Patent Grant
9600582
Computer users increasingly share data through storage systems hosted by service providers on computer networks such as the internet. Service providers, however, are wary that users may share content that is objectionable. There are a variety of ways in which service providers can detect objectionable content. However, even if such content can be identified, the question that remains is what to do about it.
This Summary introduces selected concepts in simplified form that are further described below in the Detailed Description. This Summary is intended neither to identify key or essential features of the claimed subject matter, nor to limit the scope of the claimed subject matter.
When objects are shared by one user with another user, objectionable content, if identified as such, can be blocked from being shared, while the remainder of the shared objects can be accessed by the other user. In one example implementation, metadata for each data file can include a restriction flag indicating whether the file has been marked as containing objectionable content. Functions that allow sharing of content are implemented so as prevent sharing of objectionable content with another user, while allowing other content to be shared. If a group of files or objects is shared, then the presence of objectionable content in one object in the group results in that objectionable content not being shared, but the remaining files or objects are still shared. A graphical user interface for accessing the storage system, whether by providers or recipients of shared content, can selectively render information about objects with objectionable content. For example, the interface can indicate the presence of an object, but access to objectionable content in that object can remain limited. In one implementation, the interface can present information indicating that access to the object is blocked due to objectionable content.
In an implementation in a file system, other file system operations can be implemented to allow access to parts of the file or data about the file, but the objectionable content is not made available. For example, in one implementation a file includes multiple file streams, including at least a metadata stream and a data stream. If a file contains objectionable content in the data stream, then access to the data stream is prevented; however, access to the metadata stream can be enabled. Metadata that is derivative of the objectionable content also can be removed, not generated or made not accessible. For example, for image files, a reduced image, representative of the image in the file, can be either removed, not generated, or made not accessible. Because the file is stored in a shared storage system, what data is made available about the file, and how it is stored, can also be function of both the restriction flag and the identity or role of the user accessing it, using access control information for the file.
In the following description, reference is made to the accompanying drawings which form a part hereof, and in which are shown, by way of illustration, specific example implementations of this technique. It is understood that other embodiments may be utilized and structural changes may be made without departing from the scope of the disclosure.
The following section provides an example operating environment in which a shared storage system can be implemented. This example is provided in the context of an online, shared file system for multiple users to access over a computer network. Other implementations of a shared storage service also can be used.
Referring to
The client computer 104 typically includes a browser application that communicates with the server computers 102 using a conventional communication protocol. Typically, the server computer 102 prompts the user for authentication information to access an account. After receiving the authentication information, the server computer presents a user with information relating to their account, such as files and folder containing files that the user has stored on the shared storage system. Other operations also can be made available, such as uploading, deleting, modifying and downloading files and folders, defining collections of files, sharing files and collections of files with other users, accessing files and collections of files shared by other users, and searching for files and folders. In general, a client computer 104 sends requests 110 for information to the server computers 102, in response to which the server computers provide file data 112 to the client computer 104, where the file data 112 can be metadata about a file or contents of a file.
A file 120 has information stored about it that the server computers 102 use to manage access to the file by various users. Each file 120 has, in particular, an access control list 122 and a restriction flag 124. The access control list 122 indicates which users are permitted to access a file, and the nature of those permissions. As described in more detail below, the restriction flag 124 indicates whether the file is determined to have objectionable content. Such a determination can be obtained, for example, by users that report abuse in a system, or through automatic processing. A file can include one or more independently accessible portions, or file streams, which contain different information. In particular a file can include content and metadata about that content in separately accessible portions of the file. The access control list can differentiate access for users at the file stream level in addition to the file level. The access control list also can distinguish between an “owner” of a file system object and others. In one implementation, the system can limit access to objectionable content by others, while allowing full access to the owner of a file system, regardless of whether the file system object is marked as having objectionable content.
Given this context, an example implementation will be described in more detail in connection with
For a user to share information, a sharing module 210 is accessed. In response to user input 212, one or more items of stored content are identified by the user. Also though the sharing module, through user input 212, a user can identify one or more other users with whom the selected content is to be shared. The sharing module 210 creates a collection of the selected content, and indicates on the access control list for the collection that the other identified users are authorized to access this content. A user can be an individual, a device, a system process, an application or other entity that can access content through the storage system. There are a variety of ways in which a user can specify such a collection, the users with whom it is to be shared, and the permissions to be given to those users, the foregoing merely being one example.
