Abstract: A method and system of enforcing a computer policy uses a central server to manage user profiles, policies and encryption keys. The server securely supplies the keys to client devices only after checking that the policy has been complied with. The checks include both the identity of the user and the machine identity of the client device. The keys are held in a secure environment of the client device, for example in a Trusted Platform Module (TPM), and remain inaccessible at all times to the end user. Theft or loss of a portable client device does not result in any encrypted data being compromised since the keys needed to decrypt that data are not extractable from the secure environment.

Abstract: A system is described for communicating with a mobile device. The mobile device exchanges an electronic message with a messaging server, where the message is encrypted with a messaging key. The mobile device encrypts a copy of the message with a monitoring key different from the messaging key, and sends the encrypted copy to a monitoring server remote from the messaging server. The mobile device communicates with the messaging server via a network router. The network router is configured to block transmission of an encrypted electronic message between the mobile device and the messaging server when an access condition is not met.

Abstract: A system is described for communicating with a mobile device. The mobile device exchanges an electronic message with a messaging server, where the message is encrypted with a messaging key. The mobile device encrypts a copy of the message with a monitoring key different from the messaging key, and sends the encrypted copy to a monitoring server remote from the messaging server. The mobile device communicates with the messaging server via a network router. The network router is configured to block transmission of an encrypted electronic message between the mobile device and the messaging server when an access condition is not met.

Abstract: A mobile device (2) exchanges an electronic message with a messaging server (4), where the message is encrypted with a messaging key. The mobile device encrypts a copy of the message with a monitoring key (9) different from the messaging key, and sends the encrypted copy to a monitoring server (5) remote from the messaging server (4).

Abstract: A method and system of enforcing a computer policy uses a central server to manage user profiles, policies and encryption keys. The server securely supplies the keys to client devices only after checking that the policy has been complied with. The checks include both the identity of the user and the machine identity of the client device. The keys are held in a secure environment of the client device, for example in a Trusted Platform Module (TPM), and remain inaccessible at all times to the end user. Theft or loss of a portable client device does not result in any encrypted data being compromised since the keys needed to decrypt that data are not extractable from the secure environment.