Abstract: One disclosed example method includes a leader client device associated with a leader participant generating a meeting key for a video meeting joined by multiple participants. For each participant, the leader client device obtains a long-term public key and a cryptographic signature associated with the participant. The leader client device verifies the cryptographic signature of the participant based on the long-term public key and the cryptographic signature. If the verification is successful, the leader client device encrypts the meeting key for the participant using a short-term private key generated by the leader client device, a short-term public key of the participant, a meeting identifier, and a user identifier identifying the participant. The leader client device further publishes the encrypted meeting key for the participant on the meeting system. The leader client device encrypts and decrypts meeting data communicated with other participants based on the meeting key.

Abstract: One example method includes receiving, by a compliance auditing server, an indication of an encrypted video conference; sending, by the compliance auditing server, a request to a video conference provider to join a compliance auditing participant to the encrypted video conference, wherein the video conference provider does not have access to the compliance auditing server; receiving and storing, by the compliance auditing server, encrypted streams of audio and video from a plurality of participants in the video conference, wherein: the compliance auditing participant is one of the plurality of participants; and the video conference provider does not have access to the cryptographic meeting key; receiving, by the compliance auditing server after the encrypted video conference has ended, a request for a portion of the encrypted streams of audio and video; and providing, in response to the request, the portion of the encrypted streams of audio and video.

Abstract: One example method includes a device management system detecting an attempt to access a user account by an unenrolled device. The device management system identifies a first enrolled device of the user account by accessing a signature chain of the user account. The device management system facilitates a transmission of a cryptographically-signed enrollment request from the unenrolled device to the first enrolled device. The first enrolled device is configured to cryptographically validate the enrollment request. The first enrolled device is further configured to generate an encrypted attestation message that indicates that the unenrolled device has been authenticated. The unenrolled device can receive and decrypt the encrypted attestation message based on a passcode being displayed on the first enrolled device. The device management system receives a decrypted attestation message from the unenrolled device and updates the signature chain to include a new sequential record for the unenrolled device.

Abstract: Systems and methods for user authentication in video conferences using signed contact lists are provided. A client device associated with a user joins a video conference hosted by a video conference provider. The video conference has a plurality of participants. The client device receives participant information for each participant of the plurality of participants. The client device verifies at least one participant of the plurality of participants by comparing the participant information with a contact list associated with the user. The client device updates a contact record corresponding to the at least one participant in the contact list. The contact record includes video conference information, at least a portion of the participant information, and a cryptographic signature.

Abstract: One disclosed example method includes receiving, by a video conference provider, video frames from a plurality of existing participants in a video conference; receiving, by the video conference provider, a request from a new user to join the video conference, and in response: generating, by the video conference provider, an instantaneous decoder refresh (IDR) frame; determining, by the video conference provider, one or more prior video frames previously acknowledged by each existing participant of the plurality of existing participants; generating, by the video conference provider, a benchmark frame for each of the plurality of existing participants based on at least one of the determined one or more prior video frames and the IDR frame; transmitting, by the video conference provider, the IDR frame to the new user; and transmitting, by the video conference provider, a message comprising the benchmark frame to each of the plurality of existing participants.

Abstract: One example method includes receiving identification information associated with a new user device, the new user device associated with the user; accessing a signature chain associated with the user, the signature chain comprising one or more sequential records; associating user personal information with the new user device; generating a cryptographic signature based on cryptographic keys associated with the new user device; generating an obfuscated representation of the user personal information; generating a record comprising the identification information, the user personal information, the cryptographic signature, and the obfuscated representation of the user personal information; generating a cryptographic identifier based on the identification information, the cryptographic signature, the obfuscated representation of the user personal information, and a latest of the one or more sequential records; inserting the cryptographic identifier into the record; appending the record to the signature chain as a s

Abstract: One example method includes receiving, by a compliance auditing server, an indication of an encrypted video conference; sending, by the compliance auditing server, a request to a video conference provider to join a compliance auditing participant to the encrypted video conference, wherein the video conference provider does not have access to the compliance auditing server; receiving and storing, by the compliance auditing server, encrypted streams of audio and video from a plurality of participants in the video conference, wherein: the compliance auditing participant is one of the plurality of participants; and the video conference provider does not have access to the cryptographic meeting key; receiving, by the compliance auditing server after the encrypted video conference has ended, a request for a portion of the encrypted streams of audio and video; and providing, in response to the request, the portion of the encrypted streams of audio and video.

