Privacy aware camera and device status indicator system
First Claim
Patent Images
1. A computer-implemented method, comprising:
- changing a privacy state of a privacy indicator to indicate that environmental data that is generated by a physical sensor is not being transmitted over a network or stored outside of a trusted portion of memory;
while the privacy state of the privacy indicator indicates that the environmental data that is generated by the sensor is not being transmitted over the network or stored outside of the trusted portion of memory, receiving a command to access the environmental data that is generated by the sensor;
determining that the command is not permitted without first indicating on the privacy indicator that the environmental data that is generated by the sensor is permitted to be transmitted over the network or stored outside of the trusted portion of memory, by a privacy policy that restricts performance of commands that involve transmission of environmental data over the network or storage of environmental data outside of the trusted portion of memory, wherein determining that the command is not permitted comprises verifying a digital signature associated with the command; and
based on the determining that the command is not permitted by the privacy policy that restricts performance of commands that involve transmission of environmental data over the network or storage of environmental data outside of the trusted portion of memory, changing the privacy state of the privacy indicator to indicate that the environmental data that is generated by the sensor is permitted to be transmitted over the network or stored outside of the trusted portion of memory.
2 Assignments
0 Petitions
Accused Products
Abstract
A privacy indicator is provided that shows whether sensor data are being processed in a private or non-private mode. When sensor data are used only for controlling a device locally, it may be in a private mode, which may be shown by setting the privacy indicator to a first color. When sensor data are being sent to a remote site, it may be in a non-private mode, which may be shown by setting the privacy indicator to a second color. The privacy mode may be determined by processing a command in accordance with a privacy policy of determining if the command is on a privacy whitelist, blacklist, greylist or is not present in a privacy command library. A non-private command may be blocked.
34 Citations
18 Claims
-
1. A computer-implemented method, comprising:
-
changing a privacy state of a privacy indicator to indicate that environmental data that is generated by a physical sensor is not being transmitted over a network or stored outside of a trusted portion of memory; while the privacy state of the privacy indicator indicates that the environmental data that is generated by the sensor is not being transmitted over the network or stored outside of the trusted portion of memory, receiving a command to access the environmental data that is generated by the sensor; determining that the command is not permitted without first indicating on the privacy indicator that the environmental data that is generated by the sensor is permitted to be transmitted over the network or stored outside of the trusted portion of memory, by a privacy policy that restricts performance of commands that involve transmission of environmental data over the network or storage of environmental data outside of the trusted portion of memory, wherein determining that the command is not permitted comprises verifying a digital signature associated with the command; and based on the determining that the command is not permitted by the privacy policy that restricts performance of commands that involve transmission of environmental data over the network or storage of environmental data outside of the trusted portion of memory, changing the privacy state of the privacy indicator to indicate that the environmental data that is generated by the sensor is permitted to be transmitted over the network or stored outside of the trusted portion of memory. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A non-transitory computer-readable storage medium having instructions stored thereon that, when executed by one or more processors, cause performance of operations comprising:
-
changing a privacy state of a privacy indicator to indicate that environmental data that is generated by a physical sensor is not being transmitted over a network or stored outside of a trusted portion of memory; while the privacy state of the privacy indicator indicates that the environmental data that is generated by the sensor is not being transmitted over the network or stored outside of the trusted portion of memory, receiving a command to access the environmental data that is generated by the sensor; determining that the command is not permitted without first indicating on the privacy indicator that the environmental data that is generated by the sensor is permitted to be transmitted over the network or stored outside of the trusted portion of memory, by a privacy policy that restricts performance of commands that involve transmission of environmental data over the network or storage of environmental data outside of the trusted portion of memory, wherein determining that the command is not permitted comprises verifying a digital signature associated with the command; and based on the determining that the command is not permitted by the privacy policy that restricts performance of commands that involve transmission of environmental data over the network or storage of environmental data outside of the trusted portion of memory, changing the privacy state of the privacy indicator to indicate that the environmental data that is generated by the sensor is permitted to be transmitted over the network or stored outside of the trusted portion of memory. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A device, comprising:
-
one or more processors; a physical environmental sensor that is configured to capture environmental video data or audio data, respectively; a user-perceptible privacy indicator; and a computer-readable storage medium having instructions stored thereon that, when executed by the one or more processors, cause the one or more processors to perform operations comprising; changing a privacy state of a privacy indicator to indicate that environmental data that is generated by a physical sensor is not being transmitted over a network or stored outside of a trusted portion of memory; while the privacy state of the privacy indicator indicates that the environmental data that is generated by the sensor is not being transmitted over the network or stored outside of the trusted portion of memory, receiving a command to access the environmental data that is generated by the sensor; determining that the command is not permitted without first indicating on the privacy indicator that the environmental data that is generated by the sensor is permitted to be transmitted over the network or stored outside of the trusted portion of memory, by a privacy policy that restricts performance of commands that involve transmission of environmental data over the network or storage of environmental data outside of the trusted portion of memory, wherein determining that the command is not permitted comprises verifying a digital signature associated with the command; and based on the determining that the command is not permitted by the privacy policy that restricts performance of commands that involve transmission of environmental data over the network or storage of environmental data outside of the trusted portion of memory, changing the privacy state of the privacy indicator to indicate that the environmental data that is generated by the sensor is permitted to be transmitted over the network or stored outside of the trusted portion of memory.
-
Specification