1. 1 Establishment of the Authentication platform in Japan Noboru Machida IT Security Policy Office Commerce and Information Policy Bureau METI ／ Ministry of Economy, Trade and Industry March 7, 2003 Noboru Machida IT Security Policy Office Commerce and Information Policy Bureau METI ／ Ministry of Economy, Trade and Industry March 7, 2003

2. 2 １． １． e-Japan Strategy ２． Laws and regulations ３． Authentication platform for the State Government the State Government ４． Digital signature law

3. 3 Tackle with e-Japan Strategy ○ Enactment of IT Basic Law (Basic Law on Formation of an advanced information communication network society) (Force on January 6, 2001 ） ・ Stipulate basic principle, policy, important plan and set up of the IT Strategy Headquarter to form IT society. ○ Decision of 「 e-Japan Strategy 」 (January, 2001 ） ・ Make Japan the world's most advanced IT nation within five years. ○ IT Strategy Headquarter ○ Draw up of 「 e-Japan Priority Policy Program ｣ (March, 2001 ） ○ Draw up of 「 e-Japan Priority Policy Program-2002 」 (June, 2001 ） ・ Embody ｢ e-Japan Strategy ｣ ・ Specify the whole picture of the measure the government should implement quickly and preponderantly. ○ Established the special board of inquiry about the future state of IT Strategy (November, 2002 ） ○ Revision of ｢ e-Japan Strategy 」 Draw up of 「 New e-Japan Strategy 」 (May - June, 2003 Plan ） ○ Draw up of 「 e-Japan Priority Policy Program-2003 」 (June-July, 2003 Plan)

4. 4 From Basic IT Strategy to e-Japan Priority Policy Program World's most advanced IT nation within five years Enable everyone to enjoy the benefits of IT Reform economic structure and strengthen industrial competitiveness Realize affluent national life and creative community with vitality Contribute to the formation of an advanced information & Telecommunications network society on a global scale Basic IT Strategy e-Japan Strategy e-Japan Priority Policy Program ○ Embody ｢ e-Japan Strategy ｣ ○ Specify the whole picture of the measure the government should implement quickly and preponderantly ○ Draw up of 「 e-Japan Priority Policy Program-2002 」 (June 2001 ） IT strategy council (November 2000) IT Strategy Headquarters (January 2001) IT Strategy Headquarters (March 2001)

5. 5 Promotion of R&D International cooperation and contribution Improvement of digital divide Correspondence to an employment problem etc. Measure of deepening an understanding of people Ensuring of security and reliability on advanced information and telecommunications networks Ensuring of security and reliability on advanced information and telecommunications networks Promotion of education anddevelopment of human resources Formation of the world’s most advanced information & telecommunication networks 5 Priority Policy AreaCrosscutting Issues -Specify the enforcement term of a concrete measure by each ministry- Structure of ”e-Japan Priority Policy Program-2002”

6. 6 Authentication “e-Japan Priority Policy Program-2002” (Portion of Digital signature and Authentication) ● Construction of reliable e-government system etc. ５． Ensuring security and reliability on advanced information & telecommunication networks ●Smooth enforcement of electronic signature and an authentication system ・ Promotion of mutual recognition about authorization of authentication system ・ Investigation research on evaluation of the technology concerning the safety and reliability of authentication system ・ the spread and education activities to people ●Preparation for International e-commerce environment ・ Prepare PKI in the Asian countries/ Regions 5 Priority Policy Area ３． Facilitation of e-commerce ●Electronic provision of administration information ●Electronic procedure for application and notification, etc. ●Establishment of public individual authentication infrastructure ●Electronic procedure for Government procurement, etc. ４． Digitization of administration and application of IT in other public areas

7. 7 Computerization of administrative procedures Concrete measure of computerization of administrative procedures in the ｢ e-Japan Priority Policy Program-2002 」 ◆ Enable it to perform substantially all procedures, such as application, notifications, etc. between people and administration, by the Internet etc. at an early stage as much as possible by the 2003 fiscal year. ◆ Each ministry develop the common base system in connection with electronic procedure of application and notification (Authentication system and Multi purpose system applicable for plural reception and notification procedure) and start operation by the end of 2002 fiscal year. Concrete measure of computerization of administrative procedures in the ｢ e-Japan Priority Policy Program-2002 」 ◆ Enable it to perform substantially all procedures, such as application, notifications, etc. between people and administration, by the Internet etc. at an early stage as much as possible by the 2003 fiscal year. ◆ Each ministry develop the common base system in connection with electronic procedure of application and notification (Authentication system and Multi purpose system applicable for plural reception and notification procedure) and start operation by the end of 2002 fiscal year.