Abstract: One example method includes a device management system detecting an attempt to access a user account by an unenrolled device. The device management system identifies a first enrolled device of the user account by accessing a signature chain of the user account. The device management system facilitates a transmission of a cryptographically-signed enrollment request from the unenrolled device to the first enrolled device. The first enrolled device is configured to cryptographically validate the enrollment request. The first enrolled device is further configured to generate an encrypted attestation message that indicates that the unenrolled device has been authenticated. The unenrolled device can receive and decrypt the encrypted attestation message based on a passcode being displayed on the first enrolled device. The device management system receives a decrypted attestation message from the unenrolled device and updates the signature chain to include a new sequential record for the unenrolled device.

Abstract: One disclosed example method includes receiving, by a video conference provider, video frames from a plurality of existing participants in a video conference; receiving, by the video conference provider, a request from a new user to join the video conference, and in response: generating, by the video conference provider, an instantaneous decoder refresh (IDR) frame; determining, by the video conference provider, one or more prior video frames previously acknowledged by each existing participant of the plurality of existing participants; generating, by the video conference provider, a benchmark frame for each of the plurality of existing participants based on at least one of the determined one or more prior video frames and the IDR frame; transmitting, by the video conference provider, the IDR frame to the new user; and transmitting, by the video conference provider, a message comprising the benchmark frame to each of the plurality of existing participants.

Abstract: One example method includes receiving identification information associated with a new user device, the new user device associated with the user; accessing a signature chain associated with the user, the signature chain comprising one or more sequential records; associating user personal information with the new user device; generating a cryptographic signature based on cryptographic keys associated with the new user device; generating an obfuscated representation of the user personal information; generating a record comprising the identification information, the user personal information, the cryptographic signature, and the obfuscated representation of the user personal information; generating a cryptographic identifier based on the identification information, the cryptographic signature, the obfuscated representation of the user personal information, and a latest of the one or more sequential records; inserting the cryptographic identifier into the record; appending the record to the signature chain as a s

Abstract: Systems and methods for user authentication in video conferences using signed contact lists are provided. A client device associated with a user joins a video conference hosted by a video conference provider. The video conference has a plurality of participants. The client device receives participant information for each participant of the plurality of participants. The client device verifies at least one participant of the plurality of participants by comparing the participant information with a contact list associated with the user. The client device updates a contact record corresponding to the at least one participant in the contact list. The contact record includes video conference information, at least a portion of the participant information, and a cryptographic signature.

Abstract: One disclosed example method includes receiving, by a video conference provider, video frames from a plurality of existing participants in a video conference; receiving, by the video conference provider, a request from a new user to join the video conference, and in response: generating, by the video conference provider, an instantaneous decoder refresh (IDR) frame; determining, by the video conference provider, one or more prior video frames previously acknowledged by each existing participant of the plurality of existing participants; generating, by the video conference provider, a benchmark frame for each of the plurality of existing participants based on at least one of the determined one or more prior video frames and the IDR frame; transmitting, by the video conference provider, the IDR frame to the new user; and transmitting, by the video conference provider, a message comprising the benchmark frame to each of the plurality of existing participants.

Abstract: One disclosed example involves a client device joining a videoconferencing meeting in which there is end-to-end encryption, where the end-to-end encryption is implemented by the client devices participating in the meting using a meeting key provided by the meeting host. Thereafter, the client device receives a public key of an asymmetric key pair corresponding to the host of the meeting, where the public key is different from the meeting key. The client device then generates a security code based on the public key and output the security code on a display device. The security code can be compared to another security code generated by another client device participating in the meeting to verify if the meeting is secure. The client device may also receive encrypted videoconferencing data, decrypt it using the meeting key, and output the decrypted videoconferencing data on the display device.

