Kawasaki, Japan, August 31, 2012
Fujitsu Laboratories today announced that it has developed platform technology for application execution that enables secure use of internal company services with a smartphone or other mobile device without sacrificing convenience.
Currently there is great interest in using smartphones to access corporate data systems for business, however doing so presents the problem of ensuring security. To address this issue, Fujitsu Laboratories has linked smartphones to the cloud to produce an environment in which a company's internal services can be executed using a smartphone only when they are needed, enabling secure execution of these applications. As a result, internal company services that until now have only been run within a company's network can now be securely accessed inside or outside the company using a smartphone, raising the prospects for improving work efficiency in a variety of situations.
Details about this technology will be announced at the Financial Information Technology 2012 Seminar, held September 6 at Tokyo International Forum.
Background
Human-centric computing seeks to bring about a world in which, by eliminating the barriers between systems and people, convenient services can be accessed without people even being aware of the systems that deliver them. With the advent of smartphones, these needs have only increased. Now the use of smartphones for business is rapidly expanding. As opposed to consumer use, the ability to protect internal company data is essential for business use.
Figure 1. Depiction of Human-centric Services
Technological Issues
Given the current situation, companies are either not allowing smartphones to be used for business due to security concerns, or they are allowing them to be used and are forced to endure a vague sense of uneasiness. Specifically, they are facing the following problems:
- Companies have rules against carrying computers off premises, but it is difficult to strictly enforce them in the case of smartphones, which are designed to be carried around.
- There is the risk that confidential business data could be taken, either through a computer virus infection or by hacking through the network.
- There is an increased risk of business data leaks when using outside networks. It would be better to have a closed system that could only be accessed internally on company premises, but then employees would not be able to access internal company services offsite.
About the Newly Developed Technology
To address these issues, Fujitsu Laboratories developed a secure application execution platform that controls smartphones from the cloud to produce an environment that enables secure execution of internal company services.
The technologies underlying the secure application execution platform are described below.
1. Context desktop technology
Fujitsu Laboratories developed context desktop technology that switches screens or manages distributed applications depending upon the situation (see figure 2). For example, if it is detected that the smartphone is carried into the office, the screen will switch to one more appropriate for work. Only when applications are needed are they delivered from the cloud to the smartphone, and they are erased when they are no longer necessary. By controlling the management of applications in this way via the cloud, users can securely carry out operations without endangering the company's environment.
Figure 2. Context Desktop
2. Secure execution environment technology
Fujitsu Laboratories also developed secure execution environment technology that enables applications to be securely executed and imposes usage restrictions on, for example, the smartphone's built-in camera or network access (see figure 3). The applications and data are encrypted in advance and delivered to the smartphone. The encrypted data is kept as it is on the smartphone and the decryption is carried it out on the fly. As a result, the decrypted data will not be stored anywhere except in the execution memory. In addition, if necessary, usage restrictions can be imposed on the smartphone's camera or the network, enabling unnecessary operations to be prevented. For example, even if there was malware embedded in an application that was able to read data stored in a memory card and upload it onto a website, this action would be prevented if the smartphone was managed in advance to only be able to access designated websites.
Figure 3. Secure Application Execution Environment
3. Seamless push technology
Fujitsu Laboratories also developed seamless push technology that enables the seamless delivery of applications to smartphones, regardless of whether it is through the company's own network or an external network (see figure 4). For example, if the owner of the smartphone is outside of the company, a notification will be sent requesting that the smartphone first establish a connection with a secure virtual private network (VPN). This is done over a public mobile network, from the cloud to the smartphone. Having received the notification, the smartphone connects with the cloud and the VPN, establishing a secure transmission line, thus allowing company data to be received safely. Rather than restricting the delivery of applications only to smartphones connected to the company's own internal network, this also enables the delivery of applications to smartphones that are connected to public networks outside of the company, enabling users to securely access internal company services.
Figure 4. Seamless Push Technology
Results
With this technology, data is automatically protected without users having to consider where they are, and internal company services can be securely delivered and executed in any situation. This will enable advancements in the ways smartphones can be used with company systems in a variety of scenarios without sacrificing the smartphone's functionality.
In healthcare, for example, rather than restricting access to hospital systems to within the hospital, the hospital's internal services could be accessed at the scene of an accident or from inside an ambulance, protecting the data while displaying it on a smartphone, thereby enabling more efficient and precise medical care.
Future Plans
Fujitsu Laboratories is working on packaging this technology to make it easy to build secure systems with the aim of commercializing it in fiscal 2012.