Abstract: This document relates to hardware protection of differential privacy techniques. One example obtains multiple instances of encrypted telemetry data within a secure enclave and processes the encrypted telemetry data to obtain multiple instances of unencrypted telemetry data. The example also processes, within the secure enclave, the multiple instances of unencrypted telemetry data to obtain a perturbed aggregate. The example also releases the perturbed aggregate from the secure enclave.

Abstract: A system includes determination of a plurality of meta-copysets of a plurality of storage devices, each of the meta-copysets including a first number of storage devices, determination of a first copyset of a second number of storage devices from a first one of the meta-copysets, where the second number is less than the first number, storage of first data in a fault-tolerant format using the first copyset, determination to migrate the first data from a first storage device of the first copyset, and, in response to the determination to migrate the first data, determine a second copyset of the second number of storage devices including a storage device from the first meta-copyset which is not in the first copyset, and the storage devices of the first copyset except for the first storage device of the first copyset and storage of the first data in a fault-tolerant format using the second copyset.

Abstract: A system includes determination of a plurality of meta-copysets of a plurality of storage devices, each of the meta-copysets including a first number of storage devices, determination of a first copyset of a second number of storage devices from a first one of the meta-copysets, where the second number is less than the first number, storage of first data in a fault-tolerant format using the first copyset, determination to migrate the first data from a first storage device of the first copyset, and, in response to the determination to migrate the first data, determine a second copyset of the second number of storage devices including a storage device from the first meta-copyset which is not in the first copyset, and the storage devices of the first copyset except for the first storage device of the first copyset and storage of the first data in a fault-tolerant format using the second copyset.

Abstract: This document relates to hardware protection of differential privacy techniques. One example obtains multiple instances of encrypted telemetry data within a secure enclave and processes the encrypted telemetry data to obtain multiple instances of unencrypted telemetry data. The example also processes, within the secure enclave, the multiple instances of unencrypted telemetry data to obtain a perturbed aggregate. The example also releases the perturbed aggregate from the secure enclave.

Abstract: Various technologies pertaining to authenticating a password in a manner that prevents offline dictionary attacks are described. A protected module, which can be a hardware security module, a trusted platform module, or the like, is in communication with an authentication server. The protected module comprises a key that is restricted to the protected module. The key is employed in connection with authenticating the password on the protected module.

Abstract: Various technologies pertaining to authenticating a password in a manner that prevents offline dictionary attacks are described. A protected module, which can be a hardware security module, a trusted platform module, or the like, is in communication with an authentication server. The protected module comprises a key that is restricted to the protected module. The key is employed in connection with authenticating the password on the protected module.

Abstract: Various technologies pertaining to authenticating a password in a manner that prevents offline dictionary attacks are described. A protected module, which can be a hardware security module, a trusted platform module, or the like, is in communication with an authentication server. The protected module comprises a key that is restricted to the protected module. The key is employed in connection with authenticating the password on the protected module.

Abstract: Described is a technology by which the identity of a person (e.g., a customer in a commercial transaction) is determinable without active identification effort, via biometric data is obtained without action by the person. Machine processing of the biometric data over a set of possible persons, determined from secondary proximity sensing, is used to determine or assist in determining the identity of the person.

Abstract: Described is a technology by which the identity of a person (e.g., a customer in a commercial transaction) is determinable without active identification effort, via biometric data is obtained without action by the person. Machine processing of the biometric data over a set of possible persons, determined from secondary proximity sensing, is used to determine or assist in determining the identity of the person.

Abstract: Described is a technology by which the identity of a person (e.g., a customer in a commercial transaction) is determinable without active identification effort, via biometric data is obtained without action by the person. Machine processing of the biometric data over a set of possible persons, determined from secondary proximity sensing, is used to determine or assist in determining the identity of the person.

Abstract: Various technologies pertaining to authenticating a password in a manner that prevents offline dictionary attacks are described. A protected module, which can be a hardware security module, a trusted platform module, or the like, is in communication with an authentication server. The protected module comprises a key that is restricted to the protected module. The key is employed in connection with authenticating the password on the protected module.