Abstract: One disclosed example method includes receiving, by a video conference provider, video frames from a plurality of existing participants in a video conference; receiving, by the video conference provider, a request from a new user to join the video conference, and in response: generating, by the video conference provider, an instantaneous decoder refresh (IDR) frame; determining, by the video conference provider, one or more prior video frames previously acknowledged by each existing participant of the plurality of existing participants; generating, by the video conference provider, a benchmark frame for each of the plurality of existing participants based on at least one of the determined one or more prior video frames and the IDR frame; transmitting, by the video conference provider, the IDR frame to the new user; and transmitting, by the video conference provider, a message comprising the benchmark frame to each of the plurality of existing participants.

Abstract: One example method includes a device management system detecting an attempt to access a user account by an unenrolled device. The device management system identifies a first enrolled device of the user account by accessing a signature chain of the user account. The device management system facilitates a transmission of a cryptographically-signed enrollment request from the unenrolled device to the first enrolled device. The first enrolled device is configured to cryptographically validate the enrollment request. The first enrolled device is further configured to generate an encrypted attestation message that indicates that the unenrolled device has been authenticated. The unenrolled device can receive and decrypt the encrypted attestation message based on a passcode being displayed on the first enrolled device. The device management system receives a decrypted attestation message from the unenrolled device and updates the signature chain to include a new sequential record for the unenrolled device.

Abstract: One example method includes receiving identification information associated with a new user device, the new user device associated with the user; accessing a signature chain associated with the user, the signature chain comprising one or more sequential records; associating user personal information with the new user device; generating a cryptographic signature based on cryptographic keys associated with the new user device; generating an obfuscated representation of the user personal information; generating a record comprising the identification information, the user personal information, the cryptographic signature, and the obfuscated representation of the user personal information; generating a cryptographic identifier based on the identification information, the cryptographic signature, the obfuscated representation of the user personal information, and a latest of the one or more sequential records; inserting the cryptographic identifier into the record; appending the record to the signature chain as a s

Abstract: One disclosed example method includes a leader client device associated with a leader participant generating a meeting key for a video meeting joined by multiple participants. For each participant, the leader client device obtains a long-term public key and a cryptographic signature associated with the participant. The leader client device verifies the cryptographic signature of the participant based on the long-term public key and the cryptographic signature. If the verification is successful, the leader client device encrypts the meeting key for the participant using a short-term private key generated by the leader client device, a short-term public key of the participant, a meeting identifier, and a user identifier identifying the participant. The leader client device further publishes the encrypted meeting key for the participant on the meeting system. The leader client device encrypts and decrypts meeting data communicated with other participants based on the meeting key.

Abstract: One disclosed example involves a client device joining a videoconferencing meeting in which there is end-to-end encryption, where the end-to-end encryption is implemented by the client devices participating in the meting using a meeting key provided by the meeting host. Thereafter, the client device receives a public key of an asymmetric key pair corresponding to the host of the meeting, where the public key is different from the meeting key. The client device then generates a security code based on the public key and output the security code on a display device. The security code can be compared to another security code generated by another client device participating in the meeting to verify if the meeting is secure. The client device may also receive encrypted videoconferencing data, decrypt it using the meeting key, and output the decrypted videoconferencing data on the display device.

Abstract: One disclosed example method includes a leader client device associated with a leader participant generating a meeting key for a video meeting joined by multiple participants. For each participant, the leader client device obtains a long-term public key and a cryptographic signature associated with the participant. The leader client device verifies the cryptographic signature of the participant based on the long-term public key and the cryptographic signature. If the verification is successful, the leader client device encrypts the meeting key for the participant using a short-term private key generated by the leader client device, a short-term public key of the participant, a meeting identifier, and a user identifier identifying the participant. The leader client device further publishes the encrypted meeting key for the participant on the meeting system. The leader client device encrypts and decrypts meeting data communicated with other participants based on the meeting key.

Abstract: One example method includes a device management system detecting an attempt to access a user account by an unenrolled device. The device management system identifies a first enrolled device of the user account by accessing a signature chain of the user account. The device management system facilitates a transmission of a cryptographically-signed enrollment request from the unenrolled device to the first enrolled device. The first enrolled device is configured to cryptographically validate the enrollment request. The first enrolled device is further configured to generate an encrypted attestation message that indicates that the unenrolled device has been authenticated. The unenrolled device can receive and decrypt the encrypted attestation message based on a passcode being displayed on the first enrolled device. The device management system receives a decrypted attestation message from the unenrolled device and updates the signature chain to include a new sequential record for the unenrolled device.