Tokenization

Seems like a heavy word, so, lets understand what it means from implementation and use-case perspective.

Imagine You want to store confidential user or customer information such as Aadhar card or Pan-card number in your application and while storing it, you don’t want the administrator / Operation users of the application to be able to view the numbers.

That means you want to save it, use it but don’t want anybody to be able to view it, even if it's an administrator of the application, “just for your information there are strict guidelines from regulatory bodies that Sensitive PII data cannot be stored in any applications database in plain readable format”; the reason behind this is that these numbers can be misused by hackers and malicious people

Concept of Tokenization

You pass some value to a system maybe "ABCD" and the system returns "EFGH", this EFGH is your token, and the returning system maintains a mapping of EFGH to ABCD and whenever you share the EFGH value it would return the actual number (ABCD) by looking at its mapping table, so you are storing and dealing with Tokenized data "EFGH" and not the actual value (ABCD).

You can relate the above example with Aadhar tokenization where you are storing EFGH (Aadhar Token) in your application rather than actual ABCD (Aadhar actual) in your application and the actual Aadhar is stored in a secure Vault (tamper proof vault)

To achieve this scenario you need a tokenization solution which can store the actual value of Aadhar / Pan card in a secure vault and return a tokenized value “a random number which can be stored in the application” this tokenized value would act as a unique reference number to retrieve the actual number from the vault database but this can be only achieved from the front end of the application rather than from the backend by an administrator, so when I say it can be retrieved from the front end of the application, in this case also the front end would not display the entire Aadhar number but if somehow the system wants to use it, let’s say for retrieving the User demographics from UIDAI, the front end application would fetch the aadhar number from the Aadhar vault but it would not display in front for the user infact it would just keep it in memory and use it to call the UIDAI API and get the demographics, once the task is done it would delete the Aadhar number from the memory