DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is responsive to communication received on 01/16/2024. The applicant has submitted 20 claims for examination, all claims are currently pending.
The Examiner recommends filing a written authorization for Internet communication in response to the present action. Doing so permits the USPTO to communicate with Applicant using Internet email to schedule interviews or discuss other aspects of the application. Without a written authorization in place, the USPTO cannot respond to Internet correspondence received from Applicant. The preferred method of providing authorization is by filing form PTO/SB/439, available at: https://www.uspto.gov/patent/forms/forms. See MPEP § 502.03 for other methods of providing written authorization.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Cottrille US 2009/0164878 and further in view of Basson US 2017/0040002.
Regarding claims 1, 8 and 15, Cotrille teaches a method, system and non-transitory CRM executable by a computer system for applying different sensitivity labels to different portions of content, the method comprising(abstract)
Identifying ,… including at least one processor, a sensitive portion and a highly sensitive portion of a digital file, wherein content in the highly sensitive portion is more sensitive than content in the sensitive portion of the digital file(the system determines whether different portions of content(user or author may identify sensitive portions and request tagging of document to indicate redaction, ¶29) ;
[0029] As explained above, sensitive portions of a document may be determined by user 105. Additionally or alternatively, sensitive portions of a document may be determined by the document's author. For example, within the structure of the document, the author may include various tags identifying portions of the document as sensitive or potentially sensitive. Thus, when a user provides an input indicating a desire to redact portions of the document, those portions of the document tagged as sensitive may be redacted. In some cases, where a user has configured a tiered system with multiple sensitivity levels, only those portions of the document corresponding to the indicated sensitivity level are redacted. For instance, if a user input indicated that only the low-sensitivity portions were to be redacted, only those items identified by the user as low-sensitivity items would be redacted. The same is true for medium, high or any other user-customized sensitivity-level. In some cases, the user may communicate with the document's author to indicate which portions of information are to be tagged as sensitive. Then, when the user indicates a redaction is to occur, only those portions indicated as sensitive to that user will be redacted.
assigning, by the computer system, a highly sensitive label to the highly sensitive portion of the digital file, and a sensitive label to the sensitive portion of the digital file(system places tags in a document in response to user selection/input, ¶29),
[0029] As explained above, sensitive portions of a document may be determined by user 105. Additionally or alternatively, sensitive portions of a document may be determined by the document's author. For example, within the structure of the document, the author may include various tags identifying portions of the document as sensitive or potentially sensitive. Thus, when a user provides an input indicating a desire to redact portions of the document, those portions of the document tagged as sensitive may be redacted. In some cases, where a user has configured a tiered system with multiple sensitivity levels, only those portions of the document corresponding to the indicated sensitivity level are redacted. For instance, if a user input indicated that only the low-sensitivity portions were to be redacted, only those items identified by the user as low-sensitivity items would be redacted. The same is true for medium, high or any other user-customized sensitivity-level. In some cases, the user may communicate with the document's author to indicate which portions of information are to be tagged as sensitive. Then, when the user indicates a redaction is to occur, only those portions indicated as sensitive to that user will be redacted.
receiving, by the computer system, a request from a first user to view the digital file, the first user associated with a first user context(user accesses a document to which system detects and determines of document contains redaction, ¶12)
[0012] Embodiments described herein are directed to selectively redacting display information in accordance with a redaction policy. In one embodiment, a computer system receives user input indicating a user's intention to selectively redact sensitive portions of accessed documents. The computer system accesses at least one document, such that the document is capable of being displayed to the user. The computer system determines that the accessed document comprises one or more tags indicating which portions of the document are sensitive. The computer system dynamically redacts those sensitive portions of the document identified by the tags without otherwise altering the structure of the document, in accordance with the user's intention. The computer system also displays the document according to the document's original structure, omitting the dynamically redacted portions.
determining, by the computer system, that the first user is authorized to view both the sensitive portion and the highly sensitive portion of the digital file based at least in part on the first user context(system based on authorization status and context /access rights/location based of user determine whether user can see portions of the document with sensitivity tags. Such tags may have multiple tiers low medium high sensitivity, ¶s 28,29, 30,40)
[0028] Sensitive information may include any type of information including text, pictures, videos, audio portions or other consumable information. Examples of sensitive information may include, but is not limited to, the following: the user's name, address, social security number, telephone number, alias, email address, photograph, account number, or any audio or video representation of the same. Other information not usually deemed sensitive, but that is sensitive to the user, may also be redacted as sensitive. Documents where redaction may be used may include, but are not limited to, the following: websites, word processing documents, spreadsheets, slide shows, financial portfolios, financial statements, legal forms, letters, memos, emails or any other type of file or document that may be displayed to a user and that may contain sensitive information.
