SafeNet Tokenization Manager protects sensitive data that enters organizations and facilitates compliance with regulations (such as PCI DSS and HIPAA) by reducing the regulatory scope and costs.
How Tokenization Works
Tokenization is the process of replacing sensitive data (primary account numbers, social security numbers etc.) with a surrogate value, a token. The tokenization process significantly reduces the risks of data exposure and data-blooming, as the sensitive data is stored in a central token vault in an encrypted format.
Every token that is issued, represents a single unique string of sensitive data. Assigning a token to a single original Primary Account Number (PAN) enables merchants to use the same token multiple times, whenever the specific PAN is used in a transaction.
SafeNet Tokenization Manager complies with PCI Tokenization Guidelines (Published August 2011) and VISA Tokenization Best Practices.
SafeNet's Tokenization Manager Highlights:
Format Preserving Tokenization (FPT) uses tokens that preserve the length and format of the sensitive data. FPT ensures that no changes to legacy databases are required in order to support the tokenization process.
Tokenization Manager FPT supports multiple formats of credit card numbers, SSN and other PII data as well as alphanumeric data. It complies with the PCI-DSS guidelines for token / PAN distinguishability (achieved through LUHN algorithm enforcement)
Tokenization Manager is designed to offer scalability and elasticity that enables organizations to cost-effectively implement their solution:
- Clustered deployment ensures high availability and scalability
- Multiple Tokenization Manager Instances(on physical or virtual servers) can share a single Token Vault, avoiding token collisions
- Elasticity is achieved by deploying a variable number of Instances/Hardware Servers depending on the transaction volume
- Targeted to enterprises and service providers
- Suitable for merchants to support “Peak Traffic Days” in a cost-effective way
In order to ensure a more secure solution, all Tokenization Manager crypto operations are done within SafeNet KeySecure, a robust key-manager and crypto off-load appliance.
Tokenization Manager in conjunction with KeySecure and Crypto Pack provides:
- Secure key-vault
- Trusted execution environment for all cryptographic operations
- Single interface for logging, auditing, and reporting access to protected data, keys, and tokens
- Support for key-rotation functionality for Token Vault encryption keys
- Support for single and multi-use tokens
- Compliance with NIST 800-57 Key-management guidelines and with PCI-DSS key-management requirements
SafeNet Tokenization Manager enables financial service providers and payment acquirers to expand their offering and create a new revenue stream by offering Tokenization as a Service to their customers.
Deploying Tokenization Manager and DataSecure at their premises, service providers are able to offer customers a full set of encryption and tokenization services, taking customers’ entire organization out of regulatory scope, eliminating all PCI-DSS auditing costs.
- Safenet’s Tokenization Manager solution fully complies with PCI-DSS requirements
- API Web Services allow easy integration and clear segmentation from CDE to non-CDE
- Elastic deployment and business model that best fits a Service environment and pricing
- Support of different Token Vaults for different merchants
Format Preserving Tokenization
Supported Tokens Vault Databases
Note: All tokenization forms are supported on all databases as long as the vault itself is on Microsoft SQL Server or Oracle
Enhanced Event Logging and Monitoring Functionality
The Tokenization Manager support of Format Preserving Tokenization ensures that no changes to legacy databases are required in order to support tokenization.
Tokenization Manager offers deployment elasticity and scalability, enabling organizations to get the most cost-effective implementation.
All cryptographic operations are done within SafeNet KeySecure, a robust key-manager and crypto off-load appliance, which results in a secure hardware based tokenization solution.
End-to-End Tokenization, reducing regulatory scope to a minimum
Fully compliant with the PCI Tokenization Guidelines and VISA Tokenization Best Practices
Unified policy management console that can be extended to meet other compliance needs like transparent database encryption, storage encryption, file encryption and virtual server encryption.
Tokenization as a Service (TaaS) platform enables Tokenization Service Providers to generate a new revenue stream while taking their customers completely out of regulatory scope