Post on 21-Dec-2015
transcript
1
EstablishmentEstablishment of of the Authentication platformthe Authentication platform
in Japan in Japan
EstablishmentEstablishment of of the Authentication platformthe Authentication platform
in Japan in Japan
Noboru MachidaIT Security Policy Office
Commerce and Information Policy BureauMETI / Ministry of Economy, Trade and Industry
March 7, 2003
Noboru MachidaIT Security Policy Office
Commerce and Information Policy BureauMETI / Ministry of Economy, Trade and Industry
March 7, 2003
2
1. 1. e-Japan Strategy
2.2. Laws and regulationsLaws and regulations
3.3. Authentication platform forAuthentication platform for
the State Governmentthe State Government
4.4. Digital signature lawDigital signature law
3
Tackle with e-Japan Strategy
○ Enactment of IT Basic Law (Basic Law on Formation of an advanced information communication network society) (Force on January 6, 2001 ) ・ Stipulate basic principle, policy, important plan and set up of the IT Strategy Headquarter to form IT society.
○ Decision of 「 e-Japan Strategy 」 (January, 2001 ) ・ Make Japan the world's most advanced IT nation within five years. ○ IT Strategy Headquarter
○ Draw up of 「 e-Japan Priority Policy Program 」 (March, 2001 )
○ Draw up of 「 e-Japan Priority Policy Program-2002 」 (June, 2001 )
・ Embody 「 e-Japan Strategy 」 ・ Specify the whole picture of the measure the government should implement quickly and
preponderantly.○ Established the special board of inquiry about the future state of IT Strategy (November,
2002 )
○ Revision of 「 e-Japan Strategy 」 Draw up of 「 New e-Japan Strategy 」 (May - June, 2003
Plan ) ○ Draw up of 「 e-Japan Priority Policy Program-2003 」 (June-July, 2003
Plan)
4
From Basic IT Strategy to e-Japan Priority Policy Program
World's most advanced IT nation within five years
Enable everyone to enjoy the benefits of IT
Reform economic structure and strengthen industrial competitiveness
Realize affluent national life and creative community with vitality
Contribute to the formation ofan advanced information & Telecommunications network society on a global scale
Basic IT Strategy
e-Japan Strategy
e-Japan Priority Policy Program
○ Embody 「 e-Japan Strategy 」○ Specify the whole picture of the measure the government should implement quickly and preponderantly○ Draw up of 「 e-Japan Priority Policy Program-2002 」 (June 2001 )
IT strategy council(November 2000)
IT Strategy Headquarters (January 2001)
IT Strategy Headquarters (March 2001)
5
Promotion of R&D
International cooperation and contribution
Improvement of digital divide
Correspondence to an employment problem etc.
Measure of deepening an understanding of people
Pro
mo
tion
of e-co
mm
erce
Pro
mo
tion
of e-co
mm
erce
En
surin
g o
f security an
d reliab
ility on
advan
ced in
form
ation
and
telecom
mu
nicatio
ns n
etwo
rks
En
surin
g o
f security an
d reliab
ility on
advan
ced in
form
ation
and
telecom
mu
nicatio
ns n
etwo
rks
Pro
mo
tion
of fu
ll utilizatio
n o
f IT in
the p
ub
lic sector
Pro
mo
tion
of fu
ll utilizatio
n o
f IT in
the p
ub
lic sector
Pro
mo
tion
of ed
ucatio
n an
dd
evelop
men
t of h
um
an reso
urces
Fo
rmatio
n o
f the w
orld
’s mo
st advan
ced in
form
ation
& teleco
mm
un
ication
netw
orks
5 Priority Policy Area Crosscutting Issues
-Specify the enforcement term of a concrete measure by each ministry-
Structure of ”e-Japan Priority Policy Program-2002”
6
“e-Japan Priority Policy Program-2002”(Portion of Digital signature and AuthenticationAuthentication)
● Construction of reliable e-government system etc.
