Towards privacy with tokenization as a service

摘要

Privacy is one of the main challenges that systems which process personally identifiable information and health protected information are currently battling with. Until recently, many solutions were inclined on protecting data-at-rest through encryption. However, the past decade has seen an increase in data breaches that target encrypted sensitive information like credit cards, passwords and health records. A new approach to solving this problem thrives to minimize the storage of sensitive data in processing environments. This paper presents a privacy-as-a-service mechanism which makes use of the tokenization technology. It proposes the use of a tokenization service that can be used by applications to store sensitive data away from the processing environment. We show how the tokenization service can be useful for applications such as e-commerce and e-health where privacy is a major concern.