Abstract: Techniques are provided to reduce the form factor of laser-based systems by multi-purposing a photodiode used to help control the output of a laser. A reflective photodiode comprises a light receiving surface and a reflective coating. The light receiving surface is configured to absorb some incident light and to convert it into electrical current. The reflective coating is disposed on the light receiving surface and is configured to reflect some of the incident light away from the light receiving surface. The reflective coating also permits some of the incoming light to pass therethrough for absorption.

Abstract: Optimizations are provided for reconstructing geometric surfaces for an environment that includes moving objects. Multiple depth maps for the environment are created, where some of the depth maps correspond to different perspectives of the environment. A motion state identifier is assigned to at least some pixels in at least some of the depth maps corresponding to moving objects in the environment. A composite 3D mesh is built using at least some of the multiple depth maps, by incorporating pixel information from the depth maps, while omitting pixel information identified by the motion state identifiers as being associated with moving objects.

Abstract: Memory is partitioned and isolated in container-based memory enclaves. The container-based memory enclaves have attestable security guarantees. During provisioning of the container-based memory enclaves from a container image, a purported link in the container to a memory address of the enclave is modified to verifiably link to an actual memory address of the host, such as partitioned memory enclave. In some instances, enclave attestation reports can be validated without transmitting corresponding attestation requests to remote attestation services, based on previous attestation of one or more previous container attestation reports from a similar container and without requiring end-to-end attestation between the container and remote attestation service for each new attestation request.

Abstract: Use of a validation data structure in order to securely communicate an encrypted claim that has a decentralized identifier as a subject. The sending system generates the validation data structure and presents the validation data structure to a user that owns the decentralized identifier. The sending system encrypts the claim using at least the validation data structure, and constructs a message that includes the encrypted claim, but which does not include the validation data structure. The relying party receives the message. However, without separately receiving the validation data structure from the user, the relying party computing system cannot decrypt the encrypted claim. If the user wishes the relying party computing system to have access to the claim, the user may communicate the validation data structure to the relying party computing system.

Abstract: Training risk determination models based on a set of labeled data transactions. A first set of labeled data transactions that have been labeled during a review process is accessed. A first risk determination model is trained using the first set of labeled data transactions. A first risk score for data transactions of a set of unlabeled data transactions is determined using the first risk determination model. Data transactions in the set of unlabeled data transactions are newly labeled based on the first risk score. The newly labeled data transactions are added to a second set of labeled data transactions that include the first set of labeled data transactions. A second risk determination model is trained using at least the second set of labeled data transactions. A second risk score is determined for subsequently received data transactions and these data transactions are rejected or approved based on the second risk score.

Abstract: Managing user sessions in a networked computing environment. A method includes, at an identity provider computer system, providing a first id token to a resource provider for an entity. The first id token has therein a first policy check interval having a value defining a period when the first id token should be revalidated. Due to expiration of the first policy check interval, a first refresh token is received from a resource provider computer system that received the first id token. As a result of receiving the first refresh token from the resource provider computer system, the identity provider computer system evaluates conditional access policy for the entity. If the identity provider computer system determines that the conditional access policy for the entity has been met, the identity provider computer system provides a new id token and a new refresh token to the resource provider computer system.

Abstract: Streaming machine learning unidirectional models is facilitated by the use of embedding vectors. Processing blocks in the models apply embedding vectors as input. The embedding vectors utilize context of future data (e.g., data that is temporally offset into the future within a data stream) to improve the accuracy of the outputs generated by the processing blocks. The embedding vectors cause a temporal shift between the outputs of the processing blocks and the inputs to which the outputs correspond. This temporal shift enables the processing blocks to apply the embedding vector inputs from processing blocks that are associated with future data.

Abstract: Diffing subject and comparison traces. The subject and comparison traces can be matched based on identifying similar work being performed by their represented entities. The diffing includes identifying first function calls from the subject trace and identifying second function calls the comparison trace. First and second call trees are created from these function calls; parent-to-child node relationships in the call trees represent caller-to-callee function relationships. A differencing tree is created from the call trees; differencing tree nodes indicate a differencing status between the first and second call trees, and a differencing cost based on the nodes' differencing status pus an aggregation of the node's descendants' differencing costs. A differencing tree node is identified based on following nodes that most contribute to differences between the first and second call trees, and it is used to provide an indicia of a difference between the first and second function calls.

Abstract: A method for accessing content of encrypted data item(s) by a terminal device operating in a digital environment, according to which before the data item is being accessed by the terminal device, it is modified after being intercepted if found to be encrypted. The wrapper of the data item is modified or replaced by embedding a URL with a unique identifier and a message into the wrapper of the data item. If a supported terminal device attempts to accesses the modified data item, the client application natively consumes the data from the modified data item and ignores its wrapper. If not, the message and the URL are displayed on the terminal device and the user browses the URL. Then after authentication, a web server locates the modified data item using the unique identifier, retrieves and decrypts the modified item and converts the decrypted modified data item to a format that can be consumed by the browser.

