Patent Egrant

To Promote the Progress of Science and Useful Arts
The Director
of the United States Patent and Trademark Office has received
an application for a patent for a new and useful invention. The title
and description of the invention are enclose. The requirements
of law have been complied with, and it has been determined that
a patent on the invention shall be granted under the law.
Therefore, this United States
grants to the person(s) having title to this patent the right to exclude others from making,
using, offering for sale, or selling the invention throughout the United States of America or
importing the invention into the United States of America, and if the invention is a process,
of the right to exclude others from using, offering for sale or selling throughout the United
States of America, products made by that process, for the term set forth in 35 U.S.C. 154(a)(2)
or (c)(1), subject to the payment of maintenance fees as provided by 35 U.S.C. 41(b). See the
Maintenance Fee Notice on the inside of the cover.
Director of the United States Patent and Trademark Office

Maintenance Fee Notice
If the application for this patent was filed on or after December 12, 1980, maintenance fees
are due three years and six months, seven years and six months, and eleven years and six
months after the date of this grant, or within a grace period of six months thereafter upon
payment of a surcharge as provided by law. The amount, number and timing of the mainte-
nance fees required may be changed by law or regulation. Unless payment of the applicable
maintenance fee is received in the United States Patent and Trademark Office on or before
the date the fee is due or within a grace period of six months thereafter, the patent will expire
as of the end of such grace period.
Patent Term Notice

If the application for this patent was filed on or after June 8, 1995, the term of this patent
begins on the date on which this patent issues and ends twenty years from the filing date of
the application or, if the application contains a specific reference to an earlier filed applica-
tion or applications under 35 U.S.C. 120, 121, 365(c), or 386(c), twenty years from the filing date
of the earliest such application (“the twenty-year term”), subject to the payment of mainte-
nance fees as provided by 35 U.S.C. 41(b), and any extension as provided by 35 U.S.C. 154(b) or
156 or any disclaimer under 35 U.S.C. 253.
If this application was filed prior to June 8, 1995, the term of this patent begins on the date
on which this patent issues and ends on the later of seventeen years from the date of the
grant of this patent or the twenty-year term set forth above for patents resulting from appli-
cations filed on or after June 8, 1995, subject to the payment of maintenance fees as provided
by 35 U.S.C. 41(b) and any extension as provided by 35 U.S.C. 156 or any disclaimer under
35 U.S.C. 253.
Form PTO-377C (Rev 09/17)

US011734462B2
(12) United States Patent (10) Patent No.: US 11,734,462 B2

Gaddam et al. (45) Date of Patent: Aug. 22, 2023
(54) PREVENTING SENSITIVE INFORMATION 10,140,274B2 11/2018 Bastide et al.

FROM BEING SCREEN SHARED WITH 10,770,035B2 9/2020 Giusti et al.
2013/0166658 A1 6/2013 Yin
UNTRUSTED USERS 2014/0215356 A1 * 7/2014 Brander .................. G06F 21/84
715/753
(71) Applicant: Optum, Inc., Minnetonka, MN (US) 2015/0378995 A1 12/2015 Brown et al.
2016/0188387 A1 6/2016 Yang
(72) Inventors: Ramprasad Anandam Gaddam, (Continued)
Mumbai (IN); Gregory J. Boss,
Saginaw, MI (US); Jon Kevin Muse, OTHER PUBLICATIONS
Thompsons Station, TN (US); Kristine
Xu, Stoneham, MA (US) “Engage your audience with presenter modes,” accessed on Jan. 18,
2022 from https://support.microsoft.com/en-us/office/engage-your-
(73) Assignee: OPTUM, INC., Minnetonka, MN (US) audience-with-presenter-modes-a3599bcb-bb35-4e9c-8dbb-
72775eb91e04, 5 pp.
(*) Notice: Subject to any disclaimer, the term of this (Continued)
patent is extended or adjusted under 35
U.S.C. 154(b) by 52 days. Primary Examiner — Tu T Nguyen
(74) Attorney, Agent, or Firm — Shumaker & Sieffert,
(21) Appl. No.: 17/404,611 P.A.
(22) Filed: Aug. 17, 2021 (57) ABSTRACT
(65) Prior Publication Data An example method comprises determining, by a computing
system, that a message-sending computing device has
US 2023/0055595 A1 Feb. 23, 2023 received an indication of user input indicating an intent to
send a message to a user of a message-recipient computing
(51) Int. Cl.
device; prior to the message being delivered to the message-
G06F 21/84 (2013.01)
recipient computing device, calculating, by the computing
H04L 51/212 (2022.01)
system, a screen sharing risk score (SSRS) that indicates a
(52) U.S. Cl. risk that the message-recipient computing device is currently
CPC ............ G06F 21/84 (2013.01); H04L 51/212 sharing screen content of a screen of the message-recipient
(2022.05) computing device with a screen-recipient computing device
(58) Field of Classification Search associated with an untrusted screen-recipient user; and based
CPC ............................... G06F 21/84; H04L 51/212 on the SSRS indicating that the risk is above a risk threshold,
USPC ............................................................ 726/26 causing the message-sending computing device to output an
See application file for complete search history. alert indicating that the message-recipient computing device
is possibly sharing the screen content of the message-
(56) References Cited recipient computing device with the screen-recipient com-
U.S. PATENT DOCUMENTS puting device associated with the untrusted screen-recipient
user.
9,525,692 B2 12/2016 Gaudet et al.
9,699,271 B2 7/2017 Brander et al. 20 Claims, 6 Drawing Sheets
US 11,734,462 B2
Page 2
(56) References Cited

