SlideShare a Scribd company logo

Tokenisation and format preserving encryption,

Atos_Worldline
Atos_Worldline

Case study :Tokenisation and format preserving encryption, presented at Cartes & IDentification 2011 by Stéphane Cauchie

TechnologyEconomy & Finance
1 of 31
Download to read offline
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 08 Septembre 2011 Transactional services. Powering progress © Confidential 1 Tokenization Format Preserving Encryption A Case study Cartes & Identification 2011
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 Summary 2 What is Tokenization in two words Definition & Functionalities Use cases How does it work ? Random Token System Format Preserving Encryption Conclusion
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 What is tokenization in two words [DEFINITION] ▶ Definition – Tokenization is a process of replacing sensitive data by non sensitive ones (tokens) with respect of the following properties: • Tokens bears enough information to be useful (e.g. The entity manipuling token can accomplish transaction as it was the sensitive data). • Tokens does not compromise security – Tokenization system tries to minimize the integration impact on existing infrastructure ▶ Who offer such service 3
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 What is tokenization in two words [FUNCTIONALITIES] ▶ Function description of a Tokenization system – Conversion (Convert sensitive data into a token and vice versa) – Conversion policy (Format definition, Mode of operation) – Communication Canal : Authentication, Integrity, Confidentiality 4 Tokenization System External System
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 What is tokenization in two words [USE-CASES] ▶ Focusing on payment (but not limited to) – Context : • Sensitive data : PAN,… • PCI compliancy – Use cases • MOTO • Face2Face 5 CardHolder AcquirerIssuer Acceptor
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 What is tokenization in two words [USE-CASES] ▶ Focusing on payment (but not limited to) – Context : • Sensitive data : PAN,… • PCI compliancy – Use cases • MOTO • Proximity payment 6 CardHolder AcquirerIssuer Acceptor E2E-Encryption
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 What is tokenization in two words [USE-CASES] ▶ Focusing on payment (but not limited to) – Context : • Sensitive data : PAN,… • PCI compliancy – Use cases • MOTO • Proximity payment 7 CardHolder AcquirerIssuer Acceptor Secure MOTO
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 What is tokenization in two words [USE-CASES] ▶ Focusing on payment (but not limited to) – Context : • Sensitive data : PAN,… • PCI compliancy – Use cases • MOTO • Proximity payment 8 CardHolder AcquirerIssuer Acceptor Process transaction
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 Summary 9 What is Tokenization in two words Definition & Functionalities Use cases How does it work ? Random Token System Format Preserving Encryption Conclusion
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 Tokenization and Format Preserving Encryption: A Case Study ▶PCI-DSS(Payment Card Industry Data Security Standard) : • Security requirements for entities processing cards data (processing, transmission and storage) ▶Objectives: • Reduce PCI evaluation perimeter • Choose a suitable algorithm that tokenize a PAN ▶Constraints: • The algorithm must be collision free • In a certain mode the algorithm must be “not reversible” • In certain mode the algorithm must not takes secret parameters 10 How does it works ? [Objectives-Constraints]
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 How does it works [RandomToken] ▶ Random Token – Card data are • ciphered (classic algorithms) • stored in a database – System generate an associated token • Format respect • Checks for no Collision 11 Tokenization and Format Preserving Encryption: A Case Study
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 Summary 12 What is Tokenization in two words Definition & Functionalities Use cases How does it work ? Random Token System Format Preserving Encryption Conclusion
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 ▶ FPE : Format Preserving Encryption. ▶ Introduced by Brightwell [BS97] o Encryption scheme with o format preserving property ▶ Format definition is a key point – Follow PCI guidelines : • you have to differentiate a Token from a PAN ▶ NIST is considering 3 FPE algorithms ▶ Applications : • Security Social Number • Credit Card Number 13 How does it works [FPE based tokenization] Tokenization and Format Preserving Encryption: A Case Study First introduction of Format Preserving Encryption [BS97]
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 ▶ NIST is considering 3 FPE algorithms • FFX [FFX10] • BPS [BPS10] • FCEM [FCEM10] 14 How does it works [FPE based tokenization] Tokenization and Format Preserving Encryption: A Case Study FFX BPS FCEM
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 15 ▶ Feistel o Inventé par Horst Feistel . o Round notion o Input are split in 2 o F : cipher function o Secret key K o Key Derivation algorithm o During a round  Ai+1 = Bi  Bi+1 = Ai Fki(Bi) o Example  DES : 16 tours. + How does it works [Cryptographic-Approach] Tokenization and Format Preserving Encryption: A Case Study
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 Feature FFX BPS FCEM Feistel based Yes Yes No #Rounds 12 8 2 Cipher function AES AES/TDES/SHA AES #Function is used 12 8 8 Reversibility Yes Yes Yes Tweak Yes Yes No 16 How does it works [Cryptographic-Approach] Tokenization and Format Preserving Encryption: A Case Study ▶ Cryptographic notions – Tweak Notion : Add variability in cryptographic schemes – Patarin attack : Differentiate ciphertext from random string