A content blocking module 220 can receive indications 222 of content to be blocked due to objectionable content. For example, such information can be reported by other users and/or detected automatically. The access control list for that content is updated to indicate that there is objectionable content to be blocked when shared.
Through an access module 230, other users can access content in collections to which they have been given authorization. Given an indication 232 of an object, such as a file, to be accessed, the access module determines whether the user is authorized to access the selected content, and determines if the content is blocked, by using the access control list. If the user is authorized to access the content, the content is provided to the user. In the event that the user is authorized, but the content is blocked, a graphical user interface of the access module can indicate to the user that the content is present but access to the content is blocked.
A system receives 300 a request from a user to access his or her account. After allowing access, the system can receive 302 a request from the user to upload content to the storage. The system receives, processes and stores 304 the content in the storage system, including creating 306 the access control list for each file which is uploaded. The access control list can initially indicate that the user is the owner of the content and the sole user authorized to access that content. Additionally, any blocked content flag is initially clear. In one implementation, automatic processing can be used 308 to mark content as objectionable.
A system receives 400 a request form a user to access his or her account. After allowing access, the system can receive 402 a request from the user to view the contents of a selected folder. The system accesses 404 information about the contents of the selected folder. For each file, as indicated at 406, the system determines 408 whether the access to the file is authorized and whether access to content is blocked. If content is blocked, then an indication of the file, such as an icon, is displayed 410, with the icon indicating that access to the content is blocked. Otherwise, a conventional indication of the file is displayed 412.
A system receives 500 a request form a user to access his or her account. After allowing access, the system can receive 502 a request from the user identifying selected files to be shared. The system accesses 504 information about the selected files. For each file, as indicated at 506, the system determines 508 whether the access to the file is authorized and whether access to content is blocked. If content is blocked, then the information about the file that is communicated 510 to the other user includes data indicating that access to the content is blocked. Otherwise, a conventional information about the file is communicated 512.
Having now described an example implementation, a computer with which components of such a system are designed to operate will now be described. The following description is intended to provide a brief, general description of a suitable computer with which such a system can be implemented. The computer can be any of a variety of general purpose or special purpose computing hardware configurations. Examples of well-known computers that may be suitable include, but are not limited to, personal computers, server computers, hand-held or laptop devices (for example, media players, notebook computers, cellular phones, personal data assistants, voice recorders), multiprocessor systems, microprocessor-based systems, set top boxes, game consoles, programmable consumer electronics, network PCs, minicomputers, mainframe computers, distributed computing environments that include any of the above systems or devices, and the like.
With reference to
Additionally, computer 600 may also have additional features/functionality. For example, computer 600 may also include additional storage (removable and/or non-removable) including, but not limited to, magnetic or optical disks or tape. Such additional storage is illustrated in
Computer 600 may also contain communications connection(s) 612 that allow the device to communicate with other devices over a communication medium. Communication media typically carry computer program instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and include any information delivery media. The term “modulated data signal” means a signal that has one or more of its characteristics set or changed in such a manner as to encode information in the signal, thereby changing the configuration or state of the receiving device of the signal. By way of example, and not limitation, communication media includes wired media such as a wired network or direct-wired connection, and wireless media such as acoustic, RF, infrared and other wireless media. Communications connections 612 are devices that interface with the communication media to transmit data over and receive data from communication media, such as a network interface.
Computer 600 may have various input device(s) 614 such as a keyboard, mouse, pen, camera, touch input device, and so on. Output device(s) 616 such as a display, speakers, a printer, and so on may also be included. All of these devices are well known in the art and need not be discussed at length here. Various input and output devices can implement a natural user interface (NUI), which is any interface technology that enables a user to interact with a device in a “natural” manner, free from artificial constraints imposed by input devices such as mice, keyboards, remote controls, and the like.
Examples of NUI methods include those relying on speech recognition, touch and stylus recognition, gesture recognition both on screen and adjacent to the screen, air gestures, head and eye tracking, voice and speech, vision, touch, gestures, and machine intelligence, and may include the use of touch sensitive displays, voice and speech recognition, intention and goal understanding, motion gesture detection using depth cameras (such as stereoscopic camera systems, infrared camera systems, and other camera systems and combinations of these), motion gesture detection using accelerometers or gyroscopes, facial recognition, three dimensional displays, head, eye, and gaze tracking, immersive augmented reality and virtual reality systems, all of which provide a more natural interface, as well as technologies for sensing brain activity using electric field sensing electrodes (EEG and related methods).
