Abstract: Systems, methods, and software can be used to encrypt and decrypt data. In some aspects, a first primary secret key based on a primary ephemeral key pair and a primary master public key is generated by a primary data service application on an electronic device. A first primary ciphertext is generated by encrypting a first portion of the data using the first primary secret key. A second primary secret key is generated based on the first primary secret key. The first primary secret key is deleted. The first primary ciphertext is sent from the primary data service application to a secondary data service application. A first encrypted text is received from the secondary data service application. The first encrypted text is generated by encrypting the first primary ciphertext.

Abstract: Systems, methods, and software can be used to encrypt and decrypt data. In some aspects, a first primary secret key based on a primary ephemeral key pair and a primary master public key is generated by a primary data service application on an electronic device. A first primary ciphertext is generated by encrypting a first portion of the data using the first primary secret key. A second primary secret key is generated based on the first primary secret key. The first primary secret key is deleted. The first primary ciphertext is sent from the primary data service application to a secondary data service application. A first encrypted text is received from the secondary data service application. The first encrypted text is generated by encrypting the first primary ciphertext.

Abstract: A method and apparatus for controlling access to encrypted data is provided. The device comprises: a processor and a memory, the processor configured to: control access to encrypted data, stored at the memory, the encrypted data categorized according to a plurality of categories, using a respective encryption key for each category in the plurality of categories; and, control access to a given encryption key according to given criteria associated with a given category, respective criteria different for each respective category, access to the given encryption key including one or more of, when the respective criteria are met: generating the given encryption key and decrypting the given encryption key.

Abstract: A method and apparatus for controlling access to encrypted data is provided. The device comprises: a processor and a memory, the processor configured to: control access to encrypted data, stored at the memory, the encrypted data categorized according to a plurality of categories, using a respective encryption key for each category in the plurality of categories; and, control access to a given encryption key according to given criteria associated with a given category, respective criteria different for each respective category, access to the given encryption key including one or more of, when the respective criteria are met: generating the given encryption key and decrypting the given encryption key.

Abstract: A system and method for handling e-mail address mismatches between the address contained within a user's certificate or certificate chain, and the account address actually being used is disclosed. In order to resolve address mismatches a canonical or generic domain name or user name may, for example, be used as a lifelong address of a user that is contained in the user's certificate. Upon detection of an address mismatch, the system and method disclosed herein may automatically re-check the certificate or search for a certificate containing the canonical or generic domain name and/or user name to attempt to resolve the mismatch.

Abstract: A system and method for handling e-mail address mismatches between the address contained within a user's certificate or certificate chain, and the account address actually being used is disclosed. In order to resolve address mismatches a canonical or generic domain name or user name may, for example, be used as a lifelong address of a user that is contained in the user's certificate. Upon detection of an address mismatch, the system and method disclosed herein may automatically re-check the certificate or search for a certificate containing the canonical or generic domain name and/or user name to attempt to resolve the mismatch.

Abstract: A system and method for handling e-mail address mismatches between the address contained within a user's certificate or certificate chain, and the account address actually being used is disclosed. In order to resolve address mismatches a canonical or generic domain name or user name may, for example, be used as a lifelong address of a user that is contained in the user's certificate. Upon detection of an address mismatch, the system and method disclosed herein may automatically re-check the certificate or search for a certificate containing the canonical or generic domain name and/or user name to attempt to resolve the mismatch.

Abstract: A system and method for handling e-mail address mismatches between the address contained within a user's certificate or certificate chain, and the account address actually being used is disclosed. In order to resolve address mismatches a canonical or generic domain name or user name may, for example, be used as a lifelong address of a user that is contained in the user's certificate. Upon detection of an address mismatch, the system and method disclosed herein may automatically re-check the certificate or search for a certificate containing the canonical or generic domain name and/or user name to attempt to resolve the mismatch. This mismatch resolution is preferably transparent to the user and occurs automatically. The canonical or generic domain and/or user names that are available to the device may be typically controlled by IT policy that is in place on the system for the device.

Abstract: A method and apparatus for controlling access to encrypted data is provided. The device comprises: a processor and a memory, the processor configured to: control access to encrypted data, stored at the memory, the encrypted data categorized according to a plurality of categories, using a respective encryption key for each category in the plurality of categories; and, control access to a given encryption key according to given criteria associated with a given category, respective criteria different for each respective category, access to the given encryption key including one or more of, when the respective criteria are met, generating the given encryption key and decrypting the given encryption key.