Patent Application
20160132561
Data may be shared between users or devices over a network. For example, a first user may send an image or email to a second user or broadcast a comment to a plurality of users. Increasingly, such data is being shared via services specializing in sharing content. Providers of such services are increasingly challenged to share this data according to user preferences.
The following detailed description references the drawings, wherein:
Specific details are given in the following description to provide an understanding of examples of the present techniques. However, it will be understood that examples of the present techniques may be practiced without these specific details. For example, systems may be shown in block diagrams in order not to obscure examples of the present techniques in unnecessary details. In other instances, well-known processes, structures and techniques may be shown without unnecessary detail in order to avoid obscuring the examples of the present techniques.
The advent of the Internet, mobile devices, and data explosion in structured and unstructured form has led to greet sharing of information while also exposing critical and sometimes sensitive information into the permanent record that is today's Internet. For example, it is common occurrence nowadays to find cloud services such as Facebook, Twitter, Box.Net, iCloud, Samsung Personnel Cloud Storage, Google docs, etc., which allow subscribers to share photos, videos, emails, comments, even real enterprise data, etc. with the subscribers' friend circle. Thus, content may be stored and/or shared across various devices or systems without permission of the content's author.
In some cases, the content's author may wish to limit or prevent the sharing or storing of the content. For example, the author may have sent the content by mistake or sought to have kept the content private. It is a routine occurrence these days for organizations, people, etc. share data amongst friends, colleagues, etc. However, current content sharing services lack capability for some of that shared data to be destroyed after a certain duration, including data that is downloaded for offline viewing.
Examples of present techniques may allow for safe destruction of original data as wail as shared a that has been downloaded for offline viewing. For example, a device may include a tag unit and an access unit. The tag unit may check an expiration tag of data received from a source device. The expiration tag may include a date. The access unit may ac pt the received data if the date of the expiration tag is greater a current date. The access unit may not accept the data if the date of the expiration tag is less than or equal to a current date. Further, the access unit may deny access to the data and/or delete the data after the data is stored at the destination device, if the date of the expiration tag is less than or equal to the current date.
Thus, examples may provide a comprehensive, end-to-end system for secure deletion of original content as well as shared content that may have been downloaded for offline viewing. Through use of tags, this system may be applied independently of the type of device(s) used. Hence, examples may span across consumer as well as enterprise industries. For instance, examples may apply in the consumer industry to secure photo/video sharing, publishing content in blogs or on the web. Examples may also apply to enterprise industries where data confidentially is a concern, such as where regulations demand that personal data be shared under the strict adherence of the Personal Identifiable Information Act.
Referring now to the drawings,
In
The tag unit 120 may check an expiration tag 122 of data 150 received from the source device. The expiration tag 122 may include a date (not shown). The term tag may refer to any type of information about the data 150, such as metadata. The access unit 110 may accept the received data 150 if the date of the expiration tag is greater a current date 112. However, the access unit 110 may not accept the data 150 if the date of the expiration to 122 is less than or equal to a current date 112. The current date 112 may be continuously updated and reflect the present date and/or time. For example, the destination device 100 may include a clock (not shown) that updates the current date 112 and/or receive the current date 112 externally, such as via an atomic clock.
The date of the expiration tag 122 and/or the current date 112 may include, for example, a year, month, day, hours, minutes, seconds and the like. Any type of format for recording the date may be used. For example, the expiration tag 122 may be recorded as “2014-08-15.08:3050”, which translates to the date Aug. 15, 2014 and time 8:30:59 AM, with the “59” denoting seconds. The expiration tag 122 may also include additional time-related information, such as a time zone.
For instance, assuming the date of the expiration tag 122 is Aug. 15, 2014 and the current date 112 is Sep. 16, 2013, when the data 150 is received by the access unit 110, the access unit 110 may accept the data 150. Thus, the destination device 100 may store the data 150. However, the destination device 100 may still continue to check the date of the expiration tag 122. Further, the access unit 110 may deny access to the stored data 150′ and/or delete the stored data 150′ if the date of the expiration tag 122 of the stored data 150′ is less than or equal to the current date 112. For example, if the current date 112 reaches Aug. 16, 2014 and the expiration tag 122 is Aug. 15, 2014, the access unit 110 may delete the stored data 150′. The access unit 110 may delete the stored data 150′ such that the stored data 150′ is unrecoverable. For example, the access unit may overwrite the stored data 150′ and/or scramble the stored data 150′. The data 150 may be stored, for example as a Binary Large Object (BLOB). The access unit 110 may deny access to the stored data 150 by changing file permissions or attributes.