5. Ensuring security and reliability on advanced information & telecommunication networks
●Smooth enforcement of electronic signature and an authentication system ・ Promotion of mutual recognition about authorization of authentication system ・ Investigation research on evaluation of the technology concerning the safety and reliability of authentication system ・ the spread and education activities to people●Preparation for International e-commerce environment ・ Prepare PKI in the Asian countries/ Regions
5 Priority Policy Area
3. Facilitation of e-commerce
●Electronic provision of administration information●Electronic procedure for application and notification, etc.●Establishment of public individual authentication infrastructure●Electronic procedure for Government procurement, etc.
4. Digitization of administration and application of IT in other public areas
7
Computerization of administrative procedures
Concrete measure of computerization of administrative procedures in the 「 e-Japan Priority Policy Program-2002 」
◆Enable it to perform substantially all procedures, such as application, notifications, etc. between people and administration, by the Internet etc. at an early stage as much as possible by the 2003 fiscal year.
◆Each ministry develop the common base system in connection with electronic procedure of application and notification (Authentication system and Multi purpose system applicable for plural reception and notification procedure) and start operation by the end of 2002 fiscal year.
Concrete measure of computerization of administrative procedures in the 「 e-Japan Priority Policy Program-2002 」
◆Enable it to perform substantially all procedures, such as application, notifications, etc. between people and administration, by the Internet etc. at an early stage as much as possible by the 2003 fiscal year.
◆Each ministry develop the common base system in connection with electronic procedure of application and notification (Authentication system and Multi purpose system applicable for plural reception and notification procedure) and start operation by the end of 2002 fiscal year.
8
Review of regulations– Revision of Commercial Code to enable the use of
the Internet in sending invitations to shareholders' meetings
– Introduction of the "No-action Letter"
Creation of new rules– Clarification of closing timing of electronic contracts– Formulation of rules on the scope of liabilities of
internet Service Providers (ISPs)
Appropriate protection and use of intellectual property rights
– Provision to broadcasters of the right to give permission on sending information by third parties
– Clarification of Views as to the protection of software being
– distributed over the internet
◎Completed the preparation of basic institution for e-commerce in general
◎Although the market size about e-commerce is the 2nd in the world, there is a big difference with the U.S.
Evaluation
Enhancement of e-commerce frameworks–Thorough check of regulations hindering online
transactions of companies [CY2002]–Dissemination of e-commerce guideline for actual use
among private companies and consumers [FY2002]
Enhancement of e-commerce frameworks–Thorough check of regulations hindering online
transactions of companies [CY2002]–Dissemination of e-commerce guideline for actual use
among private companies and consumers [FY2002]
Accelerated promotion of e-commerce–Facilitation of IT utilization in private companies
>Promotion of IT-related investment, including the
identification of tax-incentives [by FY2003]
>Creation of 10,000 leading cases of IT utilization [by FY2005]–Facilitation of distribution of digital content
>Development of a digital rights management system [FY2002]
Accelerated promotion of e-commerce–Facilitation of IT utilization in private companies
>Promotion of IT-related investment, including the
identification of tax-incentives [by FY2003]
>Creation of 10,000 leading cases of IT utilization [by FY2005]–Facilitation of distribution of digital content
>Development of a digital rights management system [FY2002]
Future Policies
Implemented Policies
Enhancement of consumer protection–Establishment of an Alternative Dispute Resolution
(ADR) framework over B to C e-commerce
[FY2002]
Enhancement of consumer protection–Establishment of an Alternative Dispute Resolution
(ADR) framework over B to C e-commerce
[FY2002]
3. Facilitation of e-commerce
9
Digitization of the administration– Introduction of electronic tendering and bid-opening
for public works– Formulation of a basic plan toward the "single
window” for import/export and harbor-related procedures
– Submission to the Diet of the laws aiming at enabling all administrative services available online
Application of IT in other public areas– Formulation of a strategic grand design for
digitization in the healthcare field – Revision of Road Traffic Law to enable private
services to provide the data of road and traffic information
– Foundations of electronic government have been steadily constructed.
– Regarding the IT application in public areas, such as
healthcare, ITS and GIS, its direction was clarified, and its implementation is expected from now.
