing the first application on the first set of utility servers; and
  
  means for controlling access to a file manager configured to manage data files that are shared, according to one or more rules, among a group of authorized individuals from the first and second companies, and configured to operate automatically in the background according to the one or more rules.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cadence Design Systems Incorporated (Cadence Group)
Original Assignee
Cadence Design Systems Incorporated (Cadence Group)
Inventors
George, Samuel, Werner, Jens, Schmidt, Juergen, Ligtenberg, Adriaan, Matzke, Wolf-Ekkehard, Upadhyay, Deepak P., Smith, Ronald Peter, Drenan, Lawrence A.
Primary Examiner(s)
Meky, Moustafa M.

Application Number

US10/164,831
Time in Patent Office

1,636 Days
Field of Search

709200-205, 709/217, 709218-229
US Class Current

709/204
CPC Class Codes

G06Q 10/06 Resources, workflows, human...

G06Q 10/10 Office automation; Time man...

Secure inter-company collaboration environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

51 Claims

Specification

Solutions

Use Cases

Quick Links

Secure inter-company collaboration environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

51 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links