imtoken正确官网|tokenization
imtoken正确官网|tokenization
作者: imtoken正确官网
2024-03-13 06:53:15
Just a moment...
a moment...Enable JavaScript and cookies to contiWhat is tokenization? | McKinsey
is tokenization? | McKinseySkip to main contentWhat is tokenization?March 6, 2024 | ArticleSharePrintDownloadSaveTokenization is the process of creating a digital representation of a real thing. Tokenization can be used to protect sensitive data or to efficiently process large amounts of data.A terracotta soldier figurine emerging from a digital tablet. The soldier looks digitized at it's base but becomes a solid form at it's top.
(6 pages)
Events of the last few years have made it clear: we’re hurtling toward the next era of the internet with ever-increasing speed. Barely a week goes by without an important new breakthrough in generative AI (gen AI). McKinsey estimates that gen AI could add up to $4.4 trillion annually to the global economy; by comparison, the United Kingdom’s GDP was about $3 trillion as of 2021.
Get to know and directly engage with senior McKinsey experts on tokenization
Prashanth Reddy is a senior partner in McKinsey’s New Jersey office, and Robert Byrne is a senior partner in the Bay Area office.
AI is a big story, but it’s not the only game in tech town. Web3 is said to offer the potential of a new, decentralized internet, controlled by participants via blockchains rather than a handful of corporations. Payments is also a field in flux: one in two consumers in 2021 used a fintech product, primarily peer-to-peer payment platforms and nonbank money transfers.
What do AI, Web3, and fintech all have in common? They all rely on a process called tokenization. And tokenization stands to revolutionize the way we exchange ideas, information, and money.
Let’s get specific: tokenization is the process of issuing a digital, unique, and anonymous representation of a real thing. Sometimes the token is used on a (typically private) blockchain, which allows the token to be used within specific protocols. Tokens can represent assets, including physical assets like real estate or art, financial assets like equities or bonds, intangible assets like intellectual property, or even identity and data. Tokenization also makes AI tools possible, by enabling large language models (LLMs) that use deep learning techniques to process, categorize, and link pieces of information—from whole sentences down to individual characters. And payment tokenization protects sensitive data by generating a temporary code that’s used in place of the original data.
Tokenization can create several types of tokens. From the financial-services industry, one example would be stablecoins, a type of cryptocurrency pegged to real-world money designed to be fungible, or replicable. Another type of token is an NFT—a nonfungible token, meaning a token that can’t be replicated—which is a digital proof of ownership people can buy and sell. Yet another example could simply be the word “cat”; an LLM would tokenize the word “cat” and use it to understand relationships between “cat” and other words.
Tokenization is potentially a big deal. Industry experts have forecast up to $5 trillion in tokenized digital-securities trade volume by 2030.
In this Explainer, we’ll drill down into how tokenization works and what it might mean for the future.
Learn more about McKinsey’s Financial Services Practice.
How does tokenization work in large language models?
Before answering this question, let’s get some basics down. Deep learning models trained on vast quantities of unstructured, unlabeled data are called foundation models. LLMs are foundation models that are trained on text. Trained via a process called fine-tuning, these models can not only process massive amounts of unstructured text but also learn the relationships between sentences, words, or even portions of words. This in turn enables them to generate natural language text, or perform summarization or other knowledge extraction tasks.
Here’s how tokenization makes this possible. When an LLM is fed input text, it breaks the text down into tokens. Each token is assigned a unique numerical identifier, which is fed back into the LLM for processing. The model learns the relationships between the tokens and generates responses based on the patterns it learns.
There are a number of tokenization techniques commonly used in LLMs:
Word tokenization splits text into individual words or word-like units, and each word becomes a separate token. Word tokenization might struggle with contractions or compound words.
Character tokenization makes each character in text its own separate token. This method works well when dealing with languages that don’t have clear word boundaries or with handwriting recognition.
Subword tokenization breaks down less frequently used words into units of frequently occurring sequences of characters. Subword tokens are bigger than individual characters but smaller than entire words. By breaking words into subword tokens, a model can better handle words that were not present in the training data. Byte pair encoding (BPE) is one subword tokenization algorithm. BPE starts with a vocabulary of characters or words and merges the tokens which most often appear together.
Morphological tokenization uses morphemes, which are individual words or parts of words that carry specific meanings or grammatical functions. The word “incompetence,” for example, can be broken down into three morphemes: “in-” (a prefix indicating negation), “competent” (the root), and “-ence” (a suffix indicating a state or quality). In morphological tokenization, each morpheme becomes a token, which enables LLMs to handle word variations, understand grammatical structures, and generate linguistically accurate text.
The type of tokenization used depends on what the model needs to accomplish. Different tokenization methods may also be combined to achieve the required results.
What technologies make Web3 possible?
As we’ve seen, Web3 is a new type of internet, built on new types of technology. Here are the three main types:
Blockchain. A blockchain is a digitally distributed, decentralized ledger that exists across a computer network and facilitates the recording of transactions. As new data are added to a network, a new block is created and appended permanently to the chain. All nodes on the blockchain are then updated to reflect the change. This means the system is not subject to a single point of control or failure.
Smart contracts. Smart contracts are software programs that are automatically executed when specified conditions are met, like terms agreed on by a buyer and seller. Smart contracts are established in code on a blockchain that can’t be altered.
Digital assets and tokens. These are items of value that only exist digitally. They can include cryptocurrencies, stablecoins, central bank digital currencies (CBDCs), and NFTs. They can also include tokenized versions of assets, including real things like art or concert tickets.
As we’ll see, these technologies come together to support a variety of breakthroughs related to tokenization.
What are the potential benefits of tokenization for financial-services providers?
Some industry leaders believe tokenization stands to transform the structure of financial services and capital markets because it lets asset holders reap the benefits of blockchain, such as 24/7 operations and data availability. Blockchain also offers faster transaction settlement and a higher degree of automation (via embedded code that only gets activated if certain conditions are met).
While yet to be tested at scale, tokenization’s potential benefits include the following:
Faster transaction settlement, fueled by 24/7 availability. At present, most financial settlements occur two business days after the trade is executed (or T+2; in theory, this is to give each party time to get their documents and funds in order). The instant settlements made possible by tokenization could translate to significant savings for financial firms in high-interest-rate environments.
Operational cost savings, delivered by 24/7 data availability and asset programmability. This is particularly useful for asset classes where servicing or issuing tends to be highly manual and hence error-prone, such as corporate bonds. Embedding operations such as interest calculation and coupon payment into the smart contract of the token would automate these functions and require less hands-on human effort.
Democratization of access. By streamlining operationally intensive manual processes, servicing smaller investors can become an economically attractive proposition for financial-services providers. However, before true democratization of access is realized, tokenized asset distribution will need to scale significantly.
Enhanced transparency powered by smart contracts. Smart contracts are sets of instructions coded into tokens issued on a blockchain that can self-execute under specific conditions. One example could be a smart contract for carbon credits, in which blockchain can provide an immutable and transparent record of credits, even as they’re traded.
Cheaper and more nimble infrastructure. Blockchains are open source, thus inherently cheaper and easier to iterate than traditional financial-services infrastructure.
There’s been hype around digital-asset tokenization for years, since its introduction back in 2017. But despite the big predictions, it hasn’t yet caught on in a meaningful way. We are, though, seeing some slow movement: US-based fintech infrastructure firm Broadridge now facilitates more than $1 trillion monthly on its distributed ledger platform.
Introducing McKinsey Explainers: Direct answers to complex questionsExplore the series
Learn more about McKinsey’s Financial Services Practice.
How does an asset get tokenized?
There are four typical steps involved in asset tokenization:
Asset sourcing. The first step of tokenization is figuring out how to tokenize the asset in question. Tokenizing a money market fund, for example, will be different from tokenizing a carbon credit. This process will require knowing whether the asset will be treated as a security or a commodity and which regulatory frameworks apply.
Digital-asset issuance and custody. If the digital asset has a physical counterpart, the latter must be moved to a secure facility that’s neutral to both parties. Then a token, a network, and compliance functions are selected—coming together to create a digital representation of the asset on a blockchain. Access to the digital asset is then stored pending distribution.
Distribution and trading. The investor will need to set up a digital wallet to store the digital asset. Depending on the asset, a secondary trading venue—an alternative to an official exchange that is more loosely regulated—may be created for the asset.
Asset servicing and data reconciliation. Once the asset has been distributed to the investor, it will require ongoing maintenance. This should include regulatory, tax, and accounting reporting; notice of corporate actions; and more.
Is the time finally right for tokenization to catch on?
Maybe. Financial-services players are already beginning to tokenize cash. At present, approximately $120 billion of tokenized cash is in circulation in the form of fully reserved stablecoins. As noted above, stablecoins are a type of cryptocurrency pegged to a physical currency (or commodity or other financial instrument) with the goal of maintaining value over time.
Financial-services players may be starting to play with tokenizing—theirs is the biggest use case to date—but it’s not yet happening on a scale that could be considered a tipping point.
That said, there are a few reasons that tokenizing might take off. For one thing, the higher interest rates of the current cycle—while a cause for complaint for many—are improving the economics for some tokenization use cases, particularly those dealing with short-term liquidity. (When interest rates are high, the difference between a one-hour and 24-hour transaction can equal a lot of money.)
What’s more, since tokenization debuted five years ago, many financial-services companies have significantly grown their digital-asset teams and capabilities. These teams are experimenting more and continually expanding their capabilities. As digital-asset teams mature, we may see tokenization increasingly used in financial transactions.
Learn more about McKinsey’s Financial Services Practice, and check out Web3-related job opportunities if you’re interested in working at McKinsey.
Articles referenced:
“Tokenization: A digital-asset déjà vu,” August 15, 2023, Anutosh Banerjee, Ian De Bode, Matthieu de Vergnes, Matt Higginson, and Julian Sevillano
“Tokenizing nontraditional assets: A conversation with Ascend Bit’s Brian Clark,” March 17, 2023, Andrew Roth
“Web3 beyond the hype,” September 26, 2022, Anutosh Banerjee, Robert Byrne, Ian De Bode, and Matt Higginson
“How can healthcare unlock the power of data connectivity?,” December 9, 2021, Prashanth Reddy
Want to know more about tokenization?Talk to usRelated ArticlesPodcastTokenizing nontraditional assets: A conversation with Ascend Bit’s Brian ClarkArticleTokenization: A digital-asset déjà vuArticleWhat is central bank digital currency (CBD
What is Tokenization | Data & Payment Tokenization Explained | Imperva
WP
What is Tokenization | Data & Payment Tokenization Explained | Imperva
Under DDoS Attack?
1-866-777-9980
Login
LoginCloud Security ConsoleRASP Console
English
EnglishENDeutschDEEspañolESFrançaisFRPortuguêsPT-BR日本語日本語한국어KR中文CN
Under DDoS Attack?
1-866-777-9980
Start for FreeContact UsStart for FreeContact Us
Why ImpervaProducts
Products
Application PerformanceApplication SecurityData SecurityNetwork SecurityImperva PlansApplication PerformanceApplication Performance OverviewOptimize content delivery and user experienceContent Delivery NetworkBoost website performance with caching and compressionWaiting RoomVirtual queuing to control visitor trafficThe importance of a resilient CDN for digital performanceGet featured reportApplication SecurityApplication Security OverviewIndustry-leading application and API protectionWeb Application FirewallInstantly secure applications from the latest threatsAdvanced Bot ProtectionIdentify and mitigate the most sophisticated bad botAPI SecurityDiscover shadow APIs and the sensitive data they handleDDoS ProtectionSecure all assets at the edge with guaranteed uptimeClient-Side ProtectionVisibility and control over third-party JavaScript codeRuntime ProtectionSecure workloads from unknown threats and vulnerabilitiesServerless ProtectionUncover security weaknesses on serverless environmentsAttack AnalyticsComplete visibility into your latest attacks and threatsImperva named a security leader in the SecureIQlab CyberRisk ReportGet featured reportData SecurityData Security OverviewProtect all data and ensure compliance at any scaleData Security FabricMulticloud, hybrid security platform protecting all data typesBusiness CapabilitiesData security at scaleData security for multicloudRisk analytics & insightsData compliance at scaleData discovery & classificationCloud Data SecuritySaaS-based data posture management and protectionThe Imperva AdvantageBroadest coverageProtect any data sourceEcosystem integrationUnified visibilityIDC Spotlight: Effective Multicloud Data SecurityGet featured reportNetwork SecurityNetwork Security OverviewProtection and control over your network infrastructureDDoS ProtectionSecure all assets at the edge with guaranteed uptimeGlobal DDoS Threat Landscape ReportGet featured reportImperva PlansSolutions
Solutions
By Use CaseBy IndustryImperva PlansBy Use CaseApplication SecurityStop software supply chain attacksMitigate account takeover attacksProtect modern web applicationsSecure API inventoriesProtect against online fraudEmbed security into DevOpsProtect applications from business logic abuseData SecuritySafeguard sensitive and personal dataAdvance data governanceAssure data compliance and privacySecurely move data to the cloudObserve data risk managementMonitor user behavior analyticsData encryption and cryptographic solutionsNetwork SecurityDefend DDoS attacks at scaleSecure business continuity in the event of an outageApplication PerformanceEnsure consistent application performanceBy IndustrySolutions by IndustryDefense-in-depth security for every industryGovernmentHealthcareFinancial ServicesTelecom & ISPsRetailThe State of Security within eCommerce 2022Get free reportImperva PlansSupport
Support
SupportSupportLooking for technical support or services, please review our various channels belowTechnical SupportServicesImperva UniversityCommunitySupport Portal LoginDocumentationEOL PolicyPartners
Partners
Channel PartnersTechnology Alliance PartnersChannel PartnersChannel Partners ProgramLooking for an Imperva partner? Find an approved one with the expertise to help youChannel PartnersFind a PartnerPartner Portal LoginImperva reimagines partner program: Imperva AccelerateLearn howTechnology Alliance PartnersTechnology Alliance PartnersImperva collaborates with the top technology companiesTechnology Alliance Partners (TAP)Become a TAPFind a TAPProtect your Cloudera data with ImpervaLearn more Customers
Customers
Application Security Customer StoriesData Security Customer StoriesSee all Customer StoriesApplication Security Customer StoriesApplication Security Customer StoriesLearn how Imperva enables and protects industry leadersTower ensures website visibility and uninterrupted business operationsSmallpdf protects its customers and ensures availabilityQuálitas continues its quality services using Imperva Application SecurityLearn howData Security Customer StoriesData Security Customer StoriesLearn how Imperva enables and protects industry leadersBanco Popular streamlines operations and lowers operational costsDiscovery Inc. tackles data compliance in public cloud with Imperva Data Security FabricDiscovery Inc. tackles data compliance in public cloudLearn howSee all Customer StoriesResources
Resources
ResourcesThreat ResearchLearning AssetsResourcesResourcesGet all the information you need about Imperva products and solutionsResource LibraryBlogWebinarsCase StudiesPrivacy, Compliance & Trust CenterImperva CertificationsNew Vulnerability in Popular Widget Shows Risks of Third-Party CodeRead moreThreat ResearchThreat ResearchStay informed on the latest threats and vulnerabilitiesThreat Research OverviewCyber Threat IndexCyber Attack MapFree ToolsNetwork MapCyber Threat IndexLatest threat analysisLearning AssetsLearning AssetsExpand and share your knowledgeLearning CenterApplication Security GuideData Security GuideImperva CommunityDocumentation PortalBrowse the Imperva Learning Center for the latest cybersecurity topicsExplore nowCompany
Company
CompanyCompanyGet to know us, beyond our products and servicesAbout UsEventsCareersPress & AwardsContact InformationImperva ESG ReportsRead more
Home > Learning Center > Tokenization
Article's content
Tokenization
38.9k views
Data Security
What is Tokenization
Tokenization replaces a sensitive data element, for example, a bank account number, with a non-sensitive substitute, known as a token. The token is a randomized data string that has no essential or exploitable value or meaning. It is a unique identifier which retains all the pertinent information about the data without compromising its security.
A tokenization system links the original data to a token but does not provide any way to decipher the token and reveal the original data. This is in contrast to encryption systems, which allow data to be deciphered using a secret key.
How Data Tokenization Works
Tokenization, in relation to payment processing, demands the substitution of a credit card or account number with a token. The token has no use and is not connected to an account or individual.
The 16 digits primary account number (PAN) of the customer is substituted with a randomly-created, custom alphanumeric ID. The tokenization process removes any connection between the transaction and the sensitive data, which limits exposure to breaches, making it useful in credit card processing.
Tokenization of data safeguards credit card numbers and bank account numbers in a virtual vault, so organizations can transmit data via wireless networks safely. For tokenization to be effective, organizations must use a payment gateway to safely store sensitive data.
A payment gateway is a merchant service offered by an e-commerce application service provider that permits direct payments or credit card processing. This gateway stores credit card numbers securely and generates the random token.
Tokenization in a nutshell
Payment Tokenization Example
When a merchant processes the credit card of a customer, the PAN is substituted with a token. 1234-4321-8765-5678 is replaced with, for example, 6f7%gf38hfUa.
The merchant can apply the token ID to retain records of the customer, for example, 6f7%gf38hfUa is connected to John Smith. The token is then transferred to the payment processor who de-tokenizes the ID and confirms the payment. 6f7%gf38hfUa becomes 1234-4321-8765-5678.
The payment processor is the only party who can read the token; it is meaningless to anyone else. Furthermore, the token is useful only with that single merchant.
Tokenization vs Encryption
The main difference between tokenization and encryption is that tokenization uses a ‘token’ whereas encryption uses a ‘secret key’ to safeguard the data.
Encryption
A core issue with data encryption is that it is reversible. Encrypted data is designed to be restored to its initial, unencrypted state. The safety of encryption is reliant on the algorithm used to protect the data. A more complex algorithm means safer encryption that is more challenging to decipher.
All encryption is, however, essentially breakable. The strength of your algorithm and the computational power available to the attacker will determine how easily an attacker can decipher the data. Encryption is thus better described as data obfuscation, rather than data protection. Encryption makes it more difficult to access the original information protected within the encrypted data, however not impossible.
The PCI Security Standards Council and similar compliance organizations treat encrypted data as sensitive data because it is reversible. Organizations are thus required to protect encrypted data.
Tokenization
Unlike encryption, tokenization of data cannot be reversed. Rather than using a breakable algorithm, a tokenization system substitutes sensitive data by mapping random data, thus the token cannot be decrypted. The token is a placeholder, with no essential value.
The true data is kept in a separate location, such as a secured offsite platform. The original data does not enter your IT environment. If an attacker penetrates your environment and accesses your tokens, they have gained nothing. Thus, tokens cannot be used for criminal undertakings.
