Embed Size (px)
Citation preview
8
Service platform
Functions for operators
Functions for end users
Video deliveryservice software
Video tapes
Live video
Encode /convert bit rate
Network
Network
Information sharingplatforms integration
environment
Intellectualproperty rightsmanagement
platform
Billing andsettlementplatform
Mediadistribution
platform
Video on demand
Downloading
Live streaming
Billing
User support
End user management
Content-holder management
(Top page after login)
(Automatic content registration)
Transmitter
TransmitterContent management
Information Sharing Platform TechnologiesInformation Sharing Platform Technologies
● Service Platform for Video Delivery● MPEG-4 Very Low Bit-Rate Video Coding Scheme
using a Sprite (VideoESPER)● Electronic Application and Bidding Platform Systems
to Support Electronic Local Governments ● Content Delivery System for BtoC/BtoE (MDS-Dome)
— Smooth Delivery of Mass Contents● Field Test for "TSUNAGARI" Communication● Medical Data Sharing System● Development of Service Agent Technology
for PSTN/IP Network Convergence Services● Super High Definition Digital Cinema Distribution System● Application of the Situation-Adaptive Retrieval System SPIDIR
to a Personalized Video Search System● Network-Based IC Card Environment (NICE)● High-Availability Server Platform● Performance and Quality Diagnosis of IP Networks and Stream Delivery Services
(Network Conformance Test Technology)● Digital Shooting Network● Live Streaming Switch (LSS)● Defence Mechanism against DoS Attacks (Moving Firewall)
・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・ 8
・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・ 9
・・・・・・・・・・・・・・・・・・・・・・・・・ 9
・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・ 10
・・・・・・・・・・・・・・・・・・・・ 10
・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・ 11
・・・・・・・・・・・・・・・・・・・・・ 11
・・・・・・・・ 12
・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・ 12
・・・・・・・・・・・・・・・・・・・・・ 13
・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・ 13
・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・ 14
・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・ 14
・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・ 15
・・・・・・ 15
Technologies for achieving common functions
essential to content sharing business and elec-
tronic commerce such as copyright manage-
ment, electronic settlement, and information
delivery.
Service Platform for Video Delivery
Recent years have seen the promotion of video delivery services such
as Video on Demand (VOD) as the "killer application" of broadband servic-
es. Some problems still remain, however, if video delivery services are to
become widespread. The content holder, on the one hand, demands a
mechanism that can provide robust copyright protection to prevent the
unlawful use of content. The end user, meanwhile, simply wants to enjoy
high-quality video content without bother. The provider of video delivery
services, moreover, needs a service system that can be constructed quick-
ly and inexpensively covering a full range of operations from content regis-
tration to copyright protection processing, content delivery, and billing and
settlement.
To facilitate the early provision of video delivery services, NTT Laborato-
ries have developed video-delivery-service software for linking the func-
tions of the information-sharing-platforms integration environment, intellec-
tual-property-rights management platforms, billing and settlement platform,
and media distribution platform.
These developments make it possible to construct a service platform that
can provide billed video delivery services with the following features.
(1) Billed services in three delivery formats from MPEG-4 (384 kbit/s) to the
MPEG-2 (6 Mbit/s) level: VOD, live video streaming, and video downloading.
(2) Service flow spanning content registration; copyright protection by Con-
tent ID, digital watermarking, and encapsulation; content delivery, and
billing and settlement.
(3) Service-operation and support functions such as content management,
player management, delivery management, and content sales support.
(4) Software architecture that facilitates customization, functional expan-
sion, and function selection.
For the future, NTT Laboratories plan to achieve multi-service capabili-
ties supporting various types of video-delivery-service models and to
improve and add functions of the various information sharing platforms.
(Cyber Solutions Laboratories)
Service platform for video delivery
9
Information Sharing Platform Technologies
Local Government:ACitizen/Corporations
Local Government:B
Electronicapplicationplatformsystem
Electronicbidding platformsystem
Informationprovidingsystem
Settlement Informationdisclosure
PC
IC card
IC card
Ombudsman
L-mode
i-mode
(Supporting system in the local government,and between local governments )
Transmissionand arrivalnotarization
Electronic LocalGovernment Services
Public personalauthentication platform system
Internet
Publicinstitutionreservation
External systemsAuthenticationplatform system
Settlementplatform system
*GW: GateWay
GW* GW
Electronicnotarysystem
Concept of VideoESPER
Schematic of electronic application and electronic bidding platform systems
MPEG-4 Very Low Bit-Rate Video Coding Schemeusing a Sprite (VideoESPER)
We developed VideoESPER*, a very efficient MPEG-4 coding
scheme using a "sprite", to enable high-quality video distribution to
be provided through the Internet and mobile networks. A sprite is
a still image that represents background movement due camera
operation. Because sprite coding requires only one-half to one-
fourth the number of bits as conventional coding to achieve the
same subjective quality, higher compression is achieved for the
background encoding.