8. 8 Review of regulations – Revision of Commercial Code to enable the use of the Internet in sending invitations to shareholders' meetings – Introduction of the "No-action Letter" Creation of new rules – Clarification of closing timing of electronic contracts – Formulation of rules on the scope of liabilities of internet Service Providers (ISPs) Appropriate protection and use of intellectual property rights – Provision to broadcasters of the right to give permission on sending information by third parties – Clarification of Views as to the protection of software being – distributed over the internet ◎ Completed the preparation of basic institution for e-commerce in general ◎ Although the market size about e- commerce is the 2nd in the world, there is a big difference with the U.S. Evaluation Enhancement of e-commerce frameworks – Thorough check of regulations hindering online transactions of companies [CY2002] – Dissemination of e-commerce guideline for actual use among private companies and consumers [FY2002] Enhancement of e-commerce frameworks – Thorough check of regulations hindering online transactions of companies [CY2002] – Dissemination of e-commerce guideline for actual use among private companies and consumers [FY2002] Accelerated promotion of e-commerce – Facilitation of IT utilization in private companies >Promotion of IT-related investment, including the identification of tax-incentives [by FY2003] >Creation of 10,000 leading cases of IT utilization [by FY2005] – Facilitation of distribution of digital content >Development of a digital rights management system [FY2002] Accelerated promotion of e-commerce – Facilitation of IT utilization in private companies >Promotion of IT-related investment, including the identification of tax-incentives [by FY2003] >Creation of 10,000 leading cases of IT utilization [by FY2005] – Facilitation of distribution of digital content >Development of a digital rights management system [FY2002] Future Policies Implemented Policies Enhancement of consumer protection – Establishment of an Alternative Dispute Resolution (ADR) framework over B to C e-commerce [FY2002] Enhancement of consumer protection – Establishment of an Alternative Dispute Resolution (ADR) framework over B to C e-commerce [FY2002] ３． Facilitation of e-commerce

9. 9 Digitization of the administration – Introduction of electronic tendering and bid-opening for public works – Formulation of a basic plan toward the "single window” for import/export and harbor-related procedures – Submission to the Diet of the laws aiming at enabling all administrative services available online Application of IT in other public areas – Formulation of a strategic grand design for digitization in the healthcare field – Revision of Road Traffic Law to enable private services to provide the data of road and traffic information – Foundations of electronic government have been steadily constructed. – Regarding the IT application in public areas, such as healthcare, ITS and GIS, its direction was clarified, and its implementation is expected from now. Evaluation Digitization of the administration jointly promoted by central and local governments – Formulation of action plans for electronic filing of all governmental procedures by each ministry [FY2002] – Introduction of electronic tendering and bid-opening for all projects of public works under ministerial jurisdiction [by FY2003] – Establishment of government structures for promotion of e-government [FY2002] Digitization of the administration jointly promoted by central and local governments – Formulation of action plans for electronic filing of all governmental procedures by each ministry [FY2002] – Introduction of electronic tendering and bid-opening for all projects of public works under ministerial jurisdiction [by FY2003] – Establishment of government structures for promotion of e-government [FY2002] Support to local government – Presentation to local government of standard procedures for online transactions of major services such as passport issuance [by FY2003] – Promotion of the use of ASP for the operation of co- mmon systems of e-local government [from FY2002] Support to local government – Presentation to local government of standard procedures for online transactions of major services such as passport issuance [by FY2003] – Promotion of the use of ASP for the operation of co- mmon systems of e-local government [from FY2002] Application of IT in other public areas – Formulation of a roadmap toward the world's most advanced intelligent Transport System [FY2002] – Promotion of digital archiving of cultural assets and artworks [by FY2005] – Enhancement of information provision services on reliability of food [from FY2003] Application of IT in other public areas – Formulation of a roadmap toward the world's most advanced intelligent Transport System [FY2002] – Promotion of digital archiving of cultural assets and artworks [by FY2005] – Enhancement of information provision services on reliability of food [from FY2003] Future Policies Implemented Policies 4 ． Digitization of administration and application of IT in other public areas