[0029] As explained above, sensitive portions of a document may be determined by user 105. Additionally or alternatively, sensitive portions of a document may be determined by the document's author. For example, within the structure of the document, the author may include various tags identifying portions of the document as sensitive or potentially sensitive. Thus, when a user provides an input indicating a desire to redact portions of the document, those portions of the document tagged as sensitive may be redacted. In some cases, where a user has configured a tiered system with multiple sensitivity levels, only those portions of the document corresponding to the indicated sensitivity level are redacted. For instance, if a user input indicated that only the low-sensitivity portions were to be redacted, only those items identified by the user as low-sensitivity items would be redacted. The same is true for medium, high or any other user-customized sensitivity-level. In some cases, the user may communicate with the document's author to indicate which portions of information are to be tagged as sensitive. Then, when the user indicates a redaction is to occur, only those portions indicated as sensitive to that user will be redacted.
[0030] Sensitivity may also be based on the user's current context. For example, computer system 101 may be configured to determine the user's current location using global positioning system (GPS), or determine based on ambient noise level that the user is in a public setting. Other means of determining context may also be used, and each may affect the sensitivity level in a different manner. For example, computer system 101 may be a public kiosk and may automatically redact certain portions of information such as account numbers and social security numbers. Alternatively, a user may input their current context manually, which may correspond to a pre-defined sensitivity level. In some cases, computer system 101 may detect that a user is in a certain context and automatically raise the sensitivity level and redact sensitive portions accordingly.
[0040] Method 300 also includes an act of checking the user's authorization status to determine whether the user is authorized to unredact the redacted display information in the document (act 320). For example, authorization module 125 may check user 105's authorization status to determine whether user 105 is authorized to unredact the redacted sensitive display information in document 132. For example, a bank president may be viewing a document and may desire to redact certain portions of the document because other people have entered the room. If another user viewing the document attempted to unredact the sensitive redacted portions, the user's authorization status would be checked to determine that the user was authorized to unredact the redacted portions. This is an example of a security measure that may be taken to prevent unauthorized persons from viewing the redacted portions. Other time-based (e.g. authorized users are authorized to access the redacted information only within a certain time frame), location-based, rights-based security measures may also be used. Any type of authentication may be used to verify the user's authentication status.
displaying, by the computer system, the sensitive portion and the highly sensitive portion of the digital file to the first user(user depending on authorization rights sees unredacted version ,¶s 24, 25, 28)
[0024] Additionally or alternatively, policy engine 120 may be configured to apply a policy that is configured to perform the actual information redaction. For example, in some cases, document 131 may be embedded with one or more tags that indicate which portions of the document are sensitive. Policy engine 120 may run a policy that is configured to redact those portions of information indicated as sensitive by the embedded tags. The policy may process the entire document, or may be configured to process only those portions currently being displayed. Furthermore, policy engine 120 may be configured to automatically run such a policy to redact the sensitive portions of information when user 105 navigates to different portions of the document. In some cases, this may conserve processing resources by avoiding processing portions of the document that aren't viewed by the user. This and other functionality will be explained in greater detail below with reference to FIGS. 2, 3 and 4.
[0025] FIG. 2 illustrates a flowchart of a method 200 for selectively redacting at least a portion of display information in accordance with a redaction policy. The method 200 will now be described with frequent reference to the components and data of environment 100 of FIG. 1 and the exemplary embodiment 400 of FIG. 4.
