The present invention relates to the field of a method or system for connecting a mobile device to a digital workspace, and having it operating as an authenticated input device for the digital workspace as well as software for carrying out any such method.

BACKGROUND

A digital workspace is a digital working area for a user where he uses one or several digital devices to enable him to perform his daily job. A digital device can be e.g. a workstation, laptop, stationary computer, mobile device, tablet, palm pad, or any similar digital device. The digital device can be connected to a local and/or global network. The daily job can comprise e.g. to launch and run applications, access files, display files, modify files, exchange files or upload files, etc.

There exists various conventional ways a user can get access to a digital workspace:

the user can be immediately connected to the workspace via a non-secure access which is open for any user, or · the user can enter a user name and password, or

the user puts a badge with RFID (Radio-Frequency Identification) or similar technology, on top of a reader connected to the workspace, and keeps the badge on the reader during the login session

· the user taps a badge with RFID or similar on top of a reader to get authenticated, the badge can be removed from the reader after being tapped to the reader, or the user uses a mobile phone with NFC to connect to a device of the workspace, also having NFC

· A user can get authenticated via a 3rd party Single Sign

On (SSO) solution (for example using products from Caradigm, Imprivata or Evidian) .

Current beacon technology uses an application on mobile devices to find a fixed beacon in the vicinity of the current location of the mobile device. It can then establish connection so that the location of the mobile device is known through the beacon.

International patent application on file WO2014/189706 discloses how a mobile device can connect to a network using beacon technology. The user can then be authenticated to logon to the network. Depending on user permissions, the mobile device can then receive one or several applications to be run locally on the mobile device. US patent on file US8423081B2 discloses how a mobile device can connect to a network and order images to be sent to a network device without passing the mobile device.

International patent application on file WO2014189706A2 discloses a location-centric mobile workspace.

Existing technology that uses beacons is limited to that beacons are associated with a certain location, so that the workspace associated with that beacon will become location-centric. It would be advantageous for the user if he could be offered resources and functions that are relevant to him, i.e. a user-centric workspace.

In healthcare, the privacy of patient data is very important, so medical practitioners such as radiologists and doctors are trained to log off or tap out when they leave a workstation (so images and data of patient do not remain visible) . But some do not do this or occasionally do not do so. In that case the Operating Systems auto logs off after a time out. However, until the time ^¬ out functions images may be viewed by others. Each patient in a hospital bed can be connected to one or more monitoring devices. The complexity of this monitoring equipment can depend on the illness of the patients and also the location. In an Intensive Care Unit (ICU) or in an operating theatre there can be many more devices such as to measure patient body temperature including core temperature, oxygen content of the blood, glucose content of the blood, heart rate, ECG, blood pressure, breathing rate, a degree of anaesthesia, heart beat anomalies. Also there is a trend towards bedside desktop diagnostic equipment such as Idylla™ diagnostic equipment supplied by Biocartis, Mechelen Belgium.

SUMMARY OF THE INVENTION

It is an objective of the present invention to provide a method and system enabling accessing and interacting with a digital workspace from a mobile device in a user-centric manner. In particular a user centric system and method is disclosed wherein a digital environment adapts to the user when the user enters this environment. To increase security of data, the system or method operates over a short distance to the network device/the display. For example broadcast beacons are used for short distance communication .

In one embodiment there is a method provided for having a mobile device operating as an authorized input device to a network device, in a system comprising a mobile device and a network device and at least one display monitor connected to the network device, at least one server hosting a single-source authorization system that keeps information on privileges of mobile devices and/or users. The method comprises the mobile device sending its identification, e.g. unique identification, and a request for access, to the network device. The network device consults the information on privileges to confirm that the user, associated with the mobile device, or the mobile device alone or the user alone is authorized to access the network device, and if confirmed, authorizing the mobile device to interact with applications running on the network device and displaying information on the at least one display monitor.

An authorising step may include implicitly one or both of an identification step and an authentication step.

The method provides an easy manner for a user to get connected to- and interact with a network device, using a mobile device. The mobile device can offer mobility, improved performance of the network device and additional functionality. Since the mobile device is given authorization related to a specific user, the access to the workspace can be described as user-centric.

The mobile device can be adapted to retrieve and store information from medical diagnostic or reviewing equipment independent of whether such equipment is connected to a network or not.

A user can provide coordinate-based input signals (e.g. signals relating to the co-ordinates on a display screen where information or an image is to be displayed) to at least one interaction area on the mobile device, and these signals are forwarded as coordinate-based input to an application running on the network device e.g. an input relating to the co-ordinates on a display screen where information or an image is to be displayed) . Alternatively, the input signal can be keyboard-based and forwarded as keyboard-based input signals to an application running on the network device (i.e. signals of the kind transmitted by a keyboard when in use) . The application may be displayed on the at least one display monitor connected to the network device. In this way the user can provide input to an application running on the network device by using, for example a touchscreen or by pushing a combination of keys on the mobile device or by "speed dialling" reserved combinations.

The mobile device can display a thumbnail of image or information of an application running on the network device and the information or image being displayed onto the at least one display monitor which the user can manipulate by for example changing size, zoom, rotate, move or select using the mobile device. Thus, the user can do the full operation on the mobile device without having to also look at the display monitor connected to the network device, to see the change. Some manipulations of images, like zoom, move, rotate and select, are often easier performed on a touchscreen than with keyboard and mouse.