10. 10 Kasumigaseki WAN e-application and notification Support of Local Government Review of Legislation ／ Action Plan Internet ・ Simplification, efficiency and transparency ・ Paperless operation ・ Information literacy and consciousness reform l Outsourcing ・ Enrich public services with the use of IT ・ High quality of administration service ・ Enter into related business Local government WAN Central/ Local GovernmentPeople/ Enterprise 国民、企業の接点 Policies for e-government Authenticati on Platform Bridge CA Commercial Registration CA Private CA 行政情報電子的提供 Digitizing information delivery e-Procurement 歳入・歳出の子化 e-annual revenue/expenditure Net Banking Mutual Recognition METI Authentication Service Government post certificate IT image of administration for e-Japan Priority Policy Program

11. 11 １． １． e-Japan Strategy ２． Laws and regulations ３． Authentication platform for State Government State Government ４． Digital signature law

12. 12 Establishment of related legal system ●Promotion of e-commerce ・ Law which revises a part of Commercial Registration Law (Law No. 40, 2000) ・ The law about electronic signature and authentication work (Law No. 102, 2000) ・ The law about maintenance of the related law for use of the technology of the information communication about grant of a document etc. (the IT document bundling-up law) (Law No. 126, 2000) ・ The law about the special case of Civil Code about an electronic consumer contract and the notice of electronic consent (Law No. 95, 2001) etc. ● Digitization of administration and full use of IT in public sector ・ The law about use of the information communication technology in administration procedure etc. (Law No. 151,2002) ・ The law about maintenance of the related law accompanying enforcement of the law about use of the technology of the information communication in administration procedure etc. (Law No. 151,2002) ・ The law about the authentication work of the municipal corporation concerning electronic signature (Law No. 153, 2002) etc. ●Fundamental policy ・ Advanced information communication network society formation organic act (IT organic law) （ Law No. 144, 2000 ）

13. 13 Online procedure of administrative application When the administration procedure online law is enforced and an information system is fixed, procedures such as applications and notifications, will always be done through internet in a house or a company. （ example ） ○ Notification about acquisition and loss of unemployment insurance qualification(10 M/year) ○ Grant application of a passport (about 5.8M/ year) ○ Grant claim of family register transcript (about 36M/year) ○ On the occasion of application/ notification, presentation of copy of resident card become unnecessary ○ Improvement of national convenience ○ Simplification/Efficiency of Gov. office ◆ ◆ About ５２，０００ procedures were carried out by means of online ○ About ２１，０００ procedures are belong to G-to-C and G-to-B (application /notification) →All administrative procedure will be shifted to online By FY ２００３ About ６，７００ of Government procedures among １３，５００ will be shifted to online within FY ２００２ ○ About ３１，０００ procedures are belong to G-to-G (Other than application /notification) →All of them will be shifted to online By FY2003 in principle ◆ ◆ About ５２，０００ procedures were carried out by means of online ○ About ２１，０００ procedures are belong to G-to-C and G-to-B (application /notification) →All administrative procedure will be shifted to online By FY ２００３ About ６，７００ of Government procedures among １３，５００ will be shifted to online within FY ２００２ ○ About ３１，０００ procedures are belong to G-to-G (Other than application /notification) →All of them will be shifted to online By FY2003 in principle Action Plan of each Ministry

14. 14 ● Outline ・ Law was newly improved which enable about 52,000 administration procedure, such as an application, a notification, etc. between the people etc. and governmental agencies which have a basis to a statute, online process adding to document process ・ Online administration procedure is aimed at attaining the simplification and the increase in efficiency of administration management and improve in national convenience ・ The regulation for a governmental agency performing inspection and perusal, and creation and preservation of documents by the electromagnetic record was also fixed. ・ Unsuitable process for online was listed in the attached table, and excluded from applying above regulation (Face-to-face process, Process which require actual thing) ・ Enforce from February 3, 2003 Point of “Law about the use of information communication technology in administration procedure etc.”