U.S. PATENT DOCUMENTS
2018/0359207 A1 12/2018 Chatterjee et al.
2022/0247588 A1 * 8/2022 Ittelson ............... H04L 12/1822
OTHER PUBLICATIONS
Krishnamurthy et al., “On the leakage of personally identifiable
information via online social networks,” Proceedings of the 2nd
ACM workshop on Online Social Networks, Aug. 17, 2009, pp.
7-12.
Tian et al., “All your screens are belong to us: Attacks exploiting the
HTML5 screen sharing API,” IEEE Symposium or Security and
Privacy, May 18, 2014, pp. 34-48.
* cited by examiner
U.S. Patent Aug. 22, 2023 Sheet 1 of 6 US 11,734,462 B2
US 11,734,462 B2
1 2
PREVENTING SENSITIVE INFORMATION indicates a risk that the message-recipient computing device
FROM BEING SCREEN SHARED WITH is currently sharing screen content of a screen of the mes-
UNTRUSTED USERS sage-recipient computing device with a screen-recipient
computing device associated with an untrusted screen-con-
BACKGROUND 5 tent recipient. In other words, the SSRS indicates a risk that
the message-recipient computing device is currently screen-
Screen sharing has become a ubiquitous part of modern sharing with a computing device used by a user with whom
work. When a user (i.e., a screen-sharing user) shares their the messaging-sending user does not want to share the
screen, all or part of the screen-sharing user’s screen content message. Based on the SSRS indicating that the risk is above
is displayed to one or more other users (i.e., screen-recipient 10 a risk threshold, the computing system may cause a mes-
users). However, sensitive information appearing on the sage-sending computing device to output an alert to the user
screen of the screen-sharing user may inadvertently be of the message-sending computing device indicating that the
displayed to the screen-recipient users. For instance, if a message-recipient computing device may currently be shar-
notification regarding an incoming email message contains ing screen content with a screen-recipient computing device
sensitive information arrives while the screen-sharing user is 15 associated with an untrusted screen-recipient user. Accord-
sharing their screen, the notification may inadvertently be ingly, the user of the message-sending computing device
displayed to the screen-recipient users. Examples of sensi- may elect not to send the message at the current time, or the
tive information may include health information, financial message-sending computing device may determine that the
information, personal information, legal information, and so message is not to be sent at the current time without user
on. 20 intervention or after user confirmation.
Calculating the SSRS and outputting the alert prior to the
SUMMARY message being delivered to the screen-sharing/message-
recipient computing device may address the technical prob-
The present disclosure describes devices, systems, and lems associated with leaving it up to the screen-sharing/
methods for protecting sensitive information from being 25 message recipient computing device to prevent disclosure of
displayed to screen-recipient users. Prior systems for pro- the sensitive information. For instance, the example tech-
tecting sensitive information have focused on obscuring niques described in this disclosure may reduce the process-
sensitive information received by a computing device asso- ing requirements of the screen-sharing/message-recipient
ciated with a screen-sharing user (i.e., a screen-sharing computing device, and potentially reduce the amount of
computing device) or suppressing notifications generated by 30 information that needs to be sent promoting bandwidth
a screen-sharing computing device when the screen-sharing efficiencies.
computing device receives a message. Such prior art sys- In one example, this disclosure describes a method com-
tems place the burden of preventing disclosure of the prising: determining, by one or more processors of a com-
sensitive information on the screen-sharing computing puting system, that a message-sending computing device has
device. In other words, it is up to the screen-sharing com- 35 received an indication of user input indicating an intent to
puting device to prevent disclosure of the sensitive infor- send a message to a user of a message-recipient computing
mation when the screen-sharing computing device receives device; and prior to the message being delivered to the
a message containing the sensitive information. message-recipient computing device: calculating, by the one
Leaving it up to the screen-sharing/message-recipient or more processors, a screen sharing risk score (SSRS) that
computing device to prevent disclosure of the sensitive 40 indicates a risk that the message-recipient computing device
information when the screen-sharing/message-recipient is currently sharing screen content of a screen of the mes-
computing device receives a message containing the sensi- sage-recipient computing device with a screen-recipient
tive information may present several technical problems. computing device associated with an untrusted screen-re-
For example, leaving it up to the screen-sharing/message- cipient user; determining, by the one or more processors,
recipient computing device to prevent disclosure of the 45 whether the SSRS indicates that the risk is above a risk
sensitive information may impose computational burdens on threshold; and based on the SSRS indicating that the risk is
the screen-sharing/message-recipient computing device dur- above the risk threshold, causing, by the one or more
ing a time when the computational resources of the screen- processors, the message-sending computing device to output
sharing/message-recipient computing device may be taxed an alert indicating that the message-recipient computing
by performing screen sharing, which is often accompanied 50 device is possibly currently sharing the screen content of the
by video conferencing. In another example, leaving it up to message-recipient computing device with the screen-recipi-
screen-sharing/message-recipient computing devices to pre- ent computing device associated with the untrusted screen-
vent disclosure of the sensitive information when screen- recipient user.
sharing/message-recipient computing devices receive mes- In another example, this disclosure describes a computing
sages containing the sensitive information may result in 55 system comprising: one or more storage devices configured
unnecessary consumption of network bandwidth because to store score basis data; and one or more processors
messages may be sent to screen-sharing/message-recipient implemented in circuitry, the one or more processors con-
computing devices when message-sending users may not figured to: determine that a message-sending computing
want to send the messages at all if the sensitive information device has received an indication of user input indicating an
may be shared with screen-recipient users. That is, although 60 intent to send a message to a user of a message-recipient
the screen-sharing/message-receipting computing device computing device; prior to the message being delivered to
may properly prevent disclosure of sensitive information, the message-recipient computing device, calculate, based on
the sensitive information is still sent unnecessarily, resulting the score basis data, a screen sharing risk score (SSRS) that
in waste of bandwidth. indicates a risk that the message-recipient computing device
As described herein, prior to a message being delivered to 65 is currently sharing screen content of a screen of the mes-
a message-recipient computing device, a computing system sage-recipient computing device with a screen-recipient
calculates a screen sharing risk score (SSRS). The SSRS computing device associated with an untrusted screen-re-
US 11,734,462 B2
3 4
cipient user; determine whether the SSRS indicates that the uses message-sending computing device 102. A message-
risk is above a risk threshold; and based on the SSRS recipient user 114 uses message-recipient computing device
indicating that the risk is above the risk threshold, cause the 106. A screen-recipient user 116 uses screen-recipient com-
message-sending computing device to output an alert indi- puting device 108. In other examples, system 100 may
cating that the message-recipient computing device is pos- 5 include more, fewer, or different components. For instance,
sibly currently sharing the screen content of the message- computing system 100 may include multiple screen-recipi-
recipient computing device with the screen-recipient ent computing devices. Computing system 110 may include
computing device associated with the untrusted screen- one or more computing devices. In examples where com-
recipient user. puting system 110 includes two or more computing devices,
In another example, this disclosure describes a computer- 10 the computing devices of computing system 110 may act
readable storage medium comprising instructions that, when together as a system. Example types of computing devices
executed, cause processing circuitry of a computing system include server devices, personal computers, mobile devices
to: determine that a message-sending computing device has (e.g., smartphones, tablet computers, wearable devices),
received an indication of user input indicating an intent to intermediate network devices, and so on.
send a message to a user of a message-recipient computing 15 As noted above, message-sending user 112 may use
device; prior to the message being delivered to the message- message-sending computing device 102 to send a message
recipient computing device, calculate a screen sharing risk 118 to message-recipient user 114. For instance, message-
score (SSRS) that indicates a risk that the message-recipient sending user 112 may use message-sending computing
computing device is currently sharing screen content of a device 102 to send an email message, chat message, or other
screen of the message-recipient computing device with a 20 type of message to message-recipient user 114. Message 118
screen-recipient computing device associated with an may include sensitive information that message-sending
untrusted screen-recipient user; determine whether the user 112 does not want shared with people other than
SSRS indicates that the risk is above a risk threshold; and message-recipient user 114 or does not want shared with
based on the SSRS indicating that the risk is above the risk untrusted users. For instance, message 118 may include
threshold, cause the message-sending computing device to 25 private health information, financial information, legal infor-
output an alert indicating that the message-recipient com- mation, personally identifying information, and so on.
puting device is possible currently sharing the screen content Message-recipient computing device 106 may be config-
of the message-recipient computing device with the screen- ured to present a notification when message-recipient com-
recipient computing device associated with the untrusted puting device 106 receives a message. For example, mes-
screen-recipient user. 30 sage-recipient computing device 106 may present a
The details of one or more aspects of the disclosure are set notification in a corner of a display screen to indicate the
forth in the accompanying drawings and the description arrival of the message. The notification may include some or
below. Other features, objects, and advantages of the tech- all of the content of the message. For instance, the notifi-
niques described in this disclosure will be apparent from the cation may include text identifying message-sending user
description, drawings, and claims. 35 112, a subject line of message 118, some or all content of a
body of message 118, and/or other information. Aside from
BRIEF DESCRIPTION OF THE DRAWINGS presenting a notification when message-recipient computing
device 106 receives a message, message-recipient comput-
FIG. 1 is a block diagram illustrating an example system ing device 106 may show the message in an inbox or chat
in accordance with one or more aspects of this disclosure. 40 window that might be open on a display screen of message-
FIG. 2 is a block diagram illustrating an example com- recipient computing device 106.
puting system that implements a guardian system in accor- Furthermore, as noted above, message-recipient comput-
dance with one or more aspects of this disclosure. ing device 106 may be sharing screen content 120 with a
FIG. 3A and FIG. 3B are conceptual diagrams illustrating screen-recipient computing device 108. Thus, screen-recipi-
example alerts in accordance with one or more aspects of 45 ent user 116 may be able to see the content of the display
this disclosure. screen of message-recipient computing device 106. Because
FIG. 4A and FIG. 4B are conceptual diagrams illustrating a notification may appear on the display screen of message-
additional example alerts in accordance with one or more recipient computing device 106 or information regarding the
aspects of this disclosure. message may otherwise appear on the display screen of
FIG. 5 is a flowchart illustrating an example operation of 50 message-recipient computing device 106, screen-recipient
a guardian system in accordance with one or more aspects of user 116 may be able to see the notification or other
this disclosure. information regarding the message. In this way, sensitive
FIG. 6 is a flowchart illustrating an example operation of information in the message may be shared with screen-
a guardian system in accordance with one or more aspects of recipient user 116 despite neither message-sending user 112
this disclosure. 55 nor message-recipient user 114 intending to share the sen-
sitive information with screen-recipient user 116.
DETAILED DESCRIPTION In accordance with a technique of this disclosure, guard-
ian system 104 may be configured to perform actions that
FIG. 1 is a block diagram illustrating an example system may reduce the risk that sensitive information is shared with
