The End-to-Display Encryption (E2DE) is illustrated in figure [A1]. Confidential data are stored within a trusted and highly secured environment (1); e.g. in the companies server farm. For each data access a graphics stream is generated (2) and the outgoing graphcis leave the trusted environment only encrypted (3). The client receives this encrypted stream (4), renders it for displaying it on the screen and sends it to bollwrks invented E2DE receiver (5). The key needed for the decryption is either installed in the E2DE receiver or can be made available through a smartcard (6). The decrypted graphics stream is then sent to the screen (7). If no E2DE receiver is present or the key is incorrect, only the encrypted data are displayed. This way no attacking malware may grep the data from the data processing pc nor a malicious employee may steal the data.
Currently bollwrk is using open and standardized encryption techniques, AES (128-bit key size) in combination with RSA (4096-bit key size) similar to the technique used in the well-known PGP/GPG encryption scheme.