Replace sensitive data with unique identification numbers to improve PCI compliance
Tokenization should be considered when sensitive data is stored on multiple systems throughout an organization. Tokenization is the process of replacing sensitive data with unique identification numbers (e.g. tokens) and storing the original data on a central server, typically in encrypted form.
By centralizing sensitive data onto a single system, tokenization can help thwart hackers and minimize the scope of compliance audits such as PCI. Tokenization can be used to protect any sensitive data including credit card numbers (PAN), bank account numbers, Social Security numbers, drivers license numbers and other personal identity information.
Powertech Encryption for IBM i Within a Tokenized Environment
When data needs to be stored (typically on an insert or update), the remote system will pass this data, along with the Field Id and User to the Token Server. Powertech Encryption for IBM i will then assign a unique Token Id, and will encrypt and store that data into a DB2 physical file on the IBM i Token Server. The Token Id will be returned to the remote system, which would usually be stored in the same field (or column) as where the original data used to be located.
When data needs to be retrieved from the IBM i Token Server, the remote system will pass in the Token Id, Field Id and User. The data will then be retrieved from the DB2 physical file using the Token Id and Field Id. Based on the User’s authority and requested function, Powertech Encryption for IBM i can return the fully decrypted value, masked value or no value (if not authorized) to the remote system.
Centralizes key management and policies on a single server
Supports tokenization of data from diverse systems including IBM i, Windows, Linux, AIX, etc.
Provides remote connections to token functions through secure HTTPS protocol
Auto-assigns token identifiers from the central token server
Encrypts and stores tokenized data into scalable DB2 physical files
Allows securing data elements by User Id, User Group and/or Authorization Lists
Provides centralized audit logs and message alerts