TOKYO: Fujitsu Laboratories Ltd. today announced that it has developed digital trust management technology that can guarantee the authenticity of business data exchanged between corporations, government agencies, and other entities. The technology can verify when and by whom the data was created, and whether it has been tampered with, to ensure trusted data exchange and allow users peace of mind.

In the new normal era, business operations are shifting with increasing rapidity toward the digital space, in which communication takes place through e-mail and the cloud without face-to-face interaction. The challenges of guaranteeing trust and the authenticity of data transactions represent an increasingly urgent issue, particularly data requiring approval in the business of handling contracts and invoices with business partners.

To address this challenge, Fujitsu Laboratories has developed a digital trust management technology that can automatically ensure the authenticity of data handled by multiple organizations involved in the approval process. The technology can achieve this without altering the user interface of the cloud service that customers such as corporations and government offices interact within their daily operations. With this technology, Fujitsu’s proprietary Trust as a Service (TaaS) layer can be installed in a cloud environment between a cloud service and a client device, and data that needs to be signed on behalf of the client device can be automatically digitally signed to guarantee authenticity transparently. Fujitsu has also developed an authentication protocol for TaaS that enables secure connection and management between cloud services, the TaaS layer, and client devices while eliminating difficulties for service users.

The use of this technology offers the potential to accelerate the digital transformation of internal operations and enable the verification of the authenticity of business data across multiple organizations, including in cases in which users are working remotely or with external devices, enabling secure business collaboration.

Fujitsu will present details of the technology at the international conference “The 10th International Cybersecurity Symposium,” which will be hosted online by Keio University in Tokyo on Thursday, October 8th (Thursday).

Developmental Background

In recent years, the intensification of cyber-attacks has led to the need for Zero Trust Architecture(1) to security and data that focuses on seamless authentication and access control, rather than the conventional defense that protects the boundaries between the internal intranet and external networks.

The new normal also calls for the promotion of remote-working to reduce face-to-face work, including replacing stamps with digital signature for business data, as much as possible, and to create a system to complete work digitally. In addition, for communication between organizations, a business form using digital infrastructure, combining storage in various cloud environments, various services, and e-mail, has become the standard.

However, in businesses in the digital space, for example, a US government report revealed that the amount of damages caused by business email compromise domestically and internationally, in which a person is deceived by a forged invoice, amounts to over 26 billion USD(2).

To prevent these risks, it is important to ensure the authenticity of the data, such as whether it was created by a trusted source or whether it has been tampered with.

Issues

As a means of guaranteeing the authenticity of data, technologies such as e-Seal(3) including signatures of legal entities, for which the Japanese Ministry of Internal Affairs and Communications is considering legislation, and digital signatures including personal signatures using Japanese social security My Number identity cards. However, users of these technologies must be aware of the need to perform tasks including securely managing the private key and providing a digital signature, which poses a problem in terms of convenience. In addition, the introduction of authentication technology tailored to each business service is costly in terms of man-hours.

In addition, since collaboration between different organizations is generally performed on a cloud service determined for each business system, it is necessary to use different cloud services for each business partner. Therefore, demand is growing for a system to ensure the authenticity of the approval process across organizations while leveraging the cloud services used in day-to-day operations.