100 in accordance with one or more aspects of this disclo- 60 untrusted users, e.g., screen-recipient user 116. As described
sure. In the example of FIG. 1, system 100 includes a in this disclosure, guardian system 104 may determine that
message-sending computing device 102, a guardian system message-sending computing device 102 (i.e., message-send-
104, a message-recipient computing device 106, and a ing user 112) has received an indication of user input
screen-recipient computing device 108. Guardian system associated with sending message 118 to a user of message-
104 may be implemented by a separate computing system 65 recipient computing device 106 (i.e., message-recipient user
110, by message-sending computing device 102, or another 114). Prior to message 118 being delivered to message-
computing device or system. A message-sending user 112 recipient computing device 106, guardian system 104 may
US 11,734,462 B2
5 6
calculate a screen sharing risk score (SSRS) that indicates a sage, instead of whether any screen-recipient user is
risk that message-recipient computing device 106 is cur- untrusted for the category associated with the message.
rently sharing screen content of a screen of message-recipi- In response to determining that the SSRS does not indi-
ent computing device 106 with a screen-recipient computing cate that the risk is above the risk threshold, guardian system
device, such as screen-recipient computing device 108, 5 104 may forward message 118 for delivery to message-
associated with an untrusted screen-recipient user (e.g., recipient computing device 106. However, based on the
screen-recipient user 116). In general, a trusted screen- SSRS indicating that the risk is above a risk threshold,
recipient user is a user who is trusted by message-sending guardian system 104 may cause message-sending comput-
user 112 to view message 118, even if message 118 is not ing device 102 to output an alert 124 (e.g., to message-
10
directed to the user. In contrast, an untrusted screen-recipient sending user 112) indicating that message-recipient comput-
user is a user who is not trusted by message-sending user 112 ing device 106 may currently be sharing screen content 120
to view message 118. with an untrusted user. If the SSRS indicates that the risk is
Guardian system 104 may determine the SSRS based on above the risk threshold, guardian system 104 does not
score basis data 122 obtained from message-recipient com- 15 immediately forward message 118 for delivery to message-
puting device 106 and/or other data. In some examples, to recipient computing device 106. In examples where guard-
determine the SSRS, guardian system 104 may assign values ian system 104 determines SSRS’s for individual screen-
to variables within score basis data 122. The variables within recipient users, guardian system 104 may cause message-
score basis data 122 may include variables indicating sending computing device 102 to output alert 124 based on
whether individual screen sharing applications installed on 20 any of the SSRS’s indicating a risk that is above the risk
message-recipient computing device 106, variables indicat- threshold.
ing whether individual screen sharing applications are in Alert 124 may prompt message-sending user 112 to
use, variables indicating whether a full screen of message- indicate whether to forward message 118 for delivery to
recipient computing device 106 is being shared, variables message-recipient user 114 immediately or to temporarily
indicating how many monitors are connected to message- 25 withhold message 118. In response to message-sending
recipient computing device 106, variables indicating computing device 102 receiving an indication of user input
whether individual messaging applications are configured to from message-sending user 112 to forward message 118
receive messages on message-recipient computing device immediately, message-sending computing device 102 may
106, variables indicating whether any screen-recipient user send a command 126 to guardian system 104 that instructs
is untrusted for a category associated with the message, 30 guardian system 104 to forward message 118 for delivery to
variables indicating whether individual topics are being message-recipient computing device 106. In response to
discussed during a screen sharing session, and so on. Guard- message-sending computing device 102 receiving an indi-
ian system 104 may normalize the variables to a common cation of user input from message-sending user 112 to hold
scale (e.g., 0 to 1). message 118, command 126 may instruct guardian system
In some examples, guardian system 104 may calculate the 35 104 to temporarily withhold message 118 from delivery to
SSRS as a weighted average of the values of the variables. message-recipient computing device 106. In some
The weights that guardian system 104 uses to calculate the examples, message-sending computing device 106 may
weighted average may be determined heuristically offline. In automatically send command 126 to temporarily withhold
some examples, guardian system 104 may use a regression message 118 from delivery to message-recipient computing
model, such as a linear or logistic regression model, to 40 device 106 or to forward message 118 for delivery to
determine the SSRS based on the values of the variables. For message-recipient computing device 106. Message-sending
instance, in some examples, during the training phase, computing device 106 may automatically determine whether
training personnel may generate training data by assigning to send a command to withhold or forward message 118
SSRS’s (or SSRS classes, such as one or more of “high based on rules in a rule base, which may be configured by
risk,” “low risk”, etc., corresponding to SSRS’s) to sets of 45 message-sending user 112 or another party.
training values for the variables. In this example, guardian In response to receiving command 126 instructing guard-
system 104 may use this training data to train a linear ian system 104 to withhold message 118 from delivery to
regression model, a logistic regression model, or another message-recipient computing device 106, guardian system
type of model. In some examples, guardian system 104 may 104 does not immediately forward message 118 for delivery
use a neural network model to determine the SSRS. The 50 to message-recipient computing device 106. For example,
neural network may include input neurons that correspond to guardian system 104 may hold message 118 for a given
variables of score basis data 122. The neural network may period of time. In some examples, guardian system 104 may
include an output neuron that outputs the SSRS. In other hold message 118 until guardian system 104 determines that
examples, guardian system 104 may use another type of message-recipient computing device 106 is no longer shar-
machine learning model. 55 ing screen content 120 with an untrusted screen-recipient
In some examples where there are multiple screen-recipi- user. For instance, in such examples, guardian system 104
ent users, guardian system 104 may determine a separate may hold message 118 until guardian system 104 determines
SSRS for each of the screen-recipient users. In such that the SSRS indicates a risk that is below the risk thresh-
examples, guardian system 104 may determine an SSRS for old.
an individual screen-recipient user in much the same way as 60 FIG. 2 is a block diagram illustrating example compo-
described elsewhere in this disclosure. However, the vari- nents of computing system 200 in accordance with one or
ables in the score basis data used to determine the SSRS for more aspects of this disclosure. FIG. 2 illustrates only one
an individual screen-recipient user may be limited to the example of computing system 200, without limitation on
data regarding the individual screen-recipient user instead of many other example configurations of computing system
multiple screen-recipient users. For example, one of the 65 200. Computing system 200 may be the same as message-
variables may indicate whether the individual screen-recipi- sending computing device 102 or may comprise a separate
ent user is trusted for a category associated with the mes- system of one or more computing devices.
US 11,734,462 B2
7 8
As shown in the example of FIG. 2, computing system messaging server, such as an email server, instant messaging
200 includes one or more processors 202, one or more server, or other system that facilitates communication of
communication units 204, one or more power sources 206, messages. In other examples, guardian system 104 is imple-
one or more storage devices 208, and one or more commu- mented separately from a messaging server. In some
nication channels 210. Computing system 200 may include 5 examples, guardian system 104 may operate independently
other components. For example, computing system 200 may of, or in communication with, the messaging server.
include input devices, output devices, display screens, and Data processing unit 212 may obtain score basis data 122
so on. Communication channel(s) 210 may interconnect from message-recipient computing device 106 and store
each of processor(s) 202, communication unit(s) 204, and score basis data 122 in storage device(s) 208. Score basis
storage device(s) 208 for inter-component communications 10 data 122 may include one or more types of data. For
(physically, communicatively, and/or operatively). In some example, score basis data 122 may include data indicating
examples, communication channel(s) 210 may include a which screen sharing capable applications are installed on
system bus, a network connection, an inter-process commu- message-recipient computing device 106 and data indicating
nication data structure, or any other method for communi- which screen sharing capable applications are in use. In
cating data. Power source(s) 504 may provide electrical 15 some examples, score basis data 122 may include data
energy to processor(s) 202, communication unit(s) 204, indicating whether any of the screen sharing capable appli-
storage device(s) 206 and communication channel(s) 210. cations are actively sharing screen content. In some
Storage device(s) 208 may store information required for examples where score basis data 122 includes data indicat-
use during operation of computing system 200. ing whether any of the screen sharing capable applications
Processor(s) 202 comprise circuitry configured to perform 20 are actively sharing screen content, score basis data 122 may
processing functions. For instance, one or more of also include data indicating what type of screen sharing is
processor(s) 202 may be a microprocessor, an application- occurring (e.g., sharing of an individual window, sharing of
specific integrated circuit (ASIC), a field-programmable an entire desktop, sharing of an application, sharing of a
gate array (FPGA), or another type of processing circuitry. virtual whiteboard, etc.). In some examples, score basis data
In some examples, processor(s) 202 of computing system 25 122 may determine how many monitors are connected to
200 may read and may execute instructions stored by storage message-recipient computing device 106.
device(s) 208. Processor(s) 202 may include fixed-function In some examples, score basis data 122 may indicate
processors and/or programmable processors. Processor(s) which application or messaging platform message-sending
202 may be included in a single device or distributed among user 112 is using to send message 118 to message-recipient
multiple devices. 30 user 114. In some examples, score basis data 122 may
Communication unit(s) 204 may enable computing sys- indicate which application or message platform message-
tem 200 to send data to and receive data from one or more recipient user 114 is using to receive message 118. For
other computing devices (e.g., via a communications net- instance, different email client applications may present
work, such as a local area network or the Internet). In some notifications and email messages differently. Accordingly,
examples, communication unit(s) 204 may include wireless 35 different email client applications may present different
transmitters and receivers that enable computing system 200 levels of risk that sensitive information in message 118 may
to communicate wirelessly with other computing devices. be shared in screen content 120. Similarly, score basis data
Examples of communication unit(s) 204 may include net- 122 may indicate which operating system is running on
work interface cards, Ethernet cards, optical transceivers, message-recipient computing device 106. Different operat-
radio frequency transceivers, or other types of devices that 40 ing systems may present notifications differently and there-
are able to send and receive information. Other examples of fore may present different levels of risk that sensitive
such communication units may include BLUETOOTH™, information in message 118 may be shared in screen content
3G, 4G, 5G, and WI-FI™ radios, Universal Serial Bus 120.
(USB) interfaces, etc. Computing system 200 may use In some examples, score basis data 122 may indicate
communication unit(s) 204 to communicate with one or 45 which monitor of message-recipient computing system 106
more other computing devices or systems, such as client displays notifications regarding incoming messages. In such
device 104. Communication unit(s) 204 may be included in examples, data processing unit 212 may determine whether
a single device or distributed among multiple devices. the monitor of message-recipient computing system 106 that
Processor(s) 202 may read instructions from storage displays notifications regarding incoming messages is the
device(s) 208 and may execute instructions stored by storage 50 same as the monitor of message-recipient computing system
device(s) 208. Execution of the instructions by processor(s) 106 that contains shared screen content 120.
202 may configure or cause computing system 200 to In some examples, score basis data 122 may include data
