Abstract: Techniques are disclosed relating to multiway communications. In some embodiments, a first electronic device initiates a multiway call between a plurality of electronic devices and exchanges a first secret with a first set of electronic devices participating during a first portion of the multiway call, the first secret being used to encrypt traffic between the first set of electronic devices. The first electronic device receives an indication that first set of participating electronic devices has changed and, in response to the indication, exchanges a second secret with a second set of electronic devices participating during a second portion of the multiway call, the second secret being used to encrypt traffic between the second set of participating electronic devices. In some embodiments, the indication identifies a second electronic device as leaving the multiway call, and the second secret is not exchanged with the second electronic device.

Abstract: Techniques are disclosed relating to securely authenticating communicating devices. In various embodiments, a computing device receives, via a network connection with a network, a first certificate for a first public key pair of the computing device. The computing device provides the first certificate to an offline accessory device and receives a second certificate for a second public key pair maintained by the offline accessory device. The computing device performs a verification of the second certificate and, responsive to the verification being successful, interacts with the offline accessory device. In some embodiments, prior to providing the first certificate, the computing device determines an ordering in which the first and second certificates are to be exchanged by the first computing device and the offline accessory device, and the first certificate is provided to the offline accessory device in accordance with the determined ordering.

Abstract: Techniques are disclosed relating to resuming a communication session. In some embodiments, a first computing device stores a session resumption token that includes metadata usable to resume a communication session. The first computing device provides a request to resume the communication session with a second computing device and receives, from the second computing device, an output of a verifiable random function (VRF) associated with the request. In response to the request, the first computing device performs a verification of the output and determines, based on the verification, whether to provide the session resumption token to the second computing device.

Abstract: Techniques are disclosed relating to securely authenticating communicating devices. In various embodiments, a computing device receives, via a network connection with a network, a first certificate for a first public key pair of the computing device. The computing device provides the first certificate to an offline accessory device and receives a second certificate for a second public key pair maintained by the offline accessory device. The computing device performs a verification of the second certificate and, responsive to the verification being successful, interacts with the offline accessory device. In some embodiments, prior to providing the first certificate, the computing device determines an ordering in which the first and second certificates are to be exchanged by the first computing device and the offline accessory device, and the first certificate is provided to the offline accessory device in accordance with the determined ordering.

Abstract: Embodiments described herein provided techniques to enable peripherals configured to provide secure functionality. A secure circuit on a peripheral device can be paired with a secure circuit on a host device outside of a factory environment without compromising security by verifying silicon keys that are embedded within the secure circuit during manufacturing.

Abstract: Techniques are disclosed relating to multiway communications. In some embodiments, a first electronic device initiates a multiway call between a plurality of electronic devices and exchanges a first secret with a first set of electronic devices participating during a first portion of the multiway call, the first secret being used to encrypt traffic between the first set of electronic devices. The first electronic device receives an indication that first set of participating electronic devices has changed and, in response to the indication, exchanges a second secret with a second set of electronic devices participating during a second portion of the multiway call, the second secret being used to encrypt traffic between the second set of participating electronic devices. In some embodiments, the indication identifies a second electronic device as leaving the multiway call, and the second secret is not exchanged with the second electronic device.

Abstract: Techniques are disclosed relating to multiway communications. In some embodiments, a first electronic device initiates a multiway call between a plurality of electronic devices and exchanges a first secret with a first set of electronic devices participating during a first portion of the multiway call, the first secret being used to encrypt traffic between the first set of electronic devices. The first electronic device receives an indication that first set of participating electronic devices has changed and, in response to the indication, exchanges a second secret with a second set of electronic devices participating during a second portion of the multiway call, the second secret being used to encrypt traffic between the second set of participating electronic devices. In some embodiments, the indication identifies a second electronic device as leaving the multiway call, and the second secret is not exchanged with the second electronic device.

Abstract: Data items such as files or database records associated with particular applications (such as messaging applications and other applications) can be stored in one or more remote locations, such as a cloud storage system, and synchronized with other devices. The remote storage can be configured such that each application executing on a client device can only view data items stored at the remote location to which the application has permission to access. An access manager on each client device enforces application specific access policies. Storage at the remote location can be secured for each application associated with a user or user account, for example, using isolated containers. The cloud storage of data can be anonymized and anonymous group data can be stored in the cloud storage.

Abstract: Techniques are disclosed relating to multiway communications. In some embodiments, a first electronic device initiates a multiway call between a plurality of electronic devices and exchanges a first secret with a first set of electronic devices participating during a first portion of the multiway call, the first secret being used to encrypt traffic between the first set of electronic devices. The first electronic device receives an indication that first set of participating electronic devices has changed and, in response to the indication, exchanges a second secret with a second set of electronic devices participating during a second portion of the multiway call, the second secret being used to encrypt traffic between the second set of participating electronic devices. In some embodiments, the indication identifies a second electronic device as leaving the multiway call, and the second secret is not exchanged with the second electronic device.