Abstract: One embodiment provides a system which facilitates construction of an ensemble of neural network-based classifiers that optimize a diversity metric. During operation, the system defines a diversity metric based on pairwise angles between decision boundaries of three or more affine classifiers. The system includes the diversity metric as a regularization term in a loss function optimization for designing a pair of mutually orthogonal affine classifiers of the three or more affine classifiers. The system trains one or more neural networks such that parameters of the one or more neural networks are consistent with parameters of the affine classifiers to obtain an ensemble of neural network-based classifiers which optimize the diversity metric. The system predicts an outcome for a testing data object based on the obtained ensemble of neural-network based classifiers which optimize the diversity metric.

Abstract: One embodiment provides a method and system which facilitates optimizing a pair of affine classifiers based on a diversity metric. During operation, the system defines a diversity metric based on an angle between decision boundaries of a pair of affine classifiers. The system includes the diversity metric as a regularization term in a loss function optimization for designing the pair of affine classifiers, wherein the designed pair of affine classifiers are mutually orthogonal. The system predicts an outcome for a testing data object based on the designed pair of mutually orthogonal affine classifiers.

Abstract: A system determines, in a graph which represents a system of components: vulnerability nodes representing known vulnerabilities to the system, including exposed and non-exposed vulnerability nodes associated with an exploitation likelihood; and dependency nodes representing components in the system, including direct and indirect dependency nodes associated with an exposure factor indicating an amount of degradation based on exploitation of an associated vulnerability. The system calculates, across all non-exposed vulnerability nodes and all direct dependency nodes, a score which indicates an attack volume based on at least: a respective second likelihood associated with a non-exposed vulnerability node; an exposure factor associated with a dependency node which represents a component directly degraded based on exploitation of a vulnerability; and a loss of utility of the component.

Abstract: A system for collecting building environmental sensor data includes a first data collection device having a first transceiver that is configured to receive data from proximate building environmental sensors and a second transceiver that is configured to communicate with an external service. The device will, upon detecting that the first transceiver is within a receiving range of a first building environmental sensor, communicatively connect with the first building environmental sensor to receive a data stream that comprises sensor data captured by the first building environmental sensor. The device will continue to receive the data stream until the first transceiver either receives all of the sensor data or moves out of the receiving range. The device will repeat this process for additional building environmental sensors. The device will use its second transceiver to transfer the sensor data to the external service.

Abstract: A system for collecting building environmental sensor data includes a first data collection device having a first transceiver that is configured to receive data from proximate building environmental sensors and a second transceiver that is configured to communicate with an external service. The device will, upon detecting that the first transceiver is within a receiving range of a first building environmental sensor, communicatively connect with the first building environmental sensor to receive a data stream that comprises sensor data captured by the first building environmental sensor. The device will continue to receive the data stream until the first transceiver either receives all of the sensor data or moves out of the receiving range. The device will repeat this process for additional building environmental sensors. The device will use its second transceiver to transfer the sensor data to the external service.

Abstract: A building environmental sensor includes a sensing element for collecting measurements of environmental parameters such as temperature, humidity, light, sound or the absence or presence of gas. The sensor will: (a) detect that a data collection device is within a communication range of the sensor; (b) generate a data stream that includes the data that the sensor collected; (c) transmit the data stream to the first data collection device; (d) determine that a communication link between the sensor and the first data collection device was lost before the first data stream was fully transmitted; (e) detect that a second data collection device is within the communication range of the sensor; (f) generate a second data stream that includes the remaining data; and (g) transmit the second data stream to the second data collection device.

Abstract: A certified application is installed onto a content creation device and a mobile certified application is installed onto a mobile device, the applications establish first and second trust relationships with the cloud service. The certified application and mobile certified application establish the third trust relationship via a proximity network. The mobile certified application generates a first ephemeral key pair having a private part. The certified application generates a second ephemeral key pair having a private part. The mobile certified application requests a service from the content creation device involving the transfer of data between the content creation device and the cloud service. The data is protected by at least one of the first and second ephemeral key pairs in response to invocation of the service. The service results in the data being stored at the cloud service and/or rendered at the content creation device.

Abstract: A method and system are provided which facilitate construction of an ensemble of neural network kernel classifiers. The system divides a training set into partitions. The system trains, based on the training set, a first neural network encoder to output a first set of features, and trains, based on each respective partition of the training set, a second neural network encoder to output a second set of features. The system generates, for each respective partition, based on the first and second set of features, kernel models which output a third set of features. The system classifies, by a classification model, the training set based on the third set of features. The generated kernel models for each respective partition and the classification model comprise the ensemble of neural network kernel classifiers. The system predicts a result for a testing data object based on the ensemble of neural network kernel classifiers.

Abstract: One embodiment provides a system which facilitates construction of an ensemble of machine learning models. During operation, the system determines a training set of data objects, wherein each data object is associated with one of a plurality of classes. The system divides the training set of data objects into a number of partitions. The system generates a respective machine learning model for each respective partition using a universal kernel function, which processes the data objects divided into a respective partition to obtain the ensemble of machine learning models. The system trains the machine learning models based on the data objects of the training set. The system predicts an outcome for a testing data object based on the ensemble of machine learning models and an ensemble decision rule.

