1

EstablishmentEstablishment 　　 of of the Authentication platformthe Authentication platform

in Japan in Japan

EstablishmentEstablishment 　　 of of the Authentication platformthe Authentication platform

in Japan in Japan

Noboru MachidaIT Security Policy Office

Commerce and Information Policy BureauMETI ／ Ministry of Economy, Trade and Industry

March 7, 2003

Noboru MachidaIT Security Policy Office

Commerce and Information Policy BureauMETI ／ Ministry of Economy, Trade and Industry

March 7, 2003

2

１． １． e-Japan Strategy

２．２． Laws and regulationsLaws and regulations

３．３． Authentication platform forAuthentication platform for

the State Governmentthe State Government

４．４． Digital signature lawDigital signature law

3

Tackle with e-Japan Strategy

○ Enactment of IT Basic Law (Basic Law on Formation of an advanced information communication network society) (Force on January 6, 2001 ）　・ Stipulate basic principle, policy, important plan and set up of the IT Strategy Headquarter to form IT society.

○ Decision of 「 e-Japan Strategy 」 (January, 2001 ）　・ Make Japan the world's most advanced IT nation within five years. ○ IT Strategy Headquarter

○ Draw up of 「 e-Japan Priority Policy Program ｣ (March, 2001 ）

○ Draw up of 「 e-Japan Priority Policy Program-2002 」 (June, 2001 ）

　・ Embody ｢ e-Japan Strategy ｣　・ Specify the whole picture of the measure the government should implement quickly and

preponderantly.○ Established the special board of inquiry about the future state of IT Strategy (November,

2002 ）

○ Revision of ｢ e-Japan Strategy 」 Draw up of 「 New e-Japan Strategy 」 (May - June, 2003

Plan ） ○ Draw up of 「 e-Japan Priority Policy Program-2003 」 (June-July, 2003

Plan)

4

From Basic IT Strategy to e-Japan Priority Policy Program

World's most advanced IT nation within five years

Enable everyone to enjoy the benefits of IT

Reform economic structure and strengthen industrial competitiveness

Realize affluent national life and creative community with vitality

Contribute to the formation ofan advanced information & Telecommunications network society on a global scale

Basic IT Strategy

e-Japan Strategy

e-Japan Priority Policy Program

○ Embody ｢ e-Japan Strategy ｣○ Specify the whole picture of the measure the government should implement quickly and preponderantly○ Draw up of 「 e-Japan Priority Policy Program-2002 」 (June 2001 ）

IT strategy council(November 2000)

IT Strategy Headquarters (January 2001)

IT Strategy Headquarters (March 2001)

5

Promotion of R&D

International cooperation and contribution

Improvement of digital divide

Correspondence to an employment problem etc.

Measure of deepening an understanding of people

　 Pro

mo

tion

of e-co

mm

erce

　 Pro

mo

tion

of e-co

mm

erce

En

surin

g o

f security an

d reliab

ility on

advan

ced in

form

ation

and

telecom

mu

nicatio

ns n

etwo

rks

En

surin

g o

f security an

d reliab

ility on

advan

ced in

form

ation

and

telecom

mu

nicatio

ns n

etwo

rks

　 Pro

mo

tion

of fu

ll utilizatio

n o

f IT in

the p

ub

lic sector

　 Pro

mo

tion

of fu

ll utilizatio

n o

f IT in

the p

ub

lic sector

Pro

mo

tion

of ed

ucatio

n an

dd

evelop

men

t of h

um

an reso

urces

Fo

rmatio

n o

f the w

orld

’s mo

st advan

ced in

form

ation

& teleco

mm

un

ication

netw

orks

5 Priority Policy Area Crosscutting Issues

-Specify the enforcement term of a concrete measure by each ministry-

Structure of ”e-Japan Priority Policy Program-2002”

6

“e-Japan Priority Policy Program-2002”(Portion of Digital signature and AuthenticationAuthentication)

● Construction of reliable e-government system etc.

