Systems, methods, and devices are described herein for executing a lockdown of electronic locks deployed in a local network of interconnected devices. In example implementations, each electronic lock is provided with a unique encryption key specific to that electronic lock and is provided with a shared encryption key. To execute a lockdown of all electronic locks in the local network, a server generates a locking instruction and encrypts it using the shared encryption key. The server then transmits the encrypted locking instruction to the gateway devices of the local network which, in turn, transmit it to each of the electronic locks. Upon receipt of the encrypted locking instruction, the electronic locks attempt to decrypt it using the shared encryption key. Upon successful decryption of the encrypted locking instruction, an electronic lock toggles to a lock state.

A method of encrypting data, in particular encrypting data in dependence on a user verification confidence level. An encryption algorithm is provided, data is input into the encryption algorithm, along with a public key and an access structure comprising the user verification confidence level. The encryption algorithm is run to output a cypher text of encrypted data, whereby the access structure is embedded into the cypher text such that only an entity satisfying the access structure can decrypt the cypher text.

A system is provided for performing secure key exchange between a plurality of nodes of a communication network. The system comprises a master node and at least two slave nodes. In this context, the master node is configured to authenticate the at least two slave nodes with a pair-wise authentication key corresponding to each pair of master node and slave nodes. The master node is further configured to generate a group authentication key common to the plurality of nodes. Furthermore, the master node is configured to encrypt the group authentication key with the pair-wise authentication key for each respective pair of master node and slave nodes, thereby generating a respective encrypted group authentication key. Moreover, the master node is configured to communicate the encrypted group authentication key to the respective slave nodes.

For access policy enforcement, a method restricts access to a decryption key for private data on an electronic device. The private data is encrypted and includes group communications. The method determines an electronic device profile that includes a device time and a device location of the electronic device. The method releases the decryption key in response to the electronic device profile satisfying an access policy. The method decrypts the private data using the decryption key.

A method includes receiving, at an electronic device and from a second electronic device, a second root identifier, wherein the second root identifier is associated with a second profile tree maintained at the second electronic device and determining that a first root identifier does not match the second root identifier, wherein the first root identifier is based on a first profile tree maintained at the electronic device. The method further includes sending, to the second electronic device, the first profile tree, wherein the first profile tree comprises representation of currently maintained user profiles at the electronic device, receiving, from the second electronic device, user profile update information, and updating a subset of the currently maintained user profiles based on the user profile update information.

Some embodiments of the subject technology provide a novel system for synchronizing content items among a group of peer devices. The content synchronizing system of some embodiments includes the group of peer devices and a set of one or more synchronizing servers communicatively connected with the peer devices through one or more networks. In some embodiments, the synchronizing system uses a star architecture, in which each peer device offloads its synchronization operations to the synchronizing server set. Without establishing a peer-to-peer communication with any other peer device, the particular peer device in these embodiments supplies an encrypted content item set along with the N−1 encryptions of a content key used to encrypt the content item set to the synchronizing server set so that this server set can distribute the encrypted content item set and an encrypted content key to each of the N−1 peer devices.

A module may have more than one device, such as an IoT device, that requires bootstrapping. A first device may be provisioned with a pre-shared key (PSK). The first device, such as an IoT device, may bootstrap in a conventional manner using its PSK. A second device without a PSK may be added to the module post-manufacture. The first device may share registration details with the second device and also with an LwM2M server. When contacted by the second device, the LwM2M server may associate the second device with the first device and treat them as one from an operational standpoint, reducing the need for pre-shared keys across domains lacking an existing trust relationship.

A method for secure file transmission comprises: encrypting a file using a location key system having multi-part keys; generating an identification for the encrypted file; transmitting the identification from a sender to a recipient; transmitting a public key from the recipient to the sender; generating, by M of N devices of a set of devices associated with the sender, its respective partial secret for the encrypted file and encrypting respective partial shared secrets with the public key; transmitting, by the sender, the encrypted file and encrypted partial shared secrets to the recipient; decrypting, by the recipient, the received encrypted partial shared secrets; combining the decrypted partial shared secrets with a threshold scheme; and decrypting the encrypted file using the combined secrets.

Computer-readable media, methods, and systems are disclosed for managing group-level database encryption keys under group-level encryption in a database management system. Upon startup of the database management system, persisted database entries are sequentially processed to produce an in-memory data structure comprising a set of encryption group identifier metadata tuples having an encryption group identifier and a valid-from save point cycle version. The set of encryption group identifier metadata tuples is mapped to a set of key identifier tuples including a local secure store identifier and a group-level encryption key identifier. A set of group-level encryption keys is received from a key management system, according to which a group-level encryption key is mapped to each encryption group identifier metadata tuple. Finally, an in-memory representation of the mapping between the set of encryption group identifier metadata tuples, the set of key identifier tuples, and the set of group-level encryption keys is constructed.

One disclosed example involves a client device joining a videoconferencing meeting in which there is end-to-end encryption, where the end-to-end encryption is implemented by the client devices participating in the meting using a meeting key provided by the meeting host. Thereafter, the client device receives a public key of an asymmetric key pair corresponding to the host of the meeting, where the public key is different from the meeting key. The client device then generates a security code based on the public key and output the security code on a display device. The security code can be compared to another security code generated by another client device participating in the meeting to verify if the meeting is secure. The client device may also receive encrypted videoconferencing data, decrypt it using the meeting key, and output the decrypted videoconferencing data on the display device.