SVault
The SVault module APIs provide tokenization functionalities for anonymizing and pseudonymizing databases containing Personally Identifiable Information (PII). The tokenization process is based on the generation of random numbers by a FIPS SP800-90A DRBG ( NIST CAVP approval).
Architecture
The SVault module Dinamo tokenizes personally identifiable information (also called secret) by generating a random token and a token blob(secret and encrypted metadata).
The token blob can be stored and used for later retrieval of the secret, for pseudonymization operations. For anonymization operations, the token blob must be discarded and the secret cannot be recovered later.
The token generated replaces the secret in the original database and may have the blob token associated with it in cases of pseudonymization. The token can have its format (decimal, base62, etc.) and the ability to generate check digits (in the case of CPF, CNPJ, PAN, etc.) specified at the time of generation.
Sensitive data is protected using a symmetric key protected within the HSM.
Retrieving the secret using the token blob allows it to be retrieved in clear text or masked. Masking is done internally to the HSM, preventing the secret from being manipulated in clear text by the application.
Attention
The tokens are generated randomly and, naturally, there is the possibility of conflicting tokens being generated. Therefore, the application will have to deal with the collisions by requesting the generation of the token again in order to guarantee the storage of unique tokens.
SVault API
Specific API documentation for the SVault module, with functions, classes and examples.