Abstract: Determining whether to allow access to a message is disclosed. A message is received from a sender. The message is associated with a first time-to-live (TTL) value. A determination is made that the first time-to-live value has not been exceeded. The determination is made at least in part by obtaining an external master clock time. In response to the determination, access is allowed to the message.

Abstract: Screen capture mitigation is disclosed. A first finger of a user is detected in a first designated region of a display. Content is displayed when the first finger is detected in the first designated region of the display. Periodically, a determination is made whether the first finger is detected in the first designated region of the display. The content is ceased to be displayed in response to a determination that the first finger is outside the first designated region of the display.

Abstract: Determining whether to allow access to a message is disclosed. A message is received from a sender. The message is associated with a first time-to-live (TTL) value. A determination is made that the first time-to-live value has not been exceeded. The determination is made at least in part by obtaining an external master clock time. In response to the determination, access is allowed to the message.

Abstract: Digital data sanitization is disclosed. An indication that a data sanitization process should be performed is received. The data sanitization process is performed. Performing the data sanitization process includes determining an amount of free space on a storage device. Performing the data sanitization process further includes performing a set of one or more write operations, where performing the write operations decreases the amount of free space on the storage of the device.

Abstract: Determining whether a message should be allowed to be sent is determined. A request to send a message to a recipient is received from a sender's client device. A determination is made at a server as to whether the sender is allowed to send the message to the recipient, based on a privacy list. A response to the sender is sent, based on the determination.

Abstract: A variety of techniques for performing identity verification are disclosed. As one example, a verification request is received from a remote user. The verification request pertains to a cryptographic key. In response to receiving a confirmation from a local user of the local device, a verification process is initiated. A result of the verification process is transmitted to the remote user. As a second example, a verification request can be received at the local device, from a local user of the device. A verification process with respect to the local user is initiated, and a result of the verification process is transmitted to a remote user that is different from the local user.

Abstract: Determining whether to allow access to a message is disclosed. A message is received from a sender. The message is associated with a first time-to-live (TTL) value. A determination is made that the first time-to-live value has not been exceeded. The determination is made at least in part by obtaining an external master clock time. In response to the determination, access is allowed to the message.

Abstract: A digital security bubble encapsulation is disclosed. A public key and a device identifier of at least one recipient is requested from a first server. A message containing one or more components is encrypted using a symmetric key. The symmetric key is encrypted with a public key received in response to the request. The encrypted message, the encrypted symmetric key, and the device identifier are encapsulated in a digital security bubble encapsulation. The digital security bubble encapsulation is transmitted to a second server.

Abstract: A variety of techniques for performing identity verification are disclosed. As one example, a verification request is received from a remote user. The verification request pertains to a cryptographic key. In response to receiving a confirmation from a local user of the local device, a verification process is initiated. A result of the verification process is transmitted to the remote user. As a second example, a verification request can be received at the local device, from a local user of the device. A verification process with respect to the local user is initiated, and a result of the verification process is transmitted to a remote user that is different from the local user.

Abstract: A message having at least one intended recipient is encrypted using a first key. The first key is encrypted with a second key associated with the recipient. At least two of the encrypted message, the encrypted first key, and an identifier associated with the at least one recipient are encapsulated in a secure communication protocol encapsulation. The secure communication protocol encapsulation is transmitted to a server.

Abstract: A secure messaging platform for an enterprise environment is disclosed. The secure messaging platform enables users to exchange encrypted communications. Further, the secure messaging platform allows enterprise platforms to review the encrypted communications to ensure that they comply with company policies. Messages that comply with company policies may be provided to their intended recipients, while messages that fail to comply with company policies are not provided to their intended recipients. Additionally, the encrypted communications may be retained for a predetermined time.

Abstract: Digital data sanitization is disclosed. An indication that a data sanitization process should be performed is received. The data sanitization process is performed. Performing the data sanitization process includes determining an amount of free space on a storage device. Performing the data sanitization process further includes performing a set of one or more write operations, where performing the write operations decreases the amount of free space on the storage of the device.

Abstract: A public/private key pair is generated on a client device for an application. A device identifier for the client device is generated. An application identifier for the application is generated on the client device. At least one of the public key, the device identifier, and the application identifier are transmitted to a server.

Abstract: A variety of techniques for performing identity verification are disclosed. As one example, a verification request is received from a remote user. The verification request pertains to a cryptographic key. In response to receiving a confirmation from a local user of the local device, a verification process is initiated. A result of the verification process is transmitted to the remote user. As a second example, a verification request can be received at the local device, from a local user of the device. A verification process with respect to the local user is initiated, and a result of the verification process is transmitted to a remote user that is different from the local user.

Abstract: A pool of public keys, having a pool size, is received from a first device. The pool size reflects a target number of keys to be included in the pool. One of the received public keys included in the pool of keys is designated as a reserve key. A public key is selected from the pool of received public keys for use in conjunction with encrypting a communication to the first device. The selecting includes preferentially selecting a public key that is not designated as a reserve key, if at least one such key is present in the pool in addition to the reserve key. The size of the pool can be dynamically adjusted.

Abstract: A digital security bubble encapsulation is received from a sender. The encrypted digital security bubble encapsulation includes an encrypted message, an encrypted first key, and an identifier associated with an intended recipient. The encrypted digital security bubble encapsulation is decrypted. The received identifier and a device identifier are compared. The encrypted first key is decrypted in response to a determination that the identifier received in the digital security bubble encapsulation matches the device identifier. The encrypted message is decrypted using the first key.

Abstract: Multi-party messaging is disclosed. A plurality of public keys is requested by a first device from a server, wherein the plurality of public keys is associated with a plurality of recipients. A message containing one or more components is encrypted using a symmetric key. The symmetric key is encrypted, using each of the respective public keys, resulting in a plurality of encrypted symmetric keys. The encrypted message and the encrypted symmetric keys are encapsulated in an encapsulation. The encapsulation is transmitted to the server.

Abstract: A digital security bubble encapsulation is disclosed. A first key and a device identifier of at least one recipient is requested from a first server. A message containing one or more components is encrypted using a second key. The second key is encrypted using the first key. The encrypted message, the encrypted second key, and the device identifier are encapsulated in a digital security bubble encapsulation. The digital security bubble encapsulation is transmitted to a second server.

Abstract: A variety of techniques for performing identity verification are disclosed. As one example, a verification request is received from a remote user. The verification request pertains to a cryptographic key. In response to receiving a confirmation from a local user of the local device, a verification process is initiated. A result of the verification process is transmitted to the remote user. As a second example, a verification request can be received at the local device, from a local user of the device. A verification process with respect to the local user is initiated, and a result of the verification process is transmitted to a remote user that is different from the local user.

Abstract: Techniques for determining whether to allow access to a calendar invite and a meeting are disclosed. In this regard, a calendar invite and meeting message are received from a sender. A first time-to-live (TTL) value and a second TTL value associated with the calendar invite and meeting, respectively, are determined. A determination is made that the first and second TTL values have not been exceeded and, if they have not, allowing access to the calendar invite and the meeting. However, when the TTL values have been exceeded, denying access to the calendar invite and the meeting.