Abstract: A method for authenticating a transaction that requires the use of a personal identification number (PIN) is provided. The method includes obtaining chip information from a chip that is embedded in a card; receiving a user input that includes the PIN; combining the PIN with the chip information; performing a message authentication code (MAC) operation on the combination in order to generate an application request cryptogram (ARQC); and requesting an authentication of the transaction based on the generated ARQC.

Abstract: A processing system may obtain a request from a user device to activate an access credential locker for use in accessing at least one enterprise system of an enterprise via the processing system, the request comprising a token that identifies the access credential locker, obtain a first key from the user device, transmit, to the enterprise, a request for a second key, obtain the second key from the enterprise in response to the request, apply the first key and the second key to the access credential locker, the access credential locker being encrypted in accordance with the first and second keys and being decrypted via the applying of the first and second keys, and establish a communication session between the user device and the at least one enterprise system via the processing system using at least one access credential that is stored in the decrypted access credential locker.

Abstract: Systems and methods for implementing trusted clients using secure execution environments. An example method comprises: receiving, by a server, a measurement from a client application running in a secure execution environment implemented by a client computing device; responsive to validating the measurement, transmitting a first confidential data item to the client application running in the secure execution environment; receiving, from the client application running in the secure execution environment, a second confidential data item derived from a local state of the client application modified by the first confidential data item; and updating, in view of the second confidential data item, a local state of a server application.

Abstract: The technology disclosed herein enables consumer devices to verify the integrity of services running in trusted execution environments. An example method may include: acquiring, by a broker device, integrity data of a first trusted execution environment of a first computing device and integrity data of a second trusted execution environment of a second computing device, wherein the first trusted execution environment executes a first service and the second trusted execution environment executes a second service; storing the integrity data of the first trusted execution environment and the integrity data of the second trusted execution environment in a data storage device as stored integrity data; correlating integrity data of the first trusted execution environment with the first service and the integrity data of the second trusted execution environment with the second service; and providing, by the broker device, the stored integrity data to a plurality of consumer devices.

Abstract: A method for automatically reregistering a clone virtual machine with a cloud security monitoring service is provided. The method generally includes detecting a connection between a cloud agent running in a virtual machine on a host and a hypervisor module on the host. In response to detecting the connection, the cloud agent queries the hypervisor module for one or more first identifiers of the virtual machine. The method generally includes checking a database, by the cloud agent, for one or more second identifiers stored in the database matching the one or more first identifiers received from the hypervisor module and, based on finding no second identifiers stored in the database matching the one or more first identifiers, sending a request to the cloud security monitoring service to register the virtual machine with the cloud security monitoring service.

Abstract: This application provides a program code execution behavior monitoring method. A computer device executes, in a virtual execution environment, first code corresponding to first program code, where the first code belongs to external code, the external code is code, other than internal code, invoked in the first program code, the external code includes system code provided by an operating system of the computer device, and the internal code is code of a process generated by the first program code. In a process of executing the first code, if second code belongs to the internal code, before execution of the second code is completed, the computer device switches an execution environment of the first program code to a simulated execution environment, where the second code is to-be-executed code. The computer device executes the second code in the simulated execution environment.

Abstract: Disclosed herein are systems and methods for enabling the automatic detection of executable code from a stream of bytes. In some embodiments, the stream of bytes can be sourced from the hidden areas of files that traditional malware detection solutions ignore. In some embodiments, a machine learning model is trained to detect whether a particular stream of bytes is executable code. Other embodiments described herein disclose systems and methods for automatic feature extraction using a neural network. Given a new file, the systems and methods may preprocess the code to be inputted into a trained neural network. The neural network may be used as a “feature generator” for a malware detection model. Other embodiments herein are directed to systems and methods for identifying, flagging, and/or detecting threat actors which attempt to obtain access to library functions independently.

Abstract: Techniques described herein relate to a method for predicting results using ensemble models. The method may include receiving trained model data sets from a model source nodes, each trained model data set comprising a trained model, an important feature list, and a missing feature generator; receiving a prediction request data set; making a determination that the prediction request data set does not include an input feature for a trained model; generating, based on the determination and using a missing feature generator, a substitute feature to replace the input feature; executing the trained model using the prediction request data set and the substitute feature to obtain a first prediction; executing a second trained model using the prediction request data set to obtain a second prediction; and obtaining a final prediction using the first prediction, the second prediction, and an ensemble model.

