Secure File Transfer Service for the NTT Group
The “occrue” service, which began in January 2009, is a means of sharing important information and high-volume data such as customer information, facilities information, and administrative information among the NTT Group companies and their clients by using a scalable secure file transfer platform system.
1. Need for a secure file transfer service
The NTT Group is developing an extensive range of business that involves the exchange of various kinds of private information, such as customer, facility, data, and administrative information. In the NTT R&D Division, patent information and confidential information related to system development and maintenance management is exchanged. One widely used tool for information transfer is email. Although this is highly convenient and can be sent anywhere in the world, there are major problems such as security vulnerabilities—for example information leaks caused by sending to unintended recipients—and eavesdropping of unencrypted messages (Fig. 1). Moreover, files attached to email are generally limited to a size of a few megabytes. Although files that exceed that limit can be transferred using Internet services, some of those services have uncertain safety levels and their use creates a risk of information leaking. Furthermore, while there is increasing use of encryption and password-protected documents in email attachments, there remains the risk of the encryption being broken by cryptoanalytic tools or other means.
The NTT Information Sharing Platform Laboratories has been working on the development of a Scalable Secure File Sharing System (SSS)  since 2005. This service can send and receive files as large as 100 GB with authentication of the sending and receiving users, encryption of the transmitted data, and restriction of recipients to a closed transmission path. All this is done transparently as far as users are concerned (Fig. 2). To implement secure file transfer for NTT Group companies and their clients, we collaborated with NTT Communications and NTT Comware to develop the “occrue” service. In this article, we describe the service, its special features, and the sharing rules.
2. Internal control for secure file transfer
SSS was previously intended for safe and reliable file transfer for end users (Fig. 2). That left it to the end user to take security measures. However, the security managers of the various companies expanded on that system to create internal control that allows one-stop management of end users and organization policies (Fig. 3). This ensures that the end user automatically follows the policy set by the security manager before sending a file, so secure file transfer is consistent with the scope of that policy. In particular, in cases where there is risk of an information leak, such as when sending a file to a guest in the system or when performing traceability control for information sent outside the company, the circumstances of file transfer can be controlled by specifying the means of internal control.
3. Occrue service and sharing rules
An overview of the occrue service is presented in Fig. 4. This service provides secure information transfer from one end to the other end, including the network, through the use of an SSS server placed on the NTT Group information sharing network . It focuses on secure information transfer among NTT Group companies, issuing regular occrue user accounts for NTT Group employees and collaborators and temporary ad hoc occrue accounts for guest users (mainly clients and customers). The regular accounts connect via the NTT Group information sharing network, and authentication by a client certificate is provided for stronger personal authentication. Guest user accounts, on the other hand, can connect via the Internet with a one-time password.
The occrue service implements root groups for companies, which are similar in concept to email domains. Root groups serve as units for mutual connections among companies, account management, sending and receiving authorization, contracts, and so on. Groups include root groups and subgroups. Subgroups can be defined hierarchically below root groups. This service provides full-mesh connection between root groups for data transfer among NTT Group companies, but subgroups are assumed to provide local connection for the companies cooperating with each Group company. Each Group company can define the connection rules according to its own policy (Fig. 5).
The user addresses for this service have two parts: the user name and the full group name. For the user name, we use the user’s company email address. The full group name is defined as the root group and the company-assigned subgroup (Fig. 6).
4. Future plans
We aim to improve security by increasing the utility to each company in the Group even more and will develop applications for interworking with commercial email programs. Specifically, we intend to reduce the inconvenience to the user by automatically invoking the SSS client when an email arrival notice is received and to improve usability by integrating the data sent and received in a dual management system of the email program and SSS client.