Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Concepts

Token Vault Structure for Databases

search

Please Note:

Token Vault Structure for Databases

The token vault contains the tokens and their corresponding ciphertext. There can be multiple token vaults in one database.

Following section explains the token vault structure for supported databases:

Oracle Database

In an Oracle database, each token vault (sequential/non-sequential) has the following structure:

COLUMN_NAMEDATA_TYPEDATA_LENGTH
CUSTOMDATANVARCHAR21000
MACVALUERAW32
TOKENNVARCHAR2*
CIPHERTEXTRAW*
CREATIONDATEDATE7
KEYROTATIONDATEDATE7
PROPAGATEDNVARCHAR220
LASTACCESSDATEDATE7
TOKENPROPERTYNVARCHAR216
CUSTOMTOKENPROPERTYNVARCHAR2255

Note

  • The character set of Oracle database should be UTF-16.

  • For Oracle database, you must specify the vault and key name in uppercase.

When the table is created to accept sequential tokens, a sequence named <token_vault_name>_seq is also created.

MS SQL Database

In an MS SQL Server database, a non-sequential token vault has the following structure:

COLUMN_NAMEDATA_TYPEDATA_LENGTH
idbigint
tokennvarchar*
ciphertextvarbinary275
macvaluebinary32
creationdatedatetime
keyrotationdatedatetime
customdatanvarchar256
propagatednvarchar20
lastaccessdatedatetime
tokenpropertynvarchar16
customtokenpropertynvarchar255

When the table is created to accept sequential tokens, the table construction is slightly different (the column id is not there in sequential vault and data type of column token is BIGINT):

COLUMN_NAMEDATA_TYPEDATA_LENGTH
idbigint
tokennvarchar*
ciphertextvarbinary275
macvaluebinary32
creationdatedatetime
keyrotationdatedatetime
customdatanvarchar256
propagatednvarchar20
lastaccessdatedatetime
tokenpropertynvarchar16
customtokenpropertynvarchar255

MySQL Database

In a MySQL database, each non-sequential token vault has the following structure:

COLUMN_NAMEDATA_TYPEDATA_LENGTH
idbigint
macvaluebinary32
ciphertextvarbinary275
tokennvarchar*
creationdatedatetime
keyrotationdatedatetime
customdatanvarchar*
propagatednvarchar20
lastaccessdatedatetime
tokenpropertynvarchar16
customtokenpropertynvarchar255

When the table is created to accept sequential tokens, token vault has the following structure (the column id is not there in sequential vault and data type of column token is BIGINT):

COLUMN_NAMEDATA_TYPEDATA_LENGTH
idbigint
macvaluebinary32
ciphertextvarbinary275
tokennvarchar*
creationdatedatetime
keyrotationdatedatetime
customdatanvarchar*
propagatednvarchar20
lastaccessdatedatetime
tokenpropertynvarchar16
customtokenpropertynvarchar255

Informix Database

In Informix database, each non-sequential token vault has the following structure:

COLUMN_NAMEDATA_TYPEDATA_LENGTH
idBIGSERIAL
tokenVARCHAR*
ciphertextLVARCHAR275
macvalueLVARCHAR64
creationDateDATETIME YEAR TO FRACTION (3)
keyrotationdateDATETIME YEAR TO FRACTION (3)
customdataVARCHAR255
propogatedVARCHAR255
lastaccessdateDATETIME YEAR TO FRACTION (3)
tokenpropertyVARCHAR16
customtokenpropertyVARCHAR255

When the table is created to accept sequential tokens, token vault has the following structure (the column id is not there in sequential vault and data type of column token is BIGSERIAL):

COLUMN_NAMEDATA_TYPEDATA_LENGTH
tokenBIGSERIAL*
ciphertextLVARCHAR275
macvalueLVARCHAR64
creationDateDATETIME YEAR TO FRACTION (3)
keyrotationdateDATETIME YEAR TO FRACTION (3)
customdataVARCHAR255
propogatedVARCHAR255
lastaccessdateDATETIME YEAR TO FRACTION (3)
tokenpropertyVARCHAR16
customtokenpropertyVARCHAR255

On this page