On Fri, 25 May 2012 10:30:45 -0500, Roberts, John J wrote: > >So all Personally Identifiable Information (PII) fields must be masked. I >have figured out techniques to mask names and addresses. But I now need to >figure out a technique to mask a nine digit numeric key. This field is used >as either a primary or secondary key in many files. So I can't just >substitute a random number, since the relationships need to be maintained. I >have identified some requirements for the masking algorithm: > >(1) It must be deterministic (same input produces same output always). > >(2) Uniqueness must be maintained. Therefore no two original values can >translate to the same masked value. > >(3) The masked result must also be a nine digit numeric value. > >(4) It must not be possible to calculate the original value from the masked >value (i.e. a one-way transformation). > Is there any validity check performed on these keys? Will that validity check be performed on the masked keys, requiring a mapping into the valid subset of the 9-digit key space.
Just curious: how would you mask names and addresses? Of course, if these are not used as keys some constraints such as uniqueness are relaxed. -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
