US20150006400A1

US20150006400A1 - System and method for virtual team collaboration in a secure environment

Info

Publication number: US20150006400A1
Application number: US13/930,565
Authority: US
Inventors: Chi Eng; Eugene Dmytrichenko; Eugene Myasushkin
Original assignee: Individual
Current assignee: Individual
Priority date: 2009-11-02
Filing date: 2013-06-28
Publication date: 2015-01-01
Also published as: US20110107088A1; US8499148B2

Abstract

A computing platform for facilitating dynamic connection and collaboration of service providers and service requesters to transact services in a secure computing environment. The environment includes data content comprising emails, messages, biographical information and human resources related data associated with the users. The platform includes a connection module for connecting users to form groups, and a collaboration module for creating a virtual secure data room for collaboration and sharing of encrypted data by the connected users in a user-friendly and transparent manner. The platform further comprises an indexing and parsing module for identifying keywords and topics in the data content associated with the users and a matching module for matching project requirements of service requesters to profiles of the service requesters, the profiles including the parsed data content of the users.

Description

CROSS REFERENCE TO RELATED APPLICATIONS

The present application claims priority to an earlier filed U.S. Provisional Patent Application No. 61/257,307, filed on Nov. 2, 2009, and U.S. patent application Ser. No. 12/938,355, filed on Nov. 2, 2010.

BACKGROUND OF THE INVENTION

1. Technical Field
The present invention relates to a method and system for the delivery and provision of professional services using an internet-based platform capable of sharing resources.
2. Background
The traditional market for professional services is highly fragmented and inefficient due to the varying and diverse expertise of the professionals and the industries they serve. Take for example, the legal industry. Lawyers are licensed in disparate jurisdictions and specialized in distinct fields. They have different levels of experience and operate at varying levels of competence. While large law firms are able to bring together various niche services providers to aggregate supply, they make up for only a fraction of the legal community and contribute to its rigid and hierarchical “old-school” nature.
Presently, the supply-side architecture of the legal services industry lags other industries. Lawyers use software applications for their billing, office and case management. However, the legal profession has not yet adopted the now available web-based technology to provide legal services to their clients. They also don't typically collaborate online with other lawyers throughout the entire deal process (from sourcing to final payment). While there are online databases such as Martindale-Hubble, these services do not allow for meaningful interaction, collaboration or transactions (i.e. the full legal experience). The problem is that they resemble more closely to an online phonebook than an interactive exchange where legal service providers and service requesters or consumers conduct business.
According to Thomson Research, consumers demand greater efficiency and transparency of online legal services. Consumers are frustrated with navigating an ever-increasing volume of legal information online as they are untrained or inexperienced in digesting this over-saturation of seemingly unrelated and fragmented data. Thomson Research also suggests that evaluating the credibility of legal information and legal professionals is equally difficult. The problem is that while consumers are being serviced in other industries via the Internet, the legal profession has lagged further behind.
An inefficient marketplace is typically manifested by a large variation in prices for a given quality of service. In the present system, a great majority of legal service providers charge their clients based on billing rates. They bill varying hours for the same product, with larger firms commanding the highest rates. Thus, for the same quality of legal service, the price of the work product can vary greatly.
For many lawyers, large percentages of revenue often lie within few customers. Loss of one major client can have significant repercussions. This is particularly evident for the thousands of long-tail/mid-tail providers, who have limited relationships and compete against larger counterparts with global reach. As a result, smaller firms and lawyers often lose new business because they can only service 60-80% of a client's needs. While these lawyers are more likely to adopt new technology, there have been no complete solutions to date for on-demand collaborations with the clients and other out-of-network legal professionals including assistants, paralegals, and consultants, in a virtual or online environment. Moreoever, there is a perceived drawback of online systems that one must contend with a reduced level of confidentiality, security and control. For litigators, there is the worry that it could mean a loss of attorney-client privilege.
Accordingly, there is a need for a secure platform that facilitates the formation and management of client and professional teams possessing the requisite talents for specific projects and the efficient collaboration of team members in a virtual or online workroom.

SUMMARY OF INVENTION

An object of the present invention is to provide a method and system for harnessing the network effect of professionals in a virtual or online space even though such professionals may be physically located in disparate and far-flung geographical regions.
Another object is to provide an intuitive, simple-to-use user interface for requesters or consumers of professional services to access and seek optimal price and performance from such networks of professionals.
Still another object is to provide a secure online portal or on-premise system to facilitate the connection and collaboration of professionals through a wide area network such as a packet switched network such that professionals having different skill sets and located in different geographical regions will be able to share knowledge and skills and to network and collaborate with each other on complex projects in an efficient and cost effective manner.
Yet another object is to provide a secure workroom to enable collaboration among authorized professionals of a team to selectively share encrypted documents in a confidential but yet user-friendly manner.
According to the present invention, a system comprising a server or group of servers is configured to enable and to facilitate the dynamic or on-demand connection of computing devices to form one or more closed networks or teams of professionals for the purpose of collaborating on a project-by-project basis or on a fixed term relationship.
In a presently preferred embodiment, the inventive platform is configured on servers and storage devices provided by large scale networked data centers accessible through broadband networks. The servers include a database server, an application server, a web server, and a media server. The database server includes data relating to the identity of individual profiles of professionals and a plurality of networks of access devices, a secure data room accessible only by authorized access devices for sharing data and files among the networked professionals. The profiles may include data content such as biographical information, human resources data, social network profile information (e.g., LinkedIn), credentials, publications, memos, and messages (e.g., emails). The web server also includes an input module for collecting requests for services including budget and pricing information for a project, presenting such requests to the access devices of the professionals, and displaying bids from the service providers to the requesters. A transaction module is also provided for credit management including managing payments corresponding to specific milestones agreed to by the parties for a project. A request filter parses the service requests and derives indicia of professional services in terms of the relevant expertise, which indicia will be used for searching or matching with relevant service providers. A matching module matches the service requesters to the service providers on the platform.
The various features of novelty which characterize the invention are pointed out with particularity in the claims annexed to and forming a part of the disclosure. For a better understanding of the invention, its operating advantages, and specific objects attained by its use, reference should be had to the drawings and descriptive matter in which they are illustrated and described preferred embodiments of the invention.
Other objects and features of the present invention will become apparent from the following detailed description considered in conjunction with the accompanying drawings. It is to be understood, however, that the drawings are designed solely for purposes of illustration and not as a definition of the limits of the invention, for which reference should be made to the appended claims. It should be further understood that the drawings are not necessarily drawn to scale and that, unless otherwise indicated, they are merely intended to conceptually illustrate the structures and procedures described herein.