The PCI and other security standards do not require organizations to safeguard tokenized data.
Benefits of Tokenization
Tokenization can provide several important benefits for securing sensitive customer data:
Enhanced customer assurance—tokenization offers an additional layer of security for eCommerce websites, increasing consumer trust.
Increased security and protection from breaches—by using tokenization, businesses do not have to capture sensitive information in their input terminals, keep it in internal databases, or transmit the data through their information systems. This safeguards businesses from security breaches.
Data tokenization improves patient security—organizations can use tokenization solutions for scenarios covered under HIPAA. By substituting electronically protected health information (ePHI) and non-public personal information (NPPI) with a tokenized value, healthcare organizations can better comply with HIPAA regulations.
Tokenization makes credit card payments more secure—the payment card industry needs to comply with extensive standards and regulations. Tokenization solutions provide a way to protect cardholder data, such as magnetic swipe data, primary account number, and cardholder information. Companies can comply with industry standards more easily, and better protect client information.
PCI Tokenization: Easing Compliance with Tokenization
The Payment Card Industry Data Security Standard (PCI DSS) ensures PAN data is protected by all organizations that accept, transmit, or store cardholder data. Failure to comply may result in fines and loss of brand authority.
Tokenization helps companies achieve PCI DSS compliance by reducing the amount of PAN data stored in-house. Instead of storing sensitive cardholder data, the organization only handles tokens, making for a smaller data footprint. Less sensitive data translates into fewer compliance requirements to comply with, which may lead to faster audits.
See how Imperva Data Masking can help you with data protection.
Request demo
Learn more
How Imperva Leverages Tokenization for Security and Compliance
Imperva’s security solution uses data masking and encryption to obfuscates core data, so it would be worthless to a threat actor, even if somehow obtained.
We offer a holistic security solution that protects your data wherever it lives—on-premises, in the cloud, and in hybrid environments. We help security and IT teams by providing visibility into how data is accessed, used, and moved across the organization.
Our security approach relies on multiple layers of protection, including:
Database firewall—prevents SQL injection and similar threats, while assessing for known vulnerabilities.
User rights management—tracks the data movements and access of privileged users to identify excessive and unused privileges.
Data loss prevention (DLP)—monitors and tracks data in motion, at rest, in cloud storage, or on endpoint devices.
User behavior analytics—creates a baseline of data access behavior and uses machine learning to isolate and alert on abnormal and potentially dangerous activity.
Data discovery and classification—discloses the volume, location, and context of data on-premises and in the cloud.
Database activity monitoring—monitors relational databases, data warehouses, big data, and mainframes to produce real-time alerts on violations of policy.
Alert prioritization—Imperva uses AI and machine learning technology to examine the stream of security events and prioritize the most important events.
Latest Blogs
Data Security
Breaking it Down: A Data-Centric Security Perspective on NIST Cybersecurity Framework 2.0
Brian Robertson Mar 11, 2024 4 min read
Data Security
Navigating the Waters of Generative AI
Brian Robertson Feb 28, 2024 5 min read
Data Security
Healthcare Needs Risk-Based Cybersecurity for Comprehensive, Effective Protection
Lynne Murray, Paul Steen Feb 26, 2024 5 min read
Data Security
Accelerating Cloud-Native Data Security Deployments at Scale with Imperva's eDSF Kit
Lynne Murray, Shiri Margel Dec 1, 2023 5 min read
Data Security
How to Protect Against Data Lake Hacking
Ori Nakar Oct 9, 2023 4 min read
Latest Articles
Data Security
...
Data Security
Data Loss Prevention (DLP) 170.3k Views
Data Security
...
Data Security
Data Security 136.6k Views
Data Security
...
Data Security
Data Masking 122.2k Views
Data Security
...
Data Security
Data Classification 111.1k Views
Data Security
...
Data Security
Anonymization 105.2k Views
Data Security
...
Data Security
Database Security 78.7k Views
Data Security
...
Data Security
Data Lineage 77.7k Views
Data Security
...
Data Security
Data Protection 73.7k Views
+1 866 926 4678
Partners Imperva Partner Ecosystem
Channel Partners
Technology Alliances
Find a Partner
Partner Portal Login
Resources Imperva Blog
Resource Library
Case Studies
Learning Center
About Us Why Imperva
Who We Are
Events
Careers
Press & Awards
Contact Information
Network Network Map
System Status
Support Emergency DDoS Protection
Support Portal
Imperva Community
Documentation Portal
API Integration
Trust Center
Cookie Preferences Trust Center Modern Slavery Statement Privacy Legal
English
EnglishDeutschEspañolFrançaisPortuguês日本語中文
+1 866 926 4678
English
EnglishDeutschEspañolFrançaisPortuguês日本語中文
Cookie Preferences Trust Center Modern Slavery Statement Privacy Legal
Copyright © 2024 Imperva. All rights reserved
×
Protect Against Business Logic Abuse
Identify key capabilities to prevent attacks targeting your business logic
Download Now
×
The 10th Annual Bad Bot Report
The evolution of malicious automation over the last decade
Download Now
×
The State of Security Within eCommerce in 2022
Learn how automated threats and API attacks on retailers are increasing
Free Report
×
Prevoty is now part of the Imperva Runtime Protection
Protection against zero-day attacks
No tuning, highly-accurate out-of-the-box
Effective against OWASP top 10 vulnerabilities
Learn more here
×
Want to see Imperva in action?
Fill out the form and our experts will be in touch shortly to book your personal demo.
Thank you!
An Imperva security specialist will contact you shortly.
×
“Imperva prevented 10,000 attacks in the first 4 hours of Black Friday weekend with no latency to our online customers.”
Top 3 US Retailer
How Does Tokenization Work? Explained with Examples - Spiceworks
How Does Tokenization Work? Explained with Examples - Spiceworks
Skip to Main Navigation
Skip to Main Content
Skip to Footer
Home
News & Insights
News & Insights Home
Artificial Intelligence
Innovation
IT Careers & Skills
Cloud
Cyber Security
Future of Work
IT Research
All Categories
Community
Community Home
Cloud
Collaboration
Hardware
Networking
Programming
Security
Software
Storage
Vendors
Virtualization
Windows
All Categories
Events
IT Tools
Cloud Help Desk
Inventory Online
Contracts
Connectivity Dashboard
Pricing
All IT Tools
State of IT Spend
Newsletters
Reviews
Login
Join
Login
Join
Data Security
What is Tokenization? Definition, Working, and Applications
Tokenization hides and secures a dataset by replacing sensitive elements with random, non-sensitive ones.
Chiradeep BasuMallick
Technical Writer
March 28, 2023
Tokenization is the process of hiding the contents of a dataset by replacing sensitive or private elements with a series of non-sensitive, randomly generated elements (called a token).
Tokenization is gaining popularity for data security purposes in business intelligence, fintech, and ecommerce sectors, among others.
Throughout the process, the link between the token and real values cannot be reverse-engineered. This article explains the meaning of tokenization and its uses.
Table of Contents
What Is Tokenization?
How Does Tokenization Work?
Tokenization vs. Encryption
Uses of Tokenization
What Is Tokenization?
Tokenization is defined as the process of hiding the contents of a dataset by replacing sensitive or private elements with a series of non-sensitive, randomly generated elements (called a token) such that the link between the token values and real values cannot be reverse-engineered.
Tokenization has flourished from the beginning of early financial systems, wherein coin tokens replaced real coins or banknotes. Since they function as money substitutes, subway tokens or casino tokens are instances of this. This is an example of tangible tokenization, but the purpose is identical to digital tokenization: to serve as a proxy for a more valued object.
The usage of digital tokenization dates back to the 1970s. It was utilized in the data archives of the time to isolate sensitive information from other recorded data.
Recently, tokenization has found applications in the credit and debit card industry to protect critical cardholder data and comply with industry norms. In 2001, TrustCommerce was attributed to developing tokenization to safeguard payment card data.
Tokenization substitutes confidential material with unique identifiers that maintain all critical information without jeopardizing security. It aims to reduce the data a company must keep on hand.
Consequently, it has become a popular method for small and medium-sized enterprises to increase the safety of card information and e-commerce transactions. In addition, it reduces the expense and difficulty of complying with industry best practices and government regulations.
Interestingly, the technology is not limited to financial data. Theoretically, one could apply tokenization technologies to all types of sensitive data, such as financial transactions, health records, criminal histories, vehicle driver details, loan documents, stock trading, and voter registration. Tokenization may improve any system a surrogate employs as a substitute for confidential material.
Types of tokenization
Tokens and tokenization can be of various types:
Vaultless tokenization: Vaultless tokenization employs protected cryptographic hardware with specified algorithms based on conversion standards to facilitate the exchange of sensitive information into non-sensitive assets in a secure way. One may store these tokens without a database. We will discuss this further in the following section.
Vault tokenization: This is the type of tokenization used for conventional payment processing, which requires organizations to keep a confidential database. This secure repository is known as a vault, whose purpose is to hold sensitive and non-sensitive information.
Tokenization in NLP: The field of natural language processing (NLP) comprises tokenization as one of its most fundamental operations. In this sense, tokenization splits a text down into smaller units called tokens so that bots can comprehend natural language properly.
Blockchain-based tokenization: This strategy distributes the ownership of a particular asset into several tokens. Non-fungible tokens (NFTs) that function as “shares” may be used for tokenization on a blockchain. However, tokenization could also encompass fungible tokens with an asset-specific value.
Platform tokenization: The tokenization of a blockchain enables decentralized application development. Also known as platform tokenization, this is a process in which the blockchain network offers transactional security and support as its foundation.
NFT tokenization: Blockchain NFTs are among the most prominent tokenizations nowadays. Non-fungible tokens contain digital information representing specialized and high-value assets.
Governance tokenization: This form of tokenization is designed for blockchain-based voting systems. Governance tokenization enables a more efficient decision-making process using decentralized protocols since all stakeholders can vote, debate, and participate equitably on-chain.
Utility tokenization: Using a particular protocol, utility tokens provide access to different services. There isn’t any direct investment token production using utility tokens, and their platform activity is beneficial to the economic growth of the system.
Reversible vs. irreversible tokenization
The tokenization process might be irreversible or reversible. Detokenization allows reversible tokens to be transformed to their original value. In terms of privacy, this is known as pseudonymization. These tokens could also be classified as cryptographic or non-cryptographic.
In cryptographic encryption, the cleartext data element(s) aren’t retained; it only preserves only the encryption key. This type of tokenization uses the NIST-standard FF1-mode AES algorithm.
Originally, non-cryptographic tokenization meant that tokens were generated by randomly creating a value and keeping the cleartext and associated token in a database, as was the practice with the initial TrustCommerce service.
Modern non-cryptographic tokenization emphasizes “stateless” or “vaultless” systems, using randomly generated data, safely concatenated to construct tokens. Unlike database-backed tokenization, these systems may function independently of one another and expand almost indefinitely since they need no synchronization beyond replicating the original data.
It is not possible to transfer irreversible tokens back to their initial value. In terms of privacy, this is known as anonymization. Thanks to a one-way function, these tokens are generated, enabling the usage of anonymized data bits or fragments for third-party analysis, operational data in reduced settings, etc.
See More: Data Privacy Day: Top Four Common Privacy Myths Debunked
How Does Tokenization Work?
Tokenization replaces sensitive information with non-sensitive equivalents. The replacement information is referred to as a token. This may utilize any of these processes:
With a key, a theoretically reversible cryptographic function.
A function that cannot be reversed, like a hash function.
An index function or a number produced at random.
Consequently, the token will become the exposed information, while the sensitive data that the token represents is securely held on a centralized server called the token vault. Only in the token vault can the original information be mapped back to its appropriate token.
In payment processing, tokenization requires replacing a credit or debit card or one’s account details with a token. Tokens, in themselves, have no use — and aren’t associated with any account or person.
The customer’s 16-digit main account number (PAN) is replaced with a randomly-generated, bespoke alphanumeric ID. This process eliminates any link between the transactions and the confidential material, reducing the risk of security breaches and making it ideal for credit card transactions. Tokenization of data preserves credit card and bank account details in a virtualized vault, allowing enterprises to transmit data securely via computer networks.
Some tokenization, however, is vaultless, as we mentioned before. Instead of keeping confidential data in a safe vault, vaultless tokens use an algorithm to store the information. The original sensitive data is not typically stored in a vault if the token is changeable or reversible. This method is rarely used due to its weaker security levels.
Understanding the working of tokenization with an example
When a retailer or merchant processes a customer’s credit card, the PAN is replaced with a token. 1111-2222-3333-4444 is substituted by alternatives such as Gb&t23d%kl0U.
The merchant may use the token ID to maintain client records; for example, Gb&t23:%kl0U is associated with Jane Doe. The token subsequently goes to the payment processor, who de-tokenizes the ID and verifies the payment. The notation for Gb&t23d%kl0U is 1111-2222-3333-4444.
The token is solely readable by the payment processor; it has no value to anybody else. Additionally, the token may only be used with that specific merchant.
In this case, the tokenization procedure will happen as follows:
Jane Doe enters her payment information at the point-of-sale (POS) terminal or digital checkout page.
The details, or data such as PAN, are replaced by a completely random token (or Gb&t23d%kl0U), which is often produced by the merchant’s payment gateway.
The tokenized data is subsequently transferred to a payment processor securely. The actual confidential payment information is kept in a token vault within the merchant’s payment gateway. This is the sole location to map a token and its value.
Before sending the information for final verification, the payment processor re-encrypts the tokenized data.
See More: What Is Cloud Encryption? Definition, Importance, Methods, and Best Practices
Tokenization vs. Encryption
Digital tokenization and encryption are two distinct data-security-related cryptographic techniques. The primary distinction between tokenization and encryption is that the former does not alter the extent or category of the protected data, while encryption modifies the length and type.
This makes encryption illegible without the key, even if the encrypted message is exposed. Tokenization does not employ a key in this manner; it cannot be mathematically reversed using a decryption key. Tokenization utilizes data that cannot be decrypted to symbolize or represent sensitive data. Encryption may be decrypted with a key.
Encryption has been the preferred data protection technique for decades, but tokenization has recently emerged as the most cost-effective and secure solution. However, encryption and tokenization can be used in tandem.
Before we explore how tokenization is used, here is an overview of the critical differences between tokenization and encryption:
1. The process of data masking
Through an encryption algorithm and a key, encryption mathematically converts plaintext into ciphertext. In contrast, tokenization creates token values randomly for plain text and maintains the mappings in a data repository. This database can also be a blockchain.
2. Ability to scale
Using a small encryption key to decode data, this technique can be used for massive data volumes. However, it is difficult to scale tokenization and safely maintain data quality and accuracy — as the database grows. For this reason, it is primarily used by large organizations and governments.
3. Type of data secured
Encryption is employed for unstructured and structured data, including entire files. Tokenization’s primary objective is safeguarding structured data fields, such as credit card information and Social Security numbers. That is why one can also use tokenized data for data analytics.
4. Third-party access
Encryption is excellent for communicating confidential information with other parties that possess the encryption key. It isn’t as secure, but more appropriate for transferring data. In contrast, tokenization makes information interchange harder since it requires full access to a token repository that maps token values.
5. Data format preservation
The vulnerability of format-preserving encryption systems is a tradeoff. With tokenization, however, the form may be preserved without compromising the level of security. This makes it a more no-compromise method of data security.
6. Location of data
When information is encrypted, the unencrypted source document will leave the organization. Tokenization is distinct because the original data is never transferred beyond the organization. This assists in satisfying specific regulatory criteria — particularly in industries like healthcare, financial services, etc.
7. Prerequisites
Tokenization works only via web services, and network connectivity is an essential prerequisite when tokenizing data. In contrast, encryption can be applied both locally (i.e., through a locally installed encryption tool) or as an online service. An internet connection is not a prerequisite for encryption.
See More: What Is Encryption? Definition, Working, and Types
Uses of Tokenization
Tokenization of data is helpful in the following scenarios:
Advantages of Using Zip Files
1. Protecting against data breaches
Criminals target organizations that accept debit and credit cards because payment information contains many insights about the card user. Hackers target vulnerable systems containing this information, then sell or use the stolen data to make fraudulent transactions.
Tokenization protects enterprises from the detrimental financial impact of data theft. Even in a data breach, crucial personal information will not be available for theft. Tokenization cannot safeguard your organization from a data breach but may mitigate the financial repercussions.
2. Complying with data protection laws
Given that tokens substitute data irreversibly, data tokenization software helps businesses to minimize the amount of data subject to compliance obligations. For instance, substituting Primary Account Number (PAN) data maintained inside an organization’s IT infrastructure with tokenized data reduces the data footprint, making Payment Card Industry Data Security Standard (PCI DSS) compliance more straightforward.
3. Strengthening e-commerce security
Even before the global pandemic, e-commerce payments steadily increased. Now, we are seeing a significant shift toward online shopping accompanied by an exponential increase in sales. While transitioning to a virtual environment is inevitable, this phenomenon has introduced new security concerns.
Tokenization is being rapidly used to combat e-commerce fraud and convert account numbers into digital products to limit their theft and misuse. The tokenization of credit or debit cards and account information increases data security and protects it from external and internal threats. Since the token does not represent the customer’s actual information, it cannot be utilized outside of a single transaction with a given merchant.
4. Enabling secure but convenient identification
Banks, hospitals, and government entities often seek the final four digits of a social security number to verify an individual’s identification. The token may show these values while covering the other figures with an “X” or an asterisk.
5. Building customer trust
Customers appreciate a deep commitment to safeguarding client information. In addition to preventing the worst-case eventuality of a data leak, sophisticated security measures such as tokenization build client confidence. Customers do not want their financial information to fall into the hands of criminals or other threat actors. They are reassured by tokenization, as it is a demonstrated and easy-to-understand security measure that customers can also appreciate (unlike backend measures).
See More: Top 10 Customer Identity Management Solutions in 2021
6. Add another layer to role-based access controls
Tokenization enables you to strengthen role-based access restrictions to sensitive information by preventing detokenization by users without the required credentials. Tokenization helps ensure that only authorized data users may detokenize confidential material when kept in a centralized database, like a data warehouse or data lake.
7. Driving fintech development
Tokenization’s underlying technology is integral to many of our current purchasing and selling practices, which depend heavily on fintech innovations such as digital payments.
Tokenization may facilitate the increased popularity of in-store mobile payments using your customers’ mobile devices. When consumers pay using a mobile wallet like Apple Pay or Google Pay, a tokenized version of their credit card information is saved on their phones. Tokenization is vital to accepting fintech since it makes payments safer and improves user experiences, whether digital, on smartphones, or in-app.
