Abstract: A device configuration silo is arranged to be accessed as an IEEE 1667-compatible silo which exposes interfaces to a host application to make changes to the presence of one or more other silos, as well as make changes to silo configurations on a per-silo basis for data and method sharing among silos across the ACTs on a storage device such as a transient storage device. The interfaces exposed by the device configuration silo are arranged to enable an authenticated provisioner, like administrator in a corporate network environment, to perform configuration changes to silos after the storage device is released into the field through a secure provisioning mechanism. In addition, users may make configuration changes to silos at runtime in some usage scenarios, for example to enable discrete portions of functionality on a storage device, by using a secure secondary authentication mechanism that is exposed by the device configuration silo.

Abstract: The techniques described herein implement a classification process to evaluate information associated with a tool input (e.g., from an input tool such as a pen or a stylus) and a user touch input (e.g., from a finger or a palm of a hand) to determine whether the user touch input is an intended or an unintended touch input. The information evaluated may be associated with an arrival of the tool input relative to an arrival of the user touch input. The information evaluated may also be associated with a movement of the tool input relative to a movement of the user touch input. In various implementations, the techniques may calculate an evaluation score and compare the evaluation score to a confidence classification threshold. If a confident classification cannot be achieved, the techniques further the classification process as more information associated with the inputs is received.

Abstract: Techniques for identifying inadvertent user input, such as inadvertent touch contact or air input, are described. The techniques may include classifying a touch contact or air input as intentional or unintentional based on contextual information related to the touch contact, the air input, or a device via which the touch contact or air input was received. In some examples, the contextual information may indicate how a user is interacting with the device, such as a position of the user's hand, a location of the touch contact on a touch surface, a path of user's touch trajectory, an application with which the user may be interacting, keyboard input history of the user, and so on. When the user input is classified as unintentional, the techniques may refrain from performing an action that is generally triggered by the user input.

Abstract: A token or other storage device uses Internet identities to set file access attribute rights. Subsequently, requests to access a file can be controlled by confirming the Internet identity of the requestor by either validating the request with a known public key or retrieving the public key from an Internet identity provider. Files may be stored encrypted and may be re-encrypted with the public key associated with Internet identity making the request.

Abstract: A token or other storage device uses Internet identities to set file access attribute rights. Subsequently, requests to access a file can be controlled by confirming the Internet identity of the requestor by either validating the request with a known public key or retrieving the public key from an Internet identity provider. Files may be stored encrypted and may be re-encrypted with the public key associated with Internet identity making the request.

Abstract: The techniques described herein implement a classification process to evaluate information associated with a tool input (e.g., from an input tool such as a pen or a stylus) and a user touch input (e.g., from a finger or a palm of a hand) to determine whether the user touch input is an intended or an unintended touch input. The information evaluated may be associated with an arrival of the tool input relative to an arrival of the user touch input. The information evaluated may also be associated with a movement of the tool input relative to a movement of the user touch input. In various implementations, the techniques may calculate an evaluation score and compare the evaluation score to a confidence classification threshold. If a confident classification cannot be achieved, the techniques further the classification process as more information associated with the inputs is received.

Abstract: Systems, methods, and computer-readable storage media are provided for efficient real-time ink stroke smoothing, trajectory prediction, and GPU-leveraged rendering of ink stroke input. First and second ink points are received and an active Bézier approximation is computed based thereupon. Sequentially later in time that the first and second ink points, a third ink point is received. It is determined whether the third ink point adequately fits the active Bézier approximation. Where it is determined that the third ink point adequately fits, an updated active Bézier approximation is computed that includes the first, second and third ink points. Where it is determined that the third ink point fails to adequately fit, a different new Bézier approximation is computed that includes the third ink point but not the first and second ink points. Leveraging a GPU, a smoothed ink stroke based upon the Bézier approximation(s) is rendered.

Abstract: Techniques and architectures for detecting the handedness of a user from touch input and suppressing unintentional touch input are described. The techniques and architectures may analyze short-lived contacts that occur on a touch surface around a same time as input from an input tool to determine a hand that a user is using to hold the input tool. An inactive region may be established for the touch surface based on the hand determination and/or contextual information related to the user, the touch surface and so on. The inactive region may allow unintentional input to be identified and suppressed.

Abstract: Techniques and architectures for detecting the handedness of a user from touch input and suppressing unintentional touch input are described. The techniques and architectures may analyze short-lived contacts that occur on a touch surface around a same time as input from an input tool to determine a hand that a user is using to hold the input tool. An inactive region may be established for the touch surface based on the hand determination and/or contextual information related to the user, the touch surface and so on. The inactive region may allow unintentional input to be identified and suppressed.

Abstract: A software firewall that may be configured using rules specified for types of network interfaces rather than individual network interfaces. The network types may be specified with type identifiers that have a readily understandable meaning to a user, facilitating ease of configuring the firewall. The network types could include, for example, wired, wireless and remote access. A rule specified based on a network type can be implemented for network interfaces of that network type. The implementation may be performed automatically and may be updated based on network location awareness information.