BRIEF DESCRIPTION OF THE DRAWINGS

In the drawings, wherein like reference characters denote similar elements:

FIG. 1 is a diagram of an embodiment of the inventive system facilitating the connection, collaboration and transaction between client and professional teams of the present invention;

FIG. 2 is a portion of a relational database representing the relational tables of a User, the User's files, users with shared access to the User's files, and the User's messages with other users;

FIG. 3 diagrammatically illustrates the interplay of the file storage, the encoder/decoder and web application/server to enable sharing of encrypted files between users;

FIG. 4 describes the steps of sharing encrypted files in a manner transparent to the users;

FIG. 5 is a flow chart illustrating the steps of communicating encrypted messages between users; and

FIG. 6 diagrammatically depicts another embodiment of the inventive system facilitating connection, collaboration and transaction among client and professional teams in an enterprise environment.

DETAILED DESCRIPTION OF THE PRESENTLY PREFERRED EMBODIMENTS

Preferably, the inventive system is implemented on a cloud-computing services platform (the “cloud platform”) that may be configured as a “public” cloud or a “private” cloud such as that offered by Amazon Web Services and which is accessible by users around the globe via a packet-switched network such as the Internet. The cloud platform provides the inventive system with operational, fault-tolerant and service-specific security processes as well as redundancies by using highly scalable servers (i.e. ability to add servers on demand) in diverse geographical locations. It also provides a virtualized computing application layer for implementing a variety of software services for the inventive system such as those disclosed herein. Since confidential documents and messages are shared among them and payments are transacted among the service providers and requesters, security and reliability of the system are of paramount concerns to the users of this system.
The system is preferably built pursuant to applicable ISO 9000 standards and is configured to utilize security features of a cloud computing platform for certification and accreditation pursuant to SAS70 Type II or equivalent. Unlike popular online social networks, such security features are necessary for the provision of professional services and will be demanded by both the providers and clients.
Optionally, the system may be deployed on servers operated and controlled by an enterprise (e.g., virtual private cloud or on-premise system) such that users may benefit from the system's various inventive features while maintaining the enterprise's confidential data secured behind its own network firewalls.
In a presently preferred embodiment, the inventive system includes a database server, an application server, a web server, and a media server. Each of these servers is configured to include one or more computer processors and associated memory devices (e.g., Random Access Memories, hard drives or their equivalents, etc.). The database server includes data relating to the identity of individual profiles of professionals and a plurality of networks of access devices, a secure data room accessible only by authorized access devices for sharing data and files among the networked professionals. The web server also includes an input module for collecting requests for services including budget and pricing information for a project, presenting such requests to the access devices of the professionals, and displaying bids from the service providers to the requesters. A transaction module is also provided for credit management including managing payments corresponding to specific project milestones agreed to by the parties. A request filter parses the service requests and derives indicia of professional services in terms of the relevant expertise, which indicia will be used for searching or matching with relevant service providers. A matching module matches the service requesters to the service providers on the platform based on project descriptions or requirements and the profile information of the service providers. In brief, the system facilitates the connection and collaboration of providers to transact services with clients. The collaborative system provides three primary functionalities to the users: (1) ability to selectively connect or network with other users (e.g., members of their teams and select service providers) in the system, (2) ability to collaborate with authorized and users in a secure data or work room, and (3) ability for service requesters to manage agreed milestones and/or to transact payments corresponding to the agreed project milestones. Users may be requesters for professional services such as legal services; the users may also be service providers such as attorneys or accountants. Each user registers or otherwise provides identification or profile information that may be used for authentication, networking, and matching purposes. An administrator of the system may also pre-register or pre-authorize certain users to use the system. In the case of a corporate user, the user's profile information preferably includes the name of the company, name of contact, place of organization, year started, address, annual revenue of the company, and corporate title and function of the corporate user. For service providers such as attorneys, the information will include his name, address, jurisdictions in which they are licensed to practice their professions, academic and other credentials, professional experience, and practice profile, etc., which will be useful for the matching module to match them to the service requesters or for a connection module to facilitate the connections among the users. The users may also be assistants or paralegals of the attorneys or the service requesters. In a presently preferred embodiment, the matching module includes a search engine for matching service providers to service requesters based on profile information of the service providers and project requirements of the service requesters.
There is shown in FIG. 1 a presently preferred embodiment of the virtual collaborative system 10 constructed in accordance with the present invention. The system comprises an Interface 12 for interaction among service requesters (e.g., clients) and service providers (e.g. professionals), who may be collectively referred herein as “users”, which includes a Registration Module 14, a Connection Module 16, a Matching Module 18, a Collaboration Module 20 and a Transaction Module 22. Users may access the system via any access devices with appropriate software applications to communicate with the servers on the cloud platform. Such access devices may include PCs, Macs, smart phones, or other client devices. A user registers with the system through the Registration Module 14 and his profile and contact information is stored in a searchable database. Once registered, the users may search and connect with each other, thereby forming groups of users with shared interests or goals. These connected users may share a common message board to communicate with each other. They may also set up a virtual secure data room from which they can upload and download files for collaboration. The service requesters or clients may also connect with their own employees/agents and share their data room. In one scenario, the clients may invite service providers to collaborate on a previously established project through their virtual data room, and which will eliminate the need for sending files to each other via email servers that could block or misidentify emails as spam emails and never deliver the legitimate emails to the intended recipients. Worse yet, the emails which are typically transmitted in unencrypted form may be intercepted by third parties. As shown in FIG. 1, the secure data rooms form the basis for collaboration for each virtual team. Online collaboration applications (similar to Google Docs) may be provided to the users for greater productivity efficiency. The teams may be formed or dissolved on demand depending on the projects shared by the team members; the data rooms may likewise be formed or disassembled on demand.