An interactive thumbnail is preferred. When manipulating images on the network device display, a touchscreen device can be a better input device than a mouse or a keyboard since it is easier to manipulate images with touchscreen operations. In particular the thumbnail can be constructed from what is actually shown on the remote screen.

The mobile device can give input on display settings to the network device. Such settings can comprise image enhancement.

The network device can implement a virtual screen that is pushed onto the mobile device. This can free up space on the at least one display monitor connected to or coupled to the network device.

The mobile device can receive information or an image from a communication- or meeting application from the at least one server .

The mobile device can provide the user with at least one application function that is not provided by the network device to applications run on the network device. Said application function can reside locally in the mobile device, or the mobile device can receive it from the at least one server. An application running on the network device can reside locally in the network device or centrally on a server on the network. In one embodiment, the mobile device and the network device, or a display monitor connected to the network device, transmit, e.g. broadcast beacons for short distance communication, through which they can exchange device information. The network device can continuously transmit an identification signal so that the mobile device can receive a notification of its presence, and/or a list of several available network devices. The list can comprise, for example information on the beacon signal strength for the network device or of each network device. The request for accessing a network device can be initiated by the user selecting a network device from a list, or it can be initiated, e.g. initiated automatically, when the strength of the transmitted beacon signal reaches a pre-defined threshold. Log off of the network device can also be initiated by the strength of the transmitted beacon signal of the network device weakening below a pre-defined threshold. Allowing automatic log off if the signal strength of the mobile device on the beacon is low solves the problem of the careless medical practitioner. On the assumption that the person takes the mobile device with them, the log off will occur after only a few meters distance, i.e. within a very short time.

A video stream, from a video source such as a camera associated with the network device, can be sent to the mobile device over the beacon or over a network via the at least one server.

The network device can have connected to it a high-resolution display or a medical diagnostic display or medical reviewing display. Alternatively the network device is connected to a display monitor with a first resolution, e.g. a high resolution as well as a second display monitor with a second resolution, e.g. a low resolution, the first resolution differing from the second resolution. The first and second display monitors can communicate with each other via the network device.

A beacon channel will make it easy for the user to connect to a network device when the mobile device associated with the user is in the near vicinity because of one or more of: since exchanging set-up information and checking authorization can be performed with the user only having to make one selection time for this activity is reduced, or

exchanging set-up information and checking authorization can be made completely automatic which reduces authorisation time even more .

An authorising step may include implicitly one or both of an identification step and an authentication step.

If the network device, or a display monitor connected to the network device, has an image capturing device such as a camera or has an image capturing device such as a camera coupled or connected to it, the user can provide a video stream, e.g. for use in a meeting application, via the beacon channel or by a traffic channel as appropriate. The video stream can also be sent via another network link.

In one embodiment there is a system provided wherein a mobile device operates as an authorized input device to a network device. The system comprises a mobile device and a network device and at least one display screen or monitor connected to the network device, and at least one server hosting an authorization system which keeps information on privileges. The server hosting the authorization system can be a single source for authorization as this makes updating easier and avoids possible confusions, e.g. by a mistake of synchronisation if multiple servers are used. The mobile device and the network device are connected to the at least one server over a network, and the mobile device is an authorized input device for the network device.

Authorising may include implicitly one or both of identification and an authentication.

The network device and the mobile device can be connected via beacons implemented with short distance communication technology, for example Bluetooth, Bluetooth Low Energy or Near Field Communication. Associated beacon signals can carry device identification information.

The mobile device can display a scaled-down interactive thumbnail of a network device application, for example one being displayed on the at least one display monitor.

Coordinate-based input signals are signals which identify or indicate a position on a screen where data, information or an image is/are to be located. The coordinate-based input signals can relate to coordinates on at least one interaction area (e.g. a touchscreen) on the mobile device and can also be coordinate- base input signals for use in an application on the network device. Alternatively there can be keyboard-based input signals (i.e. signals of the type transmitted from a keyboard, provided to the mobile device that also are keyboard-based input signals provided to an application on the network device. Information or images related to the application can be displayed on the at least one display monitor.

The mobile device input signals can be parameters for the network device relating to display settings for the at least one display monitor, for example settings related to image enhancement .

The mobile device can comprise a virtual screen of the network device. This can free up space on the at least one monitor connected to the network device.

In one embodiment the mobile device can provide at least one application function related to one or more of the network device applications, which function is not provided by the network device. This function can reside locally on the mobile device or on the at least one server.

An application on the network device can reside locally on the network device or can be provided from the at least one server.

The network device can be connected to a high-resolution display or a medical diagnostic display or a medical reviewing display. Alternatively the network device is connected to a display monitor with a first resolution, e.g. a high resolution as well as a second display monitor with a second resolution, e.g. a low resolution, the first resolution differing from the second resolution. The first and second display monitors can communicate with each other via the network device.

In one embodiment the single source, e.g. central authorization system comprises a mobile device database having connection with a user database, and a network device database being linked to the user database with respect to information on pairing privileges .

Any of the methods of the present invention may be implemented as a computer program product for execution on any of the relevant ones of a mobile device, a network device or server.

BRIEF DESCRIPTION OF THE DRAWINGS

Figure 1 shows an embodiment of the present invention comprising the layout of a network device.

Figure 2 shows an embodiment of the present invention comprising a digital workspace.