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 Feature Random Token FPE Multi Site Difficult Medium Key deployment Medium Hard Format preserving Easy Easy Performance Low Fast Token/Data link No (except in DB) Algorithm 17 Tokenization and Format Preserving Encryption: A Case Study How does it works [Analysis]
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 Summary 18 What is Tokenization in two words Definition & Functionalities Use cases How does it work ? Random Token System Format Preserving Encryption Conclusion
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 Conclusion [VISION] ▶ Which choice ? 19 CardHolder AcquirerIssuer Acceptor Secure MOTO Process transaction FPE RTS E2E-Encryption FPE FPE Tokenization and Format Preserving Encryption: A Case Study
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 ▶ Tokenization in payment context  It allows the reduction of PCI audit perimeter in a payment application  Waiting for NIST approval. ▶ Depending on use case:  Random Tokenization:  In case of internal processing  FPE based Tokenzaton  In case of multi site,  In case of multi-party protocols 20 Tokenization and Format Preserving Encryption: A Case Study Conclusion []
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 Transactional services. Powering progress atos.net Atos, the Atos logo, Atos Consulting, Atos Worldline, Atos Sphere, Atos Cloud and Atos WorldGrid are registered trademarks of Atos SA. August 2011 © 2011 Atos. Confidential information owned by Atos, to be used by the recipient only. This document, or any part of it, may not be reproduced, copied, circulated and/or distributed nor quoted without prior written approval from Atos. © Confidential Questions ? References Title [BS97] Brigthwell, Michael & Smith Using datatype preserving encryption to enhance data warehouse security. 20th National Information Systems Security Conference, NIST, 1997. [FFX10] Bellare M, Rogaway P & Spies T The FFX Mode of Operation for Format preserving Encryption. 2010. [BPS10] Brier E, Peyrin T & Stern J BPS : a format Preserving Encryption Proposal. Ingenico, 2010. [FCEM10] Ulf T Matsson Format preserving Encryption Using Datatype preserving Encryption. 2010. [SEC2] Certicom Research. SEC2 : Recommended Elliptic Curve Domain Parameters. 2000. [BSGS] D. Shanks. Five number-theoretic algorithms. Proceeding of the second Manitoba Conference on Numerical Mathematics. 1975. [RHO] J.M. Pollard. A monte carlo method for factorization. 1978. [CI] Pierrick Gaudry. Algorithmiques des courbes algébriques pour la cryptologie. 2008 [PCI] Scoping SIG, Tokenization Tasforce, PCI Security Standards Council. PIC-DSS. 2011 Tokenization and Format Preserving Encryption: A Case Study
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 22 BPS Survey on FPE Tokenization and Format Preserving Encryption: A Case Study
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 23 ▶ BPS : ▶ Autor: Brier E, Peyrin T & Stern J. ▶ Published in 2010. ▶ BPS : "a Format Preserving Encryption Proposal ". ▶ Features: • 8 round. • Tweak of 64 bits split in 2 sub tweak o TL et TR • F : AES or one way function. • K : secret key • reversible. • Patarin resistant. Survey on FPE Tokenization and Format Preserving Encryption: A Case Study
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 ▶   24 Survey on FPE Tokenization and Format Preserving Encryption: A Case Study
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 25 FFX Survey on FPE Tokenization and Format Preserving Encryption: A Case Study
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 ▶ FFX : ▶ Autors : Bellare M, Rogaway P & Spies T. ▶ Published in 2009 and 2010. ▶ FFX : "Format Preserving Feistel-based Encryption" ▶ Features: • 12 round, • 64 bits tweak, • FK : AES-128 or one-way function • K : secret key • reversible 26 Survey on FPE Tokenization and Format Preserving Encryption: A Case Study
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 27 27 FCEM Survey on FPE Tokenization and Format Preserving Encryption: A Case Study
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 28 ▶ Autor :Ulf T Matsson. ▶ Published in 2009. ▶ FCEM : "Format Controlling Encryption Mode". ▶ Features: • 8 steps o Index Value Data o Encryption of Left o Encryption of Right o Scrambled o Rippled Left to Right o Rippled Right to Left o Encryption and Update o The last transformation • F : AES-128 • K : secret key • reversible Survey on FPE Tokenization and Format Preserving Encryption: A Case Study
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 ▶ Index Value data : • Rewriting input as hexa values. • Example: o X : 1122334455667788 o Index Value data : 01010202030304040505060607070808 ▶ Encryption of Left : • left part encryption • Example : o Index Value data : 01010202030304040505060607070808 o Sortie de FK: 00C01F49D0C2C050188D8FDFADCDF846 o RightUpdate : 0507070905010008 ▶ Encryption of Right : • Same idea • We get LeftUpdate : 0101080503060303 29 Survey on FPE Tokenization and Format Preserving Encryption: A Case Study
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 30 ▶ Scrambled : • Concat LeftUpdate and RightUpdate . • Example: o CipherScrambled : 01010805030603030507070905010008 ▶ RippledLeftToRight : • Scrambled modifying by : o CipherScrambled : 01010805030603030507070905010008 o 01 ⊕ 01 = (0 × 16) + 1 + (0 × 16) + 1 = 02 ≡ 02 (mod10). o RippledLeftToRight = 0102 o RippledLeftToRight = 01020005080407000503090803040402 ▶ RippledRightToLeft : • Same idea • RippledLeftToRight = 04030101060804070702000103000602 Survey on FPE Tokenization and Format Preserving Encryption: A Case Study
| 08-09-2011 | Cauchie stéphane Carte & Identification 2011 31 31 ▶ Encryption and Modular Sum : • RippledLeftToRight : 04030101060804070702000103000602 Survey on FPE Tokenization and Format Preserving Encryption: A Case Study

Recommended

SAP EWM 9.1 Online Training
SAP EWM 9.1 Online TrainingSAP EWM 9.1 Online Training
SAP EWM 9.1 Online Training
ExpertSoft Trainings
 
