Skip to main content

Fujitsu

Global

Archived content

NOTE: this is an archived page and the content is likely to be out of date.

Fujitsu Develops Technology to Prevent the Analogy of Encrypted Confidential Information

Enables safe use of database managed in locations such as cloud environments

Fujitsu Laboratories Ltd.

Kawasaki, Japan, October 16, 2019

Fujitsu Laboratories Ltd. today announced that it has developed a technology that enables safer search of database by strengthening its secure search technology, which can infer a database or the contents of a search while they are encrypted, preventing the inference of the original data.

Even in an encrypted database, there is a risk that the original data may be inferred from the number of registered data, for example, by comparing it with published statistical information. By adding a minimum amount of dummy data to the database, the newly developed technology can disturb the number of entries in the database and prevent the original data from being inferred.

This enables a more secure utilization of encrypted database of personal data(1) and confidential data(2), which are managed in various locations such as the cloud. Moreover, the new technology is expected to promote data utilization across organizations.

Development Background

Along with the enactment of the Basic Act for the Advancement of Public and Private Sector Data Utilization(3) and other legal developments, as well as the spread of systems such as cloud computing and big data analysis, it is expected that personal and confidential data will be utilized across organizations and industries. In the medical field, the Next Generation Medical Infrastructure Act(4) was enacted in 2018, and companies and universities have been promoting research and development of drug discovery based on clinical data of hospitals.

In order to handle personal and sensitive data safely, there is a secure search technology that can collate the data registered in the database with the search string entered by the user while keeping it encrypted. This allows only users with encryption keys to see the number of entries in the database corresponding to the search string.

However, in the medical field for example, there has been a problem in that even an encrypted database can be used to infer the content of data by comparing the number of registered cases with statistical information such as disease names or drugs published by public institutions and medical institutions. Furthermore, if the content of the database can be deduced, even if the search string is encrypted, the search results can be used to estimate what the user has searched for. For data providers and consumers to be able to use database managed in various locations, such as in the cloud, it is necessary to further improve the secure search technology.

Issues

Conventionally, dummy data could be added to a database to counter the problem of guessing the original data of an encrypted database or encrypted search string. This way, the true number of data items stored in the database could not be determined, so the original data could not be inferred. However, when dummy data is added to each item so that it is equal to the maximum number of items, the amount of data to be registered in the database increases by several hundred times or more, making it virtually impossible to search.

About the Newly Developed Technology

This time, Fujitsu has expanded its secure search technology to develop a technology that can safely search data while limiting increase in the amount of a practical range. This improves the security of database by preventing the guessing of the original data from encrypted database and search strings form encrypted queries. The features of the developed technology are as follows:

1. Preventing analogies from encrypted database and enhancing safety

For example, create a group for each item of data, such as disease name, medicine, gender, and blood type, place dummy data in each group. By registering dummy data so that the number of elements (e.g. A, B, O, AB) in each group (e.g. blood type) is uniform, all the elements appear in the database with the same number and the original data cannot be deduced.

2. Reduce data growth

The new technology can minimize data growth by creating a minimum number of dummies per group to match the number of elements in the group. The added dummy data can be easily filtered out by matching flags created with unique rules, providing the user with the correct search results after processing.

Effects

When this technology was used in a database of 1 billion medical examination records comprising 2,000 items(5), it was confirmed that the increase in the amount of data was controlled to within 9 times of the original data and that collation could be performed in conditions that could not be inferred. By using this technology in the medical field, confidential information such as electronic medical records can be shared on the cloud, and pharmaceutical companies can verify the number of drugs in the database with confidence while keeping search contents confidential, which can improve the efficiency of new drug development.

In addition, this technology can be applied not only to the medical field, but also to the creation of towns using resident data in the public field in the public sector and marketing of customer data in the financial sector.

Future Plans

In the future, Fujitsu will consider providing data anonymization technology and privacy risk assessment technology in combination with its security technology. In the medical field, the company will start with proving tests of data utilization and aim to commercialize medical information data utilization solutions by fiscal 2020.


  • [1] Personal data

    For example, name, date of birth, address that can identify an individual. Also, personal location information, purchase information, purchase history, information collected from wearable devices, that can easily identify an individual by collating with some information.

  • [2] Confidential data

    Important information that the company does not plan to disclose. For example, research reports, planning documents, customer information, salary information, information on personnel changes, etc.

  • [3] The Basic Act for the Advancement of Public and Private Sector Data Utilization

    The law is designed to create new businesses using data managed by the central and local governments, independent administrative institutions and private businesses, and to improve the efficiency of administrative, medical care and education services based on such data. It came into effect in December 2016.

  • [4] The Next Generation Medical Infrastructure Act

    A law that anonymizes medical information such as patient progress records and examination data held by medical institutions and makes them available for research and development by universities and companies. It came into effect in May 2018.

  • [5] A database of 1 billion medical examination records comprising 2,000 items

    Total number based on published statistical information on oral medications administered to hospitalized patients in 2014.

About Fujitsu

Fujitsu is the leading Japanese information and communication technology (ICT) company, offering a full range of technology products, solutions, and services. Approximately 132,000 Fujitsu people support customers in more than 100 countries. We use our experience and the power of ICT to shape the future of society with our customers. Fujitsu Limited (TSE: 6702) reported consolidated revenues of 4.0 trillion yen (US $36 billion) for the fiscal year ended March 31, 2019. For more information, please see www.fujitsu.com.

About Fujitsu Laboratories

Founded in 1968 as a wholly owned subsidiary of Fujitsu Limited, Fujitsu Laboratories Ltd. is one of the premier research centers in the world. With a global network of laboratories in Japan, China, the United States and Europe, the organization conducts a wide range of basic and applied research in the areas of Next-generation Services, Computer Servers, Networks, Electronic Devices and Advanced Materials. For more information, please see: http://www.fujitsu.com/jp/group/labs/en/.

Technical Contacts

Digital Innovation Core Unit

E-mail: E-mail: encrypted-search@ml.labs.fujitsu.com
Company:Fujitsu Laboratories Ltd.

Press Contacts

Public and Investor Relations Division
Inquiries

Company:Fujitsu Limited


All company or product names mentioned herein are trademarks or registered trademarks of their respective owners. Information provided in this press release is accurate at time of publication and is subject to change without advance notice.

Date: 16 October, 2019
City: Kawasaki, Japan
Company: Fujitsu Laboratories Ltd.