The service requesters may submit a project to the Interface 12 for bidding by the various virtual teams on the platform. Recognizing the requesters lack the requisite sophistication to seek the most qualified providers, the matching module 18 matches the project requirements to relevant service providers and ranks them in accordance with the project parameters and the providers' profiles. Specifically, the matching module 18 analyzes the project description by way of keywords used by the requester and associated metadata and searches through the profiles of the providers to determine the number of keywords or metadata matched and derive a relevance ranking. The matching module 18 may also make use of a request input filter which parses the written project description from the client and extracts important parameters for processing by the matching module 18. The more keywords, metadata and project parameters are matched, the more relevant the provider is to the project. Once the providers are identified, the system forwards the project to the identified providers via a previously specified communication method (e.g., email or SMS or posting via the platform to the identified providers) and requests them to respond to the request for bids within a specified time period.
To facilitate on-demand collaboration among the providers, the transaction module provides revenue splitting based on previously agreed percentages. Thus, prior to submitting a bid, the providers may agree to a certain revenue split among them and which percentages are entered into the Transaction module 22 such that when payments are released for a completed milestone, the transaction module automatically divides and distributes the payments to the team members.
To further enhance collaboration among the users, the system may issue virtual currency to the users, which may be used for trading by the users in order to obtain certain privileges or rights. This concept is akin to the airlines' frequent mileage programs. Accordingly, providers will accumulate increased amount of virtual currency the more they use the services provided by the platform. Virtual currency can be used by users to barter and negotiate with other registered users. Virtual currency may also allow the users to, for example, trade or purchase leads from other users in an open market place on the platform. In the case of lawyers, the virtual currency could also allow them to obtain sample legal papers (e.g., motion papers and form contracts), and negotiate various deals as a part of a virtual team/firm. The platform will allow for virtual currency to evolve and increase in value. In a preferred embodiment, the virtual currency is in the form of points provided to registered users of the platform. These points may be used for bidding on proposed projects by the service providers. Additional points may be purchased at a predetermined price.
The modules are further described in more details as follows.
Registration Module
The Registration Module 14 is configured to collect user contact information and profile description which may be made searchable by other users. For example, the profile description may include keywords and meta-tags associated with the particular user and which are stored in a searchable database. The Registration Module 14 may also collect photos, credentials, and documents for enhancing the credibility of the professional service provider. This module may also include an algorithm for authenticating the users. For service providers who are lawyers, and who received license registration numbers from their respective jurisdictions, they will be required to submit such registration numbers. Upon receipt of a registration number from a user, the module performs verification with an internal or external database containing bar registration numbers of lawyers in the various jurisdictions.
An exemplary registration form may include the following fields: Email address; Password; Name of User; Screen Name (to be selected by user)—minimum number of characters; Name of Company or Firm (if applicable); Full Postal Address; Wireline phone number; Mobile phone number; Fax number; Email address; Website address; Profile or Bio (note that this field is searchable by other users depending on privacy settings.); and Keywords, metadata, and meta-tags for facilitating searching by or for connection with other users and for matching with projects proposed for bidding by clients. The metadata or keywords may include words typically used in such legal fields, for example, as real estate, intellectual property, securities laws, litigation, corporate governance, international tribunals, cross-border transaction, and commercial law, etc.
A database schema is configured to categorize the professional interests of the providers and their experience and skill levels for efficient indexing by the system. Such data will be used for searching by clients and other users, and will facilitate project team formation among the users, especially when a project is submitted by a client for bids for a defined period of time, and the necessary talents must be located quickly to prepare a responsive bid. The database architecture will be later described in connection with FIG. 2.
Optionally, an administrator of the inventive system may register new users without requiring initial input from the new users. For example, the administrator may register the new users by uploading and parsing a user list containing relevant user information and storing it in a user database accessible and searchable by other users. The administrator may also register a new user manually. In another example, the administrator may parse Human Resources data 30 containing personnel information of the enterprise and index relevant user profile information for the purpose of matching and collaboration in accordance with the inventive system. This would facilitate more accurate matching of the users to project requirements because of the use of a larger set of user profile data. Additionally, the administrator may use this Human Resources data to pre-register the users and set up their initial profile information and pre-connect them on the platform so that they may begin sharing information and collaborating on projects without initially requiring each new user to register and invite and connect with each other. Confirmation of registration by the new users may be achieved by the new users accepting the sharing of information with other registered users or by participating on a new project, or subsequently changing their pre-assigned passwords after logging into the inventive system.
Connection Module
Advantageously, the Connection Module 16 provides the users the ability to invite and dynamically network with each other and form increasingly diverse project teams to collaborate on ever more complex projects. Initially, the users may invite other registered users so as to form a distinct network or groups whose members share common interests or goals. The system tracks the relationships of the various users through a user database. The users form project teams by inviting members of their existing networks or invite others outside their networks based on the needs of the project at hand. Each user's login page will show his connections, project teams, data room(s) (where documents are stored and displayed), and status of his projects.
The Connection Module 16 may include the following features:

- Upload profile content—Registered users would be able to upload additional content to their respective profiles including photos, document, credentials, etc., up to a predetermined storage size.
- Edit & Manage profile—Once user has created his/her profile then user can also manage his profile. He would be able to make changes from time to time. Here users would also be able to select visibility or privacy option for their profiles so that a portion of his profile would be visible to all users on the platform, and another portion of his profile will only be visible to authorized users.
- See others' profiles—Users would be able to see other users' profiles, the visibility of other users profile would depend on the privacy option selected by the respective users.
- Search users—This feature will help user search each other using different criteria as described herein.
- Add/remove “Connections”—Users would be able to add or remove other users in their profile, thereby enabling users to customize their networks on the platform.
- Send and receive messages—This feature will allow users to send/receive messages to other users on the platform or to members of his network.
- Connect with other users—Connected users would also be able to create their own “group” or “virtual firm” through invitations.
- Create Events—Users of the website would also be able to create events on the websites, users can send invitation to other users to take part in these events and other users can accept or deny the request for the event.
- Provider Only Forum—Users would be able to engage in open discussions with other users of the website with identifiable discussion threads.

Matching Module
To alleviate the needs of a client to have a thorough understanding of the various professional disciplines and qualifications in order to identify the appropriate service provider(s) for a project, the Matching Module 18 implements intelligent business rules for determining relevant service providers for the client. For example, the client, in his description of a proposed project, is required to input certain keywords or metadata in a designated field. The keywords or metadata are stored and indexed in the database, and will be used to match with service providers who also input the same or related keywords in their profiles or whose profiles include the same or related keywords. Likewise, the providers are required to input in a field keywords, parameters, metadata that are pertinent to their expertise, which data are stored in a database for later matching with the project description parameters entered by the client. The business rules may further require that if the project description mentions certain keywords, and which are matched with keywords stored in a provider's profiles, the provider will receive the client request and will determine whether and how to respond to such request within a given time period set by the client.
The Matching Module 18 will rank relevant service providers based on the number of matched parameters and provide the list of such providers to the client. The service provider with the greatest number of matched parameters will have the highest relevance ranking. In this way, the client can more intelligently sort through potential providers for a project.
In another embodiment, the matching module 18 matches the project description or requirements provided by the service requester (i.e. users) with the profiles of the service providers (i.e., other users) based on data content including, but not limited to, biographical information, credentials, messages, and files created by or otherwise associated with the service providers. Matching may be performed through keywords in the data content and/or metadata identifying the characteristics of the data content. The metadata may include descriptive information such as the name of the writer or creator of the data content, purpose of the data content, topic(s) associated with the data content, time and date of creation of the data content, and links or pointers to other writers or creators of topics similar to that of the data content, etc. The matching module analyzes or parses the project requirements or description for keywords and topics and analyzes the profiles of service providers by comparing the project keywords to their biographical information, credentials as well as metadata associated with the messages and files created by the service providers. Preferably, the matching module ranks the relevance of the service providers to the proposed project by the number of project requirement keywords that has been matched with the service providers' profiles (e.g., biographical information, credentials, and data content parsed by an Indexing Engine 36 in the manner described in connection with FIG. 6 below). Additional filtering or ranking criteria may be employed by identifying the data content such as messages and files sent or created by the service providers, which contain the keywords in the project requirements. The more data content of the service providers that may be matched with the project requirements, the higher ranked or more relevant the service providers are to the requested projects. For example, a project requirement seeking service providers with trial experience in biotech patent litigation in a federal district court in Tyler, Texas would be matched with providers whose profiles contain keywords “patent”, “litigation”, “biotech”, “Tyler”, and “Texas”. Furthermore, if the service providers have data content such as published articles or memos or are senders of messages that contain these keywords or have associated metadata containing these keywords then these service providers would be ranked higher than those service providers without such matching data content.
Metadata of data content may include topics of publications, author(s) of publications, names of publishers/journals, dates of publication, subject line of a message (e.g., email) or subject of a memorandum, etc. The metadata may be input by the creators or administrators of the data content. Optionally, the metadata may also be synthesized or otherwise generated by an analytic module such as the Indexing Engine 36 that parses a data content for keywords and generates related keywords or strings of keywords commonly associated with the parsed keyword, and/or include the context of such keyword usage for the purpose of facilitating contextual searching. For example, keywords such as “invention”, “obviousness”, “novelty”, and “patent eligibility” may be associated with the term “patentability”. Thus, a project requirement or description containing the term “patentability” would enable the matching module to match those profiles containing these synthesized or generated terms even though they may not contain the exact keyword “patentability” in their profiles. For another example, keywords used in an email may be accorded a lower relevance score than when the keywords are used in a publication authored by the user.
Collaboration Module
Secure Data Room
To facilitate collaboration among project team members, the Collaboration Module 20 provides virtual secure data rooms and online collaboration tools for use by the team members. The virtual data rooms may be secured using well-known security mechanisms such as firewalls, authentication, and encryption technology (e.g., S-HTTP specified in RFC 2660, or HTTPS). The secure data rooms may be configured by a Data Room File Server containing the contents of the files in the data rooms and a Database Server including data that relate to and define the attributes of the data room files and folders accessible by specific authorized users of the data room; for example, each authorized user could have the same or different viewing or editing rights to select files and folders in the data room. For another example, an authorized user may have rights to upload files to a specific folder but have only viewing rights to other folders or no viewing rights to any other folders in the data room. The owner of the data room will have administrative rights to tailor access to his data room. A presently preferred embodiment of an algorithm for sharing documents and data are later described in connection with FIGS. 2 through 4.
The secure data room is preferably configured to provide the following functionalities:

- An owner of the data room is able to designate or invite other users on the platform to view, edit, upload and/or download files to one or more folders in the data room designated by the owner.
- The owner is provided with statistics including who and when the files were viewed, edited, uploaded and/or downloaded.
- The owner is able to create and name folders in the data room.
- Authorized guests are able to view only the designated shared folders.
- The data room is subdivided such that a first group of authorized users can view a first set of folders while another group can view another set of folders.
- Ability to measure the amount of storage space used by the data room.
- Ability to limit the amount of data used in the data room, and the amount of data transferred to and from the data room based on the owner's purchased usage threshold (e.g. membership level).
- Ability for owner to automatically pay for the increased data and bandwidth usage.
- Ability to handle transfers of large blocks of files.
- Ability to handle large numbers of concurrent users in a scalable manner.
- Ability to encrypt data for uploads and downloads.

Collaboration Tools
To further enhance productivity and collaboration by the project team members, the system may provide additional online application software (similar to Google Docs) which does not require users to upload and download of documents. Provided there is sufficient bandwidth capacity, the use of such online software will be transparent to the users and the experience will be the same as if the application software is being run by the users' computing devices. In fact, the online software (or Software as a Service (SaaS)) or other collaboration application tools 24 is executed by the servers, and the user devices merely receive data from the servers and displayed by, for example, a web browser. In this way, the users collectively share the resources on the platform, which would result in lower license fees. More importantly, the data and applications are not tied to any user device thereby increasing the mobility of the users and enabling the users to access and share their data anywhere around the globe. An example of such collaboration application tool 24 is an electronic discovery software that may be selectively enabled by the user to process and analyze data (e.g. documents and emails produced during discovery phase in a lawsuit). Document conversion program (e.g., converting documents into PDFs) is another example of such collaboration application tool.
After completion of a project, each of the client and the provider will have an opportunity to rate his experience. Such ratings will be published to all users and will serve as a vehicle to increase the quality of both the clients and the providers. Providers will be incentivized to provide the high quality service while the clients will also be encouraged to work fairly and efficiently with the providers. Consequently, the highly rated provider will be able to charge higher price because of his higher quality of work while the highly rated client will be able to attract higher number of bidders for its projects and thus able to negotiate a lower price for the project.
Transaction Module
The Transaction Module 22 comprises a payment interface to transact payments through a generally recognized financial payment processing institution (“FPPI”) and an escrow deposit and release functionality manageable by a client, which is also tied to a project milestones management system. The payment interface includes an Application Programming Interface (API) for interfacing with the FPPI to communicate credits and debits to the user accounts. The escrow functional feature is a dashboard where a client can manage payments for the various agreed milestones for his one or more projects. The dashboard preferably displays to the service providers the various projects in progress, the agreed milestones and payments for each project, the identification of the providers for each project, and a clickable communication link that enables the client to send messages to the service providers and a message board(s) to receive messages from the providers.
The Transaction Module 22 may provide the following features:

- Project Awarded—Provider will be notified once the project is awarded by client via email, SMS texting, or other previously specified method of communication.
- Accept Project—Service provider will need to electronically accept the awarded project to complete the engagement. In case they feel the need to add team members, they can invite other providers on the platform to join the project after negotiation of revenue split.
- Preview of work product—portions of the provider's work product may be selectively displayed by, for example, a Flash player, to the client for his approval and to mitigate the risk of unauthorized copying before payments. The provider may be provided with appropriate controls to determine which portion(s) of his work product may be shown to the client prior to payment of the milestone, and the platform will convert the file into Flash format for client's review. After review, the client may click a release-of-funds button on a client dashboard, or reject the work product, and provide further instructions to the provider.
- Payment received—Once the payment is deposited into an escrow account, the provider will be notified or able to view the payment status on a provider dashboard prior to project commencement. Upon delivery or work product to the client, the corresponding milestone payment amount is released.
- Revenue Split—Upon release of payment by the client for a completed milestone, the platform divides the payment according to previously agreed revenue split, if any, by the project team members and sends payments to the individual team members, thereby alleviating the needs of the project team members to post-payment negotiations with each other.
- Feedback and comment—Client can rate the service providers (if they did not opt out) after project completion and give feedback and post comment to the client. Service providers can also rate the client (if client did not opt out) after completion of a project and give feedback and post comment to the client.