Abstract: A device configuration silo is arranged to be accessed as an IEEE 1667-compatible silo which exposes interfaces to a host application to make changes to the presence of one or more other silos, as well as make changes to silo configurations on a per-silo basis for data and method sharing among silos across the ACTs on a storage device such as a transient storage device. The interfaces exposed by the device configuration silo are arranged to enable an authenticated provisioner, like administrator in a corporate network environment, to perform configuration changes to silos after the storage device is released into the field through a secure provisioning mechanism. In addition, users may make configuration changes to silos at runtime in some usage scenarios, for example to enable discrete portions of functionality on a storage device, by using a secure secondary authentication mechanism that is exposed by the device configuration silo.

Abstract: A token or other storage device uses Internet identities to set file access attribute rights. Subsequently, requests to access a file can be controlled by confirming the Internet identity of the requestor by either validating the request with a known public key or retrieving the public key from an Internet identity provider. Files may be stored encrypted and may be re-encrypted with the public key associated with Internet identity making the request.

Abstract: The re-encryption of data can be performed with independent cryptographic agents that can automatically encrypt and decrypt data in accordance with cryptographic regions, such that data within a single cryptographic region is encrypted and decrypted with the same cryptographic key. An “in-place” re-encryption can be performed by reading data from a chunk in an existing cryptographic region, shrinking the existing cryptographic region past the chunk, expanding a replacement cryptographic region over the chunk, and then writing the data back to the same location, which is now part of the replacement cryptographic region. An “out-of-place” re-encryption can be performed by reading data from a chunk in an existing cryptographic region and then writing the data back to a location immediately adjacent that is part of a replacement cryptographic region. After the re-encrypted data is “shifted”, the cryptographic regions can be expanded and contracted appropriately, and another chunk can be selected.

Abstract: Some embodiments of the invention are directed to techniques for determining whether a process on a computer system that is sending or receiving data, or is attempting to send or receive data, with another computer system is executing in kernel mode or user mode and providing an indicator of this determination to a security engine. In some embodiments, such an indication is provided to a security engine (e.g., a firewall) that implements a security policy based at least in part on whether the sending or receiving process is in kernel mode or user mode, and filter communications based on a process' operating mode. This enables a security engine to maintain security policies of greater specificity and thus improve security of a computer system.

Abstract: The described implementations relate to capturing a computing experience. In one case, a user session capture tool can launch a remote user session where a user-interface and user inputs are gathered from a single computing device. Remote user session data produced by the remote user session can be analyzed to determine user activity.

Abstract: A device configuration silo is arranged to be accessed as an IEEE 1667-compatible silo which exposes interfaces to a host application to make changes to the presence of one or more other silos, as well as make changes to silo configurations on a per-silo basis for data and method sharing among silos across the ACTs on a storage device such as a transient storage device. The interfaces exposed by the device configuration silo are arranged to enable an authenticated provisioner, like administrator in a corporate network environment, to perform configuration changes to silos after the storage device is released into the field through a secure provisioning mechanism. In addition, users may make configuration changes to silos at runtime in some usage scenarios, for example to enable discrete portions of functionality on a storage device, by using a secure secondary authentication mechanism that is exposed by the device configuration silo.

Abstract: The techniques described herein are directed to receiving parameters directed to correcting spatial error and/or jitter associated with an interaction device connected to a computing device. In some instances, the parameters are encrypted parameters that may be decrypted and consumed to correct the spatial error and/or the jitter associated with the interaction device. For instance, the parameters may provide an adjustment to one or more reported positions of input received from a detection area of the interaction device, so that a display position more accurately reflects, based on the adjustment, an actual position of input on the detection area of the interaction device.

Abstract: The techniques described herein are directed to a computing device that receives data from an indirect input device. The data received may indicate or signal that one or more objects are on or within a detection area of the indirect input device. For example, the data may indicate that one or more objects are in contact with a surface of an indirect touch device. The techniques include determining parameters for the one or more objects and analyzing the parameters to determine whether the data is directed to a touch operation or to a mouse operation. To perform the touch operation or the mouse operation, the techniques further describe converting the data received from a first coordinate space of the indirect input device to a second coordinate space of a display screen.

Abstract: Techniques for identifying inadvertent user input, such as inadvertent touch contact or air input, are described. The techniques may include classifying a touch contact or air input as intentional or unintentional based on contextual information related to the touch contact, the air input, or a device via which the touch contact or air input was received. In some examples, the contextual information may indicate how a user is interacting with the device, such as a position of the user's hand, a location of the touch contact on a touch surface, a path of user's touch trajectory, an application with which the user may be interacting, keyboard input history of the user, and so on. When the user input is classified as unintentional, the techniques may refrain from performing an action that is generally triggered by the user input.

Abstract: In some examples, input received from an input device, such as a keyboard, is modified by a component associated with an operating system before the input is delivered to an application. For instance, a component associated with the operating system may become registered for modifying input. In some situations, the input is modified based at least in part on metadata associated with the input device. For example, a location of a fingertip on a touch-sensitive display may be used to modify the input before delivery to an application.