Authors:
Cyrius Nugier
1
;
Diane Leblanc-Albarel
2
;
Agathe Blaise
3
;
4
;
Simon Masson
4
;
5
;
Paul Huynh
5
and
Yris Brice Wandji Piugie
6
;
7
Affiliations:
1
LAAS-CNRS, Université de Toulouse, Toulouse, France
;
2
CNRS, IRISA, INSA de Rennes, Rennes, France
;
3
Sorbonne Université, Paris, France
;
4
Thales, Gennevilliers, France
;
5
Université de Lorraine, INRIA, Loria, CNRS, Nancy, France
;
6
FIME EMEA, Caen, France
;
7
Normandie Université, UNICAEN, ENSICAEN, CNRS, GREYC, 14000 Caen, France
Keyword(s):
Token Service Provider, Credit Card Numbers.
Abstract:
Internet users are increasingly concerned about their privacy and are looking for ways to protect their data. Additionally, they may rightly fear that companies extract information about them from their online behavior. The so-called tokenization process allows for the use of trusted third-party managed temporary identities, from which no personal data about the user can be inferred. We consider in this paper tokenization systems allowing a customer to hide their credit card number from a webshop. We present here a method for managing tokens in RAM using a table. We refer to our approach as upcycling as it allows for regenerating used tokens by maintaining a table of currently valid tokens. We compare our approach to existing ones and analyze its security. Contrary to the main existing system (Voltage), our table does not increase in size nor slow down over time. The approach we propose satisfies the common specifications of the domain. It is validated by measurements from an impleme
ntation. By reaching 70 thousand tries per timeframe, we almost exhaust the possibilities of the “8-digit model” for properly dimensioned systems.
(More)