Each component of this system that operates on a computer generally is implemented by software, such as one or more computer programs, which include computer-executable instructions and/or computer-interpreted instructions, such as program modules, being processed by the computer. Such computer instructions can be stored on a computer storage to provide an article of manufacture. Generally, program modules include routines, programs, objects, components, data structures, and so on, that, when processed by a processing unit, instruct the processing unit to perform particular tasks or implement particular abstract data types. This computer system may be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
Alternatively, or in addition, the functionally described herein can be performed, at least in part, by one or more hardware logic components. For example, and without limitation, illustrative types of hardware logic components that can be used include Field-programmable Gate Arrays (FPGAs), Program-specific Integrated Circuits (ASICs), Program-specific Standard Products (ASSPs), System-on-a-chip systems (SOCs), Complex Programmable Logic Devices (CPLDs), etc.
Any or all of the aforementioned alternate embodiments described herein may be used in any combination desired to form additional hybrid embodiments. It should be understood that the subject matter defined in the appended claims is not necessarily limited to the specific implementations described above. The specific implementations described above are disclosed as examples only.
| Number | Name | Date | Kind |
|---|---|---|---|
| 6684254 | Dutta | Jan 2004 | B1 |
| 7020774 | Cornuejols et al. | Mar 2006 | B1 |
| 7536386 | Samji et al. | May 2009 | B2 |
| 7580933 | Johnson et al. | Aug 2009 | B2 |
| 7627652 | Commons et al. | Dec 2009 | B1 |
| 7653733 | Beyda | Jan 2010 | B2 |
| 7783665 | Tormasov et al. | Aug 2010 | B1 |
| 7979369 | Grenier et al. | Jul 2011 | B2 |
| 7991957 | Mercer | Aug 2011 | B2 |
| 8117226 | Samji et al. | Feb 2012 | B2 |
| 8312485 | Robson et al. | Nov 2012 | B2 |
| 8380632 | Dicke et al. | Feb 2013 | B2 |
| 8434126 | Schepis et al. | Apr 2013 | B1 |
| 8504653 | Commons et al. | Aug 2013 | B1 |
| 8769300 | Catrein et al. | Jul 2014 | B2 |
| 9049176 | Ferdowsi et al. | Jun 2015 | B2 |
| 9288283 | Alten | Mar 2016 | B2 |
| 9294485 | Allain et al. | Mar 2016 | B2 |
| 9325571 | Chen | Apr 2016 | B2 |
| 20010041989 | Vilcauskas, Jr. et al. | Nov 2001 | A1 |
| 20030126267 | Gutta et al. | Jul 2003 | A1 |
| 20050021780 | Beyda | Jan 2005 | A1 |
| 20050132220 | Chang et al. | Jun 2005 | A1 |
| 20050183143 | Anderholm | Aug 2005 | A1 |
| 20050198031 | Pezaris et al. | Sep 2005 | A1 |
| 20080052514 | Nakae | Feb 2008 | A1 |
| 20080104393 | Glasser et al. | May 2008 | A1 |
| 20080133445 | Pennington | Jun 2008 | A1 |
| 20080168490 | Yu | Jul 2008 | A1 |
| 20090012965 | Franken | Jan 2009 | A1 |
| 20090055915 | Piliouras | Feb 2009 | A1 |
| 20090138808 | Moromisato et al. | May 2009 | A1 |
| 20100037324 | Grant | Feb 2010 | A1 |
| 20100146269 | Baskaran | Jun 2010 | A1 |
| 20110078197 | Zurko et al. | Mar 2011 | A1 |
| 20110149809 | Narayanaswamy | Jun 2011 | A1 |
| 20120005159 | Wang et al. | Jan 2012 | A1 |
| 20120157049 | Eliovits | Jun 2012 | A1 |
| 20120221627 | Sainio et al. | Aug 2012 | A1 |
| 20120246732 | Burton | Sep 2012 | A1 |