The access unit 120 may check any type of data for the expiration tag 112, regardless of the source. For example, whether the data 150 is received externally, such as via TCP/IP, SMTP, HTTP, or read internally, such as via memory (not shown), the access unit 120 may check any data 150 read or shared.
The destination device 200 of
The destination device 200 may download an application 280 from the source device 250 before the data 260 is received. The term application may refer to any type of software that causes the destination device 200 to perform a task. The destination device 200 may include an operating system (OS) 210 and a kernel 220 of the OS 210 may be modified by the downloaded application 280′.
in one example, the application 280′ may run scripts or macros on the destination device 200. In yet another example, the destination device 200 may register with or subscribe to the source device 250 before the destination device 200 is able to download the application 280′. In this case, the destination device 200 may agree to download and install the application 280 in order to receive content from the source device 250.
The OS 210 may represent a collection of software that manages computer hardware resources and provides common services for computer programs. Examples of the OS 210 may include Android, BSD, iOS, GNU/Linux, OS X, QNX, Microsoft Windows, Windows Phone, IBM z/OS and the like. The kernel 220 may he a computer program that manages input/output requests from software into data processing instructions for a central processing unit (CPU) and other electronic components of a computing device, such as the destination device 200. A process of the OS 210 that makes a request of the kernel 220 may be called a system call. Various kernel designs may differ in how they manage system calls (time-sharing) and resources.
The data 260′ received by the destination device 200 may be a copy of original data 260 stored at the source device 250. The original data 260 may have been captured or created by the source device 250. The tag and access units 230 and 120 may be part of the kernel 220 and/or controlled by the kernel 220. Here, the tag and access units 230 and 120 are shown to be part of the kernel 220.
The source device 250 may add the expiration tag 262 to the copied data 260′ received by the destination device 200. The destination device 200 may not alter the expiration tag 262 of the received data. For example, the application 280 may modify the OS 210 to and/or prevent the OS 210 from modifying the expiration tag 262, in order to reduce a likelihood of unauthorized extensions of the date of the expiration tag 262.
Similar to the destination device 200, the source device 250 may also deny access to and/or delete the original data 260 if the date of the expiration tag 262 is less than or equal to the current date 122. Thus, if the date of the expiration tag 262 expires, both the original data 260 at the source device 250 and the copied data 260″ at the destination device 200 may be deleted or become inaccessible.
Hence, the downloaded or offline data 260″, such as images or other types of multimedia, may also be deleted or become inaccessible after the date of expiration tag 262 expires. The expiration tag 262 may be checked at the source device 250 and/or the destination device 200 continuously and/or in response to an interrupt. For example, a background process or scheduler may run that monitor and controls access to and/or deletion of the data 260 based on the expiration tags 262.
The data 260′ may further include a context tag 266. The context tag 266 may include a location type, a device type, and the like. The source device 250 may add the context tag 266 to the data 260′. Examples of the location type may include a workspace, a private network, a public network, an airport, a home location, and the like. Examples of the device type may include a mobile device, a camera, an authorized device, and the like.
The access unit 120 of the destination device 200 may deny access to and/or delete the copied data 260′ if the location type does not match a current location of the destination device 200 and/or the device type does not match a type of the destination device 200. For example, the context tag 266 may indicate that the copied data 260″ is only viewable by a cellular device or at a certain location, such as near a public landmark or at a user's home. Similarly, the source device 250 may deny access to and/or delete the original data 260 if the location type does not match a current location of the source device 250 and or the device type does not match a type of the source device 250.
The data 260′ may further include a historical tag 264. The historical tag 264 may include a record of a location the copied data 260′ was previously stored, any modifications to the copied data 260′ and the like. Example modifications may include data creation date, data access date, data modified date and the like. The access unit 120 may deny access to and/or delete the data 260′ based on the historical tag 264. For example, the access unit 120 may deny access to and/or delete the copied data 260′ if the historical tag 264 indicates that the copied data 260′ has been tampered with or corrupted.
The copied data 260′ may be encrypted before being transmitted to the destination device 200 and then decrypted upon receipt by the destination device 200. For example, the source device 250 may encrypt the data 260 before the data 260 is transmitted to the destination device 200 using a public key 270. The destination device 200 may then decrypt the received data 260′ using a private key 240. The public key 270 may be widely distributed, while the private key 240 may be known only by the destination device 200. Where there are a plurality of destination devices 240, different destination devices 240 may have different private keys 240.
Although different, the public and private keys 240 and 270 may form a key pair that are mathematically linked. One of the public and private keys 240 and 270 may lock or encrypt the data 260, and the other of the public and Ovate keys 240 and 270 may unlock or decrypt the data 260. Neither of the public and private keys 240 and 270 may perform both functions by itself.