VideoESPER uses multi-mode coding consisting of normal mode
and sprite mode. In normal mode, a conventional coding scheme is
used to compress the video, which has no video processing. In
sprite mode, each video shot is automatically divided into fore-
ground and background objects, which are then individually encod-
ed using MPEG-4 object coding and sprite coding, respectively. In
this way, VideoESPER creates an MPEG-4 Main Profile bitstream
of the video. VideoESPER uses RealSystem for Internet streaming
of archived videos, and we provide a VideoESPER decoder plug-in
for RealPlayer. After plug-in installation, streaming video can be
viewed using the RealPlayer client.
We plan to apply the video-processing and coding technologies of
VideoESPER to the MPEG-4 Advanced Simple Profile, which is
seemed to be the mainstream of video coding for Internet streaming.
(Cyber Space Laboratories)
* VideoESPER: VideoEfficient Sprite-aided Encoder
<Principle of Sprite Mode>Foreground object
Background object
Panoramic image
MPEG-4 bitstream
Sprite mode Normal mode
Highcompression
Background sprite (A still image=high compression)
Normal mode
Sprite mode- Sprite coding- Object coding
Entirely automatic processing
<Proposed coding scheme>
Automatic videoanalysis andswitching
Electronic Application and Bidding Platform Systems to Support Electronic Local Governments
In keeping with Japan's Millennium Project and e-Japan initiatives, efforts are
continuing on the development and deployment of people-oriented electronic gov-
ernment procedures and systems for national and local governments. Leveraging its
expertise in security-related technologies, NTT Laboratories are developing two prin-
cipal platform systems —one supporting electronic bidding system and the other
supporting an electronic applications system— that can provide safe government
services to individuals and companies that are convenient and absolutely secure.
(1) Electronic Bidding Platform System
The low-cost electronic bidding system ensures a bidding process that is trans-
parent and fair. The system authenticates and certifies the bidding process with a
third-party digital notary capability between the ordering party (a local government)
and the bidder (a company), and minimizes deployment and operating costs with a
simple and convenient bidding scheme based on an NTT-patented hash algorithm.
With technical assistance from NTT Communications, the first local municipality to
adopt the new electronic bidding system was Yokosuka in Kanagawa Prefecture in
September 2001. The new system has attracted nationwide interest, and has now
been used by the city to conduct over 60 bidding procedures.
(2) Electronic Application Platform System
To promote greater reliance on electronic government procedures, this system is
designed to be fully compliant with national standards and specifications relating to
electronic applications and application filing. One notable feature of the system is
that it adopts the most appropriate form of delivery (Web, email, and so on) for each
application procedure based on the importance of the procedure, actual costs, and
other considerations. Especially in the case of important application procedures,
secure transmission and receipt of documents is ensured by using the electronic
notary system for delivery, and proof of actual transmission and receipt of applica-
tions is certified by a disinterested third party.
Anticipating that electronic government services and procedures will become
more common in the years ahead, NTT Laboratories are committed to the rapid
adoption of a public personal authentication platform, a multi-purpose IC card plat-
form system that uses national register IC cards, and to the enhanced performance
and convenience of other electronic government system.
(Service Integration Laboratories)
Content Delivery System for BtoC/BtoE (MDS-Dome) —Smooth Delivery of Mass Contents
With the rapid expansion of ADSL, B FLET'S, and other fast connection
services, an increasing number of access lines are now able to support
broadband delivery. Yet in order to comfortably accommodate such mass
content streams as high-quality video, it is essential to reduce the traffic
load on distribution servers and transit trunks. One solution is the Content
Delivery Network (CDN), a distributed approach in which contents are
deployed in advance on a distributed network of mirror servers, and con-
tents are then delivered to the end user from the nearest server. NTT Lab-
oratories have now developed a robust CDN system called MDS*1-Dome
that interworks with both the Internet and private intranets.
This system has the following features.