Evaluation
Digitization of the administration jointly promoted by central and local governments–Formulation of action plans for electronic filing of all governmental procedures by each ministry [FY2002]–Introduction of electronic tendering and bid-opening for all projects of public works under ministerial jurisdiction [by FY2003]–Establishment of government structures for promotion of e-government [FY2002]
Digitization of the administration jointly promoted by central and local governments–Formulation of action plans for electronic filing of all governmental procedures by each ministry [FY2002]–Introduction of electronic tendering and bid-opening for all projects of public works under ministerial jurisdiction [by FY2003]–Establishment of government structures for promotion of e-government [FY2002]
Support to local government–Presentation to local government of standard procedures for online transactions of major services such as passport issuance [by FY2003]–Promotion of the use of ASP for the operation of co- mmon systems of e-local government [from FY2002]
Support to local government–Presentation to local government of standard procedures for online transactions of major services such as passport issuance [by FY2003]–Promotion of the use of ASP for the operation of co- mmon systems of e-local government [from FY2002]
Application of IT in other public areas–Formulation of a roadmap toward the world's most advanced intelligent Transport System [FY2002]–Promotion of digital archiving of cultural assets and artworks [by FY2005]–Enhancement of information provision services on reliability of food [from FY2003]
Application of IT in other public areas–Formulation of a roadmap toward the world's most advanced intelligent Transport System [FY2002]–Promotion of digital archiving of cultural assets and artworks [by FY2005]–Enhancement of information provision services on reliability of food [from FY2003]
Future Policies
Implemented Policies
4 . Digitization of administration and application of IT in other public areas
10
KasumigasekiWAN
e-application and notification
Support of Local Government
Review of Legislation / Action Plan
Internet
Internet
・ Simplification, efficiency and transparency ・ Paperless operation・ Information literacy and consciousness reform l
Outsourcing
・ Enrich public services with the use of IT ・ High quality of administration service・ Enter into related business
Local government
WAN
Central/ Local Government People/ Enterprise国民、企業の接点Policies for e-government
Authentication Platform
Bridge CA Commercial RegistrationCA
Private CA
行政情報電子的提供Digitizing information delivery
e-Procurement
歳入・歳出の子化e-annual
revenue/expenditure
Net Banking
MutualRecognition
METI
Authentication Service
Governmentpost certificate
IT image of administration for e-Japan Priority Policy Program
11
1. 1. e-Japan Strategy
2.2. Laws and regulationsLaws and regulations
3.3. Authentication platform forAuthentication platform for
State GovernmentState Government
4.4. Digital signature lawDigital signature law
12
Establishment of related legal system
●Promotion of e-commerce
・ Law which revises a part of Commercial Registration Law (Law No. 40, 2000)
・ The law about electronic signature and authentication work (Law No. 102,
2000) ・ The law about maintenance of the related law for use of the technology of the information communication about grant of a document etc. (the IT document bundling-up law) (Law No. 126, 2000) ・ The law about the special case of Civil Code about an electronic consumer contract and the notice of electronic consent (Law No. 95, 2001) etc.● Digitization of administration and full use of IT in public sector ・ The law about use of the information communication technology in administration procedure etc. (Law No. 151,2002) ・ The law about maintenance of the related law accompanying enforcement of the law about use of the technology of the information communication in administration procedure etc. (Law No. 151,2002) ・ The law about the authentication work of the municipal corporation concerning electronic signature (Law No. 153, 2002) etc.
●Fundamental policy
・ Advanced information communication network society formation organic act (IT organic law)
( Law No. 144,
2000 )
13
Online procedure of administrative application
When the administration procedure online law is enforced and an information system is fixed, procedures such as applications and notifications, will always be done through internet in a house or a company.
