Thanks for the pointer to @rickkas7 's comment where he confirmed that AES/RSA was being used for Photon to Cloud. This answers Q1.
The questioning is regarding the transmission of sensitive data, let’s say it is a name, “Alice”.
“Alice” —> Photon —> AES/RSA (encrypted “Alice”) -----> Particle (decrypted “Alice”)
“Alice” <— MyService <----- SSL (encrypted “Alice”) <----- Particle API’s
There is no “trust” at the Particle end where “Alice” is decrypted. In PCI DSS (Payment Card Industry Data Security Standard) parlance, the data in the Particle cloud needs to be within the “CDE” (Cardholder Data Environment). Note that my application is not for payments per se, just using PCI DSS as an example security model.
Thought! If the Photon is already encrypting the transmission using Public Key Encryption, then one could envisage exposing this functionality to the application layer (but using a different key) to encrypt the data on the device, and for it to only be decrypted by “MyService” because it has the private key.
Do you think this is possible and/or a good idea?