One disclosed example involves a client device joining a videoconferencing meeting in which there is end-to-end encryption, where the end-to-end encryption is implemented by the client devices participating in the meting using a meeting key provided by the meeting host. Thereafter, the client device receives a public key of an asymmetric key pair corresponding to the host of the meeting, where the public key is different from the meeting key. The client device then generates a security code based on the public key and output the security code on a display device. The security code can be compared to another security code generated by another client device participating in the meeting to verify if the meeting is secure. The client device may also receive encrypted videoconferencing data, decrypt it using the meeting key, and output the decrypted videoconferencing data on the display device.

Lawful intercept is supported by providing a network communications device target identifiers in encrypted form. Received encrypted target identifiers are stored in a non-volatile storage device. Before communications interception occurs, one or more encrypted target identifiers are loaded into active memory which is secure and not accessible by a network device operating system administrator. A decryption request is sent to a security device and the result loaded into the secure active memory. Plain text target identifier(s) returned by the security device are loaded directly into the active memory without being stored in the operating system administrator accessible storage device. In the case of a reset resulting in the contents of the active memory being lost, the active memory is repopulated by sending decryption requests using the stored encrypted target identifiers to indicate to the security device the target identifiers which need to be decrypted and reloaded into active memory.

A distributed ledger system may include a first distributed ledger node associated with a first participant bank that maintains a first participant bank deposit account on a blockchain-based distributed ledger in a distributed ledger network; a second distributed ledger node associated with a second participant bank that maintains a second participant bank deposit account on the blockchain-based distributed ledger; and a third distributed ledger node associated with a liquidity provider that maintains a liquidity provider deposit account on the blockchain-based distributed ledger. A consensus algorithm operates on the distributed ledger nodes and updates the blockchain-based distributed ledger in which multiple copies of the blockchain-based distributed ledger across the distributed ledger nodes, and transactions involving the first participant bank deposit account, the second participant bank deposit account, and/or the liquidity provider deposit account are added to a block to the blockchain-based distributed ledger.

Techniques for secure authentication in virtual reality are provided. A virtual reality application executing on a virtual reality device can provide virtual reality environment. The virtual reality application may communicate with a server that provides a plurality of objects for display in the VR environment. The environment can include an object that, once selected, may initiate an authentication process. Once initiated, an authentication application may be launched on the VR device, so that a private authentication environment may be provided to the user. The user may be prompted to provide a biometric sample using one or more input devices coupled to the VR device. The biometric sample can then be sent to the authentication server, so that an authentication result may be determined from a comparison of the sample to a biometric template established during registration.

Techniques for securely controlling multiple lighting devices simultaneously with a lighting control device are disclosed. Command messages may be transmitted from the lighting control device to multiple lighting devices over a computer network without routing through a remote cloud service. The messages may be encrypted and may include an incremented sequence number. Lighting devices that receive a command message may compare the incremented sequence number to a previously stored sequence number corresponding to the lighting control device. If the incremented sequence number is greater than the stored sequence number, then a lighting device may determine the message was transmitted by an authorized lighting control device and may implement any command instruction included therein. If the incremented sequence number is equal to or less than the stored sequence number, then the lighting device may determine the command message was transmitted by a malicious source and may ignore the command message.

Identity authentication method, system, and computing device are disclosed. The method includes: an identity authentication method is provided, which includes: a first device establishing a communication connection with a second device, and obtaining encrypted information through the Internet, where the first device is a device that is allowed to access the Internet, and the second device is a device that is not allowed to access the Internet; the first device encrypting identity information of an account that is logged into the second device by using the encrypted information, and sending the encrypted identity information to the second device; and the first device receiving a verification result that is returned by the second device, wherein the second device verifies the encrypted identity information based on verification information.

Disclosed are various embodiments for providing access to a recovery key of a managed device and rotating the recovery key after it has been accessed. In one example, among others, a system includes a computing device and program instructions. The program instructions can cause the computing device to store a first recovery key for a first managed computing device. The first recovery key is configured to access an encrypted data store of the first managed computing device. A request is received for the first recovery key from a second managed computing device. The first recovery key is transmitted for display on the second managed computing device. A key rotation command is generated for a command queue of the first managed computing device to rotate the first recovery key after transmitting the first recovery key. The second recovery key is received from the second computing device.

Techniques for computer security, and more specifically timestamp-based key generation techniques, are described. Some implementations provide a table of key generation processes that is shared as a secret between a first computing system and a second computing system, both of which have synchronized clocks. Both computing systems use the same technique for selecting a key generation process from the table, such as based on a random number generator seeded with a timestamp. Since the computing systems have synchronized clocks, they both select and use the same key generation process, thereby generating the same encryption key without the need to communicate the key from one system to another. Furthermore, both computing systems may synchronize their clocks to a private time server that maintains a clock that runs faster or slower than standard time. Security is maintained by one or more of restricting access to the time server, using secret key generation processes, and/or using a secret random number generator.

Systems and methods for encrypted content management are provided and include generating a user private key, a user public key, and a symmetric encryption key. A group private key, a group public key, and a group symmetric encryption key are generated and the group private key is encrypted with the group symmetric encryption key. A first shared-secret key is generated based on the user public key and the group private key using a diffie-hellman exchange algorithm. The group symmetric encryption key is encrypted using the first shared-secret key to generate an escrow key. Plaintext data is encrypted using a content symmetric key. A second shared-secret key is generated based on an ephemeral private key and the group public key using a diffie-hellman exchange algorithm. The content symmetric key is encrypted using the second shared-secret key.

This disclosure describes system on a chip (SOC) communications that prevent direct memory access (DMA) attacks. An example SoC includes an encryption engine and a security processor. The encryption engine is configured to encrypt raw input data using a cipher key to form an encrypted payload. The security processor is configured to select the cipher key from a key store holding a plurality of cipher keys based on a channel ID describing a {source subsystem, destination subsystem} tuple for the encrypted payload, to form an encryption header that includes the channel ID, to encapsulate the encrypted payload with the encryption header that includes the channel ID to form a crypto packet, and to transmit the crypto packet to a destination SoC that is external to the SoC.