The AuricVault® tokenization service provides all your encryption and key management requirements.
The service provides:
- PCI compliant encryption for the tokenized data.
- AES-256 data encryption keys (DEK).
- GPG encrypted key encryption keys (KEK).
- Automatic, PCI compliant data encryption key rotation.
The AuricVault® service key management services are located within a PCI compliant hosting facility separate from the encryption servers and the key services. The encryption services are separated geographically as well as across multiple hosting providers.
The AuricVault® tokenization and storage service offers implementation flexibility. Direct connectivity allows both modern servers and legacy systems to integrate with the AuricVault® service. The integration method is a simple HTTPS POST call using JSON-RPC. Almost any programming language can easily integrate with the service. Vault-managed encryption performs all encryption/decryption and key management tasks within the AuricVault® service. Plain text (unencrypted) data is sent to the AuricVault® service.
Vault-Managed API Calls