There is a recognised need to enable large organisations to allow controlled access to information stored on their computer networks in a flexible manner such that different sets of users are permitted to access different types of information contained on the network. At present, organisations tend to have very general coarse grain controls, or very specific controls over their data. For example, most organisations will implement a firewall which prevents external parties from accessing data stored within the firewall; this is a very coarse grain control since, in general, if you are “outside” the firewall you can see none of the data inside the firewall, and if you are “inside” you can see all of it. Additionally, or instead of this, organisations may have various servers which store files that only certain specified persons may access. In this way certain groups of employees of the organisation may have a common space where they can share documents amongst one another. However this solution is fairly specific. Each individual needs to be individually specified as being allowed access to the documents contained in the shared space. Furthermore, the data is all stored at a single central location (e.g. on a single server or distributed amongst a plurality of servers operating together as a single storage unit, etc.).
There is a growing interest in the concept of Peer to Peer (P2P) networks, (also referred to as overlay networks in certain contexts). The use of a P2P architecture provides a number of useful features e.g. resilience to attack, flexible deployment, low administrative overhead costs and access to resources at the edge of networks. However, in most implementations they suffer from three forms of security weakness.    i. The first security problem is the ability of P2P networks to open holes in Firewalls and enable access to intranet environments.    ii. The second problem is that P2P networks provide no (or minimal) means of filtering or restricting access to specific data sets or objects that have been added to the network.    iii. They tend to be used by very loosely bound groups of individuals and lack the protocols and structure necessary for enterprise management.
The present invention is primarily concerned with the second of these issues.
The following is a brief overview of the main types of P2P network currently in use. Current P2P systems can be classified into structured and unstructured systems according to the ways in which peer associations are constructed (Lv et al., 2002). Structured systems such as Freenet (Clarke, I. and Sandberg, O. 2000), Chord (Stoica et al, 2002), Pastry (Rowstron A. and Druschel P., 2001), Tapestry (Zhao et al, 2003), and P-Grid (Aberer et al, 2003) have pre-defined network topologies and resource placement schemes. Peers in these systems are assigned static identifiers and routing tables based on identity distances which are distributed onto some if not all of the peers.
In structured P2P systems peers are well organised and resource search is relatively straightforward, but substantial knowledge and experience are required for system design and this is always at a cost of increased maintenance to deal with various changes caused by peers/resources joining and leaving. Meanwhile, pre-defined network topologies in structured P2P systems usually restrict the choice of applicable search protocols and applications of the systems to only those that satisfy certain design requirements.
In unstructured systems relationships between peers are arranged and modified in a dynamic manner using simple heuristics.
A large number of open-source P2P networks and access software exist, for example Gnutella, Kazaa, and Limewire. Relatively fewer commercial implementations exist, which is primarily due to the stated security issues in applying this technology in a commercial environment. Some of the available examples of commercial products include:    i. Groove networks. This is the closest technical implementation of a P2P network architecture that includes a degree of security. The main security features are the use of strong encryption for all data in the network and the concept of invited user groups within which data can be securely shared and not be visible to other users of the Groove network (http://www.groove.net).    ii. Adaptinet. This is a simple commercial P2P system for data transfer. See their website currently available at http://www.adaptinet.com/ for details of this product.