Token Algorithm
Replaces original string data values with an encrypted string token using a secure cipher.
A encrypted password is used with the cipher to generate the encrypted tokens (e.g. original string: 12/15/1985; encrypted token: 67L2W3y/IhclPw).
The token-manager command line tool can be used to generate encrypted passwords.
Access to the token-manager tool should be controlled as it can also be used to decrypt tokens and recover the original string data values.
Algorithm Characteristics
- Algorithm: Token
- Masking Technique: Encryption
- Supported Types: String
- Referential Integrity: true
- Conflict-free: true
- Realistic Data: false
- Reversible: true
Properties
-
cipher {
enum; optional; default:"AES_CFB8"}
The encryption cipher used to encrypt the plaintext data and generate a token. One ofAES_CFB8,RC4, orAES_CFB128. Example:"cipher": "AES_CFB8" -
cipherPassword {
string; required }
The encrypted password used to generate tokens. The cipherPassword is decrypted and the plaintext password is used to encrypt data into tokens. Example:"maskExchange": "AES_CFB8"
Example JSON configuration
{
"name": "ExampleTokenMasker",
"description": "Reverisble tokenizer masks string data transforming into tokens",
"algorithm": "Token",
"cipher": "AES_CFB8",
"cipherPassword": "2C3r5t2L7DmhaOeozXGh"
}
Default Maskers based on the Token Algorithm
-NONE-
Since each token masker should use a unique password to protect the data,
and providing a default token masker would necessitate using a known password, a default Token masker would be unsecure.