Figure 3 shows an embodiment of the present invention comprising network devices connected to a device database.

Figure 4 shows an embodiment of the present invention comprising a mobile device connected to a mobile device database and a user database .

Figure 5 shows an embodiment of the present invention comprising short distance communication using beacons.

Figure 6 shows an embodiment of the present invention comprising an application user interface. Figure 7 shows an embodiment of the present invention comprising a communication between databases.

Figure 8 shows an embodiment of the present invention comprising a single source, e.g. a central authorization management system. Figure 9 shows flow chart of an embodiment of the present invention .

Figure 10 shows an exemplary embodiment of the present invention.

DEFINITIONS

The term "mobile device" refers to a handheld device which includes a processing engine, i.e. digital processor such as an FPGA or a microprocessor, having e.g. a Central Processing Unit (CPU) and/or a Graphical processing Unit (GPU) and memory with a workable sized screen such as a display screen having dimensions of 40 x 50 mm, or larger such as a display screen with a diagonal dimension of up to 600 mm, for example and also an optional serial port, such as a USB port or a parallel port. The screen is preferably a touchscreen, and the mobile device has a wireless transceiver working to a wireless protocol such as a WiFi or Bluetooth transceiver or an infrared transceiver or similar such as an NFC (Near-Field Communications) transceiver. In addition to such a wireless transceiver a mobile device may have transceiver compatible with other wireless communication protocols such as a cellular wireless system of which UMTS, EDGE, GPRS, GSM and only examples. A mobile device has a power source such as a battery or an alternative energy source such as an energy scavenging device or a cable connection for connecting to a powered port such as a USB port for powering the mobile device. Suitable mobile devices are handheld devices such as an i-phone, smartphone, PDA, tablet, laptop, palmtop, All-in-One computing device. An all-in- one desktop computer integrates the system's internal components into the same case as the display, thus occupying a smaller footprint than desktops that incorporate a tower. A mobile device preferably has a weight less than 5 kg, more preferably less than 2 kg and it is convenient if its weight is less than 500g. A peripheral device such as a USB flash drive, or a smartcard, or a TV remote do not in general meet the requirements of a mobile device

In accordance with the present invention the term "network device" relates to a network enabled digital processing device such as a Personal Computer (PC) or a work station having some form of display of information such as a display screen or one or more of a projector or other visible, audio or tactile displaying device. A network device has a processing engine, i.e. digital processor such as an FPGA or a microprocessor, having e.g. a Central Processing Unit (CPU) and/or a Graphical Processing Unit (GPU) and memory as well as interfaces such as a serial port or a network interface. A network device in operation is connected to a network, can access this network and use the facilities of the network as well as having local capabilities, applications, functions etc. The network can be a shared resource network such as a Local Area network (LAN) , Wide Area Network (WAN) , Metropolitan Area Network (MAN) , or a data network such as the Internet or can include combinations of these.

A network device as used with respect to the present invention generally does not relate to hardware that only mediates data in a computer network such as gateways, routers, bridges, switches, hubs, repeaters, multilayer switches, protocol converters, bridge routers, pure proxy servers, firewalls, network address translators, multiplexers, network interface controllers, wireless network interface controllers, modems, ISDN terminal adapters, line drivers, pure wireless access points, networking cables and other related hardware. A network device can make use of a Network Access Device (or NAD) being an electronic circuit that automatically connects the network device to a network such as a preferred network. A NAD is any device that, when connected to, provides access to a larger communication network of some sort.

In accordance with the present invention the term a "server" is a computer program running on a suitable computing device or system (e.g. "Cloud") having network access capability (e.g. "virtual server") or a machine ("server") having network access capability and capable of accepting requests from clients on the network and responding to them. The present invention may make use of one or more servers such as a database, a file, a web server, and/or application server.

The purpose of a server or virtual server may be to share data or hardware and software resources among clients. This architecture is called the client - server model. Embodiments of the present invention can make use of an asset management server, e.g. which contains a database stored on a database server for storing parameters and information relevant to the management of an asset, as well as an application server. The "assets" to be managed include network enabled workstations, i.e. network devices. To manage users a user database can be stored on a database server as well as an application server. To manage mobile devices management a database is stored on a database server, as well as an application server. Hence embodiments of the present invention can make use of at least three servers, any or all of which can be implemented as virtual servers. Servers as used in the present invention can allow third party Single Sign On.

"Clients" may run on the same computer or computing device or system as one of the servers, but typically a client device will connect to the server through a network, e.g. the client can be a remote client. Server machines (which can be either actual or virtual machines) run server software programs. A server program running on an operating system or in the Cloud turns the machine on which it runs into a server machine. A server can be a single machine or servers can be composed of large clusters of relatively simple, replaceable machines.

A client is typically a network enabled work station i.e. a network device. The client can be a thin client or a thick client. In addition a mobile device may be known in the network system, e.g. in a hospital, information concerning the mobile devices can be stored in a mobile device database. Hence in such a case a mobile device can access directly a network device or even a server. For example, mobile device management can be performed using a database server with an application server.

In accordance with the present invention the term "Identification" refers to a statement or other means of indicating an association with a person or a thing's identity. It might involve confirming the identity of a person by validating their identity documents, e.g. verifying the validity of a signature or other thing with a digital certificate.