The computing device 300 may be, for example, a secure microprocessor, a notebook computer, a desktop computer, an all-in-one system, a server, a network device, a wireless device, or any other type of user device capable of executing the instructions 322, 324, 326 and 328. In certain examples, the computing device 300 may include or be connected to additional components such as memories, sensors, displays, etc.
The processor 310 may be, at least one central processing unit (CPU), at least one semiconductor-based microprocessor, other hardware devices suitable for retrieval and execution of instructions stored in the machine-readable storage medium 320, or combinations thereof. The processor 310 may fetch, decode, and execute instructions 322, 324, 326 and 328 to implement adding the expiration tag to data to be shared with the destination device. As an alternative or in addition to retrieving and executing instructions, the processor 310 may include at least one integrated circuit (IC), other current logic, other electronic circuits, or combinations thereof that include a number of electronic components for performing the functionality of instructions 322, 324, 326 and 328.
The machine-readable storage medium 320 may be any electronic, magnetic, optical, or other physical storage device that contains or stores executable instructions. Thus, the machine-readable storage medium 320 may be, for example, Random Access Memory (RAM), an Electrically Erasable Programmable Read-Only Memory (EEPROM), a storage drive, a Compact Disc Read Only Memory (CD-ROM), and the like. As such, the machine-readable storage medium 320 can be non-transitory. As described in detail below, machine-readable storage medium 320 may be encoded with a series of executable instructions for adding the expiration tag to data to be shared with the destination device.
Moreover, the instructions 322, 324, 326 and 328 when executed by a processor (e.g., via one processing element or multiple processing elements of the processor) can cause the processor to perform processes, such as, the process of
The upload instructions 324 may be executed by the processor 310 to upload an application (not shown) to a destination device (not shown). The application may configure the destination device to check the expiration tag of data received by the destination device. The share instructions 326 may be executed by the processor 310 to share a copy of the original data with the destination device. The copied data may include the expiration tag.
The deny/delete instructions 328 may be executed by the processor 310 to deny access to and/or delete the original data after the data of the expiration tag of the original data is less than or equal to a current date. Further, the application may configure the destination device to deny access to and/or delete the copied data after the date of the expiration tag of the copied data is less than or equal to the current date.
At block 410, the source device 250 adds an expiration tag 262 to original data 260. The expiration tag 262 may include a date. Next, at block 420, the source device 250 uploads an application 280 to the destination device 200. The destination device 200 may register with the source device 250 before the source device 250 uploads the application 280 to the destination device 200. Then, at block 430, the application 280 modifies the destination device 200 to control at least one of access and storage attributes of data received by the destination device 200 based on the expiration tag 262.
Afterward, at block 440, the source device 250 shares a copy 260′ of the original data with the destination device 200. The copied data 260′ includes the expiration tag 262. At block 450, the source device 250 compares the date of the expiration tag 262 of the original data 260 to a current date 112. If the date of expiration tag 262 of the original data 260 is less than or equal to the current date 112, the method 400 flows to block 470 where the source device 250 may deny access to and/or delete the original data 260.
At a same or different time as block 450, the destination device 200, at block 460, may compare the date of the expiration tag 262 of the copied data 260″ to the current date 112. If the date of the expiration tag 262 of the copied data 260″ is less than or equal to the current date 112, the method 400 flows to block 480 where the destination device 200 may deny access to and/or delete the copied data 260″ . The comparisons at blocks 450 and 460 may be carried continuously in order to determine when data has expired.
The source device 250 may encrypt the copied data 260′ using a public key 270 before sending the copied data 260′ to the destination device 200. The application 280′ uploaded to the destination device 200 may include a private key 240. In one example, the destination device 200 may not directly access the private key 240. Instead, the private key 240 may only be accessed through the application 280′ in order to prevent corruption of and/or unauthorized access to the private key 240.
Further, the application 280′ may prevent the destination device 200 from altering the expiration tag 262 of the copied data 260″. Thus, a likelihood of tampering with the expiration tag 262 may be reduced. In addition, the application 280′ may prevent the destination device 200 from accessing the copied data 260″ before checking the expiration tag 262 of the copied data 260″. Hence, data having an expired expiration tag 262 may be prevented from or have a reamed likelihood of being accessed.
According to the foregoing, examples of present techniques provide for safe destruction of original data as well as shared data that has been downloaded for offline viewing. Thus, examples may provide a comprehensive, end-to-end system for secure deletion of original and copied content. Through use of tags, this system may be applied independently of the type of device(s) used. Hence, examples may span across consumer as well as enterprise industries.
| Filing Document | Filing Date | Country | Kind |
|---|---|---|---|
| PCT/US2013/048578 | 6/28/2013 | WO | 00 |
