Digital security bubble

What is claimed is: 1. A system, comprising: a processor configured to: receive an encrypted encapsulation from a sender, wherein the encrypted encapsulation includes an encrypted message, an encrypted first key, and a device identifier associated with an intended recipient wherein the processor is further configured to receive notification of the encrypted encapsulation from a security platform and download the encrypted encapsulation from the security platform in response to receiving the notification; decrypt the encrypted encapsulation; compare the received device identifier with a local device identifier; decrypt the encrypted first key in response to a determination that the received device identifier matches the local device identifier; decrypt the encrypted message using the first key to produce a decrypted message; and provide the decrypted message to a recipient; a memory coupled to the processor and configured to provide the processor with instructions. 2. The system of claim 1 wherein the device identifier is based at least in part on at least one hardware identifier. 3. They system of claim 1 , wherein the first key is a symmetric key. 4. The system of claim 1 , wherein the encrypted encapsulation includes a plurality of encrypted first keys. 5. The system of claim 4 , wherein each of the plurality of encrypted first keys is encrypted with a second key associated with an intended recipient. 6. The system of claim 1 , wherein the processor is further configured to decrypt the encrypted first key using a second key. 7. The system of claim 6 , wherein the second key is a private key of the recipient. 8. The system of claim 1 , wherein the encrypted encapsulation includes at least one message control option. 9. The system of claim 8 , wherein the at least one message control option includes a lifetime of the message. 10. The system of claim 9 , wherein the processor is further configured to delete the decrypted message after an expiration of the lifetime. 11. The system of claim 1 , wherein the at least one message control option is selected from the group consisting of: sharing, saving, forwarding, recalling, and deleting. 12. A method, comprising: receiving an encrypted encapsulation from a sender, wherein the encrypted encapsulation includes an encrypted message, an encrypted first key, and a device identifier associated with an intended recipient wherein the processor is further configured to receive notification of the encrypted encapsulation from a security platform and download the encrypted encapsulation from the security platform in response to receiving the notification; decrypting the encrypted encapsulation; comparing the received device identifier with a local device identifier; decrypting the encrypted first key in response to a determination that the received device identifier matches the local device identifier; decrypting the encrypted message using the first key to produce a decrypted message; and providing the decrypted message to a recipient. 13. The method of claim 12 wherein the device identifier is based at least in part on at least one hardware identifier. 14. The method of claim 12 , wherein the first key is a symmetric key. 15. The method of claim 12 , wherein the encrypted encapsulation includes a plurality of encrypted first keys, wherein each of the plurality of encrypted first keys is encrypted with a second key associated with an intended recipient. 16. The method of claim 12 , further comprising: decrypting the encrypted first key using a second key, wherein the second key is a private key of the recipient. 17. The method of claim 12 , wherein the encapsulation includes at least one message control option selected from the group consisting of message lifetime, sharing, saving, forwarding, recalling, and deleting. 18. The method of claim 17 , further comprising: deleting the decrypted message after an expiration of the lifetime option. 19. A computer program product embodied in a tangible computer readable storage medium and comprising computer instructions for: receiving an encrypted encapsulation from a sender, wherein the encrypted encapsulation includes an encrypted message, an encrypted first key, and a device identifier associated with an intended recipient wherein the processor is further configured to receive notification of the encrypted encapsulation from a security platform and download the encrypted encapsulation from the security platform in response to receiving the notification; decrypting the encrypted encapsulation; comparing the received device identifier with a local device identifier; decrypting the encrypted first key in response to a determination that the received device identifier matches the local device identifier; decrypting the encrypted message using the first key to produce a decrypted message; and providing the decrypted message to a recipient. 20. The computer program product of claim 19 , further comprising computer instructions for: deleting the decrypted message after an expiration of a lifetime option included in encapsulation.