５． Ensuring security and reliability on advanced information & 　　 telecommunication networks

●Smooth enforcement of electronic signature and an authentication system　　・ Promotion of mutual recognition about authorization of authentication system　　・ Investigation research on evaluation of the technology concerning the safety and reliability of authentication system　　・ the spread and education activities to people●Preparation for International e-commerce environment　　・ Prepare PKI in the Asian countries/ Regions

5 Priority Policy Area

３． Facilitation of e-commerce

●Electronic provision of administration information●Electronic procedure for application and notification, etc.●Establishment of public individual authentication infrastructure●Electronic procedure for Government procurement, etc.

４． Digitization of administration and application of IT in other public areas

7

Computerization of administrative procedures

Concrete measure of computerization of administrative procedures in the ｢ e-Japan Priority Policy Program-2002 」

◆Enable it to perform substantially all procedures, such as application, notifications, etc. between people and administration, by the Internet etc. at an early stage as much as possible by the 2003 fiscal year.

◆Each ministry develop the common base system in connection with electronic procedure of application and notification (Authentication system and Multi purpose system applicable for plural reception and notification procedure) and start operation by the end of 2002 fiscal year.

Concrete measure of computerization of administrative procedures in the ｢ e-Japan Priority Policy Program-2002 」

◆Enable it to perform substantially all procedures, such as application, notifications, etc. between people and administration, by the Internet etc. at an early stage as much as possible by the 2003 fiscal year.

◆Each ministry develop the common base system in connection with electronic procedure of application and notification (Authentication system and Multi purpose system applicable for plural reception and notification procedure) and start operation by the end of 2002 fiscal year.

8

Review of regulations– Revision of Commercial Code to enable the use of

the Internet in sending invitations to shareholders' meetings

– Introduction of the "No-action Letter"

Creation of new rules– Clarification of closing timing of electronic contracts– Formulation of rules on the scope of liabilities of

internet Service Providers (ISPs)

Appropriate protection and use of intellectual property rights

– Provision to broadcasters of the right to give permission on sending information by third parties

– Clarification of Views as to the protection of software being

– distributed over the internet

◎Completed the preparation of basic institution for e-commerce in general

◎Although the market size about e-commerce is the 2nd in the world, there is a big difference with the U.S.

Evaluation

Enhancement of e-commerce frameworks–Thorough check of regulations hindering online

transactions of companies [CY2002]–Dissemination of e-commerce guideline for actual use

among private companies and consumers [FY2002]

Enhancement of e-commerce frameworks–Thorough check of regulations hindering online

transactions of companies [CY2002]–Dissemination of e-commerce guideline for actual use

among private companies and consumers [FY2002]

Accelerated promotion of e-commerce–Facilitation of IT utilization in private companies

>Promotion of IT-related investment, including the

identification of tax-incentives [by FY2003]

>Creation of 10,000 leading cases of IT utilization [by FY2005]–Facilitation of distribution of digital content

>Development of a digital rights management system [FY2002]

Accelerated promotion of e-commerce–Facilitation of IT utilization in private companies

>Promotion of IT-related investment, including the

identification of tax-incentives [by FY2003]

>Creation of 10,000 leading cases of IT utilization [by FY2005]–Facilitation of distribution of digital content

>Development of a digital rights management system [FY2002]

Future Policies

Implemented Policies

Enhancement of consumer protection–Establishment of an Alternative Dispute Resolution

(ADR) framework over B to C e-commerce

[FY2002]

Enhancement of consumer protection–Establishment of an Alternative Dispute Resolution

(ADR) framework over B to C e-commerce

[FY2002]

３． Facilitation of e-commerce

9

Digitization of the administration– Introduction of electronic tendering and bid-opening

for public works– Formulation of a basic plan toward the "single

window” for import/export and harbor-related procedures

– Submission to the Diet of the laws aiming at enabling all administrative services available online

Application of IT in other public areas– Formulation of a strategic grand design for

digitization in the healthcare field – Revision of Road Traffic Law to enable private

services to provide the data of road and traffic information

– Foundations of electronic government have been steadily constructed.

– Regarding the IT application in public areas, such as

healthcare, ITS and GIS, its direction was clarified, and its implementation is expected from now.