15. 15 ○Institutional purpose ・ Improvement of national convenience ・ Promotion of e-process and increase in efficiency of government and municipal corporation ○Institutional structure ◆ Adopting Electronic signature ・ Signature by asymmetrical key code system (digital signature) ◆ Management organization ・ Mayors is in charge of identification work of applicant and governor is in charge of Electronic certificate issue / revocation information management work ◆ People who can receive issue of electronic certificate ・ People who are recorded in the basic resident register ◆ Verification person of signature ・ Governmental agency etc.(joint processing of plural prefectures is also possible) ・ Private CA who performs specific authentication business and also have certain amount of reliability （ Appointed certificate authority ） ○ ○Enforcement ・ From the day set by the government ordinance of within the limits which measures from the day of proclamation (December 13, 2002) and does not exceed two years to enforcement ○Institutional purpose ・ Improvement of national convenience ・ Promotion of e-process and increase in efficiency of government and municipal corporation ○Institutional structure ◆ Adopting Electronic signature ・ Signature by asymmetrical key code system (digital signature) ◆ Management organization ・ Mayors is in charge of identification work of applicant and governor is in charge of Electronic certificate issue / revocation information management work ◆ People who can receive issue of electronic certificate ・ People who are recorded in the basic resident register ◆ Verification person of signature ・ Governmental agency etc.(joint processing of plural prefectures is also possible) ・ Private CA who performs specific authentication business and also have certain amount of reliability （ Appointed certificate authority ） ○ ○Enforcement ・ From the day set by the government ordinance of within the limits which measures from the day of proclamation (December 13, 2002) and does not exceed two years to enforcement Establishment of public individual authentication platform system Law about authentication work of municipal corporation related to electronic signature (December 6, 2002 enactment)

16. 16 Outline of public individual authentication service system served by municipal corporation Resident Governor(certificat e issue / revocation info. Mng. organization) Mayors (ID Check) Prefectural CA Governmental agencies Private CA VA Issue application for Electronic certificate (4 basic information ＋ Public key ） Electronic certificate … E-application Application (flat document) ＋ digital signature （ signed using residents' private key ） ＋ Certificate （ with resident’s public key) Validity check of electronic certificate (inquiry to CRL) （ utilize to identify the resident ） ＜ Consignment of authentication work ＞ window Interne t K-WAN/LGWAN etc. Prefectures can select the appointed CA to which they commit the following works ・ Electronic computer process to offer issue/revocation information of electronic certificate ・ Preservation of issue record etc. Four basic information: Name, Birth date, Sex, Address CRL

17. 17 １． １． e-Japan Strategy ２． Laws and regulations ３． Authentication platform for State Government State Government ４． Digital signature law

18. 18 Company CA Employee Enterprise X Employee Client Enterprise Y Company CA Judicial scrivener public notary lawyer tax accountant Client Ministry of Justice ( Commercial registration ) Internet （ G-to- G ） （ G-to- C ） corporation representative's authentication corporation representative's authentication K-WAN （ G-to- B ） BCA A Ministry B Ministry C Ministry ．．． Internet （ G-to- C ） CA Private CA Private Agent Corporation Authentication Y Ministry CA X Ministry CA Client Electronic application Electronic bid Electronic application (Agent) Internet E-Commerce (B-to-C ） ・ Individual Authentication ・ Grant of agent right from a corporation E-Commerce (B-to-C ） Individual Authentication Composition image of authentication platform in Japan ※ BCA:Bridge Certification Authority E-Commerce (B-to-B ）・ Individual authentication in a corporation Local governing bodies entrust

19. 19 Purpose of government authentication platform (GPKI) Structure for checking the rightness and completeness of the electronic document exchanged through Internet etc. –Apply digital certificate created by public key encryption/decryption method Consists of Bridge CA(BCA) managed by MHA and Ministry/Agency CAs managed by each ministry/agency –Mutual recognition between BCA and Ministry/Agency CAs –Mutual recognition among Ministry/Agency CAs and Private CAs through BCA （ build a trust chain ）

20. 20 Whole image of authentication platform Bridge CA Commercial Registry CA Accredited Private CA’s Public individual CA Foreign Government CA’s Local Government CA’s Ministry/ Agency CA Other State organization CA Applicant's authentication platform Right-of-disposal person’s authentication platform （ GPKI ）

21. 21 Circumstance of the establishment of Ministry/Agency CA Realization of e-government – 「 About Millennium project (new 1000 period) 」 （ The Prime Minister determined on December 19, 1999 ） Realization of Paperless administration procedure using the Internet Establishment of government authentication platform （ GPKI ） – 「 Fundamental framework for promotion of electronic application/notification procedure 」 （ Consented by the administration information system each ministry agency liaison conference on March 31, 2000 ） MHA, METI and MLIT were required to establish Ministry/Agency CA in precedence – 「 e-Japan Priority Policy Program 」 (March 29, 2000 IT Strategy Headquarter) ALL Ministry/Agency are required to establish their own CA By the end of FY 2002

