Abstract: Techniques for preventing leakage of sensitive information through a signature are disclosed. Data is received, and the data is transmitted to a signature and encryption (SE) service, along with an encryption key. Signed and encrypted data is received from the SE service, where the signed and encrypted data is (i) encrypted using the encryption key and (ii) signed by the SE service. A verification is performed to verify that that sensitive information (such as the encryption key) is not leaked through a side channel of a signature of the signed and encrypted data, such as by (i) determining a length of the side channel of the signature, and (ii) verifying that the length of the side channel of the signature does not exceed a threshold length. Responsive to verifying that the sensitive information is not leaked through the side channel of the signature, the signed and encrypted data is transmitted.

Abstract: Techniques for transmitting data within a cloud environment are disclosed. Data is received by a transmission service, which transmits the data to a signature and encryption (SE) service, along with an encryption key. Signed and encrypted data, which is received from the SE service, is (i) encrypted using the encryption key and (ii) signed by the SE service. In an example, the SE service maintains a log of the data. The signed and encrypted data is transmitted to an intermediate zone, to facilitate the intermediate zone to verify a signature of the signed and encrypted data, and allow passage of the signed and encrypted data to a reception service. The transmission and reception services are within a first tenancy and a second tenancy, respectively, of a cloud environment; and the intermediate zone is within one of the first tenancy or a third tenancy of the cloud environment.

Abstract: Techniques for preventing leakage of sensitive information through a signature are disclosed. Data is received, and the data is transmitted to a signature and encryption (SE) service, along with an encryption key. Signed and encrypted data is received from the SE service, where the signed and encrypted data is (i) encrypted using the encryption key and (ii) signed by the SE service. A verification is performed to verify that that sensitive information (such as the encryption key) is not leaked through a side channel of a signature of the signed and encrypted data, such as by (i) determining a length of the side channel of the signature, and (ii) verifying that the length of the side channel of the signature does not exceed a threshold length. Responsive to verifying that the sensitive information is not leaked through the side channel of the signature, the signed and encrypted data is transmitted.

Abstract: A system and method are provided for initiating protected instant messaging conversations. The method includes enabling a shared secret to be sent to a contact to initiate a key exchange to protect messages exchanged in an instant messaging conversation, the shared secret being sent using a communication medium other than instant messaging. After the shared secret has been sent, the method includes displaying a pending protected instant messaging conversation user interface prior to receiving a confirmation associated with receipt of the shared secret by the contact, the pending protected instant messaging conversation user interface comprising an option to resend the shared secret.

Abstract: A system and method are provided for initiating protected instant messaging conversations. The method includes enabling a shared secret to be sent to a contact to initiate a key exchange to protect messages exchanged in an instant messaging conversation, the shared secret being sent using a communication medium other than instant messaging. After the shared secret has been sent, the method includes displaying a pending protected instant messaging conversation user interface prior to receiving a confirmation associated with receipt of the shared secret by the contact, the pending protected instant messaging conversation user interface comprising an option to resend the shared secret.