Introduction
This Use Case has been developed for JISA’s CryptoBind HSM (Network Security Module by JISA Powered by LiquidSecurity) product. JISA’s HSM can be used in tokenization solution to store encryption, decryption keys.
Tokenization is the process of replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security. The basic idea behind tokenization is to replace the sensitive and confidential data with unique identification pattern to secure it from attackers/hackers from stealing this data.
Why to use CryptoBind HSM in this use case?
Vaultbased Tokenisation is a process of replacing the sensitive information with Tokens and encrypting original data in the data vault. If the organization does not use HSM for storing the encryption keys, the keys would be stored on local server in a file folder or database. If someone gets hold of these keys, they can access the sensitive data stored in a vault. Hence HSM plays a crucial role in protecting keys.
Use case flow
Tokenisation flow is divided in two parts viz Tokenisation and De-tokenisation. In tokenisation, sensitive data is converted in random tokens and stored in a vault against its encrypted sensitive data. De-tokenisation is performed when original data is required against its token.
To tokenize the sensitive data client application passes token generation request along with sensitive data to tokenisation engine. If request is made from authorized user, a ‘reference key’ or token generation takes place. Generated token is then passed to client application. If unauthorized user requests for token, the incident is logged and admin receives alert for the same.
To retrieve original sensitive data from token, client application provides token to tokenisation engine. Provided token is
verified against its sensitive data which is stored in vault. Encrypted sensitive data is then decrypted using the keys
stored in HSM and returned to client application in unencrypted form. This is referred to as De-tokenization.
