A system is provided for performing secure key exchange between a plurality of nodes of a communication network. The system comprises a master node and at least two slave nodes. In this context, the master node is configured to authenticate the at least two slave nodes with a pair-wise authentication key corresponding to each pair of master node and slave nodes. The master node is further configured to generate a group authentication key common to the plurality of nodes. Furthermore, the master node is configured to encrypt the group authentication key with the pair-wise authentication key for each respective pair of master node and slave nodes, thereby generating a respective encrypted group authentication key. Moreover, the master node is configured to communicate the encrypted group authentication key to the respective slave nodes.

Systems and techniques for information-centric network namespace policy-based content delivery are described herein. A registration request may be received from a node on an information-centric network (ICN). Credentials of the node may be validated. The node may be registered with the ICN based on results of the validation. A set of content items associated with the node may be registered with the ICN. An interest packet may be received from a consumer node for a content item of the set of content items that includes an interest packet security level for the content item. Compliance of the security level of the node with the interest packet security level may be determined. The content item may be transmitted to the consumer node.

Per CFR 1.121, Applicant hereby amends the abstract of the application by substitute abstract, by submitting: (i) instruction for the cancellation of the previous version of the abstract; and (ii) a substitute abstract in compliance with 37 CFR § 1.121(b)(2)(ii). RE i)

Please cancel the previous version of the abstract. RE ii)

A clean version of the substitute Abstract is set forth on the following page. No new matter has been added.

Embodiments that relate to pairing and finding a group of accessory devices are described. In an embodiment, a pairing status is received from a first accessory device, a request is sent to the first accessory device for information on a number of accessory devices in a device group and a number of accessory devices that are proximate to the first accessory device in the device group, information on a second accessory device in the device group is received, a continue pairing message is sent to the second accessory device if the second accessory device is proximate, and a device group profile is created with information on the number of parts and received information on the second accessory device

One disclosed example method includes a leader client device associated with a leader participant generating a meeting key for a video meeting joined by multiple participants. For each participant, the leader client device obtains a long-term public key and a cryptographic signature associated with the participant. The leader client device verifies the cryptographic signature of the participant based on the long-term public key and the cryptographic signature. If the verification is successful, the leader client device encrypts the meeting key for the participant using a short-term private key generated by the leader client device, a short-term public key of the participant, a meeting identifier, and a user identifier identifying the participant. The leader client device further publishes the encrypted meeting key for the participant on the meeting system. The leader client device encrypts and decrypts meeting data communicated with other participants based on the meeting key.

One example system for providing long-term key management for end-to-end encryption of videoconferencing information includes a processor and at least one memory device. The memory device includes code for causing the processor to generate one or more persistent cryptographic keys for a specific client device. A persistent key can be stored in or on the specific client device. A mapping of the key to a client device identifier can be transmitted to the video conference provider and can enable the video conference provider to set up videoconferences with per client encryption. A processor at the video conference provider can distribute the key for each client device to one or more participants in a videoconference to enable the client devices to end-to-end encrypt the videoconference.

One disclosed example involves a client device joining a videoconferencing meeting in which there is end-to-end encryption, where the end-to-end encryption is implemented by the client devices participating in the meting using a meeting key provided by the meeting host. Thereafter, the client device receives a public key of an asymmetric key pair corresponding to the host of the meeting, where the public key is different from the meeting key. The client device then generates a security code based on the public key and output the security code on a display device. The security code can be compared to another security code generated by another client device participating in the meeting to verify if the meeting is secure. The client device may also receive encrypted videoconferencing data, decrypt it using the meeting key, and output the decrypted videoconferencing data on the display device.

Systems and methods for encrypted content management are provided and include generating a user private key, a user public key, and a symmetric encryption key. A group private key, a group public key, and a group symmetric encryption key are generated and the group private key is encrypted with the group symmetric encryption key. A first shared-secret key is generated based on the user public key and the group private key using a diffie-hellman exchange algorithm. The group symmetric encryption key is encrypted using the first shared-secret key to generate an escrow key. Plaintext data is encrypted using a content symmetric key. A second shared-secret key is generated based on an ephemeral private key and the group public key using a diffie-hellman exchange algorithm. The content symmetric key is encrypted using the second shared-secret key.

A method, apparatus, system, or computer-readable medium for performing object-level encryption and key rotations is disclosed. A service platform may store data items organized into one or more asset clusters. A first content encryption key may be set as the active encryption key for an asset cluster. The active encryption key may be encrypted using the master encryption key. A first subset of data items may be encrypted using the active encryption key (e.g., the first content encryption key). After the number of data items encrypted using the active encryption key satisfies a threshold value, the first content encryption key may be set as an inactive encryption key and a second content encryption key may be set as the new active encryption key for the asset cluster. A second subset of the plurality of data items may be encrypted using the active encryption key (e.g., the second content encryption key).

Aspects of the subject technology provide for shared experience sessions within a group communications session such as a video call. The shared experience session may be, as one example, a co-watching session in which the participants in the call watch a video together while in the call. Encrypted shared state data may be exchanged between the participant devices, with which the participant devices can provide synchronized and coordinated output of shared experience data for the shared experience session of the group communications session.