[0028] Sensitive information may include any type of information including text, pictures, videos, audio portions or other consumable information. Examples of sensitive information may include, but is not limited to, the following: the user's name, address, social security number, telephone number, alias, email address, photograph, account number, or any audio or video representation of the same. Other information not usually deemed sensitive, but that is sensitive to the user, may also be redacted as sensitive. Documents where redaction may be used may include, but are not limited to, the following: websites, word processing documents, spreadsheets, slide shows, financial portfolios, financial statements, legal forms, letters, memos, emails or any other type of file or document that may be displayed to a user and that may contain sensitive information.
receiving, by the computer system, a request from a second user to view the digital file, the second user associated with a second user context different than the first user context(a second user accesses a document to which system detects and determines of document contains redaction, ¶12)
[0012] Embodiments described herein are directed to selectively redacting display information in accordance with a redaction policy. In one embodiment, a computer system receives user input indicating a user's intention to selectively redact sensitive portions of accessed documents. The computer system accesses at least one document, such that the document is capable of being displayed to the user. The computer system determines that the accessed document comprises one or more tags indicating which portions of the document are sensitive. The computer system dynamically redacts those sensitive portions of the document identified by the tags without otherwise altering the structure of the document, in accordance with the user's intention. The computer system also displays the document according to the document's original structure, omitting the dynamically redacted portions.
determining, by the computer system, that the second user is authorized to view the sensitive portion of the digital file and is not authorized to view the highly sensitive portion of the digital file based at least in part on the second user context(system based on authorization status and context /access rights/location based of the second user determine whether user can see portions of the document with sensitivity tags. Such tags may have multiple tiers low medium high sensitivity, the second user has differing rights and context ¶s 28,29,30,40)
[0028] Sensitive information may include any type of information including text, pictures, videos, audio portions or other consumable information. Examples of sensitive information may include, but is not limited to, the following: the user's name, address, social security number, telephone number, alias, email address, photograph, account number, or any audio or video representation of the same. Other information not usually deemed sensitive, but that is sensitive to the user, may also be redacted as sensitive. Documents where redaction may be used may include, but are not limited to, the following: websites, word processing documents, spreadsheets, slide shows, financial portfolios, financial statements, legal forms, letters, memos, emails or any other type of file or document that may be displayed to a user and that may contain sensitive information.
[0029] As explained above, sensitive portions of a document may be determined by user 105. Additionally or alternatively, sensitive portions of a document may be determined by the document's author. For example, within the structure of the document, the author may include various tags identifying portions of the document as sensitive or potentially sensitive. Thus, when a user provides an input indicating a desire to redact portions of the document, those portions of the document tagged as sensitive may be redacted. In some cases, where a user has configured a tiered system with multiple sensitivity levels, only those portions of the document corresponding to the indicated sensitivity level are redacted. For instance, if a user input indicated that only the low-sensitivity portions were to be redacted, only those items identified by the user as low-sensitivity items would be redacted. The same is true for medium, high or any other user-customized sensitivity-level. In some cases, the user may communicate with the document's author to indicate which portions of information are to be tagged as sensitive. Then, when the user indicates a redaction is to occur, only those portions indicated as sensitive to that user will be redacted.
[0030] Sensitivity may also be based on the user's current context. For example, computer system 101 may be configured to determine the user's current location using global positioning system (GPS), or determine based on ambient noise level that the user is in a public setting. Other means of determining context may also be used, and each may affect the sensitivity level in a different manner. For example, computer system 101 may be a public kiosk and may automatically redact certain portions of information such as account numbers and social security numbers. Alternatively, a user may input their current context manually, which may correspond to a pre-defined sensitivity level. In some cases, computer system 101 may detect that a user is in a certain context and automatically raise the sensitivity level and redact sensitive portions accordingly.
