Techniques for computer security, and more specifically timestamp-based key generation techniques, are described. Some implementations provide a table of key generation processes that is shared as a secret between a first computing system and a second computing system, both of which have synchronized clocks. Both computing systems use the same technique for selecting a key generation process from the table, such as based on a random number generator seeded with a timestamp. Since the computing systems have synchronized clocks, they both select and use the same key generation process, thereby generating the same encryption key without the need to communicate the key from one system to another. Furthermore, both computing systems may synchronize their clocks to a private time server that maintains a clock that runs faster or slower than standard time. Security is maintained by one or more of restricting access to the time server, using secret key generation processes, and/or using a secret random number generator.

A method performed by a first network node includes transmitting a first subscription request message indicating a request to subscribe to receive notification of changes in an authentication status of a wireless device. A first notification message is received. The first notification message includes an indication of a change in the authentication status of the wireless device.

The disclosure provides an approach for cryptographic agility. Embodiments include receiving, by a cryptographic agility system associated with an application, a request to establish a secure communication session. Embodiments include, prior to establishing the secure communication session, selecting, by the cryptographic agility system, a first cryptographic technique and a second cryptographic technique for the secure communication session. Embodiments include, during the secure communication session, utilizing the first encryption technique for securely communicating a first set of data. Embodiments include determining that a condition has been met for switching from the first encryption technique to the second encryption technique. Embodiments include, based on the determining that the condition has been met, utilizing the second encryption technique for securely communication a second set of data.

A method, apparatus, system, or computer-readable medium for performing object-level encryption and key rotations is disclosed. A service platform may store data items organized into one or more asset clusters. A first content encryption key may be set as the active encryption key for an asset cluster. The active encryption key may be encrypted using the master encryption key. A first subset of data items may be encrypted using the active encryption key (e.g., the first content encryption key). After the number of data items encrypted using the active encryption key satisfies a threshold value, the first content encryption key may be set as an inactive encryption key and a second content encryption key may be set as the new active encryption key for the asset cluster. A second subset of the plurality of data items may be encrypted using the active encryption key (e.g., the second content encryption key).

Various systems, computer-readable media, and computer-implemented methods of providing improved data privacy, anonymity and security by enabling subjects to which data pertains to remain “dynamically anonymous,” i.e., anonymous for as long as is desired—and to the extent that is desired—are disclosed herein. Embodiments include systems that create, access, use, store and/or erase data with increased privacy, anonymity, and security—thereby facilitating the availability of more qualified and accurate information. When personal data is authorized by data subjects to be shared with third parties, embodiments described herein may facilitate the sharing of information in a dynamically-controlled manner that also enables the delivery of temporally-, geographically-, and/or purpose-limited information to the receiving party. In one example, the disclosed techniques may be used to functionally separate geospatial information, such that it remains “dynamically anonymous,” i.e., anonymous for as long as is desired—and to the extent or degree that is desired.

Methods and systems for dynamic wireless network configuration are provided. Aspects include receiving, by an application on a user device, a token, deriving, by the application, a unique identifier and passcode based at least in part on the token, and controlling remote access to a first computer system based on the unique identifier and passcode.

Aspects of the subject technology provide for shared experience sessions within a group communications session such as a video call. The shared experience session may be, as one example, a co-watching session in which the participants in the call watch a video together while in the call. Encrypted shared state data may be exchanged between the participant devices, with which the participant devices can provide synchronized and coordinated output of shared experience data for the shared experience session of the group communications session.

Example embodiments of systems and methods for data transmission system between transmitting and receiving devices are provided. In an embodiment, each of the transmitting and receiving devices can contain a master key. The transmitting device can generate a diversified key using the master key, protect a counter value and encrypt data prior to transmitting to the receiving device, which can generate the diversified key based on the master key and can decrypt the data and validate the protected counter value using the diversified key.

Example embodiments of systems and methods for data transmission system between transmitting and receiving devices are provided. In an embodiment, each of the transmitting and receiving devices can contain a master key. The transmitting device can generate a diversified key using the master key, protect a counter value and encrypt data prior to transmitting to the receiving device, which can generate the diversified key based on the master key and can decrypt the data and validate the protected counter value using the diversified key.

Aspects of the invention include detecting that a rekey timer has expired. The rekey timer is one of a shared key rekey timer for a current shared key between the first node and a second node, and a session key rekey timer for a session key used in a secure communication between a channel on the first node and a channel on the second node. The session key was created based on the current shared key and is used for encrypting data in the secure communication. Based on the rekey timer being the shared key rekey timer, a new shared key is obtained and stored as the current shared key. Based on the rekey timer being the session key rekey timer, a new session key that is based at least in part on the current shared key is obtained and used in the secure communication.