Introduction to tokenization

Transcript

1. Introduction to Tokenization Tech Talk Meetup #1 @Indeed

2. Who I am? Junichi Okamura @benzookapi Scala/Java/Node.js/Python/ Ruby/PHP/../Mobile/../ppt /I18N/Marketing/Payment API

   Lover/Agro-IoT/Cartoonist

3. My formal suit

4. Today’s topic Tokenization

5. Tokenization = replace(SENSITIVE_DATA, MEANINGLESS_TEXT); Ticket for the real data

6. Why now tokenization? • The word used in context of

   payment = payment tokenization • Increasing concern about security on finance

7. Payment tokenization example: Android Pay Source: https://developers.google.com/web/fundamentals/discovery-and-monetization/payment-request/android-pay?hl=ja sensitive data =

   credit card meaningless text = gateway token

8. Advantage of tokenization • Even though your token is stolen,

   your card number is not • Second user of token cannot buy/sell anything • Sellers don’t need to complaint to highly strict security rules (PCIDSS) • Because token itself is meaningless text

9. What’s different from encryption? • Encrypted data itself is sensitive

   data (card number) • If the encryption broken, raw data get stolen • Encrypted data is not sharable

10. Key characteristics of tokens • Temporary • One time (most

    secured) • Expiration • No encoding/decoding • Only issuers can understand (no common data in it) • But sharable with token consumers

11. Token issuers and consumers Token Issuers = store sensitive data

    and process them Payment Account EC/Delivery Token Consumers = get process result or raw data restrictedly real consumer (not token consumer) 1.sensitive data 2.service 3.token 5.service 2.token 4.result or data

12. Issuers vs Consumers? • No, some issuers can be consumers

    in some context (e.g. payment gateway can be both in the context of credit card) • Most of other cases than payment express Issuer as API providers and consumers as API users

13. Types of tokenization tokens • Closed: Can be used for

    issuer’s service only. Most popular (e.g. OAuth token) • Semi-closed: Can be used for issuer’s partner-ship or restricted services only. Recently, getting applied for payment (e.g. Android Pay) • Open: Public token can be used for any external services (currently, not known yet… tell me please)

14. Extended usage of tokenization e.g. Logistics Receiver Sender’s address Receivers’

    address Logistics company = Token issuer Sender Sender’s address token Receiver’s address token

15. Who can be token issuer? • Trusted: with highly secured

    system and environment • Compliant: to law and regulation with good mind • Attractive: with strong value props and cool thing

16. Movement of tokenization Closed token for monolithic service Data |

    Activity | Connectivity token token token token Open token for multiple services Data Service Activity Service Connectivity Service token token token token

17. Thank you & QA