Organizations of all industries are responsible for storing a vast amount of sensitive data. By implementing Futurex's vautless or vaulted tokenization technology within the KMES Series Key Management Enterprise Server, businesses can secure their data while reducing the scope of compliance and maintaining convenient accessibility.
A Secure Solution for Data Storage
Whether you’re a retailer, a government agency, a healthcare provider, or a business in another industry, it’s likely that you have sensitive data that needs to be stored in an accessible manner for quick retrieval. However, keeping this data in-the-clear poses security risks and forces additional commitments of time and resources to comply with PCI requirements.
Fortunately, there is a process that allows data to be stored securely while maintaining full accessibility: tokenization. This technology allows sensitive data to be replaced by an identifying text string, known as a “token,” which can then be stored without fear of exposing the original information. Futurex HSMs allow for sensitive data to be securely converted into tokens and then exported or stored for use. To retrieve data for uses such as customer refunds or repeat purchases, the relevant token is sent to a token database, which will then return the requested data in a secure manner.
Futurex's tokenziation solutions are offered as both vaulted and vaultless models, powered by the KMES Series 3 Key Management Enterprise Server.
The proven success of tokenization has applications across multiple industries and sectors to protect sensitive data. Futurex devices provide the flexibility and strength to implement this technology into any existing cryptographic infrastructure.
Tokenization is often used in financial transaction environments to secure electronic, card-based payments. PCI DSS requires that stored cardholder data must be unreadable; however, merchants and retailers want to keep cardholder data for future access in case of a need for refunds, returns, or additional purchases. Tokenization is used to replace the sensitive cardholder information with a token for storage, reducing the scope and cost of PCI compliance.
Tokenization is also an important technology for healthcare institutions, which must manage high volumes of Personally Identifiable Information (PII) and sensitive health data. This information is frequently required to be accessed and amended for patient treatment; however, storing it in-the-clear violates security and privacy protocols. Tokenization is the solution that allows healthcare providers to store and retrieve their data in a secure and HIPAA-compliant manner.
Educational institutions are also responsible for a variety of sensitive data, including student records, academic research, and payment information that needs to be protected. Using tokenization, your educational organization can ensure that your data is kept secure and unreadable, but easily accessed by qualified users.
Whatever industry you’re in, tokenization is a valuable tool that can be implemented into your current security system to protect your data for storage and reduce the cost and scope of compliance.
Futurex’s Approach to Tokenization
Futurex designed a tokenization solution centered around two concepts: customization and automation. By combining these two features, Futurex provides customers with a solution that not only fits perfectly into their environments, but also requires little upkeep once implemented.
- Customization: Futurex’s tokenization technology is far from a black box solution. Using an API command or the intuitive GUI available for all Futurex products, system administrators are able to define custom parameters for their organization’s unique tokenization process. Users can set variables such as salt, masking characters, bytes to output, and iteration counts for each token generated.
- Automation: Futurex has developed a simple yet effective method for automation of the tokenization process. All you need to integrate Futurex’s HSMs for tokenization into your environment is a host application capable of communicating with the HSM. Fortunately, Futurex’s innovative Excrypt API simplifies the process of host application integration, with additional options such as PKCS #11 available.
Once configured to your unique settings, the actual tokenization process occurs through one simple API command. Whenever you need data tokenized, just have your host application send a request to the HSM, and let Futurex perform the tokenizing quickly and securely within a FIPS 140-2 Level 3-validated Secure Cryptographic Device (SCD).
The functionality of Futurex products expands far beyond one tokenization command. Our other technologies below might be the ideal fit for your organization:
P2PE: You’ve got the technology for securing your data at rest, but what about transit? Futurex’s P2PE functionality protects data across endpoints, providing strong encryption every step of the way.
Hash-Based MACing: A technology similar to tokenization, a hashed message authentication code (HMAC) is a short string of identifying information used to verify the integrity and authenticity of data, producing tokens that cannot be converted without going through the host database.
AES Encryption: Another alternative to tokenization, AES encryption removes in the clear data by using cryptographically strong, hardware-based technology to encrypt data and turn them into single and multi-use tokens.
Devices for Tokenization
KMES Series 3
Hardened, enterprise-class key and certificate lifecycle management solutions
- Full symmetric and asymmetric key and certificate management
- Robust, versatile API for programmatic automation of repetitive tasks
- Easy, convenient generation of certificate trees
- Permission-based user management system with dual control
- Customized monitoring and alerting
Encrypt, manage, and store high volumes of your sensitive data in Futurex’s best-in-class attached storage solution
- Support for multiple separate databases within a single SAS9000 unit
- Adjustable, customizable role-based separation of duties
- Automatic hard drive replication and advanced hardware redundancy features
- Ten hot-swappable storage bays
Guardian Series 3
Empower your administrators with centralized management, redundancy, device status monitoring, and more
- Central management for Futurex devices
- Comprehensive load distribution and automated failover
- User-defined grouping for devices
- Intuitive visual and logical user interface
- Customized notifications, alerts, and status reports