Overview#Tokenization in general is substituting a Sensitive Data element with a non-sensitive equivalent, referred to as a token which has no meaning or value outside of the current Context if the "Tokenized" data is leaked
Tokenization is used to generate an Opaque tokenEMVCo Tokenization) is to swap out the original message with by-reference data with no intrinsic value of its own.
From this perspective, this is the same as by-reference.
De-tokenization is, of course, the reverse process, when the token is swapped for the original message. De-tokenization can typically only be done by the original Tokenization Service or Token Service Provider. There is no other way to obtain the original message from just the Tokenized Token.
Single use Tokenizations#by-reference Tokens can be single use (a one time Debit Card transaction) that are not retained, or multi-use (a Payment Card number of a repeat customer) that is stored in a database for recurring transactions.
- ANSI X9.119 Part 2 - Addresses Tokenization
- EMVCo Tokenization - EMV Payment Tokenisation Specification – Technical Framework
More Information#There might be more information for this subject on one of the following:
- Cloud Access Security Broker
- EMVCo Tokenization
- Opaque token
- Tokenization Service