Patent Application
20160034717
With the dynamic interaction of smartphones with cameras, cloud storage, and social media, it is very difficult for a user to prevent accidental leaks of private information. For example, a user may accidentally post an image to a social media site that includes information that the user wishes to remain private, such as a picture of the user's children. Likewise, the user may send an image that includes private information to a partially trusted individual, such as a new co-worker, only for the co-worker to broadcast the image to other individuals or post the image on a social media site.
According to one embodiment of the present disclosure, an approach is provided in which an information handling system identifies areas of sensitive content in a digital image that is intended to be sent to a recipient. The information handling system retrieves rules corresponding to both the intended recipient and the sensitive content, and modifies the digital image based upon the identified rules. The modification of the digital image includes protecting the sensitive content, such as blurring a person's face on the digital image. In turn, the information handling system sends the modified digital image to the intended first recipient.
The foregoing is a summary and thus contains, by necessity, simplifications, generalizations, and omissions of detail; consequently, those skilled in the art will appreciate that the summary is illustrative only and is not intended to be in any way limiting. Other aspects, inventive features, and advantages of the present disclosure, as defined solely by the claims, will become apparent in the non-limiting detailed description set forth below.
The present disclosure may be better understood, and its numerous objects, features, and advantages made apparent to those skilled in the art by referencing the accompanying drawings, wherein:
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. As used herein, the singular forms “a”, “an” and “the” are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms “comprises” and/or “comprising,” when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
The corresponding structures, materials, acts, and equivalents of all means or step plus function elements in the claims below are intended to include any structure, material, or act for performing the function in combination with other claimed elements as specifically claimed. The description of the present disclosure has been presented for purposes of illustration and description, but is not intended to be exhaustive or limited to the disclosure in the form disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the disclosure. The embodiment was chosen and described in order to best explain the principles of the disclosure and the practical application, and to enable others of ordinary skill in the art to understand the disclosure for various embodiments with various modifications as are suited to the particular use contemplated.
The present invention may be a system, a method, and/or a computer program product. The computer program product may include a computer readable storage medium (or media) having computer readable program instructions thereon for causing a processor to carry out aspects of the present invention.
The computer readable storage medium can be a tangible device that can retain and store instructions for use by an instruction execution device. The computer readable storage medium may be, for example, but is not limited to, an electronic storage device, a magnetic storage device, an optical storage device, an electromagnetic storage device, a semiconductor storage device, or any suitable combination of the foregoing. A non-exhaustive list of more specific examples of the computer readable storage medium includes the following: a portable computer diskette, a hard disk, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), a static random access memory (SRAM), a portable compact disc read-only memory (CD-ROM), a digital versatile disk (DVD), a memory stick, a floppy disk, a mechanically encoded device such as punch-cards or raised structures in a groove having instructions recorded thereon, and any suitable combination of the foregoing. A computer readable storage medium, as used herein, is not to be construed as being transitory signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through a waveguide or other transmission media (e.g., light pulses passing through a fiber-optic cable), or electrical signals transmitted through a wire.
Computer readable program instructions described herein can be downloaded to respective computing/processing devices from a computer readable storage medium or to an external computer or external storage device via a network, for example, the Internet, a local area network, a wide area network and/or a wireless network. The network may comprise copper transmission cables, optical transmission fibers, wireless transmission, routers, firewalls, switches, gateway computers and/or edge servers. A network adapter card or network interface in each computing/processing device receives computer readable program instructions from the network and forwards the computer readable program instructions for storage in a computer readable storage medium within the respective computing/processing device.
Computer readable program instructions for carrying out operations of the present invention may be assembler instructions, instruction-set-architecture (ISA) instructions, machine instructions, machine dependent instructions, microcode, firmware instructions, state-setting data, or either source code or object code written in any combination of one or more programming languages, including an object oriented programming language such as Smalltalk, C++ or the like, and conventional procedural programming languages, such as the “C” programming language or similar programming languages. The computer readable program instructions may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any type of network, including a local area network (LAN) or a wide area network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet Service Provider). In some embodiments, electronic circuitry including, for example, programmable logic circuitry, field-programmable gate arrays (FPGA), or programmable logic arrays (PLA) may execute the computer readable program instructions by utilizing state information of the computer readable program instructions to personalize the electronic circuitry, in order to perform aspects of the present invention.
