Systems and Means of Informatics
2021, Volume 31, Issue 4, pp 135-143
ENHANCED TOKENIZATION ALGORITHM FOR PERSONAL DATA PROTECTION
- A. A. Grusho
- D. V. Smirnov
- E. E. Timonina
- S. Ya. Shorgin
Abstract
Tokenization is one of the methods of depersonalizing personal data.
This method is a bijective replacement of fragments of personal data with random elements of a certain set. One of the weaknesses of personal data protection through tokenization is the possibility of statistically assessing the probabilities of the occurrence of protected fragments of personal data. The paper proposes a method of enhancing tokenization algorithms which allows overcoming this weakness. The enhanced tokenization algorithm is slightly different in complexity from other algorithms. At the same time, the enhanced algorithm can be used both in cases of tokenization by replacing alphabets describing various fragments of personal data and in cases where personal data are divided into fragments of the same length and converted into fragments of the same length but in other alphabets.
[+] References (10)
- O personal'nykh dannykh: Federal'nyy zakon 152-FZ [About personal data: Federal law 152-FZ]. July 27, 2006. Available at: http://www.consultant.ru/ document/cons_doc_LAW_61801 (accessed September 15, 2021).
- FSTEC Rossii. February 18, 2013. Ob utverzhdenii sostava i soderzhaniya organizatsionnykh i tekhnicheskikh mer po obespecheniyu bezopasnosti personal'nykh dannykh pri ikh obrabotke v informatsionnykh sistemakh personal'nykh dannykh: Prikaz No. 21 [On approval of the composition and content of organizational and technical measures to ensure the security of personal data during their processing in personal data information systems: Order No. 21]. 19 p. Available at: https://fstec.ru/normotvorcheskaya/akty/53-prikazy/691 (accessed September 15, 2021).
- Roskomnadzor. September 5, 2013. Ob utverzhdenii trebovaniy i metodov po obezlichivaniyu personal'nykh dannykh: Prikaz No. 996 [On approval of requirements and methods for the depersonalization of personal data: Order No. 996]. 7 p. Available at: http://rkn.gov.ru/docs/doc_981.tiff (accessed September 15, 2021).
- Rosstat. April 19, 2013. Ob utverzhdenii Metodologicheskikh polozheniy po formirovaniyu massivov depersonifitsirovannykh mikrodannykh godovogo strukturnogo obsledovaniya po forme federal'nogo statisticheskogo nablyudeniya N 1-predpriyatie "Osnovnye svedeniya o "deyatel'nosti organizatsii" obshchego pol'zovaniya dlya pred- stavleniya pol'zovatelyam v analiticheskikh tselyakh: Prikaz No. 165 [On adoption of Methodological provisions for the formation of arrays of depersonalized microdata of the annual structural inspection in the form of federal statistical observation N 1-enterprise "Main data on the activity of the organization" for general use to provide users with analytical purposes: Order No. 165]. 9 p. Available at: https://docs.cntd. ru/document/499020817/ (accessed September 15, 2021).
- Ministerstva zdravookhraneniya Rossiyskoy Federatsii. June 14, 2018. Ob utverzhdenii Poryadka obezlichivaniya svedeniy o litsakh, kotorym okazyvayetsya meditsin- skaya pomoshch', a takzhe o litsakh, v otnoshenii kotorykh provodyatsya meditsinskie ekspertizy, meditsinskie osmotry i meditsinskie osvidetel'stvovaniya: Prikaz No. 341n [On approval of the statement of the Order on depersonalization of information about persons to whom medical care is provided as well as about persons in respect of whom medical expertise, medical examinations, and medical certifications are performed: Order No. 341n]. 7 p. Available at: http://publication.pravo.gov.ru/Document/View/ 0001201808090005 (accessed September 15, 2021).
- Tokenization 101: Understanding the basics. Available at: https://www.wexinc.com/ insights/blog/corporate-payments-edge/credit-card-tokenization-basics/ (accessed September 15, 2021).
- Protegrity Vaultless Tokenization. Available at: https://s3.amazonaws.com/ ptymarketingcollateral/Vaultless_Tokenization_FAQs_APRIL_12.pdf (accessed September 15, 2021).
- Grusho, A. A., M.I. Zabezhailo, D. V. Smirnov, and E.E. Timonina. 2017. Model' mnozhestva informatsionnykh prostranstv v zadache poiska insaydera [The model of the set of information spaces in the problem of insider detection]. Informatika i ee Primeneniya - Inform. Appl. 11 (4): 65-69.
- Denning, D., S. Akl, M. Heckman, et al. 1987. Views for multilevel database security. IEEE T. Software Eng. SE-13:129-140.
- Grusho, A. A., N. A. Grusho, M.I. Zabezhailo, D.V. Smirnov, and E.E. Timonina. 2018. Parametrizatsiya v prikladnykh zadachakh poiska empiricheskikh prichin [Parametrization in applied problems of search of the empirical reasons]. Informatika i ee Primeneniya - Inform. Appl. 12(3):62-66
[+] About this article
Title
ENHANCED TOKENIZATION ALGORITHM FOR PERSONAL DATA PROTECTION
Journal
Systems and Means of Informatics
Volume 31, Issue 4, pp 135-143
Cover Date
2021-12-10
DOI
10.14357/08696527210411
Print ISSN
0869-6527
Publisher
Institute of Informatics Problems, Russian Academy of Sciences
Additional Links
Key words
information security; depersonalization of personal data; tokenization; mathematical statistics
Authors
A. A. Grusho  , D. V. Smirnov  , E. E. Timonina , and S. Ya. Shorgin
Author Affiliations
Federal Research Center "Computer Science and Control", Russian Academy of Sciences, 44-2 Vavilov Str., Moscow 119333, Russian Federation
Sberbank of Russia, 19 Vavilov Str., Moscow 117999, Russian Federation
|