Abstract: The rule learning unit 81 performs rough sets analysis using training data that includes threat information including a plurality of explanatory variables representing a threat event and a discrimination result of discriminating the threat information, to learn a decision rule specifying the discrimination result depending on a combination of the explanatory variables. The input unit 82 inputs the threat information to be analyzed. The analysis unit 83 applies the input threat information to the decision rule to identify the discrimination result of the threat information, and the explanatory variable as a basis for the discrimination result.

Abstract: A system for improving data security for computing devices receives a data input stream indicating changes to data security threats posed to the computing devices. The system detects, based at least in part on the changes to the data security threats, a new data security threat posed to the computing devices. The system determines one or more available data security controls that align with the new data security threat. The one or more available data security controls comprise security countermeasures available to the computing devices for resolving the new data security threat. After determining that a security vulnerability rating is greater than a threshold value, at least one of the one or more available data security controls may be automatically implemented at the computing devices.

Abstract: A computer-implemented method for verifying messages in a service-oriented communication system of a vehicle, including receiving a message and a signature in a first entity of the service-oriented communication system, the message and the signature being received via the service-oriented communication system; checking if the message corresponds to a dedicated message and the signature corresponds to a signature belonging to the dedicated message; and verifying the message, if the checking turns out positive. A computer-implemented method for generating predetermined messages in a first entity of a service-oriented communication system of a vehicle, and a service-oriented communication system in a vehicle, which is configured, are also described.

Abstract: A method, system and computer-usable medium are disclosed for operating an endpoint agent at an endpoint device. Certain embodiments include a computer-implemented method for operating an endpoint agent at an endpoint device, including: operating the endpoint agent to selectively subscribe to events corresponding to activities occurring at an endpoint platform; processing events received from a message bus by the endpoint agent, where the events processed by the endpoint agent are events to which the endpoint agent has subscribed; and communicating, to a service, information corresponding to the events processed by the endpoint agent. Other embodiments of this aspect of the invention may include corresponding stand-alone and/or network computer systems, apparatus, and computer programs recorded on one or more computer storage devices, each configured to perform one or more of these actions.

Abstract: The present invention relates to a method for avoiding side-channel attacks by providing variable amount of computation using permutation puzzles. The side-channel attacks depend on the implementation of the encryption algorithms rather than their execution. The method provided in the present invention protects an already existing encryption system or any arbitrary electronic device from side channel attacks by providing a random amount of execution time, random amount of power consumption and/or random electromagnetic emissions for different iterations of the corresponding operation.

Abstract: Apparatuses, systems, and techniques for classifying one or more computer programs executed by a host device as being ransomware using a machine learning (ML) detection system. An integrated circuit is coupled to physical memory of a host device via a host interface. The integrated circuit hosts a hardware-accelerated security service to protect one or more computer programs executed by the host device. The security service obtains a series of snapshots of data stored in the physical memory and extracts a set of features from each snapshot of the series of snapshots, each snapshot representing the data at a point in time. The security service classifies a process of the one or more computer programs as ransomware or non-ransomware using the set of features and outputs an indication of ransomware responsive to the process being classified as ransomware.

Abstract: The present disclosure is directed to analyzing received sets of computer data. Methods and apparatus consistent with the present disclosure may forecast that a received set of computer data does not include malware after allowing instructions included in that set of computer data to execute for an amount of time that does not exceed an allocated amount of time. Methods consistent with the present disclosure may instrument a set of received program code and allow instructions in that received set of program code to execute as instrumentation code collects information about the set of program code. This collected information may be compared with sets of known good data when determining whether a received set of program code is likely not to include malware. This collected information may be associated with “behaviors” performed by the received set of program code that may be identified using sets of contextual data.

Abstract: A circuit enabling device includes a processor configured to, when multiple predetermined setting values are written in a register in predetermined order, enable a module corresponding to the multiple predetermined setting values and the predetermined order, the multiple predetermined setting values being determined in advance for each of a multiple modules, the register being used to enable the multiple modules individually, the multiple modules being included in a user-specific circuit, the user-specific circuit including a general-purpose circuit and a user circuit, the user circuit including the multiple modules.

Abstract: An untrusted orchestrator function subsystem inventory and verification system includes an untrusted orchestrator device, an operating system, a BIOS, and a management device. In response to presentation by the untrusted orchestrator device of a function subsystem to the operating system during runtime, the operating system generates a function subsystem detection alert that identifies the function subsystem. In response to the function subsystem detection alert, the BIOS generates and transmits a BIOS inventory update. The management device receives the BIOS inventory update, and determines whether the operating system is authorized to use the function subsystem at least in part based on the BIOS inventory update. If so, the management device allows the operating system to utilize the function subsystem while, if not, the management device prevents the operating system from utilizing the function subsystem.

