Providing low risk exceptional access with verification of device possession

A method for providing access to a communication includes generating a timed key table in device nonvolatile memory, storing archival copies of the timed key table within enterprise environments, encrypting a master secret with the currently applicable key of the timed key table, generating an encrypted timed key table by encrypting the timed key table with a public key, sending data on an encrypted session from a communication device to a server over a network, sending the encrypted master secret and encrypted timed key table from the communication device over the network, decrypting the encrypted timed key table with a private key, decrypting the encrypted master secret sent from the communication device using at least a subset of an unencrypted timed key table to obtain the master secret, and decrypting the encrypted data sent from the communication device using the unencrypted master secret. The timed key table includes information that identifies a locked communication device such that the information, which includes one or more of an IMEI, a WiFi MAC address, and a BT MAC address, is used to verify physical possession of the locked communication device.