[0040] Method 300 also includes an act of checking the user's authorization status to determine whether the user is authorized to unredact the redacted display information in the document (act 320). For example, authorization module 125 may check user 105's authorization status to determine whether user 105 is authorized to unredact the redacted sensitive display information in document 132. For example, a bank president may be viewing a document and may desire to redact certain portions of the document because other people have entered the room. If another user viewing the document attempted to unredact the sensitive redacted portions, the user's authorization status would be checked to determine that the user was authorized to unredact the redacted portions. This is an example of a security measure that may be taken to prevent unauthorized persons from viewing the redacted portions. Other time-based (e.g. authorized users are authorized to access the redacted information only within a certain time frame), location-based, rights-based security measures may also be used. Any type of authentication may be used to verify the user's authentication status.
displaying, by the computer system, the sensitive portion of the digital file to the second user; and obfuscating, by the computer system, the highly sensitive portion of the digital file from the second user (user depending on authorization rights sees redacted document ,¶s 24, 25, 28)
[0024] Additionally or alternatively, policy engine 120 may be configured to apply a policy that is configured to perform the actual information redaction. For example, in some cases, document 131 may be embedded with one or more tags that indicate which portions of the document are sensitive. Policy engine 120 may run a policy that is configured to redact those portions of information indicated as sensitive by the embedded tags. The policy may process the entire document, or may be configured to process only those portions currently being displayed. Furthermore, policy engine 120 may be configured to automatically run such a policy to redact the sensitive portions of information when user 105 navigates to different portions of the document. In some cases, this may conserve processing resources by avoiding processing portions of the document that aren't viewed by the user. This and other functionality will be explained in greater detail below with reference to FIGS. 2, 3 and 4.
[0025] FIG. 2 illustrates a flowchart of a method 200 for selectively redacting at least a portion of display information in accordance with a redaction policy. The method 200 will now be described with frequent reference to the components and data of environment 100 of FIG. 1 and the exemplary embodiment 400 of FIG. 4.
[0028] Sensitive information may include any type of information including text, pictures, videos, audio portions or other consumable information. Examples of sensitive information may include, but is not limited to, the following: the user's name, address, social security number, telephone number, alias, email address, photograph, account number, or any audio or video representation of the same. Other information not usually deemed sensitive, but that is sensitive to the user, may also be redacted as sensitive. Documents where redaction may be used may include, but are not limited to, the following: websites, word processing documents, spreadsheets, slide shows, financial portfolios, financial statements, legal forms, letters, memos, emails or any other type of file or document that may be displayed to a user and that may contain sensitive information.
Cotrille teaches identifying and tagging of sensitive portions of a document but does not teach such identification is performed by the computing device. Thus Cotrille does not teach identifying by the computing system including at least one processor, a sensitive portion and a highly sensitive portion of a digital file, wherein content in the highly sensitive portion is more sensitive than content in the sensitive portion of the digital file. Basson in the same field of endeavor as the invention teaches a system for adjusting the display of content. Basson teaches identifying by the computing system including at least one processor, a sensitive portion and a highly sensitive portion of a digital file, wherein content in the highly sensitive portion is more sensitive than content in the sensitive portion of the digital file(the system cans files and determines the security level ie. sensitivity level of words/ portions of the content., ¶s 43,45)
[0043] Window content monitoring module 202 obtains information relating to which person or persons are authorized to view content currently presented on the display 114 of the user device 102. In some embodiments, this involves determining whether different portions of the content 118 presented on the display 114 are security-restricted. Security-restricted content may be assigned different ones of a plurality of different security levels, such low, medium, high, etc. Security levels may also or alternatively be based on the type of content. As an example, there may be separate security levels for confidential information, adult content, financial information, multimedia information, etc. It is important to note, however, that different types of content may be assigned the same security level. For example, a highest security level may be assigned to confidential workplace information and to personal financial information.
[0045] In some embodiments, machine learning may be used to set the security level or other security restrictions for particular content. For example, a user may set up a blacklist of particular words or phrases that should trigger a security restriction. The user need not specifically designate each file containing such words or phrases as having a security restriction. Instead, the window content monitoring module 202 may scan a document, web page, email, presentation, etc. for particular words or phrases and assign security restrictions automatically. Similarly, images, audio files, video files, etc. may be scanned for content relating to sensitive topics and marked with appropriate security restrictions. The security restrictions for some content may also be based on security restrictions assigned to other content. For example, word spotting may be done to determine the security of a new document or email based on its similarity to previously-classified documents or emails.
It would have been obvious to a person of ordinary skill in the art at the time of the effective filing of the instant application to modify Cotrille with a system that scans and assigns sensitivity labels/tags to documents on behalf of a user as taught by Basson. The reason for this modification would be to improve speed and effort vs manual tagging sensitive data portions.