Evaluation

Digitization of the administration jointly promoted by central and local governments–Formulation of action plans for electronic filing of all governmental procedures by each ministry [FY2002]–Introduction of electronic tendering and bid-opening for all projects of public works under ministerial jurisdiction [by FY2003]–Establishment of government structures for promotion of e-government [FY2002]

Digitization of the administration jointly promoted by central and local governments–Formulation of action plans for electronic filing of all governmental procedures by each ministry [FY2002]–Introduction of electronic tendering and bid-opening for all projects of public works under ministerial jurisdiction [by FY2003]–Establishment of government structures for promotion of e-government [FY2002]

Support to local government–Presentation to local government of standard procedures for online transactions of major services such as passport issuance [by FY2003]–Promotion of the use of ASP for the operation of co- mmon systems of e-local government [from FY2002]

Support to local government–Presentation to local government of standard procedures for online transactions of major services such as passport issuance [by FY2003]–Promotion of the use of ASP for the operation of co- mmon systems of e-local government [from FY2002]

Application of IT in other public areas–Formulation of a roadmap toward the world's most advanced intelligent Transport System [FY2002]–Promotion of digital archiving of cultural assets and artworks [by FY2005]–Enhancement of information provision services on reliability of food [from FY2003]

Application of IT in other public areas–Formulation of a roadmap toward the world's most advanced intelligent Transport System [FY2002]–Promotion of digital archiving of cultural assets and artworks [by FY2005]–Enhancement of information provision services on reliability of food [from FY2003]

Future Policies

Implemented Policies

4 ． Digitization of administration and application of IT in other public areas

10

KasumigasekiWAN

　 e-application and notification

Support of Local Government

Review of Legislation ／ Action Plan

Internet

Internet

・ Simplification, efficiency and transparency ・ Paperless operation・ Information literacy and consciousness reform l

Outsourcing

・ Enrich public services with the use of IT ・ High quality of administration service・ Enter into related business

Local government

WAN

Central/ Local Government People/ Enterprise国民、企業の接点Policies for e-government

Authentication Platform

Bridge CA Commercial RegistrationCA

Private CA

行政情報電子的提供Digitizing information delivery

　 e-Procurement

歳入・歳出の子化e-annual

revenue/expenditure

Net Banking

MutualRecognition

METI

Authentication Service

Governmentpost certificate

IT image of administration for e-Japan Priority Policy Program

11

１． １． e-Japan Strategy

２．２． Laws and regulationsLaws and regulations

３．３． Authentication platform forAuthentication platform for

State GovernmentState Government

４．４． Digital signature lawDigital signature law

12

Establishment of related legal system

●Promotion of e-commerce

・ Law which revises a part of Commercial Registration Law (Law No. 40, 2000)

・ The law about electronic signature and authentication work (Law No. 102,

2000) ・ The law about maintenance of the related law for use of the technology of the information communication about grant of a document etc. (the IT document bundling-up law) (Law No. 126, 2000) ・ The law about the special case of Civil Code about an electronic consumer contract and the notice of electronic consent (Law No. 95, 2001) 　 etc.● Digitization of administration and full use of IT in public sector ・ The law about use of the information communication technology in administration procedure etc. (Law No. 151,2002) ・ The law about maintenance of the related law accompanying enforcement of the law about use of the technology of the information communication in administration procedure etc. (Law No. 151,2002) ・ The law about the authentication work of the municipal corporation concerning electronic signature (Law No. 153, 2002) etc.

●Fundamental policy

・ Advanced information communication network society formation organic act (IT organic law)

（ Law No. 144,

2000 ）

13

Online procedure of administrative application

When the administration procedure online law is enforced and an information system is fixed, procedures such as applications and notifications, will always be done through internet in a house or a company.

（ example ）○ Notification about acquisition and loss of unemployment insurance qualification(10 M/year)○ Grant application of a passport (about 5.8M/ year)○ Grant claim of family register transcript (about 36M/year)

○ On the occasion of application/ notification, presentation of copy of resident card become unnecessary

○ Improvement of national convenience

○ Simplification/Efficiency of Gov. office

◆◆About ５２，０００　 procedures were carried out by means of online 　 ○ About ２１，０００ procedures are belong to G-to-C and G-to-B (application /notification) →All administrative procedure will be shifted to online By FY ２００３　 About ６，７００ of Government procedures among １３，５００ will be shifted to online within FY ２００２

○ About ３１，０００ procedures are belong to G-to-G (Other than application /notification) →All of them will be shifted to online By FY2003 in principle

