Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
International Journal of Information Security
Erschienen in: International Journal of Information Security 4/2016

01.08.2016 | Regular Contribution

A cryptographic study of tokenization systems

verfasst von: Sandra Díaz-Santiago, Lil María Rodríguez-Henríquez, Debrup Chakraborty

Erschienen in: International Journal of Information Security | Ausgabe 4/2016

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Payments through cards have become very popular in today’s world. All businesses now have options to receive payments through this instrument; moreover, most organizations store card information of its customers in some way to enable easy payments in future. Credit card data are a very sensitive information, and theft of this data is a serious threat to any company. Any organization that stores credit card data needs to achieve payment card industry (PCI) compliance, which is an intricate process where the organization needs to demonstrate that the data it stores are safe. Recently, there has been a paradigm shift in treatment of the problem of storage of payment card information. In this new paradigm instead of the real credit card data a token is stored, this process is called “tokenization.” The token “looks like” the credit/debit card number, but ideally has no relation with the credit card number that it represents. This solution relieves the merchant from the burden of PCI compliance in several ways. Though tokenization systems are heavily in use, to our knowledge, a formal cryptographic study of this problem has not yet been done. In this paper, we initiate a study in this direction. We formally define the syntax of a tokenization system and several notions of security for such systems. Finally, we provide some constructions of tokenizers and analyze their security in light of our definitions.
Vorheriger Artikel On the analysis of time-aware protocols in universal composability framework
Nächster Artikel Privacy-preserving authentication framework using bloom filter for secure vehicular communications

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Anhänge
Nur mit Berechtigung zugänglich
Fußnoten
1
In our view, irrespective of other possible identifiers, the associated data should contain an identifier of the merchant. Thus if \(d,d'\in {\mathcal {D}}\) are two associated data related to two different merchants, it should be that \(d \ne d'\). For our notion of correctness this requirement for the associated data would be required.
 
2
According to [6], the total number of credit cards in 2012 from the four primary credit card networks (i.e., VISA, MasterCard, American Express, and Discover) was 546 millions (\(\approx 2^{30}\)). This can be considered as a reasonable upper bound for q. Assuming credit card numbers to be of 16 decimal digits, \(\#{\mathcal {T}}= 10^{16} \approx 2^{53}\). These numbers lead to a collision probability of \(1/2^{23}\) which is insignificant.
 
Literatur
1.
Bellare, M., Ristenpart, T., Rogaway, P., Stegers T.: Format-preserving encryption. In: Jacobson Jr., M.J., Rijmen V., Safavi-Naini R., (eds.), Selected Areas in Cryptography, volume 5867 of Lecture Notes in Computer Science, pp. 295–312. Springer (2009)
2.
3.
Berbain, C., Gilbert, H.: On the security of IV dependent stream ciphers. In: Biryukov, A., (ed.) FSE, volume 4593 of Lecture Notes in Computer Science, pp. 254–273. Springer (2007)
4.
Black, J., Rogaway, P.: Ciphers with arbitrary finite domains. In: Preneel, B., (ed.) CT-RSA, volume 2271 of Lecture Notes in Computer Science, pp. 114–130. Springer (2002)
5.
6.
7.
8.
Hoang, V.T., Morris, B., Rogaway, P.: An enciphering scheme based on a card shuffle. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO, volume 7417 of Lecture Notes in Computer Science, pp. 1–13. Springer (2012)
9.
ISO/IEC 7812–1: Identification Cards-Identification of Issuers-Part 1: Numbering System (2006)
10.
Liskov, M., Rivest, R.L., Wagner, D.: Tweakable block ciphers. In: Yung, M. (ed.) CRYPTO, volume 2442 of Lecture Notes in Computer Science, pp. 31–46. Springer (2002)
11.
Morris, B., Rogaway, P., Stegers, T.: How to encipher messages on a small domain. In: Halevi, S. (ed.) CRYPTO, volume 5677 of Lecture Notes in Computer Science, pp. 286–302. Springer (2009)
12.
13.
14.
15.
Ristenpart, T., Yilek, S.: The mix-and-cut shuffle: Small-domain encryption secure against n queries. In: Canetti, R., Garay, J.A. (eds.) CRYPTO (1), volume 8042 of Lecture Notes in Computer Science, pp. 392–409. Springer (2013)
16.
Robshaw, M.J.B., Billet, O. (eds.): New Stream Cipher Designs-The eSTREAM Finalists, volume 4986 of Lecture Notes in Computer Science. Springer (2008)
17.
18.
19.
20.
Stefanov, E., Shi, E.: Fastprp: fast pseudo-random permutations for small domains. IACR Cryptol. ePrint Arch. 2012, 254 (2012)
21.
Metadaten
Titel
A cryptographic study of tokenization systems
verfasst von
Sandra Díaz-Santiago
Lil María Rodríguez-Henríquez
Debrup Chakraborty
Publikationsdatum
01.08.2016
Verlag
Springer Berlin Heidelberg
Erschienen in
International Journal of Information Security / Ausgabe 4/2016
Print ISSN: 1615-5262
Elektronische ISSN: 1615-5270
DOI
https://doi.org/10.1007/s10207-015-0313-x

Weitere Artikel der Ausgabe 4/2016

International Journal of Information Security 4/2016 Zur Ausgabe

Regular Contribution

On the analysis of time-aware protocols in universal composability framework

Regular Contribution

Malware detection using bilayer behavior abstraction and improved one-class support vector machines

Regular Contribution

Privacy-preserving authentication framework using bloom filter for secure vehicular communications

Regular Contribution

Flow-based reputation with uncertainty: evidence-based subjective logic

Regular Contribution

A practical privacy-preserving targeted advertising scheme for IPTV users