Abstract: A decentralized system for securely registering, updating, and/or resolving domain names in a distributed ledger is disclosed. The distributed ledger may comprise a smart contract that includes a look-up table that maps network names to network addresses and/or one or more keys. The smart contract may verify whether any updates and/or changes made to an entry in the look-up table are cryptographically authorized. Additionally, the smart contract may enforce any additional policies implemented by a domain administrator for authenticating changes and/or updates to a domain name entry. The unique combination of storing domain information in a decentralized ledger and validating changes and/or updates to the domain information provides a decentralized root of trust that allows for secure queries of network names (e.g., domain name) for secure cross-entity communications.

Abstract: A decentralized system for securely registering, updating, and/or resolving domain names in a distributed ledger is disclosed. The distributed ledger may comprise a smart contract that includes a look-up table that maps network names to network addresses and/or one or more keys. The smart contract may verify whether any updates and/or changes made to an entry in the look-up table are cryptographically authorized. Additionally, the smart contract may enforce any additional policies implemented by a domain administrator for authenticating changes and/or updates to a domain name entry. The unique combination of storing domain information in a decentralized ledger and validating changes and/or updates to the domain information provides a decentralized root of trust that allows for secure queries of network names (e.g., domain name) for secure cross-entity communications.

Abstract: A solution for circumventing censorship is disclosed. A first device connects to a first server hosted in a content delivery network (CDN). The CDN routes the first device's connection request to the first server. The first server responds by providing the first device with a configuration file that contains a plurality of second servers for the first device to access. Accordingly, the first device disconnects from the first server and hops between one or more of the plurality of second servers contained in the configuration file. By distributing the configuration file from a first server hosted in a CDN, the first device is able to obfuscate the true endpoint of the connection. Thus, the first device is able to obtain the configuration file without drawing the ire of censors. By hopping from server-to-server, the first device is able to stay one-step ahead of censors. Accordingly, the present disclosure describes a multi-prong approach to staying a step ahead of eavesdroppers, sniffers, and censors.

Abstract: A method, system, and non-transitory computer readable medium are described for providing a sender a plurality of ephemeral keys such that a sender and receiver can exchange encrypted communications. Accordingly, a sender may retrieve information, such as a public key and a key identifier, for the first receiver from a local storage. The retrieved information may be used to generate a key-encrypting key that is used to generate a random communication encryption key. The random communication encryption key is used to encrypt a communication, while the key-encrypting key encrypts the random communication key. The encrypted communication and the encrypted random communication key are transmitted to the first receiver.

Abstract: Determining whether to allow access to a message is disclosed. A message is received from a sender. The message is associated with a first time-to-live (TTL) value. A determination is made that the first time-to-live value has not been exceeded. The determination is made at least in part by obtaining an external master clock time. In response to the determination, access is allowed to the message.

Abstract: A solution for circumventing censorship is disclosed. A first device connects to a first server hosted in a content delivery network (CDN). The CDN routes the first device's connection request to the first server. The first server responds by providing the first device with a configuration file that contains a plurality of secondary servers for the first device to access. Accordingly, the first device disconnects from the first server and hops between one or more of the plurality of secondary servers contained in the configuration file. By distributing the configuration file from a first server hosted in a CDN, the first device is able to obfuscate the true endpoint of the connection. Thus, the first device is able to obtain the configuration file without drawing the ire of censors. By hopping from server-to-server, the first device is able to stay one-step ahead of censors. Accordingly, the present disclosure describes a multi-prong approach to staying a step ahead of eavesdroppers, sniffers, and censors.

Abstract: Secure directory services are disclosed. A cryptographic hash of a foreign identifier associated with a potential user is received. A determination is made that the received cryptographic hash of the foreign identifier matches a representation of a stored entry. In response to the determination, a transmission of a representation of a native identifier associated with the stored entry is transmitted to the sender of the cryptographic hash of the foreign identifier.

Abstract: The present disclosure describes techniques that allow for a client-side application, located on a first client device, to generate a random encryption key and encrypt locally-stored application data with the random encryption key. In order to ensure that the client-device application is unable to decrypt the locally-stored encrypted application data prior to authenticating with an external authentication source (i.e., SSO, IdP), the client-side application divides the random encryption key into at least a first share and a second share according to a secret sharing algorithm. The first share is transmitted to a trusted third party, while the second share is encrypted locally and stored in a secure location on the client device. Upon successful authentication, the trusted third party returns the second share to the first client device. The client-side application derives the random encryption key and decrypts the locally-stored encrypted application data to be used by the client-side application.

Abstract: The present application describes a method, system, and non-transitory computer-readable medium for generating new keys during a secure communication session. A key derivation function is operatively connected to both a counter and a memory. The key derivation function generates new key material from a first input and a second input in response to a signal provided by the counter. The key derivation function generates the new key material and outputs it to the memory.

Abstract: The present application describes a method, system, and non-transitory computer-readable medium for exchanging encrypted communications using hybrid encryption. According to the present disclosure, a first device receives an encrypted communication from a second device. The encrypted communication includes a first encrypted secret, a second encrypted secret, a first signature, and a second signature. The first device verifies the first signature and the second signature, and, when the first and second signatures are valid, decrypts the first encrypted secret using a first encryption algorithm and the second encrypted secret using a second encryption algorithm. The first device combines the first decrypted secret and the second decrypted secret to recover a first communication and provides the first communication to a user of the first device.

