TokenBRIDGE™
TokenBRIDGE licensed on the KeyBRIDGE appliance, implements a secure, easy-to-manage Token Vault, the core of any tokenization solution.
What is TokenBRIDGE?
- Generates random tokens in any defined format.
- Tokens are stored in logical containers called Relationships.
- High Assurance Token Collision Avoidance.
- Submitted clear values are encrypted using per-Relationship keys.
- Built-in backup – system restore only takes minutes.
- Full audit logging of all token and administrative operations.
- Implements a true token vault (submit clear value, get token; retrieve clear value).
- Token generation uses a FIPS-certified hardware RNG.
- All encryption keys are AES-256 and managed internally – no external key management required.
- Can store 250+ million values.
- Uses TLS v1.2 mutual authentication and certificate whitelist for client access.
- Can function as a standalone appliance, or be part of a High Availability mesh network.
- Leverages the GEOBRIDGE KeyBRIDGE platform.
When companies ask the question, what is more secure? A PIN traveling through their network, or PII that is stored and tokenized? In most cases, the PIN is more secure, because the PII has been associated to a token that was generated poorly, and the PII was encrypted with software, where keys can leak and ultimately compromise the intended PII. This is why GEOBRIDGE introduced the TokenBRIDGE License on the KeyBRIDGE Platform.
With widespread adoption of tokenization for multiple purposes, it’s no longer “good enough” to encrypt clear data and offer a surrogate. In today’s threat landscape, “good enough” will result in a Breaking News headline of mass data loss. PCI PIN and PCI P2PE have encryption standards for a reason. These same standards can be used for tokenization and that is what TokenBRIDGE is really all about. PII is encrypted under hardware based 256 bit AES encryption.
Tokens are produced from a FIPS 140-2 Level 3 certified random number generator. Secure the original data to the highest standard available, and guarantee uniqueness. Your company, your reputation, and most importantly your clients deserve the best protection possible.
TokenBRIDGE supports high availability for both token generation as well as de-tokenization. A mesh network of KeyBRIDGE appliances can be deployed to support Pool Mode while guaranteeing uniqueness and high availability of customer defined formats for token values. Connectivity is based on mutual authentication TLS 1.2 for added security and assurance.