Abstract: Techniques are disclosed relating to improving secure message communication. In various embodiments, a message delivery server receives a request to deliver an encrypted message from a sender to a recipient. The encrypted message obfuscates the identity of the sender such that the message delivery server is unable to determine the identity of the sender. The message delivery server determines whether to deliver the encrypted message based on a signed attestation received with the request and, based on the determining, delivers the encrypted message to the recipient. In some embodiments, the determining includes verifying the signed attestation using a verification key provide by the sender. In some embodiments, the encrypted message is an email, a text message, a push notification, or a video or audio call request.

Abstract: Techniques are disclosed relating to improving key management on devices. In various embodiments, a device receives, from a browser via a key-management API supported by the device, a request for a browser session to receive access to a cryptographic key managed by the device. The key-management API of the device determines whether to grant the browser session access to the cryptographic key based on verification of a signed attestation from a server corresponding to the browser session and using metadata stored about the cryptographic key. Based on the determination, the device provides access to the cryptographic key via the key-management API. In some embodiments, providing access to the cryptographic key includes performing a requested cryptographic operation using the cryptographic key and without providing the cryptographic key to the browser. In some embodiments, the cryptographic key is managed by an operating system, a secure element, or another application of the device.

Abstract: Embodiments of the present disclosure are directed to, among other things, monitoring a user device to determine whether a user associated with the device is safe. In some examples, a user (which may be referred to herein as an “initiator” establishes a device monitoring session (which may be referred to herein as “session”) with a user, or a group of users, so that the user(s) are notified either when the initiator has safely ended the device monitoring session or receives access to session data that was collected during the session. In some configurations, the session can be handed off from a first user device that is currently active to a different user device. Instead of the first user device always being the device that interacts with the server, a different first user device may be selected as the active device to interact with the server.