Abstract: The present application describes a method, system, and non-transitory computer-readable medium for exchanging encrypted communications using hybrid cryptography protocol. According to the present disclosure, a first device divides a first communication into at least a first secret and a second secret. The first device encrypts the first secret using a first cipher suite and the second secret using a second cipher suite. The first device generates a first signature of the first encrypted secret and the second encrypted secret according to a first signature generation algorithm associated with the first cipher suite and a second signature of the first encrypted secret and the second encrypted secret according to a second signature generation algorithm associated with the second cipher suite. The first device transmits the first encrypted secret and the second encrypted secret, the first signature, and the second signature to the second device.

Abstract: A secure communication platform includes a user database that allows users from different secure communication networks to perform directory look-ups to access keys, and other information, for recipients outside of their network. Users from different secure communication networks may request, from the database, user information of users outside their secure communication. The user information may allow the users of different secure communication networks to exchange secure communications. The secure communication platform provides a high degree of trust regarding the sender's identity, allowing the receiving network to trust the sender, and allowing the secure communications to flow across different secure communication networks.

Abstract: The present application describes a method, system, and non-transitory computer-readable medium for end-to-end encryption during a secure communication session. According to the present disclosure, a first device initializes a secure communication session with at least one second device. Initializing the secure communication session includes transmitting an invitation to a secure communication session to the at least one second device. The first device subsequently receives the token from the at least one second device and validates the token. When the token is invalid, the first devices terminates the secure communication session. However, when the token is valid, the first device performs a three-way handshake with the at least one second device to negotiate a first encryption key and a second encryption key.

Abstract: The present application describes a method, system, and non-transitory computer-readable medium for end-to-end encryption during a secure communication session. According to the present disclosure, a first device initializes a secure communication session with at least one second device. Initializing the secure communication session includes transmitting an invitation to a secure communication session to the at least one second device. The first device subsequently receives the token from the at least one second device and validates the token. When the token is invalid, the first devices terminates the secure communication session. However, when the token is valid, the first device performs a three-way handshake with the at least one second device to negotiate a first encryption key and a second encryption key.

Abstract: The present disclosure describes techniques for configuring and participating in encrypted audio calls, audio conferences, video calls, and video conferences. In particular, a call initiator generates a meeting identifier and a first meeting key, which are encrypted using a first encryption key and distributed to one or more participants of the call. The one or more participants decrypt the meeting identifier and the first meeting key, and use that information to participate in the encrypted call. Further, participants respond to the encrypted communication data by encrypting their reply data with the first meeting key. The call initiator decrypts the reply data using the first meeting key.

Abstract: A method, system, and non-transitory computer readable medium are described for providing a sender a plurality of ephemeral keys such that a sender and receiver can exchange encrypted communications. Accordingly, a sender may retrieve information, such as a public key and a key identifier, for the first receiver from a local storage. The retrieved information may be used to generate a key-encrypting key that is used to generate a random communication encryption key. The random communication encryption key is used to encrypt a communication, while the key-encrypting key encrypts the random communication key. The encrypted communication and the encrypted random communication key are transmitted to the first receiver.

Abstract: Multi-party messaging is disclosed. A plurality of public keys is requested by a first device from a server, wherein the plurality of public keys is associated with a plurality of recipients. A message containing one or more components is encrypted using a symmetric key. The symmetric key is encrypted, using each of the respective public keys, resulting in a plurality of encrypted symmetric keys. The encrypted message and the encrypted symmetric keys are encapsulated in an encapsulation. The encapsulation is transmitted to the server.

Abstract: Screen capture mitigation is disclosed. It is conveyed to a user that a received content item can be displayed in response to the user placing at least one finger on a display. A first finger in a first screen area of the display is detected. A second finger in a second screen area of the display is detected. The received content item is displayed in response to detecting the first finger in the first screen area and the second finger in the second screen area. A change in location of at least one of the first finger and the second finger is detected. In response to detecting the change, it is determined whether the change in the at least one of the first finger and the second finger is greater than a threshold. When the change is greater than the threshold, displaying the received content item is ceased.

Abstract: The present disclosure describes techniques for configuring and participating in encrypted audio calls, audio conferences, video calls, and video conferences. In particular, a call initiator generates a meeting identifier and a first meeting key, which are encrypted using a first encryption key and distributed to one or more participants of the call. The one or more participants decrypt the meeting identifier and the first meeting key, and use that information to participate in the encrypted call. Further, participants respond to the encrypted communication data by encrypting their reply data with the first meeting key. The call initiator decrypts the reply data using the first meeting key.

Abstract: A digital security bubble encapsulation is disclosed. A public key and a device identifier of at least one recipient is requested from a first server. A message containing one or more components is encrypted using a symmetric key. The symmetric key is encrypted with a public key received in response to the request. The encrypted message, the encrypted symmetric key, and the device identifier are encapsulated in a digital security bubble encapsulation. The digital security bubble encapsulation is transmitted to a second server.