(1) The ability to efficiently and automatically deploy particular contents
based on the characteristics of the network and the delivery conditions of
the contents. This feature permits frequently used contents and streaming
contents needed for smooth delivery to be deployed on a mirror server by
merely selecting those contents.
(2) The ability to precisely infer the location of the user (in subnet units)
and deliver contents from the server that is closest to the user. This fea-
ture enables mass contents to be smoothly delivered over a network
encompassing both the Internet and corporate intranets by selecting the
optimum mirror server from the standpoint of the user.
Certainly PCs can be used as large-scale servers, so MDS-Dome can
be employed (1) as a large-scale consumer-oriented platform service
(BtoC*2) such as used by NTT West to deliver contents from the a center
(origin server) to FLET'S offices located in different prefectures, or (2) as
an intranet employee-oriented system (BtoE*3) such as an educational sys-
tem with a VOD*4 server deployed at a learning center and mirror servers
set up in elementary schools.
(Information Sharing Platform Laboratories)
*1 MDS: Mass Delivery System
*2 BtoC: Business to Consumer
*3 BtoE: Business to Employee
*4 VOD: Video On Demand
10
Internet/Intranet
Mirrorserver
Schools
Center
HomeHome
Originserver
content
Content distributionto mirror server
Enterprise
Enterprise
Mirrorserver
Mirrorserver
Mirrorserver
School
School
Mirrorserver
Content delivery fromnearest server
FamilyPlanter
◆Implicit (cue) information - Presence (infrared sensor) - Speed of motion
(ultrasonic sensor)
◆Explicit information - Touch (touch sensor)
- Light- Motion- Sound
Input Output
Outside the village Yamada village
Mr. A's house
Experimentalsystem
Mr. A'sparent's house
Server
Network
A new type of communication terminal thatsends and receives mostly cue informationin the form of light, motion, and sound.The cue information of this experimentconsists of (a person's) motionand presence.
Optical fibers (sparklingand rotating)
Ethernet(10Base-T)
Infrared sensorUltrasonicsensor
Touchsensor
Overview of Content Delivery System
Field Test for "TSUNAGARI" Communication
Today, there are an increasing number of families with one or more mem-
bers living outside the home for various reasons. Nevertheless, most people
would like to maintain family bonds even though they might be physically sep-
arated. In response to this need, NTT Laboratories have proposed a new
concept of bi-directional communication called "TSUNAGARI" ("connection"
in Japanese) communication that aims to provide separated family members
with a sense of living together. This is accomplished by the continuous
exchange of implicit information ("cue information") related to a person's pres-
ence or daily activities as a form of communication. In this way, separated
family members can be aware of each other's general condition at any time
while maintaining privacy even when direct forms of communication such as
telephoning or e-mail are not available or convenient. In addition, the manner
in which cue information is expressed does not interfere with everyday life.
To investigate the significance of conveying cue information, we conducted
a field test from July to November 2001 with the cooperation of Yamada vil-
lage in Toyama prefecture. This social experiment targeted four families
(consisting, for example, of parents and married children) living in and away
from Yamada village, and each of the households involved was asked to use
an experimental terminal called a "FamilyPlanter" that would allow information
on people's presence to be constantly exchanged. Participants were inter-
viewed and given questionnaires and the results evaluated. It was found that
the exchange of cue information fostered peace of mind, a sense of lively sur-
roundings, etc., indicating the potential effectiveness of TSUNAGARI commu-
nication. The results obtained also suggest that indirect or vague information
conveying atmosphere or sensations is an important element in interpersonal
communication in addition to explicit messages that have traditionally been
the focus of media communication research.
Using the knowledge gained in this field test, we plan to research new
services based on TSUNAGARI communication with the aim of providing rich
communication environments targeting an even greater number of people.
(Lifestyle and Environmental Technology Laboratories)
FamilyPlanter and experimental system
Medical Data Sharing System
There has been an ongoing effort in the medical field in Japan to expand the
functions and capabilities of patient exam record keeping systems, medical billing
systems (Recept), and other stand-alone medical systems of hospitals in the
hopes of improving operating efficiency. In a related development, authorization
was recently approved to keep medical records in a digital format as a way to pro-
mote the overall digitization of medical data. Now many are calling for some sort
of system enabling different medical institutions to share a patient's medical data,
and thereby reduce medical costs while at the same time improving the quality of
care. However, it is obvious that if any and all medical personnel had access to a
patient's data, this would seriously compromise the patient's privacy.