Aspects of the present invention are described herein with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer readable program instructions.
These computer readable program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks. These computer readable program instructions may also be stored in a computer readable storage medium that can direct a computer, a programmable data processing apparatus, and/or other devices to function in a particular manner, such that the computer readable storage medium having instructions stored therein comprises an article of manufacture including instructions which implement aspects of the function/act specified in the flowchart and/or block diagram block or blocks.
The computer readable program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other device to cause a series of operational steps to be performed on the computer, other programmable apparatus or other device to produce a computer implemented process, such that the instructions which execute on the computer, other programmable apparatus, or other device implement the functions/acts specified in the flowchart and/or block diagram block or blocks.
The flowchart and block diagrams in the Figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods, and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of instructions, which comprises one or more executable instructions for implementing the specified logical function(s). In some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems that perform the specified functions or acts or carry out combinations of special purpose hardware and computer instructions. The following detailed description will generally follow the summary of the disclosure, as set forth above, further explaining and expanding the definitions of the various aspects and embodiments of the disclosure as necessary.
When image capture device 100's user wishes to send the digital image to recipients such as family members, friends, or upload the digital image to social media sites, image capture device 100 determines, in one embodiment, whether the intended recipient is fully trusted, partially trusted, or not trusted. For example, family members may be fully trusted, co-workers may be partially trusted, and social media sites may be not trusted. In this embodiment, and as discussed in more detail below, image capture device 100 sends an unmodified digital image to fully trusted recipients.
However, for partially trusted and not trusted recipients, image capture device 100 compares digital image 120 to reference recognition data 140 to determine whether digital image 120 includes sensitive content. In one embodiment, reference recognition data 140 includes facial recognition characteristics of people that the user wishes to filter based upon the intended recipient, such as the user's children (see
When image capture device 100 determines that digital image 120 includes sensitive content (e.g., a picture of the user's child), image capture device 100 accesses filter rules 130 to locate rules pertaining to the intended recipient's trust level (e.g., partially trusted) and the identified sensitive content (e.g., “Billy”). In turn, image capture device 100 modifies digital image 120 based upon the located rules. For example, the rule may instruct image capture device 100 to blur Billy's face for images sent to partially trusted recipients. In one embodiment image capture device 120 also modifies digital image metadata, such as modifying or removing location information corresponding to digital image 120.
Image capture device 100 uploads fully modified digital image 165 to social media site 185 that, in one embodiment, includes blacked out children's faces and removed location data. As such, a malicious user cannot obtain pertinent data from fully modified digital image 165 when the malicious user visits social media site 185. As those skilled in the art can appreciate, image capture device 100 may utilize more or less trust levels than those discussed above to refine the type of image modifications to perform on a digital image.
Similarly, modified image 250 (e.g., fully modified digital image) is an image that the image capture device blurred person 230's face via blur 270 and blacked out person 220's face via blackout 260. For example, the user may upload modified image 250 to an untrusted social media site and have a rule to blur her teenage child's face and blackout her adolescent child's face for images sent to untrusted recipients.
The user, in turn, selects one or more of boxes 330 to create rules for images that match the sensitive content based upon the trustworthiness of intended recipients. Boxes 330's selections cause image capture device to create a rule for partially trusted recipients (e.g., co-workers) that, when an image includes Billy's face, to blur out Billy's face and remove location data from the image's metadata. Similarly, the image capture device creates a rule for not trusted recipients (e.g., social media sites) that blacks out Billy's face and modifies location data from the image's metadata (see
Window 340 shows a rule creation window for Sally (box 350). Boxes 360's selections cause image capture device to create a rule for not trusted recipients (e.g., social media sites) that blurs out Sally's face. In one embodiment, the image capture device performs the most stringent action on an image when an image includes sensitive content corresponding to multiple rules. For example, when an image intended for a not trusted recipient includes both Billy and Sally, the image capture device modifies the location data based upon Billy's rule even though Sally's rule does not specify modifying the location data.