Streamlining logistics execution at Arla Foods with SAP Extended Warehouse Ma...
Streamlining logistics execution at Arla Foods with SAP Extended Warehouse Ma...Streamlining logistics execution at Arla Foods with SAP Extended Warehouse Ma...
Streamlining logistics execution at Arla Foods with SAP Extended Warehouse Ma...
Rocket Consulting Ltd
 
Supplier Qualification Management: A New Tool in the Supplier Information and...
Supplier Qualification Management: A New Tool in the Supplier Information and...Supplier Qualification Management: A New Tool in the Supplier Information and...
Supplier Qualification Management: A New Tool in the Supplier Information and...
SAP Ariba
 
EWM - I
EWM - IEWM - I
EWM - I
Prashant Jha
 
SAP MM Génération, impression, distribution dossiers Achat
SAP MM Génération, impression, distribution dossiers AchatSAP MM Génération, impression, distribution dossiers Achat
SAP MM Génération, impression, distribution dossiers Achat
SEAL Systems
 
Data Privacy Compliance
Data Privacy ComplianceData Privacy Compliance
Data Privacy Compliance
Financial Poise
 
Extened warehouse management EWM
Extened warehouse management EWMExtened warehouse management EWM
Extened warehouse management EWM
SethuRaja P
 
Erp introduction
Erp introductionErp introduction
Erp introduction
Goa App
 

Recommended

SAP EWM 9.1 Online Training
SAP EWM 9.1 Online TrainingSAP EWM 9.1 Online Training
SAP EWM 9.1 Online Training
ExpertSoft Trainings
 
Streamlining logistics execution at Arla Foods with SAP Extended Warehouse Ma...
Streamlining logistics execution at Arla Foods with SAP Extended Warehouse Ma...Streamlining logistics execution at Arla Foods with SAP Extended Warehouse Ma...
Streamlining logistics execution at Arla Foods with SAP Extended Warehouse Ma...
Rocket Consulting Ltd
 
Supplier Qualification Management: A New Tool in the Supplier Information and...
Supplier Qualification Management: A New Tool in the Supplier Information and...Supplier Qualification Management: A New Tool in the Supplier Information and...
Supplier Qualification Management: A New Tool in the Supplier Information and...
SAP Ariba
 
EWM - I
EWM - IEWM - I
EWM - I
Prashant Jha
 
SAP MM Génération, impression, distribution dossiers Achat
SAP MM Génération, impression, distribution dossiers AchatSAP MM Génération, impression, distribution dossiers Achat
SAP MM Génération, impression, distribution dossiers Achat
SEAL Systems
 
Data Privacy Compliance
Data Privacy ComplianceData Privacy Compliance
Data Privacy Compliance
Financial Poise
 
Extened warehouse management EWM
Extened warehouse management EWMExtened warehouse management EWM
Extened warehouse management EWM
SethuRaja P
 
Erp introduction
Erp introductionErp introduction
Erp introduction
Goa App
 
Order to Cash - The #1 Business Process to Know!
Order to Cash - The #1 Business Process to Know!Order to Cash - The #1 Business Process to Know!
Order to Cash - The #1 Business Process to Know!
Global Business Solutions SME
 
SAP EWM TRAINING
SAP EWM TRAININGSAP EWM TRAINING
SAP EWM TRAINING
SAPONAIR
 
Cibersegurança ou uma questão de sobrevivência?
Cibersegurança ou uma questão de sobrevivência?Cibersegurança ou uma questão de sobrevivência?
Cibersegurança ou uma questão de sobrevivência?
Filipe T. Moreira
 
Sap mm full
Sap mm fullSap mm full
Sap mm full
Murali Nadh
 
Sap sales and distribution
Sap sales and distribution Sap sales and distribution
Sap sales and distribution
raj007sap
 
SAP FOR OIL & GAS
SAP FOR OIL & GASSAP FOR OIL & GAS
SAP FOR OIL & GAS
Maxwell Odira
 
Inroduction to ERP system core functions and challenages.pptx
Inroduction to ERP system core functions and challenages.pptxInroduction to ERP system core functions and challenages.pptx
Inroduction to ERP system core functions and challenages.pptx
nagarajan740445
 
EWM Yard Management
EWM Yard ManagementEWM Yard Management
EWM Yard Management
andyiska
 
Inforln.com Baan to LN Differences Training - Order Management
Inforln.com Baan to LN Differences Training - Order ManagementInforln.com Baan to LN Differences Training - Order Management
Inforln.com Baan to LN Differences Training - Order Management
Dan Aldridge, ERP Software Evangelist, LION
 
Erp presentation
Erp presentationErp presentation
Erp presentation
Amany Faroun
 
SAP EWM pour le pilotage de votre entrepôt
SAP EWM pour le pilotage de votre entrepôtSAP EWM pour le pilotage de votre entrepôt
SAP EWM pour le pilotage de votre entrepôt
itelligence France
 
Webinar: Transforming Warehouse Operations with SAP EWM
Webinar: Transforming Warehouse Operations with SAP EWMWebinar: Transforming Warehouse Operations with SAP EWM
Webinar: Transforming Warehouse Operations with SAP EWM
Wise Men
 
Closing the Loop in Your Procure-to-Pay Process
Closing the Loop in Your Procure-to-Pay ProcessClosing the Loop in Your Procure-to-Pay Process
Closing the Loop in Your Procure-to-Pay Process
SAP Ariba
 
