Abstract: Methods, systems and apparatuses for performing a encryption and/or protection of MAC headers and/or control frames are described. A wireless device can determine a randomized MAC address and offset to obfuscate MAC headers and/or control frames, e.g., which can change at different times/intervals. The wireless device can determine an encryption block pattern, which can be based on an encryption key and/or nonce. The wireless device can encrypt the MAC header and/or control frame. Similarly, a receiving device can receive an encrypted MAC header and/or control frame and decrypt it according to corresponding techniques.

Abstract: Techniques are disclosed relating to improving secure message communication. In various embodiments, a message delivery server receives a request to deliver an encrypted message from a sender to a recipient. The encrypted message obfuscates the identity of the sender such that the message delivery server is unable to determine the identity of the sender. The message delivery server determines whether to deliver the encrypted message based on a signed attestation received with the request and, based on the determining, delivers the encrypted message to the recipient. In some embodiments, the determining includes verifying the signed attestation using a verification key provide by the sender. In some embodiments, the encrypted message is an email, a text message, a push notification, or a video or audio call request.

Abstract: A charting system is provided for use in a healthcare facility having a network. The charting system includes a microphone to receive voice inputs from a caregiver. A vital sign monitor obtains a vital sign from a patient and displays it. The system includes a communication device having a voice-to-text module that includes a processor coupled to the microphone. The processor operates a voice-to-text algorithm that converts the vital sign into text in response to the caregiver dictating the vital sign into the microphone. The processor initiates transmission of the vital sign to an EMR computer via the network after conversion of the at least one vital sign to text.

Abstract: Methods of producing an optical surface atop an exterior of a substrate that includes smoothing the exterior using an ALD process to sequentially deposit ALD layers to produce one or more ALD films that fill spaces between spaced-apart asperities existing on the exterior, and thereafter depositing a reflective material on the smoothed exterior of the substrate to produce the optical surface. The smoothing resulting from depositing the ALD film on the exterior of the substrate causes the grain size of the reflective material to be reduced in comparison to the grain size that would exists without having deposited the ALD film on the exterior of the substrate. The smoothing is sufficient to cause a reduction in grain size that results in a reduction in plasmon absorption in the optical surface in comparison to the plasmon absorption that would otherwise exist without having reduced the grain size of the reflective material.

Abstract: Techniques are disclosed relating to securely authenticating communicating devices. In various embodiments, a computing device receives, via a network connection with a network, a first certificate for a first public key pair of the computing device. The computing device provides the first certificate to an offline accessory device and receives a second certificate for a second public key pair maintained by the offline accessory device. The computing device performs a verification of the second certificate and, responsive to the verification being successful, interacts with the offline accessory device. In some embodiments, prior to providing the first certificate, the computing device determines an ordering in which the first and second certificates are to be exchanged by the first computing device and the offline accessory device, and the first certificate is provided to the offline accessory device in accordance with the determined ordering.

Abstract: Techniques for storing health data can include a multi-node data structure. A data node, a category node, and an institution node of a multi-node data structure can be generated in accordance with a configuration file. The data node can include health data and can be identified by a first unique data identifier and encrypted using a first cryptographic key. The category node can include the first unique data identifier and the first cryptographic key. The category node can be identified by a second unique data identifier and encrypted using a second cryptographic key. The institution node can include the second unique data identifier and the second cryptographic key. The institution node can be identified by a third unique data identifier and encrypted using a third cryptographic key. The data node, the category node, and the institution node can be shared with a service provider.

Abstract: An industrial centrifuge for extracting one or more compounds from biomass includes a centrifuge basket disposed within a cylindrical vessel. The centrifuge basket includes a cylindrical sidewall comprising an upper perforated portion and a lower solid portion and a basket baseplate coupled to the sidewall between the upper perforated portion and the lower solid portion. The centrifuge includes a spindle coupled to the basket baseplate, a spindle bearing assembly, and a contact seal disposed between the spindle bearing assembly and the basket baseplate. The lower solid portion of the sidewall, the spindle, and the basket baseplate define a skirted volume. During operation of the industrial centrifuge, air trapped within the skirted volume provides an air seal between an extraction fluid in the cylindrical vessel and the contact seal, spindle bearing assembly, or both, to prevent extraction fluid from contacting the spindle bearings and causing damage thereto.

Abstract: Techniques for storing health data can include a multi-node data structure. A data node, a category node, and an institution node of a multi-node data structure can be generated in accordance with a configuration file. The data node can include health data and can be identified by a first unique data identifier and encrypted using a first cryptographic key. The category node can include the first unique data identifier and the first cryptographic key. The category node can be identified by a second unique data identifier and encrypted using a second cryptographic key. The institution node can include the second unique data identifier and the second cryptographic key. The institution node can be identified by a third unique data identifier and encrypted using a third cryptographic key. The data node, the category node, and the institution node can be shared with a service provider.