It was these two considerations —enabling a patient's data to be shared among
different institutions while safeguarding the patients' privacy— that guided the
recent development by NTT Laboratories of the Medical Data Sharing System.
The system supports a range of WWW based medical data sharing services (provid-
ing data relating to physical exams, checkups, the names of conditions and illnesses,
medications prescribed, x-rays and other medical images, and so on) while ensuring a
very high standard of privacy for the patient. Confidentiality is ensured by strict person-
al and attribute authentication based on a public-key-infrastructure platform, and a very
fine-grained disclosure control system that gives doctors and other medical personnel
access to specific information only on a need-to-know basis. Data from past exams col-
lected by different medical institutions can be integrated and presented as a time-series
graph. In addition, the need-to-know disclosure range can be set narrowly to just
include an attending physician or the family doctor or set more broadly to include a par-
ticular type of doctor, a team of doctors, and so on depending on the patient's situation.
When a patient see a doctor, a summary of the exam, any medications prescribed, etc.
are added to the Medical Data Sharing System along with a brief cover letter by the
doctor. This promotes a holistic and integrated course of treatment over time, while pre-
venting duplicate and superfluous medical tests and prescriptions. The medical data is
formatted in XML* so it can be easily ported or shared with other systems.
In future research, we plan to study analysis tools for preparing medical guide-
lines and multi-point videoconferencing functions for collaboration purposes, all
based on shared information.
(Cyber Solutions Laboratories)
* XML: eXtensible Markup Language
Development of Service Agent Technology for PSTN/IP Network Convergence Services
As the Internet and other IP networks continue to expand, there has
been a growing demand for new IT businesses that link the public
switched telephone network (PSTN) and IP network with various kinds of
information-sharing servers. To this end, NTT Laboratories have expand-
ed advanced Intelligent Network (IN) technology and developed a Service
Agent (SA) platform to control IP network services. The advanced IN
links with SA so that advanced services can be offered on the IP network.
Various applications of such services have already been created.
These include (1) Internet call waiting, (2) computer calling (Web click
dialing) that links with the photo directory of research laboratory staff, (3)
VoIP*1 supplementary services such as web-linked teleconferencing, and
telephone calls with voice advertising, and (4) the sale of digital content
using prepaid cards. The SA platform employs general-purpose server
technology and is implemented in Java, which means that the same soft-
ware architecture can be used for developing a wide range of services
from small-capacity trial services to large-scale commercial services.
Furthermore, when using the CORBA*2 distributed interface to connect
the SCP*3/SMS*4 components of the advanced IN with various kinds of
information-sharing servers that perform settlement and content distribu-
tion, diversified services can be constructed by controlling these various
systems from application scenarios deployed above SA. In addition, the
adoption of Parlay as the API*5 to application scenarios makes possible
the development of seamless communication services that can interact
with CA*6 (that performs VoIP call control) and with media servers.
To achieve communication services that efficiently converge with video
and data in addition to VoIP, NTT Laboratories plan to expand fundamen-
tal SA technology to achieve links between information-sharing platforms
and various kinds of servers and to automatically generate applications.
(Information Sharing Platform Laboratories)
*1 VoIP: Voice over Internet Protocol
*2 CORBA: Common Object Request Broker Architecture
*3 SCP: Service Control Point *4 SMS: Service Management System
*5 API: Application Program Interface *6 CA: Control Agent
11
Information Sharing Platform Technologies
Application image Authenticateidentify userSecure archive
CA*1
Authenticate anattribute
- Authenticate licensesex.: Doctor, pharmacist
AA*2
Name , ID
Allergy
Blood type
Diagnosis
Prescription
Test result Register medicaldata withaccess controlconditions
Access control conditions
For all
For doctor
For pharmacist
For family doctor
For doctor
For doctorMedical
data
DoctorRefer medical data
Request themedical data
Request themedical data
Medical datawith permission
No data
PharmacistRefer prescription data
Network
Applicationserver
Family doctorRegister medical data
Smart card
Smart cardSmart card
*1CA: Certification Authority *2AA: Attribute Authority
Medical data with flexible and detailedaccess control conditions
To give permit information to datasolve the problem of privacy
The data barrier basedon access controlconditions
The data operating interfacefor the registrant
Network Service Platform
PSTN*2
IPnetwork
Information SharingPlatform
Link LinkCT*1
server
Contentdistribution
platform
Billing/settlementplatform
Authentication/notarization
platform
Advanced IN Service Agent (SA)
*1CT: Computer Telephony *2PSTN: Public Switched Telephone Network *3MG: Media Gateway
MG*3
CA
Servicecontrol
Servicecontrol
Medical Data Sharing System
Network architecture to provide seamless services
Super High Definition Digital Cinema Distribution System
While a wide range of content can now be distributed with the
coming of the Internet, the motion picture is still the king of multime-
dia content. New technology for complete digitization of movies
without loss of the quality of 35-mm film and distribution of that data
over a fiber network has been developed in the NTT Laboratories.
