TY - GEN
T1 - A cryptographic study of tokenization systems
AU - Díaz-Santiago, Sandra
AU - Rodriguez-Henriquez, Lil Maria
AU - Chakraborty, Debrup
PY - 2014
Y1 - 2014
N2 - Payments through cards have become very popular in today's world. All businesses now have options to receive payments through this instrument, moreover most organizations store card information of its customers in some way to enable easy payments in future. Credit card data is a very sensitive information and its theft is a serious threat to any company. Any organization that stores such data needs to achieve payment card industry (PCI) compliance, which is an intricate process. Recently a new paradigm called "tokenization" has been proposed to solve the problem of storage of payment card information. In this paradigm instead of the real credit card data a token is stored. To our knowledge, a formal cryptographic study of this new paradigm has not yet been done. In this paper we formally define the syntax of a tokenization system, and several notions of security for such systems. Finally, we provide some constructions of tokenizers and analyze their security in the light of our definitions.
AB - Payments through cards have become very popular in today's world. All businesses now have options to receive payments through this instrument, moreover most organizations store card information of its customers in some way to enable easy payments in future. Credit card data is a very sensitive information and its theft is a serious threat to any company. Any organization that stores such data needs to achieve payment card industry (PCI) compliance, which is an intricate process. Recently a new paradigm called "tokenization" has been proposed to solve the problem of storage of payment card information. In this paradigm instead of the real credit card data a token is stored. To our knowledge, a formal cryptographic study of this new paradigm has not yet been done. In this paper we formally define the syntax of a tokenization system, and several notions of security for such systems. Finally, we provide some constructions of tokenizers and analyze their security in the light of our definitions.
KW - Format preserving encryption
KW - Payment card industry standard
KW - Provable security
KW - Symmetric encryption
KW - Tokenization
UR - http://www.scopus.com/inward/record.url?scp=84908887390&partnerID=8YFLogxK
U2 - 10.5220/0005062803930398
DO - 10.5220/0005062803930398
M3 - Contribución a la conferencia
AN - SCOPUS:84908887390
T3 - SECRYPT 2014 - Proceedings of the 11th International Conference on Security and Cryptography, Part of ICETE 2014 - 11th International Joint Conference on e-Business and Telecommunications
SP - 393
EP - 398
BT - SECRYPT 2014 - Proceedings of the 11th International Conference on Security and Cryptography, Part of ICETE 2014 - 11th International Joint Conference on e-Business and Telecommunications
A2 - Obaidat, Mohammad S.
A2 - Holzinger, Andreas
A2 - Samarati, Pierangela
PB - SciTePress
T2 - 11th International Conference on Security and Cryptography, SECRYPT 2014 - Part of 11th International Joint Conference on e-Business and Telecommunications, ICETE 2014
Y2 - 28 August 2014 through 30 August 2014
ER -