Ewm howtoleverage sap
Ewm howtoleverage sapEwm howtoleverage sap
Ewm howtoleverage sap
Pino Villa
 
Zuora luncheon final
Zuora luncheon finalZuora luncheon final
Zuora luncheon final
Matt McDowell
 
IRJET- Decentralized Kyc System
IRJET- Decentralized Kyc SystemIRJET- Decentralized Kyc System
IRJET- Decentralized Kyc System
IRJET Journal
 
Ramnath_Resume
Ramnath_ResumeRamnath_Resume
Ramnath_Resume
Ramnath Balaraj
 
The Token Platform (Webinar July 6th 2022)
The Token Platform (Webinar July 6th 2022)The Token Platform (Webinar July 6th 2022)
The Token Platform (Webinar July 6th 2022)
FIWARE
 
Blockchain and Internet of Things: Why a Perfect Match
Blockchain and Internet of Things: Why a Perfect MatchBlockchain and Internet of Things: Why a Perfect Match
Blockchain and Internet of Things: Why a Perfect Match
Fabio Antonelli
 
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Ulf Mattsson
 
How Secure is Your API?
How Secure is Your API?How Secure is Your API?
How Secure is Your API?
Mary Joy Sabal
 
ICITSI Slide Fix.pptx
ICITSI Slide Fix.pptxICITSI Slide Fix.pptx
ICITSI Slide Fix.pptx
SyifaNurgaidaYutia
 

More Related Content

What's hot

Order to Cash - The #1 Business Process to Know!
Order to Cash - The #1 Business Process to Know!Order to Cash - The #1 Business Process to Know!
Order to Cash - The #1 Business Process to Know!
Global Business Solutions SME
 
SAP EWM TRAINING
SAP EWM TRAININGSAP EWM TRAINING
SAP EWM TRAINING
SAPONAIR
 
Cibersegurança ou uma questão de sobrevivência?
Cibersegurança ou uma questão de sobrevivência?Cibersegurança ou uma questão de sobrevivência?
Cibersegurança ou uma questão de sobrevivência?
Filipe T. Moreira
 
Sap mm full
Sap mm fullSap mm full
Sap mm full
Murali Nadh
 
Sap sales and distribution
Sap sales and distribution Sap sales and distribution
Sap sales and distribution
raj007sap
 
SAP FOR OIL & GAS
SAP FOR OIL & GASSAP FOR OIL & GAS
SAP FOR OIL & GAS
Maxwell Odira
 
Inroduction to ERP system core functions and challenages.pptx
Inroduction to ERP system core functions and challenages.pptxInroduction to ERP system core functions and challenages.pptx
Inroduction to ERP system core functions and challenages.pptx
nagarajan740445
 
EWM Yard Management
EWM Yard ManagementEWM Yard Management
EWM Yard Management
andyiska
 
Inforln.com Baan to LN Differences Training - Order Management
Inforln.com Baan to LN Differences Training - Order ManagementInforln.com Baan to LN Differences Training - Order Management
Inforln.com Baan to LN Differences Training - Order Management
Dan Aldridge, ERP Software Evangelist, LION
 
Erp presentation
Erp presentationErp presentation
Erp presentation
Amany Faroun
 
SAP EWM pour le pilotage de votre entrepôt
SAP EWM pour le pilotage de votre entrepôtSAP EWM pour le pilotage de votre entrepôt
SAP EWM pour le pilotage de votre entrepôt
itelligence France
 
Webinar: Transforming Warehouse Operations with SAP EWM
Webinar: Transforming Warehouse Operations with SAP EWMWebinar: Transforming Warehouse Operations with SAP EWM
Webinar: Transforming Warehouse Operations with SAP EWM
Wise Men
 
Closing the Loop in Your Procure-to-Pay Process
Closing the Loop in Your Procure-to-Pay ProcessClosing the Loop in Your Procure-to-Pay Process
Closing the Loop in Your Procure-to-Pay Process
SAP Ariba
 
Ewm howtoleverage sap
Ewm howtoleverage sapEwm howtoleverage sap
Ewm howtoleverage sap
Pino Villa
 

What's hot (14)

Order to Cash - The #1 Business Process to Know!
Order to Cash - The #1 Business Process to Know!Order to Cash - The #1 Business Process to Know!
Order to Cash - The #1 Business Process to Know!
 
SAP EWM TRAINING
SAP EWM TRAININGSAP EWM TRAINING
SAP EWM TRAINING
 
Cibersegurança ou uma questão de sobrevivência?
Cibersegurança ou uma questão de sobrevivência?Cibersegurança ou uma questão de sobrevivência?
Cibersegurança ou uma questão de sobrevivência?
 
