RiXON Technology Cloud-Based Vautless Tokenization Platform

The Rixon Cloud-Based Vautless Tokenization Process

The Rixon Technology tokenization engine is a configuration-driven ciphering process that uses a U.S. Patented solution that generates and combines cryptographic data from different parties into a function that is used to generate a unique secure value for every individual data element that is passed into the engine. This process guarantees that every tenant and every token definition will generate a unique replacement token for a given value.

The tokenization process is a process that replaces a sensitive value with a surrogate non-sensitive equivalent. Instead of replacing the entire value (like a vault), our tokenization engine breaks a given value down into smaller chunks and replaces each piece many times using smaller lookup tables. Each time a chunk of data is replaced, the engine’s algorithm mutates and generates a new solution pattern to return the next piece of data.

Then, this replacement process iterates the value of several hundreds of thousands of times. The resulting tokens are extremely difficult to reverse in the absence of the tokenization system.  In combination, the cryptographic values, unique keys, unique process, and using a unique series of lookup tables for every value that the engine processes, there is no pattern.  Our tokenization engine is optimized and runs completely in memory. As a result, it is extremely fast while providing security and reliability, not suffering from performance, security, or scalability limitations like solutions maintaining a database of sensitive values as in a vaulted. We guarantee 99.9999999% durability of data sent to the tokenization engine.

The tokenization engine can be configured to generate reversible, temporarily reversible, or non-reversible tokens. Each Token Definition can be configured to tokenize all or part of a value, preserve the format, and can handle numeric, alpha, dates, times, base64, multiple languages, and other data types with unique properties such as passing luhn10 checks.  

Why Rixon Cloud-based Vautless Tokenization Is Better Than The Alternatives:

Lets Categorize the Alternatives

    • Encryption with Managed Key Management System
    • Encryption with Hosted Key Management System  
    • Managed Vaulted Tokenization  
    • Hosted Vaulted Tokenization  
    • Managed Vaultless Tokenization  
    • Hosted Vaultless Tokenization  

Encryption with Manages Key Management System

Encryption with managed keys attempts to protect data by moving people away from the data by ciphering it and making it unreadable. However, the ultimate problem with any data protection scheme is how to ensure the people who have access to the key(s) are not doing something inappropriate. In fact, by definition, all managed data protection options imply that a single entity or company is holding both the protected data AND the means to unprotect it.

Managed Vaulted Tokenization

Managed vaultled tokenization creates high levels of risk and vulnerability through how the data, and the deciphering tool are managed. With managed vaulted tokenization, both the tokenized data and the tokenization engine to decipher the data are stored on the same server and “vaulted” i.e. protected via server hardening strategies. The challenge here is all of the sensitive data and access to sensitive data live on one server. If a bad actor were to gain access to this single point of failure, they can gain access to “protected” sensitive data.

Managed Vaultless Tokenization

Vautless tokenization is the process of separating the tokenization engine and where the tokenized data reside. in this scenario the vautless tokenization platform is typically simply just the tokenization engine and the sensitive data is kept separate from where this tokenization takes place.  The risk with managed vautless is simply the managed provider has access to your tokenization engineer, the tokens themselves, or both. Here, you are risking the safety of your organization in the hands of a managed provider. This leads to higher risks of data loss of exploit through insider attacks or, breach and exposure targeted at that managed provider.

Hosted Vaulted Tokenization

Hosted Vaulted Tokenization can be ruled out as secure since it abides the same flaw in that an external party owns both the data and the means to decipher it. This is a fundamental flaw because your adversaries are not only people outside your company walls; but people you trust to manage your data. Furthermore, people make mistakes and inadvertently increase data exposure.

Encryption with Hosted Key Management & Hosted Vautless Tokenization

Hosted Vaulted Tokenization can be ruled out as secure since it abides the same flaw in that an external party owns both the data and the means to decipher it. This is a fundamental flaw because your adversaries are not only people outside your company walls; but people you trust to manage your data. Furthermore, people make mistakes and inadvertently increase data exposure.

Rixon Cloud-based Vautless Tokenization:

With Rixon Technology’s Vaultless Tokenization, there is no stored persistent data at the hosted site, and the consumer/customer will only store non-sensitive tokens. Neither party can read the data without combining the parts that each other has. 
 

Furthermore, suppose a customer is storing their customers’ data. In this case, the tokenization algorithm can include a secret value that only the end-user provides and is aware of, extending accountability and access control to a 3rd level such that all three entities would need to provide the piece that they know for one of the entities to gain access to the protected data. Rixon Technology does not persist any values that customers send to the engine, and clear text data is always overwritten in/cleared memory within micro-seconds of operation. In addition, no person at Rixon Technology has access to any of the production tokenization servers. Additionally, Rixon Technology provides the concept of security policies which a customer configures to manage how data is accessed and who can obtain the full clear text or partially masked data after combining all the “partial-keys” from the various entities involved.    

Lastly, if encryption is what you want, Rixon Technology’s Tokenization Engine includes a public/private Key Encryption Management System with each subscription. Our KMS supports several Asymmetric ciphers and keeps the private keys securely in a vault, allowing you to encrypt your data locally while still employing dual control and audit visibility into who, how, where, when your data is being accessed

Learn More By Speaking With a Rixon Technology Team Member Today!