Algorithm frameworks

Algorithm frameworks define the masking logic used to transform sensitive data. When creating a custom algorithm, you select a framework and configure the parameters required by that framework.

Each framework provides a specific masking capability, such as:

  • replacing characters

  • shifting dates

  • generating synthetic values

  • tokenizing data

  • performing lookup substitutions

Frameworks act as templates for creating algorithm instances.

When a masking job runs, the selected algorithm applies the logic defined by its framework to transform the original data values while preserving format and usability where required.

Framework components

When configuring an algorithm, the configuration screen includes the following fields:

Field Description
Plugin The plugin that provides the algorithm framework.
Framework The masking framework used to define algorithm behavior.
Mask Type The type of data the algorithm processes (for example STRING, DATE, or BYTE_BUFFER).

Different frameworks support different masking scenarios and configuration options. The following sections describe each supported framework and its typical use cases.

Choose an algorithm framework

Navigate to the Algorithm Frameworks section for a detailed description of each Algorithm framework. The algorithm framework you choose will depend on the format of the data and your internal data security guidelines.

Choose between Character and Segment Mapping frameworks

The Character Mapping algorithm is intended to replace Segment Mapping for many use cases. That said, it does not replicate every feature of that algorithm, so the specific masking application will determine which one is appropriate.

Reasons to choose Character Mapping over Segment Mapping:

  • Character Mapping can mask all characters in the first Unicode plane known as the Basic Multilingual Plane(BMP). Segment Mapping can only mask "[a-zA-Z]" + "[0-9]"

  • Character Mapping automatically preserves all non-masked characters. Segment Mapping requires configuration of preserve characters. Character Mapping is much easier to use when the data is potentially "dirty" or not consistently formatted.

  • Character Mapping can process preserve ranges in reverse, allowing the last positions of an input to be preserved when inputs have different lengths. Segment Mapping preserve ranges are always processed from the beginning of input.

  • Character Mapping uses a more complex masking computation, so that every maskable position influences every other position in the masked value. Segment Mapping pre-computes the permutations for each segment independently.

Reasons to choose Segment Mapping over Character Mapping:

  • Segment mapping can mask different parts of the input, determined by position, differently. Character Mapping always masks the same groups of characters regardless of position.

  • Segment mapping can map inputs to different outputs at a position, like { A, B, C, D } -> { W, X, Y, Z } by specifying different Input and Mask values. This is not possible with Character Mapping.

  • Segment mapping supports numeric segments, with up to 6-digit segments masked to a specific range. Character Mapping doesn't allow this kind of range limiting.

DCT Compliance supports the following algorithm frameworks: