Many challenges exist in handling sensitive data, such as credit card numbers, social security numbers, bank account numbers, driving license numbers, and the like. In use, a system for processing such sensitive data transmits the sensitive data between multiple authorized entities, any of which can store the sensitive data. For example, in a retail environment, a user may swipe a credit card at a register, the register may transmit the credit card number to a local server, the local server may transmit the credit card number to a bank, and so forth. In this example, the credit card number may be stored at the register, the local server, the bank, and at any other intermittent entity implemented within such a retail environment. In such a system, the sensitive data is vulnerable to interception by unauthorized entities at multiple points, such as during each transmission between authorized entities or while stored at any authorized entity.
To prevent unauthorized access to sensitive data, steps can be taken to protect the sensitive data. Such data protection measures are required by many jurisdictions for various categories of sensitive data. The sensitive data can be encrypted during transmission or storage using an encryption algorithm and encryption key, but encryption can be broken by various hacking methods. Data storage security measures can be implemented while the sensitive data is stored at an authorized entity, but such storage security measures generally protect against intrusion by an unauthorized entity and don't protect the sensitive data after the unauthorized entity has overridden or bypassed the storage security measures.