8. Reducing the compliance and security burden of data lakes and warehouses
Centralized data repositories, such as data lakes or data warehouses, hold structured and unstructured information from various sources. This makes it more difficult to establish data protection controls from a compliance perspective. Tokenization lets you store original personally identifiable information (PII) away from data lakes or warehouses when feeding sensitive information into the repository. This reduces compliance and security implications, even before data has reached storage systems.
9. Supporting disparate technologies
Compared to previous systems in which credit card details were stored in databases and widely shared across networks, tokenization makes it harder for hackers to obtain cardholder data. However, it is interoperable with many historical and modern technologies. Encryption is not as compatible with outdated systems as tokenization. Additionally, it supports emerging technologies such as mobile wallets, one-click payments, and cryptocurrencies.
10. Masking data used for business intelligence
Business intelligence and other categories of analytical tasks are vital to just about any business unit, and analyzing sensitive data is often essential. By tokenizing this material, businesses may safeguard sensitive information while enabling other apps and processes to perform analytics. For instance, it is beneficial in healthcare analytics (like demographic studies) when individual patients must remain anonymous. For this reason, business intelligence analysts must be familiar with tokenization.
11. Mitigating vendor-related risk
Today, many organizations collaborate with third-party software, suppliers, and service providers requiring access to sensitive data. Tokenization decreases the likelihood of a data breach triggered by external entities by removing sensitive information from their environment. Data tokenization ultimately contributes to a more robust cybersecurity posture by shielding sensitive data from hostile intruders and other intermediaries. It also prohibits unintentional exposure within the organization.
See More: What Is Data Governance? Definition, Importance, and Best Practices
Takeaway
Tokenization is fast becoming a staple in digital payments and data transfers. A 2023 study by Meticulous Research found that the tokenization market will be worth over $13 billion by 2030. This is due to widespread adoption by leading industry players, including Bluefin and Visa. This technology allows organizations to transfer and process user data securely, with implications for business intelligence, fintech, research, and other fields.
Did this article help you understand how tokenization works? Tell us on FacebookOpens a new window , TwitterOpens a new window , and LinkedInOpens a new window . We’d love to hear from you!
Image Source: Shutterstock
MORE IN SECURITY
What Is Multi-Factor Authentication? Definition, Key Components, and Best Practices
What Is Password Management? Definition, Components, and Best Practices
What Is Two Factor Authentication? Definition, Process, and Best Practices
10 Best Password Managers for 2021
Top 10 Two Factor Authentication Vendors in 2021
Cybersecurity
Data Security
Share This Article:
Chiradeep BasuMallick
Technical Writer
opens a new window
opens a new window
Chiradeep is a content marketing professional, a startup incubator, and a tech journalism specialist. He has over 11 years of experience in mainline advertising, marketing communications, corporate communications, and content marketing. He has worked with a number of global majors and Indian MNCs, and currently manages his content marketing startup based out of Kolkata, India. He writes extensively on areas such as IT, BFSI, healthcare, manufacturing, hospitality, and financial analysis & stock markets. He studied literature, has a degree in public relations and is an independent contributor for several leading publications.
Do you still have questions? Head over to the Spiceworks Community to find answers.
Take me to Community
Popular Articles
Google Accounts Compromised by Hackers Without the Need for Passwords
Passwords: The End Is Coming
Experts Talk: Predicting the Cybersecurity Landscape in 2024
Recommended Reads
Data Security
European Commission’s Use of Microsoft 365 Violated Data Protection Rules Finds Investigation
Artificial Intelligence
Chinese National Who Stole Google’s AI Secrets Indicted
Big Data
Is Your Startup Collecting Data? Here Are 5 Things You Should Consider
Data Security
Stolen ChatGPT Credentials Found for Sale on Dark Web
Data Security
Massive Database of Google, Facebook, and WhatsApp 2FA Codes Leaked
Cyber Risk Management
What Organizations Need To Know About AI-driven Cybersecurity
spiceworks.
About
Contact
Support
Advertise
Press / Media
Careers
Spiceworld
Blog
About Editorial
Follow on Facebook Follow on Linkedin
Sitemap
Privacy Policy
Terms of Use
Cookie Policy
Guidelines
Accessibility Statement
Do Not Sell my Personal Information
© Copyright 2006 - 2024 Spiceworks Inc.
Go to mobile version
What is Tokenization? A Complete Guide - Blockchain Council
What is Tokenization? A Complete Guide - Blockchain Council
Certifications Newly Launched Certified AR Developer™ 20 LifetimeEnroll Now
Certified BARD AI Expert 5 LifetimeEnroll Now
Certified Cybersecurity Expert™ 14 LifetimeEnroll Now
Certified Generative AI Expert™ 7 LifetimeEnroll Now
Certified Prompt Engineer™ 6 LifetimeEnroll Now
Certified ChatGPT Expert 7 LifetimeEnroll Now
Certified Artificial Intelligence (AI) Expert™ 6 LifetimeEnroll Now
Understanding Blockchains Certified Blockchain Expert™ 8 LifetimeEnroll Now
Certified Ethereum Expert™ 5 LifetimeEnroll Now
Certified DeFi Expert™ 5 LifetimeEnroll Now
Certified Uniswap Expert™ 4 LifetimeEnroll Now
Certified Cardano Expert™ 5 LifetimeEnroll Now
Certified Polkadot Expert 4 LifetimeEnroll Now
Certified Polygon Expert™ 5 LifetimeEnroll Now
Certified Hyperledger Expert™ 9 LifetimeEnroll Now
Certified Quorum Expert™ 5 LifetimeEnroll Now
Certified Corda Expert™ 6 LifetimeEnroll Now
Online Degree™ in Blockchain 20 LifetimeEnroll Now
Developing Blockchains Certified Smart Contract Auditor™ 10 LifetimeEnroll Now
Certified Ethereum Developer™ 8 LifetimeEnroll Now
Certified Blockchain Developer™ 15 LifetimeEnroll Now
Certified Blockchain Architect™ 12 LifetimeEnroll Now
Certified Solidity Developer™ 5 LifetimeEnroll Now
Certified Smart Contract Developer™ 8 LifetimeEnroll Now
Certified Hyperledger Developer™ 11 LifetimeEnroll Now
Certified Polygon Developer™ 8 LifetimeEnroll Now
Certified Quorum Developer™ 5 LifetimeEnroll Now
Certified Corda Developer™ 7 LifetimeEnroll Now
Certified Corda Architect™ 6 LifetimeEnroll Now
Artificial Intelligence (AI) & Machine Learning Certified BARD AI Expert 5 LifetimeEnroll Now
Certified Generative AI Expert™ 7 LifetimeEnroll Now
Certified Prompt Engineer™ 6 LifetimeEnroll Now
Certified ChatGPT Expert 7 LifetimeEnroll Now
Certified Artificial Intelligence (AI) Expert™ 6 LifetimeEnroll Now
Certified Artificial Intelligence (AI) Developer™ 12 LifetimeEnroll Now
Certified Chatbot Expert™ 6 LifetimeEnroll Now
Web3 & Metaverse Certified AR Developer™ 20 LifetimeEnroll Now
Certified Virtual Reality (VR) Developer™ 16 LifetimeEnroll Now
Certified 3D Designer™ 8 LifetimeEnroll Now
Certified Web3 Community Expert™ 10 LifetimeEnroll Now
Certified Three.js Developer™ 7 LifetimeEnroll Now
Certified Web3 Game Developer™ 10 LifetimeEnroll Now
Certified Metaverse Developer™ 13 LifetimeEnroll Now
Certified DAO Expert™ 7 LifetimeEnroll Now
Certified Web3 Expert™ 30 LifetimeEnroll Now
Certified Mixed Reality Expert™ 4 LifetimeEnroll Now
Certified Metaverse Expert™ 5 LifetimeEnroll Now
Experto Certificado en Metaverso™ 6 LifetimeEnroll Now
Cryptocurrency & Digital Assets Certified Bitcoin Expert™ 5 LifetimeEnroll Now
Certified Cryptocurrency Expert™ (CCE) 11 LifetimeEnroll Now
Certified Cryptocurrency Trader™ (CCT) 15 LifetimeEnroll Now
Certified Cryptocurrency Auditor™ (CCA) 6 LifetimeEnroll Now
Certified NFT Expert™ 5 LifetimeEnroll Now
Certified NFT Developer™ 9 LifetimeEnroll Now
Experto Certificado en NFT™ 6 LifetimeEnroll Now
Blockchain for Business Certified Cybersecurity Expert™ 14 LifetimeEnroll Now
Certified Blockchain Security Professional™ 4 LifetimeEnroll Now
Certified Blockchain & Supply Chain Professional™ 6 LifetimeEnroll Now
Certified Blockchain & Finance Professional™ 6 LifetimeEnroll Now
Certified Blockchain & KYC Professional™ 6 LifetimeEnroll Now
Certified Blockchain & HR Professional™ 4 LifetimeEnroll Now
Certified Blockchain & Law Professional™ 6 LifetimeEnroll Now
Certified Blockchain & Healthcare Professional™ 3 LifetimeEnroll Now
Certified Blockchain & Digital Marketing Professional™ 4 LifetimeEnroll Now
Online Degree™ in Blockchain for Business 7 LifetimeEnroll Now
Other Certifications
Live Trainings
Certified Gemini AI Expert
Certified Blockchain Expert™
Certified Prompt Engineer™
Certified Generative AI Expert™
Certified ChatGPT Expert
Certified Cryptocurrency Trader™
Certified Cryptocurrency Auditor™
Certified Artificial Intelligence (AI) Expert™
BlockSpark Career Kickstarter
Membership
Member Benefits
Member Network
Individual Member Signup
Corporate Member Signup
For Organizations
For Businesses
For Academia
Subscriptions
Learning Subscriptions
Learning Paths
Resources
Free Courses
Bitcoin 101 Course
Step-by-Step Guides
Blockchain Guide
Artificial Intelligence Guide
Metaverse Guide
NFT Guide
News
AI & ML
Blockchain Development
Cryptocurrency
Web3, Metaverse & NFT
DAO
E-Books
Infographics
Menu
Live Trainings
Certified Gemini AI Expert
Certified Blockchain Expert™
Certified Prompt Engineer™
Certified Generative AI Expert™
Certified ChatGPT Expert
Certified Cryptocurrency Trader™
Certified Cryptocurrency Auditor™
Certified Artificial Intelligence (AI) Expert™
BlockSpark Career Kickstarter
Membership
Member Benefits
Member Network
Individual Member Signup
Corporate Member Signup
For Organizations
For Businesses
For Academia
Subscriptions
Learning Subscriptions
Learning Paths
Resources
Free Courses
Bitcoin 101 Course
Step-by-Step Guides
Blockchain Guide
Artificial Intelligence Guide
Metaverse Guide
NFT Guide
News
AI & ML
Blockchain Development
Cryptocurrency
Web3, Metaverse & NFT
DAO
E-Books
Infographics
0
Log In
Join for Free
Certifications Newly Launched Certified AR Developer™ 20 LifetimeEnroll Now
Certified BARD AI Expert 5 LifetimeEnroll Now
Certified Cybersecurity Expert™ 14 LifetimeEnroll Now
Certified Generative AI Expert™ 7 LifetimeEnroll Now
Certified Prompt Engineer™ 6 LifetimeEnroll Now
Certified ChatGPT Expert 7 LifetimeEnroll Now
Certified Artificial Intelligence (AI) Expert™ 6 LifetimeEnroll Now
Understanding Blockchains Certified Blockchain Expert™ 8 LifetimeEnroll Now
Certified Ethereum Expert™ 5 LifetimeEnroll Now
Certified DeFi Expert™ 5 LifetimeEnroll Now
Certified Uniswap Expert™ 4 LifetimeEnroll Now
Certified Cardano Expert™ 5 LifetimeEnroll Now
Certified Polkadot Expert 4 LifetimeEnroll Now
Certified Polygon Expert™ 5 LifetimeEnroll Now
Certified Hyperledger Expert™ 9 LifetimeEnroll Now
Certified Quorum Expert™ 5 LifetimeEnroll Now
Certified Corda Expert™ 6 LifetimeEnroll Now
Online Degree™ in Blockchain 20 LifetimeEnroll Now
Developing Blockchains Certified Smart Contract Auditor™ 10 LifetimeEnroll Now
Certified Ethereum Developer™ 8 LifetimeEnroll Now
Certified Blockchain Developer™ 15 LifetimeEnroll Now
Certified Blockchain Architect™ 12 LifetimeEnroll Now
Certified Solidity Developer™ 5 LifetimeEnroll Now
Certified Smart Contract Developer™ 8 LifetimeEnroll Now
Certified Hyperledger Developer™ 11 LifetimeEnroll Now
Certified Polygon Developer™ 8 LifetimeEnroll Now
Certified Quorum Developer™ 5 LifetimeEnroll Now
Certified Corda Developer™ 7 LifetimeEnroll Now
Certified Corda Architect™ 6 LifetimeEnroll Now
Artificial Intelligence (AI) & Machine Learning Certified BARD AI Expert 5 LifetimeEnroll Now
Certified Generative AI Expert™ 7 LifetimeEnroll Now
Certified Prompt Engineer™ 6 LifetimeEnroll Now
Certified ChatGPT Expert 7 LifetimeEnroll Now
Certified Artificial Intelligence (AI) Expert™ 6 LifetimeEnroll Now
Certified Artificial Intelligence (AI) Developer™ 12 LifetimeEnroll Now
Certified Chatbot Expert™ 6 LifetimeEnroll Now
Web3 & Metaverse Certified AR Developer™ 20 LifetimeEnroll Now
Certified Virtual Reality (VR) Developer™ 16 LifetimeEnroll Now
Certified 3D Designer™ 8 LifetimeEnroll Now
Certified Web3 Community Expert™ 10 LifetimeEnroll Now
Certified Three.js Developer™ 7 LifetimeEnroll Now
Certified Web3 Game Developer™ 10 LifetimeEnroll Now
Certified Metaverse Developer™ 13 LifetimeEnroll Now
Certified DAO Expert™ 7 LifetimeEnroll Now
Certified Web3 Expert™ 30 LifetimeEnroll Now
Certified Mixed Reality Expert™ 4 LifetimeEnroll Now
Certified Metaverse Expert™ 5 LifetimeEnroll Now
Experto Certificado en Metaverso™ 6 LifetimeEnroll Now
Cryptocurrency & Digital Assets Certified Bitcoin Expert™ 5 LifetimeEnroll Now
Certified Cryptocurrency Expert™ (CCE) 11 LifetimeEnroll Now
Certified Cryptocurrency Trader™ (CCT) 15 LifetimeEnroll Now
Certified Cryptocurrency Auditor™ (CCA) 6 LifetimeEnroll Now
Certified NFT Expert™ 5 LifetimeEnroll Now
Certified NFT Developer™ 9 LifetimeEnroll Now
Experto Certificado en NFT™ 6 LifetimeEnroll Now
Blockchain for Business Certified Cybersecurity Expert™ 14 LifetimeEnroll Now
Certified Blockchain Security Professional™ 4 LifetimeEnroll Now
Certified Blockchain & Supply Chain Professional™ 6 LifetimeEnroll Now
Certified Blockchain & Finance Professional™ 6 LifetimeEnroll Now
Certified Blockchain & KYC Professional™ 6 LifetimeEnroll Now
Certified Blockchain & HR Professional™ 4 LifetimeEnroll Now
Certified Blockchain & Law Professional™ 6 LifetimeEnroll Now
Certified Blockchain & Healthcare Professional™ 3 LifetimeEnroll Now
Certified Blockchain & Digital Marketing Professional™ 4 LifetimeEnroll Now
Online Degree™ in Blockchain for Business 7 LifetimeEnroll Now
Other Certifications
Live Trainings
Certified Gemini AI Expert
Certified Blockchain Expert™
Certified Prompt Engineer™
Certified Generative AI Expert™
Certified ChatGPT Expert
Certified Cryptocurrency Trader™
Certified Cryptocurrency Auditor™
Certified Artificial Intelligence (AI) Expert™
BlockSpark Career Kickstarter
Membership
Member Benefits
Member Network
Individual Member Signup
Corporate Member Signup
For Organizations
For Businesses
For Academia
Subscriptions
Learning Subscriptions
Learning Paths
Resources
Free Courses
Bitcoin 101 Course
Step-by-Step Guides
Blockchain Guide
Artificial Intelligence Guide
Metaverse Guide
NFT Guide
News
AI & ML
Blockchain Development
Cryptocurrency
Web3, Metaverse & NFT
DAO
E-Books
Infographics
Menu
Live Trainings
Certified Gemini AI Expert
Certified Blockchain Expert™
Certified Prompt Engineer™
Certified Generative AI Expert™
Certified ChatGPT Expert
Certified Cryptocurrency Trader™
Certified Cryptocurrency Auditor™
Certified Artificial Intelligence (AI) Expert™
BlockSpark Career Kickstarter
Membership
Member Benefits
Member Network
Individual Member Signup
Corporate Member Signup
For Organizations
For Businesses
For Academia
Subscriptions
Learning Subscriptions
Learning Paths
Resources
Free Courses
Bitcoin 101 Course
Step-by-Step Guides
Blockchain Guide
Artificial Intelligence Guide
Metaverse Guide
NFT Guide
News
AI & ML
Blockchain Development
Cryptocurrency
Web3, Metaverse & NFT
DAO
E-Books
Infographics
0
Login
Join for Free
What is Tokenization? A Complete Guide
Ayushi Abrol
September 29, 2023
In this article, we will learn about the basics of tokenization, how it works, and its practical use cases.
Almost everyone has sent pictures over the internet. If not, then at least you have emailed others. So, when you send an email over the internet, the protocol and the underlying technology copy the email and send it to the receiver. This way, both you and the receiver have a copy of the email.
You and the email receiver can send the same email to an uncountable number of people, and the email keeps on copying. It is excellent, but it is not feasible when it comes to sending money over the internet. How would you like to hold a currency, and the value drops with each subsequent transaction?
Obviously, this is where financial institutions and banks come in. They help facilitate money transactions over the internet without losing their value.
But, with the explosion of blockchain technology, we all are looking for ways to eliminate intermediaries. One way of sending money over the internet with no intermediaries is tokenization.
Let us dive in.
What is Tokenization?
Tokenization is the process of transforming ownerships and rights of particular assets into a digital form. By tokenization, you can transform indivisible assets into token forms.
For example, if you want to sell the famous painting Mona Lisa. You would need to find a seller who wants to shell out millions of dollars for it. Clearly, this reduces the number of people who have enough liquid cash worthy of buying it. But if we tokenize the painting. Then we can have multiple people with whom the ownership of that painting be shared.