Abstract: Techniques are disclosed relating to protecting branch prediction information. In various embodiments, an integrated circuit includes branch prediction logic having a table that maintains a plurality of entries storing encrypted target address information for branch instructions. The branch prediction logic is configured to receive machine context information for a branch instruction having a target address being predicted by the branch prediction logic, the machine context information including a program counter associated with the branch instruction. The branch prediction logic is configured to use the machine context information to decrypt encrypted target address information stored in one of the plurality of entries identified based on the program counter.

Abstract: Techniques for storing health data can include a multi-node data structure. A data node, a category node, and an institution node of a multi-node data structure can be generated in accordance with a configuration file. The data node can include health data and can be identified by a first unique data identifier and encrypted using a first cryptographic key. The category node can include the first unique data identifier and the first cryptographic key. The category node can be identified by a second unique data identifier and encrypted using a second cryptographic key. The institution node can include the second unique data identifier and the second cryptographic key. The institution node can be identified by a third unique data identifier and encrypted using a third cryptographic key. The data node, the category node, and the institution node can be shared with a service provider.

Abstract: The subject technology may be implemented by a device that includes at least one processor configured to encrypt a data object based at least in part on an encryption key. The at least one processor may be further configured to sign the encrypted data object with a private key and transmit the signed encrypted data object to a server for retrieval by another device. The at least one processor may be further configured to generate a sharing object corresponding to the data object, wherein the sharing object includes an encryption key and a public key that corresponds to the private key. The at least one processor may be further configured to encrypt the sharing object using a key of the other device and transmit, over a secure channel, the encrypted sharing object to the other device for subsequent retrieval and verification of the signed data object from the server.

Abstract: Techniques are provided to create and manage groups of users. A group can be treated as a single entity. For privacy of a user, user keys can be translated to group keys, which are then used to access resources. The user can prove membership in the group via their keys (e.g., using a diversified public key), and then get the group keys in response, e.g., after verification to a group server using a diversified user key.

Abstract: A user device may share encrypted health data with an electronic health record (EHR) system associated with a health institution. A unique data identifier that identifies a portion of the health data and a cryptographic key may be shared with the EHR system. The encrypted health may be shared with a service provider and a unique data identifier. To access the health data, the EHR system may query the service provider with the unique data identifier.

Abstract: A system including an internal cold plasma system, including an internal cold plasma applicator configured to couple to a surface surrounding a cavity and to produce a cold plasma between the internal cold plasma applicator and the surface.

Abstract: Techniques are disclosed relating to resuming a communication session. In some embodiments, a first computing device stores a session resumption token that includes metadata usable to resume a communication session. The first computing device provides a request to resume the communication session with a second computing device and receives, from the second computing device, an output of a verifiable random function (VRF) associated with the request. In response to the request, the first computing device performs a verification of the output and determines, based on the verification, whether to provide the session resumption token to the second computing device.

Abstract: Techniques are disclosed relating to securely authenticating communicating devices. In various embodiments, a computing device receives, via a network connection with a network, a first certificate for a first public key pair of the computing device. The computing device provides the first certificate to an offline accessory device and receives a second certificate for a second public key pair maintained by the offline accessory device. The computing device performs a verification of the second certificate and, responsive to the verification being successful, interacts with the offline accessory device. In some embodiments, prior to providing the first certificate, the computing device determines an ordering in which the first and second certificates are to be exchanged by the first computing device and the offline accessory device, and the first certificate is provided to the offline accessory device in accordance with the determined ordering.

Abstract: A server system implemented by a service provider may store health data of a user according to a multi-node data structure. The server system may generate transaction records based on requests to access the health data. Responsive to requests for the transaction records, the server system may query a database that includes the health data and generate a data package based on the querying. The data package may be sent to a requesting system. The data package may be usable by the requesting system to identify which patient profiles were accessed by which physicians.

Abstract: This Application sets forth techniques for establishing a custodial relationship between a user device and a custodian device for recovering access to a user account and/or to encrypted user data with assistance provided by the custodian device to effect access recovery. A server of a cloud network service provides an anonymous identifier to associate with the custodian device and an account recovery key to store at the custodian device. Identity of an account of the cloud network service associated with the custodian device can be hidden from the server. The user device generates a data recovery key and provides a first portion of the data recovery key to the custodian device and a second portion of the data recovery key to the server. Integrity of the stored account recovery key and portions of the data recovery key are checked regularly by the custodian device and the user device.

Abstract: Techniques are disclosed relating to protecting branch prediction information. In various embodiments, an integrated circuit includes branch prediction logic having a table that maintains a plurality of entries storing encrypted target address information for branch instructions. The branch prediction logic is configured to receive machine context information for a branch instruction having a target address being predicted by the branch prediction logic, the machine context information including a program counter associated with the branch instruction. The branch prediction logic is configured to use the machine context information to decrypt encrypted target address information stored in one of the plurality of entries identified based on the program counter.

Abstract: A pad for a garment includes a body and capping. The body has a front, a rear and a periphery and includes one or more absorbent layers for absorbing liquid and a gas-permeable barrier overlying the one or more absorbent layers to block the liquid. The capping runs along and caps at least a portion of the periphery to block the liquid. The capping has a front portion overlying the front, a rear portion overlying the rear, and a mounting portion, projecting away from the body, for mounting the pad.