( example )○ Notification about acquisition and loss of unemployment insurance qualification(10 M/year)○ Grant application of a passport (about 5.8M/ year)○ Grant claim of family register transcript (about 36M/year)
○ On the occasion of application/ notification, presentation of copy of resident card become unnecessary
○ Improvement of national convenience
○ Simplification/Efficiency of Gov. office
◆◆About 52,000 procedures were carried out by means of online ○ About 21,000 procedures are belong to G-to-C and G-to-B (application /notification) →All administrative procedure will be shifted to online By FY 2003 About 6,700 of Government procedures among 13,500 will be shifted to online within FY 2002
○ About 31,000 procedures are belong to G-to-G (Other than application /notification) →All of them will be shifted to online By FY2003 in principle
◆◆About 52,000 procedures were carried out by means of online ○ About 21,000 procedures are belong to G-to-C and G-to-B (application /notification) →All administrative procedure will be shifted to online By FY 2003 About 6,700 of Government procedures among 13,500 will be shifted to online within FY 2002
○ About 31,000 procedures are belong to G-to-G (Other than application /notification) →All of them will be shifted to online By FY2003 in principle
Action Plan of each Ministry
14
●Outline・ Law was newly improved which enable about 52,000 administration
procedure, such as an application, a notification, etc. between the people etc. and
governmental agencies which have a basis to a statute, online process adding to document process・ Online administration procedure is aimed at attaining the simplification and
the increase in efficiency of administration management and improve in national convenience・ The regulation for a governmental agency performing inspection and perusal, and creation and preservation of documents by the electromagnetic record was also fixed.・ Unsuitable process for online was listed in the attached table, and excluded from applying above regulation (Face-to-face process, Process which require actual thing)・ Enforce from February 3, 2003
Point of “Law about the use of information communication technology in administration procedure etc.”
15
○○Institutional purposeInstitutional purpose・ Improvement of national convenience ・ Promotion of e-process and increase in efficiency of government and municipal corporation
○○Institutional structureInstitutional structure ◆ Adopting Electronic signature
・ Signature by asymmetrical key code system (digital signature)◆Management organization ・ Mayors is in charge of identification work of applicant and governor is in charge of Electronic certificate issue / revocation information management work◆People who can receive issue of electronic certificate ・ People who are recorded in the basic resident register
◆ Verification person of signature ・ Governmental agency etc.(joint processing of plural prefectures is also possible) ・ Private CA who performs specific authentication business and also have certain amount of reliability ( Appointed certificate authority )
○○Enforcement ・ From the day set by the government ordinance of within the limits which measures from the day of proclamation (December 13, 2002) and does not exceed two years to enforcement
○○Institutional purposeInstitutional purpose・ Improvement of national convenience ・ Promotion of e-process and increase in efficiency of government and municipal corporation
○○Institutional structureInstitutional structure ◆ Adopting Electronic signature
・ Signature by asymmetrical key code system (digital signature)◆Management organization ・ Mayors is in charge of identification work of applicant and governor is in charge of Electronic certificate issue / revocation information management work◆People who can receive issue of electronic certificate ・ People who are recorded in the basic resident register
◆ Verification person of signature ・ Governmental agency etc.(joint processing of plural prefectures is also possible) ・ Private CA who performs specific authentication business and also have certain amount of reliability ( Appointed certificate authority )
○○Enforcement ・ From the day set by the government ordinance of within the limits which measures from the day of proclamation (December 13, 2002) and does not exceed two years to enforcement
Establishment of public individual authentication platform system
Law about authentication work of municipal corporation related to electronic signature (December 6, 2002 enactment)
16
Outline of public individual authentication service system served by municipal corporation
Resident
Governor(certificate issue / revocation
info. Mng. organization)
Mayors (ID Check)
Prefectural CA
Governmental agencies
Private CA
VA
Issue application for Electronic certificate (4 basic information+ Public key )
Electronic certificate
…
E-application
Application
(flat document)+
digital signature ( signed using residents' private key )
+ Certificate( with resident’s public key)
Validity check of electronic certificate (inquiry to CRL)
( utilize to identify the resident )
< Consignment of authentication work >
windowInternet
K-WAN/LGWAN etc.
K-WAN/LGWAN etc.
Prefectures can select the appointed CA to which theycommit the following works ・ Electronic computer process to offer issue/revocation information of electronic certificate・ Preservation of issue record etc.
