Enterprise Tokenization Service:

How it Works: 

It is an important question. After all, it is not easy to trust something that hasn’t been explained. The Rixon Technology tokenization engine is a configuration-driven ciphering process that uses a U.S. Patented solution that generates and combines cryptographic data from different parties into a function that is used to generate a unique secure value for every individual data element that is passed into the engine. This process guarantees that every tenant and every token definition will generate a unique replacement token for a given value.

The tokenization process is a process that replaces a sensitive value with a surrogate non-sensitive equivalent. Instead of replacing the entire value (like a vault), our tokenization engine breaks a given value down into smaller chunks and replaces each piece many times using smaller lookup tables. Each time a chunk of data is replaced, the engine’s algorithm mutates and generates a new solution pattern to return the next piece of data.

Then, this replacement process iterates the value of several hundreds of thousands of times. The resulting tokens are extremely difficult to reverse in the absence of the tokenization system.  In combination, the cryptographic values, unique keys, unique process, and using a unique series of lookup tables for every value that the engine processes, there is no pattern.  Our tokenization engine is optimized and runs completely in memory. As a result, it is extremely fast while providing security and reliability, not suffering from performance, security, or scalability limitations like solutions maintaining a database of sensitive values as in a vaulted. We guarantee 99.9999999% durability of data sent to the tokenization engine.

The tokenization engine can be configured to generate reversible, temporarily reversible, or non-reversible tokens. Each Token Definition can be configured to tokenize all or part of a value, preserve the format, and can handle numeric, alpha, dates, times, base64, multiple languages, and other data types with unique properties such as passing luhn10 checks.  

Why it is Better than the alternative:  

Let us categorize the alternatives.    

  1. Encryption with Managed Key Management System  
  1. Encryption with Hosted Key Management System  
  1. Managed Vaulted Tokenization  
  1. Hosted Vaulted Tokenization  
  1. Managed Vaultless Tokenization  
  1. Hosted Vaultless Tokenization  

These options attempt to protect data by moving people away from the data by ciphering it and making it unreadable. The ultimate problem with any data protection scheme is how to ensure the people who have access to the key(s) are not doing something inappropriate. In fact, by definition, all managed data protection options imply that a single entity or company is holding both the protected data AND the means to unprotect it. Also, Hosted Vaulted Tokenization can be ruled out as secure since it abides the same flaw in that an external party owns both the data and the means to decipher it. This is a fundamental flaw because your adversaries are not only people outside your company walls; but people you trust to manage your data. Furthermore, people make mistakes and inadvertently increase data exposure.    

The last two remaining options: Encryption with Hosted Key Management System and Hosted Vaultless Tokenization. Both of these remaining options successfully separate the ciphered data from the means to decipher it. It is lending the concept of dual control, that no single entity can do naughty things.   

With Rixon Technology’s Vaultless Tokenization, there is no stored persistent data at the hosted site, and the consumer/customer will only store non-sensitive tokens. Neither party can read the data without combining the parts that each other has. 

Furthermore, suppose a customer is storing their customers’ data. In this case, the tokenization algorithm can include a secret value that only the end-user provides and is aware of, extending accountability and access control to a 3rd level such that all three entities would need to provide the piece that they know for one of the entities to gain access to the protected data. Rixon Technology does not persist any values that customers send to the engine, and clear text data is always overwritten in/cleared memory within micro-seconds of operation. In addition, no person at Rixon Technology has access to any of the production tokenization servers. Additionally, Rixon Technology provides the concept of security policies which a customer configures to manage how data is accessed and who can obtain the full clear text or partially masked data after combining all the “partial-keys” from the various entities involved.    

Lastly, if encryption is what you want, Rixon Technology’s Tokenization Engine includes a public/private Key Encryption Management System with each subscription. Our KMS supports several Asymmetric ciphers and keeps the private keys securely in a vault, allowing you to encrypt your data locally while still employing dual control and audit visibility into who, how, where, when your data is being accessed.