| Nowadays, in order to meet the needs for marketing and analyzing customer preferences, the transaction data tend to be stored by merchant, even including sensitive data like PAN(PAN indicates a cardholder’s bank card number), which makes merchant’s system the target of attacker. Besides, in a card-not-present transaction such as an online transaction, sensitive data is easy to be stolen during the process of transmission and storage, although the development of new payment methods bring convenient experience to customers. In order to solve the problem above, tokenization system is born at the right moment. Token requestor and token service provider in tokenization system as two new entities join the traditional payment system. In order to reduce the appearance frequency of PAN in trade circulation, a PAN is replaced by a payment token while it is participating in the process of transaction and authorization.Sensitive data is centrally processed by tokenization system, which potentially reduces other trading entities’ efforts to implement PCI DSS requirements and solves the problem of protecting sensitive data.Basing on EMVCo’s tokenization specification, this paper studies and implements three core technologies including tokenization technology, ID&V technology and de-tokenization technology involved in tokenization system. Tokenization technology solves the problem of payment token generation and issuance. ID&V technology solves the problems of validating the cardholder’s account and establishing a confidence level for payment token to PAN binding. De-tokenization technology solves the problem of redeeming a payment token for its associated PAN. This paper includes the following contributions and creations:1. Designs payment token, which is based on the business logic of payment trade. Maximizes payment token’s compatibility to the existing payment system and applies it to an inter-bank scenario.2. Studies generation method of payment token, which is based on deterministic random bit generator and analyzes its security. Enables that the exposure of payment token won’t lead to the exposure of PAN.3. Applies D-left counting bloom filter to duplicate checking of payment token creatively. Reduces time complexity from O(n) to O(1) while consuming relatively small space.4. Builds up a token-to-PAN binding risk assessment model by combining qualitative analysis with quantitative analysis, which is based on Analytic Hierarchy Process and Delphi method. Rates Token Assurance Level by combining with the account validation results and enhances the security of transaction.5. In order to verify the validity of a de-tokenization request, designs a dynamic identity authentication protocol, which is based on digital signature technology. It not only can identify cardholder, but also can resist replay attacks and dictionary attacks.This paper designs three business process including tokenization process, ID&V process and de-tokenization process in detail. It also designs the interaction and data flow format between modules and token service provider subsystem. What this paper researches on provides technical supports for implementing a tokenization system, which is beneficial to protect sensitive data and other trading entities. |
PDF Full Text Request