Specifically, fractional ownership is possible. Say someone can be 1/25 owner of a painting or asset. It is only possible with tokenization, which provides an adequate solution over traditional solutions. Therefore, most cryptocurrency experts will bet on its usage and future prospects. That is why most experts suggest upskilling with a cryptocurrency course.
Tokenization in blockchain opens up multiple new possibilities for businesses and individuals. IDC, the global market intelligence firm, puts the tokenized asset market on the blockchain to be around $500 billion. The number is mind-blowing, but the concept of tokenization is not new and has been around for some decades.
Before the introduction of blockchain technology, we have used tokenization, especially in financial institutions from the 1960s, to safeguard our credit card details and transaction statements. Even hospitals use them to keep sensitive patient information, and governments use them to keep track of voter registration.
Traditional tokens save the information as alphanumeric tokens and later pass through a cryptographic function. This process makes sure that each token is unique. Blockchain tokenization is like this process.
But blockchain tokenization provides some additional benefits.
Flexible tokenization of assets
It comes with security similar to that of a cryptocurrency security
Potential for broad application of tokens
The technology behind blockchain tokens
We implement tokens using smart contracts in the blockchain, also known as token contracts. These contracts are computer programs that help verify the business rules and help transfer values from one user’s wallet to the next.
There are two basic ways to transfer values using a smart contract.
First is the UTXO model. They introduced it by implementing the bitcoin technology, and many cryptocurrencies use this model. UTXO works by determining the amount of digital currency left in a user’s account after a successful cryptocurrency transaction.
Then we have the Account-based model, which is used by Ethereum and Hyperledger fabric. When an order takes place, the nodes that are the network’s validators debit the amount from the sender’s account and credit it to the receiver’s account.
Types of Tokens
Security tokens
They are tokens that help validate the ownership of a particular asset or rights. They are the digital representation of an underlying asset. Along with that, they have all the benefits of traditional securities. Moreover, in security tokens, we can program it with the help of a cryptocurrency developer to have unique characteristics and features that suit our needs.
For example, you can trade real estate tokens and pay using the cryptocurrency of that chain.
Then there are some tokens whose value is determined by the underlying asset, such as those with off-chain assets like real estate, invoices—the more valuable the asset, the costlier the token.
Platform tokens
Platform tokens are used in the blockchain to help deliver decentralized applications. For example, you can interact with the Daaps built on the Ethereum network with token Dai. Along with that, as a platform token as we widely use it in the Ethereum network.
Utility tokens
Utility tokens are the most basic token on a blockchain network. They are used to access the services, power the consensus program, pay transaction fees, and even vote for new blockchain developments. Yes, they also work as governance tokens and are utilized in the decision-making process of DAOs.
Suppose, you want to learn more about DAO and ways to set up a DAO to take the pain out of managing your business. Then check out our cryptocurrency course, where we explain cryptocurrency in an easy and fun way.
While security tokens are used to establish ownership rights, utility tokens have more practical usage. This makes utility tokens much more valuable in terms of providing liquidity to a platform.
Note: Crypto tokens developed for a specific purpose can also be used for other purposes. For example, many people buy utility tokens hoping that the blockchain services and product range will grow. The token will see an increase in value.
Along with the above classification, we also have different types of assets that we can convert into tokens.
Fungible Tokens
Fungible tokens mean they can be replicated or replaced. They are not unique.
Converting fungible assets into tokens is easier as you can divide them into fractional units. The most common type of fungible token is gold. Fungible token converters have an inbuilt abstraction layer that helps to facilitate interoperability and provide platform independence.
Non-Fungible Tokens
Non-fungible assets like a diamond, a baseball, or the painting of the Mona Lisa, which we mentioned above, cannot be broken into fractions. But when we convert them into non-fungible tokens, we can have full or partial ownership of them.
Non-fungible tokens are unique, and we can track the history of ownership on the blockchain. This makes sure that no one can replicate the token. Moreover, when a non-fungible asset is converted into a token. They start the process by providing an immutable digital signature. It will help to determine the uniqueness of the underlying asset.
If you have been watching blockchain and crypto-related news, you might have heard how NFT’s are the latest trend, with some of them selling for millions of dollars. The prospect of NFT opens a lot of real-life usage for tokenization. Even fortune 500 companies are racing to have NFT of their products.
Advantages of Tokenization
We have seen what tokenization is and the underlying technology. But it is crucial to understand its advantages as it will help us realize the reasons for its growth. So, here are its advantages in simple terms.
Assets Divisibility and More Liquidity
One of the significant benefits of tokenization in the blockchain is that it opens up the underlying assets to a broad audience. The divisibility of assets helps to achieve it. We can now take part in investments that have a high investment threshold. Thus, removing the liquid premium of hard-to-sell assets like prime real estate and artworks.
Tokenization also provides a broader geographic reach as blockchain is inherently global in nature. Anyone with a computer web browser can interact and keep track of the asset from any part of the world.
Asset divisibility also comes with the benefit of shared ownership. You can have a vacation home with 15 other people and agree on who will use the house during a specific time. This is just one example. There can be many more use cases.
Faster and Cheaper transactions
We can bypass all the intermediaries involved in a transaction with cryptocurrency tokens. Let us understand it with an example if we tokenize the deed of a house and put it on the blockchain. Then interested parties can directly buy the deed with cryptocurrency, and the smart contract will transfer the deed to the new owner after a successful transaction.
The process eliminates the need for a lawyer, banks, an escrow account, and even brokerage commissions. The process is simply cheap and efficient. Moreover, crypto tokens are on the blockchain network that means we can trade them 24/7 all around the globe.
Transparency
In a blockchain, all of the transactions are transparent and available to any computer interacting with the chain. That means you can dig up the previous owner history of an asset, thus increasing trust among potential buyers. Moreover, blockchain tokens also benefit from being immutable as all of the transactions are verified by the nodes.
All of this provides a level of trust that most traditional solutions cannot match.
How blockchain tokenization can help in enterprise systems
For a long time, we have propagated blockchain technology for enterprises. Blockchain provides businesses the flexibility, security, and transparency that most business solutions cannot offer.
On top of that, let us see in detail the benefits of implementing blockchain-based tokenization in businesses.
Considerable reduction in transaction time between payment and settlement.
Intangible assets like copyright and patents can be tokenized to increase shareholding. Tokenization will also help to understand the actual value of the assets.
Asset-backed tokens like stable coins can be used for transactions. This reduces the dependency of enterprises on banks and other intermediaries.
Loyalty-based tokens can be used to incentivize users to use a company’s products. Additionally, loyalty tokens bring transparency and efficiency as users interact and use loyalty rewards across different platforms.
Renewable energy projects are costly. So, tokens issued against them will expand the investor pool while building trust.
Challenges to tokenization
As the world slowly adapts to blockchain technology, projects involved with blockchains like tokenization will require increased regulations. However, the tokenization of assets functions similarly to financial securities. But tokenized assets may not be subjected to such rules.
While most countries are implementing laws to encourage the growth of blockchain-based projects. However, some countries are taking strict actions against them, for example. The Securities and Exchange Commission (SEC) can classify certain tokens as securities in the USA. Without a doubt, it will invite a large amount of external scrutiny.
Another major concern is how security tokens-backed assets will be managed. For example, maybe thousands of foreign investors collectively own a tokenized hotel. There remains a big question on who will manage the hotel.
Again, if the underlying assets behind a token go missing. Like tokens backed by gold.
Then there is the issue of lack of undefined rules when the real world and blockchain environment overlaps. So, to summarize it, blockchain, a decentralized system, will still need some kind of third party or a centralized system.
Final Words
Tokenization can be very helpful, as we mentioned above, for both individuals and enterprises alike. With increased security, transparency, and efficiency, blockchain tokens can be the future of modern businesses.
Though there remains a big question on the regulatory front, with clarity on rules and regulations, blockchain tokens can soon be at the helm of the blockchain revolution. Additionally, Decentralized Autonomous Organizations or DAO’s can also help manage underlying assets.
Even Norilsk Nickel, the world’s highest producer of palladium and nickel, has tokenized its products. It will help them provide faster transactions and transparency of prices to anyone on the network. Thus, increasing its credibility and trust in the industry.
Now you know how real and efficient tokenization is. Even major suppliers are implementing it in their operations. You can learn more about blockchain and web3 based applications with our cryptocurrency advisory course. After completing the course, you can proudly flaunt yourself as a cryptocurrency expert.
Be future-ready with cryptocurrency education.
0
replies
Leave a ReplyWant to join the discussion? Feel free to contribute!
Leave a Reply Cancel replyYour email address will not be published. Required fields are marked *Name *
Email *
Website
Comment *
Δ
Related BlogsBlockchain To Address Food Security In IndiaWhat is Cyber Security? Definition, Types and ImportanceThe Impact of Google’s Quantum Breakthrough on Blockchain CryptographyBlockchain in Content Distribution- An Unseen Revolution
Categories
Artificial
Intelligence
Guides
News
Blockchain
Smart
Contracts and DAOs
Cryptocurrency
& Digital Assets
Web3
Metaverse & NFTs
Welcome to the Blockchain Council, a collective of forward-thinking Blockchain and Deep Tech enthusiasts dedicated to advancing research, development, and practical applications of Blockchain, AI, and Web3 technologies. Our mission is to foster a collaborative environment where experts from diverse disciplines share their knowledge and promote varied use cases for a technologically advanced world.Blockchain Council is a private de-facto organization of experts and enthusiasts championing advancements in Blockchain, AI, and Web3 Technologies. To enhance our community’s learning, we conduct frequent webinars, training sessions, seminars, and events and offer certification programs.
Follow us
Youtube
Telegram
Council
About Us
Careers
Member Network
Blockchain Certifications
Community
Partner With Us
Affiliate Program
Scholarships
Support & FAQs
News & Media
Verify Credentials
Web3 Careers
Blockchain Council Events
About Us
Careers
Member Network
Blockchain Certifications
Community
Partner With Us
Affiliate Program
Scholarships
Support & FAQs
News & Media
Verify Credentials
Web3 Careers
Blockchain Council Events
Resources
Step-by-Step Guides
News
Web3, Metaverse & NFT
Blockchain Development
Cryptocurrency
DAO
E-Books
Infographics
Step-by-Step Guides
News
Web3, Metaverse & NFT
Blockchain Development
Cryptocurrency
DAO
E-Books
Infographics
Policies
Terms and Conditions
Privacy Policy
Support Policy
Refund Policy
Contact
Address : 440 N Barranca Ave, Covina, California 91723, US
Email : [email protected]
Phone : +1-(323) 984-8594
Policies
Terms and Conditions
Privacy Policy
Support Policy
Refund Policy
Certificate
Newly launched
Certified AR Developer™
Certified BARD AI Expert
Certified Cybersecurity Expert™
Certified Generative AI Expert™
Certified Prompt Engineer™
Certified ChatGPT Expert
Certified Artificial Intelligence (AI) Expert™
Artificial Intelligence (AI) & Machine Learning
Certified Artificial Intelligence (AI) Expert™
Certified BARD AI Expert
Certified Generative AI Expert™
Certified Prompt Engineer™
Certified ChatGPT Expert
Certified Chatbot Expert™
Web3 & Metaverse
Certified AR Developer™
Certified Virtual Reality (VR) Developer™
Certified 3D Designer™
Certified Web3 Community Expert™
Certified Three.js Developer™
Certified Web3 Game Developer™
Certified Metaverse Developer™
Certified DAO Expert™
Certified Web3 Expert™
Certified Mixed Reality Expert™
Certified Metaverse Expert™
Experto Certificado en Metaverso™
Understanding Blockchain
Certified Blockchain Expert™
Certified Ethereum Expert™
Certified DeFi Expert™
Certified Uniswap Expert™
Certified Cardano Expert™
Certified Polkadot Expert™
Certified Polygon Expert™
Certified Hyperledger Expert™
Certified Quorum Expert™
Certified Corda Expert™
Online Degree™ in Blockchain
Developing Blockchain
Certified Smart Contract Auditor™
Certified Blockchain Developer™
Certified Ethereum Developer™
Certified Blockchain Architect™
Certified Solidity Developer™
Certified Smart Contract Developer™
Certified Hyperledger Developer™
Certified Polygon Developer™
Certified Quorum Developer™
Certified Corda Developer™
Certified Corda Architect™
Cryptocurrency & Digital Assets
Certified Bitcoin Expert™
Certified Cryptocurrency Expert™
Certified Cryptocurrency Trader™
Certified Cryptocurrency Auditor™
Certified NFT Expert™
Experto Certificado en NFT™
Certified NFT Developer™
Online Degree™ in Cryptocurrency & Trading
Blockchain for Business
Certified Blockchain & Supply Chain Professional™
Certified Blockchain & Finance Professional™
Certified Blockchain & KYC Professional™
Certified Blockchain & HR Professional™
Certified Blockchain & Law Professional™
Certified Blockchain & Healthcare Professional™
Certified Blockchain & Digital Marketing Professional™
Certified Blockchain Security Professional™
Online Degree™ in Blockchain for Business
Cryptocurrency & Digital Assets
Certified Bitcoin Expert™
Certified Cryptocurrency Expert™
Certified Cryptocurrency Trader™
Certified Cryptocurrency Auditor™
Online Degree™ in Cryptocurrency & Trading
Certified NFT Expert™
Experto Certificado en NFT™
Certified NFT Developer™
Blockchain for Business
Certified Blockchain & Supply Chain Professional™
Certified Blockchain & Finance Professional™
Certified Blockchain & KYC Professional™
Certified Blockchain & HR Professional™
Certified Blockchain & Law Professional™
Certified Blockchain & Healthcare Professional™
Certified Blockchain & Digital Marketing Professional™
Certified Blockchain Security Professional™
Online Degree™ in Blockchain for Business
Newly launched
Certified AR Developer™
Certified BARD AI Expert
Certified Cybersecurity Expert™
Certified Generative AI Expert™
Certified Prompt Engineer™
Certified ChatGPT Expert
Certified Artificial Intelligence (AI) Expert
Artificial Intelligence (AI) & Machine Learning
Certified Artificial Intelligence (AI) Expert™
Certified BARD AI Expert
Certified Generative AI Expert™
Certified Prompt Engineer™
Certified ChatGPT Expert
Certified Chatbot Expert™
Web3 & Metaverse
Certified AR Developer™
Certified Virtual Reality (VR) Developer™
Certified 3D Designer™
Certified Web3 Community Expert™
Certified Three.js Developer™
Certified Web3 Game Developer™
Certified Metaverse Developer™
Certified DAO Expert™
Certified Web3 Expert™
Certified Mixed Reality Expert™
Certified Metaverse Expert™
Experto Certificado en Metaverso™
Understanding Blockchain
Certified Blockchain Expert™
Certified Ethereum Expert™
Certified DeFi Expert™
Certified Uniswap Expert™
Certified Cardano Expert™
Certified Polkadot Expert™
Certified Polygon Expert™
Certified Hyperledger Expert™
Certified Quorum Expert™
Certified Corda Expert™
Online Degree™ in Blockchain
Developing Blockchain
Certified Smart Contract Auditor™
Certified Blockchain Developer™
Certified Ethereum Developer™
Certified Blockchain Architect™
Certified Solidity Developer™
Certified Smart Contract Developer™
Certified Hyperledger Developer™
Certified Polygon Developer™
Certified Quorum Developer™
Certified Corda Developer™
Certified Corda Architect™
Cryptocurrency & Digital Assets
Certified Bitcoin Expert™
Certified Cryptocurrency Expert™
Certified Cryptocurrency Trader™
Certified Cryptocurrency Auditor™
Online Degree™ in Cryptocurrency & Trading
Certified NFT Expert™
Experto Certificado en NFT™
Certified NFT Developer™
Blockchain for Business
Certified Blockchain & Supply Chain Professional™
Certified Blockchain & Finance Professional™
Certified Blockchain & KYC Professional™
Certified Blockchain & HR Professional™
Certified Blockchain & Law Professional™
Certified Blockchain & Healthcare Professional™
Certified Blockchain & Digital Marketing Professional™
Certified Blockchain Security Professional™
Online Degree™ in Blockchain for Business
Blockchain for Business
Certified Blockchain & Supply Chain Professional™
Certified Blockchain & Finance Professional™
Certified Blockchain & KYC Professional™
Certified Blockchain & HR Professional™
Certified Blockchain & Law Professional™
Certified Blockchain & Healthcare Professional™
Certified Blockchain & Digital Marketing Professional™
Certified Blockchain Security Professional™
Online Degree™ in Blockchain for Business
Copyright 2024 © Blockchain Council | All rights reserved
Subscribe to Our Newsletter
To receive Offers & Newsletters
Δ
Certifications Newly Launched Certified AR Developer™ 20 LifetimeEnroll Now
Certified BARD AI Expert 5 LifetimeEnroll Now
Certified Cybersecurity Expert™ 14 LifetimeEnroll Now
Certified Generative AI Expert™ 7 LifetimeEnroll Now
Certified Prompt Engineer™ 6 LifetimeEnroll Now
Certified ChatGPT Expert 7 LifetimeEnroll Now
