Abstract: This invention provides a method and system for secure messaging on a mobile network, leveraging public/private key encryption. The method includes steps for deploying a trusted application by a mobile carrier on a device with a Trusted Execution Environment (TEE). A wireless Software Development Kit (SDK) on the subscriber device interacts with the trusted application and a wireless original equipment manufacturer (OEM) cloud service for mutual attestation, confirming the identity and trustworthiness of the device. A pair of public and private keys are generated, with the private key secured on the device. Messages are encrypted with the public key at a cloud messaging application, and decrypted with the private key at the device, enabling secure, viewable messages. The system can support secure transmission of one-time-passwords (OTPs) from an enterprise application, as well as encrypted chat functionality for device responses to the enterprise application.

Abstract: This invention is a system and method for verifying a sender of messages on a mobile network. Software on a cloud messaging service generates a public/private key pair. The private key is securely retained in a cloud wallet service and is accessible to a messaging cloud service (the trusted sender). The public key is shared with a subscriber device that receives messages from the messaging cloud service. The cloud messaging service receives an inbound message for the subscriber device from a trusted enterprise application via a secure connection. The cloud messaging service signs a special header to the message with its private key. When the message is received by the subscriber device, the public key resident on the device verifies the message header signed with the public key of the cloud messaging service thereby verifying the sender.

Abstract: This invention is a system and method for verifying a sender of messages on a mobile network. Software on a cloud messaging service generates a public/private key pair. The private key is securely retained in a cloud wallet service and is accessible to a messaging cloud service (the trusted sender). The public key is shared with a subscriber device that receives messages from the messaging cloud service. The cloud messaging service receives an inbound message for the subscriber device from a trusted enterprise application via a secure connection. The cloud messaging service signs a special header to the message with its private key. When the message is received by the subscriber device, the public key resident on the device verifies the message header signed with the public key of the cloud messaging service thereby verifying the sender.

Abstract: This invention is a system and method for verifying a sender of messages on a mobile network. Software on a cloud messaging service generates a public/private key pair. The private key is securely retained in a cloud wallet service and is accessible to a messaging cloud service (the trusted sender). The public key is shared with a subscriber device that receives messages from the messaging cloud service. The cloud messaging service receives an inbound message for the subscriber device from a trusted enterprise application via a secure connection. The cloud messaging service signs a special header to the message with its private key. When the message is received by the subscriber device, the public key resident on the device verifies the message header signed with the public key of the cloud messaging service thereby verifying the sender.

Abstract: This invention pertains to a method for provisioning and implementing two-factor authentication (2FA) for enterprise services. The system securely establishes a trusted identity for a subscriber device using an immutable hardware key and public/private key sets. The device's identity is verified by an Original Equipment Manufacturer (OEM) cloud service. The method includes generating unique transaction nonces for each 2FA request, securing private keys within a Trusted Execution Environment (TEE), and employing a cloud wallet service to store keys. The subscriber device interacts with the system, decrypting and re-encrypting transaction nonces using corresponding keys. This process enables secure transaction from enterprise applications. The system also integrates user consent into the 2FA process, displaying a prompt to approve or deny authentication. This technology enhances security in enterprise services, prioritizing user consent and secure data transfer.