Four basic information: Name, Birth date, Sex, Address
CRL
17
1. 1. e-Japan Strategy
2.2. Laws and regulationsLaws and regulations
3.3. Authentication platform forAuthentication platform for State GovernmentState Government4.4. Digital signature lawDigital signature law
18
Company CACompany CA
Employee
Enterprise X
Employee
ClientClient
Enterprise Y
Company CACompany CA
Judicial scrivener public notarylawyer tax accountant
ClientClient
Ministry of Justice(Commercial registration)
Inte
rne
t
( G-to-G )
( G-to-C )
corporation representative'sauthentication
corporation representative'sauthentication
K-WANK-WAN
( G-to-B )
BCA
A Ministry
B Ministry
C Ministry
...
Intern
et
( G-to-C )
CACA
Private
CACA
Private
Agent
CorporationAuthentication
Y Ministry
CA CA
X Ministry
CACA
ClientClient
Electronic application
Electronic bid
Electronic application
(Agent)Internet
Inte
rne
t
E-Commerce(B-to-C )
・ IndividualAuthentication
・ Grant of agent right from a corporation
E-Commerce(B-to-C )
IndividualAuthentication
Composition image of authentication platform in Japan
※BCA:Bridge Certification Authority
E-Commerce(B-to-B )・ Individual authentication in a corporation
Local governingbodies
entrust
19
Purpose of government authentication platform (GPKI)
• Structure for checking the rightness and completeness of the electronic document exchanged through Internet etc.– Apply digital certificate created by public key
encryption/decryption method
• Consists of Bridge CA(BCA) managed by MHA and Ministry/Agency CAs managed by each ministry/agency – Mutual recognition between BCA and Ministry/Agency
CAs– Mutual recognition among Ministry/Agency CAs and
Private CAs through BCA ( build a trust chain )
20
Whole image of authentication platform
Bridge CA
CommercialRegistry CA
AccreditedPrivate CA’s
Public individual
CA
Foreign Government
CA’s
Local Government
CA’s
Ministry/Agency CA
Other State organization
CA
Applicant'sauthenticationplatform
Right-of-disposal person’s authentication platform ( GPKI )
21
Circumstance of the establishment of Ministry/Agency CA
• Realization of e-government– 「 About Millennium project (new 1000 period) 」
( The Prime Minister determined on December 19, 1999 )• Realization of Paperless administration procedure using the Internet• Establishment of government authentication platform ( GPKI )
– 「 Fundamental framework for promotion of electronic application/notification procedure 」
( Consented by the administration information system each ministry agency liaison conference on March 31, 2000 )
• MHA, METI and MLIT were required to establish Ministry/Agency CA in precedence
– 「 e-Japan Priority Policy Program 」 (March 29, 2000 IT Strategy Headquarter)
• ALL Ministry/Agency are required to establish their own CA By the end of FY 2002
22
Mitigation of the national burden in administration procedure, improvement in administration service
Realization of e-Government
Electronic procedure Problem is how to check ID
In the process.