In accordance with the present invention the term "Authentication" refers to confirmation of the truth of an attribute of a single piece of data (a datum) . When an entity claims something to be true, this claim needs to be verified. Authentication can be the process of confirming a claim to an identity, such as verifying the validity of at least one form of identification.

In accordance with the present invention the term

"Authorization" is the function of specifying access rights to resources, whereby access to these resources needs to be controlled. Hence authorization can be related to information security and/or computer or digital network security and/or access control. For example a procedure to authorize access requires an access policy. For example, an access policy can be formalized as a set of access control rules in a computer system or digital network. During operation, the system uses the access control rules to decide whether access requests from users such as persons or devices or computer programs shall be approved or disapproved. The resources to be accessed can include individual files, data storage, an item's data, computer programs, computer devices, one or more networks or network facilities, actuators or any functionality that can be provided by, or assisted by or facilitated by computer applications.

"Authorization" can implicitly include a previous identification and/or authentication step for any of the embodiments of the present invention.

Authorization and/or authentication can require the use of security information such as the entry of a password, use of a smartcard between a user and a mobile device or a network device or a server. For example in Mobile Device Management, a mobile device may have to identify itself, correlated to user, as well as authenticate itself to obtain authorization.

Authorization will result in a mobile device being granted privileges. An example of privilege management is an Active Directory Policy. Grant of privileges can allow access of a mobile device to various work stations, i.e. network devices. Hence, privileges relate to user privileges to access and interact with one or more network devices.

A "virtual screen" can be invisible or visible and opens a window that differs from a conventional window in that the virtual screen can have display settings of its own. It appears in desktop properties. One can have different applications running in a virtual screen.

A "beacon" is wireless device designed to attract attention to itself and/or its capabilities by means of sending wireless signals that can be read and parsed by any suitable transceiver within range. A beacon can broadcast such signals. A beacon signal will be transmitted from a transmitter. Beacons can be low power transmitters that and unlike full communication with a base unit or station, do not need to carry traffic data. For example, pilot signals can operate as beacons, such pilots only transmitting in the pilot channel of a wireless telecommunication system. A beacon can transmit and receive signalling information including access requests and grants. Some beacons can also transmit and receive traffic data. For example a video stream captured by a camera associated with a network device can be sent to a mobile device over the beacon channel, or by other means such as over a network via the at least one server. Hence, if the beacon is reserved for signalling only this transfer of traffic, i.e. video stream) would not go via the beacon but via another wireless channel.

The phrase "medical diagnostic or viewing or reviewing equipment" relates to any kind of monitoring equipment whether it is connected to a network or not. In a hospital environment a patient can have monitoring equipment not all of which is connected to a network or there can be a delay before such data is on the network. Such monitoring equipment can relate to any, some or all of patient body temperature including core temperature, oxygen content of the blood, glucose content of the blood, heart rate, ECG, blood pressure, breathing rate, acoustic analysis of coughing, a degree of anaesthesia, heart beat anomalies or data from molecular diagnostics system such as devices that detect and quantify multiple DNA or RNA-based biomarkers or protein markers.

DETAILED DESCRIPTION

The present invention will be described with respect to particular embodiments and with reference to certain drawings but the invention is not limited thereto but only by the claims. The drawings described are only schematic and are non-limiting.

Furthermore, the terms first, second, third and the like in the description and in the claims, are used for distinguishing between similar elements and not necessarily for describing a sequential or chronological order. The terms are interchangeable under appropriate circumstances and the embodiments of the invention can operate in other sequences than described or illustrated herein .

Moreover, the terms top, bottom, over, under and the like in the description and the claims are used for descriptive purposes and not necessarily for describing relative positions. The terms so used are interchangeable under appropriate circumstances and the embodiments of the invention described herein can operate in other orientations than described or illustrated herein. The term "comprising", used in the claims, should not be interpreted as being restricted to the means listed thereafter; it does not exclude other elements or steps. It needs to be interpreted as specifying the presence of the stated features, integers, steps or components as referred to, but does not preclude the presence or addition of one or more other features, integers, steps or components, or groups thereof. Thus, the scope of the expression "a device comprising means A and B" should not be limited to devices consisting only of components A and B. It means that with respect to the present invention, the only relevant components of the device are A and B. Similarly, it is to be noticed that the term "coupled", also used in the description or claims, should not be interpreted as being restricted to direct connections only. Thus, the scope of the expression "a device A coupled to a device B" should not be limited to devices or systems wherein an output of device A is directly connected to an input of device B. It means that there exists a path between an output of A and an input of B which may be a path including other devices or means.

Elements or parts of the described devices may comprise logic encoded in media for performing any kind of information processing. Logic may comprise software encoded in a disk or other computer-readable medium and/or instructions encoded in an application specific integrated circuit (ASIC) , field programmable gate array (FPGA) , or other processor or hardware.

References to software can encompass any type of programs in any language executable directly or indirectly by a processor.

