Abstract: At least one non-transitory computer readable medium, that at least one non-transitory computer readable medium stores instructions for (a) generating master keys by a keys security entity (KSE) that is established within a KSE; (b) generating one-time connection session keys, by the KSE, based on the master keys; (c) outputting, by the KSE, the one-time connection session keys to a Connection Security Entity (CSE) enclave in which a CSE is established, over a secure communication link; and (d) preventing access, by the KSE, to the master keys.

Abstract: A mobile wallet for storing a digital asset, the mobile wallet may include a communication unit; a programmable logic device (PLD), a main controller, a secure element, and an anti-tamper unit that comprises one or more anti-tamper sensors. The secure element may be configured to store the digital asset. The communication unit may be configured to receive ingress traffic from outside the mobile wallet and to output egress traffic not blocked by the PLD. The PLD may be configured to monitor ingress traffic and egress traffic, and to determine whether to pass or block ingress messages of the ingress traffic and egress messages of the egress traffic. At least one of the main controller and the anti-tamper unit may be configured to detect a tamper attempt based on outputs of the one or more anti-tamper sensors. The main controller may be configured to assist in responding to a detected tamper attempt.