provide at least some of the functionality ascribed in this that identify screen-recipient users, such as screen-recipient
disclosure to computing system 200. Storage device(s) 208 user 116, that are receiving screen content shared by mes-
may be included in a single device or distributed among 55 sage-recipient computing device 106. In some such
multiple devices. examples, data processing unit 212 may determine catego-
As shown in the example of FIG. 2, storage device(s) 208 ries for the screen-recipient users. For instance, it may not be
may include computer-readable instructions associated with a problem to share sensitive information with some catego-
guardian system 104. In the example of FIG. 2, guardian ries of screen-recipient users (e.g., trusted users) but it may
system 104 includes a data processing unit 212, a calculation 60 be a problem to share the same sensitive information with
unit 214, a content analysis unit 216, an alert unit 218, and other categories of screen-recipient users (e.g., untrusted
a delayed message unit 220. Additionally, guardian system users). For instance, if message 118 contains corporate
104 may include score basis data 122 and a message store accounting data, it may not be a problem if the corporate
224. The components of guardian system 104 are described accounting data is shared with other members of a corporate
for purposes of explanation and may not reflect actual units 65 accounting team, but it may be a problem if the corporate
of software or data within guardian system 104. In some accounting data is shared with screen-recipient users outside
examples, guardian system 104 is implemented as part of a the corporate accounting team. To determine the categories
US 11,734,462 B2
9 10
of the screen-recipient users, data processing unit 212 may Long Short-Term Memory (LSTM) model, an attention
access a database that maps users to categories. In some model, a transformer model, or a reformer model) may be
examples, score basis data 122 obtained by data processing trained to generate output data indicating confidence levels
unit 212 may directly indicate the categories of the screen- for each category of a plurality of categories. The confidence
recipient users. Guardian system 104 may determine the 5 level for a category may indicate a level of confidence that
SSRS based in part on the categories of the screen-recipient message 118 is associated with the category. The neural
users. For instance, guardian system 104 may determine a network model may include one or more hidden layers.
value of a variable that indicates whether any of the screen- In some examples, content analysis unit 216 may also
recipient users is in a category that makes the screen- determine one or more categories associated with screen
recipient user untrusted by message-sending user 112 for 10 content 120. For instance, in one example, content analysis
purposes of message 118. Guardian system 104 may use this unit 216 may obtain (e.g., from score basis data 222)
variable in a weighted average calculation, a regression information regarding a calendar appointment associated
calculation, in a machine-learning model, or another process with screen content 120. In this example, the calendar
to determine the SSRS. appointment may include a subject line containing words
In some examples, score basis data 122 may include 15 associated with one or more categories. In some examples,
profile data for users. The profile data for users may include content analysis unit 216 may determine the one or more
data indicating projects on which the users are working, categories associated with screen content 120 based on
roles associated with the users, departments associated with invitees listed in the calendar appointment associated with
the users, and other information about the users. In general, screen content 120. The invitees are the likely screen-
there may be less risk associated with sensitive information, 20 recipient users. For instance, in this example, content analy-
such as project-related sensitive information, being shared if sis unit 216 may determine categories associated with the
message-recipient user 114 and screen-recipient users (e.g., invitees and, based on the categories associated with the
screen-recipient user 116) are associated with the same invitees, determine likely categories of screen content 120.
project, have the same roles, work in the same department, For instance, if each of the invitees is a member of a
and so on. In other words, certain screen-recipient users may 25 corporate accounting team, it is likely that screen content
be trusted with respect to certain categories of sensitive 120 is associated with corporate accounting data. In some
information if the screen-recipient users and message-re- examples, a software unit operating on message-recipient
cipient user 114 are associated with the same project, have computing device 106 may perform natural language pro-
the same roles, work in the same department, etc. cessing on content exchanged during a screen sharing ses-
In some examples, a software module installed on mes- 30 sion to determine one or more categories associated with
sage-recipient computing device 106 may collect score basis screen content 120. Such content may include spoken con-
data 122 and may send score basis data 122 to guardian tent, slides, an agenda, shared documents, and so on. In such
system 104. For instance, the software module may imple- examples, message-recipient user 114 and screen-recipient
ment an Application Programming Interface (API) that data user 116 may choose to provide indications of consent that
processing unit 212 may use to receive score basis data 122 35 content exchanged during the screen sharing session may be
from message-recipient computing device 106. recorded and analyzed for this purpose.
Content analysis unit 216 may determine one or more Content analysis unit 216 may compare the categories
categories associated with the content of message 118. For associated with the content of message 118 to the categories
instance, content analysis unit 216 may determine that the associated with screen content 120. In general, if the cat-
content of message 118 is associated with various categories 40 egories associated with the content of message 118 are the
such as financial data, personal health information, person- same as the categories associated with screen content 120,
ally identifying information, legal information, technical there is less risk associated with sensitive information in
information, social information, and so on. message 118 being shared with an untrusted screen-recipient
Content analysis unit 216 may determine the categories user. However, if the categories associated with the content
associated with the content of message 118 in one or more 45 of message 118 do not overlap with the categories associated
of a variety of ways. For example, content analysis unit 216 with screen content 120, there is greater risk associated with
may perform natural language processing (NLP) on message sensitive information in message 118 being shared with an
118 to determine the categories associated with the content untrusted screen-recipient user.
of message 118. For instance, in this example, when per- In some examples, content analysis unit 216 may deter-
forming NLP on message 118, content analysis unit 216 may 50 mine a context of message 118. Even if the categories
use a topic modeling process. As part of the topic modeling associated with the content of message 118 are the same as
process, content analysis unit 216 may parse message 118 to the categories associated with screen content 120, content
identify nouns, verbs, and other parts of speech within the analysis unit 216 may determine, based on the context of the
content of message 118. Content analysis unit 216 may message, that there is elevated risk associated with sensitive
compare the nouns and verbs to lists of words associated 55 information in message 118 being shared with one or more
with individual categories. Content analysis unit 216 may screen-recipient users. For instance, if message-sending user
determine that the content of message 118 is associated with 112 is sending a message to a first colleague criticizing a
a specific category if message 118 contains at least a given second colleague while the first colleague is sharing content
number of nouns or verbs associated with the specific with the second colleague related to the same subject matter
category or a ratio of nouns and verbs associated with the 60 as the message, message-sending user 112 may not want the
specific category compared to nouns and verbs associated message to be delivered to the computing device of the first
with other categories is greater than a predetermined thresh- colleague.
old. Accordingly, in some examples, content analysis unit 216
In some examples, content analysis unit 216 may use a may generate context data based on messages obtained by
machine-learned (ML) model to determine one or more 65 guardian system 104. The context data may include records
categories associated with the content of message 118. For identifying message-sending users of messages, message-
instance, in this example, a neural network model (e.g., a recipient users of messages, message content information of
US 11,734,462 B2
11 12
the messages, people related to (e.g., mentioned in) the device 106, etc.) using one or more API calls, or by using
messages, and sentiment regarding the people related to the other types of operations. Content analysis unit 216 may
messages. For instance, an individual record may specify a determine how many different log-in identifiers are in use on
message-sending user of a message, one or more message- message-recipient computing device 106. The number of
recipient users of the message, one or more content catego- 5 different log-in identifiers may be one of the variables used
ries of the message, one or more people related to the in determining the SSRS. In an example where the appli-
message, and sentiment data regarding the people related to cations are different messaging applications (e.g., email
the message. In some examples, content analysis unit 216 applications, chat applications, etc.) and message 118 is sent
may generate consolidated records that determine averaged to an address of a first user who is associated with a log-in
sentiment data for messages having the same message- 10 identifier used in a first messaging application, and a second
sending users, message-recipient users, content categories, user who is associated with a log-in identifier used in a
and related users. Content analysis unit 216 may use a second message application is sharing screen content. In this
message sentiment analysis process to determine the senti- example, the screen-recipient users may obtain sensitive
ment regarding the people related to the one or more information in a message that was not even intended to be
messages. Sentiment may range from negative sentiment 15 received by the second user. Accordingly, use of the number
(e.g., anger, disgust, bitterness, unhappiness, etc.) to neutral of different log-ins as a variable in determining the SSRS
sentiment to positive sentiment (e.g., happiness, satisfaction, may help to prevent the message from being delivered to
etc.). The sentiment analysis process may use a machine message-recipient computing device 106 in this situation.
learning process (e.g., neural network), word-matching pro- Calculation unit 214 may determine a SSRS based on
cess, or other process. To determine the context of a new 20 score basis data 122. In some examples, the SSRS may range
message, content analysis unit 216 may analyze the new from 0 to 1, with 0 denoting least risk and 1 denoting
message to identify people related to the new message and greatest risk. Calculation unit 214 may determine the SSRS
to determine a topic of the new message. Content analysis as described in any of the examples for calculating or
unit 216 may then search the context data for records determining the SSRS provided elsewhere in this disclosure.
specifying message-sending user 112 as the sender, mes- 25 Alert unit 218 may compare the SSRS to a risk threshold.
sage-recipient user 114 as the recipient, the identified people Based on the SSRS indicating a risk that is above the risk
related to the new message, and the determined topic. If threshold, alert unit 218 may cause message-sending com-
content analysis unit 216 identifies one or more such puting device 102 to output an alert to message-sending user
records, content analysis unit 216 may use the sentiment 112 indicating that message-recipient computing device 106
indicated by the records as part of determining the SSRS. 30 may currently be sharing screen content 120 with an
For example, if the records indicate a generally negative untrusted screen-recipient user. Otherwise, alert unit 218
sentiment, content analysis unit 216 may set a variable to a may forward message 118 for delivery to message-recipient
first value. If the records indicate a generally positive computing device 106.
sentiment, content analysis unit 216 may set the variable to Alert unit 218 may use different risk thresholds in differ-
a second, different value. Calculation unit 214 may then use 35 ent situations and/or different recipients. For instance,
the value of this variable, e.g., among other variables, to guardian system 104 may receive data indicating that mes-
determine the SSRS. Thus, depending on the ultimate value sage-sending user 112 has specified different risk thresholds
of the SSRS, an alert may be presented to message-sending for different potential recipients. Thus, in this example,
user 114, message-recipient computing device 106 may when guardian system 104 receives a message sent by
obscure a notification regarding the message, or another 40 message-sending user 112 to message-recipient user 114,
action may be taken. alert unit 218 may use the risk threshold specified by
