Reduce risk and meet regulatory compliance standards

As companies work to meet regulatory requirements to protect Personally Identifiable Information (PII) such as credit card numbers and social security numbers etc., one option to minimize the risk of loss is to replace sensitive data with a non-sensitive replacement value, or “token”.

Tokenator protects your sensitive information in compliance with PCI-DSS, HIPPA, GDPR, as well as a whole host of other regulations, thus enabling your organization to quickly pass any audit and reduce the risk of data breaches. All this without the need for your IT department to change your applications, infrastructure, policies or procedures.

Tokenator has been written for the NonStop server with focus on the industries and applications that utilize this technology. No external hardware or services are required.
 

TOKENATOR Highlights

  • Neutralize data breaches by disguising your sensitive data so that it is indistinguishable, reducing risk and meeting regulatory compliance

  • Simple, yet powerful solution specifically for the HPE NonStop. No external hardware or services required

  • Format-preserving tokenization for any sensitive data

  • Intercept technology means no application or database changes and fast implementation 

  • Industry standard cryptographic algorithms

  • Sensitive data masking

  • Minimal latency overhead

  • Vaulted or vaultless tokenization

What is tokenization?

At the highest level, tokenization is the substitution of an item of sensitive data with a proxy value (i.e. a token) so that the original sensitive data is obfuscated and afforded a level of protection.

Vaulted tokenization is a pattern where the relationship between original sensitive data and token is stored in a database (i.e. the token vault). The token is generally not algorithmically or cryptographically derived from the original sensitive data, rather is an unpredictable value. Within the token vault, the sensitive data is encrypted. To detokenize, the token value is used as an index to the token vault. The inherent security of this pattern is dependent on restriction of access to the token vault.

Vaultless tokenization is a pattern where a token is derived from the original sensitive data using a cryptographic algorithm combined with a cryptographic key. To detokenize, the reverse of the cryptographic algorithm is executed to determine the original sensitive data. The inherent security of this pattern is dependent upon the strength and implementation of the cryptographic algorithm.

Protect Any Data Type

While most customers deploy HPE Tokenator to protect payment card data in their databases, users can define what type of sensitive data they’d like to protect with format-preserved tokens. Other typical examples could include: Social Security

  • Numbers, phone numbers, Passport numbers, healthcare records etc. 

  • Format-preserving encryption including support for custom/specialized tokenization patterns

  • Industry-standard cryptographic algorithm support: AES-256, SHA-256 

  • Flexible and customizable cryptographic key management

  • Sensitive data masking support

Optimized for minimal latency

HPE Tokenator has been developed with a keen eye on optimizing the performance of
the solution at every stage. This ensures:

    • Dynamic tokenization configuration refresh with no need for application downtime

    • Minimal latency for optimal performance

    • Local caching within intercept library to prevent unnecessary callouts to token server

BENEFITS

• Reduce risk: desensitize and disguise your data by rendering it unreadable 

• Regulatory compliance: minimize exposure and breeze through audits

• HPE NonStop based solution: no external systems required

• Industry standard strong encryption algorithms

• Rapid deployment with no application or database changes: Intercept technology eases implementation and reduces complexity

• Meet regulatory compliance requirements such as PCI-DSS, GDPR, DORA, CCPA, SOX, HIPAA etc.

Simplified architectural diagram for HPE Tokenator providing vaultled tokenization

 

Seamless integration with user applications 

Using data intercept methodology, HPE Tokenator is quick and easy to implement, with no changes required to your application or database. Sensitive data is intercepted at source and tokenized or detokenized as required to enable your application to continue processing, oblivious to the additional process

  • No user application changes are required

  • Integration with user applications is achieved via an intercept library model

Migration to a tokenized implementation is typically carried out in stages, with a number of in-built features utilized to reduce risk.

  • Trace Mode allows you identify and capture any potentially problematic database operations at the earliest opportunity

  • Passive Mode involves attaching Tokenator to your application but not completing any tokenization, allowing you to monitor your application without altering any data

  • Tokenize selected records only so the full impact of tokenization can be seen on only a subset of the database

We can work with you to determine the optimal installation/ migration strategy – not every environment/customer is the same.

We can co-exist with any other intercept libraries that have already been installed for other purposes (e.g. data replication).

SUMMARY

Tokenator has been designed from the ground up to be a powerful, yet simple to implement Tokenization solution for the HPE NonStop. It combines industry standard strong algorithms and methodologies to allow the highest level of security for your sensitive data. An impressive functionality set coupled with ease of use, make this HPE NonStop platform specific solution a must have.

 
PR_TP_SILV_RGB_DIGITAL.png
PR_TP_SILV_VNS_TEST_RGB_DIGITAL.png
PR_TP_SILV_NSI_TEST_RGB_DIGITAL.png
PR_TP_SILV_NSX_TEST_RGB_DIGITAL.png