◆◆About ５２，０００　 procedures were carried out by means of online 　 ○ About ２１，０００ procedures are belong to G-to-C and G-to-B (application /notification) →All administrative procedure will be shifted to online By FY ２００３　 About ６，７００ of Government procedures among １３，５００ will be shifted to online within FY ２００２

○ About ３１，０００ procedures are belong to G-to-G (Other than application /notification) →All of them will be shifted to online By FY2003 in principle

Action Plan of each Ministry

14

●Outline・ Law was newly improved which enable about 52,000 administration

procedure, such as an application, a notification, etc. between the people etc. and

governmental agencies which have a basis to a statute, online process adding to document process・ Online administration procedure is aimed at attaining the simplification and

the increase in efficiency of administration management and improve in national convenience・ The regulation for a governmental agency performing inspection and perusal, and creation and preservation of documents by the electromagnetic record was also fixed.・ Unsuitable process for online was listed in the attached table, and excluded from applying above regulation (Face-to-face process, Process which require actual thing)・ Enforce from February 3, 2003

Point of “Law about the use of information communication technology in administration procedure etc.”

15

○○Institutional purposeInstitutional purpose・ Improvement of national convenience ・ Promotion of e-process and increase in efficiency of government and municipal corporation

○○Institutional structureInstitutional structure ◆ Adopting Electronic signature

　　　・ Signature by asymmetrical key code system (digital signature)◆Management organization　　　・ Mayors is in charge of identification work of applicant and governor is in charge of Electronic certificate issue / revocation information management work◆People who can receive issue of electronic certificate　　　・ People who are recorded in the basic resident register

◆ Verification person of signature　　　・ Governmental agency etc.(joint processing of plural prefectures is also possible) 　　　・ Private CA who performs specific authentication business and also have certain amount of reliability （ Appointed certificate authority ）

○○Enforcement ・ From the day set by the government ordinance of within the limits which measures from the day of proclamation (December 13, 2002) and does not exceed two years to enforcement

○○Institutional purposeInstitutional purpose・ Improvement of national convenience ・ Promotion of e-process and increase in efficiency of government and municipal corporation

○○Institutional structureInstitutional structure ◆ Adopting Electronic signature

　　　・ Signature by asymmetrical key code system (digital signature)◆Management organization　　　・ Mayors is in charge of identification work of applicant and governor is in charge of Electronic certificate issue / revocation information management work◆People who can receive issue of electronic certificate　　　・ People who are recorded in the basic resident register

◆ Verification person of signature　　　・ Governmental agency etc.(joint processing of plural prefectures is also possible) 　　　・ Private CA who performs specific authentication business and also have certain amount of reliability （ Appointed certificate authority ）

○○Enforcement ・ From the day set by the government ordinance of within the limits which measures from the day of proclamation (December 13, 2002) and does not exceed two years to enforcement

Establishment of public individual authentication platform system

Law about authentication work of municipal corporation related to electronic signature (December 6, 2002 enactment)

16

Outline of public individual authentication service system served by municipal corporation

Resident

Governor(certificate issue / revocation

info. Mng. organization)

Mayors (ID Check)

Prefectural CA

Governmental agencies

Private CA

VA

Issue application for Electronic certificate (4 basic information＋ Public key ）

Electronic certificate

…

E-application

Application

(flat document)＋

　　 digital 　signature （ signed using residents' private key ）

＋ Certificate（ with resident’s public key)

Validity check of electronic certificate (inquiry to CRL)

（ utilize to identify the resident ）

＜ Consignment of authentication work ＞

windowInternet

K-WAN/LGWAN etc.

K-WAN/LGWAN etc.

Prefectures can select the appointed CA 　 to which theycommit 　 the following works ・ Electronic computer process 　 to offer issue/revocation　 information of electronic 　 certificate・ Preservation of issue record 　 etc.

