Entries Tagged as 'tokenization'
by Ramon Krikken | June 20, 2012 | 1 Comment
I have encryption on my mind again a lot lately. It certainly has something to do with work in progress for presentations I’m giving at our Catalyst 2012 conference (“Protecting Data in the Public Cloud: Encryption, Obfuscation, or Snake Oil?” and “Scenarios: Encryption, Tokenization, Anonymization, or None of the Above”). But it’s also because I’m [...]
Category: Security Tags: application encryption, application security, Catalyst-NA, data masking, database encryption, Database Security, encryption, snake oil, tokenization
by Ramon Krikken | April 17, 2012 | 2 Comments
In my last post, commenter Randall Gamby notes that “of course [tokenization is encryption]. ” I wholeheartedly agree. But unfortunately the current PCI guidance does not, and cannot support this notion (and, because of this, people who build and/or implement tokenization cannot do so either without creating a tokenization catch-22). When we look at the [...]
Category: Uncategorized Tags: code book, cryptography, encryption, insanity, PCI, PCI-DSS, politics, tokenization
by Ramon Krikken | April 11, 2012 | 2 Comments
It’s been a while since I blogged about tokenization. My last post on the subject drew some interesting comments – and conflicting comments at that: one commenter argued equating tokenization and encryption is bad for tokenization because tokenization is more secure per se. Another, however, commented that it’s in fact bad for encryption because encryption [...]
Category: Security Tags: code book, cryptography, encryption, PCI, PCI-DSS, tokenization
by Ramon Krikken | March 30, 2012 | 2 Comments
Although we have little information available at the moment about the latest credit card processor breach (source: Krebs on Security), it is a good opportunity to continue the conversation on how the usage patterns of data in a business process change (or not!) the dynamics of security exposure. Merchants have been able to take advantage [...]
Category: Security Tags: breach, business process, payment processing, PCI-DSS, risk aggregation, tokenization
by Ramon Krikken | October 14, 2011 | 1 Comment
Yesterday at RSA EU 2011 I had a chance to present my “towards secure tokenization algorithms and architecture” talk, and it gave me an opportunity to validate some thoughts on the fundamentals of tokenization designs and attacks. One of my slides covered some lines from the PCI tokenization guidance, which I believe are well-intentioned but [...]
Category: Security Tags: cryptography, encryption, keys, PCI-DSS, tokenization
by Ramon Krikken | September 9, 2011 | 1 Comment
The PCI SSC recently released the “Information Supplement: PCI DSS Tokenization Guidelines.” In the guidelines, the council describes various aspects of tokenization, including some desired security properties of the system and the tokens, as well as how tokenization may reduce PCI DSS scope (which is ultimately tokenization’s raison d’être). Anton Chuvakin already provides various comments [...]
Category: Security Tags: PCI-DSS, security, tokenization