That technology is the digital cinema distribution system, which
improves on the video image quality of HDTV* by achieving a reso-
lution of 3840×2048 pixels (8 million pixels), or four times the reso-
lution of HDTV. It is therefore capable of presenting the world's
highest quality digital cinema. The system consists of a video serv-
er, real-time decoder, liquid crystal projector and IP distribution soft-
ware. One major feature of the digital cinema is the network distri-
bution function, which is realized through digitization. This labora-
tory-developed system was used to successfully demonstrate the
world's first network distribution of 8 million pixel digital cinema via
an IP stream at the Tokyo Cinema Show in November 2001 and at
an international symposium in March 2002. The distribution experi-
ment at the latter event, in particular, created a big sensation by
presenting a two-hour long movie, "TOMB RAIDER" at the Yamaha
Hall in Ginza. The content was distributed over an IP stream at 300
Mbit/s via a network (MetroEther) by connecting a content server
installed at the NTT East Center (Iidabashi) to the network with
Gigabit Ethernet.
The digitization of the movie produced an immense amount of
data, so distribution of that data was unthinkable without optical
fiber. This concept is made feasible only by the steady increase in
network bandwidth by use of optical fiber. In future, we plan to
strengthen efforts on the standardization of high-quality digital cine-
ma, support for the development of products, and preparation of a
content distribution environment.
(Network Innovation Laboratories)
* HDTV: High Definition Television
Application of the Situation-Adaptive Retrieval SystemSPIDIR to a Personalized Video Search System
ADSL and optical fiber have seen rapid penetration into residen-
tial networks in recent years, and use of video is already emerging
as one of the most popular broadband service offerings. But as
increasing amounts of video content become available, it is becom-
ing more and more difficult for users to easily locate the specific
materials they want to see.
SPIDIR is a system that indexes and keeps track of video con-
tent by storing metadata on each piece of video —title, people
appearing in the video, and so on— in MPEG-7-complient XML for-
mat. SPIDIR supports a number of different search modes in
response to a user's search criteria: a search can be performed on
various attributes corresponding to the search criteria, or search
results can be presented as a directory structure. In addition,
SPIDIR also provides an advanced video search capability tailored
to the individual user by combining user-specific data (user profile
and input information) and genre information furnished by the serv-
ice provider. User information such as gender, age, and the area in
which one lives can be flexibly recorded. The service provider can
then use this information to flexibly modify the appearance of video
searches to accommodate age restrictions, to provide materials in a
specific genre, to furnish contents relating to the particular place
people live, and so on. The system also features an interface
based on a viewing log that captures the viewing habits of the user,
so a personalized search menu can be readily built up that reflects
the tastes and preferences of each user.
Although SPIDIR was primarily developed as a video contents
delivery service capable of handling massive amounts of video
data, the system could be easily adapted to online shopping malls,
systems for providing digital learning materials, digital libraries, and
many other potential applications.
(Cyber Space Laboratories)
12
Metadata DB
User
Service provider Contents holder
Search conditions - Genre - Keywork, etc.
User attributes - Age, gender, etc.
Ranking value - Use frequency, etc.
Metadata (XML)- Title, description, stuffed- Genre, subject, etc.
(2) Preferential contentstailored to the individualbased on age, gender,access frequency, etc.
(1) Structure andappearance of the directorycan be modified foreach individual user.
(3) MPEG-7-complientMetadata in XML formatcan be stored and searched.
Situation-adaptivedata mapping
Super high definition digital cinema distribution system Concept of situation-adaptive retrieval system
High-Availability Server Platform
We have seen increasing demand for server systems with improved
year-round operating rates (high-availability) as e-business has evolved
into a mainstream phenomenon, and a growing number of XSP's*1 are
now offering SLA's*2 that set target unavailability to the same rigorous
level as online systems (interruptions cannot exceed five minutes). High-
availability is generally achieved by hardware (server, LAN, etc.) redun-
dancy in conjunction with commercial cluster products to minimize serv-
ice down times. These cluster products are designed to quickly restore
services by switching over to a viable standby server when service inter-
ruptions are detected.