References to logic, hardware, processor or circuitry can encompass any kind of logic or analog circuitry, integrated to any degree, and not limited to general purpose processors, digital signal processors, ASICs, FPGAs, discrete components or transistor logic gates and so on. Figure 1 shows an embodiment of the present invention comprising a network device 1 (see definition above) that can be coupled or connected to a network. The network device 1 comprises a computer system with a Central Unit Processor (CPU) and/or a Graphics Processing Unit (GPU) 2, at least one display monitor 14, Input/Output (I/O) ports 7 and a wireless identification signal which can be broadcast, such as a beacon 13. The I/O port unit 7 may comprise serial or parallel ports, e.g. may comprise ports for Universal Serial Bus (USB) 8, Local Area Network (LAN) 9, Wireless networking (WiFi) 10, Display Port (DP) 11 or High Definition Multimedia Interface (HDMI) 12. The beacon 13 can be implemented with a short distance communication technology, e.g. Bluetooth, Bluetooth Low Energy or Near Field Communication. Every network device can, during manufacturing, be programmed with vendor specific data, such as e.g. Device Unique Identifier (DevUID) , Device Type (DevType) or Device Properties (DevProperties ) . The network device 1 can drive one display unit that can be integrated with the network device or the display unit and the network device can be separate units. In one embodiment the network device is a separate unit connected to a multiple of displays of one or various types. It is also possible that a network device with an integrated display is directly connected at least one other display. The network device can be coupled or connected for example to one or more high-resolution displays or medical diagnostic displays or medical reviewing displays. For example, the network device can be connected or coupled to one or more first displays with a first resolution and one or more second displays with a second resolution, the first resolution being different from the second resolution. The network device can provide a means for communicating between the first and second displays. Figure 2a) shows an embodiment of the present invention where a digital workspace 51 comprises a network device 1, being connected to three display monitors, 52, 53 and 54 via the links 55, 56 and 57 respectively. An alternative embodiment is shown in figure 2b) where the display monitor 54 is connected to display monitor 53 instead of directly to the network device 1. In accordance with these embodiments, the network device can be coupled or connected for example to one or more high-resolution displays or medical diagnostic displays or medical reviewing displays. For example, the network device can be connected or coupled to one or more first displays with a first resolution and one or more second displays with a second resolution, the first resolution being different from the second resolution. The network device can provide a means for communicating between the first and second displays.

Digital devices (not limited to display monitors) can be added to- or removed from the digital workspace. A physical location, e.g. a room in a building, can house one or several workspaces, each controlled by a network device. An indication of the connected devices can be shown both on the display and on the mobile device. E.g. if there are several network devices physically close to each other and the user only is authorized to work on one or some of them, the user can be confused over which network device the user is logged on. It can be convenient to show an indication on the user' s mobile device relating to which network device it is connected to. In a similar manner it can be convenient to show an indication on at least one network device display monitor, of the mobile devices to which the network device is connected.

Figure 3 shows an embodiment of the present invention comprising network devices 1 and 20, each having a broadcast identification signal such as a beacon 21 and 22 respectively. Each network device can be connected to one or more digital devices, e.g. displays (not shown here) . The network device can be coupled or connected for example to one or more high-resolution displays or medical diagnostic displays or medical reviewing displays. For example, the network device can be connected or coupled to one or more first displays with a first resolution and one or more second displays with a second resolution, the first resolution being different from the second resolution. The network device can provide a means for communicating between the first and second displays .

Each network device can provide or push its device specific parameters (DevUID, DevType, DevProperties ) into a network device database 23 (e.g. stored on a server) . The network device database 23 can be located at the same physical site as the network devices or share the same local network. It can also be located "in the cloud" with access being over a secure network connection (e.g. https with SSL encryption) . The "cloud" is a collection of servers or virtual servers that can be physically distributed, but work together to provide services, functions and applications to its clients. A network device can transmit a continuous or an intermittent signal through its beacon looking for a connection. The transmitted code can be unique for every device and can be a combination of DevUID, DevType and DevProperties, for example.

Figure 4 shows an embodiment of the present invention where a user 26, carrying a mobile device 27, enters the neighbourhood of network device 1 and 20, for example enters the same room 18. The network device 1 and 20 can be connected to one or more display units (not shown here) . The network device can be coupled or connected for example to one or more high-resolution displays or medical diagnostic displays or medical reviewing displays. For example, the network device can be connected or coupled to one or more first displays with a first resolution and one or more second displays with a second resolution, the first resolution being different from the second resolution. The network device can provide a means for communicating between the first and second displays . The mobile device 27 can communicate with a mobile device database 25 (e.g. stored on a server) over a cable or wireless network 28. The mobile device 27 can be identified preferably uniquely identified in a single source mobile device database 25 with a mobile device identifier, e.g. unique identifier. The mobile device database 25 can be residing on a server on the same physical site as the network devices 1 and 20, or on a local network, or in the cloud, for example by means of a system of Mobile Device Management (MDM) . MDM systems manage devices which can be linked to users and preferably can provide a unique identifier per device. The mobile device unique identifier can be linked to a user in a user database 24 (stored on a server) by means of for example a directory service 29 (e.g. ActiveDirectory from Microsoft Corp. USA) or a Single Sign On (SSO) database server. The SSO server can be located on a separate server or on separate servers. The server (s) is/are often located on-premise when used for hospital environments, for example. An example of a SSO server tool e.g. is available from Imprivata Inc. USA.

