Information Security at SECOM
As the Internet increasingly permeates everyday life, SECOM feels strongly that in addition to physical security, cyber security must be provided for the network society. Although there are numerous approaches to strengthen "safety and security" for the network society, my group is focusing on digital authentication technologies, in other words, "Who am I communicating with over the network?"
User ID and password based authentication is the most common method currently used, but to provide the level of "safety and security" that SECOM envisions, a much stronger form of authentication is required.
One method of achieving strong authentication is through the use of the Public Key Infrastructure (PKI), an authentication system based on an electronic certificate using public key cryptography.
SECOM first started working with PKI technology in 1998, when it was still relatively unfamiliar. Through aggressive promotion of the technology, nowadays, it is understood that PKI is essential for information security.
Satisfaction from Learning New Technologies
When I first got involved with PKI in 1999, there were very few reference materials, both in print or available online, about PKI in Japanese or English.
The only available information about PKI were the Internet standards (RFCs) published by the Internet Engineering Task Force (IETF).
I poured over those English specifications with my coworkers; our unskilled English requiring us to frequently using a dictionary. We also ran and analyzed the algorithms of the few commercial PKI products available in our spare time.
I finally got to the point where I could read the specifications and envision how something would work, and examine the software products to actually see how it would be implemented. As an engineer, I felt a sense of accomplishment in understanding leading-edge technology in a field which no other researchers in the laboratory were familiar with. Learn these new technologies right after joining the company, and gaining knowledge that even my senior coworkers didn't have was an invaluable experience.
Interactions with engineers outside of SECOM
I had many chances to network with people outside of SECOM through my information security research. At a domestic industry working group, I was able to actively discuss technical issues with engineers from different vendors through pilot projects. These activities played an important role in raising our name recognition and promoting our technical abilities in the field. I also enjoy going out for a drink with engineers from other companies to discuss non-work specific technical issues in a non-work setting.
In 2002, I joined the IETF to feedback the knowledge that I gained by contributing to PKI standardization. There are many experts in IETF, thus, it is a very satisfying but also a lot of pressure to join them but it is an invaluable experience to be able to learn from them.
Currently, two types of contributions are expected, direct contributions that have implications for company's business and indirect contributions which may not immediately have such an impact. I believe that for someone to be considered a full-fledged individual, they must apply the results of their accomplishments and return something for the opportunities given to them. I hope to continue to contribute to Secom's information security business with my accumulated knowledge and connections to other researchers in the field.