Four basic information: Name, Birth date, Sex, Address

CRL

17

１． １． e-Japan Strategy

２．２． Laws and regulationsLaws and regulations

３．３． Authentication platform forAuthentication platform for State GovernmentState Government４．４． Digital signature lawDigital signature law

18

Company CACompany CA

Employee

Enterprise X

Employee

ClientClient

Enterprise Y

Company CACompany CA

Judicial scrivener public notarylawyer tax accountant

ClientClient

Ministry of Justice(Commercial registration)

Inte

rne

t

（ G-to-G ）

（ G-to-C ）

corporation representative'sauthentication

corporation representative'sauthentication

K-WANK-WAN

（ G-to-B ）

BCA

A Ministry

B Ministry

C Ministry

．．．

Intern

et

（ G-to-C ）

CACA

Private

CACA

Private

Agent

CorporationAuthentication

Y Ministry

CA CA

X Ministry

CACA

ClientClient

Electronic application

Electronic bid

Electronic application

(Agent)Internet

Inte

rne

t

E-Commerce(B-to-C ）

・ IndividualAuthentication

・ Grant of agent right from a corporation

E-Commerce(B-to-C ）

IndividualAuthentication

Composition image of authentication platform in Japan

※BCA:Bridge Certification Authority

E-Commerce(B-to-B ）・ Individual authentication in a corporation

Local 　governingbodies

entrust

19

Purpose of government authentication platform (GPKI)

• Structure for checking the rightness and completeness of the electronic document exchanged through Internet etc.– Apply digital certificate created by public key

encryption/decryption method

• Consists of Bridge CA(BCA) managed by MHA and Ministry/Agency CAs managed by each ministry/agency – Mutual recognition between BCA and Ministry/Agency

CAs– Mutual recognition among Ministry/Agency CAs and

Private CAs through BCA （ build a trust chain ）

20

Whole image of authentication platform

Bridge CA

CommercialRegistry CA

AccreditedPrivate CA’s

Public individual

CA

Foreign Government

CA’s

Local Government

CA’s

Ministry/Agency CA

Other 　State organization 　

CA

Applicant'sauthenticationplatform

Right-of-disposal person’s authentication platform （ GPKI ）

21

Circumstance of the establishment of Ministry/Agency CA

• Realization of e-government– 「 About Millennium project (new 1000 period) 」

（ The Prime Minister determined on December 19, 1999 ）• Realization of Paperless administration procedure using the Internet• Establishment of government authentication platform （ GPKI ）

– 「 Fundamental framework for promotion of electronic application/notification procedure 」

（ Consented by the administration information system each ministry agency liaison conference on March 31, 2000 ）

• MHA, METI and MLIT were required to establish Ministry/Agency CA in precedence

– 「 e-Japan Priority Policy Program 」 (March 29, 2000 　 IT Strategy Headquarter)

• ALL Ministry/Agency are required to establish their own CA By the end of FY 2002

22

Mitigation of the national burden in administration procedure, improvement in administration service

Realization of e-Government

Electronic procedure Problem is how to check ID

In the process.

＜ Establishment of Authentication platform Authentication platform using using PKI (Public Key Infrastructure) ＞　Application, notification, etc. to Government 　→　 GPKI(Government PKI)

Application, notification, etc. to Local Government 　→　 LGPKI(Local 　GPKI)

　　【 Electronic processing of various certificates 】　　　　・　 Commercial registration transcript, Real estate register transcript （ Legislative Bureau ）　　　　　　 →　 Commercial registration electronic authentication system Internet registration information provide service　　　　・　 A resident card, family register transcript 　→　 Public individual authentication platform

Relationship between e-Government plan and PKI

23

Role of Ministry/Agency CAs

Issue government post certificate and open to the public

– Issue of the digital certificate of each government post, such as minister and bureau chief

• government post certificate is equivalent to the electronic official seal of an official document

– Issue actual result ( in case of METI)Minister of METI (June 13, 2001)Director-General of the SME Agency (October 22, 2001)

– Open to the public of government post certificate• Certificates are stored in integrated repository of BCA

exhibited on the Internet Validity of a certificate is guaranteed– Provision of CRL information

24

Timetable of e-Government for state government

Public works

(e-bid / check)

procurementNon public works （ e-bid / check)

Law/Regulation

LGWANconstruct

network

E-payment of

Commission

Public individual

Authentication service

private CA on electronic signature 　 law

e-authentication system based on commercial registration

Ministry/Agency CA

Bridge CA

Authentication platform

general-purpose reception system

Structure of window

２０ FY2003FY2002FY2001

Fundamentalspecification

Each Ministry/Agency start in-use by FY2002

Each Ministry/Agency Install their own CA by FY2002

In-use（ Prefectural capital ）

In-use(District main city)