Abstract: Provider Edge (PE) circuitry transfers a PE Hardware Trust (HWT) hash to a controller. The controller verifies PE HWT based on the PE HWT hash and transfers a Trusted Execution Environment Identifier (TEE ID), PE ID, PE HWT certificate, and PE keys to the PE circuitry. Customer Edge (CE) circuitry transfers a CE HWT hash to the controller. The controller verifies CE HWT based on the CE HWT hash and transfers the TEE ID, CE ID, CE HWT certificate, and CE keys to the CE circuitry. The PE circuitry and the CE circuitry exchange and verify their HWT certificates based on their keys. The PE circuitry encrypts and decrypts user data based on the PE keys. The PE circuitry exchanges the TEE ID, the PE ID, and the encrypted user data with the CE circuitry. The CE circuitry encrypts and decrypts the user data based on the CE keys. The CE circuitry exchanges the TEE ID, the CE ID, and the encrypted user data with the PE circuitry.

Abstract: Systems and methods provide vulnerability proofing procedures for booting of an IHS (Information Handling System). A request to boot the IHS is detected. One or more boot configurations are determined that include configurations for operation of one or more of the hardware components of the IHS. One or more catalogs are accessed that specify known vulnerabilities of hardware components. The boot configurations are used to identify any hardware component configurations that have known vulnerabilities that are listed in the catalogs. If known vulnerabilities are identified in the boot configuration, further booting of the IHS may be disabled until the boot configuration is modified to include no configurations with vulnerabilities identified in the catalogs.

Abstract: In an illustrative embodiment, methods and systems for cybersecurity assessment of an organization's technology infrastructure include identifying features of the technology infrastructure and automatically generating a threat profile relevant to both the technology infrastructure and the organization's business (and/or business objectives), where the threat profile includes potential threat actors and threat scenarios applicable to the technology infrastructure. The methods and systems may include evaluating cybersecurity controls of the organization's technology infrastructure in light of the threat profile to identify and rate vulnerabilities within the technology infrastructure.

Abstract: According to various embodiments, a data processing device is described comprising a memory configured to store data words in the form of at least two respective shares, a logic circuit configured to receive the at least two shares of at least one of the data words and to process the shares to generate at least two shares of a result data word, a remasking circuit configured to receive at least two shares of at least one of the data words and refresh the shares and an output circuit configured to store the at least two shares of the result data word or to store the refreshed at least two shares depending on a control sequence specifying a sequence of real operations and dummy operations.

Abstract: A system for securely storing privacy information is provided. The system includes a plurality of nodes configured to maintain a distributed database containing consumer privacy information having a plurality of entries. Each entry of the plurality of entries in the distributed database is (i) encrypted with a unique encryption key associated with a consumer and the distributed database, and (ii) indexed based on a public encryption key associated with the consumer. A most recent entry associated with the consumer includes current personal information about the consumer. A first entry associated with the consumer includes an encrypted version of the unique encryption key.

Abstract: A learning with errors (LWE) instance management method according to an embodiment may include obtaining, from one or more user devices among a plurality of user devices, one or more learning with errors (LWE) instances and one or more extended LWE instances including reuse tags associated with the LWE instances, storing the one or more extended LWE instances, receiving, from a first device among the plurality of user devices, a request for an LWE instance produced by a second device among the plurality of user devices, and identifying, based on a reuse tag included in each of the one or more extended LWE instances, a target extended LWE instance including an LWE instance produced by the second device among the one or more extended LWE instances, and providing the LWE instance included in the target extended LWE instance to the first device.

Abstract: A method may include, within a security container executing on an information handling system, in response to a request from a process container to store data to a trusted partition of a memory, wherein the process container is configured to execute user processes of the information handling system: validating whether the data is safe and trusted, responsive to determining that the data is safe and trusted, causing a storage container associated with the trusted partition and configured to manage data stored to the trusted partition to store a read-only file of the data to the trusted partition, and persisting the read-only file through a wipe of the information handling system, such that the read-only file is accessible following a restore of the information handling system following the wipe.

