1.遮罩:
顾名思义,屏蔽是将实际数据替换为空值或常量值的过程。它被认为是本质上永久的令牌化。在这种情况下,敏感信息被一些与原始数据格式相同的随机字符代替,而这些随机字符也没有任何检索原始值的机制。基本上有两种屏蔽类型,即静态数据屏蔽(SDM)和动态数据屏蔽(DDM)。
2.标记化:
顾名思义,令牌化是用随机生成的字母数字值(称为令牌)替换原始值的过程。每当用户应用程序需要原始数据时,该系统就会在令牌数据库中查找令牌值并进行检索。它是用于保护数据安全的最古老的技术之一。在这种情况下,令牌在创建令牌并将其链接到其他数据的系统外部没有任何意义。
标记化和掩蔽之间的区别:
Masking |
Tokenization |
---|---|
It is a process of applying mask to a value. | It is a process of replacing sensitive data with non-sensitive data. |
It simply ensures efficient use of masked data for analysis without fear of leaking private information. | It simply ensures correct formatting and transmission of data thus making it less vulnerable to cyberattacks. |
It is generally used to secure structured and unstructured fields in both non-production and production environments such as database backups, data mining, etc. | It is generally used to secure credit card number or sensitive information in payment processing systems, customer service databases, and other structured data environments. |
It always preserves format but there are some chances of reidentification risk. | It always preserves format of data and maintain high security. |
It is an irreversible process i.e.; masked data cannot be retrieved back to original one. | It is a reversible process i.e.; tokenized data can be retrieved back to original one. |
It is easier for one to exchange masked data with third parties as they cannot view original data. | It is difficult for one to exchange data with third parties because they can have access to token database. |
It is used to secure data in use. | It is used to secure data at rest and data in motion. |
It normally protects sensitive data from being exposed to individuals who are not authorized or do not have access to view it. | It normally creates surrogate value that can matched back to original string using database. |