Is there a difference between and End to End Encryption solution vs a Peer to Peer Encryption solution?

Just a quick question.  My company is currently reviewing solutions for us to accept credit cards and be PCI (credit cards) compliance.  From what I've read I think our best approach is going to be going with a validate P2PE solution.  One of the providers we are looking into describes their solution as an End2End encryption service and reduces our scope for PCI the same as P2PE.  They are very careful as to not state it's P2PE.  I'm just wondering what the difference is, if any.  Thanks for your help.
GoNatsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

asavenerCommented:
Well, terminology is a tricky business.  If they're being pedantic about it, then you need to ask them why, and what differentiates their solution from a P2PE solution.  I'd hold their feet to the fire about it, since PCI compliance is such a pain in the neck.

It could be functionally identical, but just not be a validated P2PE solution.  If you require a validated solution, that could be an issue.
0
GoNatsAuthor Commented:
Thanks Asavner.  I have asked them and waiting to hear back.  PCI compliance is a pain, but from what i've been reading and although it's not cheap, a validated P2PE solution makes compliance life much more bearable and achievable.  Our solution needs to be validated.
0
Dave HoweSoftware and Hardware EngineerCommented:
Classically, an end to end solution encrypts the message, a peer to peer solution encrypts the transmission channel.

if there are only two actors in the system, there really isn't a distinction. If there are more than two actors though, it gets interesting.

To give an example, lets look at email.

An end-to-end solution is PEM (s/mime) or pgp - you encrypt the message, you send the message, the recipient receives the message, the recipient decrypts the message.

A peer to peer solution would be TLS.
You send your mail unencrypted... BUT the transmission from you to your ISPs mailserver is TLS (and hence, encrypted by the same mechanism HTTPS websites use)
Your ISP sends the mail on to THEIR ISP, and *might* use TLS, if it is offered, but probably won't insist on it.
The recipient may receive from the ISP via SMTP, or pull via IMAP or POP3. That may in fact be TLS also (hence, SMTPS, IMAPS, POP3S) or may not be.

In this case, there are 3 hops the mail goes though, and at each step past the first, you are reliant on a third party securing the channel (and the recipient is reliant on third parties securing each step prior to the last)

Does that make sense?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
GoNatsAuthor Commented:
It does  Thanks Dave!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.