In-use (Whole country)

In-use

preparation In-use

Development of e-Revenue payment system In-use

Maintained by each Ministry/Agency

In-useIntegrated procurement DB

Each Ministry/AgencyComplete by FY 2003

Partially in-use

FullyIn-use

Enhancement

In-use(Prefecture)

Networking between K-WAN and LGWAN

Fully In-use by FY 2003

E-G

ove

rnm

en

t for fo

r state

g

ove

rnm

en

t

Pro

cure

me

nt

applica

tion a

nd notification

25

Timetable of e-Government for local government

E-application system

Public individual Public individual authentication platformauthentication platform

LGPKI

Basic resident register network

LGWAN

FY2003FY2002FY2001

In-use of network　 Grant of

residents basic card

In-use(prefectures)

enhancement(connect to

K-WAN etc.)

　 In-use by FY2003

　　 (All organization)

In-use and enhancement(prefectures)

　 In-use byFY2003

　　 (All organization)

Model experiment(precedence organization)

In-use(precedence organization)

In-use(Other

organization)

Prepare for live run

(Model experiment)In-use

E-G

overnm

ent for for local government

26

ApplicantApplicant Minister etc.Minister etc.

　　

　　　　 internet

　　

　　　　 internet

Alterationimpersonate

Application/notification

Issue ofGovernment

post certificate

Certification

Issue of an Applicant certificate

Certification

Did applicant truly draw

applicatio

n?

Aren't the application

altered during

transmitting?

Application

certification

Did the right

person draw up

the notice truly?

Aren't the application

altered during

transmitting?

Private CAPrivate CA

Private CA(JCSI)Private CA(JCSI)

Commercial Registration CA

Commercial Registration CA

Mutual recognition

　　　　　　　　　　　　　 Currently performing mutual recognition with BCA (as of the end of December, 2002)

MHLW CAMHLW CA

METI CAMETI CA

MLIT CAMLIT CA

Bridge CABridge CA

Mutual recognition

Gov. Authenticati

onplatform

Gov. Authenticati

onplatform

MHA CAMHA CA

　　　　　　　　　　　　　 Notice of permission, approval, etc 　

Notice

certification

confirmationconfirmation confirmationconfirmation

Online application/notification processingusing government authentication platform

Ministry/Agency CAs

27

Effectiveness of Mutual recognition

Bridge CA （ＢＣＡ）

④ Bridge CAtrusts Private CA.

⑨ Bridge CAtrusts METI-CA.

Private CA(Applicant)

⑧ Private CA trusts Bridge CA.

⑤ Is he trulyMr. Suzuki?

申請書

Applicant (Mr. Suzuki) ）

METI○○ 局長

申請書

① Application

notice

notice ⑥ Response

② Truly Mr.

Suzuki?

METI-CA（ Government ）

③ METI-CAtrusts Bridge CA.

⑩ This government post certificate is ○○

of the METI.

Private ＣＡDirectory Ｄ

ＢＣＡDirectory Ｃ

G ＣＡDirectory Ｄ

Government post Directory Ａ

ApplicantDirectory Ｂ

許可 許可

＜ Precondition ＞• Each CA is attested mutually.• Mr. Suzuki is attested by the private CA.• The bureau chief ○○ is attested by METI-CA.

＜ Precondition ＞• Each CA is attested mutually.• Mr. Suzuki is attested by the private CA.• The bureau chief ○○ is attested by METI-CA.

⑦ Is he trulythe bureau chief ○○?