Certified Artificial Intelligence (AI) Expert™ 6 LifetimeEnroll Now
Understanding Blockchains Certified Blockchain Expert™ 8 LifetimeEnroll Now
Certified Ethereum Expert™ 5 LifetimeEnroll Now
Certified DeFi Expert™ 5 LifetimeEnroll Now
Certified Uniswap Expert™ 4 LifetimeEnroll Now
Certified Cardano Expert™ 5 LifetimeEnroll Now
Certified Polkadot Expert 4 LifetimeEnroll Now
Certified Polygon Expert™ 5 LifetimeEnroll Now
Certified Hyperledger Expert™ 9 LifetimeEnroll Now
Certified Quorum Expert™ 5 LifetimeEnroll Now
Certified Corda Expert™ 6 LifetimeEnroll Now
Online Degree™ in Blockchain 20 LifetimeEnroll Now
Developing Blockchains Certified Smart Contract Auditor™ 10 LifetimeEnroll Now
Certified Ethereum Developer™ 8 LifetimeEnroll Now
Certified Blockchain Developer™ 15 LifetimeEnroll Now
Certified Blockchain Architect™ 12 LifetimeEnroll Now
Certified Solidity Developer™ 5 LifetimeEnroll Now
Certified Smart Contract Developer™ 8 LifetimeEnroll Now
Certified Hyperledger Developer™ 11 LifetimeEnroll Now
Certified Polygon Developer™ 8 LifetimeEnroll Now
Certified Quorum Developer™ 5 LifetimeEnroll Now
Certified Corda Developer™ 7 LifetimeEnroll Now
Certified Corda Architect™ 6 LifetimeEnroll Now
Artificial Intelligence (AI) & Machine Learning Certified BARD AI Expert 5 LifetimeEnroll Now
Certified Generative AI Expert™ 7 LifetimeEnroll Now
Certified Prompt Engineer™ 6 LifetimeEnroll Now
Certified ChatGPT Expert 7 LifetimeEnroll Now
Certified Artificial Intelligence (AI) Expert™ 6 LifetimeEnroll Now
Certified Artificial Intelligence (AI) Developer™ 12 LifetimeEnroll Now
Certified Chatbot Expert™ 6 LifetimeEnroll Now
Web3 & Metaverse Certified AR Developer™ 20 LifetimeEnroll Now
Certified Virtual Reality (VR) Developer™ 16 LifetimeEnroll Now
Certified 3D Designer™ 8 LifetimeEnroll Now
Certified Web3 Community Expert™ 10 LifetimeEnroll Now
Certified Three.js Developer™ 7 LifetimeEnroll Now
Certified Web3 Game Developer™ 10 LifetimeEnroll Now
Certified Metaverse Developer™ 13 LifetimeEnroll Now
Certified DAO Expert™ 7 LifetimeEnroll Now
Certified Web3 Expert™ 30 LifetimeEnroll Now
Certified Mixed Reality Expert™ 4 LifetimeEnroll Now
Certified Metaverse Expert™ 5 LifetimeEnroll Now
Experto Certificado en Metaverso™ 6 LifetimeEnroll Now
Cryptocurrency & Digital Assets Certified Bitcoin Expert™ 5 LifetimeEnroll Now
Certified Cryptocurrency Expert™ (CCE) 11 LifetimeEnroll Now
Certified Cryptocurrency Trader™ (CCT) 15 LifetimeEnroll Now
Certified Cryptocurrency Auditor™ (CCA) 6 LifetimeEnroll Now
Certified NFT Expert™ 5 LifetimeEnroll Now
Certified NFT Developer™ 9 LifetimeEnroll Now
Experto Certificado en NFT™ 6 LifetimeEnroll Now
Blockchain for Business Certified Cybersecurity Expert™ 14 LifetimeEnroll Now
Certified Blockchain Security Professional™ 4 LifetimeEnroll Now
Certified Blockchain & Supply Chain Professional™ 6 LifetimeEnroll Now
Certified Blockchain & Finance Professional™ 6 LifetimeEnroll Now
Certified Blockchain & KYC Professional™ 6 LifetimeEnroll Now
Certified Blockchain & HR Professional™ 4 LifetimeEnroll Now
Certified Blockchain & Law Professional™ 6 LifetimeEnroll Now
Certified Blockchain & Healthcare Professional™ 3 LifetimeEnroll Now
Certified Blockchain & Digital Marketing Professional™ 4 LifetimeEnroll Now
Online Degree™ in Blockchain for Business 7 LifetimeEnroll Now
Other Certifications
Certifications
Newly Launched
Certified AR Developer™
Certified BARD AI Expert
Certified Cybersecurity Expert™
Certified Generative AI Expert™
Certified Prompt Engineer™
Certified ChatGPT Expert
Certified Artificial Intelligence (AI) Expert™
Understanding Blockchains
Certified Blockchain Expert™
Certified Ethereum Expert™
Certified DeFi Expert™
Certified Uniswap Expert™
Certified Cardano Expert™
Certified Polkadot Expert™
Certified Polygon Expert™
Certified Hyperledger Expert™
Certified Quorum Expert™
Certified Corda Expert™
Online Degree™ in Blockchain
Developing Blockchains
Certified Smart Contract Auditor™
Certified Ethereum Developer™
Certified Blockchain Developer™
Certified Blockchain Architect™
Certified Solidity Developer™
Certified Smart Contract Developer™
Certified Hyperledger Developer™
Certified Polygon Developer™
Certified Quorum Developer™
Certified Corda Developer™
Certified Corda Architect™
Artificial Intelligence (AI) & Machine Learning
Certified BARD AI Expert
Certified Generative AI Expert™
Certified Prompt Engineer™
Certified ChatGPT Expert
Certified Artificial Intelligence (AI) Expert
Certified Artificial Intelligence (AI) Developer
Certified Chatbot Expert™
Web3 & Metaverse
Certified AR Developer™
Certified Virtual Reality (VR) Developer™
Certified 3D Designer™
Certified Web3 Community Management Expert™
Certified Three.js Developer™
Certified Web3 Game Developer™
Certified Metaverse Developer™
Certified DAO Expert™
Certified Web3 Expert™
Certified Mixed Reality Expert™
Certified Metaverse Expert™
Experto Certificado en Metaverso™
Cryptocurrency & Digital Assets
Certified Bitcoin Expert™
Certified Cryptocurrency Expert™
Certified Cryptocurrency Trader™
Certified Cryptocurrency Auditor™
Online Degree™ in Cryptocurrency & Trading
Certified NFT Expert™
Certified NFT Developer™
Experto Certificado en NFT™
Blockchain for Business
Certified Cybersecurity Expert™
Certified Blockchain Security Professional™
Certified Blockchain & Supply Chain Professional™
Certified Blockchain & Finance Professional™
Certified Blockchain & KYC Professional™
Certified Blockchain & HR Professional™
Certified Blockchain & Law Professional™
Certified Blockchain & Healthcare Professional™
Certified Blockchain & Digital Marketing Professional™
Online Degree™ in Blockchain for Business
Other Certifications
Live Trainings
Certified Gemini AI Expert
Certified Blockchain Expert™
Certified Prompt Engineer™
Certified Generative AI Expert™
Certified ChatGPT Expert
Certified Cryptocurrency Trader™
Certified Cryptocurrency Auditor™
Certified Artificial Intelligence (AI) Expert™
BlockSpark Career Kickstarter
Membership
Member Benefits
Member Network
Individual Member Signup
Corporate Member Signup
For Organizations
For Businesses
For Academia
Subscriptions
Learning Subscriptions
Learning Paths
Resources
Free Courses
Bitcoin 101 Course
Step-by-Step Guides
Blockchain Guide
Artificial Intelligence Guide
Metaverse Guide
NFT Guide
News
AI & ML
Blockchain Development
Cryptocurrency
Web3, Metaverse & NFT
DAO
E-Books
Infographics
Join for Free
Login
Certifications Newly Launched Certified AR Developer™ 20 LifetimeEnroll Now
Certified BARD AI Expert 5 LifetimeEnroll Now
Certified Cybersecurity Expert™ 14 LifetimeEnroll Now
Certified Generative AI Expert™ 7 LifetimeEnroll Now
Certified Prompt Engineer™ 6 LifetimeEnroll Now
Certified ChatGPT Expert 7 LifetimeEnroll Now
Certified Artificial Intelligence (AI) Expert™ 6 LifetimeEnroll Now
Understanding Blockchains Certified Blockchain Expert™ 8 LifetimeEnroll Now
Certified Ethereum Expert™ 5 LifetimeEnroll Now
Certified DeFi Expert™ 5 LifetimeEnroll Now
Certified Uniswap Expert™ 4 LifetimeEnroll Now
Certified Cardano Expert™ 5 LifetimeEnroll Now
Certified Polkadot Expert 4 LifetimeEnroll Now
Certified Polygon Expert™ 5 LifetimeEnroll Now
Certified Hyperledger Expert™ 9 LifetimeEnroll Now
Certified Quorum Expert™ 5 LifetimeEnroll Now
Certified Corda Expert™ 6 LifetimeEnroll Now
Online Degree™ in Blockchain 20 LifetimeEnroll Now
Developing Blockchains Certified Smart Contract Auditor™ 10 LifetimeEnroll Now
Certified Ethereum Developer™ 8 LifetimeEnroll Now
Certified Blockchain Developer™ 15 LifetimeEnroll Now
Certified Blockchain Architect™ 12 LifetimeEnroll Now
Certified Solidity Developer™ 5 LifetimeEnroll Now
Certified Smart Contract Developer™ 8 LifetimeEnroll Now
Certified Hyperledger Developer™ 11 LifetimeEnroll Now
Certified Polygon Developer™ 8 LifetimeEnroll Now
Certified Quorum Developer™ 5 LifetimeEnroll Now
Certified Corda Developer™ 7 LifetimeEnroll Now
Certified Corda Architect™ 6 LifetimeEnroll Now
Artificial Intelligence (AI) & Machine Learning Certified BARD AI Expert 5 LifetimeEnroll Now
Certified Generative AI Expert™ 7 LifetimeEnroll Now
Certified Prompt Engineer™ 6 LifetimeEnroll Now
Certified ChatGPT Expert 7 LifetimeEnroll Now
Certified Artificial Intelligence (AI) Expert™ 6 LifetimeEnroll Now
Certified Artificial Intelligence (AI) Developer™ 12 LifetimeEnroll Now
Certified Chatbot Expert™ 6 LifetimeEnroll Now
Web3 & Metaverse Certified AR Developer™ 20 LifetimeEnroll Now
Certified Virtual Reality (VR) Developer™ 16 LifetimeEnroll Now
Certified 3D Designer™ 8 LifetimeEnroll Now
Certified Web3 Community Expert™ 10 LifetimeEnroll Now
Certified Three.js Developer™ 7 LifetimeEnroll Now
Certified Web3 Game Developer™ 10 LifetimeEnroll Now
Certified Metaverse Developer™ 13 LifetimeEnroll Now
Certified DAO Expert™ 7 LifetimeEnroll Now
Certified Web3 Expert™ 30 LifetimeEnroll Now
Certified Mixed Reality Expert™ 4 LifetimeEnroll Now
Certified Metaverse Expert™ 5 LifetimeEnroll Now
Experto Certificado en Metaverso™ 6 LifetimeEnroll Now
Cryptocurrency & Digital Assets Certified Bitcoin Expert™ 5 LifetimeEnroll Now
Certified Cryptocurrency Expert™ (CCE) 11 LifetimeEnroll Now
Certified Cryptocurrency Trader™ (CCT) 15 LifetimeEnroll Now
Certified Cryptocurrency Auditor™ (CCA) 6 LifetimeEnroll Now
Certified NFT Expert™ 5 LifetimeEnroll Now
Certified NFT Developer™ 9 LifetimeEnroll Now
Experto Certificado en NFT™ 6 LifetimeEnroll Now
Blockchain for Business Certified Cybersecurity Expert™ 14 LifetimeEnroll Now
Certified Blockchain Security Professional™ 4 LifetimeEnroll Now
Certified Blockchain & Supply Chain Professional™ 6 LifetimeEnroll Now
Certified Blockchain & Finance Professional™ 6 LifetimeEnroll Now
Certified Blockchain & KYC Professional™ 6 LifetimeEnroll Now
Certified Blockchain & HR Professional™ 4 LifetimeEnroll Now
Certified Blockchain & Law Professional™ 6 LifetimeEnroll Now
Certified Blockchain & Healthcare Professional™ 3 LifetimeEnroll Now
Certified Blockchain & Digital Marketing Professional™ 4 LifetimeEnroll Now
Online Degree™ in Blockchain for Business 7 LifetimeEnroll Now
Other Certifications
Certifications
Newly Launched
Certified AR Developer™
Certified BARD AI Expert
Certified Cybersecurity Expert™
Certified Generative AI Expert™
Certified Prompt Engineer™
Certified ChatGPT Expert
Certified Artificial Intelligence (AI) Expert™
Understanding Blockchains
Certified Blockchain Expert™
Certified Ethereum Expert™
Certified DeFi Expert™
Certified Uniswap Expert™
Certified Cardano Expert™
Certified Polkadot Expert™
Certified Polygon Expert™
Certified Hyperledger Expert™
Certified Quorum Expert™
Certified Corda Expert™
Online Degree™ in Blockchain
Developing Blockchains
Certified Smart Contract Auditor™
Certified Ethereum Developer™
Certified Blockchain Developer™
Certified Blockchain Architect™
Certified Solidity Developer™
Certified Smart Contract Developer™
Certified Hyperledger Developer™
Certified Polygon Developer™
Certified Quorum Developer™
Certified Corda Developer™
Certified Corda Architect™
Artificial Intelligence (AI) & Machine Learning
Certified BARD AI Expert
Certified Generative AI Expert™
Certified Prompt Engineer™
Certified ChatGPT Expert
Certified Artificial Intelligence (AI) Expert
Certified Artificial Intelligence (AI) Developer
Certified Chatbot Expert™
Web3 & Metaverse
Certified AR Developer™
Certified Virtual Reality (VR) Developer™
Certified 3D Designer™
Certified Web3 Community Management Expert™
Certified Three.js Developer™
Certified Web3 Game Developer™
Certified Metaverse Developer™
Certified DAO Expert™
Certified Web3 Expert™
Certified Mixed Reality Expert™
Certified Metaverse Expert™
Experto Certificado en Metaverso™
Cryptocurrency & Digital Assets
Certified Bitcoin Expert™
Certified Cryptocurrency Expert™
Certified Cryptocurrency Trader™
Certified Cryptocurrency Auditor™
Online Degree™ in Cryptocurrency & Trading
Certified NFT Expert™
Certified NFT Developer™
Experto Certificado en NFT™
Blockchain for Business
Certified Cybersecurity Expert™
Certified Blockchain Security Professional™
Certified Blockchain & Supply Chain Professional™
Certified Blockchain & Finance Professional™
Certified Blockchain & KYC Professional™
Certified Blockchain & HR Professional™
Certified Blockchain & Law Professional™
Certified Blockchain & Healthcare Professional™
Certified Blockchain & Digital Marketing Professional™
Online Degree™ in Blockchain for Business
Other Certifications
Live Trainings
Certified Gemini AI Expert
Certified Blockchain Expert™
Certified Prompt Engineer™
Certified Generative AI Expert™
Certified ChatGPT Expert
Certified Cryptocurrency Trader™
Certified Cryptocurrency Auditor™
Certified Artificial Intelligence (AI) Expert™
BlockSpark Career Kickstarter
Membership
Member Benefits
Member Network
Individual Member Signup
Corporate Member Signup
For Organizations
For Businesses
For Academia
Subscriptions
Learning Subscriptions
Learning Paths
Resources
Free Courses
Bitcoin 101 Course
Step-by-Step Guides
Blockchain Guide
Artificial Intelligence Guide
Metaverse Guide
NFT Guide
News
AI & ML
Blockchain Development
Cryptocurrency
Web3, Metaverse & NFT
DAO
E-Books
Infographics
Join for Free
Login
Invest in your Learning! Check Certifications Tailored just for you.
50,000+ Professionals certified so far by Blockchain Council
Coupon
BONUS
expires in
Hours Minutes Seconds
Enroll today in any of the popular certifications curated as per the Industry trends.
Yes! I Want To Get Certified
Tokenization (data security) - Wikipedia
Tokenization (data security) - Wikipedia
Jump to content
Main menu
Main menu
move to sidebar
hide
Navigation
Main pageContentsCurrent eventsRandom articleAbout WikipediaContact usDonate
Contribute
HelpLearn to editCommunity portalRecent changesUpload file
Search
Search
Create account
Log in
Personal tools
Create account Log in
Pages for logged out editors learn more
ContributionsTalk
Contents
move to sidebar
hide
(Top)
1Concepts and origins
2The tokenization process
3Difference from encryption
4Types of tokens
Toggle Types of tokens subsection
4.1High-value tokens (HVTs)
4.2Low-value tokens (LVTs) or security tokens
5System operations, limitations and evolution
6Application to alternative payment systems
7Application to PCI DSS standards
8Standards (ANSI, the PCI Council, Visa, and EMV)
9Risk reduction
10Restrictions on token use
11See also
12References
13External links
Toggle the table of contents
Tokenization (data security)
6 languages
فارسیFrançaisעבריתPolskiРусскийСрпски / srpski
Edit links
ArticleTalk
English
ReadEditView history
Tools
Tools
move to sidebar
hide
Actions
ReadEditView history
General
What links hereRelated changesUpload fileSpecial pagesPermanent linkPage informationCite this pageGet shortened URLDownload QR codeWikidata item
Print/export
Download as PDFPrintable version
From Wikipedia, the free encyclopedia
Concept in data security
Not to be confused with tokenization (lexical analysis).
This is a simplified example of how mobile payment tokenization commonly works via a mobile phone application with a credit card.[1][2] Methods other than fingerprint scanning or PIN-numbers can be used at a payment terminal.
Tokenization, when applied to data security, is the process of substituting a sensitive data element with a non-sensitive equivalent, referred to as a token, that has no intrinsic or exploitable meaning or value. The token is a reference (i.e. identifier) that maps back to the sensitive data through a tokenization system. The mapping from original data to a token uses methods that render tokens infeasible to reverse in the absence of the tokenization system, for example using tokens created from random numbers.[3] A one-way cryptographic function is used to convert the original data into tokens, making it difficult to recreate the original data without obtaining entry to the tokenization system's resources.[4] To deliver such services, the system maintains a vault database of tokens that are connected to the corresponding sensitive data. Protecting the system vault is vital to the system, and improved processes must be put in place to offer database integrity and physical security.[5]
The tokenization system must be secured and validated using security best practices[6] applicable to sensitive data protection, secure storage, audit, authentication and authorization. The tokenization system provides data processing applications with the authority and interfaces to request tokens, or detokenize back to sensitive data.
The security and risk reduction benefits of tokenization require that the tokenization system is logically isolated and segmented from data processing systems and applications that previously processed or stored sensitive data replaced by tokens. Only the tokenization system can tokenize data to create tokens, or detokenize back to redeem sensitive data under strict security controls. The token generation method must be proven to have the property that there is no feasible means through direct attack, cryptanalysis, side channel analysis, token mapping table exposure or brute force techniques to reverse tokens back to live data.
Replacing live data with tokens in systems is intended to minimize exposure of sensitive data to those applications, stores, people and processes, reducing risk of compromise or accidental exposure and unauthorized access to sensitive data. Applications can operate using tokens instead of live data, with the exception of a small number of trusted applications explicitly permitted to detokenize when strictly necessary for an approved business purpose. Tokenization systems may be operated in-house within a secure isolated segment of the data center, or as a service from a secure service provider.
Tokenization may be used to safeguard sensitive data involving, for example, bank accounts, financial statements, medical records, criminal records, driver's licenses, loan applications, stock trades, voter registrations, and other types of personally identifiable information (PII). Tokenization is often used in credit card processing. The PCI Council defines tokenization as "a process by which the primary account number (PAN) is replaced with a surrogate value called a token. A PAN may be linked to a reference number through the tokenization process. In this case, the merchant simply has to retain the token and a reliable third party controls the relationship and holds the PAN. The token may be created independently of the PAN, or the PAN can be used as part of the data input to the tokenization technique. The communication between the merchant and the third-party supplier must be secure to prevent an attacker from intercepting to gain the PAN and the token.[7]
De-tokenization[8] is the reverse process of redeeming a token for its associated PAN value. The security of an individual token relies predominantly on the infeasibility of determining the original PAN knowing only the surrogate value".[9] The choice of tokenization as an alternative to other techniques such as encryption will depend on varying regulatory requirements, interpretation, and acceptance by respective auditing or assessment entities. This is in addition to any technical, architectural or operational constraint that tokenization imposes in practical use.
Concepts and origins[edit]
The concept of tokenization, as adopted by the industry today, has existed since the first currency systems emerged centuries ago as a means to reduce risk in handling high value financial instruments by replacing them with surrogate equivalents.[10][11][12] In the physical world, coin tokens have a long history of use replacing the financial instrument of minted coins and banknotes. In more recent history, subway tokens and casino chips found adoption for their respective systems to replace physical currency and cash handling risks such as theft. Exonumia, and scrip are terms synonymous with such tokens.
In the digital world, similar substitution techniques have been used since the 1970s as a means to isolate real data elements from exposure to other data systems. In databases for example, surrogate key values have been used since 1976 to isolate data associated with the internal mechanisms of databases and their external equivalents for a variety of uses in data processing.[13][14] More recently, these concepts have been extended to consider this isolation tactic to provide a security mechanism for the purposes of data protection.
In the payment card industry, tokenization is one means of protecting sensitive cardholder data in order to comply with industry standards and government regulations.[15]
In 2001, TrustCommerce created the concept of Tokenization to protect sensitive payment data for a client, Classmates.com.[16] It engaged Rob Caulfield, founder of TrustCommerce, because the risk of storing card holder data was too great if the systems were ever hacked. TrustCommerce developed TC Citadel®, with which customers could reference a token in place of card holder data and TrustCommerce would process a payment on the merchant's behalf.[17] This billing application allowed clients to process recurring payments without the need to store cardholder payment information. Tokenization replaces the Primary Account Number (PAN) with randomly generated tokens. If intercepted, the data contains no cardholder information, rendering it useless to hackers. The PAN cannot be retrieved, even if the token and the systems it resides on are compromised, nor can the token be reverse engineered to arrive at the PAN.
Tokenization was applied to payment card data by Shift4 Corporation[18] and released to the public during an industry Security Summit in Las Vegas, Nevada in 2005.[19] The technology is meant to prevent the theft of the credit card information in storage. Shift4 defines tokenization as: “The concept of using a non-decryptable piece of data to represent, by reference, sensitive or secret data. In payment card industry (PCI) context, tokens are used to reference cardholder data that is managed in a tokenization system, application or off-site secure facility.”[20]
To protect data over its full lifecycle, tokenization is often combined with end-to-end encryption to secure data in transit to the tokenization system or service, with a token replacing the original data on return. For example, to avoid the risks of malware stealing data from low-trust systems such as point of sale (POS) systems, as in the Target breach of 2013, cardholder data encryption must take place prior to card data entering the POS and not after. Encryption takes place within the confines of a security hardened and validated card reading device and data remains encrypted until received by the processing host, an approach pioneered by Heartland Payment Systems[21] as a means to secure payment data from advanced threats, now widely adopted by industry payment processing companies and technology companies.[22] The PCI Council has also specified end-to-end encryption (certified point-to-point encryption—P2PE) for various service implementations in various PCI Council Point-to-point Encryption documents.
The tokenization process[edit]
The process of tokenization consists of the following steps:
The application sends the tokenization data and authentication information to the tokenization system. It is stopped if authentication fails and the data is delivered to an event management system. As a result, administrators can discover problems and effectively manage the system. The system moves on to the next phase if authentication is successful.
Using one-way cryptographic techniques, a token is generated and kept in a highly secure data vault.
The new token is provided to the application for further use.[23]
Tokenization systems share several components according to established standards.
Token Generation is the process of producing a token using any means, such as mathematically reversible cryptographic functions based on strong encryption algorithms and key management mechanisms, one-way nonreversible cryptographic functions (e.g., a hash function with strong, secret salt), or assignment via a randomly generated number. Random Number Generator (RNG) techniques are often the best choice for generating token values.
Token Mapping – this is the process of assigning the created token value to its original value. To enable permitted look-ups of the original value using the token as the index, a secure cross-reference database must be constructed.
Token Data Store – this is a central repository for the Token Mapping process that holds the original values as well as the related token values after the Token Generation process. On data servers, sensitive data and token values must be securely kept in encrypted format.
Encrypted Data Storage – this is the encryption of sensitive data while it is in transit.
Management of Cryptographic Keys. Strong key management procedures are required for sensitive data encryption on Token Data Stores.[24]
Difference from encryption[edit]
Tokenization and “classic” encryption effectively protect data if implemented properly, and a computer security system may use both. While similar in certain regards, tokenization and classic encryption differ in a few key aspects. Both are cryptographic data security methods and they essentially have the same function, however they do so with differing processes and have different effects on the data they are protecting.
Tokenization is a non-mathematical approach that replaces sensitive data with non-sensitive substitutes without altering the type or length of data. This is an important distinction from encryption because changes in data length and type can render information unreadable in intermediate systems such as databases. Tokenized data can still be processed by legacy systems which makes tokenization more flexible than classic encryption.
In many situations, the encryption process is a constant consumer of processing power, hence such a system needs significant expenditures in specialized hardware and software.[4]
Another difference is that tokens require significantly less computational resources to process. With tokenization, specific data is kept fully or partially visible for processing and analytics while sensitive information is kept hidden. This allows tokenized data to be processed more quickly and reduces the strain on system resources. This can be a key advantage in systems that rely on high performance.
In comparison to encryption, tokenization technologies reduce time, expense, and administrative effort while enabling teamwork and communication.[4]
Types of tokens[edit]
There are many ways that tokens can be classified however there is currently no unified classification. Tokens can be: single or multi-use, cryptographic or non-cryptographic, reversible or irreversible, authenticable or non-authenticable, and various combinations thereof.
In the context of payments, the difference between high and low value tokens plays a significant role.
High-value tokens (HVTs)[edit]
HVTs serve as surrogates for actual PANs in payment transactions and are used as an instrument for completing a payment transaction. In order to function, they must look like actual PANs. Multiple HVTs can map back to a single PAN and a single physical credit card without the owner being aware of it. Additionally, HVTs can be limited to certain networks and/or merchants whereas PANs cannot.
HVTs can also be bound to specific devices so that anomalies between token use, physical devices, and geographic locations can be flagged as potentially fraudulent. HVT blocking enhances efficiency by reducing computational costs while maintaining accuracy and reducing record linkage as it reduces the number of records that are compared.[25]
Low-value tokens (LVTs) or security tokens[edit]
LVTs also act as surrogates for actual PANs in payment transactions, however they serve a different purpose. LVTs cannot be used by themselves to complete a payment transaction. In order for an LVT to function, it must be possible to match it back to the actual PAN it represents, albeit only in a tightly controlled fashion. Using tokens to protect PANs becomes ineffectual if a tokenization system is breached, therefore securing the tokenization system itself is extremely important.
System operations, limitations and evolution[edit]
First generation tokenization systems use a database to map from live data to surrogate substitute tokens and back. This requires the storage, management, and continuous backup for every new transaction added to the token database to avoid data loss. Another problem is ensuring consistency across data centers, requiring continuous synchronization of token databases. Significant consistency, availability and performance trade-offs, per the CAP theorem, are unavoidable with this approach. This overhead adds complexity to real-time transaction processing to avoid data loss and to assure data integrity across data centers, and also limits scale. Storing all sensitive data in one service creates an attractive target for attack and compromise, and introduces privacy and legal risk in the aggregation of data Internet privacy, particularly in the EU.
Another limitation of tokenization technologies is measuring the level of security for a given solution through independent validation. With the lack of standards, the latter is critical to establish the strength of tokenization offered when tokens are used for regulatory compliance. The PCI Council recommends independent vetting and validation of any claims of security and compliance: "Merchants considering the use of tokenization should perform a thorough evaluation and risk analysis to identify and document the unique characteristics of their particular implementation, including all interactions with payment card data and the particular tokenization systems and processes"[26]
The method of generating tokens may also have limitations from a security perspective. With concerns about security and attacks to random number generators, which are a common choice for the generation of tokens and token mapping tables, scrutiny must be applied to ensure proven and validated methods are used versus arbitrary design.[27][28] Random-number generators have limitations in terms of speed, entropy, seeding and bias, and security properties must be carefully analysed and measured to avoid predictability and compromise.
With tokenization's increasing adoption, new tokenization technology approaches have emerged to remove such operational risks and complexities and to enable increased scale suited to emerging big data use cases and high performance transaction processing, especially in financial services and banking.[29] In addition to conventional tokenization methods, Protegrity provides additional security through its so-called "obfuscation layer." This creates a barrier that prevents not only regular users from accessing information they wouldn't see but also privileged users who has access, such as database administrators.[30]
Stateless tokenization enables random mapping of live data elements to surrogate values without needing a database while retaining the isolation properties of tokenization.
November 2014, American Express released its token service which meets the EMV tokenization standard.[31] Other notable examples of Tokenization-based payment systems, according to the EMVCo standard, include Google Wallet, Apple Pay,[32] Samsung Pay, Microsoft Wallet, Fitbit Pay and Garmin Pay. Visa uses tokenization techniques to provide a secure online and mobile shopping.[33]
Using blockchain, as opposed to relying on trusted third parties, it is possible to run highly accessible, tamper-resistant databases for transactions.[34][35] With help of blockchain, tokenization is the process of converting the value of a tangible or intangible asset into a token that can be exchanged on the network.
This enables the tokenization of conventional financial assets, for instance, by transforming rights into a digital token backed by the asset itself using blockchain technology.[36] Besides that, tokenization enables the simple and efficient compartmentalization and management of data across multiple users. Individual tokens created through tokenization can be used to split ownership and partially resell an asset.[37][38] Consequently, only entities with the appropriate token can access the data.[36]
Numerous blockchain companies support asset tokenization. In 2019, eToro acquired Firmo and renamed as eToroX. Through its Token Management Suite, which is backed by USD-pegged stablecoins, eToroX enables asset tokenization.[39][40]
The tokenization of equity is facilitated by STOKR, a platform that links investors with small and medium-sized businesses. Tokens issued through the STOKR platform are legally recognized as transferable securities under European Union capital market regulations.[41]
Breakers enable tokenization of intellectual property, allowing content creators to issue their own digital tokens. Tokens can be distributed to a variety of project participants. Without intermediaries or governing body, content creators can integrate reward-sharing features into the token.[41]
Application to alternative payment systems[edit]
Building an alternate payments system requires a number of entities working together in order to deliver near field-communication (NFC) or other technology based payment services to the end users. One of the issues is the interoperability between the players and to resolve this issue the role of trusted service manager (TSM) is proposed to establish a technical link between mobile network operators (MNO) and providers of services, so that these entities can work together. Tokenization can play a role in mediating such services.
Tokenization as a security strategy lies in the ability to replace a real card number with a surrogate (target removal) and the subsequent limitations placed on the surrogate card number (risk reduction). If the surrogate value can be used in an unlimited fashion or even in a broadly applicable manner, the token value gains as much value as the real credit card number. In these cases, the token may be secured by a second dynamic token that is unique for each transaction and also associated to a specific payment card. Example of dynamic, transaction-specific tokens include cryptograms used in the EMV specification.
Application to PCI DSS standards[edit]
The Payment Card Industry Data Security Standard, an industry-wide set of guidelines that must be met by any organization that stores, processes, or transmits cardholder data, mandates that credit card data must be protected when stored.[42] Tokenization, as applied to payment card data, is often implemented to meet this mandate, replacing credit card and ACH numbers in some systems with a random value or string of characters.[43] Tokens can be formatted in a variety of ways. Some token service providers or tokenization products generate the surrogate values in such a way as to match the format of the original sensitive data. In the case of payment card data, a token might be the same length as a Primary Account Number (bank card number) and contain elements of the original data such as the last four digits of the card number. When a payment card authorization request is made to verify the legitimacy of a transaction, a token might be returned to the merchant instead of the card number, along with the authorization code for the transaction. The token is stored in the receiving system while the actual cardholder data is mapped to the token in a secure tokenization system. Storage of tokens and payment card data must comply with current PCI standards, including the use of strong cryptography.[44]
Standards (ANSI, the PCI Council, Visa, and EMV)[edit]
Tokenization is currently in standards definition in ANSI X9 as X9.119 Part 2. X9 is responsible for the industry standards for financial cryptography and data protection including payment card PIN management, credit and debit card encryption and related technologies and processes. The PCI Council has also stated support for tokenization in reducing risk in data breaches, when combined with other technologies such as Point-to-Point Encryption (P2PE) and assessments of compliance to PCI DSS guidelines.[45] Visa Inc. released Visa Tokenization Best Practices[46] for tokenization uses in credit and debit card handling applications and services. In March 2014, EMVCo LLC released its first payment tokenization specification for EMV.[47] PCI DSS is the most frequently utilized standard for Tokenization systems used by payment industry players.[24]
Risk reduction[edit]
Tokenization can render it more difficult for attackers to gain access to sensitive data outside of the tokenization system or service. Implementation of tokenization may simplify the requirements of the PCI DSS, as systems that no longer store or process sensitive data may have a reduction of applicable controls required by the PCI DSS guidelines.
As a security best practice,[48] independent assessment and validation of any technologies used for data protection, including tokenization, must be in place to establish the security and strength of the method and implementation before any claims of privacy compliance, regulatory compliance, and data security can be made. This validation is particularly important in tokenization, as the tokens are shared externally in general use and thus exposed in high risk, low trust environments. The infeasibility of reversing a token or set of tokens to a live sensitive data must be established using industry accepted measurements and proofs by appropriate experts independent of the service or solution provider.
Restrictions on token use[edit]
Not all organizational data can be tokenized, and needs to be examined and filtered.
When databases are utilized on a large scale, they expand exponentially, causing the search process to take longer, restricting system performance, and increasing backup processes. A database that links sensitive information to tokens is called a vault. With the addition of new data, the vault's maintenance workload increases significantly.
For ensuring database consistency, token databases need to be continuously synchronized.
Apart from that, secure communication channels must be built between sensitive data and the vault so that data is not compromised on the way to or from storage.[4]
See also[edit]
Adaptive Redaction
PAN truncation
Format preserving encryption
References[edit]
^ "Tokenization demystified". IDEMIA. 2017-09-19. Archived from the original on 2018-01-26. Retrieved 2018-01-26.
^ "Payment Tokenization Explained". Square. Archived from the original on 2018-01-02. Retrieved 2018-01-26.
^ CardVault: "Tokenization 101"
^ a b c d Ogigau-Neamtiu, F. (2016). "Tokenization as a data security technique". Regional Department of Defense Resources Management Studies. Zeszyty Naukowe AON. Brasov, Romania: Akademia Sztuki Wojennej. 2 (103): 124–135. ISSN 0867-2245.
^ Ogîgău-Neamţiu, F. (2017). "Automating the data security process". Journal of Defense Resources Management (JoDRM). 8 (2).
^ "OWASP Top Ten Project". Archived from the original on 2019-12-01. Retrieved 2014-04-01.
^ Stapleton, J.; Poore, R. S. (2011). "Tokenization and other methods of security for cardholder data". Information Security Journal: A Global Perspective. 20 (2): 91–99. doi:10.1080/19393555.2011.560923. S2CID 46272415.
^ Y., Habash, Nizar (2010). Introduction to Arabic natural language processing. Morgan & Claypool. ISBN 978-1-59829-796-6. OCLC 1154286658.{{cite book}}: CS1 maint: multiple names: authors list (link)
^ PCI DSS Tokenization Guidelines
^ Rolfe, Alex (May 2015). "The fall and rise of Tokenization". Retrieved 27 September 2022.
^ Xu, Xiwei; Pautasso, Cesare; Zhu, Liming; Lu, Qinghua; Weber, Ingo (2018-07-04). "A Pattern Collection for Blockchain-based Applications". Proceedings of the 23rd European Conference on Pattern Languages of Programs. EuroPLoP '18. New York, NY, USA: Association for Computing Machinery. pp. 1–20. doi:10.1145/3282308.3282312. ISBN 978-1-4503-6387-7. S2CID 57760415.
^ Millmore, B.; Foskolou, V.; Mondello, C.; Kroll, J.; Upadhyay, S.; Wilding, D. "Tokens: Culture, Connections, Communities: Final Programme" (PDF). The University of Warwick.
^ Link, S.; Luković, I.; Mogin, P. (2010). "Performance evaluation of natural and surrogate key database architectures". School of Engineering and Computer Science, Victoria University of Wellington.
^ Hall, P.; Owlett, J.; Todd, S. (1976). "Relations and entities. Modelling in Database Management Systems". GM Nijssen. {{cite web}}: Missing or empty |url= (help)
^ "Tokenization eases merchant PCI compliance". Archived from the original on 2012-11-03. Retrieved 2013-03-28.
^ "Where Did Tokenization Come From?". TrustCommerce. Retrieved 2017-02-23.
^ "TrustCommerce". 2001-04-05. Archived from the original on 2001-04-05. Retrieved 2017-02-23.
^ "Shift4 Corporation Releases Tokenization in Depth White Paper". Reuters. Archived from the original on 2014-03-13. Retrieved 2017-07-02.
^ "Shift4 Launches Security Tool That Lets Merchants Re-Use Credit Card Data". Internet Retailer. Archived from the original on 2015-02-18.
^ "Shift4 Corporation Releases Tokenization in Depth White Paper". Archived from the original on 2011-07-16. Retrieved 2010-09-17.
^ "Lessons Learned from a Data Breach" (PDF). Archived from the original (PDF) on 2013-05-02. Retrieved 2014-04-01.
^ Voltage, Ingencio Partner on Data Encryption Platform
^ Ogigau-Neamtiu, F. (2016). "Tokenization as a data security technique". Zeszyty Naukowe AON. nr 2(103). ISSN 0867-2245.
^ a b Ozdenizci, Busra; Ok, Kerem; Coskun, Vedat (2016-11-30). "A Tokenization-Based Communication Architecture for HCE-Enabled NFC Services". Mobile Information Systems. 2016: e5046284. doi:10.1155/2016/5046284. hdl:11729/1190. ISSN 1574-017X.
^ O’hare, K., Jurek-Loughrey, A., & De Campos, C. (2022). High-Value Token-Blocking: Efficient Blocking Method for Record Linkage. ACM Transactions on Knowledge Discovery from Data, 16(2), 1–17. https://doi.org/10.1145/3450527
^ PCI Council Tokenization Guidelines
^ How do you know if an RNG is working?
