Tokenization Solution

Efficiently Reduce PCI DSS Compliance Scope

Tokenization can remove card holder data from the PCI DSS scope with minimal cost and effort, enabling organizations to save on costs associated with PCI DSS compliance.

Conveniently Protect Personally Identifiable Information

Modern IT architectures require both use and protection of personally identifiable information (PII) and sensitive data. With CipherTrust Tokenization, software developers access tokenized data representing sensitive data that is protected by an easy-to-use, cloud-friendly and highly secure solution.

Encourage Innovation Without Introducing Risk

Tokenize data and maintain control and compliance when moving data to the cloud or big data environments. Cloud providers have no access to token vaults or any of the associated keys.

Architect for Your Requirements: Vaultless or Vaulted

Both Vaultless and Vaulted tokenization solutions leverage CipherTrust Manager as a secure encryption key source that offers a FIPS 140-2 Level 3 HSM as a Root of Trust.

Tokenization Choices

CipherTrust RESTful Data Protection (CRDP) is a Vaultless Tokenization solution that includes both Dynamic and Static Data Masking and centrally-manages your tokenization from the CipherTrust Manager GUI. CRDP enables data protection (tokenization or encryption) with a single line of code per field. CRDP can be scaled up to provide high availability and performance.

CRDP uses a REST API to protect sensitive data with format-preserving tokenization.

• Dynamic Data Masking is a version of data redaction that applies a mask, based on the user or group, to hide a portion of sensitive data. Administrators establish policies, based on user or group, to dynamically mask parts of a field. For example, a security team could establish policies allowing a customer service representative to receive a credit card number with only the last four digits in the clear, while a customer service supervisor could be authorized to receive the full credit card number in the clear.
• Static Data Masking is a version of data redaction that applies a static mask to a portion of the sensitive data to exclude it from being tokenized. For example, if most people accessing a database are customer service representatives, and they only need to see the last four digits of a credit card number to verify an account, static data masking offers a significant performance improvement over dynamic data masking by eliminating the need to detokenize the data for every single data access all day long.
• Multi-tenancy is available through CipherTrust Manager.
• Centrally managed protection policies and access policies enable the Data Security Admin to create and maintain policies to protect each type of data with the relevant cipher, parameters and key and restrict who can access the data in the clear.

CipherTrust Vaultless Tokenization (CT-VL) is a Vaultless Tokenization solution that includes Dynamic Data Masking and manages your tokenization with a REST API or the CT-VL GUI. CT-VL enables data protection (tokenization or encryption) with a single line of code per field.

CT-VL uses a REST API to protect sensitive data with format-preserving tokenization. CT-VL can be clustered to provide high availability and performance.

• Dynamic Data Masking is a version of data redaction that modifies the mask based on the user or group. Administrators establish policies, based on user or group, to dynamically mask parts of a field. For example, a security team could establish policies allowing a customer service representative to receive a credit card number with only the last four digits in the clear, while a customer service supervisor could be authorized to receive the full credit card number in the clear.
• Multi-tenancy is provided with CT-VL tokenization groups, which ensures that data tokenized by one group cannot be detokenized by another group. CT-VL centrally manages all tokenization groups.
• Centralized Tokenization Templates allow you to describe how you want data protected within your CT-VL cluster.

CipherTrust Vaulted Tokenization (CT-V) is a vaulted tokenization solution that offers non-mathematically reversible format-preserving tokenization with a wide range of existing formats and the ability to define custom tokenization formats. Data tokenization can be compiled directly into your Java application or offered as a RESTful web service. A full range of predefined tokenization formats are provided with the distribution and additional formats can be created.