Abstract: Systems are provided for facilitating the disclosed methods for performing event storage and diagnostic processing within a hybrid cloud environment. Event records are gathered and batched at an on-premises server. The event records are also appended with correlation vector data that enables the event records to be correlated with other events. The batch of event record batches are signed with a security key associated with a cloud storage container and the on-premises server is restricted to writing the batch of event records to the container. In some instances, the size of the batch is based on a duration of time for collecting records, which can be adjusted to accommodate for missing data.

Abstract: Using an association data structure corresponding to a derived decentralized identifier of a subject entity to share a verified claim about the subject entity to one or more relying entities. A decentralized identifier of a subject entity is derived from a source decentralized identity of the subject entity. Next, an association data structure is created using the derived decentralized identifier. The association data structure is structured to be interpretable by a relying entity as demonstrating that a verified claim is about the derived decentralized identity. The relying entity is then caused to be provided the verified claim about the subject entity. The verified claim includes the association data structure that was created using the derived decentralized identifier.

Abstract: Licenses to software services are assigned automatically to users as a function of one or more user attributes. An attribute can include membership in a group such as a license group or a security group, among other things such as location. License assignments can also be retracted automatically upon changes in one or more user attributes.

Abstract: Embodiments disclosed herein are related to computing systems and methods for providing a presentation interrupt for a DID attestation. A DID attestation is accessed that is issued by a first entity of a decentralized network. The DID attestation defines information that has been generated by the first entity about a DID owner who is the subject of the DID attestation. The DID attestation includes interrupt metadata that directs that the first entity be contacted prior to the DID owner being able to present the DID attestation to a second entity of the decentralized network. In response to the DID owner attempting to present the DID attestation to the second entity, the first entity is contacted as directed by the interrupt metadata. Authorization information is received from the first entity. The authorization information indicates if the DID owner is able to present the DID attestation to the second entity.

Abstract: Sending streamed data packets from a producer to a consumer. A method includes, at a first entity, sending consumable data packets from the first entity to a second entity at a first consumable packet rate. The method further includes receiving a first phase delta from the second entity, wherein the first phase delta is computed from transmission jitter, computed from timing information in the consumable data packets. The method further includes sending from the first entity consumable data packets at a second consumable packet rate, the second consumable packet rate being dependent on the first phase delta.

Abstract: A function is compiled against a first application binary interface (ABI) and a second ABI of a native first instruction set architecture (ISA). The second ABI defines context data not exceeding a size expected by a third ABI of a foreign second ISA, and uses a subset of registers of the first ISA that are mapped to registers of the second ISA. Use of the subset of registers by the second ABI results in some functions being foldable when compiled using both the first and second ABIs. First and second compiled versions of the function are identified as foldable, or not, based on whether the compiled versions match. Both the first and second compiled versions are emitted into a binary file when they are not foldable, and only one of the first or second compiled versions is emitted into the binary file when they are foldable.

Abstract: Techniques for improving laser image quality are disclosed herein. An ultra-compact illumination module includes multiple illuminators, photodetectors, and color filters. The illuminators each emit a different spectrum of light. Because of the compact nature of the module and the positioning of the illuminators relative to one another, the different spectrums of light overlap one another prior to being detected by the photodetectors. Each of the photodetectors is associated with a corresponding one of the illuminators, and each of the color filters is associated with a corresponding one of the photodetectors. Each color filter is positioned in-between its corresponding illuminator and photodetector and passes a particular spectrum of light while filtering out other spectrums of light. Consequently, the photodetectors each receive spectrally filtered light having passed through at least one of the color filters. The power output of the illuminators can also be corrected based on output from the photodetectors.

Abstract: Providing fluid external access to a resource that is internal to a network from external to that network. From within the network, the internal user simply provides an internal identifier, and the external user accesses not the internal identifier, but an external uniform resource identifier (URL) that the external user can simply select to obtain access to the internal resource of the network. This is accomplished by translating the internal identifier to an external URL having a proxy server as its domain name. When the external URL selects the URL, a request with that external URL is made to the proxy server, which translates the external URL back to the internal identifier, and coordinates with the network to obtain the resource for the external user.

Abstract: Disclosed herein are systems, methods, computer media, and apparatuses for providing resource tracking, such as in a data center environment. A control and monitoring node receives updates indicating instantiation of resources in the computing system network. The control and monitoring node determines that there are duplicate resources in the network, and then determines which of the duplicate resources to provide connectivity to. The control and monitoring node provides network configuration updates to various networking resources in the network to provide network connectivity to the one of the duplicate resources in the network.

Abstract: Embodiments disclosed herein are related to computing systems, computer program products, and methods for providing a callback pattern for DID attestations or claims. An attestation is provided from a first entity of a decentralized network to a second entity of the decentralized network. The attestation defines information about an owner of the attestation that has been generated by the first entity and that is to be used by the second entity. The attestation includes contact metadata that defines how to contact the first entity. In response to the attestation being provided to the second entity, the first entity is contacted using the contact metadata.