22. 22 Mitigation of the national burden in administration procedure, improvement in administration service Realization of e-Government Electronic procedure Problem is how to check ID In the process. Authentication platform ＜ Establishment of Authentication platform using using PKI (Public Key Infrastructure) ＞ Application, notification, etc. to Government → GPKI(Government PKI) Application, notification, etc. to Local Government → LGPKI(Local GPKI) 【 Electronic processing of various certificates 】 ・ Commercial registration transcript, Real estate register transcript （ Legislative Bureau ） → Commercial registration electronic authentication system Internet registration information provide service ・ A resident card, family register transcript → Public individual authentication platform Relationship between e-Government plan and PKI

23. 23 Role of Ministry/Agency CAs Issue government post certificate and open to the public –Issue of the digital certificate of each government post, such as minister and bureau chief government post certificate is equivalent to the electronic official seal of an official document –Issue actual result ( in case of METI) Minister of METI (June 13, 2001) Director-General of the SME Agency (October 22, 2001) –Open to the public of government post certificate Certificates are stored in integrated repository of BCA exhibited on the Internet Validity of a certificate is guaranteed –Provision of CRL information

24. 24 Timetable of e-Government for state government Public works (e-bid / check) procurement Non public works （ e-bid / check) Law/Regulation LGWAN construct network E-payment of Commission Public individual Authentication service private CA on electronic signature law e-authentication system based on commercial registration Ministry/Agency CA Bridge CA Authentication platform general-purpose reception system Structure of window ２０ FY2003 FY2002FY2001 Fundamental specification Each Ministry/Agency start in-use by FY2002 Each Ministry/Agency Install their own CA by FY2002 In-use （ Prefectural capital ） In-use (District main city ) In-use (Whole country ) In-use preparation In-use Development of e-Revenue payment systemIn-use Maintained by each Ministry/Agency In-use Integrated procurement DB Each Ministry/Agency Complete by FY 2003 Partially in-use Fully In-use Enhancement In-use (Prefecture ) Networking between K-WAN and LGWAN Fully In-use by FY 2003 E-Government for for state government Procurement application and notification

25. 25 Timetable of e-Government for local government E-application system Public individual authentication platform LGPKI Basic resident register network LGWAN FY2003FY2002FY2001 In-use of network Grant of residents basic card In-use (prefectures) enhancement (connect to K-WAN etc.) In-use by FY2003 (All organization) In-use and enhancement (prefectures) In-use by FY2003 (All organization) Model experiment (precedence organization) In-use (precedence organization) In-use (Other organization) Prepare for live run (Model experiment) In-use E-Government for for local government

26. 26 Applicant Minister etc. internet Alteration impersonate Application/notification Issue of Government post certificate Certification Issue of an Applicant certificate Certification Did applicant truly draw application? Aren't the application altered during transmitting? Application certification Did the right person draw up the notice truly? Aren't the application altered during transmitting? Private CA Private CA(JCSI) Commercial Registration CA Commercial Registration CA Mutual recognition Currently performing mutual recognition with BCA (as of the end of December, 2002) MHLW CA METI CA MLIT CA Bridge CA Mutual recognition Gov. Authenticatio n platform Gov. Authenticatio n platform MHA CA Notice of permission, approval, etc Notice certification confirmation Online application/notification processing using government authentication platform Ministry/Agency CAs

27. 27 Effectiveness of Mutual recognition Bridge CA （ＢＣＡ） ④ Bridge CA trusts Private CA. ⑨ Bridge CA trusts METI-CA. Private CA (Applicant) ⑧ Private CA trusts Bridge CA. ⑤ Is he truly Mr. Suzuki? 申請書 Applicant (Mr. Suzuki) ） METI○○ 局長 申請書 ① Application notic e ⑥ Response ② Truly Mr. Suzuki ? METI-CA （ Government ） ③ METI-CA trusts Bridge CA. ⑩ This government post certificate is ○○ of the METI. Private ＣＡ Directory Ｄ ＢＣＡ Directory Ｃ G ＣＡ Directory Ｄ Government post Directory Ａ Applicant Directory Ｂ 許可 ＜ Precondition ＞ Each CA is attested mutually. Mr. Suzuki is attested by the private CA. The bureau chief ○○ is attested by METI-CA. ＜ Precondition ＞ Each CA is attested mutually. Mr. Suzuki is attested by the private CA. The bureau chief ○○ is attested by METI-CA. ⑦ Is he truly the bureau chief ○○? METIPeople/Company Mutual recognition General-purpose electronic application system