In another embodiment, the Transaction Module 22 includes an optional internal project module wherein project milestones are agreed to and managed by a project team formed by registered users and wherein payments for completed milestones are not required. Project acceptance by a registered user may or may not be required as the internal project feature provides a project leader the ability to assign his internal staff to the project for assistance. Nonetheless, the Transaction Module 22 allows the team members to track or monitor project budget as well as progress of the agreed project milestones during execution of the project. Progress of a project milestone may be monitored by, for example, when an assigned team member clicks or otherwise indicates to the inventive system that a milestone is completed and, in turn, the system displays such milestone status to other team members. The agreed project milestones may be subsequently modified by permitted team members such as the team leader or project coordinator of the project while the Transaction Module 22 maintains records or history of all modified milestones. Advantageously, the Transaction Module 22 allows a user in an enterprise environment to manage a project with internal staff (where payments are not required) and/or external team members whose services would require payments.
In a particularly preferred embodiment, the documents and messages on the inventive platform are encrypted and yet able to be shared with other users in a transparent and user-friendly manner. In other words, owners of documents and senders of messages to other users on the platform are ensured that their data are encrypted without requiring their further input such as supplying additional passphrases. Yet, their documents can be selectively shared with members of their teams, and messages are sent to their intended recipients—while the system encrypts and decrypts the data automatically in the background and without active intervention of the users.
FIG. 2 shows a portion of relational database 76 comprising tables for a user, the user's files, and the user's messages etc. Specifically, the tables include (1) a User table 50 wherein each user is assigned a unique identifier (e.g., User_ID) and which contains user information such as user name, date of joining the platform, and email address etc.; (2) Files table 52 wherein each of the user's files is assigned a unique identifier (e.g., File_ID) and includes file data such as file name and date of creation, etc.; (3) a File Sharing table 54 which maps a list of users (including the file owner and shared users of a file) who have access to a corresponding list of files; (4) a Message Inbox table 56 which contains all messages received by a user and includes data fields for identifying the message sender (e.g., ref_sender), the message receiver (e.g. ref_user) and the specific message (e.g., Message_In ID); (5) a Message Outbox table 58 for storing messages sent to other users and since the messages are contained in two different tables, so that each recipient can now “delete” the message without affecting other users who have not “deleted” the same message; and (6) a Message Receiver table 60 for mapping each message to any user who has access to the message. Accordingly, through the use of the various parameters in this database, the system is able to track each user, the user's files, other users who were given access to the user's files by the user, and messages between the user and the recipients. As explained below, unique identifiers of a file or message and the user in combination with a system defined passphrase, will be used as input parameters for encryption or decryption of the file or message, which will be shared with users who have been granted access by the owner of such file or message.
The system may use any standard encryption algorithm but preferably employs the Advance Encryption Standard (AES), which comprises three block ciphers, AES-128, AES-192, and AES-256. Each of these ciphers has a 128-bit block size, with key sizes of 128, 192, and 256 bits, respectively. AES is the first publicly accessible and open cipher approved by the National Security Agency (NSA) for top secret information. For most applications, AES-128 offers the most optimal performance without compromising the security of the encrypted data. There are various readily available program modules that provide AES encryption capability.
In the presently preferred system, user documents and messages are encoded or decoded using separate AES encryption modules (and thus separate processors) for greater efficiency as documents are stored in storage devices and processed by an application server, while messages are processed and stored in a database server.
FIG. 3 diagrammatically illustrates how the system enables sharing of encrypted files between two or more users. The system includes a Web Application server 70 for interfacing with Users A and B, the secure file storage device 72, the Encoder 74, the Relational Database 76 containing the unique identifiers U_Id (identifying the users), the F_Id (identifying the files of each user). The system security key (S_Id) may be stored in either the Web Application or the Relational Database 76. The Encoder 74 comprises an encryption/decryption software application as explained above and coupled with an advantageous use of input parameters to create an efficient and secure key for encryption and decryption.
As described in the flow chart of FIG. 3, User A uploads one or more files to a storage device, which in turn notifies a Web Application 70 to task an Encoder to encrypt the uploaded files for User A. The Web Application 70 receives the unique identifiers of User A (e.g., User_ID) and the files (e.g., File_ID) and passes these parameters to the Encoder 74. The Encoder 74 retrieves the uploaded files based on the User A's and the files' unique identifiers. Advantageously, without requiring the User A to provide a security passphrase, the Encoder 74 proceeds to encrypt the uploaded files based on the File_ID, User_ID, and a system assigned key (e.g. S_ID), which may be randomly generated by the system or manually defined by the system administrator. Preferably, a proprietary function may be created to combine File_ID, User_ID and the S_ID to generate a single string of characters for input into a standard AES encoder. Preferably, the system assigned key or passphrase is further compressed by a proprietary algorithm so that it is not readily recognizable by human in its stored form. In this manner, each file is encrypted with a unique combination of parameters thereby creating a robust encrypted data storage that would greatly minimize any security breach. Once completed, the Encoder 74 replaces the uploaded (and unencrypted) file with the encrypted file in the storage device 72. Assuming User A has subsequently shared this file with another user, User B, the system will permit User B to access the encrypted file of User A in a transparent manner. In contrast, conventional encryption methods would require User B to submit a passphrase unique to User A and will potentially require users to share passphrases of each other in order to collaborate. As shown, upon User B's request to download the shared file of User A, the Web Application 70 tasks the Encoder 72 to retrieve and decrypt the shared file. Upon completion, the decrypted file is allowed to be downloaded by User B.
To further delineate this secure collaboration process, FIG. 4 describes step-by-step an embodiment of this advantageous process. In Step 301, User A uploads files to File Storage 72 via HTTPS. In Step 303, File Storage 72 notifies Web Application 70 of User A's uploaded files. In Step 305, Web Application tasks Encoder 74 to encrypt User A's uploaded files. In Step 307, Encoder retrieves and encrypts the uploaded files of User A based on unique identifiers of each of the files and User A plus a system assigned key. In Step 309, Encoder replaces the uploaded files with their encrypted versions. In Step 311, when User B requests a file shared by User A, system checks if User B is authorized to access the file. If Yes, in Step 313, Web Application 70 tasks the Encoder 74 to retrieve and decrypt the encrypted file of User A based on the unique identifier of the requested file and User A, plus the system assigned key. In Step 315, after decryption is complete, the file is allowed to be downloaded by User B. If No, in Step 317, the Web Application takes no action.
