Encryption Plus Tokenization is a One-two Punch
for Database and Application Security

One of the data protection methods offered by nuBridges Protect™ is tokenization. This method reduces the number of places where encrypted data is stored within an enterprise, eliminating points of risk and reducing audit scope.

Here's how it works:  nuBridges Protect Token Manager is a software module that intercepts the data you want to protect, generates format-preserving tokens and inserts them in place of the sensitive data. It then encrypts the original data and stores the cipher text in a central data vault.  Tokens can be safely used by any application or database without risk of exposing sensitive data.  When applications or databases require the clear-text value, they simply make a Web services call to the Token Manager and present the token.  The Token Manager validates the request credentials and, if authorized, looks up the token in the data vault, identifies the appropriate cipher text, decrypts the value and presents it back to the database or application.

This method has been proven in production by payment processing outsourcers, and now nuBridges brings it to your data center.  Not just for credit card data - for any data!

Format Preserving Tokenization™

Unlike any other solution on the market, nuBridges Protect Token Manager generates "format-preserving" tokens that mimic the original data.

This eliminates the need to modify applications and databases because the data looks just like they expect it to look, and it's a perfect way to support development and testing without exposing real production data.

You can also manipulate the format of the token.  For example, tokens can be formatted to:

Preserve a number of leading and trailing characters   3752   5712250   3125    3752 X4gmbAdL4Q 3125 original data head body tail Preserve the format (length and data type) 3752   5712250   3125    3752 4333906 3125 original data head body tail Mask a portion of the token when a full value is not needed or desirable 3752   5712250   3125    3752 ******* 3125 original data head body tail

This is very useful for customer service applications where you only want to expose a portion of the data.

And because tokens and cipher text maintain a 1-to-1 relationship across multiple systems, referential integrity is preserved, allowing for data and trend analysis across multiple applications as data sets, your analytics to continue to run just fine using the surrogate values.

It works in the background, without impacting processes or other applications - a very elegant - and unique - approach to protecting all types of customer, employee and company confidential information.

Tokenization to Reduce PCI DSS Audit Scope

When you undergo a PCI DSS audit, all of the systems, applications and processes that have access to credit card information (unencrypted and encrypted) are considered "in scope."  However, if you substitute tokens for the credit card information, and the systems, applications and processes never require access to the token's underlying value, then they are "out of scope" and do not need to be audited for PCI DSS compliance.

Because you can format tokens in any manner you wish, this enables you to, for example, render a customer service application and all of its processes as "out of scope."  A typical customer service function answers billing questions and requires access to only the last four digits of a credit card number.  If you format the token in this manner, and do not provide the customer service applications or people with any access to the token server, then the entire function is "out of scope."  This offers significant financial and practical benefits to many organizations.

Contact nuBridges to learn more – we’d be delighted to answer your questions, show you the capabilities of nuBridges Protect, and propose a module set tailored specifically to your business needs and technology ecosystem.

2009 Product Awards