| 20120254304 | Anbalagan et al. | Oct 2012 | A1 |
| 20120311039 | Ogawa | Dec 2012 | A1 |
| 20130031643 | Rogel et al. | Jan 2013 | A1 |
| 20130047260 | Hoefel et al. | Feb 2013 | A1 |
| 20130054477 | Steele | Feb 2013 | A1 |
| 20130081141 | Anurag | Mar 2013 | A1 |
| 20130117131 | Robinson et al. | May 2013 | A1 |
| 20130117190 | Wald | May 2013 | A1 |
| 20130275398 | Dorman et al. | Oct 2013 | A1 |
| 20140143542 | Chang | May 2014 | A1 |
| 20140149461 | Wijayaratne et al. | May 2014 | A1 |
| 20140230018 | Anantharaman | Aug 2014 | A1 |
| 20140351541 | Angelo et al. | Nov 2014 | A1 |
| 20140351957 | Zacher et al. | Nov 2014 | A1 |
| Number | Date | Country |
|---|---|---|
| 2010031413 | Mar 2010 | WO |
| Entry |
|---|
| “Content Blocking”, Retrieved at <<http://help.opera.com/Mac/11.60/en/contentblock.html>>, Retrieved Date: Jan. 15, 2013, pp. 2. |
| “Flickr Safety Guide”, Retrieved at <<http://info.yahoo.com/safely/us/yahoo/flickr/>>, Retrieved Date: Jan. 15, 2013, pp. 4. |
| “How to Report Things”, Retrieved at <<http://www.facebook.com/help/181495968648557/>>, Retrieved Date: Jan. 15, 2013, pp. 5. |
| “Watch What you Store on SkyDrive—You may Lose your Microsoft Life”, Retrieved at <<http://wmpoweruser.com/watch-what-you-store-on-skydriveyou-may-lose-your-microsoft-life/>>, Retrieved Date: Jan. 15, 2013, pp. 9. |
| “Non-Final Office Action Received for U.S. Appl. No. 13/901,559”, Mailed Date: Jul. 17, 2015, 10 Pages. |
| “Non-Final Office Action Received for U.S. Appl. No. 14/082,044”, Mailed Date: Jul. 2, 2015, 28 pages. |
| Jujjuri, et al., “VirtFS—A Virtualization Aware File System Pass-through”, In Proceedings of the Ottawa Linux Symposium, Jul. 2010, 14 Pages. |
| “International Search Report & Written Opinion Received for PCT Patent Application No. PCT/US2013/058362”, Mailed Date: Jan. 30, 2014, 9 Pages. |
| Shami, et al., “Browse and Discover: Social File Sharing in the Enterprise”, In Proceedings of the ACM Conference on Computer Supported Cooperative Work, Mar. 19, 2011, pp. 295-304. |
| Suhendra, Vivy, “A Survey on Access Control Deployment”, In Security Technology, Dec. 8, 2011, pp. 11-20. |
| Yu, et al., “Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing”, In Proceedings of the 29th Conference on Information Communications, Mar. 14, 2010, 9 Pages. |
| “Autonomy's Virage Automates Copyright Infringement Detection for Online Video”, Retrieved From <<https://web.archive.org/web/20070711195236/http://autonomy.com/content/News/Releases/2007/0405a.en.html>>, Apr. 5, 2007, 2 Pages. |
| “CyberScan (Online IP Infringement Detection Service)”, Retrieved From <<http://www.hcltech.com//sites/default/files/CyberScan.pdf>>, White Paper of HCL, Jul. 2011, 17 Pages. |
| “Final Office Action Issued in U.S. Appl. No. 13/901,559”, Mailed Date : Jan. 26, 2016, 10 Pages. |
| “Final Office Action Issued in U.S. Appl. No. 14/082,044”, Mailed Date : Dec. 9, 2015, 34 Pages. |
| Agrawal, Swati, “Detecting Copyright Infringement on You Tube Videos using You Tube Metadata”, In Department of Computer Science and Engineering, MTech Theses, Apr. 2, 2013, 46 Pages. |
| “Office Action Issued in U.S. Appl. No. 14/082,044”, Mailed Date : Jul. 13, 2016. |
| “Non Final Office Action Issued in U.S. Appl. No. 13/901,559”, Mailed Date: Aug. 12, 2016, 9 Pages. |
| Number | Date | Country | |
|---|---|---|---|
| 20140351957 A1 | Nov 2014 | US |
