SafeNet Tokenization Manager Product Brief
SafeNet Tokenization Manager
SafeNet Tokenization Manager protects sensitive data that enters organizations and facilitates compliance with regulations (such as PCI DSS and HIPAA) by reducing the regulatory scope and costs.
Tokenization is the process of replacing sensitive data (primary account numbers, social security numbers etc.) with a surrogate value, a token. The tokenization process significantly reduces the risks of data exposure and data-blooming, as the sensitive data is stored in a central token vault in an encrypted format.
Every token that is issued, represents a single unique string of sensitive data. Assigning a token to a single original Primary Account Number (PAN) enables merchants to use the same token multiple times, whenever the specific PAN is used in a transaction.
SafeNet Tokenization Manager complies with PCI Tokenization Guidelines (Published August 2011) and VISA Tokenization Best Practices.
Format Preserving Tokenization
Format Preserving Tokenization (FPT) uses tokens that preserve the length and format of the sensitive data. FPT ensures that no changes to legacy databases are required in order to support the tokenization process.
Tokenization Manager FPT supports multiple formats of credit card numbers, SSN and other PII data as well as alphanumeric data. It complies with the PCI-DSS guidelines for token / PAN distinguishability (achieved through LUHN algorithm enforcement)
Scalability and Elasticity
Tokenization Manager is designed to offer scalability and elasticity that enables organizations to cost-effectively implement their solution:
- Clustered deployment ensures high availability and scalability
- Multiple Tokenization Manager Instances(on physical or virtual servers) can share a single Token Vault, avoiding token collisions
- Elasticity is achieved by deploying a variable number of Instances/Hardware Servers depending on the transaction volume
- Targeted to enterprises and service providers
- Suitable for merchants to support “Peak Traffic Days” in a cost-effective way
Security and Robustness
In order to ensure a more secure solution, all Tokenization Manager crypto operations are done within SafeNet DataSecure, a robust key-manager and crypto off-load appliance.
Tokenization Manager in conjunction with DataSecure provides:
- Secure key-vault
- Trusted execution environment for all cryptographic operations
- Single interface for logging, auditing, and reporting access to protected data, keys, and tokens
- Support for key-rotation functionality for Token Vault encryption keys
- Support for single and multi-use tokens
- Compliance with NIST 800-57 Key-management guidelines and with PCI-DSS key-management requirements
Tokenization as a Service (TaaS)
SafeNet Tokenization Manager enables financial service providers and payment acquirers to expand their offering and create a new revenue stream by offering Tokenization as a Service to their customers.
- Complies with PCI DSS Tokenization Guidelines
- Follows VISA Tokenization Best Practices
- Supports numeric, alphanumeric and date data types
- Format Preserving Tokenization
- Supports Token masking and Luhn algorithm pass/fail checks.
- Supports multiple tokens vaults
- Ability to purge tokens by dates
- Highly scalable - can generate and retrieve millions of tokens/per day
- Supported Tokens Vault Databases:
- Microsoft SQL Server
Note: All tokenization formats are supported on all databases as long as the vault itself is on Microsoft SQL Server or Oracle
- Supported interfaces:
- Java based APIs
- FIPS 140-2 Level 2 compliant key manager
- Simple management interface with one click key rotation feature
- Capable of enforcing maximum de-tokenize operations per second
- Enhanced event logging and monitoring functionality
- Complies with PCI DSS Tokenization Manager event monitoring specifications
- Supports SNMP for online monitoring and alerting
Features & Benefits
- The Tokenization Manager support of Format Preserving Tokenization ensures that no changes to legacy databases are required in order to support tokenization.
- Tokenization Manager offers deployment elasticity and scalability, enabling organizations to get the most cost-effective implementation.
- All cryptographic operations are done within SafeNet DataSecure, a robust key-manager and crypto off-load appliance, which results in a secure hardware based tokenization solution.
- End-to-End Tokenization, reducing regulatory scope to a minimum
- Fully compliant with the PCI Tokenization Guidelines and VISA Tokenization Best Practices
- Unified policy management console that can be extended to meet other compliance needs like transparent database encryption, storage encryption, file encryption and virtual server encryption.
- Tokenization as a Service (TaaS) platform enables Tokenization Service Providers to generate a new revenue stream while taking their customers completely out of regulatory scope.