Abstract: An activation function processing method includes processing a first activation function in a first mode by referring to a shared lookup table that includes a plurality of function values of the first activation function; and processing a second activation function in a second mode by referring to the shared lookup table, the second activation function being a different function than the first activation function.

Abstract: According to certain aspects of the present disclosure, a computer-implemented method is provided. The method includes receiving, at a manager device, data comprising at least one managed device. The method includes identifying, at the manager device, a website associated with the at least one managed device. The method also includes receiving, at a mobile device management server from the manager device, a first message to cause the mobile device management server to initiate transmission of a second message comprising a command that causes the at least one managed device to navigate to the website via a browser, restrict access to other websites other than the website, and enable a camera. Systems and machine-readable media are also provided.

Abstract: A method that includes receiving patient-generated event data over a network from a patient device associated with a patient having an active digital therapy prescription for treating an underlying disease or disorder. The patient-generated event data is encrypted by the patient device and includes at least one timestamped event related to the active digital therapy prescription. In response to receiving the patient-generated event data, the method includes decrypting, anonymizing, and storing the anonymized patient-generated event data on memory hardware. The method further includes receiving a patient record request over the network from a healthcare provider (HCP) system that requests the patient-generated event data and includes an authentication token. In response to receiving the patient record request, the method includes retrieving and encrypting the anonymized patient-generated event data from the memory hardware using the authentication token.

Abstract: A system, method, and apparatus for concealing searches for information stored on public networks, includes splitting of a search query, transforming the query into one or more related queries, and searching each of related queries separately.

Abstract: Techniques for auto-starting a VPN in a MAM environment are disclosed. A MAM-controlled application is launched on a computer system. Policy is queried and a determination is made as to whether to auto-start a VPN application based on the policy. Based on the policy, the VPN application is auto-started, and the VPN application initiates a VPN tunnel that is usable by at least the MAM-controlled application. Network communications transmitted to or from the MAM-controlled application then pass through the VPN tunnel.

Abstract: Methods for enabling passwordless authentication to ancillary devices and services of a user by utilizing a mobile device of that same user. Systems and machine-readable media are also provided.

Abstract: Disclosed is an orthogonal access control system based on cryptographic operations provided by multi-hop proxy re-encryption (PRE) that strictly enforces only authorized access to data by groups of users, scalable to large numbers of users. Scalable delegation of decryption authority can be shared with a plurality of members of a group whether those members be users or devices, and members of a group can further create sub groups and delegate decryption authority to those members, whether users or devices. Members are granted access via generation of transform keys, and membership or access can be revoked merely be deleting the transform key—no elimination of the encrypted data, regardless of its storage location, is needed.

Abstract: A system for efficiently thwarting syn flood DDoS attacks on a target server including a CPU, the system comprising: network controller hardware having steering capability; and a software application to create and to configure initial steering object/s which define a steering configuration of the network controller and monitor at least one opened connection to the server, including updating the steering configuration responsive to establishment of at least one connection to the server, wherein the network controller hardware's steering capability is used to provide a SYN cookie value used for said thwarting, and to send at least one packet, modified, to the packet's source.

Abstract: Techniques for securing displayed data on computing devices are disclosed. One example technique includes upon determining that the computing device is unlocked, capturing and analyzing an image in a field of view of the camera of the computing device to determine whether the image includes a human face. In response to determining that the image includes a human face, the technique includes determining facial attributes of the human face in the image via facial recognition and whether the human face is that of an authorized user of the computing device. In response to determining that the human face is not one of an authorized user of the computing device, the technique includes converting user data on the computing device from an original language to a new language to output on a display of the computing device, thereby securing the displayed user data even when the computing device is unlocked.

Abstract: A device which can be implemented on a single packaged integrated circuit or a multichip module comprises a plurality of non-volatile memory cells, and logic to use a physical unclonable function to produce a key and to store the key in a set of non-volatile memory cells in the plurality of non-volatile memory cells. The physical unclonable function can use entropy derived from non-volatile memory cells in the plurality of non-volatile memory cells to produce a key. Logic is described to disable changes to data in the set of non-volatile memory cells, and thereby freeze the key after it is stored in the set.

Abstract: The invention relates to distributed ledge technologies such as consensus-based blockchains. Methods for causing an injection of a serialized previous transaction into a locking script are described. The invention is implemented using a blockchain network, which may be, for example, a Bitcoin blockchain. A first transaction to validate is received at a node in a blockchain network, with the first transaction including a first script. The first script, as a result of being executed, causes the node to at least obtain a first set of field values corresponding to the first transaction and obtain a second set of field values corresponding to a particular transaction. A second transaction is obtained, with the second transaction having been validated and including a second script.

Abstract: Behavior report generation monitors the behavior of unknown sample files executing in a sandbox. Behaviors are encoded and feature vectors created based upon a q-gram for each sample. Prototypes extraction includes extracting prototypes from the training set of feature vectors using a clustering algorithm. Once prototypes are identified in this training process, the prototypes with unknown labels are reviewed by domain experts who add a label to each prototype. A K-Nearest Neighbor Graph is used to merge prototypes into fewer prototypes without using a fixed distance threshold and then assigning a malware family name to each remaining prototype. An input unknown sample can be classified using the remaining prototypes and using a fixed distance. For the case that no such prototype is close enough, the behavior report of a sample is rejected and tagged as an unknown sample or that of an emerging malware family.

Abstract: Methods, systems, and devices that support determining whether media data has been altered are described. Captured media data may be segmented into one or more subsets, and cryptographic representations (e.g., hashes) based on the subsets may be written to an immutable ledger, possibly along with metadata and other related data. A block of a blockchain may be created for each entry in the immutable ledger. A set of media data may be validated, if a corresponding immutable ledger exists, based on segmenting the set of media data into one or more subsets in accordance with the segmenting upon capture, creating candidate cryptographic representations (e.g., hashes) based on the subsets, and comparing the candidate cryptographic representations with contents of the corresponding immutable ledger.

Abstract: A system, method, and apparatus for carrying out a value transfer is provided. A method includes receiving, by a computing system of a financial institution, a de-signcrypted value transfer message including terms of a value transfer from an account of a sending party to an account of a merchant, wherein a receiving party desires to make a purchase from the merchant and the value transfer is a payment from the sending party account to the merchant account; and one or more spending limitations on the desired purchase, wherein the payment is contingent on the desired purchase meeting the spending limitations. The method then includes verifying the authenticity of the de-signcrypted message using a public key of the sending party and a private key of the financial institution; and dispersing funds according to the terms of the value transfer.

Abstract: An exemplary method includes a digital asset management system generating a set of collectible non-fungible digital assets, generating metadata specifying that non-fungible digital assets included the set of collectible non-fungible digital assets are configured to combine together to form a layered scene configured to be presented by a computer system, and recording, in a distributed record configured to track ownership of non-fungible digital assets, ownership information associated with the set of collectible non-fungible digital assets.

Abstract: A method for gesture-based multi-factor authentication includes mapping a gesture password to a first substitution string, generating a cryptographic key using the first substitution string as an input to a password authenticated key exchange protocol, encrypting a challenge response with the cryptographic key to generate an encrypted challenge response, and transmitting, to a relying party computing system, a first authentication message comprising the encrypted challenge response and a user identifier identifying a user.

Abstract: Techniques for securely controlling multiple lighting devices simultaneously with a lighting control device are disclosed. Command messages may be transmitted from the lighting control device to multiple lighting devices over a computer network without routing through a remote cloud service. The messages may be encrypted and may include an incremented sequence number. Lighting devices that receive a command message may compare the incremented sequence number to a previously stored sequence number corresponding to the lighting control device. If the incremented sequence number is greater than the stored sequence number, then a lighting device may determine the message was transmitted by an authorized lighting control device and may implement any command instruction included therein. If the incremented sequence number is equal to or less than the stored sequence number, then the lighting device may determine the command message was transmitted by a malicious source and may ignore the command message.

Abstract: An administered authentication system can authenticate an artificial reality device using an authorization record between a user account and an artificial reality device. In some implementations, the authorization record is created in response to activation of a user account-specific key sent to a user-supplied contact, where an artificial reality device identifier was provided with the user-supplied contact. In other implementations, the authorization record is created in response to activation of a user account-specific key provided to the artificial reality device as a code, where activation of the key includes adding an artificial reality device identifier to a key activation message. In yet other implementations, the authorization record is created in response to an application associated with a user account activating an artificial reality device-specific key, with an artificial reality device identifier, that is provided via the artificial reality device.

Abstract: An apparatus for providing secure communications may include a processor; memory in electronic communication with the processor; an output in electronic communication with the processor; and instructions stored in the memory and executable by the processor to cause the apparatus to store a plurality of encryption protocols; store at least one encryption hopping protocol; select at least one encryption hopping protocol; encrypt the data according to the selected encryption hopping protocol; and transmit data from the output utilizing the selected encryption hopping protocol.

Abstract: Techniques for enhancing the security of a communication device when conducting a transaction using the communication device may include using a limited-use key (LUK) to generate a transaction cryptogram, and transmitting a token instead of a real account identifier and the transaction cryptogram to an access device to conduct the transaction. The token and the transaction cryptogram can be transmitted to a magnetic stripe reader by generating an emulated magnetic signal. The LUK may be associated with a set of one or more limited-use thresholds that limits usage of the LUK, and the transaction can be authorized based on at least whether usage of the LUK has exceeded the set of one or more limited-use thresholds.