Which identifier uniquely identifies a token for revocation processing?

A token needs a single, unambiguous handle to locate its record across systems during revocation. The 20-digit Token Serial Number is designed to be unique to each token, ensuring that exactly one token is identified and updated in the revocation database, even if the owner has other tokens or if the token is replaced. Personal identifiers like the subscriber’s SSN or EDIPI are tied to people, not to a specific token, which can create ambiguity and raise privacy concerns. The reason for revocation is metadata about why the token was revoked and does not serve to locate or identify the token itself. Therefore, the 20-digit Token Serial Number is the best, reliable identifier for revocation processing.