Regarding claims 2, 9 and 16, Basson further teaches wherein obfuscating the highly sensitive portion of the digital file includes displaying a blurred representation of the highly sensitive portion(blurring of fuzzing words/text, ¶66).
[0066] Substitute content identification module 406 identifies the replacement content to be utilized for different transformation types. Consider, for example, a portion of the content that contains violent or adult material to be replaced. This may involve erasing blood, weapons, nudity or other content from an image, blurring or pixelating portion of the image, etc. As another example, curse words or other explicit language may be blacked or white out, bleeped out or scrambled, etc. In some embodiments, the audio level may be decreased based on the proximity of other users to the user device 102, e.g., the amount of reduction in audio volume increases the closer unauthorized individuals are to the user device 102. Similarly, the level of visual or graphical content alteration may be based on the distance of unauthorized individuals to the user device 102. For example, the level of shrinking, dimming or fading of visual content may be based on how close unauthorized individuals are to the user device 102.
Regarding claims 3, 10 and 17, Cotrille teaches wherein the first user context includes access privileges that are sufficient for viewing the highly sensitive portion of the digital file, and the second user context includes access privileges that are insufficient for viewing the highly sensitive portion of the digital file(redacted portions are based on multiple security levels where the rights of a second user redact highly sensitive portions, ¶s29,30).
[0029] As explained above, sensitive portions of a document may be determined by user 105. Additionally or alternatively, sensitive portions of a document may be determined by the document's author. For example, within the structure of the document, the author may include various tags identifying portions of the document as sensitive or potentially sensitive. Thus, when a user provides an input indicating a desire to redact portions of the document, those portions of the document tagged as sensitive may be redacted. In some cases, where a user has configured a tiered system with multiple sensitivity levels, only those portions of the document corresponding to the indicated sensitivity level are redacted. For instance, if a user input indicated that only the low-sensitivity portions were to be redacted, only those items identified by the user as low-sensitivity items would be redacted. The same is true for medium, high or any other user-customized sensitivity-level. In some cases, the user may communicate with the document's author to indicate which portions of information are to be tagged as sensitive. Then, when the user indicates a redaction is to occur, only those portions indicated as sensitive to that user will be redacted.
[0030] Sensitivity may also be based on the user's current context. For example, computer system 101 may be configured to determine the user's current location using global positioning system (GPS), or determine based on ambient noise level that the user is in a public setting. Other means of determining context may also be used, and each may affect the sensitivity level in a different manner. For example, computer system 101 may be a public kiosk and may automatically redact certain portions of information such as account numbers and social security numbers. Alternatively, a user may input their current context manually, which may correspond to a pre-defined sensitivity level. In some cases, computer system 101 may detect that a user is in a certain context and automatically raise the sensitivity level and redact sensitive portions accordingly.
[0040] Method 300 also includes an act of checking the user's authorization status to determine whether the user is authorized to unredact the redacted display information in the document (act 320). For example, authorization module 125 may check user 105's authorization status to determine whether user 105 is authorized to unredact the redacted sensitive display information in document 132. For example, a bank president may be viewing a document and may desire to redact certain portions of the document because other people have entered the room. If another user viewing the document attempted to unredact the sensitive redacted portions, the user's authorization status would be checked to determine that the user was authorized to unredact the redacted portions. This is an example of a security measure that may be taken to prevent unauthorized persons from viewing the redacted portions. Other time-based (e.g. authorized users are authorized to access the redacted information only within a certain time frame), location-based, rights-based security measures may also be used. Any type of authentication may be used to veri the user's authentication status.
Regarding claims 4, 11 and 18, Cotrille teaches wherein determining that the second user is not authorized to view the highly sensitive portion of the digital file is based at least in part on an environmental context included in the second user context and indicating that the second user is attempting to view the digital media file from an insecure location(redaction can additionally be based on location, redaction of certain sensitive portions if user is in public place, ¶s 21,40).
