Abstract: Systems and methods are disclosed herein for managing group membership. To remove a user from a group, a group management system ensures that the device associated with the user is no longer able to decrypt messages that are sent by other devices in the group, in spite of having a copy of the binary tree associated with the group. Accordingly, the group management system may update private and public keys that the device may access while ensuring that other devices get the updated private and public keys. The group management system may manipulate the binary tree to move the root node and the sibling node of the node associated with the user being removed such that the update to the binary tree ensures the remaining group members are able to properly participate in future group update operation for which the binary tree may be necessary.

Abstract: An end-to-end mechanism is disclosed herein for transporting encrypted messages over hypertext transport protocol (HTTP) sent to a group of recipients. In particular, the disclosed mechanism receives a message (e.g., as an input from a user) and encrypts that message using an encryption mechanism with a key unique to a particular user and to the message (e.g., different messages are encrypted using different keys). The encrypted message is then stored in a generated object along with other metadata needed for message processing. Once the object is generated, it is signed and encoded into a binary representation that is then sent to a server. The server system receives the binary representation and decodes it back into the object. The metadata of the object is then used to route the message to the correct recipient applications for decryption.