Skip to content

LGPD Anonymization

The LGPD Anonymization menu shows the functionalities of the service of the same name. The service aims to make it easier for your business to comply with the law by tokenizing sensitive data. To use these functions, you need to subscribe to the service.

The purpose of this interface is to familiarize the user with the use of endpoints and present the definitions adopted. The portal interface has slightly different parameter settings to those adopted when using the API directly, but the tokenization operation continues to take place on an HSM DINAMO via the API.

A typical usage scenario for this service involves tokenizing sensitive data in your database, i.e. replacing a piece of data such as a CPF with a token of the same format, but at random. In this way, the actual data can be stored securely with DINAMO Super Cloud. When the data is needed, simply retrieve it by entering the token that replaced it.

One of the aims of tokenization is to preserve the format, i.e. a token generated for a customer's CNPJ data will also have the format of a valid CNPJ. The tokenization process supports the following formats: CPF, CNPJ, Credit Card, Voter ID, Free Numeric and Free Alphanumeric.

Safes and mechanisms

To tokenize a piece of data, you need to use two entities defined in the API, a vault and a mechanism. The vault entity plays a role similar to that suggested by its name: it groups and protects one or more tokens. A mechanism can be thought of as a machine that produces tokens, for example, to produce tokens in the CNPJ format, you need to use a mechanism configured for this.

Vaults and mechanisms can be created via their respective items in the navigation menu. Creating a vault only requires a name and an API token. To create a mechanism you must choose an identification tag, select the format to be followed by the tokens produced with that mechanism and the storage type. The storage parameter allows you to choose between saving the file containing the original encrypted data on your device or saving it in your DINAMO Super Cloud account, this parameter is applied to every token generated with this mechanism.

Tokenize

Select the tokenize secret action from one of your vaults. In the open dialog, select one of the mechanisms according to the desired format and storage, enter an API token. In the next step, enter the secret, i.e. the sensitive data to be protected, which must comply with the format determined by the mechanism. In the last step you will receive the token for substitution and if you choose "Download" storage, you will receive the encrypted file of the original data to download.

Recovering secrets

The method of retrieving the secret depends on the storage option defined by the tokenization mechanism. The steps for each option are detailed below.

  • Cloud storage: click on the "List tokens" action of the vault used for tokenization, then select the "Retrieve cloud token secret" action of the desired token.
  • Download storage: select the "Retrieve downloaded token secret" action from the vault used for tokenization and then enter the encrypted secret file.

In both cases, an API token must be provided and it is optional to choose a mask to be applied to the secret; if no mask is selected, the secret will be displayed in full.