End-To-End Encryption (E2EE), or non-certified Point-To-Point Encryption, ensures that data travelling over a network or the internet is securely encrypted from the point of data entry to the point of destination. The originating party encrypts the data, and the receiving party decrypts it. The purpose of end-to-end encryption is to prevent intruders from accessing the data in a usable state.
Figure 1. End-To-Encryption extended to include application and database servers.
Common network sniffers include:
If an intruder is able to monitor the connection at an end-point during the encryption key exchange, even HTTPS is compromised
Data At Rest Limitation
Context: MobileTrust, GuardedID.
In mobile device and desktop environments, keystroke encryption is part of End-To-End Encryption. However, once encrypted keystrokes reaches their destination and becomes data, or 'Data At Rest' in permanent storage, it is decrypted and may be vulnerable regardless of its former encrypted state. Data At Rest encryption software is available; some advanced operating systems and databases have encryption options.
In MobileTrust, Data At Rest is stored in an encrypted back-end database.