[0021] In some embodiments, computer system 101 also includes redaction module 130. Redaction module 130 is configured to redact portions of information from a document. Typically, documents such as document 131 are displayed (e.g. on display 140) in their entirety. That is, each element in the document's structure is accessed and displayed. In some cases, it is desirable to redact certain portions of information contained in the document while not redacting other portions. In some embodiments, this data redaction occurs without affecting the structure of the document. For example, if a user is viewing bank account information in an internet browser, it may be desirable for the user to redact certain sensitive portions of the information being displayed. This is particularly true when a user is in a public setting. According to some embodiments of this invention, information such as the user's account number, login ID, dollar values and other information may be dynamically redacted upon receiving a user input indicating that such a redaction is to occur.
[0040] Method 300 also includes an act of checking the user's authorization status to determine whether the user is authorized to unredact the redacted display information in the document (act 320). For example, authorization module 125 may check user 105's authorization status to determine whether user 105 is authorized to unredact the redacted sensitive display information in document 132. For example, a bank president may be viewing a document and may desire to redact certain portions of the document because other people have entered the room. If another user viewing the document attempted to unredact the sensitive redacted portions, the user's authorization status would be checked to determine that the user was authorized to unredact the redacted portions. This is an example of a security measure that may be taken to prevent unauthorized persons from viewing the redacted portions. Other time-based (e.g. authorized users are authorized to access the redacted information only within a certain time frame), location-based, rights-based security measures may also be used. Any type of authentication may be used to veri the user's authentication status.
Regarding claims 5, 12 and 19, Cotrille teaches wherein determining that the first user is authorized to view both the sensitive portion and the highly sensitive portion of the digital file is based at least in part on a file context associated with the digital file(redaction based on type of file i.e financial documents may label certain types of content that are redacted, ¶35).
[0035] As described in an exemplary embodiment 400 in FIG. 4, portions of data may be dynamically redacted when a user input is received. For example, Document A 410 may be a financial statement 412. The statement may include the financial company's logo 411, the date 413, the account number 414, current balance 415, transactions 416, transfers 417, login alias 418 and email address 419. As indicated above, user 105 may define or select which items or types of items are to be redacted. In this case, as shown in Document B 420, user 105 has selected to remove the account number, dollar values and email address (or has selected a sensitivity level which includes these items). Other items such as the user's name, the date and the user's login alias have not been redacted. These, of course, could have been redacted, had the user selected to remove those items or selected a security level that included those items. As shown in this example, the company logo 421, the user's name 422, the date 423 and the login alias are still shown. The balance amount 425, transaction amounts 426, transfer amounts 427 and email address 429 have been redacted. It should be noted that the structure of the document remains largely (if not completely) unchanged.
Regarding claims 6, 13 and 19, Cotrille teaches wherein the file context indicates at least one of the first user authoring the digital file, the first user being the owner of the digital file, or that the digital file is shared with the first user(file information includes information on the author tags, and additionally that the author has granted access to another user to tag/redact portions of a document, ¶s 29,41).
[0029] As explained above, sensitive portions of a document may be determined by user 105. Additionally or alternatively, sensitive portions of a document may be determined by the document's author. For example, within the structure of the document, the author may include various tags identifying portions of the document as sensitive or potentially sensitive. Thus, when a user provides an input indicating a desire to redact portions of the document, those portions of the document tagged as sensitive may be redacted. In some cases, where a user has configured a tiered system with multiple sensitivity levels, only those portions of the document corresponding to the indicated sensitivity level are redacted. For instance, if a user input indicated that only the low-sensitivity portions were to be redacted, only those items identified by the user as low-sensitivity items would be redacted. The same is true for medium, high or any other user-customized sensitivity-level. In some cases, the user may communicate with the document's author to indicate which portions of information are to be tagged as sensitive. Then, when the user indicates a redaction is to occur, only those portions indicated as sensitive to that user will be redacted.
[0041] In some cases, checking the user's authorization status to determine whether the user is authorized to unredact the redacted sensitive display information in the document includes sending a call to policy engine 120 to determine the authorization status of the user. Policy engine may communicate with computer system 101 and/or an operating system running on the system. Policy engine 120 may also communicate with services running on the operating system, or in some cases, may itself be a service running on an operating system. In some embodiments, user 105 may be permitted to grant authorization status to other users. Thus, once the users are authorized, they may be able to unredact sensitive portions of the document that have been redacted.
