This disclosure describes techniques for controlling group access to a collaboration technology. The techniques include generating a shared encryption key among authorized producers of content associated with a collaboration technology. The techniques include receiving, by the authorized producers and from authenticated consumers, requests to access the content. The requests may be received in a partitioned manner, such that individual producers are serving a particular subset of the authenticated consumers. In response to receiving the requests, the techniques include sending the shared encryption key from the individual producers to the corresponding subset of authenticated consumers. The techniques include using the shared encryption key to encrypt content by the authorized producers, which may then be decrypted by the authenticated consumers using the shared encryption key, achieving end-to-end encryption of event content.

Embodiments herein include, for example, a method, comprising: generating a shared symmetric key to begin a communication session among a group of users by a first user; distributing, by the first user, the generated shared symmetric key to each user in the group of users; communicating within the communication session among a group of users, where each user encrypts a message to the group of users to be distributed through the communication session using the generated shared symmetric key, and each user decrypts a message received from the communication session using the generated shared symmetric key.

Embodiments disclosed herein provide a method that includes receiving, at a client-side web browser, a minimal bootstrap payload from an application server; storing, by a client-side processor, the minimal bootstrap payload in a client-side local cache, where the locally cached minimal bootstrap payload is executed by the client-side processor before executing an application from the application server; the minimal bootstrap payload includes at least one public key and at least one Uniform Resource Location (URL) address of an application code payload.

A method for securing communications for a given network topology is provided. The method comprises generating by a node N(i) of the network, security parameters for the node N(i); transmitting by the node N(i), said security parameters to a controller for the network; maintaining by the controller said security parameters for the node N(i); receiving by the controller a request from a node N(j) for the security parameters for the node N(i); retrieving by the controller the security parameters for the node N(i); and transmitting by the controller said security parameters to the node N(j).

Some embodiments of the present invention comprise a method, system, and/or computer program product for a publish/subscribe messaging system. A processor identifies a subscriber of a pub/sub messaging system. The processor retrieves a stored encrypted key for the identified subscriber of the pub/sub messaging system. The processor communicates the retrieved encrypted key to a user selected from a group comprising a publisher of the pub/sub messaging system and the identified subscriber of the pub/sub messaging system. The processor implements end-to-end encryption of messages of the pub/sub messaging system based on key-groups.

In one embodiment, an illustrative method herein may comprise: determining, by a device of a communication session, that a new epoch has occurred within the communication session, wherein the communication session has one or more member devices; generating, by the device and in response to the new epoch, a new key encryption key and a key bundle comprising one or more keys to decrypt content of the communication session from one or more previous epochs of the communication session; encrypting, by the device, the key bundle with the new key encryption key to create an encrypted key bundle; and sharing, from the device, the encrypted key bundle with the one or more member devices to allow the one or more member devices to access the content of the communication session from the one or more previous epochs.

Securely communicating traffic between control units interconnected by a network. An electronic control unit (ECU) receives a signed manifest identifying public keys for a group of ECUs authorized to communicate over the network. The ECU performs an authentication exchange with the ECUs in the group. The authentication exchange uses public keys identified in the manifest. Based on the authentication exchange, the ECU distributes a group key to authenticated ones of the ECUs that communicate messages authenticated using the group key.

A method of sharing a first common secret among a plurality of nodes for enabling secure communication for blockchain transactions. The method comprises determining, for at least one first node a plurality of second common secrets, wherein each second common secret is common to the first node and a respective second node, is determined at the first node based on a first private key of the first node and a first public key of the second node and is determined at the second node based on the first private key of the second node and the first public key of the first node. The method further comprises exchanging encrypted shares of the first common secret among the plurality of nodes to enable each of the plurality of nodes to reach a threshold number of shares of the first common secret to access the first common secret.

Systems and techniques for securing vehicle privacy in a driving infrastructure are described herein. A vehicle may contact a group identification (ID) issuer to register itself. A group ID may be received from the group ID issuer to indicate acceptance as a member. The vehicle may then contact the driving infrastructure to attach to the driving infrastructure using the group ID to identify the vehicle. In response, the vehicle receives an attachment ID from the driving infrastructure. Here, the attachment ID is used to secure communications between the vehicle and the driving infrastructure.

Techniques are described for managing devices using multiple virtual personal area networks (VPANs). A border router can receive a first request to join a network from a first device. The first device may be assigned to a first virtual personal area network (VPAN), which has an associated first group temporal key (GTK). The first GTK can be distributed to the first virtual device. The border router can also receive a second request to join a network from a second device. The second device may be assigned to a second VPAN, which has an associated second GTK. The second GTK can be distributed to the second virtual device.