1. 掩蔽:
顾名思义,掩码是用空值或常量值替换真实数据的过程。它被认为本质上是永久性的标记化。在这种情况下,敏感信息被一些与原始数据格式相同的随机字符替换,也没有任何检索原始值的机制。基本上有两种类型的屏蔽,即静态数据屏蔽 (SDM) 和动态数据屏蔽 (DDM)。
2. 代币化:
顾名思义,令牌化是用随机生成的字母数字值(称为令牌)替换原始值的过程。每当用户应用程序需要原始数据时,该系统就会在令牌数据库中查找令牌值并检索它。它是用于保持数据安全的最古老的技术之一。在这种情况下,令牌在创建它们并将它们链接到其他数据的系统之外没有任何意义。
标记化和掩码之间的区别:
|
Masking |
Tokenization |
|---|---|
| It is a process of applying mask to a value. | It is a process of replacing sensitive data with non-sensitive data. |
| It simply ensures efficient use of masked data for analysis without fear of leaking private information. | It simply ensures correct formatting and transmission of data thus making it less vulnerable to cyberattacks. |
| It is generally used to secure structured and unstructured fields in both non-production and production environments such as database backups, data mining, etc. | It is generally used to secure credit card number or sensitive information in payment processing systems, customer service databases, and other structured data environments. |
| It always preserves format but there are some chances of reidentification risk. | It always preserves format of data and maintain high security. |
| It is an irreversible process i.e.; masked data cannot be retrieved back to original one. | It is a reversible process i.e.; tokenized data can be retrieved back to original one. |
| It is easier for one to exchange masked data with third parties as they cannot view original data. | It is difficult for one to exchange data with third parties because they can have access to token database. |
| It is used to secure data in use. | It is used to secure data at rest and data in motion. |
| It normally protects sensitive data from being exposed to individuals who are not authorized or do not have access to view it. | It normally creates surrogate value that can matched back to original string using database. |