METIPeople/Company

Mutual recognition

General-purpose electronic application system

28

１． １． e-Japan Strategy

２．２． Laws and regulationsLaws and regulations

３．３． Authentication platform forAuthentication platform for

State GovernmentState Government

４．４． Digital signature lawDigital signature law

29

Electronic signature　 Measures performed in order to show a creator of electromagnetic information and it will be a verifiable method of an alteration

Authentication work　 Business proving the user performed electronic signature using his own code key

Electronic signature　 Measures performed in order to show a creator of electromagnetic information and it will be a verifiable method of an alteration

Authentication work　 Business proving the user performed electronic signature using his own code key

What is electronic signature and authentication work

Order 100 computers 　 A company

Order 100 computers 　 A company

Order 100 computers 　 A company

Order 100 computers 　 A company

A

Transmission

Decryption

B

A’s 　 private key(Only A owns ）

Encryption

Electronic signature

Electronic signature

Order 100 computers 　 A company

Order 100 computers 　 A company

Certificate

A’s public key

Reception

Electronic signature

　 A’s public key(Anyone can know)

•A requests authentication entrepreneur to issue the electronic certificate. By it, he proves that he is a owner of the public key •B checks the validity of the received electronic certificate. If effective, he decrypt electronic signature using the public key of A, and verify the alteration of it.

　　 A’s public key

Verifyalteration

Private key and public key are pair keys. Encrypted data with one key can only be decrypted with the other key

30

Application (Issue of electroniccertificate )

Receipt of Electronic certificate

Registration（ Identify applicant ）

Issue(Digital

certificate)

Repository(Provision of

CRL information)

Request

Issue

Register electronic certificate

Register CRL

Certification

Authority(CA)

Reception

Validity check of electronic certificate

Image of electronic signature and authentication work based on a public-key crypto system

User A(CA user)

Receiver B(Verifier)

A’s public key(pair of private key)

Message Digest

EncryptionHash Function Message

Digest

Decryption

Message Digest

Coincide Non ⇒ alterationDon’t coincide ⇒Alteration

Effective public key

of ATransmission

Certificate

A’s public key

Certificate

A’s public key

Certificate

A’s public key

Hash Function

Digital Data (Flat text) Digital Data

(Flat text)

Digital Data (Flat text)

Electronic signature

Electronic signature

Electronic signature

31

By achieving the smooth use of e-signature, accelerate the information circulation and information processing using the electromagnetic medium

Contents of the Electronic Signatures Law

Clarify the handling of electronic signature on the law　　 Presume the rightness of an electric document to which electronic signature by him is given was approved （ Article 3 ）

Presumption that the rightness of an electromagnetic record was approvedPresumption that the rightness of an electromagnetic record was approved

Introduce the authorization system over reliable authentication work 　 ① Authorization of authentication work （ Article 4-16 ）　　② Appointed examination organization etc （ Article 17-32 ）　　③ Penalty regulations （ Article 41- 47 ）

Authorization system about specific authentication workAuthorization system about specific authentication work

　　① Assistance to the specific authentication work by the minister in charge etc （ Article 33）　　② National measure, 　 educational activities to people and Publicity work （ Article 34 ）

Other necessary thingsOther necessary things

A

B

C

（ enacted on May 31, ２０００、 enforced from April 1, ２００１ )

Improvement of the people’s life, and healthy development of national economy

　 Carry out the social economy activity smoothly through network

32

［handw

riting signature and sealing]

（ Document)

AWhen there is [signature or sealing of him ]

［Electronic Signatures]

When there is ( electronicsignature of him)

Presume that electromagnetic document was approved to be right

Implementation of similar structure

　 A 　 Presumption of the authenticity of an digital document

Presume that document

was approved to be right

( made based on his

intention)

○ 　 Code of Civil Procedure (Article 228 Paragraph 4) 　 「 private document is presumed to be what was materialized correctly when there is a signature or sealing of him or its representative 」

Electronic Signature

Info

○ 　 The Electronic signatures Law, Article3 　 「 The information created by the electromagnetic record is presumed to be what was materialized correctly when the electronic signature of it is done by him 」 ※Electronic signature : Measures performed in order to show a maker of electromagnetic information and it will be a verifiable method if there is an alteration

( Sign) or ( Seal)

33

　 B-1 　 Authorization system about specific authentication work

○Introduction of an arbitrary authorization system (Article 4) Show the judgment standard of the reliability about attestation business

○Specific authentication work (Article2 Clause 3)　 Performed about electronic signature which suits certain standard

Nation [Law about electronic signature and authentication work ]

Standard of authorization・ system of electronic signature・ Equipment for office work・ Way to identify an applicant is truth or not・ Other way of office work