Figure 5 shows how the mobile device 27 and the network devices 1 and 20 can establish communication channels 30 and 31 via their beacons 21, 22 and 32, using short distance communication technology. In this way the mobile device can be notified which network devices are present in the vicinity. An indication of the connected devices can be shown both on the display and on the mobile device. E.g. if there are several network devices physically close to each other and the user only is authorized to work on one or some of them, the user can be confused over which network device the user is logged on. It can be convenient to show an indication on the user' s mobile device of which network device it is connected to. In a similar manner it can be convenient to show an indication on at least one network device display monitor, of the mobile devices to which the network device is connected. Figure 6 shows an embodiment of the present invention where a user has launched an application on the mobile device 27, showing the detected network devices and their transmitted beacon signal, and, for example, the strength of the signal, 40, 41 and 42. The user can select a network device from the list, e.g. network device 20 which has strongest signal. In another embodiment there is an auto-authentication provided so that when the signal strength of a certain network device is above a certain threshold such as a threshold percentage, the mobile device connects automatically to that network device. Log off of the network device can be initiated by the strength of the transmitted beacon signal of the network device weakening below a pre-defined threshold.

The auto-authentication may further be restricted to certain locations, e.g. such as the most frequent environment ( s ) of the user. The mobile device 27 and the network device 1 can then exchange set-up parameters via the beacon communication channels 30 and 31. Figure 7 shows another embodiment of the present invention. If e.g. network device 20 is selected, this network device can receive the mobile device ID, which it forwards to the network device database 23 over the network 16 (which may be a wireless connection) . The network device database 23 can connect to the user database 24 via a secure connection 50, where it can obtain user credentials of user 26. The network device database 23 can be part of an asset management system 17 which can be stored locally "on-premise", remotely or distributed "in the cloud". The asset management system 17 can handle the communication between the cloud based applications and physical devices in the system, for example tasks related to image quality, user-related settings, location, actual usage, etc. The asset management system also keeps track of the various digital devices, e.g. displays, which can be connected to each network device. So once a user has connected to a network device, he has access to all displays connected to that network device. The network device can be coupled or connected for example to one or more high-resolution displays or medical diagnostic displays or medical reviewing displays. For example, the network device can be connected or coupled to one or more first displays with a first resolution and one or more second displays with a second resolution, the first resolution being different from the second resolution. The network device can provide a means for communicating between the first and second displays. There will however, preferably be only one beacon per workspace/network device. The network device database 23, the user data baser 24 and the mobile device database 24 can be referred to as an authorization management system.

Figure 8 shows another embodiment of the present invention where the network device 1 can establish a secure connection to a single source, e.g. a central authorization management system 60 over the network 15. The network device can hereby verify if the user 26 is authorized to get access to the network device 1. An authorising step may include implicitly one or both of an identification step and an authentication step. The system 60 also holds information on pairing privileges 61. This could for example be a pairing privilege table which lists the privileges of users, or a look-up table. An example of a pairing privilege table is given in Table 1.

Table 1: Example of pairing privilege table

For every network device a number or group of authorized users is stored in combination with a list of privileges for each user. The network device 1 can receive these privileges, and acknowledges (if granted) or refuses (if not granted) access of the mobile device 27. Detailed functionality can be defined by the list of privileges, for example: allowed to pair, allowed to store data on the mobile device, etc. Figure 9 shows a flow chart describing an embodiment of the present invention. In step 70, a user with a mobile device enters the neighbourhood of at least one network device. In step 71 the mobile device connects to a single source, e.g. central mobile device database, over a wireless network. In step 72 the mobile device is identified in the single source, e.g. central mobile device database and is assigned to a mobile device unique identifier, which is linked to a user in the user database. In step 73 the at least one network device is continuously transmitting a beacon signal and a software application is launched on the mobile device, showing the beacon signals from the at least one network device. In step 74 the user of the mobile device manually selects a network device, or the mobile device automatically selects a network device based, for example on a signal strength threshold, the network device receives the mobile device unique identifier via the beacon. The auto-selection can be based on the signal strength of the at least one network device, for example. Also log off of the network device can be initiated by the strength of the transmitted beacon signal of the network device weakening below a pre-defined threshold.

In step 75 the network device sends the mobile device unique identifier to the device database and receives the associated user credentials. In step 76 the network device establishes connection to the network device database which is linked to the user database via pairing privilege information, e.g. a pairing privilege table. In step 77 the network device acknowledges or rejects access of the mobile device.

An indication of the connected devices can be shown both on the display and on the mobile device. E.g. if there are several network devices physically close to each other and the user only is authorized to work on one or some of them, the user can be confused over which network device the user is logged on. It can be convenient to show an indication on the user' s mobile device of which network device it is connected to. In a similar manner it can be convenient to show an indication on at least one network device display monitor, of the mobile devices to which the network device is connected.

In an alternative embodiment the mobile device 27, e.g. in figure 6, establishes contact with a beacon transmitted from a location (not shown) and hereby gets notified of the location. The mobile device 27 forwards the location to the asset management system 60 via e.g. a wifi network. The asset management system keeps information on which network devices are located in which locations and can provide this information to the mobile device 27. The user of the mobile device 27 can select one network device. The authentication can happen either over the beacon channel as in step 75 to 77 in figure 9, or via communication between the mobile device 27 and the asset management system over e.g. a wifi network .

Further Exemplary embodiments

Once the mobile device has connected to the workspace via the network device, it can interact with the workspace in a variety of ways. The following examples are examples and are implemented with a medical display as a network device, a tablet as a mobile device and an auxiliary display to support the medical display, but the invention should not be limited hereto, and nor to the specific functions described.