In some circumstances, it may be undesirable for mes- message-sending user 112 for message-recipient user 114. In
sage-recipient computing device 106 to output a notification some examples, guardian system 104 may receive data
of a message unless message-recipient user 114 is actually indicating that message-recipient user 114 has specified a
looking at a screen of message-recipient computing device 45 risk threshold for message-sending user 112. Thus, in this
106 because otherwise someone other than message-recipi- example, when guardian system 104 receives a message sent
ent user 114 may be able to see the notification of the by message-sending user 112 to message-recipient user 114,
message while not providing any benefit to message-recipi- alert unit 218 may use the risk threshold specified by
ent user 114. In some examples, score basis data 122 may message-recipient user 114 for message-sending user 112.
include information that indicates whether message-recipi- 50 In some examples, alert unit 218 may use different risk
ent user 114 is currently looking at a screen of message- thresholds when different categories are associated with
recipient computing device 106. The variables used to content of message 118. For instance, content analysis unit
determine the SSRS may include a variable indicating 216 may determine that message 118 includes a specific
whether message-recipient user 114 is looking at a screen of category, e.g., financial data, legal data, personal data, health
message-recipient computing device 106. A device, such as 55 data, etc. Alert unit 218 may determine a risk threshold
message-recipient computing device 106, may use image based on the category associated with content of message
data from a camera, such as a camera connected to message- 118. For instance, to determine the risk threshold based on
recipient computing device 106, to determine (e.g., by the category associated with content of message 118, alert
applying an image recognition system) whether message- unit 218 may access a database containing data that map
recipient computing user 114 is looking at a screen of 60 categories to risk thresholds. Alert unit 218 may then com-
message-recipient computing device 106. pare the SSRS to a risk threshold corresponding to the
In some examples, score basis data 122 may include category associated with the content of message 118. For
information indicating log-in identifiers (e.g., user ids) of instance, alert unit 218 may use a first risk threshold if
applications (e.g., native applications, web applications, message 118 contains financial data and a second risk
etc.) in use on message-recipient computing device 106. The 65 threshold if message 118 contains health data.
log-in identifiers may be retrieved (e.g., by guardian system Alert unit 218 may receive a command 126 in response to
104, an application running on message-recipient computing alert 124. Command 126 may instruct alert unit 218 to send
US 11,734,462 B2
13 14
message 118 immediately. In response to determining that recipient computing device 106. For example, message-
command 126 instructs alert unit 218 to send message 118 recipient computing device 106 may be configured to
immediately, alert unit 218 may forward message 118 for obscure (e.g., hash-block or mask) some or all content of the
delivery to message-recipient computing device 106. For message, e.g., a subject line, sender, etc., upon receiving the
example, alert unit 218 may send message 118 to a server for 5 message. In some examples, guardian system 104 may
delivery to message-recipient computing device 106. In include an indication in the message (or an indication
another example, alert unit 218 may send a messaging to a otherwise associated with the message) to indicate to mes-
messaging server instructing the messaging server to send sage-recipient computing device 106 to obscure certain
message 118. Alternatively, command 126 may instruct alert content of the message.
unit 218 to hold message 118. In response to determining 10 Message-sending computing device 102 may present
that command 126 instructs alert unit 218 to hold message options for holding the message in response to receiving an
118, alert unit 218 may add message 118 to message store indication of user input to select feature 304. For instance,
224 for later delivery to message-recipient computing device as shown in the example of FIG. 3B, options for holding the
106. message may include holding the message until message-
Delayed message unit 220 may manage messages stored 15 recipient user 114 has finished screen sharing and holding
in message store 224. For example, delayed message unit the message until a time limit has expired, regardless of
220 may utilize calculation unit 214 to recalculate SSRSs for whether message-recipient user 114 is still screen sharing.
message-recipient users associated with messages stored in FIG. 4A and FIG. 4B are conceptual diagrams illustrating
message store 224. In this example, if delayed message unit additional example alerts in accordance with one or more
220 determines that the SSRS for a message-recipient user 20 aspects of this disclosure. In the example of FIG. 4A and
associated with a message is below a risk threshold corre- FIG. 4B, an alert 400 contains text and features 402 and 404.
sponding to the message, delayed message unit 220 may Features 402 and 404 operate in a similar manner to features
forward the message for delivery to a message-recipient 302 and 304 of FIG. 3A and FIG. 3B. Alert 400 differs from
computing device associated with the message-recipient alert 300 in that alert 400 indicates an estimated number of
user. In some examples, if delayed message unit 220 deter- 25 people who might see the message because message-recipi-
mines a time limit associated with a message stored in ent user 114 is sharing their screen.
message store 224 has expired, delayed message unit 220 In other examples, alerts may include more, fewer, or
may forward the message for delivery to a message-recipient different information than shown in alert 300 and alert 400.
computing device associated with the message-recipient For example, alerts may include information such as cat-
user. In some examples, if delayed message unit 220 deter- 30 egories associated with message 118, categories associated
mines a time limit associated with a message stored in with screen content 120, projects/departments/roles/etc.
message store 224 has expired, calculation unit 214 may shared with message-recipient user 114 and screen-recipient
determine the SSRS for the message-recipient user again users (e.g., screen-recipient user 116), and/or other informa-
and may forward the message for delivery to a message- tion. In some examples, users may configure which infor-
recipient computing device associated with the message- 35 mation is shown in alerts.
recipient user if the SSRS is below the risk threshold, and In some examples, guardian system 104 may track
continue to hold the message otherwise. In some examples, responses of message-sending user 112 to alerts and adapt
delayed message unit 220 may cause message-sending com- based on the responses of message-sending user 112 to
puting device 102 to notify message-sending user 112 after alerts. For example, guardian system 104 may increase a risk
a specific number of recalculations of the SSRS. In some 40 threshold associated with a specific message-recipient user if
examples where a time limit has expired and the SSRS message-sending user 112 frequently responds to alerts
remains above the risk threshold, delayed message unit 220 regarding messages to the specific message-recipient user
may cause message-sending computing device 102 to output with commands to send the messages immediately.
a notification requesting message-sending user 112 to pro- FIG. 5 is a flow diagram illustrating an example operation
vide input to extend the time limit or allow message 118 to 45 of guardian system 104 in accordance with one or more
expire. aspects of this disclosure. The example of FIG. 5 is
FIG. 3A and FIG. 3B are conceptual diagrams illustrating described with respect to the example of FIG. 1 and FIG. 2
example alerts in accordance with one or more aspects of but is not so limited.
this disclosure. In the example of FIG. 3A, an alert 300 In the example of FIG. 5, guardian system 104 may
contains text that informs message-sending user 112 that a 50 determine that message-sending computing device 102 has
recipient of a message (e.g., message-recipient user 114) is received an indication of user input indicating an intent of
screen sharing, potentially with an untrusted screen-recipi- message-sending user 112 to send message 118 to message-
ent user. Alert 300 also indicates the SSRS. In the example recipient user 114 (500). Message 118 may be an email
of FIG. 3A, the SSRS is equal to 0.7. In examples where message, a chat message, or another type of message. In
guardian system 104 determines multiple SSRS’s for indi- 55 some examples, guardian system 104 may determine that
vidual screen-recipient users, alert 300 may include one or message-sending computing device 102 has received an
more of the SSRS’s for the individual users. Alert 300 indication of user input associated with sending message 118
includes a feature 302 and a feature 304. Selection of feature to message-recipient user 114 when guardian system 104
302 instructs guardian system 104 to forward the message intercepts message 118 after message-sending computing
for delivery to message-recipient computing device 106 60 device 102 has sent the message. In some examples, guard-
immediately, regardless of the SSRS indicating a risk that ian system 104 may determine that message-sending com-
the recipient of the message is currently sharing screen puting device 102 has received an indication of user input
content with an untrusted user. In some examples where indicating an intent to send message 118 to message-recipi-
guardian system 104 receives an indication of user input to ent user 114 when guardian system 104 determines that
forward the message for delivery to message-recipient com- 65 message-sending computing device 102 has received an
puting device 106 immediately, one or more parts of the indication of user input indicating that user 112 has selected
message may be obscured when displayed on message- a user interface control (e.g., a “send” button) to send the
US 11,734,462 B2
15 16
message. In some examples, guardian system 104 may message-recipient computing device 106. In such examples,
determine that message-sending computing device 102 has if content analysis unit 216 determines that message 118
received an indication of user input indicating an intent to does not include sensitive information, guardian system 104
send message 118 to message-recipient user 114 when does not calculate, retrieve, or otherwise obtain or use the
message-sending computing device 102 receives user input 5 SSRS with respect to message 118.
of an email address or other data indicating that the message Guardian system 104 may then determine whether the
is to be sent to message-recipient user 114. Thus, in this SSRS indicates a risk that is above a risk threshold (504).
example, guardian system 104 may determine that message- For instance, guardian system 104 may compare the SSRS
sending computing device 102 has received an indication of to the risk threshold to determine whether the risk is above
user input indicating an intent to send message 118 to 10
the risk threshold. The risk threshold may be determined in
message-recipient user 114 even before message-sending
one of various ways. For example, the risk threshold may be
computing device 102 receives an indication of user input to
actually send message 118. Determining that message-send- a predetermined value that is the same for all users. In some
ing computing device 102 has received an indication of user examples, the risk threshold may be a user-specific threshold
input indicating an intent to send message 118 to message- 15
set by message-sending users.
recipient user 114 (e.g., by receiving input of an email Based on the SSRS indicating that the risk is above the
address of message-recipient user 114) before message- risk threshold (“YES” branch of 504), guardian system 104
sending computing device 102 receives the indication of may cause message-sending computing device 102 to output
user input to actually send message 118 may enable guardian an alert to message-sending user 112 indicating that mes-
system 104 to respond more quickly with an alert when 20 sage-recipient computing device 106 may currently be shar-
message-sending computing device 102 receives the indi- ing the screen content of message-recipient computing
cation of user input to send message, or may enable guardian device 106 with the screen-recipient computing device asso-
system 104 to cause message-sending computing device 102 ciated with the untrusted screen-recipient user (506). For
to output the alert even before message-sending user 112 instance, guardian system 104 may send a request to mes-
commits time to composing message 118. In examples 25 sage-sending computing device 102 to output an alert, such
where guardian system 104 determines that message-send- as alert 300 (FIG. 3A and FIG. 3B) or alert 400 (FIG. 4A and
ing computing device 102 has received user input indicating FIG. 4B). Message-sending computing device 102 may
an intent to send message 118 to message-recipient user 114 implement an API that is configured to receive and process
prior to message-sending computing device 102 receiving an such requests from guardian system 104. In some examples,
indication of user input to command message-sending com- 30 such as the examples of FIG. 3A and FIG. 3B, guardian
puting device 102 to send message 118, guardian system 104 system 104 may determine a numerical value based on the
may use an API implemented by message-sending comput- SSRS and include the numerical value in the alert. The
