The proliferation of personal computing devices in recent years, especially mobile personal computing devices, combined with a growth in the number of widely-used communications formats (e.g., text, voice, video, image) and protocols (e.g., SMTP, IMAP/POP, SMS/MMS, XMPP, etc.) has led to increased concerns regarding the safety and security of documents and messages that are sent over networks. Users desire a system that provides for the setting of custom, e.g., user-defined, content-agnostic permissions at a message-, document-, and/or sub-document—(i.e., a part of the document that comprises less than the entire document) level through a communications network. Such a system would allow customized privacy settings to be specified at various levels of social distance from the user sending the document or message (e.g., public, private, followers, groups, Level-1 contacts, Level-2 contacts, Level-3 contacts, etc.). Such a system may also allow the user to apply customized privacy settings and encryption keys differently to particular parts of a document, e.g., making a first part of a document available only to a first class of users and other parts of the document available to the first class of users and a second class of users.
Thus, a system for providing Adaptive Privacy Controls (APC) is described herein. APC comprises a user-controllable or system-generated, intelligent privacy system that can limit viewing, editing, and re-sharing privileges for files and other digital objects of all types stored in a compatible system (e.g., message objects, user profile fields, documents, etc.). APC allows users to share whatever information they want with whomever they want, while keeping others from accessing such information via assorted rights management techniques and/or encryption processes that can be initiated by user command or via system intelligence on entire objects or portions of objects. APC techniques may be applied to individuals, pre-defined groups, and/or ad-hoc groups. Customized encryption keys may further be applied to particular parties or groups of parties to enhance the security of the access permission settings.
APC may also be used to apply privacy settings to only particular parts of a document. For example, User A in an organization may need to see the entire content of the organization's annual report drafts, but other users in the organization may only need to see a version that has sensitive financial/pro-forma data redacted. For example, pages 1-20 of the annual report would be available to User A, but only pages 1-19 would be available to the other users.
Thus, according to some embodiments, the network-based, user-defined, content-agnostic (i.e., agnostic as to both format and subject matter) document and message access permission setting systems, methods, and computer readable media described herein may provide a seamless, intuitive user interface (e.g., using touch gestures or mouse input) allowing a user to block out particular areas of interest in a document or message from particular recipients or groups of recipients, as well as to specify privacy and access permission settings for a single document or message—or across all documents owned by the user.
According to other embodiments, the document and message access permission setting systems, methods, and computer readable media described herein may also provide an interface allowing a user to manipulate an outgoing message object, so as to “hide” the “secret” message content that has had the aforementioned specific permissions applied to it (e.g., encrypted content) within one or more portions of the message object that are not displayed in existing message viewer applications, such as hidden metadata fields or unused headers. This interface allows the “secret,” i.e., hidden (and/or encrypted) content to be delivered using existing message formats (e.g., Multipurpose Internet Mail Extensions, or “MIME”) and delivery protocols (e.g., Simple Mail Transfer Protocol, or “SMTP”) and to be viewed using existing message viewers (e.g., webmail clients)—while still protecting (and hiding) the actual secret content from the recipient. Using these techniques, no recipient (even an intended recipient) would be able to view the actual content of the message object using the existing message viewer application.
According to such systems, methods, and computer readable media, only an authorized message viewing application would have both the instructions and knowledge of where in the message to look for the secret hidden content, as well as the necessary decryption keys to decrypt the hidden content. As such, the “hidden and encrypted” message object may be stored, archived, exported, etc. using the infrastructure of an existing communication channel (e.g., a webmail provider's servers) and may even be forwarded to other users, while still respecting the sender's original intent that only the intended recipients be able to view the message's secret content, i.e., by using an authorized message viewing application.
Moreover, the ‘message body’ field of the message object may be intentionally ‘blanked’ out and/or filled with auto-generated obfuscation text, such that, when viewed outside an authorized client message viewing application (e.g., in an existing message viewer) or when viewed by an unintended recipient, there is either no indication that any real content is even present in the message (i.e., if no information has been stored in the ‘message body’ field, that is, it has been ‘blanked’ out), or the content that is displayed in the existing message viewer is intentionally obfuscating text (i.e., text that has nothing to do with the actual content of the message, but that would not ‘tip off’ an unintended recipient that there was any ‘true’ content that s/he was not seeing in the message). In other embodiments, the system may generate one or more obfuscation media objects (e.g., images, video, audio, etc.) to include in the ‘message body’ field of the message object, rather than obfuscation text.
The subject matter of the present disclosure is directed to overcoming, or at least reducing the effects of, one or more of the problems set forth above. To address these and other issues, techniques that enable the setting of user-defined, content-agnostic permissions at a message-, document-, and/or sub-document-level through a communications network, as well as techniques to ‘hide’ encrypted content within existing message objects' data structures such that the true content is only viewable within authorized message viewing applications, are described herein.