Data Encryption & Tokenization
Storing decryption keys and encrypted files separately makes them indecipherable to unauthorized users.
By doing image and file encryption before storing with your cloud storage provider, you maintain a separate location for the decryption keys. So, even if attackers compromise your cloud files, they will be indecipherable without the decryption key. To see how it works, check out our interactive OpenAPI documentation. The demo gives an internal view of the magic behind cryptographic operations.
Replace sensitive data with tokens so your database records are indecipherable to unauthorized users.
Tokenization replaces sensitive data with an indecipherable token for security purposes. The tokenization process involves encrypting the sensitive plaintext data into ciphertext. Then, it assigns a non-sensitive token, which the database can store safely. The reverse process is where authorized users use the token for decryption to retrieve the sensitive data as needed.
To see how it works, check out our interactive OpenAPI documentation. First, use the /encrypt call to create a token for database storage. Then, use that token during the /decrypt call to recreate the sensitive data.
Behind the scenes, a series of cryptographic operations are taking place. The master key, which is stored securely in the cryptoprocessor, encrypts a cryptographic domain key. Then, this cryptographic domain key encrypts a data encryption key that was created by the web service. See more in Key Management if you’re interested.