Overview#Tokenization in general is substituting a Sensitive Data element with a non-sensitive equivalent, referred to as a token which has no meaning or value outside of the current Context if the "Tokenized" data is leaked EMVCo Tokenization) is to swap out the original message with by-reference data with no intrinsic value of its own.
From this perspective, this is the same as by-reference.
- using the appropriate key(s)
- brute computing force
- a compromised key
Tokenizations, on the other hand, cannot be decrypted because there is no mathematical relationship between the token and its original message.
De-tokenization is, of course, the reverse process, when the token is swapped for the original message. De-tokenization can typically only be done by the original Tokenization Service. There is no other way to obtain the original message from just the Tokenized Token.
Single use Tokenizations#by-reference Tokens can be single use (a one time debit card transaction) that are not retained, or multi-use (a credit card number of a repeat customer) that is stored in a database for recurring transactions.
- ANSI X9.119 Part 2 - Addresses Tokenization
- EMVCo Tokenization - EMV Payment Tokenisation Specification – Technical Framework