^ Gimenez, Gregoire; Cherkaoui, Abdelkarim; Frisch, Raphael; Fesquet, Laurent (2017-07-01). "Self-timed Ring based True Random Number Generator: Threat model and countermeasures". 2017 IEEE 2nd International Verification and Security Workshop (IVSW). Thessaloniki, Greece: IEEE. pp. 31–38. doi:10.1109/IVSW.2017.8031541. ISBN 978-1-5386-1708-3. S2CID 10190423.
^
Vijayan, Jaikumar (2014-02-12). "Banks push for tokenization standard to secure credit card payments". Computerworld. Retrieved 2022-11-23.
^ Mark, S. J. (2018). "De-identification of personal information for use in software testing to ensure compliance with the Protection of Personal Information Act".
^ "American Express Introduces New Online and Mobile Payment Security Services". AmericanExpress.com. 3 November 2014. Archived from the original on 2014-11-04. Retrieved 2014-11-04.
^ "Apple Pay Programming Guide: About Apple Pay". developer.apple.com. Retrieved 2022-11-23.
^ "Visa Token Service". usa.visa.com. Retrieved 2022-11-23.
^ Beck, Roman; Avital, Michel; Rossi, Matti; Thatcher, Jason Bennett (2017-12-01). "Blockchain Technology in Business and Information Systems Research". Business & Information Systems Engineering. 59 (6): 381–384. doi:10.1007/s12599-017-0505-1. ISSN 1867-0202. S2CID 3493388.
^ Çebi, F.; Bolat, H.B.; Atan, T.; Erzurumlu, Ö. Y. (2021). "International Engineering and Technology Management Summit 2021–ETMS2021 Proceeding Book". İstanbul Technical University & Bahçeşehir University. ISBN 978-975-561-522-6.
^ a b Morrow; Zarrebini (2019-10-22). "Blockchain and the Tokenization of the Individual: Societal Implications". Future Internet. 11 (10): 220. doi:10.3390/fi11100220. ISSN 1999-5903.
^ Tian, Yifeng; Lu, Zheng; Adriaens, Peter; Minchin, R. Edward; Caithness, Alastair; Woo, Junghoon (2020). "Finance infrastructure through blockchain-based tokenization". Frontiers of Engineering Management. 7 (4): 485–499. doi:10.1007/s42524-020-0140-2. ISSN 2095-7513. S2CID 226335872.
^ Ross, Omri; Jensen, Johannes Rude; Asheim, Truls (2019-11-16). "Assets under Tokenization". Rochester, NY. doi:10.2139/ssrn.3488344. S2CID 219366539. SSRN 3488344. {{cite journal}}: Cite journal requires |journal= (help)
^ Tabatabai, Arman (2019-03-25). "Social investment platform eToro acquires smart contract startup Firmo". TechCrunch. Retrieved 2022-11-23.
^ "eToroX Names Omri Ross Chief Blockchain Scientist". Financial and Business News | Finance Magnates. Retrieved 2022-11-23.
^ a b Sazandrishvili, George (2020). "Asset tokenization in plain English". Journal of Corporate Accounting & Finance. 31 (2): 68–73. doi:10.1002/jcaf.22432. ISSN 1044-8136. S2CID 213916347.
^ The Payment Card Industry Data Security Standard
^ "Tokenization: PCI Compliant Tokenization Payment Processing". Bluefin Payment Systems. Retrieved 2016-01-14.
^ "Data Security: Counterpoint – "The Best Way to Secure Data is Not to Store Data"" (PDF). Archived from the original (PDF) on 2009-07-31. Retrieved 2009-06-17.
^ "Protecting Consumer Information: Can Data Breaches Be Prevented?" (PDF). Archived from the original (PDF) on 2014-04-07. Retrieved 2014-04-01.
^ Visa Tokenization Best Practices
^ "EMV Payment Tokenisation Specification – Technical Framework". March 2014.
^ "OWASP Guide to Cryptography". Archived from the original on 2014-04-07. Retrieved 2014-04-01.
External links[edit]
Cloud vs Payment - Cloud vs Payment - Introduction to tokenization via cloud payments.
Retrieved from "https://en.wikipedia.org/w/index.php?title=Tokenization_(data_security)&oldid=1198638254"
Category: CryptographyHidden categories: CS1 maint: multiple names: authors listCS1 errors: requires URLCS1: long volume valueCS1 errors: missing periodicalArticles with short descriptionShort description matches Wikidata
This page was last edited on 24 January 2024, at 17:17 (UTC).
Text is available under the Creative Commons Attribution-ShareAlike License 4.0;
additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy. Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc., a non-profit organization.
Privacy policy
About Wikipedia
Disclaimers
Contact Wikipedia
Code of Conduct
Developers
Statistics
Cookie statement
Mobile view
Toggle limited content width
What is Tokenization | OpenText
What is Tokenization | OpenText
My AccountContact
Search OpenText
Solutions
opentext.aiopentext.ai
Overview
IT Operations Aviator
DevOps Aviator
Experience Aviator
Content Aviator
Business Network Aviator
Cybersecurity Aviator
Enterprise ApplicationsEnterprise Applications
Overview
SAP
Microsoft
Salesforce
IndustryIndustry
Overview
Automotive
Banking
Insurance
Healthcare
Life Sciences
Oil & Gas
Legal
Industrial Manufacturing
Public Sector
Utilities
View all industries
Line of BusinessLine of Business
Overview
Customer Service
Finance & Procurement
Human Resource Management
Information Technology
Legal & Compliance
Marketing & Communications
Operations
Sales
Security
Supply Chain
Smarter with OpenTextSmarter with OpenText
Overview
Master modern work
Supply chain digitization
Smarter total experience
Build a resilient and safer world
Unleash developer creativity
Unlock data insight with AI and analytics
Smarter tech for modern general counsel
Level up application delivery
Climate Innovators
Products
Information management at scaleInformation management at scale
Overview
AI CloudAI Cloud
Overview
Application ModernizationApplication Modernization
Overview
Business Network CloudBusiness Network Cloud
Overview
Hybrid Integration Platform
Supply Chain Optimization
B2B/EDI Integration
Secure & Connected Ecosystems
Content CloudContent Cloud
Overview
Content Services Platforms
Enterprise Applications
Information Capture and Extraction
eDiscovery and Investigations
Legal Content and Knowledge Management
Information Archiving
Viewing and Transformation
Cybersecurity CloudCybersecurity Cloud
Overview
Developer CloudDeveloper Cloud
Overview
APIs
Plans
DevOps CloudDevOps Cloud
Overview
Experience CloudExperience Cloud
Overview
Experiences
Communications
Personalization and Orchestration
Rich Media Assets
Data and Insights
IT Operations CloudIT Operations Cloud
Overview
PortfolioPortfolio
Overview
A-Z product listing
Support & Services
Your journey to successYour journey to success
Overview
Customer SupportCustomer Support
Overview
Premium Support
Flexible Credits
Knowledge Base
Get Support
Pay my bill
Customer Success ServicesCustomer Success Services
Overview
Strategy & Advisory ServicesStrategy & Advisory Services
Overview
Consulting ServicesConsulting Services
Overview
Implementation & Deployment Services
Migration & Upgrade Services
Packaged Services
Learning ServicesLearning Services
Overview
Learning Paths
User Adoption
Subscriptions
Certifications
Managed ServicesManaged Services
Overview
Private Cloud
Off Cloud
Assisted
Business Network Integration
Partners
Find an OpenText PartnerFind an OpenText Partner
Overview
All Partners (Partner Directory)
Strategic Partners
Solution Extension Partners
Find a Partner SolutionFind a Partner Solution
Overview
Application Marketplace
OEM Marketplace
Solution Extension Catalog
Grow as a PartnerGrow as a Partner
Overview
Login to Partner Portal/Partner View
Login to Partner Portal for Micro Focus
Register an Opportunity
Become a Partner
Sign up today to join the OpenText Partner Program and take advantage of great opportunities.
Learn more
Resources
Asset LibraryAsset Library
CEO Thought Leadership
Webinars
Demos
Hands-on labs
BlogsBlogs
OpenText Blogs
CEO Blog
Technologies
Line of Business
Industries
EventsEvents
Event & Webinars Listing
OpenText World
CommunitiesCommunities
All Forums
My Support Forums
Developer Forums
Customer StoriesCustomer Stories
Overview
OpenText NavigatorOpenText Navigator
Overview
Navigator Champions
Navigator Academy
Search OpenText
Contact
My Account
Login
Cloud logins
Get support
Developer
View my training history
Pay my bill
Contact
Tech topics
What is Tokenization?
On this page : On this page
Overview
What is tokenization?
Resources
Related products
Overview
Tokenization is a process by which PANs, PHI, PII, and other sensitive data elements are replaced by surrogate values, or tokens. Tokenization is really a form of encryption, but the two terms are typically used differently. Encryption usually means encoding human-readable data into incomprehensible text that is only decoded with the right decryption key, while tokenization (or “masking”, or “obfuscation”) means some form of format-preserving data protection: converting sensitive values into non-sensitive, replacement values – tokens – the same length and format as the original data.
Tokens share some characteristics with the original data elements, such as character set, length, etc.
Each data element is mapped to a unique token.
Tokens are deterministic: repeatedly generating a token for a given value yields the same token.
A tokenized database can be searched by tokenizing the query terms and searching for those.
As a form of encryption, tokenization is a key data privacy protection strategy for any business. This page provides a very high-level view of what tokenization is and how it works.
Encryption vs. tokenization vs. whatever: What you need to know
Learn the difference between encryption, tokenization, obfuscation, masking and other
terms. Even when the terms are used precisely, people often misunderstand the differences
between them. And those differences matter.Learn more
Tokenization
Where did tokenization come from?
Digital tokenization was first created by TrustCommerce in 2001 to help a client protect customer credit card information. Merchants were storing cardholder data on their own servers, which meant that anyone who had access to their servers could potentially view or take advantage of those customer credit card numbers.
TrustCommerce developed a system that replaced primary account numbers (PANs) with a randomized number called a token. This allowed merchants to store and reference tokens when accepting payments. TrustCommerce converted the tokens back to PANs and processed the payments using the original PANs. This isolated the risk to TrustCommerce, since merchants no longer had any actual PANs stored in their systems.
As security concerns and regulatory requirements grew, such first-generation tokenization proved the technology’s value, and other vendors offered similar solutions. However, problems with this approach soon became clear, as discussed below
What types of tokenization are available?
There are two types of tokenization: reversible and irreversible.
Reversible tokens can be detokenized – converted back to their original values. In privacy terminology, this is called pseudonymization. Such tokens may be further subdivided into cryptographic and non-cryptographic, although this distinction is artificial, since any tokenization really is a form of encryption.
Cryptographic tokenization generates tokens using strong cryptography; the cleartext data element(s) are not stored anywhere – just the cryptographic key. NIST-standard FF1-mode AES is an example of cryptographic tokenization.
Non-cryptographic tokenization originally meant that tokens were created by randomly generating a value and storing the cleartext and corresponding token in a database, like the original TrustCommerce offering. This approach is conceptually simple, but means that any tokenization or detokenization request must make a server request, adding overhead, complexity, and risk. It also does not scale well. Consider a request to tokenize a value: the server must first perform a database lookup to see if it already has a token for that value. If it does, it returns that. If not, it must generate a new random value, then do another database lookup to make sure that value has not already been assigned for a different cleartext. If it has, it must generate another random value, check that one, and so forth. As the number of tokens created grows, the time required for these database lookups increases; worse, the likelihood of such collisions grows exponentially. Such implementations also typically use multiple token servers, for load-balancing, reliability, and failover. These must perform real-time database synchronization to ensure reliability and consistency, adding further complexity and overhead.
Modern non-cryptographic tokenization focuses on “stateless” or “vaultless” approaches, using randomly generated metadata that is securely combined to build tokens. Such systems can operate disconnected from each other, and scale essentially infinitely since they require no synchronization beyond copying of the original metadata, unlike database-backed tokenization.
Irreversible tokens cannot be converted back to their original values. In privacy terminology, this is called anonymization. Such tokens are created through a one-way function, allowing use of anonymized data elements for third-party analytics, production data in lower environments, etc.
Tokenization benefits
Tokenization requires minimal changes to add strong data protection to existing applications. Traditional encryption solutions enlarge the data, requiring significant changes to database and program data schema, as well as additional storage. It also means that protected fields fail any validation checks, requiring further code analysis and updates. Tokens use the same data formats, require no additional storage, and can pass validation checks.
As applications share data, tokenization is also much easier to add than encryption, since data exchange processes are unchanged. In fact, many intermediate data uses – between ingestion and final disposition – can typically use the token without ever having to detokenize it. This improves security, enabling protecting the data as soon as possible on acquisition and keeping it protected throughout the majority of its lifecycle.
Within the limits of security requirements, tokens can retain partial cleartext values, such as the leading and trailing digits of a credit card number. This allows required functions—such as card routing and “last four” verification or printing on customer receipts—to be performed using the token, without having to convert it back to the actual value.
This ability to directly use tokens improves both performance and security: performance, because there is no overhead when no detokenization is required; and security, because since the cleartext is never recovered, there is less attack surface available.
What is tokenization used for?
Tokenization is used to secure many different types of sensitive data, including:
payment card data
U.S. Social Security numbers and other national identification numbers
telephone numbers
passport numbers
driver’s license numbers
email addresses
bank account numbers
names, addresses, birth dates
As data breaches rise and data security becomes increasingly important, organizations find tokenization appealing because it is easier to add to existing applications than traditional encryption.
PCI DSS compliance
Safeguarding payment card data is one of the most common use cases for tokenization, in part because of routing requirements for different card types as well as “last four” validation of card numbers. Tokenization for card data got an early boost due to requirements set by the Payment Card Industry Security Standards Council (PCI SSC). The Payment Card Industry Data Security Standard (PCI DSS) requires businesses that deal with payment card data to ensure compliance with strict cybersecurity requirements. While securing payment card data with encryption is allowed per PCI DSS, merchants may also use tokenization to meet compliance standards. Since payments data flows are complex, high performance, and well defined, tokenization is much easier to add than encryption.
Secure sensitive data with tokenization
Tokenization is becoming an increasingly popular way to protect data, and can play a vital role in a data privacy protection solution. OpenText™ Cybersecurity is here to help secure sensitive business data using Voltage SecureData by OpenText™, which provides a variety of tokenization methods to fit every need.
Voltage SecureData and other cyber resilience solutions can augment human intelligence with artificial intelligence to strengthen any enterprise’s data security posture. Not only does this provide intelligent encryption and a smarter authentication process, but it enables easy detection of new and unknown threats through contextual threat insights.
Resources
Tech topics
Additional resources
What is Data-Centric Audit and Protection (DCAP)?
What is Key Management?
What is Data Security?
What is a CASB (Cloud Access Security Broker)?
Multi-national retail organization
Cloud data security white paper
Voltage securedata for snowflake data sheet
OpenText announces voltage securedata integration with snowflake
Voltage securedata on the azure marketplace
Voltage securedata cloud white paper
Voltage securedata for snowflake - solution overview video
Snowflake + voltage securedata – the solution to secure cloud analytics
Data security offerings for government
OpenText announces voltage securedata services, delivering its patented, privacy
Related products
Voltage SecureData Enterprise by OpenText™
Voltage encryption delivers data privacy protection, neutralizes data breach, and drives business value through secure data use.
Voltage SecureData Payments by OpenText™
Protect credit card data in retail point-of-sale, web, and mobile ecommerce environments to reduce audit costs, neutralize data breach, and build brand value.
See all related products
How can we help?
About OpenText
OpenText Blogs
Contact us
Footnotes
OpenText footer
SolutionsSolutions
By Industry
By Line of Business
By Enterprise Application
Smarter with OpenText
opentext.ai
ProductsProducts
AI Cloud
Business Network Cloud
Content Cloud
Cybersecurity Cloud
Developer Cloud
DevOps Cloud
Experience Cloud
IT Operations Cloud
Application Modernization
Portfolio
A-Z Product Listing
Support & ServicesSupport & Services
Consulting Services
Learning Services
Managed Services
Customer Support
PartnersPartners
Find a Partner Solution
Find an OpenText Partner
Become a Partner
Grow as a Partner
ResourcesResources
Blogs
Customer Stories
Forums
News & EventsNews & Events
Press Room
Events & Webinars
OpenText World
About usAbout us
About OpenText
Leadership
Board of Directors
Global Locations
Careers
Corporate Governance
Corporate Citizenship
Investors
Privacy Center
Supplier Information
Choose your country. Current selection is thewebsite.English USDeutschFrançais日本語
1-800-499-6544
Call us now!
Privacy policy
Cookie policy
Cookies preferences
OpenText on LinkedIn
OpenText on Twitter
OpenText on Youtube
Copyright © 2024 Open Text Corporation. All Rights Reserved.Powered by OpenText TeamSite
What is Tokenization?
What is Tokenization?
Security
Search the TechTarget Network
Login
Register
Explore the Network
TechTarget Network
Networking
CIO
Enterprise Desktop
Cloud Computing
Computer Weekly
Security
Analytics & Automation
Application & Platform Security
Cloud Security
Compliance
Data Security & Privacy
More Topics
IAM
Network Security
Operations & Management
Risk Management
Security Careers & Certifications
Threat Detection & Response
Threats & Vulnerabilities
Other Content
News
Features
Tips
Webinars
2023 IT Salary Survey Results
More
Answers
Conference Guides
Definitions
Opinions
Podcasts
Quizzes
Tech Accelerators
Tutorials
Videos
Sponsored Communities
Follow:
Home
Compliance
Definition
tokenization
Share this item with your network:
By
Ben Lutkevich,
Site Editor
What is tokenization?
Tokenization is the process of replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security. Tokenization, which seeks to minimize the amount of sensitive data a business needs to keep on hand, has become a popular way for small and midsize businesses to bolster the security of credit card and e-commerce transactions while minimizing the cost and complexity of compliance with industry standards and government regulations.
Examples of tokenization
Tokenization technology can, in theory, be used with sensitive data of all kinds, including bank transactions, medical records, criminal records, vehicle driver information, loan applications, stock trading and voter registration. For the most part, any system in which surrogate, nonsensitive information can act as a stand-in for sensitive information can benefit from tokenization.
Tokenization is often used to protect credit card data, bank account information and other sensitive data handled by payment processors. Payment processing use cases that tokenize sensitive credit card information include the following:
mobile wallets, such as Google Pay and Apple Pay;
e-commerce sites; and
businesses that keep customers' cards on file.
How tokenization works
Tokenization substitutes sensitive information with equivalent nonsensitive information. The nonsensitive, replacement information is called a token.
Tokens can be created in the following ways:
using a mathematically reversible cryptographic function with a key;
using a nonreversible function, such as a hash function; or
using an index function or randomly generated number.
