Skip to main content

Fujitsu

Global

Archived content

NOTE: this is an archived page and the content is likely to be out of date.

Safety and Security

FSTJ 2007-4 Cover Image2007-4 (Vol.43, No.2)
Against the background of the recent movement toward making social and business systems more open, systems have become more complex and the assurance of safety and security has become much more difficult. This special issue describes basic technologies and tools for ensuring the security quality of application software that has been developed by Fujitsu based on field knowledge.

2007-4 (Vol.43, No.2) Contents

1. Preface (32 KB)
Against the background of the recent movement toward making social and business systems more open, systems have become more complex and the assurance of safety and security has become much more difficult. In this special issue, we describe basic technologies and tools for ensuring the security quality of application software that has been developed based on field knowledge. We hope that the concepts and IT techniques proposed in this special issue will be used in a wide range of fields to raise the safety and security of social and business systems to a higher level. ---[Hiromu Hayashi, Senior Vice President, Fujitsu Laboratories ltd.]

Concept

2. Fujitsu Enterprise Security Architecture (234 KB)
Recently, there has been a growing need for enterprises to respond to compliance requirements and an open framework in order to better serve society. To address this need, information security plays a vital role. Moreover, establishing predetermined Enterprise Security Architecture (ESA) in corporate systems is also becoming increasingly important. This paper describes Fujitsu's approach toward the concept of ESA. ---[Tetsuo Shiozaki, Masayuki Okuhara, Nobuo Yoshikawa]
3. Information Commons: Concept of Disclosing Public Information in an Era of Personal Privacy and Information Protection (414 KB)
The Internet has been eliminating the asymmetry of information between governments and citizens and has been helping to foster public awareness in Japanese society. However, a lot of information that should be public is being concealed in the name of personal data protection. To promote the disclosure and sharing of such information, we should create a world in which public information can be shared among every citizen, while personal data is protected at the same time. That is, we should embrace the concept of "Information Commons." This paper introduces the concept of Information Commons and the technologies for realizing it, focusing on the significant social impact these technologies would have in the applied fields. ---[Toshihiro Enami]
4. Fujitsu's Business Continuity Plan Development Methodology (275 KB)
In today's high-risk business environments, more and more companies are focusing on the Business Continuity Plan (BCP) as a management methodology for improving their ability to respond to any contingency. However, BCP development methodologies suitable for the business environment of Japanese companies have not progressed much beyond the theoretical stage, and the persons in charge of BCP development in companies have been struggling with this issue. Fujitsu has developed a practical methodology and software tool called BCEXPERT to streamline development of its own BCPs for business formations within the Fujitsu Group. This paper describes Fujitsu's BCP development methodology that has been standardized as the Fujitsu Business Continuity Management Model. This methodology mainly consists of three steps: 1) structuring business processes and resources required for the processes, 2) extracting essential resources for business continuity; and 3) analyzing the business impact of assumed resource damages in various risk scenarios. This methodology can be applied not only to BCP development but also to business resource optimization. ---[Takeshi Ito, Hideaki Orikasa, Tetsuya Yoshida]