Column 420 includes a list of sensitive content identifiers relative to a recipient's trust level. Column 420 shows that images of Billy are considered sensitive content for partially trusted recipients, and images of Billy and Sally are considered sensitive content for not trusted recipients.
Column 430 includes actions to perform on images having sensitive content corresponding to particular trust levels of intended recipients. For example, column 430 includes a rule to blur facial characteristics of Billy for images that the image capture device sends to partially trusted recipients.
Sync/Upload window 540 allows a user to assign a trust level to a location or device, such as cloud storage, social media site, or personal computer. Window 540 shows an example of the user creating a recipient entry for Social Media ABC, which includes the name (or URL) of the recipient in box 545 and the trustworthiness of the recipient in box 550. In one embodiment, as discussed above, box 550 is a drop down window that allows the user to select an available trust level for the recipient.
The image capture device determines if any of the recipients are fully trusted and not associated with filter rules (decision 615). If any of the intended recipients are fully trusted, decision 615 branches to the “Yes” branch to send unmodified images to the fully trusted recipients at step 620, and processing ends at 625.
However, for those recipients not fully trusted, decision 615 branches to the “No” branch, whereupon the image capture device analyzes digital image 120 and compares the digital image against reference recognition data 140 (step 630). In one embodiment, the image capture device's analysis involves executing a facial recognition program to identify faces in the image and compare the identified faces with facial characteristic data included in reference recognition data 140.
The image capture device determines if the digital image includes sensitive content (decision 640). For example, the digital image may be of a mountain without people. If the digital image does not include sensitive content, decision 640 branches to the “No” branch, whereupon the image capture device sends the unmodified image to the partially trusted and not trusted recipients at step 620.
On the other hand, if the digital image includes sensitive content, decision 640 branches to the “Yes” branch, whereupon the image capture device selects a first trust level of the intended recipients (e.g., “Partially Trusted”) at step 645. At step 650, the image capture device identifies rules in filter rules 130 corresponding to both the selected trust level (e.g., “Partially Trusted) and the detected sensitive content (e.g., “Billy”). In one embodiment, if filter rules 130 does not include a rule matching the selected trust level and detected sensitive content, the image capture device sends an unmodified image to recipients corresponding to the selected trust level, which steps are not shown in
When filter rules 130 includes matching rules, the image capture device determines whether the matching rules dictate prohibiting transmission of the image (decision 660). If one of the identified rules dictate prohibiting image transmission, decision 660 branches to the “Prohibit Transmission” branch, whereupon the image capture device informs the user that the image is not transmitted (step 665) and, in one embodiment, a reason as to why the image is not transmitted (e.g., “Billy included in image and recipient is not trusted”). Processing ends at 670.
On the other hand, if the rule dictates modifying the image, decision 660 branches to the “Modify” branch, whereupon the image capture device modifies a copy of the digital image based upon the corresponding rules, such as blurring/blacking out a face (step 675). In one embodiment, the image capture device modifies digital image metadata, such as modifying/removing location data or time data. The image capture device sends the modified image to the recipient(s) corresponding to the selected trust level at step 680, and determines whether there are more intended recipients with a different trust level to process, such as “Not Trusted” (decision 685). If there are more intended recipients with different trust levels, decision 685 branches to the “Yes” branch, which loops back to select a different trust level and process images according to rules corresponding to the selected different trust level. This looping continues until there are no more trust levels to process, at which point decision 685 branches to the “No” branch, whereupon image capture device processing ends at 690.
Northbridge 715 and Southbridge 735 connect to each other using bus 719.