To completely secure the users' data, it is also necessary to encrypt the messages between the users on the platform. FIG. 5 describes the steps of encrypting a user's messages for storage and decrypting the messages for the recipient of such messages. Initially, in Step 501, User A composes and sends a message to User B. In Step 503, Encoder 74 encrypts User A's message using the unique identifier of User A, the message, and a system assigned key. In Step 505, Encoder 70 stores a copy of the encrypted message for User A and sends an identical copy of the encrypted message to User B. In Step 507, when User B desires to read the message, the Encoder retrieves and decrypts the encoded message. In Step 509, after decryption is complete, the message is presented to User B.
FIG. 6 shows an embodiment of the inventive system deployed in an enterprise environment where service requesters and service providers may form teams and secure data rooms for collaboration inside the firewalls operated and controlled by the enterprise. In this embodiment, the inventive system includes an Interface 16 comprising the registration module 14, connection module 16, collaboration module 20, and the matching module 18. The registration module 14 registers users of the inventive system upon sign up by the users or by an administrator of the system via an administration panel. The registration module 14 may be configured to allow the administrator to approve all new users upon signing up by the users or, optionally, to register new users and later confirmed by the newly registered users. The connection module 20 enables users to connect with each other and form their own networks of professional associates from which they can form work teams for projects. The matching module 18 receives requests and requirements of a project from service requesters and matches the project with the service providers based on the profiles of the service providers. The users may create User Groups 36 which may be social or professional network groups (e.g., golf interest group, bankruptcy law group, and cost accounting group) through which users may share information via discussions and documents. The User Groups 36 may be “public” or “private”. If “public”, any users may join the user group without requiring explicit permission from the group owner. If “private”, the group owner must approve each user before he or she is allowed to participate in the group.
The profiles of the users not only include biographical information and credentials (e.g., certificates) provided by the users but could also include data content associated with the users such as user messages 32 and Human Resources data 30. Advantageously, the inventive system comprises an Indexing Engine 36 that accesses stored user messages 32 and data (e.g., emails stored by the enterprise's mail servers (e.g., Microsoft Exchange servers), chat messages, voice mails, and text and/or audio-video files) and Human Resources data 30 (e.g., biographical information, prior jobs and accomplishment, prior and present job titles and descriptions) and parses and indexes the data content for keywords for later searching and/or matching by the Matching Module 18. Appropriate parsers may be implemented depending upon the type of data content. The indexed results are stored in the Index Database 38. To parse and index each data content, the Indexing Engine 36 determines (with the aid of, for example, optical character recognition tools for textual documents and/or parsers for emails and chat messages) whether keywords such as the name of any user is mentioned, tagged, or otherwise identifiable with the data content. If so, the Indexing Engine 36 associates the user with the data content and records the attributes/characteristics and significance of the data content in the Index Database 38. The data content may also be memoranda, published papers, deposition transcripts, emails, or chat messages. The system may also analyze the data content and identifies topics associated with the data content and stores such topics and associated users in the Index Database 38. In one scenario, if the user is an author of the memoranda or published papers based on, for example, associated metadata or tags, then a higher rank is assigned to the user in relation to the topics or keywords mentioned in the documents. A lower rank would be assigned to the user if the user merely retains such documents in his folders or mentions the keyword(s) in passing in an email or chat message. However, if the user is cited as an authority (e.g., quoted in the memorandum or cited in the bibliography section of a publication) for a topic then the Indexing Engine 36 may assign the user the highest rank (e.g., a score of 10 out of a possible 10). For purpose of matching the service providers to a project, the system preferably ranks users (whose data content has been matched to keywords of the project requirement) higher than those users who do not have specific data content matched to the project requirement keywords.
Human resources or personnel data collected by the Human Resources department of the enterprise may also be analyzed and indexed by the inventive system. The personnel data typically include biographical information and other credentials of the staff of an enterprise. Thus, the users' profiles may be augmented by such personnel data even though they may not have been entered by the users during the registration process. From a user perspective, this automatic feature eliminates the need to enter duplicative data by the users thereby enhancing the user experience of the inventive system.
As shown in FIG. 6, the enterprise environment 14 also includes Collaboration and Software as a Service (SaaS) applications 34 (e.g., electronic discovery software), all of which are secured behind the enterprise firewalls, and accessible by the users of the inventive system.
Although the inventive system has been described in terms of the legal industry, it is contemplated that the system described herein is also applicable to other service providers in other industries such as, for example, accountants, consultants, engineers, designers, software developers, marketing professionals, financial service professionals, and other service professionals.
The invention is not limited by the embodiments described above which are presented as examples only but can be modified in various ways within the scope of protection defined by the appended patent claims.
Thus, while there have shown and described and pointed out fundamental novel features of the invention as applied to a preferred embodiment thereof, it will be understood that various omissions and substitutions and changes in the form and details of the devices illustrated, and in their operation, may be made by those skilled in the art without departing from the spirit of the invention. For example, it is expressly intended that all combinations of those elements and/or method steps which perform substantially the same function in substantially the same way to achieve the same results are within the scope of the invention. Moreover, it should be recognized that structures and/or elements and/or method steps shown and/or described in connection with any disclosed form or embodiment of the invention may be incorporated in any other disclosed or described or suggested form or embodiment as a general matter of design choice. It is the intention, therefore, to be limited only as indicated by the scope of the claims appended hereto.