ing device 102 to retrieve information to make this deter- numerical value based on the SSRS may be the same as the
mination, or message-sending computing device 102 may be SSRS, derived through an arithmetic equation from the
configured to use an API of guardian system 104 to send 35 SSRS, or otherwise determined from the SSRS.
information needed to make the determination to guardian In some examples, such as the examples of FIGS. 3A, 3B,
system 104. 4A, and 4B, the alert provides message-sending user 112
Prior to the message being delivered to message-recipient with an option of holding message 118. Accordingly, in such
computing device 106, guardian system 104 may calculate examples, guardian system 104 may receive, in response to
a SSRS that indicates a risk that the message-recipient 40 the alert, a command 126 to hold message 118. In response
computing device is currently sharing screen content of a to command 126 to hold message 118, guardian system 104
screen of message-recipient computing device 106 with may delay forwarding message 118 for delivery to message-
screen-recipient computing device 108 (502). For instance, recipient computing device 106. For instance, guardian
in some examples, guardian system 104 may calculate the system 104 may store message 118 in message store 224 for
SSRS in response to determining that message-sending 45 later forwarding of message 118 for delivery to message-
computing device 102 has received an indication of user recipient computing device 106. Guardian system 104 may
input indicating an intent to send the message to message- subsequently recalculate the SSRS and determine whether to
recipient user 114. In some examples, guardian system 104 forward message 118 for delivery to message-recipient
may calculate the SSRS prior to determining that message- computing device 106 based on the recalculated SSRS. For
sending computing device 102 has received an indication of 50 instance, guardian system 104 may forward message 118 for
user input associated with sending the message to message- delivery to message-recipient computing device 106 if the
recipient user 114. For instance, guardian system 104 may recalculated SSRS is below the risk threshold.
calculate the SSRS for message-recipient user 114 on a In some examples, when the SSRS indicates a risk that is
periodic basis, independent of whether other users intend to above the risk threshold, guardian system 104 may cause a
send messages to message-recipient user 114. In some 55 device other than message-sending computing device 102 to
examples, guardian system 104 may use a machine-learned perform an action to notify message-sending user 112. For
model to predict which users are likely to be recipients of example, guardian system 104 may cause an alert to appear
messages at specific times of day and may preemptively on a mobile device of message-recipient user 114, cause
calculate SSRS’s for such users. lights of an office of message-recipient user 114 to tempo-
In some examples, content analysis unit 216 may analyze 60 rarily dim, cause an audio device in an environment of
the content of message 118 to determine one or more message-recipient user 114 to output a notification sound,
categories associated with the content of message 118. In and so on.
response to determining that message 118 includes sensitive On the other hand, if the SSRS does not indicate that the
information, such as personal health information or person- risk is above the risk threshold (“NO” branch of 504),
ally identifying information, guardian system 104 may cal- 65 guardian system 104 may forward message 118 for delivery
culate, retrieve, or otherwise obtain the SSRS for use in to message-recipient computing device 106 (508). For
determining whether to forward message 118 for delivery to instance, guardian system 104 may forward message 118 to
US 11,734,462 B2
17 18
an email server or messaging server that coordinates deliv- specific category. In such examples, guardian system 104
ery of message 118 to message-recipient computing device may determine that a user is no longer authorized for a
106. specific category based on a duration between the user
In some examples, message-recipient computing device receiving messages or attending meeting regarding the spe-
106 may implement techniques to prevent sharing of sensi- 5 cific category is greater than a threshold (e.g., 30 days).
tive information during screen sharing sessions. For Guardian system 104 may determine whether all of the
example, message-recipient computing device 106 may be screen-recipient users are authorized for the categories asso-
configured to suppress notifications of incoming messages ciated with the message (606). In response to determining
during screen sharing sessions. In some examples, message- that all of the screen-recipient users are authorized for the
recipient computing device 106 may be configured to relo- 10 categories associated with the message (“YES” branch of
cate notifications of messages to a non-shared screen of 606), guardian system 104 may forward message 118 for
message-recipient computing device 106. In some delivery to message-recipient computing device 106 (608).
examples, message-recipient computing device 106 may be For example, guardian system 104 may send message 118 to
configured to use one or more IoT components (e.g., dim- an email server or messaging server that coordinates deliv-
mable lighting fixtures, audio devices, etc.) to notify mes- 15 ery of message 118 to message-recipient computing device
sage-recipient user 114 of receipt of a message without 106.
displaying a notification on a screen of message-recipient On the other hand, in response to determining that one or
computing device 106. In some examples, message-recipi- more of the screen-recipient users are not authorized for one
ent computing device 106 may be configured to mask or or more of the categories associated with the message (“NO”
otherwise obscure message 118 or a notification of message 20 branch of 606), guardian system 104 (e.g., alert unit 218 of
118 on a screen of message-recipient computing device 106, guardian system 104) may cause message-sending comput-
e.g., if message-recipient computing device 106 is using ing device 102 to output an alert to message-sending user
full-screen screen sharing. In some examples, message- 112 indicating that message-recipient computing device 106
recipient computing device 106 may be configured to tem- may be sharing screen content with one or more screen-
porarily disable screen sharing and then display message 118 25 recipient users who are not authorized to view messages
or a notification of message 118. In such examples, message- associated with the categories associated with message 118
recipient computing device 106 may output a dialog box that (e.g., untrusted users) (610). For example, if message 118 is
prompts message-recipient user 114 to restart screen sharing associated with a corporate accounting data category and
(e.g., after closing the dialog box). one or more of the screen-recipient users is not authorized to
FIG. 6 is a flowchart illustrating an example operation of 30 view messages associated with the corporate accounting
guardian system 104 in accordance with one or more aspects data category, guardian system 104 may cause message-
of this disclosure. In the example of FIG. 6, content analysis sending computing device 102 to output an alert indicating
unit 216 of guardian system 104 may determine one or more that one or more of the screen-recipient users is not autho-
categories associated with message 118 (600). Categories rized to view messages associated with the corporate
associated with messages may include topics, projects, 35 accounting data category. Guardian system 104 may use an
departments, roles, positions in an organizational chart, API implemented by message-sending computing device
types of sensitive information, and so on. Content analysis 102 to cause message-sending computing device 102 to
unit 216 may determine the categories associated with the output the alert. In some examples, guardian system 104
message in any of the examples provided elsewhere in this may forward message 118 for delivery provided that mes-
disclosure. 40 sage-recipient computing device 106 is configured to
Additionally, guardian system 104 may identify screen- obscure one or more parts of message 118 so that those parts
recipient users (602). For example, guardian system 104 of message 118 cannot be seen by untrusted screen-recipient
may obtain data identifying the screen-recipient users from users.
message-recipient computing device 106, from a server The following is a non-limiting list of examples that are
system that facilitates screen sharing for message-recipient 45 in accordance with one or more techniques of this disclo-
computing device 106, or from another source. sure.
Guardian system 104 may also determine authorizations Example 1: A method includes determining, by one or
of the screen-recipient users (604). For example, to deter- more processors of a computing system, that a message-
mine whether all of the screen-recipient users are authorized sending computing device has received an indication of user
for the categories associated with the message, guardian 50 input indicating an intent to send a message to a user of a
system 104 may access a database that maps users to message-recipient computing device; and prior to the mes-
categories for which the users are authorized. In some sage being delivered to the message-recipient computing
examples, guardian system 104 may use artificial intelli- device: calculating, by the one or more processors, a screen
gence or machine learning techniques to determine the sharing risk score (SSRS) that indicates a risk that the
authorizations of the screen-recipient users. For instance, in 55 message-recipient computing device is currently sharing
one example, guardian system 104 may determine that a screen content of a screen of the message-recipient comput-
specific user is authorized for a specific category based on ing device with a screen-recipient computing device asso-
the nature of interactions with other users. For instance, ciated with an untrusted screen-recipient user; determining,
guardian system 104 may (e.g., with permission from by the one or more processors, whether the SSRS indicates
involved parties) analyze messages sent and received by the 60 that the risk is above a risk threshold; and based on the SSRS
specific user to determine whether the specific user is indicating that the risk is above the risk threshold, causing,
authorized for the specific category. For example, guardian by the one or more processors, the message-sending com-
system 104 may determine that the specific user is autho- puting device to output an alert indicating that the message-
rized for a specific category if the specific user has received recipient computing device is possibly currently sharing the
or sent messages related to the specific category. Further- 65 screen content of the message-recipient computing device
more, in some examples, guardian system 104 may deter- with the screen-recipient computing device associated with
mine that individual users are no longer authorized for a the untrusted screen-recipient user.
US 11,734,462 B2
19 20
Example 2: The method of example 1, further includes Example 9: A computing system includes one or more
receiving, by the one or more processors, in response to the storage devices configured to store score basis data; and one
alert, a command to hold the message; and in response to the or more processors implemented in circuitry, the one or
command to hold the message: delaying, by the one or more more processors configured to: determine that a message-
processors, forwarding the message for delivery to the 5 sending computing device has received an indication of user
message-recipient computing device; recalculating, by the input indicating an intent to send a message to a user of a
one or more processors, the SSRS; and determining, by the message-recipient computing device; prior to the message
one or more processors, whether to forward the message for being delivered to the message-recipient computing device,
delivery to the message-recipient computing device based calculate, based on the score basis data, a screen sharing risk
10
on the recalculated SSRS. score (SSRS) that indicates a risk that the message-recipient
Example 3: The method of any of examples 1 and 2, computing device is currently sharing screen content of a
further includes determining, by the one or more processors, screen of the message-recipient computing device with a
a category associated with content of the message; and screen-recipient computing device associated with an
determining, by the one or more processors, the risk thresh- 15 untrusted screen-recipient user; determine whether the
old based on the category associated with the content of the SSRS indicates that the risk is above a risk threshold; and
message. based on the SSRS indicating that the risk is above the risk
Example 4: The method of any of examples 1 through 3, threshold, cause the message-sending computing device to
wherein the method further comprises receiving, by the one output an alert indicating that the message-recipient com-
or more processors, data indicating that the user of the 20 puting device is possibly currently sharing the screen con-
message-sending computing device has specified a risk tent of the message-recipient computing device with the
threshold for the user of the message-recipient computing screen-recipient computing device associated with the
device; and wherein determining whether the SSRS indi- untrusted screen-recipient user.
cates that the risk is above the risk threshold comprises Example 10: The computing system of example 9,
determining, by the one or more processors, whether the 25 wherein the one or more processors are configured to:
SSRS indicates that the risk is above the risk threshold for receive in response to the alert, a command to hold the