Authorization （ Office site survey 　 can be carried out by the appointed research institute specified by the state ）

Application（ voluntary）

Reexamination of authorization standard

　・ Ensure the safety of electronic signature　・ Cope with the new electronic signature system　・ Cope with the new business model　　 Etc

Apply for issue of an electronic certificate

Validation check of CertificationSenderSender ReceiverReceiver

Authentication entrepreneur

Authentication entrepreneur

Image of digital signature and authentication work

Notes: A foreign authentication entrepreneur is also able to receive authorization

Send a e-signed electronic document with attaching certificate

IssueCertificate

By displaying the authorized work, It become possible to identify applicant is true or not

34

① 　 Equipment used for business （ No. 1 ） ・　 Severe storage of the private key used for authentication business ・　 Use of equipment which has safety and reliability etc② 　 Check method weather the applicant is true or false （ No. 2) ・　 Ask for presentation of the certificate which a public organization issues③ 　 Other business process ( No. 3) ・　 Define business management regulation and attempt suitable authority distribution ・　 Suitable indication of CRL etc 　 Those who were condemned to the punishment beyond confinement or the punishment by this violation of a method, or canceled authorization, cannot receive authorization during a fixed period.

１． Necessary condition for receiving authorization （ Article 6 Clause 1 ）

B-2 　 Necessary condition,result and duty for authorization

2 ． Result of authorization○ 　 Can display that concerned business has got authorization.(Article 13 Clause 1) ・　 Trust standard of authorized company○ 　 In case of judge, article 3 ( presumption) becomes easy to be effective.

3 ． Duty of authorized authentication entrepreneur○ 　 Preservation duty of Check data whether the applicant is true or false etc (File preservation duty) (Article 11)○ 　 Using of applicant check data for other purpose is forbidden (article 12) etc

○ 　 Penal regulation about the act to which user does faithless proof to an authorized authentication entrepreneur etc 　　 (3 or less years of penal servitude, or 2M\ or less fine) (Article 41) etc

4 ． Penal regulations

35

C 　 Other necessary things

1. Assistance about authorized authentication business etc (Article 33)

２． Measure performed by the state government (Article 34 )

① Evaluation method of digital signature technology (code technology etc.)

② Evaluation method about the means of security maintenance fort authentication business

Investigation and research by the minister in charge

Educational activities and publicity work by the state government

①Nudge about digital signature handling and proper key management

・ Treat same manner as handwriting signature and sealing　 ・ Prevent the disclosure of private key etc②Make well-known the authorization system of authentic

ation business

1) Brew the understanding of people

2) Promote smooth utilization of digital signature and authentication business

1) Offer information and advice to authorized authentication business provider and it’s user, and other assistance

2) Reflect to the standard of authorization system

◆Establishment of a procedure required for international mutual recognition of authorized authentication business◆Notification of CA public key information◆Reexamination of digital signature system◆Issue of the certificate by the user discernment function

36

Legal system of each countries about digital signature

Decide upon the legal system about digital signature and Decide upon the legal system about digital signature and authentication in every country in the worldauthentication in every country in the world 　　　　　　

Canada

USA（ Federal law ）

EC(EU)

Singapore

KoreaJapan

Malaysia

UN(UNCITRAL)

Adopted the digital signature model act in order that each countries promote to prepare the act related to digital signature

Australia

New Zealand

It is the world tendency which adopt what has the following functions as a definition of digital signature like the definition of the digital signature law of Japan.

　・ Peculiar to an individual and possible to specify an individual.　・ A signature means is under control of a signer completely　・ Technically neutral 　・ The existence of an alteration is verifiable.

It is the world tendency which adopt what has the following functions as a definition of digital signature like the definition of the digital signature law of Japan.

　・ Peculiar to an individual and possible to specify an individual.　・ A signature means is under control of a signer completely　・ Technically neutral 　・ The existence of an alteration is verifiable.

Member nations are working jointly to establish the unified legal system withinthe area 　 about digital signature and authentication according to the EC Directive

37

Thank youThank you

http://www.meti.go.jp/policy/netsecurity/　

Office of IT Security Policy, METI, JapanTEL: +81-3-3501-0397

FAX: +81-3-3501-6639mailto: machida-noboru@meti.go.jp