Privacy Protection for Electronic Document Viewing
Publication Date: 2012-Feb-16
The IP.com Prior Art Database
Our invention is a method for protecting sensitive data from "over the shoulder" spying. The novelty of the invention is that the sensitive content will be fully protected, while 3rd party suspicion and attention will not be attracted. Our invention maintains data protection, preventing an shoulder-surfer from understanding the sensitive data. Furthermore, using this method, it is possible to protect sensitive data, without indicating to the surrounding world that sensitive data protection is applied. Finally, it needs no additional equipment to be added/embedded into the viewing device.
Page 01 of 8
As the use of handheld devices spreads in the enterprise, more documents are being read on e-book readers, tablets, smartphones, and the like. This poses an increased risk of exposure of secure information in documents belonging to business and government organizations. Information can be leaked through any viewing technology, whether paper or computer monitors, but handheld devices pose a particular risk, since they can hold vast numbers of documents and are carried by users to locations other than their desks.
One solution to this is document-level security, ensuring that all users who see a given document are authenticated and authorized to see it. However, this does not protect against shoulder-surfing, i.e., an unauthorized person viewing the document when the authorized user has it open.
There is much prior art in the area of redaction, screen protection, and handheld devices. These fall into several categories, and are reviewed in detail below.
1. Protecting screens, especially computer monitors, from shoulder-surfers.
2. Redacting documents, including on-screen.
3. Protecting data in handheld devices.
4. Finger-print detection.
Over the shoulder protection
Over the shoulder eavesdropper
Display data protection
Display sensitive data
Protect screen sensitive data
Prior art includes:
a) On-screen redaction, as implemented in the Secure Viewer feature of the IBM Infosphere Guardium Data Redaction product, with patents such as
IL920090018US1 "Data access control with flexible data disclosure and coordinated access control for mixed unstructured and structured data."
This includes, in addition to the automated masking of sensitive text entities, the secure revealing of information when permitted. The revealing feature is, however, focused on small snippets of sensitive information and not on protecting contiguous text during reading.
This prior art does not focus on the special weaknesses and strengths of handheld devices: The increase risk of exposure as the device is carried to various places, and the enhanced user-input mechanisms such as touch-screens and styluses offered by the handheld.
This exposes a vulnerability to shoulder-surfing. If a hostile viewer continuously peeks over the shoulder of a genuine reader, he would be exposed to the whole text that the reader was exposed to, for example, a hostile viewer sitting behind a genuine viewer in a bus.
Page 02 of 8
b) Another approach in the prior art is to reveal only a certain part of the
document as it is read, implemented as follows this:
The entire document screen is masked with a well-known algorithm such as Gaussian Blur or is blank with a uniform color. The user traces his current reading location using the natural gesture of pointing with a mouse pointer (on a personal computer) or their finger (smartphone touch screen). The implementation de-blurs and exposes the text around of his mouse pointer/finger.
However, this, like other prio...