the user of the message-recipient computing device. message; and in response to the command to hold the
Example 5: The method of any of examples 1 through 4, message: delay forwarding the message for delivery to the
further comprising determining, by the one or more proces- message-recipient computing device; recalculate the SSRS,
sors, a numerical value based on the SSRS, wherein the alert 30
and determine whether to forward the message for delivery
includes the numerical value. to the message-recipient computing device based on the
Example 6: The method of any of examples 1 through 5,
recalculated SSRS.
wherein determining that the message-sending computing
Example 11: The computing system of any of examples 9
device has received the indication of user input indicating
the intent to send the message to the user of the message- 35
and 10, wherein the one or more processors are further
recipient computing device comprises determining, by the configured to: determine a category associated with content
one or more processors, prior to the message-sending com- of the message; and determine the risk threshold based on
puting device receiving an indication of user input to actu- the category associated with the content of the message.
ally send the message to the user of the message-recipient Example 12: The computing system of any of examples 9
computing device, that the message-sending computing 40 through 11, wherein the one or more processors are further
device has received the indication of user input indicating configured to receive data indicating that the user of the
the intent to send the message to the user of the message- message-sending computing device has specified a risk
recipient computing device. threshold for the user of the message-recipient computing
Example 7: The method of any of examples 1 through 6, device; and wherein the one or more processors are config-
wherein the method further comprises determining, by the 45 ured to, as part of determining whether the SSRS indicates
one or more processors, categories of screen-recipient users; that the risk is above the risk threshold, determine whether
and wherein calculating the SSRS comprises calculating, by the SSRS indicates that the risk is above the risk threshold
the one or more processors, the SSRS based on the catego- for the user of the message-recipient computing device.
ries of the screen-recipient users. Example 13: The computing system of any of examples 9
Example 8: The method of any of examples 1 through 7, 50 through 12, wherein the one or more processors are further
wherein calculating the SSRS comprises calculating the configured to determine a numerical value based on the
SSRS as a weighted averages of values of variables in score SSRS, wherein the alert includes the numerical value.
basis data, wherein the variables in the score basis data Example 14: The computing system of any of examples 9
include one or more of: a variable indicating whether an through 13, wherein the one or more processors are config-
individual screen sharing application is installed on the 55 ured to, as part of determining that the message-sending
message-sending computing device, a variable indicating computing device has received an indication of user input
whether an individual screen sharing application is in use, a indicating an intent to send the message to the user of the
variable indicating whether a full screen of the message- message-recipient computing device, determine, prior to the
recipient computing device is being shared, a variable indi- message-sending computing device receiving an indication
cating how many monitors are connected to the message- 60 of user input to actually send the message to the user of the
recipient computing device, a variable indicating whether a message-recipient computing device, that the user of the
messaging application is configured to receive messages on message-sending computing device has received the indica-
the message-recipient computing device, a variable indicat- tion of user input indicating the intent to send the message
ing whether any screen-recipient user is untrusted for a to the user of the message-recipient computing device.
categories associated with the message, or a variable indi- 65 Example 15: The computing system of any of examples 9
cating whether a topic is being discussed during a screen through 14, wherein the one or more processors are further
sharing session. configured to determine categories of screen-recipient users;
US 11,734,462 B2
21 22
and wherein the one or more processors are configured to in the score basis data include one or more of: a variable
calculate the SSRS based on the categories of the screen- indicating whether an individual screen sharing application
recipient users. is installed on the message-sending computing device, a
Example 16: The computing system of any of examples 9 variable indicating whether an individual screen sharing
through 15, wherein the one or more processors are config- 5 application is in use, a variable indicating whether a full
ured to calculate the SSRS as a weighted averages of values screen of the message-recipient computing device is being
of variables in score basis data, wherein the variables in the shared, a variable indicating how many monitors are con-
score basis data include one or more of: a variable indicating nected to the message-recipient computing device, a vari-
whether an individual screen sharing application is installed able indicating whether a messaging application is config-
on the message-sending computing device, a variable indi- 10 ured to receive messages on the message-recipient
cating whether an individual screen sharing application is in computing device, a variable indicating whether any screen-
use, a variable indicating whether a full screen of the recipient user is untrusted for a categories associated with
message-recipient computing device is being shared, a vari- the message, or a variable indicating whether a topic is being
able indicating how many monitors are connected to the discussed during a screen sharing session.
message-recipient computing device, a variable indicating 15 For processes, apparatuses, and other examples or illus-
whether a messaging application is configured to receive trations described herein, including in any flowcharts or flow
messages on the message-recipient computing device, a diagrams, certain operations, acts, steps, or events included
variable indicating whether any screen-recipient user is in any of the techniques described herein can be performed
untrusted for a categories associated with the message, or a in a different sequence, may be added, merged, or left out
variable indicating whether a topic is being discussed during 20 altogether (e.g., not all described acts or events are necessary
a screen sharing session. for the practice of the techniques). Moreover, in certain
Example 17: A computer-readable storage medium examples, operations, acts, steps, or events may be per-
includes determine that a message-sending computing formed concurrently, e.g., through multi-threaded process-
device has received an indication of user input indicating an ing, interrupt processing, or multiple processors, rather than
intent to send a message to a user of a message-recipient 25 sequentially. Further certain operations, acts, steps, or events
computing device; prior to the message being delivered to may be performed automatically even if not specifically
the message-recipient computing device, calculate a screen identified as being performed automatically. Also, certain
sharing risk score (SSRS) that indicates a risk that the operations, acts, steps, or events described as being per-
message-recipient computing device is currently sharing formed automatically may be alternatively not performed
screen content of a screen of the message-recipient comput- 30 automatically, but rather, such operations, acts, steps, or
ing device with a screen-recipient computing device asso- events may be, in some examples, performed in response to
ciated with an untrusted screen-recipient user; determine input or another event.
whether the SSRS indicates that the risk is above a risk Further, certain operations, techniques, features, and/or
threshold; and based on the SSRS indicating that the risk is functions may be described herein as being performed by
above the risk threshold, cause the message-sending com- 35 specific components, devices, and/or modules. In other
puting device to output an alert indicating that the message- examples, such operations, techniques, features, and/or
recipient computing device is possible currently sharing the functions may be performed by different components,
screen content of the message-recipient computing device devices, or modules. Accordingly, some operations, tech-
with the screen-recipient computing device associated with niques, features, and/or functions that may be described
the untrusted screen-recipient user. 40 herein as being attributed to one or more components,
Example 18: The computer-readable storage medium of devices, or modules may, in other examples, be attributed to
example 17, wherein the instructions that cause the process- other components, devices, and/or modules, even if not
ing circuitry to determine that the message-sending com- specifically described herein in such a manner.
puting device has received the indication of user input In one or more examples, the functions described may be
indicating the intent to send the message to the user of the 45 implemented in hardware, software, firmware, or any com-
message-recipient computing device comprises instructions bination thereof. If implemented in software, the functions
that, when executed, cause the processing circuitry to deter- may be stored on or transmitted over a computer-readable
mine, prior to the message-sending computing device medium as one or more instructions or code and executed by
receiving an indication of user input to actually send the a hardware-based processing unit. Computer-readable media
message to the user of the message-recipient computing 50 may include computer-readable storage media, which cor-
device, that the message-sending computing device has responds to a tangible medium such as data storage media,
received the indication of user input indicating the intent to or communication media including any medium that facili-
send the message to the user of the message-recipient tates transfer of a computer program from one place to
computing device. another, e.g., according to a communication protocol. In this
Example 19: The computer-readable storage medium of 55 manner, computer-readable media generally may corre-
example 18, wherein the instructions further comprise spond to (1) tangible computer-readable storage media
instructions that, when executed, cause the processing cir- which is non-transitory or (2) a communication medium
cuitry to determine categories of screen-recipient users; and such as a signal or carrier wave. Data storage media may be
wherein the instructions, when executed, cause the process- any available media that can be accessed by one or more
ing circuitry to calculate the SSRS based on the categories 60 computers, processing circuitry, or one or more processors
of the screen-recipient users. to retrieve instructions, code and/or data structures for
Example 20: The computer-readable storage medium of implementation of the techniques described in this disclo-
any of examples 18 and 19, wherein the instructions that sure. A computer program product may include a computer-
cause the processing circuitry to calculate the SSRS com- readable medium.
prise instructions that, when executed, cause the processing 65 By way of example, and not limitation, such computer-
circuitry to calculate the SSRS as a weighted averages of readable storage media can include RAM, ROM, EEPROM,
values of variables in score basis data, wherein the variables CD-ROM, or other optical disk storage, magnetic disk
US 11,734,462 B2
23 24
storage, or other magnetic storage devices, flash memory, or based on the SSRS indicating that the risk is above the
any other medium that can be used to store desired program risk threshold, causing, by the one or more proces-
code in the form of instructions or data structures and that sors, the message-sending computing device to out-
can be accessed by a computer. Also, any connection is put an alert indicating that the message-recipient
properly termed a computer-readable medium. For example, 5 computing device is possibly currently sharing the
if instructions are transmitted from a website, server, or screen content of the message-recipient computing
other remote source using a coaxial cable, fiber optic cable, device with the screen-recipient computing device
twisted pair, digital subscriber line (DSL), or wireless tech- associated with the untrusted screen-recipient user.
nologies such as infrared, radio, and microwave, then the 2. The method of claim 1, further comprising:
coaxial cable, fiber optic cable, twisted pair, DSL, or wire- 10
receiving, by the one or more processors, in response to
less technologies such as infrared, radio, and microwave are
the alert, a command to hold the message; and
included in the definition of medium. It should be under-
stood, however, that computer-readable storage media and in response to the command to hold the message:
data storage media do not include connections, carrier delaying, by the one or more processors, forwarding the
waves, signals, or other transitory media, but are instead 15 message for delivery to the message-recipient com-
directed to non-transitory, tangible storage media. Disk and puting device;
disc, as used herein, includes compact disc (CD), laser disc, recalculating, by the one or more processors, the SSRS;
optical disc, digital versatile disc (DVD), and Blu-ray disc, and
where disks usually reproduce data magnetically, while determining, by the one or more processors, whether to
