Wednesday, October 01, 2014

Difference between Tokenization and Encryption

What is the difference between tokenization and encryption?

A lot of the time, encryption and tokenization are being used interchangeably to describe the process of protecting data stored in the cloud. Although they both essentially have the same function, they are different processes and have different effects on the data they are protecting.

Tokenization

Tokenization substitutes a value with a random 'Token" value. Each individual value has its own token assigned, so no matter when that value is inserted, the same token will appear. The token values are then stored in the cloud.
To retrieve the original value, the token value is pulled from the cloud through the company's firewall where de-tokenization takes place. A dictionary of tokens is stored behind the firewall to replace the token value with the original value.

Encryption

Encrypted data obscures the value using an approved encryption algorithm. To reveal the original value, the user needs a secret key. This makes it impossible to reveal the true value to any unauthorized user.
There are many different ways to encrypt data, including private keys, public keys, SSL, and TLS. The encrypted data is then stored in the cloud. As the data is pulled from the cloud, the user can access the true data if they can access the secret key to decipher the data
Posted by at
Subscribe to: Post Comments (Atom)