Figure 10 shows an embodiment where the network device 1 is connected to a medical display 80 via connection 89. The medical display 80 is accompanied by an auxiliary display 81 (that might be local or networked), and the mobile device is a tablet 82. The network device can be coupled or connected for example to one or more high-resolution displays or medical diagnostic displays or medical reviewing displays. For example, the network device can be connected or coupled to one or more first displays with a first resolution and one or more second displays with a second resolution, the first resolution being different from the second resolution. The network device can provide a means for communicating between the first and second displays.

Connection 37 is placed between the network device 1 and the auxiliary display 81. The medical display 80 shows a medical application 85, and can receive input from the keyboard 83 and the mouse 84. The network device 1 can be connected to an asset management system 17 via a network 33 (which may be a wireless connection) and to the auxiliary display 81 via connection 37. The tablet 82 can be connected to the network device 1 via the beacon channel 31, and to a server or device 34 via the network 28.

An indication of the connected devices can be shown both on the display and on the mobile device. E.g. if there are several network devices physically close to each other and the user only is authorized to work on one or some of them, the user can be confused over which network device the user is logged on. It can be convenient to show an indication on the user' s mobile device of which network device it is connected to. In a similar manner it can be convenient to show an indication on at least one network device display monitor, of the mobile devices to which the network device is connected.

In one embodiment the tablet 82 can act as an input device and complement or replace 83 and 84. Some features will be facilitated by being able to use the touchscreen of the tablet, for example, zooming in/out of an image, moving the image around, rotate the image etc., are often easier to perform with a touchscreen than with a mouse and/or keyboard. Further, the tablet 82 is running a software application 87 wherein a scaled-down thumbnail 86 of the medical application 85 is displayed. The reproduction of the (downscaled) image is implemented by means of screen scraping and a scaling algorithm towards the coordinates and resolution of the tablet. This thumbnail is interactive and adapts to the manipulations performed by the user. In this way, the user can see both his finger movements and the outcome of the image at once, without having to alternate with looking at the tablet 82 and the medical display 80. There can be a multiple of functions provided on the tablet for altering display settings of the medical display 80. The asset management system 17 provides information to the tablet 82 on what options are available for the specific user, for example display setting options. The options are listed on the tablet 82 and the user makes a selection. The tablet 82 sends the selection to the network device 1 and the medical display 80, the display can immediately adapt or switch to the right display parameters. The adaptation can then be sent to the asset management system 17 for a status update.

In another embodiment the tablet 82 can act as a virtual screen. The tablet 82 sends its available resolution to the network device 1 and the medical display 80, e.g. size and orientation (if the tablet 82 is rotated later on, the settings can be automatically updated) . The network device 1 can launch an additional virtual screen as part of the workspace desktop (which may already extend over the auxiliary device 81) and send parameters of the additional screen to the tablet 82. The tablet 82 shows the additional display and forwards related received input to the network device 1 and the medical display 80. It is common that users launch auxiliary functions, such as e.g. dictation, text editing, or keeping a work list on an auxiliary display as 81. By moving these functions to the tablet 82, the auxiliary display 81 can be made available for supporting the medical application 85.

In another embodiment the tablet 82 can be used for application specific input and output related to e.g. collaboration. For example, the tablet 82 receives and visualizes a thumbnail representation of the screen content of the medical display 80. The tablet 82 receives collaboration info (e.g. invitation to a virtual meeting, a video stream or other shared content, etc.) via the network connection 28. The tablet can send input to the collaboration (e.g. invite others, chat, etc.) via the network connection 28. The thumbnail representation 86 of the medical display screen content can be shared in the virtual meeting. The user can alter the thumbnail on the tablet (move around, resize, rotate, etc.) and this information is sent to the medical display 80 via the beacon channel 31 so that the corresponding alteration takes place on the medical screen 80. For example, if content is shared, this will be indicated on both the thumbnail on the tablet 82 and on the full application on the medical display 80.

If the user wants to provide a video stream to the meeting, by using a camera 35 associated with the medical display 80, the video stream can be sent locally from the medical display 80 to the tablet 82. Preferably smaller amount of data, such as e.g. input to the medical application or a low-resolution video stream, can be transferred via the beacon channel 31. Larger amount of data, like e.g. a high-resolution video stream, is more efficiently transferred via a conventional network link. For example, the medical display 80 can send the video stream to a server 34 in the cloud via the wired network 33. The server 34 can then send the video stream to the tablet via the wireless network 28.

The mobile device can be adapted to retrieve information from medical diagnostic or viewing or reviewing equipment independent of whether such equipment is connected to a network or not. Such equipment can be, for example, bedside, ICU or operating theatre monitoring equipment, in particular data from any kind of medical diagnostic or viewing or reviewing devices. For example the mobile device can collect data wirelessly or over a cable to retrieve historical data (for a patient) relating to any, some or all of patient body temperature including core temperature, oxygen content of the blood, glucose content of the blood, heart rate, ECG, blood pressure, breathing rate, acoustic analysis of coughing, a degree of anaesthesia, heart beat anomalies or data from molecular diagnostics system such as devices that detect and quantify multiple DNA or RNA-based biomarkers or protein markers.

Such data can be collected onto the mobile device in one workspace or from several workspaces. For example, a user can take additional session information (e.g. open windows/layouts & EMR data references) from one workspace to the other. A mobile device, if equipped with a camera for example, can also be used to take or retrieve additional images that are not or are not yet stored in an archiving system such PACS. Such images could be for example wound images, pathology results obtained manually.

