Steganography In Tokenization

Introduction:

Steganography is the art of hiding a secret inside information. The literal meaning is “covered writing”. Images are one of the popular sources of hiding secret information. Presented below is a basic functional diagram of a steganography system that works on images.

The process involves the following parts:

1. Secret Message: The secret which needs to be hidden in the image
2. Cover Image: The image in which the secret needs to be hidden
3. Key: The key from which the secret is encrypted. This is optional
4. Embedding function: The algorithm which embeds the secret into the image
5. Extracting function: The reverse algorithm which extracts the secret from the image

Tokenization Use Case:

Tokenization is a method in which the sensitive data is converted into tokenized data. Many banking applications use this method to protect the user’s credit card information. A typical flow is:

1. Application Server passes the user sensitive information to the token server (e.g. credit card number)
2. Tokenization server converts this credit card to a token preserving the format. The mapping of the original data and the token is stored as an encrypted entry in the token database.
3. The token is returned to the application server which stores it in its own database
4. Only the authorized application is allowed access to the original data through the Tokenization server.

Steganography can come to help here and can make the tokenization server free from storing any such data. In most cases, the data which needs to be tokenized belongs to a user and hence it also has a user image (for e.g. the photo of a user who owns the bank’s credit card). In such cases, this mapping itself can be stored in the user’s image itself freeing up tokenization server from storing any data.

Presented below is a typical architecture for a Tokenization Server. Note that the tokenization server maintains the encrypted database to store the mapping of tokenized data to original data.

The typical message flow is:

1. The Registered Application sends the credit card number to Tokenization Server for tokenization
2. The Tokenization Server tokenizes the data using the “key” from the Key Management Server.
3. The mapping of the tokenized data vs the key is stored in the encrypted database
4. The tokenized data is returned to the application
5. To retrieve back the original credit card number the Registered Application sends the tokenized data to the Tokenization Server.
6. The Tokenization Server looks up the mapping in its encrypted database and with the found key it gets back the original data
7. The original credit card number is sent back to the application

Presented below is the modified architecture with steganography. Note that the tokenization server does not maintain any encrypted database at its end and uses a steganography server