In addition to the recovery methods of the commercial cluster products,
the high-availability server platform also applies a phased restart
approach to the server system, a scheme that ensures the highest avail-
ability for the switching system as well. As a result, the high-availably
server platform reduces system downtime even more than the commer-
cial cluster products. The way the system works, four restart phase lev-
els are defined which correspond to varying levels of severity when a
server system fails. Optimum service availability is ensured because the
varying restart phases can be precisely tailored to escalating system fail-
ure severity.
(1) Phase 1: Single AP*3 restart. Failure is localized in a singled AP, so
just the failed AP is initialized.
(2) Phase 2: Group restart. Failure occurs in a group of APs supporting
interconnected services, so a group of APs is defined as a single unit for
initialization.
(3) Phase 3: All AP restart. All APs are initialized.
(4) Phase 4: All restart. The OS and all APs are initialized.
Note that the target system itself is not modified since the phase level
capabilities are implemented as package software that achieves high-
availability through SG*4 environmental settings. This means that the
high-availability server platform can be applied to a wide range of differ-
ent server systems.
The high-availability server system is now in service on the OSS*5 plat-
form used in conjunction with NTT DoCoMo's IMT-2000*6 Advanced IN*7.
(Network Service Systems Laboratories)
*1 XSP: X Service Provider
*2 SLA: Service Level Agreement
*3 AP: Application Process
*4 SG: System Generation
*5 OSS: Operations Support System
*6 IMT-2000: International Mobile Telecommunications-2000
*7 IN: Intelligent Network
13
Information Sharing Platform Technologies
Conformancetool
Supportenvironment
NICE V1.0
Maintenancetool
NICE serverComponents
for othercard types
R/W
Businessoperationsystem
Issuingsystem
ELWISE card Terminal
APmiddle-
ware
JavaVM
NICE-CM
Browser
R/W NICE terminal
GUI Applet
Terminalandservermiddleware
Middleware libraries forcards and terminals/serversto simplify applicationdevelopment
Server sidedatabasemanagement tool
Solaris and Windows 2000are available for server OS
Other card types
Restart escalationServer#1 Server#2
Commercialproduct label
Group restart
All AP restar
All AP Group 2
OS OS
Service link
AP1AP4
LAN
Single AP restart
Group 1
AP2 AP3 AP5
All restart
Newly installed on high-availabilityserver platform
NICE system configuration
Restart phase and restart escalation of high-availability server platform
Network-Based IC Card Environment (NICE)
The IC card has been attracting much attention as a highly reliable
technology for authenticating and identifying individuals in a network
society. Its range of application, however, goes beyond personal iden-
tification. For example, the IC card can be used to apply for various
kinds of certification such of residence certificates and seal-registration
documentation. It can be employed as a membership card, library
card, point card, or prepaid card, and can even be used as a ticket.
The need has therefore been felt for a platform technology that can
load a variety of applications onto a single IC card as the need arises.
In this regard, multi-purpose use has been specified as a requirement
for IC cards applied to "CITIES EQUIPPED WITH INFORMATION
TECHNOLOGIES" Project of the Ministry of Economy, Trade and
Industry (METI) and to the basic resident register card of the Ministry of
Public Management, Home Affairs, Posts and Telecommunications. In
response to the above needs, NTT has deployed an IC-card informa-
tion-sharing platform called NICE and has been promoting its smooth
introduction into the 14 trial areas of METI's IT City Promotion Project.
NICE has so far provided a flexible mechanism based on a business
entity role model with the aim of simplifying the construction of diversi-
fied business models corresponding to the variety of business entities
involved with IC cards on the Internet. Fiscal year 2001, NTT Labora-
tories have developed a mechanism for accommodating various types
of IC cards, a business OpS for operating and managing IC cards, and
an IC card issuing system in addition to libraries for simplifying AP*
development and a data-maintenance tool for managers. These devel-
opments have simplified the introduction of NICE into the 14 trial areas
of IT City Promotion Project and have enabled us to demonstrate the
practicality and applicability of NICE. They have also shown that NICE
can be applied to various kinds of IC card maintenance and operation
services such as the issuance and operation of multi-purpose IC cards
and the downloading of applications.
