Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

back

Application Data Protection Administration

Managing Masking Formats

search

Please Note:

Managing Masking Formats

The masking format is the format in which the output of the protect and reveal operations is presented. Application Data Protection offers a set of predefined masking formats. To meet your specific requirement, the Application Data Protection Admins can easily create custom masking formats.

Application Data Protection supports following types of masking formats:

  • Static Masking Format: Creates masking format for the protect operation. This format is only applicable for FPE algorithms. It allows you to preserve some characters of the input data. While creating this format, you can choose the starting and the ending characters to be preserved. The remaining characters will be protected based on the algorithm.

  • Dynamic Masking Format: Creates masking format for the reveal operation. Dynamic masking format determines how the output of the reveal operation is displayed to the application users. While creating this format, you can choose to show or hide characters and the masking character that will be used mask the data. By default, X is masking character.

Examples of dynamic masking

Example 1

  • Plaintext: 12345678ABCDFRG

  • Masking Character: X

  • Masking Operation: Show first 3 characters and last 4 characters.

  • Masked Data: 123XXXXXXXXDFRG

Example 2

  • Plaintext: 12345678ABCDFRG

  • Masking Operation: Mask first 3 characters and last 4 characters.

  • Masked Data: YYY45678ABCYYYY

Examples of static masking

Example 1

  • Plaintext: 0123456789012345

  • Masking Operation: Preserve first 2 and last 4 characters and encrypt the remaining characters.

  • Output: 01bdJloPqwAq2345

Example 2

  • Plaintext: 0123456789012345

  • Masking Operation: Preserve first 4 and last 3 characters and encrypt the remaining characters.

  • Output: 0123WKNclKoIs345

Default Masking Formats

The following table describes the predefined static and dynamic masking formats along with their description. We have also added some examples to make you familiar with the masking operation:

Masking Format NameTypeDescriptionExample
FIRST_SIXStaticPreserves first six characters and encrypts the remaining characters.123456xboilkjt
FIRST_SIX_LAST_FOURStaticPreserves first six and last four characters. The remaining character are encrypted.123456AqDfe9876
FIRST_TWO_LAST_FOURStaticPreserves first two and last four characters. The remaining characters are encrypted.12HgFtklor7654
LAST_FOURStaticPreserves last four characters and encrypts the remaining characters.VyTKIDbdpqwy9876
SHOW_FIRST_SIXDynamicShows the first six characters of the plaintext value and masks the remaining characters.012345XXXXXXXXXX
SHOW_FIRST_SIX_LAST_FOURDynamicShows the first six and last four characters of the plaintext value and masks the remaining characters.012345XXXXXX2345
SHOW_FIRST_TWO_LAST_FOURDynamicShows the first two and last four characters of the plaintext value and masks the remaining characters.01XXXXXXXXXX2345
SHOW_LAST_FOURDynamicShows the last four characters of the plaintext value and masks the remaining characters.XXXXXXXXXXXX2345

Important Points

  • Predefined masking formats can't be deleted.

  • Masking formats once created can't be modified.

  • Custom masking formats can be deleted.

In this article you will learn how to: