Fujitsu Laboratories Ltd. today announced that it has developed digital trust management technology that can guarantee the authenticity of business data exchanged between corporations, government agencies, and other entities. The technology can verify when and by whom the data was created, and whether it has been tampered with, to ensure trusted data exchange and allow users peace of mind.
In the new normal era, business operations are shifting with increasing rapidity toward the digital space, in which communication takes place through e-mail and the cloud without face-to-face interaction. The challenges of guaranteeing trust and the authenticity of data transactions represent an increasingly urgent issue, particularly data requiring approval in the business of handling contracts and invoices with business partners.
To address this challenge, Fujitsu Laboratories has developed a digital trust management technology that can automatically ensure the authenticity of data handled by multiple organizations involved in the approval process. The technology can achieve this without altering the user interface of the cloud service that customers such as corporations and government offices interact within their daily operations. With this technology, Fujitsu’s proprietary Trust as a Service (TaaS) layer can be installed in a cloud environment between a cloud service and a client device, and data that needs to be signed on behalf of the client device can be automatically digitally signed to guarantee authenticity transparently. Fujitsu has also developed an authentication protocol for TaaS that enables secure connection and management between cloud services, the TaaS layer, and client devices while eliminating difficulties for service users.
The use of this technology offers the potential to accelerate the digital transformation of internal operations and enable the verification of the authenticity of business data across multiple organizations, including in cases in which users are working remotely or with external devices, enabling secure business collaboration.
Fujitsu will present details of the technology at the international conference “The 10th International Cybersecurity Symposium,” which will be hosted online by Keio University in Tokyo on Thursday, October 8th (Thursday).
Developmental Background
In recent years, the intensification of cyber-attacks has led to the need for Zero Trust Architecture(1) to security and data that focuses on seamless authentication and access control, rather than the conventional defense that protects the boundaries between the internal intranet and external networks.
The new normal also calls for the promotion of remote-working to reduce face-to-face work, including replacing stamps with digital signature for business data, as much as possible, and to create a system to complete work digitally. In addition, for communication between organizations, a business form using digital infrastructure, combining storage in various cloud environments, various services, and e-mail, has become the standard.
However, in businesses in the digital space, for example, a US government report revealed that the amount of damages caused by business email compromise domestically and internationally, in which a person is deceived by a forged invoice, amounts to over 26 billion USD(2).
To prevent these risks, it is important to ensure the authenticity of the data, such as whether it was created by a trusted source or whether it has been tampered with.
Issues
As a means of guaranteeing the authenticity of data, technologies such as e-Seal(3) including signatures of legal entities, for which the Japanese Ministry of Internal Affairs and Communications is considering legislation, and digital signatures including personal signatures using Japanese social security My Number identity cards. However, users of these technologies must be aware of the need to perform tasks including securely managing the private key and providing a digital signature, which poses a problem in terms of convenience. In addition, the introduction of authentication technology tailored to each business service is costly in terms of man-hours.
In addition, since collaboration between different organizations is generally performed on a cloud service determined for each business system, it is necessary to use different cloud services for each business partner. Therefore, demand is growing for a system to ensure the authenticity of the approval process across organizations while leveraging the cloud services used in day-to-day operations.
About the Newly Developed Technology
Fujitsu Laboratories has developed an industry-first technology that makes it possible to assign and manage individual digital signatures for business data without specialized business systems, and to integrate and manage and verify the data creation process. The technology achieves this by installing Fujitsu’s TaaS layer in the cloud environment between cloud services used in daily business operations and client devices in organizations in the private and public sectors.
1. Transparent Trust-Ensuring Technology
Fujitsu has developed a technology that enables the TaaS layer to detect the operation of the user’s work when using a cloud service that provides a data management function from a client device, and automatically substitute and transparently add and manage digital signatures.
2. Process Assurance Technology
By incorporating authenticity into the data itself, Fujitsu has developed technology that makes it possible to visualize the process of generating business data and to guarantee and confirm the authenticity of business processes. With this technology, the process of creating, confirming, and approving data within and between organizations is incorporated into the business data by the user in advance. By following the embedded process, the user creates and approves the data, and the TaaS layer automatically stacks the digital signatures of each user and approver in the business data. By implementing business process management that incorporates authenticity into the data itself, rather than relying on traditional business systems, the technology guarantees the authenticity of business processes across organizations and confirms their authenticity without relying on cloud services.
This technology enables secure business-to-business collaboration by clarifying who created and who approved business data such as contracts, quotes, and invoices, increasing transparency.
Outcome
Fujitsu has successfully confirmed that the business data approval process works correctly without changing the user interface on the client device side when a TaaS layer is built on the cloud and used in combination with a commercial cloud service. This enables users to ensure the authenticity of their data for projects across multiple departments within their company.
For example, when client devices of two organizations inside and outside the company use different cloud services in a telework environment, by mediating the TaaS layer, the originator of the created business data is guaranteed and provided to the other organization, and the receiving organization can verify the authenticity of the business data. In addition, e-Seal enables organizations to ensure the authenticity of business data, as well as the authenticity of those who created and approved them.In addition, because the TaaS layer is based on digital signature technology, which is effective in preventing spoofing attacks, it is also effective in dealing with the risk of business email compromise that has become increasingly prevalent in interactions with new work styles.
Future Plans
Through Japan Digital Trust Forum(4), Fujitsu will participate in the establishment of a common architecture for TaaS, and will proceed with verification in the usage scenes of the newly developed technology, with the aim of putting it into practical use.
(1) Zero Trust Architecture
The latest security architectural approach mentioned by US National Institute of Standards and Technology (NIST) in the Special Publication (SP) 800-207(final) report published in August 2020. Zero Trust is a security model built with continuous authentication with access control based on the principle that there shall not be trust by default.
(2) 26 billion USD
According report on the internet crime by the US Federal Bureau of Investigation https://www.ic3.gov/media/2019/190910.aspx
(3) e-seal
A means to easily verify the organization of origin for an electronic data issuer as an alternative to a traditional ink stamp of a company used for paper documents.
(4) JDTF: Japan Digital Trust Forum
A forum for the purpose of proposing and disseminating mechanisms by which enterprises and organizations in different fields and industries cooperate to ensure the authenticity of digital data. An inaugural meeting was held on August 27, 2020 with the support of 14 private companies and government and academia.
5 mins read