enhanceD data security through rixon cloud-native vaultless tokenization

RIXON Technology Cloud-Native Vaultless Tokenization

The Rixon Technology cloud-native tokenization platform is a U.S. Patented solution that replaces sensitive data with non-exploitable data through tokenization.


The Rixon Technology tokenization process replaces sensitive data with a surrogate, non-sensitive equivalent. Instead of replacing the entire data value, Rixon’s tokenization engine breaks a given value down into smaller chunks, and replaces each piece many times using smaller lookup tables. Each time a chunk of data is replaced, the engine’s algorithm mutates and generates a new solution pattern to return the next piece of data.


This replacement process is then repeated several hundreds of thousands of times to enhance the data abstraction process. The resulting tokens are extremely difficult to reverse in the absence of the tokenization system.  Given the extensive combination of the cryptographic values, unique keys, unique process, and using a unique series of lookup tables for every value that the engine processes, there is no pattern for a bad actor to discern in trying to detokenize the data themself. Additionally, using the method, Rixon’s solution does not suffer from performance, security, or scalability limitations like solutions maintaining a database of sensitive values as in a vault. We guarantee 99.9999999% durability of data sent to the tokenization engine.


The tokenization engine can be configured to generate reversible, temporarily reversible, or non-reversible tokens. Each ‘Token Definition’ can be configured to tokenize all or part of a value, preserve the original data value’s format, as well as handle numeric, alpha, dates, times, base64, multiple languages, or other data types with unique properties.



records were exposed globally via data breaches in 2020 contributing to the worst year on record by Q2 of 2020 – 2020 Q3 Data Breach QuickView Report


dollars is the projected total global cost for cybercrime in 2021. – Herjavec Group


days is the average lifecycle that signifies the time between a data breach and the time to exposure. – IBM

Gain True Data Security With Rixon Technology

With Rixon Technology’s Vautless Tokenization Platform, there is no stored persistent data at the host site, and the client organization will only store non-sensitive tokens. This unique process is termed vaultless tokenization. This vaultless tokenization process provides organizations with another layer of protection since Rixon Technology never stores the client organization’s sensitive data, removing a target for data exploitation. Neither Rixon nor the client organization can rear the surrogate tokenized data in its static state. Only when the client organization performs a detokenization request at the application layer, (built on advanced authorization access controls), can the client organization, and only the client organization regain access to the clear-text sensitive data.


Furthermore, suppose an organization is storing their customers’ data. In this case, the tokenization algorithm can include a secret value that only the end-user provides and is aware of, extending accountability and access control to a 3rd level.  In this scenario, all three entities would need to provide the part of the transaction that they have, in order for one of the entities to gain access to the protected data. Rixon Technology does not persist any values that customers send to the engine, and clear text data is always overwritten and cleared in memory within micro-seconds of operation. In addition, no person at Rixon Technology has access to any of the production tokenization servers. Rixon Technology can also provide the security policies that a client organization configures to manage how data is accessed and who can obtain the full clear text or partially masked data after combining all the “partial-keys” from the various entities involved.   

Lastly, if encryption is what you want, Rixon Technology’s Tokenization Engine includes a public/private Key Encryption Management System with each subscription. Our KMS supports several Asymmetric ciphers and keeps the private keys securely in a vault, allowing you to encrypt your data locally, while still employing dual control and audit visibility into who, how, where, and when your data is being accessed.

Explore What We Mean By 'Disappearing Your Data'