What is End-to-End Encryption?|
Sensitive data that travels over a network are securely encrypted from the point of data entry to the point where the data is processed. Sensitive data may be user name, password, credit card number, etc. The network can be the Internet, wireless, WAN and local LAN. Data are normally entered via the browser or a client application and the data will need to reach the application server to be processed or stored in the database.
So, doesn't HTTPS performs data encryption from one point to another? Well, in most cases, only partially. In a multi-tier architecture, it is usually the dedicated Web Server that is handling the HTTPS. The link from the Web Server to the Application server or the Database server is most likely in the clear. If the Web Server is compromised, a simple net-sniffing will reveal all the data that is posted.
Thus, the purpose of this End-to-End encryption module is to perform the data encryption at the browser (via an applet) and decrypts the data at the application server or the database server.
Why use End-to-End Encryption?
The objective of developing this program is to cover the gap that HTTPS left out as explained above. However, to make it even more viable, the program has to be very very light weight. The size of the applet is very small - less than 12k byte and the CPU loading is also expected to be less than SSL.
Advantages of using this End-to-End Encryption module: