Information Security Technologies Evolving Information Security Technologies OCHIAI Masao Toshiba Group's Efforts in Information Security Technology Field YAMADA Asahiko/SHIMBO Atsushi/KITAORI Shoji Information security technologies are an increasingly critical element of information technology for the protection of information. As information security technologies become more widespread, an important issue is how securely they are designed and implemented. In line with these trends, the Toshiba Group is working on the development of secure implementation methodologies for system integration, the application of information security technologies to various products including digital contents protection, and next-generation fundamental technologies. Our aim in these development activities is to contribute to the improvement of people's lives. SecureSITM Innovative System Integrator and Its Application to Retail Solutions NISHI Mayumi/YAMADA Tatsuya/ODAHARA Ikuya Toshiba Solutions Corporation has developed SecureSITM, an innovative system integrator that materializes our security design methodology to the procedures level in order to ease the rapidly growing demand for security engineers. We are promoting the extensive application of SecureSITM to our solutions development in parallel with the reinforcement of security engineers' capabilities. For example, we have applied SecureSITM to the development of a "point service system for customers," one of our retail solutions, and have successfully drawn up and systematically deployed security measures for the system taking customers' proposals into consideration. The security threat analysis was carried out by a systems development engineer who was not greatly experienced in security engineering but was significantly assisted by SecureSITM. Content Protection Technology Applied to HD DVD KATO Taku/ISOZAKI Hiroshi/ISHIHARA Atsushi HD DVD, the "next-generation DVD," offers new experiences to users including high-definition video contents and interactive contents. However, the importance of content protection technology has increased. For this reason, a new content protection technology called the advanced access content system (AACS) has been developed. AACS has been adopted for HD DVD players and recorders and is expected to be widely used in many types of devices and media. This technology contains a number of security protection elements to assist content providers. It can be applied not only to contents stored on media but also to networking technologies. MQbicTM Content Protection Technology Adopted for MOOCS Service NOGUCHI Masanori/MATSUKAWA Shinichi/KAIYA Kazuhiro Accompanying the widespread dissemination of digital content delivery, there is a strong need for digital rights management (DRM) technology to protect copyrights while maintaining the users’ convenience. Toshiba Solutions Corporation and Toshiba collaborated to develop MQbicTM, a DRM technology that utilizes the secure digital (SD) memory card and achieves the ideal balance between users’ convenience and copyright protection. MQbicTM is employed as the DRM technology for the MOOCS electronic music distribution service operated by NIFTY Corporation. Efforts for Standardization of MPEG-21 Rights Expression Language (REL) Profiles ITO Satoshi/KAMBAYASHI Toru/AISU Hideyuki MPEG-21 Part5:Rights Expression Language (REL) which defines the rights expression language for digital rights management (DRM), is expected to be one of the key technologies for flexible DRM and DRM interoperability. Recently, the efforts have been made for the development of MPEG-21 REL profiles that will be used for specific applications. The MPEG-21 REL MAM (Mobile And optical Media) Profile was developed for the future applications to devices that have physical limitations on their capabilities and resources such as mobile devices and optical disc devices. Secret Sharing Scheme and Its Applications HOSAKA Norikazu/TADA Minako/KATO Takehisa With the enactment of the Financial Products Exchange Law and the Personal Information Protection Law, enterprises are required to strictly manage confidential information and personal information. On the other hand, operational efficiency tends to slow down when information has to be strictly managed. Secret sharing schemes are therefore attracting attention as a technology that can solve this problem. Toshiba Solutions Corporation has developed a new secret sharing algorithm that is faster than previous algorithms. It is applicable to a broad range of systems, and has already been applied to a document management system and a content delivery system of Toshiba Solutions Corporation. SmartConciergeTM Walkthrough Type Face Recognition System ENOMOTO Nobuyoshi/SATO Toshio/YAMADA Takahiro While the need for physical security systems is rising, conventional systems are not sufficiently convenient for users. Toshiba has improved its FacePassTM face recognition security system and remodeled it into the SmartConciergeTM walkthrough type face recognition system. SmartConciergeTM enhances security while maintaining convenience. Traitor Tracing in Content Distribution MATSUSHITA Tatsuyuki/YOSHIDA Takuya/AKIYAMA Koichiro/IMAI Hideki In content distribution, a broadcaster encrypts and then broadcasts digital contents (e.g., movies) to subscribers. The subscribers decrypt the encrypted contents and play them using their decryption devices (decoders), which contain their decryption keys. In this application, malicious subscribers (known as "traitors") may redistribute their decryption keys to nonsubscribers. This allows nonsubscribers with a pirate decoder to gain illegal access to the content. Traitor tracing has been extensively studied as a deterrent to such piracy. Toshiba, jointly with Chuo University and the National Institute of Advanced Industrial Science and Technology, has developed a traitor tracing scheme in which the pirate decoder can be traced back to at least one of the traitors, even if the pirate decoder does not respond any further when it detects itself being examined, while maintaining the transmission overhead at an efficient level. Provably Secure Digital Signature Scheme with Additional Functionality KOMANO Yuichi/SHIMBO Atsushi/OKADA Koji Provable security is an index that ensures the security of fundamental cryptographic primitives such as public key encryption and digital signature schemes. It not only allows everyone concerned to confirm the security of the primitives, but also provides a criterion for establishing the relevant standard. In order to prove the security of a scheme, the scheme is first provided with a security model (attack scenario and security goal) and then it is shown that the scheme satisfies the model. However, the model needs to be formalized for each primitive (functionality). Toshiba and the University of Electro-Communications have proposed a digital signature scheme with additional functionality that can achieve the shortest bandwidth among multisignature schemes having a trapdoor one-way permutation and security equivalent to that of the proposed scheme, by embedding the message (with practical length) to be signed into an initial multisignature. High-Generation-Rate Random Number Generator Using Si-Rich SiN MOSFET MATSUMOTO Mari/OHBA Ryuji/USHIJIMA Tomomi Information security has recently been playing an increasingly important role in various ubiquitous applications such as integrated circuit (IC) cards and mobile equipment. Higher level random numbers have correspondingly been required as one of the fundamental elements of secure systems. Physical random number generators are most desirable because of their unpredictable“ true” random numbers. Toshiba has developed a silicon nitride metal-oxide-semiconductor field-effect transistor (SiN MOSFET)-based random number generator that can generate high-quality random numbers at high speed and can be embedded into small circuits. |