A cryptographic study of tokenization systems

Sandra Díaz-Santiago, Lil Maria Rodriguez-Henriquez, Debrup Chakraborty

Research output: Contribution to conferencePaper

1 Scopus citations

Abstract

Payments through cards have become very popular in today's world. All businesses now have options to receive payments through this instrument, moreover most organizations store card information of its customers in some way to enable easy payments in future. Credit card data is a very sensitive information and its theft is a serious threat to any company. Any organization that stores such data needs to achieve payment card industry (PCI) compliance, which is an intricate process. Recently a new paradigm called "tokenization" has been proposed to solve the problem of storage of payment card information. In this paradigm instead of the real credit card data a token is stored. To our knowledge, a formal cryptographic study of this new paradigm has not yet been done. In this paper we formally define the syntax of a tokenization system, and several notions of security for such systems. Finally, we provide some constructions of tokenizers and analyze their security in the light of our definitions.
Original languageAmerican English
Pages393-398
Number of pages353
StatePublished - 1 Jan 2014
Externally publishedYes
EventSECRYPT 2014 - Proceedings of the 11th International Conference on Security and Cryptography, Part of ICETE 2014 - 11th International Joint Conference on e-Business and Telecommunications -
Duration: 1 Jan 2014 → …

Conference

ConferenceSECRYPT 2014 - Proceedings of the 11th International Conference on Security and Cryptography, Part of ICETE 2014 - 11th International Joint Conference on e-Business and Telecommunications
Period1/01/14 → …

    Fingerprint

Cite this

Díaz-Santiago, S., Rodriguez-Henriquez, L. M., & Chakraborty, D. (2014). A cryptographic study of tokenization systems. 393-398. Paper presented at SECRYPT 2014 - Proceedings of the 11th International Conference on Security and Cryptography, Part of ICETE 2014 - 11th International Joint Conference on e-Business and Telecommunications, .