ShieldConex® v1.17 - 8.8.2024

ShieldConex version 1.17 introduces irreversible tokenization and time-based detokenization features to enhance GDPR compliance by controlling when and how sensitive data can be accessed. Additionally, proxy configuration improvements now allow seamless action chaining through passthrough transformations, along with new version-tracking and publishing functionalities for added security and clarity.

New Features

Irreversible Tokenization and Time-Boxed Detokenization Features

Enhanced GDPR compliance support with new irreversible tokenization, timed token activation, and timed token deactivation. This provides better compliance with GDPR regulations by ensuring sensitive data is handled appropriately.

  • Irreversible Detokenization
    This is turned on using a checkbox. If enabled, this allows the user to permanently prohibit the detokenization of any tokens created using this template. In tandem with our token idempotency, tokens can still be used to work with sensitive data by relying on parity.
    For example, if a user enters a card number in a checkout and a token is generated, that token can be compared against other tokenized card numbers to find a match. If the tokens are identical, then we know that the card numbers were also identical.
  • Time Token Activation and Deactivation
    Token activation and deactivation offsets can be configured in the Detokenization Restrictions settings as well. There are two fields that enable this; the Active From and Active To dates. The Active From field controls the offset from tokenization until the token can be detokenized and the Active To field controls the time offset time from tokenization until the token can no longer be detokenized. Please note that these are not specific dates, but rather the amount of time that has passed since detokenization. The duration designated in the Active To field should always be greater than the Active From date
    These fields are set based on the format defined in ISO 8601. ISO 8601 Durations are expressed using the following format, where (n) is replaced by the value for each of the date and time elements that follow the (n):


    P(n)Y(n)M(n)DT(n)H(n)M(n)S


    Where:
    P is the duration designator (referred to as "period"), and is always placed at the beginning of the duration.
    Y is the year designator that follows the value for the number of years.
    M is the month designator that follows the value for the number of months.
    W is the week designator that follows the value for the number of weeks.
    D is the day designator that follows the value for the number of days.
    T is the time designator that precedes the time components.
    H is the hour designator that follows the value for the number of hours.
    M is the minute designator that follows the value for the number of minutes.
    S is the second designator that follows the value for the number of seconds.


    For example:
    P3Y6M4DT12H30M5S represents a duration of three years, six months, four days, twelve hours, thirty minutes, and five seconds.

Enhanced Proxy Action Output Controls

Introduced the capability to pass the output of one action to another without requiring additional intermediary steps. This is enabled by the new instructionType field in the proxy configuration JSON schema. When set to passthrough,this streamlines processes and enhances the efficiency of action chains within the system.

When configuring a ShieldConex action in the proxy configuration, in the instructions section (previously substitutions) you can now set one of two transformation types:

  • substitution - tokenize or detokenize information and replace the source data in the payload, this is the default setting when the variable is not defined in the configuration
  • passthrough - tokenize without replacing any data in the payload and retrieve tokens asynchronously using the BFID returned in the response of the request

Enhancements

Proxy Configuration Version Number

Added a new feature to display the configuration version number within the user interface. This helps in identifying the current configuration version in use and aids in integration and debugging.

Fixed Various Minor Issues

Addressed several minor bugs and performance issues to improve the overall stability and reliability of the application.

Added 'Publish' to Proxy Configurations

Implemented a new rule where configurations can be published, making them immutable. This ensures that configurations used in a live production environment cannot be modified, preventing accidental disruptions.