In one embodiment, the bus is a Direct Media Interface (DMI) bus that transfers data at high speeds in each direction between Northbridge 715 and Southbridge 735. In another embodiment, a Peripheral Component Interconnect (PCI) bus connects the Northbridge and the Southbridge. Southbridge 735, also known as the I/O Controller Hub (ICH) is a chip that generally implements capabilities that operate at slower speeds than the capabilities provided by the Northbridge. Southbridge 735 typically provides various busses used to connect various components. These busses include, for example, PCI and PCI Express busses, an ISA bus, a System Management Bus (SMBus or SMB), and/or a Low Pin Count (LPC) bus. The LPC bus often connects low-bandwidth devices, such as boot ROM 796 and “legacy” I/O devices (using a “super I/O” chip). The “legacy” I/O devices (798) can include, for example, serial and parallel ports, keyboard, mouse, and/or a floppy disk controller. The LPC bus also connects Southbridge 735 to Trusted Platform Module (TPM) 795. Other components often included in Southbridge 735 include a Direct Memory Access (DMA) controller, a Programmable Interrupt Controller (PIC), and a storage device controller, which connects Southbridge 735 to nonvolatile storage device 785, such as a hard disk drive, using bus 784.
ExpressCard 755 is a slot that connects hot-pluggable devices to the information handling system. ExpressCard 755 supports both PCI Express and USB connectivity as it connects to Southbridge 735 using both the Universal Serial Bus (USB) the PCI Express bus. Southbridge 735 includes USB Controller 740 that provides USB connectivity to devices that connect to the USB. These devices include webcam (camera) 750, infrared (IR) receiver 748, keyboard and trackpad 744, and Bluetooth device 746, which provides for wireless personal area networks (PANs). USB Controller 740 also provides USB connectivity to other miscellaneous USB connected devices 742, such as a mouse, removable nonvolatile storage device 745, modems, network cards, ISDN connectors, fax, printers, USB hubs, and many other types of USB connected devices. While removable nonvolatile storage device 745 is shown as a USB-connected device, removable nonvolatile storage device 745 could be connected using a different interface, such as a Firewire interface, etcetera.
Wireless Local Area Network (LAN) device 775 connects to Southbridge 735 via the PCI or PCI Express bus 772. LAN device 775 typically implements one of the IEEE 802.11 standards of over-the-air modulation techniques that all use the same protocol to wireless communicate between information handling system 700 and another computer system or device. Optical storage device 790 connects to Southbridge 735 using Serial ATA (SATA) bus 788. Serial ATA adapters and devices communicate over a high-speed serial link. The Serial ATA bus also connects Southbridge 735 to other forms of storage devices, such as hard disk drives. Audio circuitry 760, such as a sound card, connects to Southbridge 735 via bus 758. Audio circuitry 760 also provides functionality such as audio line-in and optical digital audio in port 762, optical digital output and headphone jack 764, internal speakers 766, and internal microphone 768. Ethernet controller 770 connects to Southbridge 735 using a bus, such as the PCI or PCI Express bus. Ethernet controller 770 connects information handling system 700 to a computer network, such as a Local Area Network (LAN), the Internet, and other public and private computer networks.
While
The Trusted Platform Module (TPM 795) shown in
While particular embodiments of the present disclosure have been shown and described, it will be obvious to those skilled in the art that, based upon the teachings herein, that changes and modifications may be made without departing from this disclosure and its broader aspects. Therefore, the appended claims are to encompass within their scope all such changes and modifications as are within the true spirit and scope of this disclosure. Furthermore, it is to be understood that the disclosure is solely defined by the appended claims. It will be understood by those with skill in the art that if a specific number of an introduced claim element is intended, such intent will be explicitly recited in the claim, and in the absence of such recitation no such limitation is present. For non-limiting example, as an aid to understanding, the following appended claims contain usage of the introductory phrases “at least one” and “one or more” to introduce claim elements. However, the use of such phrases should not be construed to imply that the introduction of a claim element by the indefinite articles “a” or “an” limits any particular claim containing such introduced claim element to disclosures containing only one such element, even when the same claim includes the introductory phrases “one or more” or “at least one” and indefinite articles such as “a” or “an”; the same holds true for the use in the claims of definite articles.
