Trustway DataProtect Token
Trustway DataProtect Token is a solution to protect your sensitive data by replacing it with a surrogate value that preserves the length and format of the original data, the easiest way for data masking.
As the volume and value of your organization’s data continues to grow, you can no longer rely solely on perimeter-based security to protect it from the lasting impact of a breach.
Trustway DataProtect Token replaces sensitive data with a unique token (surrogate value) that is stored, processed or transmitted in place of the original data. A popular choice with the payment card industry to secure primary account numbers (PAN), tokenization can be used to protect other types of high-value data.
In combination with Trustway DataProtect KMS based on certified architecture, Trustway DataProtect Token meets the strictest international standards and brings the highest levels of security to your sensitive data.
Follow or contact us:

Centralize management
Based on HSM architecture, this unified platform provides key management and encryption services for all your infrastructure solutions. Enhanced by monitoring and granular access control features, it guarantees a unique data protection policy for your company and reduces compliance and audit costs.

Strengthen security
Data can be tokenized with a surrogate value in a variety of formats for unlimited data type support, including numeric data with spaces or dashes like credit card numbers, social security numbers, passport numbers, email addresses and more.

Achieve compliance
A highly available encryption solution to address numerous industry security standards and government regulations such as PCI DSS, GDPR and HIPAA.
Unlimited data type and broad token format support
- Tokenize primary account numbers (PAN), as well as other data types (PCI, PII, PHI, etc.) in any environment, including payment systems and big data implementations
- Support a wide variety of token formats, including regular expressions and customized formats
Support cloud initiatives
- Deploy in on-premises, virtual and public cloud environments
- Set up tokenization in the cloud more quickly with readily available Chef® recipes for easy automation
Transparent and secure tokenization
- Replace sensitive data with a token (surrogate value) that can be securely stored, processed and transmitted
- Apply granular access controls to ensure only authorized users or applications can view tokenized data
- Centralize key management across multiple sites with an industry-leading enterprise key manager
- Leverage bulk tokenization utilities and batch APIs
Ensure easy deployment and management
- No changes required to applications, databases, and legacy systems with Format Preserving Tokenization (FPT)
- Web services (SOAP and REST APIs) provide fast, cost-effective deployment
- Built-in, automated key rotation and data re-keying
HSM certifications
- Common Criteria EAL4+ compliant with CWA 14167-2 PP
- FIPS 140-2 Level 3 (in progress)
- EU RESTRICTED
- NATO SECRET
- Qualification Renforcée (the highest qualification from ANSSI)
- Compliant with eIDAS
Format Preserving Tokenization:
- Complies with PCI Tokenization Guidelines for token identification via token masking and Luhn algorithm pass/ fail checks
- Supports multiple tokens vaults
- Highly scalable – can generate and retrieve millions of tokens per day for best performance
Supported token vault databases: Microsoft SQL Server, Oracle, MySQL, Cassandra
Note: all tokenization forms are supported on all databases as long as the vault itself is on Microsoft SQL Server, Oracle, MySQL or Cassandra
Supported APIs: Java, NET
Web services: SOAP, REST/JSON
Enhanced event logging and monitoring functionality: Complies with PCI tokenization manager event monitoring specifications, Supports SNMP for online monitoring and alerting
Token Formats:
- Random or sequential token generation
- Masked: Last four, first six, first two, etc.
- Fixed length and width masking
- Customer-defined custom formats
- Cryptographic hash functions, including SHA2-256, SHA2-284, SHA2-512 and base16/Base64
- Regular expressions (Java style)
Trustway DataProtect offers a comprehensive data encryption solution to guarantee data security and the control on the data access.
This solution provides the customer with the tools to the capabilities to encrypt all the data format as Virtual Machine, Database, File system, Application and Tokenization. Trustway DataProtect is a complete solution for cloud, virtual and on-premises infrastructures and is compliant with the most restrictive data privacy regulations as GDPR, HIPAA or PCI DSS.
Trustway DataProtect KMS >>
Trustway DataProtect KMS is a centralized key management administration platform. This standards-compliant interface (PKCS#1) allows you to manage keys on every environment (cloud, virtual, on-premises) to enable information system audits and robust access control.
Trustway DataProtect App >>
Connected to Trustway DataProtect KMS, Trustway DataProtect App is a highly-secure application encryption solution which centralizes administration of application encryption policy and keys. This solution is suitable for a wide range of web application servers and enterprise applications.
Trustway DataProtect VM >>
Connected to Trustway DataProtect KMS, Trustway DataProtect VM brings complete cloud data protection, guaranteeing your organization a secure migration to the cloud, ensuring only authorized users can access information, and meeting compliance mandates. With Trustway DataProtect VM, you can now isolate and totally control your virtual machine instances.
Trustway DataProtect File >>
Connected to Trustway DataProtect KMS, Trustway DataProtect File ensures data security, denying unauthorized user access to your files through fully automated file encryption of unstructured data contained in network drives and file servers.
Trustway DataProtect DB >>
Connected to Trustway DataProtect KMS, Trustway DataProtect DB provides your organization with total database protection in the data center and the cloud, thanks to centralized control and a regular key rotation. You directly select which data fields to encrypt.
Related resources
Factsheet
Trustway DataProtect Token: A total protection of your sensitive data
Trustway DataProtect Token brings your organization total protection for your sensitive data by replacing it with a surrogate value.
Brochure
Download: Securing your end-to-end infrastructure with unified encryption
Discover Trustway DataProtect, a data protection solution that secures your data, regardless of the location — whether stored in a database, file server, application, traditional or virtualized data center, or public cloud environment.
White paper
Download: Prevent ransomware attacks from taking down your business and defend your data
Drastic emergency situations provide a conducive environment for criminals to perform cyberattacks. Ransomware attacks today are clearly on the rise, and the risk of an organization’s sensitive data being stolen is higher. Read our white paper to learn more about ransomware and how to protect your sensitive data.
Brochure
Trustway HSM: Data Security – Choosing the right path through compliance
Compliant, flexible and innovative, our range of hardware security modules brings companies and critical infrastructures the reliability of an innovative and robust architecture in compliance with strict security demands.