With Encryption in Transit & at Rest
On user's
device
Unprotected
Encrypted
Visible to user
(expected)
Protected from
eavesdroppers
Still visible to
service provider
Protected from
eavesdroppers
Protected from
data breaches
With Encryption in Transit & at Rest + TEE
On user's
device
Encrypted
Protected by TEE
Visible to user
(expected)
Protected from
eavesdroppers
Not visible to
service provider
Contents of
server attested
Protected from
eavesdroppers
Protected from
data breaches