Abstract: The system determines a version space associated with a set of data comprising a pool of unlabeled samples and a first plurality of labeled samples, wherein the version space includes a first set of classifiers corresponding to the first plurality of labeled samples. The system selects, from the pool of unlabeled samples, a second plurality of unlabeled samples comprising informative samples and non-informative samples. A respective informative sample corresponds to a first hyperplane which intersects the version space, and a respective non-informative sample corresponds to a second hyperplane which does not intersect the version space. The system acquires labels corresponding to the second plurality of unlabeled samples to obtain a third plurality of labeled samples. The system updates the first set of classifiers based on the third plurality of labeled samples, thereby improving accuracy of the first set of classifiers.

Abstract: One embodiment provides a system which facilitates reasoning about classifiers. During operation, the system determines a plurality of neural networks. The system derives, from a respective neural network, a linear model, wherein the linear model is constructed based on an output of a penultimate layer of the respective neural network. The system trains the linear model based on activations of the penultimate layer. The system maps parameters of the trained linear model into a version space.

Abstract: A certified application is installed onto a content creation device and a mobile certified application is installed onto a mobile device, the applications establish first and second trust relationships with the cloud service. The certified application and mobile certified application establish the third trust relationship via a proximity network. The mobile certified application generates a first ephemeral key pair having a private part. The certified application generates a second ephemeral key pair having a private part. The mobile certified application requests a service from the content creation device involving the transfer of data between the content creation device and the cloud service. The data is protected by at least one of the first and second ephemeral key pairs in response to invocation of the service. The service results in the data being stored at the cloud service and/or rendered at the content creation device.

Abstract: A multifunction printer connects to a controlled device via a proximity network link. The multifunction printer is connected as a master of the controlled device. The multifunction printer connects with a mobile device via a Bluetooth link, such that the mobile device is connected as a master of the multifunction printer. The mobile device is authenticated to determine credentials and access permissions relative to the controlled device. The mobile device's access to the controlled device is controlled from the multifunction printer via the Bluetooth link based on the credentials and access permissions.

Abstract: The current invention provides a system and method for Data Owners to share with Data Seekers extracted insights from the Big Data, instead of raw data or anonymized raw data, thus reducing or eliminating privacy concerns on the data owned by the Data Owners. An Oblivious Pseudo Random Function (OPRF) is used, with operations using OPRFs occur over encrypted data, thus Data Owners learn only the primary object from Data Seeker and nothing else about the remainder of Data Owners' data. Similarly, Data Seeker learns a list of associated secondary objects and nothing else about Data Owners' data. The extent of sharing can be limited using a predefined threshold depending how much private information Data Owner is willing to share or Data Seeker is willing to pay.

Abstract: The system determines a version space associated with a set of data comprising a pool of unlabeled samples and a first plurality of labeled samples, wherein the version space includes a first set of classifiers corresponding to the first plurality of labeled samples. The system selects, from the pool of unlabeled samples, a second plurality of unlabeled samples comprising informative samples and non-informative samples. A respective informative sample corresponds to a first hyperplane which intersects the version space, and a respective non-informative sample corresponds to a second hyperplane which does not intersect the version space. The system acquires labels corresponding to the second plurality of unlabeled samples to obtain a third plurality of labeled samples. The system updates the first set of classifiers based on the third plurality of labeled samples, thereby improving accuracy of the first set of classifiers.

Abstract: A multifunction printer connects to a controlled device via a proximity network link. The multifunction printer is connected as a master of the controlled device. The multifunction printer connects with a mobile device via a Bluetooth link, such that the mobile device is connected as a master of the multifunction printer. The mobile device is authenticated to determine credentials and access permissions relative to the controlled device. The mobile device's access to the controlled device is controlled from the multifunction printer via the Bluetooth link based on the credentials and access permissions.

Abstract: One embodiment facilities user access to a standalone computing device. During operation, the system receives, by the standalone computing device from a mobile computing device associated with a user, a first command to access capabilities of the standalone computing device, wherein the first command includes an ephemeral user identifier which includes an ephemeral key and indicates user-specific metadata, wherein the ephemeral key is generated by a network service, wherein the ephemeral user identifier is digitally signed with a private key of the network service, and wherein the standalone computing device is not directly accessible by the network service. The system verifies, by the standalone computing device using a public key of the network service, that the ephemeral user identifier was generated by the network service. The system executes, by the standalone computing device, the first command based on the user-specific metadata.

Abstract: A network is organized into a plurality of broadcast domains. Each broadcast domain includes a plurality of nodes each configured to cause messages to be sent to two or more other of the nodes within the broadcast domain. The broadcast domains are coupled via bridging connections. Each bridging connection couples at least one of the nodes from a first of the broadcast domains to at least one of the nodes of a second of the broadcast domains. The messages are caused to be sent through the plurality of broadcast domains via a subset of the bridging connections. The subset of the bridging connections is selected non-deterministically via the plurality of broadcast domains.

Abstract: A method is provided for generating an encrypted database. The method includes: receiving a plaintext database having plaintext data entries therein; and generating an encrypted database using the plaintext database, the encrypted database including encrypted data entries therein. The encrypted database is configured to support at least one form of conditional query such that the at least one form of conditional query returns a correct encrypted result when the query is computed on the encrypted data entries without the decryption thereof.

Abstract: A multi-function printer is coupled to a mobile device via a proximity network interface. The multi-function printer determines a workflow specified by a user of the mobile device. An ephemeral token associated with the workflow is sent to the mobile user device. The mobile device uses the ephemeral token to create a payment packet that is sent to a payment server which sends a receipt in response thereto. The multi-function printer receives the receipt from the mobile device and in response to receiving the receipt, obtains a list of payments from the payment server. The multi-function printer performs the workflow based on validating the receipt against the list of payments.