Abstract: The disclosure is generally directed to systems and methods associated with communicating privacy rights pertaining to data captured from a vehicle. An example method executed by a processor of a data capture apparatus in a vehicle can include capturing an image. In an example scenario, the image may include an individual who is located outside the vehicle. Furthermore, in some cases, the image can be a part of a video clip containing multiple images. The method further includes generating an identifier for identifying the image(s). The identifier can be a machine-readable symbol such as, for example, a QR-code symbol or a barcode. A notification that includes the identifier may be generated and conveyed to the individual for use by the individual to exercise his/her rights to privacy with respect to the images in which he/she is present.

Abstract: A method includes: receiving, by a computing device, user input to move content from an augmented reality (AR) interface to a virtual reality (VR) interface; obtaining, by the computing device, security levels of users in a VR environment associated with the VR interface; determining, by the computing device and based on the security levels, which of the users in the VR environment is permitted to see the content; and changing, by the computing device, at least one of the AR interface to the VR interface based on the determining.

Abstract: An authentication system for authenticating a user to access gated digital content includes a user computing device, a service provider server, an authentication service, and at least one identity provider. The service provider server is configured to require registration and authentication prior to providing the user with access to the gated digital content, and the at least one identity provider is configured to authenticate a user identity of the user. Upon receiving a request via the user computing device to access the gated digital content hosted by the service provider server, the authentication service displays an authentication platform interface to the user. The authentication platform interface displays at least one identity provider selector linked to the at least one identity provider, and the at least one identity provider is based on a policy of the authentication service set by the service provider.

Abstract: Execution of client code in a shared infrastructure comprises instantiating a container manager to manage containers and routers configured to receive calls requesting execution of the client code. The container manager pre-initializes a plurality of containers and registered the containers in a database to indicate that the plurality of containers are available. A router receives a call to execute the client code and selects an available first container identified in the database. The call is routed to the selected container and the status of the container is updated to in-use to prevent another router from selecting the container. Responsive to the selected container processing the call, the router receives a response from the container and returns the response to the caller. The containers then marked for deletion in the database. The container manager then deletes any of the containers marked for deletion to prevent the containers from processing subsequent calls.

Abstract: This disclosure enables various computing technologies for selectively controlling access to descriptive contents within productivity documents. As such, these forms of access control may be technologically useful in work environments involving sensitive information (e.g., classified information, confidential information, private information) by providing granular compartmentalization of the sensitive information within the productivity documents. For example, when the work environments employ collaborative productivity computing environments (e.g., Microsoft Office 365, Microsoft Teams, Google Workspace) to access (e.g., read, edit) the sensitive information, then these forms of access control may provide the granular compartmentalization of the sensitive information within the collaborative productivity computing environments, whether for an individual productivity application or across a suite of productivity applications, while still enabling real-time user collaboration.

Abstract: A system includes a server configured to store a plurality of imagery configured to be presented in an email template on an electronic device. The server is configured to receive a request to retrieve an imagery of the plurality of imagery for use in the email template. The system also includes a controller configured to perform operations that include monitoring information associated with the request, comparing monitored information associated with the request with expected information associated with the request, and determining unauthorized usage of the email template based on a mismatch between the monitored information and the expected information.

Abstract: Using container-centric managed access, an administrator is enabled to define a set of future grants for each object that will be created in the future in a container managed by the administrator. When a user creates a database object, the system checks the future grants to determine if any apply to the user, the database object, or the combination. Any applicable future grants are applied to the database object before the user is allowed to modify it. As a result, the administrator is enabled to control the privileges associated with the database object even before the database object is created, while restricting individual object owners from managing privileges on their owned objects.

Abstract: Techniques for secure sharing of stage data include generating a listing in a first data exchange of a data provider. The listing includes stage data stored in a stage of the data provider and metadata associated with the stage data. A secure view of the listing is configured in a second data exchange based on posting the listing from the first data exchange to the second data exchange. The stage data is retrieved in response to a request from a client device to view the stage data received in the second data exchange. A security function is applied to the stage data to generate modified stage data. The modified stage data is stored at a second location in the stage. The metadata is updated to reference the second location in the stage.

Abstract: One or more embodiments of the present specification provide privacy protection-based multicollinearity detection methods, apparatuses, and systems. Data alignment is performed by a member device on respective local feature data with other member devices to construct a joint feature matrix. Privacy protection-based multi-party matrix multiplication computation is performed to compute a product matrix of a transposed matrix of the joint feature matrix and the joint feature matrix. An inverse matrix of the product matrix is determined based on respective submatrices of the product matrix. A variance inflation factor of each attribute feature is determined by the member device with the other member devices using respective submatrices of the inverse matrix and the respective local feature data. Multicollinearity is determined by the member device with the other member devices based on fragment data of the variance inflation factor of each attribute feature.