< Establishment of Authentication platform Authentication platform using using PKI (Public Key Infrastructure) > Application, notification, etc. to Government → GPKI(Government PKI)
Application, notification, etc. to Local Government → LGPKI(Local GPKI)
【 Electronic processing of various certificates 】 ・ Commercial registration transcript, Real estate register transcript ( Legislative Bureau ) → Commercial registration electronic authentication system Internet registration information provide service ・ A resident card, family register transcript → Public individual authentication platform
Relationship between e-Government plan and PKI
23
Role of Ministry/Agency CAs
Issue government post certificate and open to the public
– Issue of the digital certificate of each government post, such as minister and bureau chief
• government post certificate is equivalent to the electronic official seal of an official document
– Issue actual result ( in case of METI)Minister of METI (June 13, 2001)Director-General of the SME Agency (October 22, 2001)
– Open to the public of government post certificate• Certificates are stored in integrated repository of BCA
exhibited on the Internet Validity of a certificate is guaranteed– Provision of CRL information
24
Timetable of e-Government for state government
Public works
(e-bid / check)
procurementNon public works ( e-bid / check)
Law/Regulation
LGWANconstruct
network
E-payment of
Commission
Public individual
Authentication service
private CA on electronic signature law
e-authentication system based on commercial registration
Ministry/Agency CA
Bridge CA
Authentication platform
general-purpose reception system
Structure of window
20 FY2003FY2002FY2001
Fundamentalspecification
Each Ministry/Agency start in-use by FY2002
Each Ministry/Agency Install their own CA by FY2002
In-use( Prefectural capital )
In-use(District main city)
In-use (Whole country)
In-use
preparation In-use
Development of e-Revenue payment system In-use
Maintained by each Ministry/Agency
In-useIntegrated procurement DB
Each Ministry/AgencyComplete by FY 2003
Partially in-use
FullyIn-use
Enhancement
In-use(Prefecture)
Networking between K-WAN and LGWAN
Fully In-use by FY 2003
E-G
ove
rnm
en
t for fo
r state
g
ove
rnm
en
t
Pro
cure
me
nt
applica
tion a
nd notification
25
Timetable of e-Government for local government
E-application system
Public individual Public individual authentication platformauthentication platform
LGPKI
Basic resident register network
LGWAN
FY2003FY2002FY2001
In-use of network Grant of
residents basic card
In-use(prefectures)
enhancement(connect to
K-WAN etc.)
In-use by FY2003
(All organization)
In-use and enhancement(prefectures)
In-use byFY2003
(All organization)
Model experiment(precedence organization)
In-use(precedence organization)
In-use(Other
organization)
Prepare for live run
(Model experiment)In-use
E-G
overnm
ent for for local government
26
ApplicantApplicant Minister etc.Minister etc.
internet
internet
Alterationimpersonate
Application/notification
Issue ofGovernment
post certificate
Certification
Issue of an Applicant certificate
Certification
Did applicant truly draw
applicatio
n?
Aren't the application
altered during
transmitting?
Application
certification
Did the right
person draw up
the notice truly?
Aren't the application
altered during
transmitting?
Private CAPrivate CA
Private CA(JCSI)Private CA(JCSI)
Commercial Registration CA
Commercial Registration CA
Mutual recognition
Currently performing mutual recognition with BCA (as of the end of December, 2002)
MHLW CAMHLW CA
METI CAMETI CA
MLIT CAMLIT CA
Bridge CABridge CA
Mutual recognition
Gov. Authenticati
onplatform
Gov. Authenticati
onplatform
MHA CAMHA CA
Notice of permission, approval, etc
Notice
certification
confirmationconfirmation confirmationconfirmation
Online application/notification processingusing government authentication platform
Ministry/Agency CAs
27
Effectiveness of Mutual recognition
Bridge CA (BCA)
④ Bridge CAtrusts Private CA.
⑨ Bridge CAtrusts METI-CA.
Private CA(Applicant)
⑧ Private CA trusts Bridge CA.
⑤ Is he trulyMr. Suzuki?
申請書
Applicant (Mr. Suzuki) )
METI○○ 局長
申請書
① Application
notice
notice ⑥ Response
② Truly Mr.
Suzuki?
METI-CA( Government )
③ METI-CAtrusts Bridge CA.
⑩ This government post certificate is ○○
of the METI.
Private CADirectory D
BCADirectory C
G CADirectory D
Government post Directory A
ApplicantDirectory B
許可 許可
< Precondition >• Each CA is attested mutually.• Mr. Suzuki is attested by the private CA.• The bureau chief ○○ is attested by METI-CA.
< Precondition >• Each CA is attested mutually.• Mr. Suzuki is attested by the private CA.• The bureau chief ○○ is attested by METI-CA.
⑦ Is he trulythe bureau chief ○○?