discs reproduce data optically with lasers. Combinations of 20 forward the message for delivery to the message-
the above should also be included within the scope of recipient computing device based on the recalculated
computer-readable media. SSRS.
Instructions may be executed by processing circuitry 3. The method of claim 1, further comprising:
(e.g., one or more processors, such as one or more DSPs, determining, by the one or more processors, a category
general purpose microprocessors, ASICs, FPGAs, or other 25 associated with content of the message; and
equivalent integrated or discrete logic circuitry), as well as determining, by the one or more processors, the risk
any combination of such components. Accordingly, the term threshold based on the category associated with the
“processor” or “processing circuitry” as used herein, may content of the message.
refer to any of the foregoing structures or any other structure 4. The method of claim 1,
suitable for implementation of the techniques described 30 wherein the method further comprises receiving, by the
herein. In addition, in some aspects, the functionality one or more processors, data indicating that the user of
described herein may be provided within dedicated hard- the message-sending computing device has specified a
ware and/or software modules. Also, the techniques could be risk threshold for the user of the message-recipient
fully implemented in one or more circuits or logic elements. computing device; and
The techniques of this disclosure may be implemented in 35 wherein determining whether the SSRS indicates that the
a wide variety of devices or apparatuses, including a wire- risk is above the risk threshold comprises determining,
less communication device or wireless handset, a micropro- by the one or more processors, whether the SSRS
cessor, an integrated circuit (IC) or a set of ICs (e.g., a chip indicates that the risk is above the risk threshold for the
set). Various components, modules, or units are described in user of the message-recipient computing device.
this disclosure to emphasize functional aspects of devices 40 5. The method of claim 1, further comprising determining,
configured to perform the disclosed techniques, but do not by the one or more processors, a numerical value based on
necessarily require realization by different hardware units. the SSRS, wherein the alert includes the numerical value.
Rather, as described above, various units may be combined 6. The method of claim 1, wherein determining that the
in a hardware unit or provided by a collection of interop- message-sending computing device has received the indica-
erative hardware units, including one or more processors as 45 tion of user input indicating the intent to send the message
described above, in conjunction with suitable software and/ to the user of the message-recipient computing device
or firmware. comprises determining, by the one or more processors, prior
to the message-sending computing device receiving an indi-
What is claimed is: cation of user input to actually send the message to the user
1. A method comprising: 50 of the message-recipient computing device, that the mes-
determining, by one or more processors of a computing sage-sending computing device has received the indication
system, that a message-sending computing device has of user input indicating the intent to send the message to the
received an indication of user input indicating an intent user of the message-recipient computing device.
to send a message to a user of a message-recipient 7. The method of claim 1,
computing device; and 55 wherein the method further comprises determining, by the
prior to the message being delivered to the message- one or more processors, categories of screen-recipient
recipient computing device: users; and
calculating, by the one or more processors, a screen wherein calculating the SSRS comprises calculating, by
sharing risk score (SSRS) that indicates a risk that the one or more processors, the SSRS based on the
the message-recipient computing device is currently 60 categories of the screen-recipient users.
sharing screen content of a screen of the message- 8. The method of claim 1, wherein calculating the SSRS
recipient computing device with a screen-recipient comprises calculating the SSRS as a weighted average of
computing device associated with an untrusted values of variables in score basis data, wherein the variables
screen-recipient user; in the score basis data include one or more of:
determining, by the one or more processors, whether 65 a variable indicating whether an individual screen sharing
the SSRS indicates that the risk is above a risk application is installed on the message-sending com-
threshold; and puting device,
US 11,734,462 B2
25 26
a variable indicating whether an individual screen sharing SSRS indicates that the risk is above the risk threshold
application is in use, for the user of the message-recipient computing device.
a variable indicating whether a full screen of the message- 13. The computing system of claim 9, wherein the one or
recipient computing device is being shared, more processors are further configured to determine a
a variable indicating how many monitors are connected to 5 numerical value based on the SSRS, wherein the alert
the message-recipient computing device, includes the numerical value.
a variable indicating whether a messaging application is 14. The computing system of claim 9, wherein the one or
configured to receive messages on the message-recipi- more processors are configured to, as part of determining
ent computing device, that the message-sending computing device has received an
a variable indicating whether any screen-recipient user is 10 indication of user input indicating an intent to send the
untrusted for a categories associated with the message, message to the user of the message-recipient computing
or device, determine, prior to the message-sending computing
a variable indicating whether a topic is being discussed device receiving an indication of user input to actually send
during a screen sharing session. the message to the user of the message-recipient computing
9. A computing system comprising: 15 device, that the user of the message-sending computing
one or more storage devices configured to store score device has received the indication of user input indicating
basis data; and the intent to send the message to the user of the message-
one or more processors implemented in circuitry, the one recipient computing device.
or more processors configured to: 15. The computing system of claim 9,
determine that a message-sending computing device 20 wherein the one or more processors are further configured
has received an indication of user input indicating an to determine categories of screen-recipient users; and
intent to send a message to a user of a message- wherein the one or more processors are configured to
recipient computing device; calculate the SSRS based on the categories of the
prior to the message being delivered to the message- screen-recipient users.
recipient computing device, calculate, based on the 25 16. The computing system of claim 9, wherein the one or
score basis data, a screen sharing risk score (SSRS) more processors are configured to calculate the SSRS as a
that indicates a risk that the message-recipient com- weighted average of values of variables in score basis data,
puting device is currently sharing screen content of wherein the variables in the score basis data include one or
a screen of the message-recipient computing device more of:
with a screen-recipient computing device associated 30 a variable indicating whether an individual screen sharing
with an untrusted screen-recipient user; application is installed on the message-sending com-
determine whether the SSRS indicates that the risk is puting device,
above a risk threshold; and a variable indicating whether an individual screen sharing
based on the SSRS indicating that the risk is above the application is in use,
risk threshold, cause the message-sending comput- 35 a variable indicating whether a full screen of the message-
ing device to output an alert indicating that the recipient computing device is being shared,
message-recipient computing device is possibly cur- a variable indicating how many monitors are connected to
rently sharing the screen content of the message- the message-recipient computing device,
recipient computing device with the screen-recipient a variable indicating whether a messaging application is
computing device associated with the untrusted 40 configured to receive messages on the message-recipi-
screen-recipient user. ent computing device,
10. The computing system of claim 9, wherein the one or a variable indicating whether any screen-recipient user is
more processors are configured to: untrusted for a categories associated with the message,
receive in response to the alert, a command to hold the or
message; and 45 a variable indicating whether a topic is being discussed
in response to the command to hold the message: during a screen sharing session.
delay forwarding the message for delivery to the mes- 17. A non-transitory computer-readable storage medium
sage-recipient computing device; comprising instructions that, when executed, cause process-
recalculate the SSRS, and ing circuitry of a computing system to:
determine whether to forward the message for delivery 50 determine that a message-sending computing device has
to the message-recipient computing device based on received an indication of user input indicating an intent
the recalculated SSRS. to send a message to a user of a message-recipient
11. The computing system of claim 9, wherein the one or computing device;
more processors are further configured to: prior to the message being delivered to the message-
determine a category associated with content of the mes- 55 recipient computing device, calculate a screen sharing
sage; and risk score (SSRS) that indicates a risk that the message-
determine the risk threshold based on the category asso- recipient computing device is currently sharing screen
ciated with the content of the message. content of a screen of the message-recipient computing
12. The computing system of claim 9, device with a screen-recipient computing device asso-
wherein the one or more processors are further configured 60 ciated with an untrusted screen-recipient user;
to receive data indicating that the user of the message- determine whether the SSRS indicates that the risk is
sending computing device has specified a risk threshold above a risk threshold; and
for the user of the message-recipient computing device; based on the SSRS indicating that the risk is above the
and risk threshold, cause the message-sending computing
wherein the one or more processors are configured to, as 65 device to output an alert indicating that the message-
part of determining whether the SSRS indicates that the recipient computing device is possible currently shar-
risk is above the risk threshold, determine whether the ing the screen content of the message-recipient com-
US 11,734,462 B2
27 28
puting device with the screen-recipient computing 20. The non-transitory computer-readable storage
device associated with the untrusted screen-recipient medium of claim 18, wherein the instructions that cause the
user. processing circuitry to calculate the SSRS comprise instruc-
18. The non-transitory computer-readable storage tions that, when executed, cause the processing circuitry to
medium of claim 17, wherein the instructions that cause the 5 calculate the SSRS as a weighted average of values of
processing circuitry to determine that the message-sending variables in score basis data, wherein the variables in the
computing device has received the indication of user input score basis data include one or more of:
indicating the intent to send the message to the user of the a variable indicating whether an individual screen sharing
message-recipient computing device comprises instructions application is installed on the message-sending com-
that, when executed, cause the processing circuitry to deter- 10 puting device,
mine, prior to the message-sending computing device a variable indicating whether an individual screen sharing
receiving an indication of user input to actually send the application is in use,
message to the user of the message-recipient computing a variable indicating whether a full screen of the message-
device, that the message-sending computing device has recipient computing device is being shared,
received the indication of user input indicating the intent to 15 a variable indicating how many monitors are connected to
send the message to the user of the message-recipient the message-recipient computing device,
computing device. a variable indicating whether a messaging application is
19. The non-transitory computer-readable storage configured to receive messages on the message-recipi-
medium of claim 18, ent computing device,
wherein the instructions further comprise instructions 20 a variable indicating whether any screen-recipient user is
that, when executed, cause the processing circuitry to untrusted for a categories associated with the message,
determine categories of screen-recipient users; and or
wherein the instructions, when executed, cause the pro- a variable indicating whether a topic is being discussed
cessing circuitry to calculate the SSRS based on the during a screen sharing session.
categories of the screen-recipient users. ∗ ∗ ∗ ∗ ∗

Patent Egrant

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Patent Egrant

Uploaded by

Copyright:

Available Formats

To Promote the Progress of Science and Useful Arts

Therefore, this United States

Director of the United States Patent and Trademark Office

Patent Term Notice

Form PTO-377C (Rev 09/17)

(12) United States Patent (10) Patent No.: US 11,734,462 B2

(54) PREVENTING SENSITIVE INFORMATION 10,140,274B2 11/2018 Bastide et al.

(56) References Cited

You might also like