Claims

What is claimed is:

1. A computing platform for matching service providers and service requesters in a secure computing environment, comprising:

(a) a data storage for receiving a set of data from a first user;

(b) a web application module for associating a first unique identifier with the first user and a second unique identifier with the set of data of the first user, and for defining a security passphrase;

(c) an encoder for encrypting the set of data based on the first unique identifier, the second unique identifier, and the security passphrase;

(d) a connection module for connecting the first user to form a group of connected users based on the first user's invitations to other users and for defining a subgroup of connected users based on the first user's invitations to the connected users for sharing the set of data;

(e) a collaboration module for facilitating the sharing of the encrypted set of data between the first user and the subgroup of connected users without requiring the members of the subgroup to input any of the first and second unique identifiers and the security passphrase in order to receive the set of data in unencrypted form, wherein the collaboration module retrieves the encrypted set of data based on the first unique identifier and the second unique identifier, and the encoder decrypts the encrypted set of data for the members of the subgroup based on the first unique identifier, the second unique identifier and the security passphrase;

(f) an indexing engine for parsing data content of the users for keywords and associating the keywords of the data content with the users; and

(g) a matching module for receiving requirements for a project from a second user who is a service requester and matching the requirements to one or more users who are service providers based on profiles of the users, the profiles including the parsed data content associated with the users.

2. The platform of claim 1, wherein the parsed data content associated with one of the users includes at least one of biographical information, credentials, emails, voice mails, messages, memorandum and publications.

3. The platform of claim 1, wherein the set of data represents one of documents and messages of the first user.

4. The platform of claim 1, further comprising an index database for storing the keywords and associated users from the indexing engine.

5. The platform of claim 1, further comprising a software program for generating a key by combining the first and second unique identifiers and the security passphrase, the key being subsequently used by the encoder to one of encrypt and decrypt the set of data.

6. The platform of claim 4, further comprising a transaction module configured to settle payments between the matched one or more users and the second registered user based on and allow the matched one or more users to monitor progress of agreed project milestones.

7. The platform of claim 4, further comprising a work product preview module configured to allow the service requester to preview portions of a work product prior to payment of an agreed project milestone associated with the work product.

8. The platform of claim 7, wherein the work product preview module employs video streaming technology to display the portions of the work product.

9. The platform of claim 1, wherein the encoder uses Advanced Encryption Standard (AES).

10. The platform of claim 1, wherein the encoder uses AES-128.

11. A computer implemented method for facilitating connection and collaboration of users including service providers and requesters in a secure computing environment, comprising the steps of:

(a) associating, using a computer processor, a first unique identifier with a first user;

(b) defining, using a computer processor, a security passphrase;

(c) connecting, using a computer processor, the first user to other users to form a group based on the first user's invitations to the other users;

(d) receiving, using a computer processor, from the first user a set of data;

(e) associating, using a computer processor, a second unique identifier with the set of data;

(f) encrypting, using a computer processor, the set of data using the first and second unique identifiers and the security passphrase;

(g) sharing, using a computer processor, by the first user the encrypted set of data with select members of the group without requiring the select members to input any of the first and second unique identifiers or the security passphrase to receive an unencrypted form of the set of data.

(h) retrieving, using a computer processor, the encrypted set of data using the first and second unique identifiers, and decrypting the encrypted set of data based on the first and second unique identifiers and the security passphrase;

(i) receiving, using a computer processor, requirements for a project from a second user who is a service requester;

(j) parsing, using a computer processor, data content of the users for keywords and associating the keywords of the parsed data content with the profiles of the users; and

(k) matching, using a computer processor, the requirements to one or more users who are service providers based on profiles of the users, the profiles including the parsed data content of the users.

12. The method of claim 11, wherein the parsed data content associated with one of the users includes at least one of biographical information, credentials, emails, voice mails, messages, memorandum and publications.

13. The method of claim 11, wherein the set of data represents one of messages and documents of the first user.

14. The method of claim 12, further comprising the step of combining the first and second unique identifiers and the security passphrase to generate a key and wherein the steps of encrypting and decrypting uses said key.

15. The method of claim 12, further comprising the step of ranking users whose parsed data content has been matched with keywords of the requirements of the project.

16. The method of claim 15, further comprising the step of settling payments between the matched one or more users based on completion of previously agreed milestones.

17. The method of claim 16, further comprising the step of allowing the service requester to preview a portion of a work product of the matched one or more users prior to payment of a previously agreed milestone associated with the work product.

18. The method of claim 17, wherein the step of previewing work product uses video streaming technology.

19. The method of claim 11, wherein the step of encrypting uses Advanced Encryption Standard (AES).

20. The method of claim 12, further comprising the step of ranking the service providers based on their profiles, the profiles including the parsed data content associated with the service providers.