For the future, we will expand the application range of NICE as an
IC-card information-sharing platform that is not dependent on the type
of IC card or terminal. We also plan to develop common middleware to
support the development of IC card applications.
(Information Sharing Platform Laboratories)
* AP: Application Program
Performance and Quality Diagnosis of IP Networks and StreamDelivery Services (Network Conformance Test Technology)
NTT's NCT*1 system performs automatic performance testing for
pre-verification of an IP service network using commercial measuring
devices, workstations, and PCs. It enables automatic testing of
advanced test items that has been difficult to carry out in the past
because of the amount of labor and equipment involved. Examples of
advanced test items are fault-resistance checking in the ISP backbone
on which complex traffic flows and routing information is constantly
being updated, and measurement of QoS*2 guarantee performance on
an IP-VPN*3 that mixes voice packets and data packets of various
lengths.
The NCT system consists of a load generator, a monitor, a test-con-
trol section, and a results-analysis section. The test-control section
executes automatic testing according to test scenarios input from the
Web. Performing tests according to scenarios in this way is especially
powerful in tests that require data collection over a long time with vari-
able load patterns such as in network-design comparisons. The NCT
system can accommodate complicated traffic loads that take into
account diverse traffic characteristics and conditions in the network tar-
geted for evaluation, and it can assess performance through behavior
analysis. It also features functions for displaying results in easy-to-
understand tables or graphs. These capabilities make it possible to
shorten the time to service launch, save on facility cost, and construct a
stable network environment for exchange of data.
In a system using IP-VPN, the NCT system can enhance analysis
functions, can apply pseudo-traffic loads to VoIP data integration serv-
ices, and can analyze and assess delay, fluctuation and packet-loss
variation in priority traffic. This enables priority-control characteristics
and the magnitude of delay-fluctuation during congestion to be evaluat-
ed, and facilitates the strict verification of network-quality stability such
as in the checking of capacity design conditions.
(Information Sharing Platform Laboratories)
*1 NCT: Network Conformance Test
*2 QoS: Quality of Service
*3 IP-VPN: Internet Protocol-Virtual Private Network
Digital Shooting Network
Practically all aspects of video delivery services for providing video
content over B FLET'S and other broadband networks have been exten-
sively studied, but little work has been done on services for collecting and
holding the video content itself. The Digital Shooting Network seeks to
correct this situation by providing an optical broadband network linking
video producers nationwide. Video content from all around the country is
collected from these various producers, and made available as a service
to broadcasters, production companies, and other potential clients.
We envision two basic service models, an "order type" approach in
which a client approaches a video producer with a request to film a partic-
ular event, and a "push type" model in which the producer takes the initia-
tive in trying to sell his or her own video work. The way the system works
is that video footage shot by the producer is put on a computer as an
MPEG-2 file, then uploaded to a server managed by an agent along with
details about the film: the title, date and place the footage was shot, and
so on. For indexing purposes, a comment and other meta data is
attached to each cut, and a short preview video is produced which can be
readily accessed and viewed on the server. The agent maintains a
record of accesses and downloads of the public video by clients, and this
constitutes the basic data for billing purposes. The agent can also check
the contents of the video, if necessary. Accessing the server, clients can
conduct a search using keywords and comments provided by the produc-
er, and then view the preview of public video materials. If the client likes
what he sees, he can download the MPEG-2 video and make use of it.
This service was announced as a HIKARI Market Creation initiative in
October 2001. In conjunction with this announcement, a service demon-
stration system was constructed and a joint trial held with CREEK &
RIVER Co., Ltd and NTT Communications to see if the service met the
needs of the video producers and clients, and to evaluate how well the
system function worked. Technologies provided by NTT Laboratories
included the Scene Cabinet Contents Archive Builder, the MPEG-2 PC
Card Encoder, and the MPEG-2/MPEG-4 Software Transcoder (Tram-
peg-Ⅱ). Based on the favorable outcome of the trials, the next step will
be to assess viability of the Digital Shooting Network as a commercial
venture.
