Slide 1

Slide 1 text

Introduction to Tokenization Tech Talk Meetup #1 @Indeed

Slide 2

Slide 2 text

Who I am? Junichi Okamura @benzookapi Scala/Java/Node.js/Python/ Ruby/PHP/../Mobile/../ppt /I18N/Marketing/Payment API Lover/Agro-IoT/Cartoonist

Slide 3

Slide 3 text

My formal suit

Slide 4

Slide 4 text

Today’s topic Tokenization

Slide 5

Slide 5 text

Tokenization = replace(SENSITIVE_DATA, MEANINGLESS_TEXT); Ticket for the real data

Slide 6

Slide 6 text

Why now tokenization? • The word used in context of payment = payment tokenization • Increasing concern about security on finance

Slide 7

Slide 7 text

Payment tokenization example: Android Pay Source: https://developers.google.com/web/fundamentals/discovery-and-monetization/payment-request/android-pay?hl=ja sensitive data = credit card meaningless text = gateway token

Slide 8

Slide 8 text

Advantage of tokenization • Even though your token is stolen, your card number is not • Second user of token cannot buy/sell anything • Sellers don’t need to complaint to highly strict security rules (PCIDSS) • Because token itself is meaningless text

Slide 9

Slide 9 text

What’s different from encryption? • Encrypted data itself is sensitive data (card number) • If the encryption broken, raw data get stolen • Encrypted data is not sharable

Slide 10

Slide 10 text

Key characteristics of tokens • Temporary • One time (most secured) • Expiration • No encoding/decoding • Only issuers can understand (no common data in it) • But sharable with token consumers

Slide 11

Slide 11 text

Token issuers and consumers Token Issuers = store sensitive data and process them Payment Account EC/Delivery Token Consumers = get process result or raw data restrictedly real consumer (not token consumer) 1.sensitive data 2.service 3.token 5.service 2.token 4.result or data

Slide 12

Slide 12 text

Issuers vs Consumers? • No, some issuers can be consumers in some context (e.g. payment gateway can be both in the context of credit card) • Most of other cases than payment express Issuer as API providers and consumers as API users

Slide 13

Slide 13 text

Types of tokenization tokens • Closed: Can be used for issuer’s service only. Most popular (e.g. OAuth token) • Semi-closed: Can be used for issuer’s partner-ship or restricted services only. Recently, getting applied for payment (e.g. Android Pay) • Open: Public token can be used for any external services (currently, not known yet… tell me please)

Slide 14

Slide 14 text

Extended usage of tokenization e.g. Logistics Receiver Sender’s address Receivers’ address Logistics company = Token issuer Sender Sender’s address token Receiver’s address token

Slide 15

Slide 15 text

Who can be token issuer? • Trusted: with highly secured system and environment • Compliant: to law and regulation with good mind • Attractive: with strong value props and cool thing

Slide 16

Slide 16 text

Movement of tokenization Closed token for monolithic service Data | Activity | Connectivity token token token token Open token for multiple services Data Service Activity Service Connectivity Service token token token token

Slide 17

Slide 17 text

Thank you & QA