METIPeople/Company
Mutual recognition
General-purpose electronic application system
28
1. 1. e-Japan Strategy
2.2. Laws and regulationsLaws and regulations
3.3. Authentication platform forAuthentication platform for
State GovernmentState Government
4.4. Digital signature lawDigital signature law
29
Electronic signature Measures performed in order to show a creator of electromagnetic information and it will be a verifiable method of an alteration
Authentication work Business proving the user performed electronic signature using his own code key
Electronic signature Measures performed in order to show a creator of electromagnetic information and it will be a verifiable method of an alteration
Authentication work Business proving the user performed electronic signature using his own code key
What is electronic signature and authentication work
Order 100 computers A company
Order 100 computers A company
Order 100 computers A company
Order 100 computers A company
A
Transmission
Decryption
B
A’s private key(Only A owns )
Encryption
Electronic signature
Electronic signature
Order 100 computers A company
Order 100 computers A company
Certificate
A’s public key
Reception
Electronic signature
A’s public key(Anyone can know)
•A requests authentication entrepreneur to issue the electronic certificate. By it, he proves that he is a owner of the public key •B checks the validity of the received electronic certificate. If effective, he decrypt electronic signature using the public key of A, and verify the alteration of it.
A’s public key
Verifyalteration
Private key and public key are pair keys. Encrypted data with one key can only be decrypted with the other key
30
Application (Issue of electroniccertificate )
Receipt of Electronic certificate
Registration( Identify applicant )
Issue(Digital
certificate)
Repository(Provision of
CRL information)
Request
Issue
Register electronic certificate
Register CRL
Certification
Authority(CA)
Reception
Validity check of electronic certificate
Image of electronic signature and authentication work based on a public-key crypto system
User A(CA user)
Receiver B(Verifier)
A’s public key(pair of private key)
Message Digest
EncryptionHash Function Message
Digest
Decryption
Message Digest
Coincide Non ⇒ alterationDon’t coincide ⇒Alteration
Effective public key
of ATransmission
Certificate
A’s public key
Certificate
A’s public key
Certificate
A’s public key
Hash Function
Digital Data (Flat text) Digital Data
(Flat text)
Digital Data (Flat text)
Electronic signature
Electronic signature
Electronic signature
31
By achieving the smooth use of e-signature, accelerate the information circulation and information processing using the electromagnetic medium
Contents of the Electronic Signatures Law
Clarify the handling of electronic signature on the law Presume the rightness of an electric document to which electronic signature by him is given was approved ( Article 3 )
Presumption that the rightness of an electromagnetic record was approvedPresumption that the rightness of an electromagnetic record was approved
Introduce the authorization system over reliable authentication work ① Authorization of authentication work ( Article 4-16 ) ② Appointed examination organization etc ( Article 17-32 ) ③ Penalty regulations ( Article 41- 47 )
Authorization system about specific authentication workAuthorization system about specific authentication work
① Assistance to the specific authentication work by the minister in charge etc ( Article 33) ② National measure, educational activities to people and Publicity work ( Article 34 )
Other necessary thingsOther necessary things
A
B
C
( enacted on May 31, 2000、 enforced from April 1, 2001 )
Improvement of the people’s life, and healthy development of national economy
Carry out the social economy activity smoothly through network
32
[handw
riting signature and sealing]
( Document)
AWhen there is [signature or sealing of him ]
[Electronic Signatures]
When there is ( electronicsignature of him)
Presume that electromagnetic document was approved to be right
Implementation of similar structure
A Presumption of the authenticity of an digital document
Presume that document
was approved to be right
( made based on his
intention)
○ Code of Civil Procedure (Article 228 Paragraph 4) 「 private document is presumed to be what was materialized correctly when there is a signature or sealing of him or its representative 」
Electronic Signature
Info
○ The Electronic signatures Law, Article3 「 The information created by the electromagnetic record is presumed to be what was materialized correctly when the electronic signature of it is done by him 」 ※Electronic signature : Measures performed in order to show a maker of electromagnetic information and it will be a verifiable method if there is an alteration
( Sign) or ( Seal)
33
B-1 Authorization system about specific authentication work
○Introduction of an arbitrary authorization system (Article 4) Show the judgment standard of the reliability about attestation business
○Specific authentication work (Article2 Clause 3) Performed about electronic signature which suits certain standard