(Service Integration Laboratories, Cyber Solutions Laboratories,
Cyber Space Laboratories)
14
C1
A1
A2 A3 B3 C4
B4
A4
R R R R
NCT system
B1
Load generator part Capture part
: VPN core router
Result of delayproportion by QoS
A~C: Fictitious user and site number NCT Load generator make IP traffic on each line
Model VPN for evaluation
R
PerformanceVoIP Mix traffic
- Video file collection & delivery- Copyright management- Content management
Camera man
Cameraman
Camera man
Cameraman Agent
Shooting
Video filecollection overbroadband Internet
Client
Client
Server
Video file deliveryover broadbandInternet
Client
Test and analysis on NCT system
Digital Shooting Network
Live Streaming Switch (LSS)
The live streaming switch (LSS) is a high-end platform for
streaming splitter software that runs on a Windows-based server,
allowing streaming service providers to offer gigabit-class, cost-
effective broadband distribution service over existing IP networks,
using de facto standard formats such as Windows Media Technolo-
gies and MPEG-2. Tens of LSS software have already been
deployed at the edges of the nationwide commercial-content deliv-
ery network (CDN), which provides VHS/DVD-class streaming
broadcasting services.
The LSS software platform consists of a splitter (SPL), a server
management system (SMS), and a stream-quality management
system (SQS). The SPL simultaneously makes copies of unicast-
based streaming data packets as they are sent to thousands of
users. Even using a generic PC server, total distribution throughput
can be increased ten-fold by bypassing the socket process in the
TCP/IP* kernel. The SMS monitors each SPL in the CDN and
assists in recovering fault points quickly, minimizing network opera-
tion costs. The SQS monitors and visualizes the real-time stream-
ing quality to each user, something that has not been done before.
It can thus offer realistic quality feedback to users and content hold-
ers, thereby creating a quality-sensitive business.
(Information Sharing Platform Laboratories)
* TCP/IP: Transmission Control Protocol/Internet Protocol
Defence Mechanism against DoS Attacks(Moving Firewall)
Since February 2000, when a number of major commercial web
sites were attacked and rendered useless for a period of time by
DDoS* attacks, the word 'DDoS' has become part of the active
vocabulary of most Internet users. Today, DDoS is undoubtedly a
pressing problem on the Internet, and its devastating impact has
been well demonstrated. DDoS attacks can result in significant
loss of sales and service reputation for many organizations. A
DDoS attack is characterized by the deliberate act of sending a
flood of malicious traffic to a server from multiple sources, thus
depriving it of its resources so that it becomes unavailable to other
legitimate users. Virtually anything with an IP address can be a
potential victim of the attack. A conventional firewall deployed at
one fixed location is ineffective in defending against DDoS attacks,
especially if the attack aims to consume the network bandwidth of
the target. An ideal DDoS solution will keep the majority of good
traffic flowing rather than merely blocking traffic that is assumed to
be bad.
At NTT Laboratories, Moving Firewall was developed to minimize
the damage caused by DDoS attacks and to protect the traffic origi-
nated from legitimate users. Moving Firewall offers a complete
DDoS attack countermeasure solution to be deployed in the ISP
network. When a client of the ISP is under attack, a Moving Fire-
wall nearby would detect the attack, collaborate with other Moving
Firewalls in the upstream of the attack floods and suppress the
attack in a distributed manner. As a result, the damage caused by
the attack is effectively distributed and congestion is far less likely
to occur. In addition, Moving Firewall adaptively performs pattern
analysis of malicious traffic to ensure that the legitimate traffic is
never hampered by the defense mechanism of Moving Firewall. In
other words, Moving Firewall is able to effectively minimize the col-
lateral damage and to keep the good traffic flowing.
In the future, we plan to conduct a series of large-scale experi-
ments to demonstrate the effectiveness of this system and to
enhance the detection algorithm for the unknown DDoS attacks.
We also plan to further tailor the system to the needs of network
carriers.
(Information Sharing Platform Laboratories)
* DDoS: Distributed Denial of Service
15
Information Sharing Platform Technologies
Data center
LSS-SQS
Router/Switch
End user End user
Control message
Streaming dataEnd user
LSS-SMS
LSS-SPL
SQS
Streamserver
Livevideo
Streamencoder
SPL
SPL SPL
SMS
IPNetwork
Visualization of per- end userexperienced quality
Operation andmaintenance ofLSS-based CDNplatform
Gigabit-class live-streaming splitter supportingWindows Media and MPEG-2 formats
Moving Firewall device Moving Firewall device
DDoS attacker
DDoS attacker
Trace back
TargetDefend
Router
Moving Firewall device
IP Network
Defend DDoS attackdetected
Broadcasting CDN platform with live streaming switch (LSS)
Moving Firewall concept
