tokenization engine | encryption-decryption using seed file
Question
I need to build web server (window server) with a tokenization engine for encrypting sensitive data. As per client requirement :
- The server should be configured with a unique encryption/hash "seed" file that can be backed up
- The server should use the seed file to tokenize (ie mask/hash/encrypt) sensitive data fields
- The server should pass the tokenized values to the database (MySQL) for save operation.
- The server should un-tokenize the data when retrieved from the database for display on the website
My question is - how to create seed file? - if data is encrypted using seed file and then somebody change/update seed file. In this case can we able to decrypt data
Please advise approach to meet above requirement.
1 answers
solution1
0 2016-03-29 11:45:21
One can create a "seed" with a cryptographic PRNG (Pseudo Random Number Generator) or a HRNG (Hardware Random Number Generator). Most computer systems contain a cryptographic PRNG and HRNGs with a limited entropy rate can be purchased cheaply in USB configurations.
Save the generated seed in a secure (possibly bank) safe on paper and/or a USB drive for restoration.
On the high security end use a HSM (Hardware Security Module).
The server needs to be secure including good two factor authentication.
This seems to answer the final question statement but entire question is unclear. If you are dealing with CC payments you will need to become familiar with PCI (Payment Card Industry).
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.