Sap mm full
Sap mm fullSap mm full
Sap mm full
 
Sap sales and distribution
Sap sales and distribution Sap sales and distribution
Sap sales and distribution
 
SAP FOR OIL & GAS
SAP FOR OIL & GASSAP FOR OIL & GAS
SAP FOR OIL & GAS
 
Inroduction to ERP system core functions and challenages.pptx
Inroduction to ERP system core functions and challenages.pptxInroduction to ERP system core functions and challenages.pptx
Inroduction to ERP system core functions and challenages.pptx
 
EWM Yard Management
EWM Yard ManagementEWM Yard Management
EWM Yard Management
 
Inforln.com Baan to LN Differences Training - Order Management
Inforln.com Baan to LN Differences Training - Order ManagementInforln.com Baan to LN Differences Training - Order Management
Inforln.com Baan to LN Differences Training - Order Management
 
Erp presentation
Erp presentationErp presentation
Erp presentation
 
SAP EWM pour le pilotage de votre entrepôt
SAP EWM pour le pilotage de votre entrepôtSAP EWM pour le pilotage de votre entrepôt
SAP EWM pour le pilotage de votre entrepôt
 
Webinar: Transforming Warehouse Operations with SAP EWM
Webinar: Transforming Warehouse Operations with SAP EWMWebinar: Transforming Warehouse Operations with SAP EWM
Webinar: Transforming Warehouse Operations with SAP EWM
 
Closing the Loop in Your Procure-to-Pay Process
Closing the Loop in Your Procure-to-Pay ProcessClosing the Loop in Your Procure-to-Pay Process
Closing the Loop in Your Procure-to-Pay Process
 
Ewm howtoleverage sap
Ewm howtoleverage sapEwm howtoleverage sap
Ewm howtoleverage sap
 

Similar to Tokenisation and format preserving encryption,

Zuora luncheon final
Zuora luncheon finalZuora luncheon final
Zuora luncheon final
Matt McDowell
 
IRJET- Decentralized Kyc System
IRJET- Decentralized Kyc SystemIRJET- Decentralized Kyc System
IRJET- Decentralized Kyc System
IRJET Journal
 
Ramnath_Resume
Ramnath_ResumeRamnath_Resume
Ramnath_Resume
Ramnath Balaraj
 
The Token Platform (Webinar July 6th 2022)
The Token Platform (Webinar July 6th 2022)The Token Platform (Webinar July 6th 2022)
The Token Platform (Webinar July 6th 2022)
FIWARE
 
Blockchain and Internet of Things: Why a Perfect Match
Blockchain and Internet of Things: Why a Perfect MatchBlockchain and Internet of Things: Why a Perfect Match
Blockchain and Internet of Things: Why a Perfect Match
Fabio Antonelli
 
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Ulf Mattsson
 
How Secure is Your API?
How Secure is Your API?How Secure is Your API?
How Secure is Your API?
Mary Joy Sabal
 
ICITSI Slide Fix.pptx
ICITSI Slide Fix.pptxICITSI Slide Fix.pptx
ICITSI Slide Fix.pptx
SyifaNurgaidaYutia
 
Blockchain learning to basic understand.pptx
Blockchain learning to basic understand.pptxBlockchain learning to basic understand.pptx
Blockchain learning to basic understand.pptx
balakrishna110526
 
Blockchain private permissioned
Blockchain private permissionedBlockchain private permissioned
Blockchain private permissioned
Jan Biets [jan_biets@hotmail.com]
 
An Mfi Story
An Mfi StoryAn Mfi Story
An Mfi Story
vincent.biot
 
Blockchain Based Electronic Ballot System
Blockchain Based Electronic Ballot SystemBlockchain Based Electronic Ballot System
Blockchain Based Electronic Ballot System
IRJET Journal
 
ITILv3 Service Design
ITILv3 Service DesignITILv3 Service Design
ITILv3 Service Design
Procept Associates
 
Vinay_Patange_StanChart_Cannes_2010_Ver2
Vinay_Patange_StanChart_Cannes_2010_Ver2Vinay_Patange_StanChart_Cannes_2010_Ver2
Vinay_Patange_StanChart_Cannes_2010_Ver2
Vinay Patange
 
IRJET- Probabilistic Stress Distribution in Thick Cylindrical Pipe using Fini...
IRJET- Probabilistic Stress Distribution in Thick Cylindrical Pipe using Fini...IRJET- Probabilistic Stress Distribution in Thick Cylindrical Pipe using Fini...
IRJET- Probabilistic Stress Distribution in Thick Cylindrical Pipe using Fini...
IRJET Journal
 
BizDay: Digital Micro-Lending and Debt Crowd Funding Platform, JVentures
BizDay: Digital Micro-Lending and Debt Crowd Funding Platform, JVenturesBizDay: Digital Micro-Lending and Debt Crowd Funding Platform, JVentures
BizDay: Digital Micro-Lending and Debt Crowd Funding Platform, JVentures
R3
 
Sample Request Order Tracking Functional Requirements Document V1
Sample Request Order Tracking Functional Requirements Document V1Sample Request Order Tracking Functional Requirements Document V1
Sample Request Order Tracking Functional Requirements Document V1
Semon Wu
 
DWS15 - Future networks forum - Virtualisation - Atos -Cedric Carel
DWS15 - Future networks forum - Virtualisation - Atos -Cedric CarelDWS15 - Future networks forum - Virtualisation - Atos -Cedric Carel
DWS15 - Future networks forum - Virtualisation - Atos -Cedric Carel
IDATE DigiWorld
 
Secure ip payment networks what's available other than ssl - final
Secure ip payment networks what's available other than ssl - finalSecure ip payment networks what's available other than ssl - final
Secure ip payment networks what's available other than ssl - final
Alex Tan
 
Bank Indonesia Regulation 9/15/2007 IT Risk Management
Bank Indonesia Regulation 9/15/2007 IT Risk ManagementBank Indonesia Regulation 9/15/2007 IT Risk Management
Bank Indonesia Regulation 9/15/2007 IT Risk Management
Anjar Priandoyo
 

Similar to Tokenisation and format preserving encryption, (20)