Abstract: A system, process, and computer-readable medium for securely transferring user personal identification information (PII) across platforms, based on specific permissions, are described. One or more aspects provide greater control, to a user, of when that user's PII may be released from a secure storage in a first platform and securely provided to a second platform. The timing of those releases of the PII may be controlled by specific authorizations from the user via one or more processes. Also, in addition to improving the security associated with the PII transferred between platforms, one or more aspects improve users' experiences by permitting controlled reuse of users' PII to simplify how users provide their PII to separate processes being performed on separate platforms.

Abstract: Methods, apparatus, systems and articles of manufacture for distributed use of a machine learning model are disclosed. An example edge device includes a model partitioner to partition a machine learning model received from an aggregator into private layers and public layers. A public model data store is implemented outside of a trusted execution environment of the edge device. The model partitioner is to store the public layers in the public model data store. A private model data store is implemented within the trusted execution environment. The model partitioner is to store the private layers in the private model data store.

Abstract: An operation for restricting an operation for an application of a mobile information terminal by a user other than an authorized user of the mobile information terminal is received. Whether or not the user is the authorized user of the mobile information terminal is authenticated. When the user is authenticated to be the authorized user, the operation for the application of the mobile information terminal is allowed. When the user is not authenticated to be the authorized user, the operation for the application of the mobile information terminal is restricted.

Abstract: A mobile device may comprise a secure memory. The mobile device may receive a request from a mobile application executing on the mobile device to store data in the secure memory. The request may comprise the data and a group identifier associated with the mobile application. A primary symmetric key associated with the group identifier may be determined. The data may be encrypted, using the primary symmetric key, to produce first encrypted data. A secondary symmetric key associated with the group identifier may be determined. The first encrypted data may be encrypted, using the secondary symmetric key, to produce second encrypted data. The second encrypted data may be stored to the secure memory.

Abstract: Techniques and apparatuses are described that implement the secure external data storage. A computing system may include a system-on-chip as a main processing complex and one or more secure elements that execute specialized functions related to sensitive information. While the secure element may use an external flash for storage for performance reasons, storing sensitive information on an external flash may expose the sensitive information if the external flash is ever compromised. The disclosed techniques and apparatuses provide an integrated secure element, of a system-on-chip, which leverages a secure channel with a secure flash to manage a cryptographic key for securing sensitive information stored on an unsecured external flash to prevent the exposure of sensitive information.

Abstract: A hardware unit relies on non-flashable circuitry for improving security for a system connected to a public or private network. The hardware unit can be added to a network without substantial modifications to the other devices already connected to the network. The hardware unit includes a switch that has at least two positions. In one of the two positions, the hardware unit detects and blocks or drops data packets or frames that contain an instruction of a known file-sharing protocol other than a reading instruction when the instruction is not addressed to a runtime file but transmits all the data packets or frames when the instruction is addressed to a runtime file. Thus, a cyber attack may be prevented instantaneously by what it attempts to do, typically the creation, insertion, deletion, update, renaming, or writing of files to compromise code or data while retaining the usual browser functionality.

Abstract: A computer implemented method and a system for facilitating modifying environments based on user preferences is provided. Accordingly, the method may include receiving, using a communication device, interaction data of interactions of a user in relation to experiential environments of two or more experiential environments from user devices. Further, the computer implemented method may include analyzing, using a processing device, the interaction data. Further, the computer implemented method may include determining, using the processing device, two or more user preferences associated with the user based on the analyzing of the interaction data. Further, the computer implemented method may include provisioning, using the processing device, two or more content corresponding to the two or more experiential environments based on the two or more user preferences. Further, the computer implemented method may include storing, using a storage device, the interaction data and the two or more user preferences.

Abstract: Broadly speaking, the present techniques relate to a method, apparatus and system for improving a user's engagement or emotion during a human-computer interaction, by dynamically adjusting the human-computer interaction in response to detected user emotion.

Abstract: A method for switching a configuration of an enhanced reality headset is provided. The method includes identifying a scenario to switch a configuration of an enhanced reality headset between a virtual reality configuration, an augmented reality configuration, and a direct reality configuration, wherein the virtual reality configuration and the augmented reality configuration include a computer generated image, and the direct reality configuration and the augmented reality configuration include a real-time image of an environment of a user of the enhanced reality headset. The method includes providing a notification to a user of the enhanced reality headset including an intent to switch the configuration of the enhanced reality headset, and switching the configuration of the enhanced reality headset according to the scenario.

