Overview#
Tokenization in general is substituting a Sensitive Data element with a non-sensitive equivalent, referred to as a token which has no meaning or value outside of the current Context if the "Tokenized" data is leakedTokenization is used to generate an Opaque token!! EMVCo Tokenization The purpose of Tokenization (According to EMVCo Tokenization) is to swap out the original message with by-reference data with no intrinsic value of its own.From this perspective, this is the same as by-reference.
Tokenization differs from encryption and Hash Functions where the message is changed, but the original message is still within the Ciphertext. The Ciphertext, of course, can be decrypted from:
- using the appropriate key(s)
- Brute-Force Attacks
- a Compromised Certificate or key
Tokenizations, on the other hand, cannot be decrypted because there is no mathematical relationship between the Opaque token and its original message.
De-tokenization is, of course, the reverse process, when the token is swapped for the original message. De-tokenization can typically only be done by the original Tokenization Service or Token Service Provider. There is no other way to obtain the original message from just the Tokenized Token.
Single use Tokenizations#
by-reference Tokens can be single use (a one time Debit Card transaction) that are not retained, or multi-use (a Payment Card number of a repeat customer) that is stored in a database for recurring transactions.Tokenization Standards[2]#
- ANSI X9.119 Part 2
- Addresses Tokenization
- EMVCo Tokenization - EMV Payment Tokenisation Specification – Technical Framework
More Information#
There might be more information for this subject on one of the following:- Cloud Access Security Broker
- De-tokenization
- EMVCo Tokenization
- Opaque token
- Token
- Tokenization Service
- [#1] - WHAT IS TOKENIZATION? - based on information obtained 2015-10-04
- [#2] - Tokenization - based on information obtained 2015-10-04