Software

5. Development of Systemwalker Desktop Products Suite for Implementing Privacy Protection Measures (150 KB)
In recent years, information has frequently been leaked from corporations and local governments. One factor cited for this problem is that the monitoring and prevention of such leaks do not extend as far as the endpoint PCs. Accordingly, corporations and local governments are now looking at measures such as IT asset management, restrictions on user operations, and the management of audit trails at endpoint PCs. Fujitsu's Systemwalker Desktop products suite enables endpoint PCs to be managed according to directives issued by operations managers. This paper describes various development initiatives for this suite. ---[Makoto Shimosaki, Toru Murai, Shingo Ohnishi]
6. Information Security Solutions (69 KB)
Now that regulations such as the Japanese Sarbanes-Oxley (J-SOX) act have been enacted, organizations that hold personal information and/or provide important services are expected to promote various approaches towards information security governance. To establish such governance, these organizations have been requested to develop management systems and regularly explain their information security measures to stakeholders such as customers, investors, and business partners. The Japanese government also advocates an information security report model to help companies promote efforts toward security measures. Against this background, Fujitsu has proposed the Enterprise Security Architecture (ESA) concept for supporting effective and efficient corporate investment in information security. Fujitsu also provides the security solutions incorporated in the foundations of its products and services. This paper describes the government's information security report model, Fujitsu's ESA concept, and some ESA-based security solutions. ---[Kiyotaka Uchida, Noriaki Sugano, Syouichi Andou]
7. Building Secure Application Software: Methods, Tools, and Practical Experiences (86 KB)
To build secure software, including Web applications, we must reconsider conventional software development lifecycles and establish new methods. However, because there are so many issues to be resolved, most software developers will probably be reluctant to perform such tasks. To improve software security, we must establish more efficient methods and tools to encourage these people. To share our best practices, this paper describes our efforts toward reforming the development processes in Fujitsu and introduces some methods and tools we have developed. As the first step, our activities have especially focused on well-known, basic Web application vulnerabilities. We have established an interview method to transfer experts' knowledge and skills to system engineers (SEs) as well as to check basic Web application security. We have also been building a management tool called Security Inspection Assistance Tool (SIAT). SIAT facilitates communication among people, reduces their workload, and facilitates skill transfer from security experts to SEs. ---[Yuko Nakayama]
8. Watermarking Technologies for Security-Enhanced Printed Documents (244 KB)
Sensitive information is not leaked exclusively through computers and networks. In fact, many incidents involve printed documents. It is now possible to protect confidential and private information by applying the following countermeasures when printing documents:
- Copy control by applying a watermark to restrict copying and forgery
- Watermarks for traceability, including background texture watermarks and font embedded watermarks
These two countermeasures can provide total document security by complying with existing security systems and solutions. ---[Taizo Anan, Kensuke Kuraki, Shohei Nakagata]
9. Image Recognition Wide-Area Surveillance Technology for Safety and Security in Society (180 KB)
Surveillance is needed to create a safe and secure society. To meet this need, we developed a small-object detection technology for 24/7 wide-area outdoor surveillance based on an image recognition technology that is functionally similar to human vision. It can detect people and other small objects that are represented by as little as five pixels in an area of up to 75 m square and report their locations. This technology, called frequency pattern emphasis subtraction (FPES), detects a small object by analyzing the differences between the spatial frequencies of the background and the object. Because FPES emphasizes the spatial frequency component of objects, the detection precision is unaffected by changes in the weather. In experiments, this technology detected 95% or more of the objects in various areas ranging from 30 to 75 m square. This paper describes FPES, certain problems posed by using automatic surveillance, and possible solutions. ---[Eigo Segawa, Masaki Miura, Daisuke Abe]
10. Assistant Tool for Concealing Personal Information in Text (623 KB)
This paper describes an assistant tool for concealing personal information in text. This is an important procedure for protecting privacy when public documents are disclosed, preventing accidental leaks of personal information, and other purposes. However, finding personal information in text is very time-consuming and labor-intensive. To make it easier to conceal personal information, we have developed a graphical user interface (GUI) tool that extracts candidate personal information in text, indicates candidate personal information using different colors according to its class, and creates rules for extracting personal information from text, including annotations of personal information. In one experiment, our GUI tool enabled users to conceal personal names in Japanese text about three times faster than when the task was done without candidate personal information. ---[Tomoya Iwakura, Seishi Okamoto, Kunio Matsui]

Hardware

11. ITS Sensor for Railroad Crossing Safety (277 KB)
Japan's Intelligent Transport Systems (ITS) project for safe and comfortable transportation is steadily progressing. To improve safety, information technology (IT) should be applied to most of Japan's traffic environments. In response, the Fujitsu Group has installed IT equipment into motor vehicles in line with a government policy of using IT to bring transportation systems fully into the 21st century. The Group has also developed a millimeter-wave radio ITS sensor that can drastically reduce accidents on railroad crossings. The sensor can detect objects such as people, cars, bicycles, and wheelchairs over a wide area of a crossing. This paper outlines the features of the new sensor and its associated IT system, the development of the sensor, and some applications of this technology. ---[Tetsuo Horimatsu]
12. IT-Based Safety and Security Solutions for Schools (412 KB)
The number of violent crimes against children has increased in recent years. Various measures have been taken by schools and communities, for example, the deployment of security sensors, surveillance cameras, guards, and local residents' patrols; however, these measures have not been very effective. The key to protecting children is being able to quickly locate them. School administrators at least need to know the arrival and departure times of their students. In addition, rapid transmission of information about local areas, for example, the sighting of suspicious persons, and other messages from schools has become more important for ensuring a safe social environment. The demand for IT-based support for safety and security in society will continue to grow. This paper outlines the Students' Arrival/Departure Notification Service, which is based on radio frequency identification (RFID) tags, and the School Communication Network Service, which is based on E-mail. It also describes how these services, which are currently available only in Japan, have been developed. ---[Atsushi Horiguchi, Kazuhisa Shibafuji, Kenichi Ota]

Service

13. Fujitsu's PalmSecure-Based e-POS System for School Cafeteria (176 KB)
The first commercial application for PalmSecure in Europe is an unusual one. Rather than the expected high security application for a bank or government facility, Fujitsu's PalmSecure biometric technology has proved itself to be an ideal way for Primary School pupils in Scotland to pay for their school meals. This opportunity was discovered through Fujitsu Europe Limited's (FEL) innovative Enterprise Business model where no prejudgement of possible applications is made, end user needs are identified through dialogue directly with end-users and solutions are quickly provided through close collaboration with Fujitsu Group companies and third parties alike. FEL worked closely with a construction company (Amey), a software developer (Abelon), and a developer/system integrator (Yarg) amongst others to develop a solution whereby school children can quickly and simply pay for their meals by presenting their palm to the PalmSecure reader, rather than use cash, vouchers, swipe cards or some other system that would prove open to abuse or mis-use. This solution has been rolled out successfully in the first school, Todholm Primary School in Paisley, and is at the time of writing being rolled out to other schools in Scotland and is under consideration for Schools across the UK. ---[Mike Nelson, Tim Wright, Ken Ashida]

Top of Pagetop fo page