Zuora luncheon final
Zuora luncheon finalZuora luncheon final
Zuora luncheon final
 
IRJET- Decentralized Kyc System
IRJET- Decentralized Kyc SystemIRJET- Decentralized Kyc System
IRJET- Decentralized Kyc System
 
Ramnath_Resume
Ramnath_ResumeRamnath_Resume
Ramnath_Resume
 
The Token Platform (Webinar July 6th 2022)
The Token Platform (Webinar July 6th 2022)The Token Platform (Webinar July 6th 2022)
The Token Platform (Webinar July 6th 2022)
 
Blockchain and Internet of Things: Why a Perfect Match
Blockchain and Internet of Things: Why a Perfect MatchBlockchain and Internet of Things: Why a Perfect Match
Blockchain and Internet of Things: Why a Perfect Match
 
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...
 
How Secure is Your API?
How Secure is Your API?How Secure is Your API?
How Secure is Your API?
 
ICITSI Slide Fix.pptx
ICITSI Slide Fix.pptxICITSI Slide Fix.pptx
ICITSI Slide Fix.pptx
 
Blockchain learning to basic understand.pptx
Blockchain learning to basic understand.pptxBlockchain learning to basic understand.pptx
Blockchain learning to basic understand.pptx
 
Blockchain private permissioned
Blockchain private permissionedBlockchain private permissioned
Blockchain private permissioned
 
An Mfi Story
An Mfi StoryAn Mfi Story
An Mfi Story
 
Blockchain Based Electronic Ballot System
Blockchain Based Electronic Ballot SystemBlockchain Based Electronic Ballot System
Blockchain Based Electronic Ballot System
 
ITILv3 Service Design
ITILv3 Service DesignITILv3 Service Design
ITILv3 Service Design
 
Vinay_Patange_StanChart_Cannes_2010_Ver2
Vinay_Patange_StanChart_Cannes_2010_Ver2Vinay_Patange_StanChart_Cannes_2010_Ver2
Vinay_Patange_StanChart_Cannes_2010_Ver2
 
IRJET- Probabilistic Stress Distribution in Thick Cylindrical Pipe using Fini...
IRJET- Probabilistic Stress Distribution in Thick Cylindrical Pipe using Fini...IRJET- Probabilistic Stress Distribution in Thick Cylindrical Pipe using Fini...
IRJET- Probabilistic Stress Distribution in Thick Cylindrical Pipe using Fini...
 
BizDay: Digital Micro-Lending and Debt Crowd Funding Platform, JVentures
BizDay: Digital Micro-Lending and Debt Crowd Funding Platform, JVenturesBizDay: Digital Micro-Lending and Debt Crowd Funding Platform, JVentures
BizDay: Digital Micro-Lending and Debt Crowd Funding Platform, JVentures
 
Sample Request Order Tracking Functional Requirements Document V1
Sample Request Order Tracking Functional Requirements Document V1Sample Request Order Tracking Functional Requirements Document V1
Sample Request Order Tracking Functional Requirements Document V1
 
DWS15 - Future networks forum - Virtualisation - Atos -Cedric Carel
DWS15 - Future networks forum - Virtualisation - Atos -Cedric CarelDWS15 - Future networks forum - Virtualisation - Atos -Cedric Carel
DWS15 - Future networks forum - Virtualisation - Atos -Cedric Carel
 
Secure ip payment networks what's available other than ssl - final
Secure ip payment networks what's available other than ssl - finalSecure ip payment networks what's available other than ssl - final
Secure ip payment networks what's available other than ssl - final
 
Bank Indonesia Regulation 9/15/2007 IT Risk Management
Bank Indonesia Regulation 9/15/2007 IT Risk ManagementBank Indonesia Regulation 9/15/2007 IT Risk Management
Bank Indonesia Regulation 9/15/2007 IT Risk Management
 

Recently uploaded

Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
Jakub Marek
 
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin..."$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
Fwdays
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
operationspcvita
 
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
"Scaling RAG Applications to serve millions of users", Kevin Goedecke"Scaling RAG Applications to serve millions of users", Kevin Goedecke
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
Fwdays
 
From Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMsFrom Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMs
Sease
 
What is an RPA CoE? Session 2 – CoE Roles
What is an RPA CoE? Session 2 – CoE RolesWhat is an RPA CoE? Session 2 – CoE Roles
What is an RPA CoE? Session 2 – CoE Roles
DianaGray10
 
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham HillinQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
LizaNolte
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
Javier Junquera
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
Fwdays
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
c5vrf27qcz
 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
DianaGray10
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
Jason Yip
 
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
Neo4j
 
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
DanBrown980551
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
Antonios Katsarakis
 
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyFreshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
ScyllaDB
 
Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdfSession 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
UiPathCommunity
 
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeckPoznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
FilipTomaszewski5
 

Recently uploaded (20)

Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
 
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin..."$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
 
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
"Scaling RAG Applications to serve millions of users", Kevin Goedecke"Scaling RAG Applications to serve millions of users", Kevin Goedecke
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
 
From Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMsFrom Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMs
 
What is an RPA CoE? Session 2 – CoE Roles
What is an RPA CoE? Session 2 – CoE RolesWhat is an RPA CoE? Session 2 – CoE Roles
What is an RPA CoE? Session 2 – CoE Roles
 
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham HillinQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
 
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
 
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
 
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyFreshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
 
Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdfSession 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
 
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeckPoznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
 

Tokenisation and format preserving encryption,

  • 1. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 08 Septembre 2011 Transactional services. Powering progress © Confidential 1 Tokenization Format Preserving Encryption A Case study Cartes & Identification 2011
  • 2. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 Summary 2 What is Tokenization in two words Definition & Functionalities Use cases How does it work ? Random Token System Format Preserving Encryption Conclusion
  • 3. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 What is tokenization in two words [DEFINITION] ▶ Definition – Tokenization is a process of replacing sensitive data by non sensitive ones (tokens) with respect of the following properties: • Tokens bears enough information to be useful (e.g. The entity manipuling token can accomplish transaction as it was the sensitive data). • Tokens does not compromise security – Tokenization system tries to minimize the integration impact on existing infrastructure ▶ Who offer such service 3
  • 4. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 What is tokenization in two words [FUNCTIONALITIES] ▶ Function description of a Tokenization system – Conversion (Convert sensitive data into a token and vice versa) – Conversion policy (Format definition, Mode of operation) – Communication Canal : Authentication, Integrity, Confidentiality 4 Tokenization System External System
  • 5. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 What is tokenization in two words [USE-CASES] ▶ Focusing on payment (but not limited to) – Context : • Sensitive data : PAN,… • PCI compliancy – Use cases • MOTO • Face2Face 5 CardHolder AcquirerIssuer Acceptor
  • 6. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 What is tokenization in two words [USE-CASES] ▶ Focusing on payment (but not limited to) – Context : • Sensitive data : PAN,… • PCI compliancy – Use cases • MOTO • Proximity payment 6 CardHolder AcquirerIssuer Acceptor E2E-Encryption
  • 7. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 What is tokenization in two words [USE-CASES] ▶ Focusing on payment (but not limited to) – Context : • Sensitive data : PAN,… • PCI compliancy – Use cases • MOTO • Proximity payment 7 CardHolder AcquirerIssuer Acceptor Secure MOTO
  • 8. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 What is tokenization in two words [USE-CASES] ▶ Focusing on payment (but not limited to) – Context : • Sensitive data : PAN,… • PCI compliancy – Use cases • MOTO • Proximity payment 8 CardHolder AcquirerIssuer Acceptor Process transaction
  • 9. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 Summary 9 What is Tokenization in two words Definition & Functionalities Use cases How does it work ? Random Token System Format Preserving Encryption Conclusion
  • 10. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 Tokenization and Format Preserving Encryption: A Case Study ▶PCI-DSS(Payment Card Industry Data Security Standard) : • Security requirements for entities processing cards data (processing, transmission and storage) ▶Objectives: • Reduce PCI evaluation perimeter • Choose a suitable algorithm that tokenize a PAN ▶Constraints: • The algorithm must be collision free • In a certain mode the algorithm must be “not reversible” • In certain mode the algorithm must not takes secret parameters 10 How does it works ? [Objectives-Constraints]
  • 11. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 How does it works [RandomToken] ▶ Random Token – Card data are • ciphered (classic algorithms) • stored in a database – System generate an associated token • Format respect • Checks for no Collision 11 Tokenization and Format Preserving Encryption: A Case Study
  • 12. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 Summary 12 What is Tokenization in two words Definition & Functionalities Use cases How does it work ? Random Token System Format Preserving Encryption Conclusion
  • 13. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 ▶ FPE : Format Preserving Encryption. ▶ Introduced by Brightwell [BS97] o Encryption scheme with o format preserving property ▶ Format definition is a key point – Follow PCI guidelines : • you have to differentiate a Token from a PAN ▶ NIST is considering 3 FPE algorithms ▶ Applications : • Security Social Number • Credit Card Number 13 How does it works [FPE based tokenization] Tokenization and Format Preserving Encryption: A Case Study First introduction of Format Preserving Encryption [BS97]
  • 14. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 ▶ NIST is considering 3 FPE algorithms • FFX [FFX10] • BPS [BPS10] • FCEM [FCEM10] 14 How does it works [FPE based tokenization] Tokenization and Format Preserving Encryption: A Case Study FFX BPS FCEM
  • 15. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 15 ▶ Feistel o Inventé par Horst Feistel . o Round notion o Input are split in 2 o F : cipher function o Secret key K o Key Derivation algorithm o During a round  Ai+1 = Bi  Bi+1 = Ai Fki(Bi) o Example  DES : 16 tours. + How does it works [Cryptographic-Approach] Tokenization and Format Preserving Encryption: A Case Study
  • 16. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 Feature FFX BPS FCEM Feistel based Yes Yes No #Rounds 12 8 2 Cipher function AES AES/TDES/SHA AES #Function is used 12 8 8 Reversibility Yes Yes Yes Tweak Yes Yes No 16 How does it works [Cryptographic-Approach] Tokenization and Format Preserving Encryption: A Case Study ▶ Cryptographic notions – Tweak Notion : Add variability in cryptographic schemes – Patarin attack : Differentiate ciphertext from random string
  • 17. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 Feature Random Token FPE Multi Site Difficult Medium Key deployment Medium Hard Format preserving Easy Easy Performance Low Fast Token/Data link No (except in DB) Algorithm 17 Tokenization and Format Preserving Encryption: A Case Study How does it works [Analysis]
  • 18. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 Summary 18 What is Tokenization in two words Definition & Functionalities Use cases How does it work ? Random Token System Format Preserving Encryption Conclusion
  • 19. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 Conclusion [VISION] ▶ Which choice ? 19 CardHolder AcquirerIssuer Acceptor Secure MOTO Process transaction FPE RTS E2E-Encryption FPE FPE Tokenization and Format Preserving Encryption: A Case Study
  • 20. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 ▶ Tokenization in payment context  It allows the reduction of PCI audit perimeter in a payment application  Waiting for NIST approval. ▶ Depending on use case:  Random Tokenization:  In case of internal processing  FPE based Tokenzaton  In case of multi site,  In case of multi-party protocols 20 Tokenization and Format Preserving Encryption: A Case Study Conclusion []
  • 21. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 Transactional services. Powering progress atos.net Atos, the Atos logo, Atos Consulting, Atos Worldline, Atos Sphere, Atos Cloud and Atos WorldGrid are registered trademarks of Atos SA. August 2011 © 2011 Atos. Confidential information owned by Atos, to be used by the recipient only. This document, or any part of it, may not be reproduced, copied, circulated and/or distributed nor quoted without prior written approval from Atos. © Confidential Questions ? References Title [BS97] Brigthwell, Michael & Smith Using datatype preserving encryption to enhance data warehouse security. 20th National Information Systems Security Conference, NIST, 1997. [FFX10] Bellare M, Rogaway P & Spies T The FFX Mode of Operation for Format preserving Encryption. 2010. [BPS10] Brier E, Peyrin T & Stern J BPS : a format Preserving Encryption Proposal. Ingenico, 2010. [FCEM10] Ulf T Matsson Format preserving Encryption Using Datatype preserving Encryption. 2010. [SEC2] Certicom Research. SEC2 : Recommended Elliptic Curve Domain Parameters. 2000. [BSGS] D. Shanks. Five number-theoretic algorithms. Proceeding of the second Manitoba Conference on Numerical Mathematics. 1975. [RHO] J.M. Pollard. A monte carlo method for factorization. 1978. [CI] Pierrick Gaudry. Algorithmiques des courbes algébriques pour la cryptologie. 2008 [PCI] Scoping SIG, Tokenization Tasforce, PCI Security Standards Council. PIC-DSS. 2011 Tokenization and Format Preserving Encryption: A Case Study
  • 22. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 22 BPS Survey on FPE Tokenization and Format Preserving Encryption: A Case Study
  • 23. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 23 ▶ BPS : ▶ Autor: Brier E, Peyrin T & Stern J. ▶ Published in 2010. ▶ BPS : "a Format Preserving Encryption Proposal ". ▶ Features: • 8 round. • Tweak of 64 bits split in 2 sub tweak o TL et TR • F : AES or one way function. • K : secret key • reversible. • Patarin resistant. Survey on FPE Tokenization and Format Preserving Encryption: A Case Study
  • 24. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 ▶   24 Survey on FPE Tokenization and Format Preserving Encryption: A Case Study
  • 25. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 25 FFX Survey on FPE Tokenization and Format Preserving Encryption: A Case Study
  • 26. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 ▶ FFX : ▶ Autors : Bellare M, Rogaway P & Spies T. ▶ Published in 2009 and 2010. ▶ FFX : "Format Preserving Feistel-based Encryption" ▶ Features: • 12 round, • 64 bits tweak, • FK : AES-128 or one-way function • K : secret key • reversible 26 Survey on FPE Tokenization and Format Preserving Encryption: A Case Study
  • 27. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 27 27 FCEM Survey on FPE Tokenization and Format Preserving Encryption: A Case Study
  • 28. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 28 ▶ Autor :Ulf T Matsson. ▶ Published in 2009. ▶ FCEM : "Format Controlling Encryption Mode". ▶ Features: • 8 steps o Index Value Data o Encryption of Left o Encryption of Right o Scrambled o Rippled Left to Right o Rippled Right to Left o Encryption and Update o The last transformation • F : AES-128 • K : secret key • reversible Survey on FPE Tokenization and Format Preserving Encryption: A Case Study
  • 29. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 ▶ Index Value data : • Rewriting input as hexa values. • Example: o X : 1122334455667788 o Index Value data : 01010202030304040505060607070808 ▶ Encryption of Left : • left part encryption • Example : o Index Value data : 01010202030304040505060607070808 o Sortie de FK: 00C01F49D0C2C050188D8FDFADCDF846 o RightUpdate : 0507070905010008 ▶ Encryption of Right : • Same idea • We get LeftUpdate : 0101080503060303 29 Survey on FPE Tokenization and Format Preserving Encryption: A Case Study
  • 30. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 30 ▶ Scrambled : • Concat LeftUpdate and RightUpdate . • Example: o CipherScrambled : 01010805030603030507070905010008 ▶ RippledLeftToRight : • Scrambled modifying by : o CipherScrambled : 01010805030603030507070905010008 o 01 ⊕ 01 = (0 × 16) + 1 + (0 × 16) + 1 = 02 ≡ 02 (mod10). o RippledLeftToRight = 0102 o RippledLeftToRight = 01020005080407000503090803040402 ▶ RippledRightToLeft : • Same idea • RippledLeftToRight = 04030101060804070702000103000602 Survey on FPE Tokenization and Format Preserving Encryption: A Case Study
  • 31. | 08-09-2011 | Cauchie stéphane Carte & Identification 2011 31 31 ▶ Encryption and Modular Sum : • RippledLeftToRight : 04030101060804070702000103000602 Survey on FPE Tokenization and Format Preserving Encryption: A Case Study