Why OpenText
Why OpenText
Overview Why OpenText
OpenText brings decades of expertise to help you unlock data, connect people and processes, and fuel AI with trust
Manage and connect data
Unify data seamlessly across your enterprise to eliminate silos, improve collaboration, and reduce risks
AI-ready information
Get AI-ready and transform your data into structured, accessible, optimized information
Built-in security and compliance
Meet regulatory and compliance requirements and protect your information throughout its lifecycle
Empowering people
Overview Empowering people
OpenText helps people manage content, automate work, use AI, and collaborate to boost productivity
Customers
See how thousands of companies around the world are succeeding with innovative solutions from OpenText™
Employees
Our people are our greatest asset; they are the life of the OpenText brand and values
Corporate Responsibility
Learn how we aspire to advance societal goals and accelerate positive change
Partners
Find a highly skilled OpenText partner with the right solution to enable digital transformation
How we compare
Content Management
Service Management
Deploy anywhere
Overview Deployment options
Explore scalable and flexible deployment options for global organizations of any size
Sovereign cloud
Local control. Global scale. Trusted AI
Private cloud
Your cloud, your control
On-premises
Free up resources, optimize performance and rapidly address issues
Public cloud
Run anywhere and scale globally in the public cloud of your choice
Aviator AI
Overview Aviator AI
See information in new ways
OpenText™ Aviator AI
AI that understands your business, your data, and your goals
OpenText™ MyAviator
Say hello to faster decisions. Your secure personal AI assistant is ready to get to work
OpenText™ Business Network Aviator
Gain better insights with generative AI for supply chains
OpenText™ Content Aviator
Power work with AI content management and an intelligent AI content assistant
OpenText™ Cybersecurity Aviator
Improve your security posture with AI cybersecurity and agile threat detection
OpenText™ DevOps Aviator
Enable faster app delivery, development, and automated software testing
OpenText™ Experience Aviator
Elevate customer communications and experiences for customer success
OpenText™ Service Management Aviator
Empower users, service agents, and IT staff to find the answers they need
Aviator AI
Overview Aviator AI
See information in new ways
OpenText™ Aviator AI
AI that understands your business, your data, and your goals
OpenText™ MyAviator
Say hello to faster decisions. Your secure personal AI assistant is ready to get to work
OpenText™ Business Network Aviator
Gain better insights with generative AI for supply chains
OpenText™ Content Aviator
Power work with AI content management and an intelligent AI content assistant
OpenText™ Cybersecurity Aviator
Improve your security posture with AI cybersecurity and agile threat detection
OpenText™ DevOps Aviator
Enable faster app delivery, development, and automated software testing
OpenText™ Experience Aviator
Elevate customer communications and experiences for customer success
OpenText™ Service Management Aviator
Empower users, service agents, and IT staff to find the answers they need
Analytics
Overview Analytics
Predict, act, and win with real-time analytics on a smarter data platform
OpenText™ Aviator Search(AI)
Give users access to the answers they need, faster and easier, with multi-repository AI-based search that lets you contextualize everything from clicks to conversations
Business Network
Overview Business Network
Connect once, reach anything with a secure B2B integration platform
Content
Overview Content
Reimagine knowledge with AI-ready content management solutions
OpenText™ Content Aviator(AI)
Supercharge intelligent workspaces with AI to modernize work
Cybersecurity
Overview Cybersecurity
Integrated cybersecurity solutions for enterprise protection
OpenText Cybersecurity for SMBs & MSPs
Purpose built data protection and security solutions
OpenText™ Cybersecurity Aviator(AI)
Reinvent threat hunting to improve security posture with the power of agile AI
DevOps
Overview DevOps
Ship better software—faster—with AI-driven DevOps automation, testing, and quality
Experience
Overview Experience
Reimagine conversations with unforgettable customer experiences
Observability and Service Management
Overview Observability and Service Management
Get the clarity needed to cut the cost and complexity of IT operations
OpenText™ Service Management Aviator(AI)
Redefine Tier 1 business support functions with self-service capabilities from private generative AI
APIs
Overview APIs
Build custom applications using proven OpenText Information Management technology
OpenText™ Aviator Thrust
Build it your way with OpenText Cloud APIs that create the real-time information flows that enable custom applications and workflows
Device and Data Protection
Overview Device and Data Protection
Protect what matters, recover when it counts
Unified Endpoint Management Tools
- OpenText™ Endpoint Management
- OpenText™ ZENworks Suite
- OpenText™ ZENworks Service Desk
- OpenText™ ZENworks Configuration Management
- OpenText™ ZENworks Endpoint Security Management
- OpenText™ ZENworks Full Disk Encryption
- OpenText™ ZENworks Endpoint Software Patch Management
- OpenText™ ZENworks Asset Management
Solutions
Information Reimagined
Overview Information Reimagined
Get greater visibility and sharper insights from AI-driven information management. Ready to see how?
Artificial Intelligence
Overview Aviator AI
Break free from silos, streamline processes, and improve customer experiences with secure information management for AI
Industry
Overview Industry solutions
Improve efficiency, security, and customer satisfaction with OpenText
Enterprise Application
Overview Solutions for Enterprise Applications
Run processes faster and with less risk
Maximize sustained growth, value, and innovation with intelligent enterprise solutions from OpenText and SAP
Connect content to business processes for better productivity and stronger governance
Optimize Salesforce effectiveness by bringing together transactional data and unstructured content
Services
Services
Overview Services
Achieve digital transformation with guidance from certified experts
Professional Services
Modernize your information management with certified experts
Customer Success Services
Unlock the full potential of your information management solution
Support Services
Turn support into your strategic advantage
Managed Services
Extend IT teams with certified OpenText application experts
Learning Services
Discover training options to help users of all skill levels effectively adopt and use OpenText products
Professional Services
Overview Professional Services
Modernize your information management with certified experts
Customer Success Services
Overview Customer Success Services
Unlock the full potential of your information management solution
Support Services
Overview Support Services
Turn support into your strategic advantage
Managed Services
Overview Managed Services
Extend IT teams with certified OpenText application experts
Learning Services
Overview Learning Services
Discover training options to help users of all skill levels effectively adopt and use OpenText products
Partners
Find a Partner
Overview Find a partner
Information is the heartbeat of every organization. We build information management software so you can build the future
Cloud Partners
Overview Cloud Partners
OpenText partners with leading cloud infrastructure providers to offer the flexibility to run OpenText solutions anywhere
Migrate, optimize and manage information management solutions on AWS
Optimize performance and reduce costs with applications deployed on a secure, globally scaled platform
Accelerate migration and modernization with deployment in a highly secure and compliant public cloud
Enterprise Application Partners
Overview Enterprise Application Partners
OpenText partners with top enterprise app providers to unlock unstructured content for better business insights
Maximize sustained growth, value, and innovation with intelligent enterprise solutions from OpenText and SAP
Connect content to business processes for better productivity and stronger governance
Optimize Salesforce effectiveness by bringing together transactional data and unstructured content
Partner Solutions
Overview Partner Solutions
Discover flexible and innovative offerings designed to add value to OpenText solutions
Resources for Partners
Overview Resources for Partners
Discover the resources available to support and grow Partner capabilities
Support
Overview Customer Support
Get expert product and service support to accelerate issue resolution and keep business flows running efficiently
Resources
Overview Resources
Explore detailed services and consulting presentations, briefs, documentation and other resources
This page is available for the following regions.
Europe, Middle East and Africa
Asia–Pacific
What is Tokenization?
Overview
Tokenization is a process by which PANs, PHI, PII, and other sensitive data elements are replaced by surrogate values, or tokens. Tokenization is really a form of encryption, but the two terms are typically used differently. Encryption usually means encoding human-readable data into incomprehensible text that is only decoded with the right decryption key, while tokenization (or “masking”, or “obfuscation”) means some form of format-preserving data protection: converting sensitive values into non-sensitive, replacement values – tokens – the same length and format as the original data.
- Tokens share some characteristics with the original data elements, such as character set, length, etc.
- Each data element is mapped to a unique token.
- Tokens are deterministic: repeatedly generating a token for a given value yields the same token.
- A tokenized database can be searched by tokenizing the query terms and searching for those.
As a form of encryption, tokenization is a key data privacy protection strategy for any business. This page provides a very high-level view of what tokenization is and how it works.
Tokenization
Where did tokenization come from?
Digital tokenization was first created by TrustCommerce in 2001 to help a client protect customer credit card information. Merchants were storing cardholder data on their own servers, which meant that anyone who had access to their servers could potentially view or take advantage of those customer credit card numbers.
TrustCommerce developed a system that replaced primary account numbers (PANs) with a randomized number called a token. This allowed merchants to store and reference tokens when accepting payments. TrustCommerce converted the tokens back to PANs and processed the payments using the original PANs. This isolated the risk to TrustCommerce, since merchants no longer had any actual PANs stored in their systems.
As security concerns and regulatory requirements grew, such first-generation tokenization proved the technology’s value, and other vendors offered similar solutions. However, problems with this approach soon became clear.
What types of tokenization are available?
There are two types of tokenization: reversible and irreversible.
Reversible tokens can be detokenized – converted back to their original values. In privacy terminology, this is called pseudonymization. Such tokens may be further subdivided into cryptographic and non-cryptographic, although this distinction is artificial, since any tokenization really is a form of encryption.
Cryptographic tokenization generates tokens using strong cryptography; the cleartext data element(s) are not stored anywhere – just the cryptographic key. NIST-standard FF1-mode AES is an example of cryptographic tokenization.
Non-cryptographic tokenization originally meant that tokens were created by randomly generating a value and storing the cleartext and corresponding token in a database, like the original TrustCommerce offering. This approach is conceptually simple, but means that any tokenization or detokenization request must make a server request, adding overhead, complexity, and risk. It also does not scale well. Consider a request to tokenize a value: the server must first perform a database lookup to see if it already has a token for that value. If it does, it returns that. If not, it must generate a new random value, then do another database lookup to make sure that value has not already been assigned for a different cleartext. If it has, it must generate another random value, check that one, and so forth. As the number of tokens created grows, the time required for these database lookups increases; worse, the likelihood of such collisions grows exponentially. Such implementations also typically use multiple token servers, for load-balancing, reliability, and failover. These must perform real-time database synchronization to ensure reliability and consistency, adding further complexity and overhead.
Modern non-cryptographic tokenization focuses on “stateless” or “vaultless” approaches, using randomly generated metadata that is securely combined to build tokens. Such systems can operate disconnected from each other, and scale essentially infinitely since they require no synchronization beyond copying of the original metadata, unlike database-backed tokenization.
Irreversible tokens cannot be converted back to their original values. In privacy terminology, this is called anonymization. Such tokens are created through a one-way function, allowing use of anonymized data elements for third-party analytics, production data in lower environments, etc.
Tokenization benefits
Tokenization requires minimal changes to add strong data protection to existing applications. Traditional encryption solutions enlarge the data, requiring significant changes to database and program data schema, as well as additional storage. It also means that protected fields fail any validation checks, requiring further code analysis and updates. Tokens use the same data formats, require no additional storage, and can pass validation checks.
As applications share data, tokenization is also much easier to add than encryption, since data exchange processes are unchanged. In fact, many intermediate data uses – between ingestion and final disposition – can typically use the token without ever having to detokenize it. This improves security, enabling protecting the data as soon as possible on acquisition and keeping it protected throughout the majority of its lifecycle.
Within the limits of security requirements, tokens can retain partial cleartext values, such as the leading and trailing digits of a credit card number. This allows required functions—such as card routing and “last four” verification or printing on customer receipts—to be performed using the token, without having to convert it back to the actual value.
This ability to directly use tokens improves both performance and security: performance, because there is no overhead when no detokenization is required; and security, because since the cleartext is never recovered, there is less attack surface available.
What is tokenization used for?
Tokenization is used to secure many different types of sensitive data, including:
- Payment card data
- U.S. Social Security numbers and other national identification numbers
- Telephone numbers
- Passport numbers
- Driver’s license numbers
- Email addresses
- Bank account numbers
- Names, addresses, birth dates
As data breaches rise and data security becomes increasingly important, organizations find tokenization appealing because it is easier to add to existing applications than traditional encryption.
PCI DSS compliance
Safeguarding payment card data is one of the most common use cases for tokenization, in part because of routing requirements for different card types as well as “last four” validation of card numbers. Tokenization for card data got an early boost due to requirements set by the Payment Card Industry Security Standards Council (PCI SSC). The Payment Card Industry Data Security Standard (PCI DSS) requires businesses that deal with payment card data to ensure compliance with strict cybersecurity requirements. While securing payment card data with encryption is allowed per PCI DSS, merchants may also use tokenization to meet compliance standards. Since payments data flows are complex, high performance, and well defined, tokenization is much easier to add than encryption.
Secure sensitive data with tokenization
Tokenization is becoming an increasingly popular way to protect data, and can play a vital role in a data privacy protection solution. OpenText™ Cybersecurity is here to help secure sensitive business data using OpenText™ Voltage™ SecureData, which provides a variety of tokenization methods to fit every need.
Voltage SecureData and other cyber resilience solutions can augment human intelligence with artificial intelligence to strengthen any enterprise’s data security posture. Not only does this provide intelligent encryption and a smarter authentication process, but it enables easy detection of new and unknown threats through contextual threat insights.
Resources
Related products
OpenText™ Data Privacy & Protection Foundation
Protect high-value data while keeping it usable for hybrid IT
Data privacy and protection
Secure data, reduce risks, improve compliance, and govern access