Regarding claims 7 and 20, Cotrille teaches receiving, by the computer system, a request from a third user to view the digital file, the third user associated with a third user context different than the first and second user contexts; determining, by the computer system, that the third user is not authorized to view the sensitive portion or the highly sensitive portion of the digital file based at least in part on the third user context; and obfuscating, by the computer system, the sensitive portion and the highly sensitive portion of the digital file from the third user file(redacted portions are based on multiple security levels where the rights of a third user redact medium and high type sensitivity portions, ¶s27, 29,30).
[0027] For example, in documents that have multiple different portions of information of varying level of sensitivity, the user may be able to assign one hot key to low-sensitivity-redaction, medium, high, or any other user-defined sensitivity level. Furthermore, the user may be able to define which information is to be redacted corresponding to the sensitivity level. For instance, user 105 may determine that low-sensitivity information such as the user's name and email address are to be redacted upon selecting the "L" key. High-sensitivity information such as account numbers and dollar amounts, the "H" key. User inputs, hot keys, and sensitivity levels may all be customizable and changeable by the user.
[0029] As explained above, sensitive portions of a document may be determined by user 105. Additionally or alternatively, sensitive portions of a document may be determined by the document's author. For example, within the structure of the document, the author may include various tags identifying portions of the document as sensitive or potentially sensitive. Thus, when a user provides an input indicating a desire to redact portions of the document, those portions of the document tagged as sensitive may be redacted. In some cases, where a user has configured a tiered system with multiple sensitivity levels, only those portions of the document corresponding to the indicated sensitivity level are redacted. For instance, if a user input indicated that only the low-sensitivity portions were to be redacted, only those items identified by the user as low-sensitivity items would be redacted. The same is true for medium, high or any other user-customized sensitivity-level. In some cases, the user may communicate with the document's author to indicate which portions of information are to be tagged as sensitive. Then, when the user indicates a redaction is to occur, only those portions indicated as sensitive to that user will be redacted.
[0030] Sensitivity may also be based on the user's current context. For example, computer system 101 may be configured to determine the user's current location using global positioning system (GPS), or determine based on ambient noise level that the user is in a public setting. Other means of determining context may also be used, and each may affect the sensitivity level in a different manner. For example, computer system 101 may be a public kiosk and may automatically redact certain portions of information such as account numbers and social security numbers. Alternatively, a user may input their current context manually, which may correspond to a pre-defined sensitivity level. In some cases, computer system 101 may detect that a user is in a certain context and automatically raise the sensitivity level and redact sensitive portions accordingly.
[0040] Method 300 also includes an act of checking the user's authorization status to determine whether the user is authorized to unredact the redacted display information in the document (act 320). For example, authorization module 125 may check user 105's authorization status to determine whether user 105 is authorized to unredact the redacted sensitive display information in document 132. For example, a bank president may be viewing a document and may desire to redact certain portions of the document because other people have entered the room. If another user viewing the document attempted to unredact the sensitive redacted portions, the user's authorization status would be checked to determine that the user was authorized to unredact the redacted portions. This is an example of a security measure that may be taken to prevent unauthorized persons from viewing the redacted portions. Other time-based (e.g. authorized users are authorized to access the redacted information only within a certain time frame), location-based, rights-based security measures may also be used. Any type of authentication may be used to veri the user's authentication status.
Prior Art Cited But Not Used In Rejection
US 2020/0314133 Security Device Selection Based On Secure Content Detection.
US 2015/0070516 Automatic Content Filtering.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Tom Y. Chang whose telephone number is 571-270-5938. The examiner can normally be reached on Monday-Friday from 9am to 5pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, William Trost , can be reached on (571)272-7872. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from Patent Center. Status information for published applications may be obtained from Patent Center. Status information for unpublished applications is available through Patent Center for authorized users only. Should you have questions about access to Patent Center, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) Form at https://www.uspto.gov/patents/uspto-automated- interview-request-air-form.
/TOM Y CHANG/
Primary Examiner, Art Unit 2442