Abstract: Some embodiments provide a method for a first device that identifies definitions of different groups of devices, each of which is defined by a set of properties required for a device to be a member. The method monitors properties of the first device to determine when the device is eligible for membership in a group. When the first device is eligible for membership in a first group of which the device is not a member, the method sends an application for membership in the first group signed with at least a private key of the device to at least one other device that is a member of the first group. When the first device becomes ineligible for membership in a second group of which the first device is a member, the method removes the device from the second group and notifies other devices that are members of the second group.

Abstract: Some embodiments provide a method for a first device that identifies definitions of different groups of devices, each of which is defined by a set of properties required for a device to be a member. The method monitors properties of the first device to determine when the device is eligible for membership in a group. When the first device is eligible for membership in a first group of which the device is not a member, the method sends an application for membership in the first group signed with at least a private key of the device to at least one other device that is a member of the first group. When the first device becomes ineligible for membership in a second group of which the first device is a member, the method removes the device from the second group and notifies other devices that are members of the second group.

Abstract: One embodiment provides a system that implements a 1-bit protocol for differential privacy for a set of client devices that transmit information to a server. Implementations may leverage specialized instruction sets or engines built into the hardware or firmware of a client device to improve the efficiency of the protocol. For example, a client device may utilize these cryptographic functions to randomize information sent to the server. In one embodiment, the client device may use cryptographic functions such as hashes including SHA or block ciphers including AES to provide an efficient mechanism for implementing differential privacy.

Abstract: Some embodiments provide a method for a first device to synchronize a set of data items with a second device. The method receives a request to synchronize the set of data items stored on the first device with the second device. The method determines a subset of the synchronization data items stored on the first device that belong to at least one synchronization sub-group in which the second device participates. Participation in at least one of the synchronization sub-groups is defined based on membership in at least one verification sub-group. The first and second devices are part of a set of related devices with several different verification sub-groups. The method sends only the subset of the synchronization data items that belong to at least one synchronization sub-group in which the second device participates to the second device using a secure channel.

Abstract: One embodiment provides a system that implements a 1-bit protocol for differential privacy for a set of client devices that transmit information to a server. Implementations may leverage specialized instruction sets or engines built into the hardware or firmware of a client device to improve the efficiency of the protocol. For example, a client device may utilize these cryptographic functions to randomize information sent to the server. In one embodiment, the client device may use cryptographic functions such as hashes including SHA or block ciphers including AES to provide an efficient mechanism for implementing differential privacy.

Abstract: One embodiment provides a system that implements a 1-bit protocol for differential privacy for a set of client devices that transmit information to a server. Implementations may leverage specialized instruction sets or engines built into the hardware or firmware of a client device to improve the efficiency of the protocol. For example, a client device may utilize these cryptographic functions to randomize information sent to the server. In one embodiment, the client device may use cryptographic functions such as hashes including SHA or block ciphers including AES to provide an efficient mechanism for implementing differential privacy.

Abstract: Some embodiments provide a method for a first device that identifies definitions of different groups of devices, each of which is defined by a set of properties required for a device to be a member. The method monitors properties of the first device to determine when the device is eligible for membership in a group. When the first device is eligible for membership in a first group of which the device is not a member, the method sends an application for membership in the first group signed with at least a private key of the device to at least one other device that is a member of the first group. When the first device becomes ineligible for membership in a second group of which the first device is a member, the method removes the device from the second group and notifies other devices that are members of the second group.

Abstract: Some embodiments provide a method for a first device to synchronize a set of data items with a second device. The method receives a request to synchronize the set of data items stored on the first device with the second device. The method determines a subset of the synchronization data items stored on the first device that belong to at least one synchronization sub-group in which the second device participates. Participation in at least one of the synchronization sub-groups is defined based on membership in at least one verification sub-group. The first and second devices are part of a set of related devices with several different verification sub-groups. The method sends only the subset of the synchronization data items that belong to at least one synchronization sub-group in which the second device participates to the second device using a secure channel.

Abstract: One embodiment provides a system that implements a 1-bit protocol for differential privacy for a set of client devices that transmit information to a server. Implementations may leverage specialized instruction sets or engines built into the hardware or firmware of a client device to improve the efficiency of the protocol. For example, a client device may utilize these cryptographic functions to randomize information sent to the server. In one embodiment, the client device may use cryptographic functions such as hashes including SHA or block ciphers including AES to provide an efficient mechanism for implementing differential privacy.