Nation [Law about electronic signature and authentication work ]
Standard of authorization・ system of electronic signature・ Equipment for office work・ Way to identify an applicant is truth or not・ Other way of office work
Authorization ( Office site survey can be carried out by the appointed research institute specified by the state )
Application( voluntary)
Reexamination of authorization standard
・ Ensure the safety of electronic signature ・ Cope with the new electronic signature system ・ Cope with the new business model Etc
Apply for issue of an electronic certificate
Validation check of CertificationSenderSender ReceiverReceiver
Authentication entrepreneur
Authentication entrepreneur
Image of digital signature and authentication work
Notes: A foreign authentication entrepreneur is also able to receive authorization
Send a e-signed electronic document with attaching certificate
IssueCertificate
By displaying the authorized work, It become possible to identify applicant is true or not
34
① Equipment used for business ( No. 1 ) ・ Severe storage of the private key used for authentication business ・ Use of equipment which has safety and reliability etc② Check method weather the applicant is true or false ( No. 2) ・ Ask for presentation of the certificate which a public organization issues③ Other business process ( No. 3) ・ Define business management regulation and attempt suitable authority distribution ・ Suitable indication of CRL etc Those who were condemned to the punishment beyond confinement or the punishment by this violation of a method, or canceled authorization, cannot receive authorization during a fixed period.
1. Necessary condition for receiving authorization ( Article 6 Clause 1 )
B-2 Necessary condition,result and duty for authorization
2 . Result of authorization○ Can display that concerned business has got authorization.(Article 13 Clause 1) ・ Trust standard of authorized company○ In case of judge, article 3 ( presumption) becomes easy to be effective.
3 . Duty of authorized authentication entrepreneur○ Preservation duty of Check data whether the applicant is true or false etc (File preservation duty) (Article 11)○ Using of applicant check data for other purpose is forbidden (article 12) etc
○ Penal regulation about the act to which user does faithless proof to an authorized authentication entrepreneur etc (3 or less years of penal servitude, or 2M\ or less fine) (Article 41) etc
4 . Penal regulations
35
C Other necessary things
1. Assistance about authorized authentication business etc (Article 33)
2. Measure performed by the state government (Article 34 )
① Evaluation method of digital signature technology (code technology etc.)
② Evaluation method about the means of security maintenance fort authentication business
Investigation and research by the minister in charge
Educational activities and publicity work by the state government
①Nudge about digital signature handling and proper key management
・ Treat same manner as handwriting signature and sealing ・ Prevent the disclosure of private key etc②Make well-known the authorization system of authentic
ation business
1) Brew the understanding of people
2) Promote smooth utilization of digital signature and authentication business
1) Offer information and advice to authorized authentication business provider and it’s user, and other assistance
2) Reflect to the standard of authorization system
◆Establishment of a procedure required for international mutual recognition of authorized authentication business◆Notification of CA public key information◆Reexamination of digital signature system◆Issue of the certificate by the user discernment function
36
Legal system of each countries about digital signature
Decide upon the legal system about digital signature and Decide upon the legal system about digital signature and authentication in every country in the worldauthentication in every country in the world
Canada
USA( Federal law )
EC(EU)
Singapore
KoreaJapan
Malaysia
UN(UNCITRAL)
Adopted the digital signature model act in order that each countries promote to prepare the act related to digital signature
Australia
New Zealand
It is the world tendency which adopt what has the following functions as a definition of digital signature like the definition of the digital signature law of Japan.
・ Peculiar to an individual and possible to specify an individual. ・ A signature means is under control of a signer completely ・ Technically neutral ・ The existence of an alteration is verifiable.
It is the world tendency which adopt what has the following functions as a definition of digital signature like the definition of the digital signature law of Japan.
・ Peculiar to an individual and possible to specify an individual. ・ A signature means is under control of a signer completely ・ Technically neutral ・ The existence of an alteration is verifiable.
Member nations are working jointly to establish the unified legal system withinthe area about digital signature and authentication according to the EC Directive