1.标记化:
顾名思义,令牌化基本上是一种替换技术,可以用随机生成的称为令牌的代码替换敏感数据。在这里,令牌通常用作原始数据的引用或占位符。它只是保留了数据的感觉和格式,还保留了数据主体的隐私。它通常用于信用卡处理,以提高安全性。
例子 :
2.加密:
顾名思义,加密是一种结合数学算法和其他秘密信息的过程,该过程以没有适当密钥就无法扭转的方式来转换或转换数据。它仅使用算法将纯文本信息转换为无法识别的密文。也可以将其反转,以便授权人员可以查看和使用原始数据和敏感数据。它被认为是实现数据安全性的最有效方法。
例子 :
令牌化和加密之间的区别:
Tokenization |
Encryption |
---|---|
It is a process of turning sensitive data into non-sensitive data usually known as tokens. | It is a process of encoding message, data, or file so that it can be accessed and read only by certain people. |
It is important because it helps to reduce risk from data breaches and build trust with customers. | It is important because it helps to protect private information or sensitive data, and enhance security of communication among servers and client apps. |
Its main objective is to swap out or substitute sensitive data such as payment card or bank account numbers with randomized number in same format but without any intrinsic value of its own. | Its main objective is confidentiality such as concealing content of message by translating it into code. |
It can be offered only via web services. | It can be offered both locally and as web service. |
It is best suited for structured data fields and is therefore mostly used to protect sensitive data in payment processing systems like credit card information or social security numbers. | It is best suited for unstructured fields or databases that are not stored in multiple system and for protecting files such as entire files or emails, and also supports structured data such as payment card numbers. |
It is difficult to exchange data because of access to token database. | It is easier to exchange data because on can access original data if needed with decryption key. |
It uses tokens to protect or secure data. | It uses secret keys to protect or secure data. |
In this, if somehow token is intercepted, then it cannot be used to guess real values. | In this, if somehow key is intercepted, then too it can be used to decrypt all data it was used to secure. |
It is an irreversible process. | It is a reversible process. |
It generates token value randomly for plaintext and stores mapping in database. | It scrambles data so that only authorized parties can have access to data. |