Abstract: A system and method for distributing revenue among users based on quantified emotional data and qualified emotional data of the corresponding users. The method includes the step of collecting biorhythm data of the user through a wearable user device. The method includes the step of receiving the biorhythm data through a computing unit. The method includes the step of analyzing the received biorhythm data and computing an emotional score of each user through an algorithmic module. The method includes the step of monitoring the emotional score of each user through a tracking module. The method includes the step of sending a referral to potential users to perform actions pertaining to a platform and product through a referral module. The method includes the step of computing individual total sub score for each user using the quantified emotional data and the qualified emotional data for an interval of time through a first computation module.

Abstract: A handwriting data generation apparatus includes a memory containing processor-executable instructions and a processor coupled to the memory. The processor is configured to perform, when loaded with the processor-executable instructions, associating tactile feedback with at least part of stroke data generated according to handwriting input, and generating digital ink including haptics data indicating the stroke data and the tactile feedback.

Abstract: There is described a method performed by a computing device having first and second touch-sensitive user interfaces. According to this method, when a user input is applied to one of the first and second user interfaces, the computing device detects the user input and determines a force applied by the user input and a type of the user input. The computing device then determines whether to perform a function such as whether to display a virtual trackpad or a virtual keyboard, based on the force, the type of the user input, and a determination whether the user input is applied to a selected one of the first and second user interfaces.

Abstract: An information processing apparatus includes a control unit configured to execute a scene detection process, a parameter extraction process, and an output process. The scene detection process detects a scene from an input content. The parameter extraction process extracts a realistic sensation parameter for wave control that corresponds to a scene that is detected by the scene detection process. The output process outputs a wave signal for the content that is produced by processing sound data of the input content by a realistic sensation parameter that is extracted by the parameter extraction process.

Abstract: Keyboard and trackpad configurations and related methods utilize data from one or more bending sensors to adjust a driving signal for a haptic actuator on a haptic trackpad. In one example, a method for adjusting a driving signal for a haptic actuator on a force-sensing haptic trackpad in a deformable keyboard includes using at least data from a bending sensor to determine that the keyboard is bending. At least on condition of determining that the keyboard is bending, the method includes using the data from the bending sensor to adjust an initial haptic driving signal to an adjusted haptic driving signal. The haptic actuator is driven with the adjusted driving signal to generate haptic output via a touch receiving surface of the force-sensing haptic trackpad.

Abstract: AR-enabled wearable electronic devices such as smart glasses are adapted for use as an (Internet of Things) IoT remote control device where the user can control a pointer on a television screen, computer screen, or other IoT enabled device to select items by looking at them and making selections using gestures. Built-in six-degrees-of-freedom (6DoF) tracking capabilities are used to move the pointer on the screen to facilitate navigation. The display screen is tracked in real-world coordinates to determine the point of intersection of the user's view with the screen using raycasting techniques. Hand and head gesture detection are used to allow the user to execute a variety of control actions by performing different gestures. The techniques are particularly useful for smart displays that offer AR-enhanced content that can be viewed in the displays of the AR-enabled wearable electronic devices.

Abstract: Aspects of the present disclosure involve a system comprising a computer-readable storage medium storing a program and method for providing an indication of video recording. The program and method provide for displaying a user interface within an application running on a device, the user interface presenting real-time image data captured by a camera of the device, the user interface including a shutter button which is selectable to initiate video recording in response to a first user gesture; and upon detecting the first user gesture selecting the shutter button, initiating video recording with respect to the real-time image data, replacing a first set of interface elements within the user interface with a second set of interface elements within the user interface, and updating an appearance of the shutter button.

Abstract: Systems and methods for gesture-based control are provided. In some embodiments, a system may include a wearable device configured to be worn on a person's wrist. The wearable device may include a plurality of biopotential channels, a location sensor, and a processor. The system may be configured to generate a data stream based on the outputs from the biopotential channels and/or the location sensor. The system may be configured to enter a first state in which the output from the location sensor is processed according to a first set of logical rules. The system may be configured to classify a gesture, and, based on the gesture classification, transition to a second state in which the output from the location sensor is processed according to a second set of logical rules that is different than the first set of logical rules.