Abstract: Some embodiments provide a method for a first device that identifies definitions of different groups of devices, each of which is defined by a set of properties required for a device to be a member. The method monitors properties of the first device to determine when the device is eligible for membership in a group. When the first device is eligible for membership in a first group of which the device is not a member, the method sends an application for membership in the first group signed with at least a private key of the device to at least one other device that is a member of the first group. When the first device becomes ineligible for membership in a second group of which the first device is a member, the method removes the device from the second group and notifies other devices that are members of the second group.

Abstract: The system described may implement a 1-bit protocol for differential privacy for a set of client devices that transmit information to a server. Implementations of the system may leverage specialized instruction sets or engines built into the hardware or firmware of a client device to improve the efficiency of the protocol. For example, a client device may utilize these cryptographic functions to randomize information sent to the server. In one embodiment, the client device may use cryptographic functions such as hashes including SHA or block ciphers including AES. Accordingly, the system provides an efficient mechanism for implementing differential privacy.

Abstract: Some embodiments provide a method for a first device to synchronize a set of data items with a second device. The method receives a request to synchronize the set of data items stored on the first device with the second device. The method determines a subset of the synchronization data items stored on the first device that belong to at least one synchronization sub-group in which the second device participates. Participation in at least one of the synchronization sub-groups is defined based on membership in at least one verification sub-group. The first and second devices are part of a set of related devices with several different verification sub-groups. The method sends only the subset of the synchronization data items that belong to at least one synchronization sub-group in which the second device participates to the second device using a secure channel.

Abstract: The system described may implement a 1-bit protocol for differential privacy for a set of client devices that transmit information to a server. Implementations of the system may leverage specialized instruction sets or engines built into the hardware or firmware of a client device to improve the efficiency of the protocol. For example, a client device may utilize these cryptographic functions to randomize information sent to the server. In one embodiment, the client device may use cryptographic functions such as hashes including SHA or block ciphers including AES. Accordingly, the system provides an efficient mechanism for implementing differential privacy.

Abstract: Some embodiments provide a method for a first device that identifies definitions of different groups of devices, each of which is defined by a set of properties required for a device to be a member. The method monitors properties of the first device to determine when the device is eligible for membership in a group. When the first device is eligible for membership in a first group of which the device is not a member, the method sends an application for membership in the first group signed with at least a private key of the device to at least one other device that is a member of the first group. When the first device becomes ineligible for membership in a second group of which the first device is a member, the method removes the device from the second group and notifies other devices that are members of the second group.

Abstract: Some embodiments provide a method for a first device to synchronize a set of data items with a second device. The method receives a request to synchronize the set of data items stored on the first device with the second device. The method determines a subset of the synchronization data items stored on the first device that belong to at least one synchronization sub-group in which the second device participates. Participation in at least one of the synchronization sub-groups is defined based on membership in at least one verification sub-group. The first and second devices are part of a set of related devices with several different verification sub-groups. The method sends only the subset of the synchronization data items that belong to at least one synchronization sub-group in which the second device participates to the second device using a secure channel.

Abstract: A method of presenting password information to a user, the method comprising: receiving a password; determining the number of unique character sets utilized in the password; and displaying the number of unique character sets that are contained within the password.

Abstract: One embodiment of the present invention provides a system that establishes a secure connection with a peer. During operation, the system obtains an identity for the peer. Next, the system looks up the identity for the peer in a local store, which contains identities for trusted peers. If this lookup fails, the system asks a user if the peer can be trusted. If the user indicates that the peer can be trusted, the system establishes a secure connection with the peer.

Abstract: A method of presenting password information to a user, the method comprising: receiving a password; determining the number of unique character sets utilized in the password; and displaying the number of unique character sets that are contained within the password.

Abstract: A method of presenting password information to a user, the method comprising: receiving a password; determining the number of unique character sets utilized in the password; and displaying the number of unique character sets that are contained within the password.

Abstract: A system is provided for collecting information regarding a device or a user of a device. Information is collected from a discovery agent residing on the computer system. At certain times, the agent may be activated to collect the information. A sender transmits a discovery rule across a communication link to a computer system. The discovery agent and the discovery rule are separate code sequences or separate programs. The discovery rule is then applied to the information received from the discovery agent and the resulting information is returned back to the sender. Where the sender receives a user request, such as regarding the computer system, the discovery rule may be transmitted and the sender may use the resulting information to respond to the user request.