Once collected this information can be viewed on the mobile device or on a suitable network device in addition to images, for example. All the collected data can be consulted, interpreted, diagnosed later, or can be reviewed in a later stage on a different workspace .

The present invention relates to a variety of digital devices with processing capability such as a mobile device, a network device, a server. Each one of these can include one or more microprocessors, processors, controllers, or central processing unit (CPU) and/or a Graphics Processing Unit (GPU) , and can be adapted to carry out their respective functions by being programmed with software, i.e. one or more computer programmes. Any, some or all of these devices may have memory (such as non- transitory computer readable medium, RAM and/or ROM) , an operating system, a display such as a fixed format display, data entry devices such as a keyboard, a pointer device such as a "mouse", serial or parallel ports to attach to other devices, network cards and connections to connect to any of the networks.

The software can be adapted to carry out the following functions when the software is loaded onto the respective device or devices and executed on one or more processing engines such as microprocessors, ASIC's, FPGA' s etc. having a mobile device operate as an authorized input device to a network device, in a network comprising a mobile device, a network device and at least one display monitor coupled or connected to the network device and at least one server hosting an authorization system keeping information on privileges, whereby software code portions may allow or facilitate, when executed on a processing engine, the mobile device to send its identification to the network device with a request to access.

Software code portions may allow or facilitate, when executed on a processing engine, the network device to consult the information on privileges to confirm that the user associated with the mobile device is authorized to access the network device, and if confirmed, having the mobile device authorized to interact with applications running on the network device and information or images being displayed on the at least one display monitor.

Software code portions may allow or facilitate, when executed on a processing engine, that coordinate-based input signals are provided to at least one interaction area on the mobile device as a result of a user action, and said signals are forwarded as coordinate-based input signals to an application running on the network device and are used to display information or an image onto the at least one display monitor.

Software code portions may allow or facilitate, when executed on a processing engine, that keyboard-based input signals are provided to the mobile device as a result of a user action, and said signals are forwarded as keyboard-based input signals to an application running on the network device and are used to display information or an image onto the at least one display monitor.

Software code portions may allow or facilitate, when executed on a processing engine, that the at least one mobile device interaction area provides a thumbnail of an application running on the network device and displayed on the at least one display monitor .

Software code portions may allow or facilitate, when executed on a processing engine, that the mobile device gives input to the network device for display settings for the at least one display monitor, whereby the display settings can relate to image enhancement . Software code portions may allow or facilitate, when executed on a processing engine, the connecting or coupling of the network device for example to one or more high-resolution displays or medical diagnostic displays or medical reviewing displays. For example, this can include coupling or connecting the network device to one or more first displays with a first resolution and one or more second displays with a second resolution, the first resolution being different from the second resolution, or optionally

communicating between the first and second displays.

Software code portions may allow or facilitate, when executed on a processing engine, that a coordinate-based input signal defines a manipulation of an image in a network device application, selected from change size, rotate, move and select.

Software code portions may allow or facilitate, when executed on a processing engine, that the network device implements a virtual screen that is pushed onto the mobile device. Software code portions may allow or facilitate, when executed on a processing engine, that at least one interaction area supports a communication or meeting application received from the at least one server. Software code portions may allow or facilitate, when executed on a processing engine, that the mobile device can provide at least one application function related to a network device application, which is not provided by the network device, whereby the application function can reside locally on the mobile device or on the at least one server.

Software code portions may allow or facilitate, when executed on a processing engine, that an application of the network device is residing locally in the network device or centrally on a server on the network

Software code portions may allow or facilitate, when executed on a processing engine, that the mobile device and/or the network device, or a display monitor coupled or connected to the network device, transmits beacons for short distance communication through which they are exchanging device information.

Software code portions may allow or facilitate, when executed on a processing engine, that the network device beacon is intermittently or continuously transmitting an identification signal.

Software code portions may allow or facilitate, when executed on a processing engine, that the mobile device receives a list of available network devices, whereby the list can comprise a beacon signal strength for each network device.

Software code portions may allow or facilitate, when executed on a processing engine, that the request for access to a network device is initiated by selecting a network device following a user action by the user of the mobile device

Software code portions may allow or facilitate, when executed on a processing engine: showing an indication of the connected devices both on the display and on the mobile device or showing an indication on the user' s mobile device of which network device it is connected to, or showing an indication on at least one network device display monitor, of the mobile devices to which the network device is connected.

Software code portions may allow or facilitate, when executed on a processing engine, that the request for access a network device is initiated by the strength of the transmitted beacon signal of the network device reaching a pre-defined threshold. For example log off of the network device can be initiated by the strength of the transmitted beacon signal of the network device weakening below a pre-defined threshold.

Software code portions may allow or facilitate, when executed on a processing engine, that a video stream captured by an image capture device such as a camera associated with the network device is sent to the mobile device over the beacon channel, or over a network via the at least one server.

Software code portions may allow or facilitate, when executed on a processing engine, that the authorization system is a single source system.

Any of the above software may be implemented as a computer program product which has been complied for a processing engine in any of the mobile device, the network device or a server. The computer program product may be stored on a non-transitory signal storage medium such as an optical disk (CD-ROM or DVD-ROM) , a digital magnetic tape, a magnetic disk, a solid state memory such as a USB flash memory, a ROM, etc.