As a result, the token becomes the exposed information, and the sensitive information that the token stands in for is stored safely in a centralized server known as a token vault. The token vault is the only place where the original information can be mapped back to its corresponding token.
Here is one real-world example of how tokenization with a token vault works.
A customer provides their payment details at a point-of-sale (POS) system or online checkout form.
The details, or data, are substituted with a randomly generated token, which is generated in most cases by the merchant's payment gateway.
The tokenized information is then encrypted and sent to a payment processor. The original sensitive payment information is stored in a token vault in the merchant's payment gateway. This is the only place where the token can be mapped to the information it represents.
The tokenized information is encrypted again by the payment processor before being sent for final verification.
On the other hand, some tokenization is vaultless. Instead of storing the sensitive information in a secure database, vaultless tokens are stored using an algorithm. If the token is reversible, then the original sensitive information is generally not stored in a vault.
Tokenization and PCI DSS
Payment card industry (PCI) standards do not allow retailers to store credit card numbers on POS terminals or in their databases after customer transactions.
To be PCI compliant, merchants must either install expensive, end-to-end encryption systems or outsource their payment processing to a service provider who offers a tokenization option. The service provider handles the issuance of the token's value and bears the responsibility for keeping the cardholder data secure.
In such a scenario, the service provider issues the merchant a driver for the POS system that converts credit card numbers into randomly generated values (tokens). Since the token is not a primary account number (PAN), it can't be used outside the context of a unique transaction with a specific merchant.
In a credit card transaction, for instance, the token typically contains only the last four digits of the actual card number. The rest of the token consists of alphanumeric characters that represent cardholder information and data specific to the transaction underway.
Benefits of tokenization
Tokenization makes it more difficult for hackers to gain access to cardholder data, as compared with older systems in which credit card numbers were stored in databases and exchanged freely over networks.
The main benefits of tokenization include the following:
It is more compatible with legacy systems than encryption.
It is a less resource-intensive process than encryption.
It reduces the fallout risks in a data breach.
It makes the payment industry more convenient by propelling new technologies like mobile wallets, one-click payment and cryptocurrency. This, in turn, enhances customer trust because it improves both the security and convenience of a merchant's service.
It reduces the steps involved in complying with PCI DSS regulations for merchants.
History of tokenization
Tokenization has existed since the beginning of early currency systems, with coin tokens long being used as a replacement for actual coins and banknotes. Subway tokens and casino tokens are examples of this, as they serve as substitutes for actual money. This is physical tokenization, but the concept is the same as in digital tokenization: to act as a surrogate for a more valuable asset.
Digital tokenization saw use as early as the 1970s. In the databases of the time, it was used to separate certain sensitive data from other data being stored.
More recently, tokenization was used in the payment card industry as a way to protect sensitive cardholder data and comply with industry standards. The organization TrustCommerce is credited with creating the concept of tokenization to protect payment card data in 2001.
Types of tokens
Numerous ways to classify tokens exist.
Three main types of tokens -- as defined by the Securities and Exchange Commission and the Swiss Financial Market Supervisory Authority -- differ based on their relationship to the real-world asset they represent. These include the following:
Asset/security token. These are tokens that promise a positive return on an investment. These are economically analogous to bonds and equities.
Utility token. These are created to act as something other than a means of payment. For example, a utility token may give direct access to a product or platform or provide a discount on future goods and services offered by the platform. It adds value to the function of a product.
Currency/payment token. These are created solely as a means of payment for goods and services external to the platform they exist on.
In a payment context, there is also an important difference between high- and low-value tokens. A high-value token acts as a direct surrogate for a PAN in a transaction and can complete the transaction itself. Low-value tokens (LVTs) also act as stand-ins for PANs but cannot complete transactions. Instead, LVTs must map back to the actual PANs.
Tokenization vs. encryption
Digital tokenization and encryption are two different cryptographic methods used for data security. The main difference between the two is that tokenization does not change the length or type of the data being protected, whereas encryption does change both length and data type.
This makes the encryption unreadable to anyone without a key, even when they can see the encrypted message. Tokenization does not use a key in this way -- it is not mathematically reversible with a decryption key. Tokenization uses nondecryptable information to represent secret data. Encryption is decryptable with a key.
Encryption has long been the preferred method of data security. But there has been a recent shift to tokenization as the more cost-effective and secure option. Encryption and tokenization are often used in tandem, however.
Blockchain relies on tokenization, with blockchain tokens digitally representing real-world assets.
Tokenization and blockchain
Tokenization in blockchain refers to the issuance of a blockchain token, also known as a security or asset token. Blockchain tokens are digital representations of real-world assets. A real-world asset is tokenized when it is represented digitally as cryptocurrency.
In traditional, centralized economic models, large financial institutions and banks are responsible for certifying the integrity of the transaction ledger. In a blockchain-based economy or token economy, this responsibility and power shifts to individuals, as the integrity of transactions are verified using cryptography on an individual level instead of a centralized one.
This is possible because the cryptocurrency tokens are linked together in a blockchain, or group of digital assets, which enables the digital asset to be mapped back to the real-world asset. Blockchains provide an unchangeable, time-stamped record of transactions. Each new set of transactions, or blocks in the chain, is dependent on the others in the chain to be verified.
Therefore, a tokenized asset in a blockchain can eventually be traced back to the real-world asset it represents by those authorized to do so -- while still remaining secure -- because transactions have to be verified by every block in the chain.
This was last updated in February 2023
Continue Reading About tokenization
Top 9 blockchain platforms to consider in 2023
Compare NFTs vs. cryptocurrency vs. digital currency
How is cryptocurrency valued?
Today's blockchain use cases and industry applications
What is real estate tokenization?
Related Terms
cloud audit
A cloud audit is an assessment of a cloud computing environment and its services, based on a specific set of controls and best ...
See complete definition
electronic protected health information (ePHI)
Electronic protected health information (ePHI) is protected health information that is produced, saved, transferred or received ...
See complete definition
operational risk
Operational risk is the risk of losses caused by flawed or failed processes, policies, systems or events that disrupt business ...
See complete definition
Dig Deeper on Compliance
cardholder data environment (CDE)
By: Rahul Awati
contactless payment
By: TechTarget Contributor
Top e-commerce challenges for 2023 and how to overcome them
digital wallet
By: Kinza Yasar
Sponsored News
Flexible IT: When Performance and Security Can’t Be Compromised
–Dell Technologies
Defeating Ransomware With Recovery From Backup
–Exagrid
See More
Vendor Resources
April Essential Guide to Data Protection
–TechTarget Security
Digital secure remote payment: How Apple Pay can change the future of remote ...
–TechTarget ComputerWeekly.com
Latest TechTarget resources
Networking
CIO
Enterprise Desktop
Cloud Computing
Computer Weekly
Networking
Arista adds network change analysis to CloudVision
Arista's CloudVision Universal Network Observability analyses network changes to assess their impact on applications and ...
How to ensure optimal network workload placement
Network and cybersecurity requirements are the most important considerations when designing how to deploy new network workloads ...
Using microservices and containers in network automation
Networking can benefit from the modularity of containers. This guide helps network teams navigate the integration of ...
CIO
DMA targets big tech platforms, furthers EU's data strategy
The EU's Digital Markets Act forces big tech companies to open their platforms to third parties and make data more accessible.
Is the metaverse dead? Here's what happened and what's next
What happened to the metaverse? It's still here, even if the term no longer generates much enthusiasm, and finding useful ...
Metaverse interoperability challenges and impact
An open metaverse that mimics how we operate in the real world depends on interoperability. What is interoperability, why is it ...
Enterprise Desktop
How to create a local admin account with Microsoft Intune
Local admin accounts can cause problems for Windows administrators due to their lack of oversight and privileged account status. ...
How to add and enroll devices to Microsoft Intune
The Intune enrollment process can follow several paths, but one of the most common and efficient approaches involves Windows ...
How IT can use the gpresult command to check GPOs
When Windows issues arise, desktop administrators can use the gpresult utility to see what Group Policy settings are in place and...
Cloud Computing
Top public cloud providers of 2024: A brief comparison
How do AWS, Microsoft and Google stack up against each other when it comes to regions, zones, interfaces, costs and SLAs? We ...
Top 6 soft skills in IT that cloud teams need
Soft skills play a bigger part in successful cloud deployments than you might think. Technical skills are obviously essential in ...
Pros and cons of CS degrees vs. cloud certification programs
Standards for IT qualifications are changing with the rapid pace of cloud adoption. See how experts evaluate the debate between ...
ComputerWeekly.com
March Patch Tuesday throws up two critical Hyper-V flaws
Two critical vulnerabilities in Windows Hyper-V stand out on an otherwise unremarkable Patch Tuesday
A new security partnership to build a silicon valley in South Wales
The £140m acquisition of Newport Wafer Fab by American firm Vishay is to be welcomed but the UK needs needs security, stability ...
Openreach, Focus Group boost broadband focus in South West England
Openreach claims major milestone inunderserved region’s digital transformation, while UK provider of essential business ...
About Us
Editorial Ethics Policy
Meet The Editors
Contact Us
Videos
Photo Stories
Definitions
Guides
Advertisers
Partner with Us
Media Kit
Corporate Site
Contributors
Reprints
Events
E-Products
All Rights Reserved,
Copyright 2000 - 2024, TechTarget
Privacy Policy
Cookie Preferences
Cookie Preferences
Do Not Sell or Share My Personal Information
Close
Tokenization Explained: What Is Tokenization & Why Use It? | Okta
Tokenization Explained: What Is Tokenization & Why Use It? | Okta
Okta
Looks like you have Javascript turned off! Please enable it to improve your browsing experience.
Skip to main content
Next Generation Authorization—Okta Fine Grained Authorization is here
Next Generation Authorization—Okta Fine Grained Authorization is here
Register now
Register now
Register now
+1 (800) 425-1267
Chat with Sales
Search
United States
United KingdomFranceGermanyJapanNetherlandsAustraliaSingaporeKoreaSweden
Products
Products
With flexibility and neutrality at the core of our Customer Identity and Workforce Identity Clouds, we make seamless and secure access possible for your customers, employees, and partners.
Free trial
Pricing
Customer Identity Cloud
Actions
Multifactor Authentication
Passwordless
Single Sign On
Universal Login
Explore Customer Identity Cloud
Workforce Identity Cloud
Single Sign On
Adaptive MFA
Lifecycle Management
Workflows
Identity Governance
Privileged Access
Explore Workforce Identity Cloud
Why Okta
Why Okta
Okta gives you a neutral, powerful and extensible platform that puts identity at the heart of your stack. No matter what industry, use case, or level of support you need, we’ve got you covered.
Your Goals
High-Performing IT
Optimized Digital Experiences
Identity-Powered Security
Innovation Without Compromise
Agile Workforces
Your Industry
Public Sector
Financial Services
Retail
Healthcare
Travel & Hospitality
Technology
Energy
Nonprofit
Ensuring Success
Okta AI
Okta Integration Network
For Small Businesses (SMBs)
Customer Success Stories
Okta Advantage
Trust
Developers
For Developers
Start building with powerful and extensible out-of-the-box features, plus thousands of integrations and customizations. Our developer community is here for you.
Customer Identity Cloud
Auth0 Marketplace
Developer Center
Community
Knowledge Base
Customer Identity Cloud Status
Workforce Identity Cloud
Okta Integration Network
Developer Center
Community
Knowledge Base
Workforce Identity Cloud Status
Resources
Resources and support
Okta gives you a neutral, powerful and extensible platform that puts identity at the heart of your stack. No matter what industry, use case, or level of support you need, we’ve got you covered.
Resources
Customer Case Studies
Events
Podcasts
Blog
Press Room
Analyst Research
Datasheets
Demo Library
Videos
Webinars
Whitepapers
Customer Success
Customer First Overview
Okta Community
Support Services
Professional Services
Expert Assist
Training
Certification
Find a Partner
Support
Help and Support
Product Documentation
Knowledge Base
Frequently Asked Questions
Contact Us
Customer Identity Cloud Status
Workforce Identity Cloud Status
Free trial
Contact us
Login
Questions? Contact us:
1 (800) 425-1267
Identity 101
Tokenization Explained: What Is Tokenization & Why Use It?
Tokenization Explained: What Is Tokenization & Why Use It?
Okta
Updated: 02/14/2023 - 11:21
Time to read: 6 minutes
Tokenization involves protecting sensitive, private information with something scrambled, which users call a token. Tokens can't be unscrambled and returned to their original state. Instead, a token works as a replacement for the original data.
The banking sector leans heavily on tokenization, as regulatory agencies require it. But you might also replace important information, such as Social Security numbers, with tokens to protect them from hackers.
Most hackers truly hate tokens too. If they manage to steal them, which hackers often do, tokens are completely worthless.
A Quick History of Tokenization
We've used tokens to replace valuables for years. If you've ever exchanged money for chips in a casino, you've used tokens. But tokens entered the digital age in the early 2000s, and when we're talking about computers, tokens have a slightly different meaning.
In the late 1990s, websites stored critical information on their servers. If you filled out a job application, for example, you might have used a form that asked for these things:
Legal name
Address
Social Security number
Phone number
Bank account number (for a credit check)
The company stored all of this data. If you ever wanted to apply for a different job, everything was preloaded.
If hackers moved past protections, they could enter databases and walk away with all kinds of important data about who you are and what you have.
In 2001, TrustCommerce released tokens. Companies could collect banking information from their clients for recurrent payments, but the system would release a token that linked the account with the user for repeat transactions. Rather than exchanging vital information out in the open, over and over, a token would keep those secondary purchases secure.
Since that time, tokenization has moved into the mainstream. The technology hasn't changed dramatically. Companies still create tokens in much the same way, and they store them in a similar manner too. But the use of tokens has become widespread.
How Does Tokenization Work?
Tokenization involves transforming valuable, usable data into something that is still useful but much harder to steal.
Two main token types are recognized by the World Bank.
Front end: People create these tokens when they sign up for an online service. These tokens can be problematic, as they require users to both understand how tokens work and how to create one.
Back end: A system creates tokens automatically. Tokenization happens before identifiers are shared with other systems.
Whether you create a token or someone does it for you, a few simple steps are required.
Token creation: No algorithm or computer program scrambles the data. Instead, your token might involve replacing a few numbers or letters based on rules the system created. Or your token might come from a spreadsheet of available numbers and letters. Yours is just the next in line.
Replacement: Your token works as a substitute for the original, sensitive data. You'll never enter it again, and the system will never push it through online channels.
Storage: Your sensitive data is scrambled (usually with encryption) and stored in a vault.
Let's consider buying something online with a token. When you signed up for the service, the website took your information and issued a token that sits in your phone. When you use the app to make another order, the token completes the transaction, and your account information remains in the vault.
The PCI Security Council releases security guidelines companies should follow as they make, store, and use tokens. But there's plenty of room for innovation. Some companies create their own proprietary token solutions to protect customer data.
Tokenization Benefits
Creating and storing tokens is arguably more complicated than simply storing original values. But for many companies, tokenization is a critical business practice.
Benefits of tokens include:
Enhanced security. Hackers are clever, and if they launch man-in-the-middle attacks, they can intercept valuable information as it moves through the internet. Since tokens are worthless and impossible to decrypt, they can stop an attack before it starts.
Speed. Tokens can allow for automation, which makes completing transactions quicker. In industries such as blockchain, this is an important benefit.
Regulatory compliance. In some industries, such as health care, companies are required to prove that they protect sensitive data. Using tokens may be a useful way to check this particular box. In financial sectors, using tokens is required by the Payment Card Industry Council too, so companies that don't use them could face fines.
Encryption vs. Tokenization
You need to protect data from hackers, and tokens seem ideal. Don't forget that encryption may also be useful, and for some companies, encrypting data is better than swapping it out for a token.
Encryption works by putting raw data through an algorithm. A key reverses the process. Some systems use the same key for encryption and decryption, and others use a mathematically linked pair of keys (one public, one private) for encryption and decryption.
Tokenization is different, as no keys are produced. A recipient of a message can't decrypt a token and get back to the original data. The recipient uses the token instead of the original value.
Encryption
Tokenization
Can be decoded/decrypted
Yes, with either a public or private key (depending on the encryption type)
Not without gaining access to the vault of stored data
If stolen, thieves can use the data
Yes, if they can decrypt it
Not without gaining access to the vault of stored data
Remains functional
No, it must be decrypted first
Yes, it works as a replacement for the data
Works with entire files and folders
Yes
No, it only works with structured fields
Limits of Tokenization
Some companies have no choice but to use tokens. But if you do have a choice, it's useful to understand the limits of the technology.
For example, tokenization implementation is complex. Many different companies are involved in token solutions, and they don't always work well with one another. You might contract with one token company just to find that they won't interface with another solution you're already using.
Tokens also don't provide complete security. You must also ensure that the data within your vault is protected from thieves. You could use encryption to do that work, but if you assume tokens provide all the help you need, you could be exposing your customers to real risks.
Help From Okta
Protecting customer privacy is critical, especially if you've storing information on the cloud. But determining what tools you need and then setting them up properly isn't always easy.
Let us help. Find out how Okta can help you protect data at rest and in motion.
References
Features: Recurring Billing. (April 2001). Internet Archive.
Tokenization. The World Bank.
Tokenization Product Security Guidelines. (April 2015). PCI Security Standards Council.
The Tokenization of Assets Is Disrupting the Financial Industry. Are You Ready? Inside Magazine.
What Is Tokenization, and Why Is It So Important? (August 2019). Forbes.
Encryption vs. Tokenization: Under the Hood. (September 2010). Tech News World.
Tokenization vs. Encryption: Which Is Better for Protecting Critical Data? (December 2020). eSecurity Planet.
Choosing Tokenization or Encryption. (May 2019). ISSA Journal.
To connect with a product expert today, use our chat box, email us, or call +1-800-425-1267.
Contact Us
YouTube
Footer Navtane22
Company
About Us
Our Customers
Leadership
Investors
Careers
Events
Press Room
Partners
Responsibility
Okta for Good
Diversity, Inclusion & Belonging
Starting with Okta
The Okta Advantage
Customer Identity Cloud
Workforce Identity Cloud
Free Trial
Pricing
Contact Sales
Trust
Accessibility
Help & Support
Help and Support
Frequently Asked Questions
Contact Us
Customer Identity Cloud Status
Workforce Identity Cloud Status
Footer utility Navtane22
Privacy Policy
Site Terms
Security
Sitemap
Cookie Preferences
Your Privacy Choices
Copyright © 2024 Okta. All rights reserved.
Footer utility Navtane22
Privacy Policy
Site Terms
Security
Sitemap
Cookie Preferences
Your Privacy Choices
United States
United KingdomFranceGermanyJapanNetherlandsAustraliaSingaporeKoreaSweden