28. 28 １． １． e-Japan Strategy ２． Laws and regulations ３． Authentication platform for State Government State Government ４． Digital signature law

29. 29 Electronic signature Measures performed in order to show a creator of electromagnetic information and it will be a verifiable method of an alteration Authentication work Business proving the user performed electronic signature using his own code key Electronic signature Measures performed in order to show a creator of electromagnetic information and it will be a verifiable method of an alteration Authentication work Business proving the user performed electronic signature using his own code key What is electronic signature and authentication work Order 100 computers A company Order 100 computers A company Order 100 computers A company Order 100 computers A company A Transmission Decryption B A’s private key (Only A owns ） Encryption Electronic signature Electronic signature Order 100 computers A company Order 100 computers A company Certificate A’s public key Reception Electronic signature A’s public key (Anyone can know) A requests authentication entrepreneur to issue the electronic certificate. By it, he proves that he is a owner of the public key B checks the validity of the received electronic certificate. If effective, he decrypt electronic signature using the public key of A, and verify the alteration of it. A’s public key Verify alteration  Private key and public key are pair keys. Encrypted data with one key can only be decrypted with the other key

30. 30 Application (Issue of electronic certificate ) Receipt of Electronic certificate Registration （ Identify applicant ） Issue (Digital certificate) Repository (Provision of CRL information) Request Issue Register electronic certificate Register CRL Certification Authority(CA) Reception Validity check of electronic certificate Image of electronic signature and authentication work based on a public-key crypto system User A (CA user) Receiver B (Verifier) A’s public key (pair of private key) Message Digest Encryption Hash Function Message Digest Decryption Message Digest Coincide ⇒ Non alteration Don’t coincide ⇒ Alteration Effective public key of A Transmission Certificate A’s public key Certificate A’s public key Certificate A’s public key Hash Function Digital Data (Flat text) Digital Data (Flat text) Digital Data (Flat text) Electronic signature Electronic signature Electronic signature

31. 31 By achieving the smooth use of e-signature, accelerate the information circulation and information processing using the electromagnetic medium Contents of the Electronic Signatures Law Clarify the handling of electronic signature on the law Presume the rightness of an electric document to which electronic signature by him is given was approved （ Article 3 ） Presumption that the rightness of an electromagnetic record was approved Introduce the authorization system over reliable authentication work ① Authorization of authentication work （ Article 4-16 ） ② Appointed examination organization etc （ Article 17-32 ） ③ Penalty regulations （ Article 41- 47 ） Authorization system about specific authentication work ① Assistance to the specific authentication work by the minister in charge etc （ Article 33 ） ② National measure, educational activities to people and Publicity work （ Article 34 ） Other necessary things A B C （ enacted on May 31, ２０００、 enforced from April 1, ２００ １ ) Improvement of the people’s life, and healthy development of national economy Carry out the social economy activity smoothly through network

32. 32 （ Document) A When there is [signature or sealing of him ] When there is ( electronic signature of him) Presume that electromagnetic document was approved to be right Implementation of similar structure A Presumption of the authenticity of an digital document Presume that document was approved to be right ( made based on his intention) ○ Code of Civil Procedure (Article 228 Paragraph 4) 「 private document is presumed to be what was materialized correctly when there is a signature or sealing of him or its representative 」 Electronic Signature Info ○ The Electronic signatures Law, Article3 「 The information created by the electromagnetic record is presumed to be what was materialized correctly when the electronic signature of it is done by him 」 ※ Electronic signature : Measures performed in order to show a maker of electromagnetic information and it will be a verifiable method if there is an alteration ( Sign) or ( Seal)

33. 33 B-1 Authorization system about specific authentication work ○ Introduction of an arbitrary authorization system (Article 4) Show the judgment standard of the reliability about attestation business ○ Specific authentication work (Article2 Clause 3) Performed about electronic signature which suits certain standard Nation [Law about electronic signature and authentication work ] Standard of authorization ・ system of electronic signature ・ Equipment for office work ・ Way to identify an applicant is truth or not ・ Other way of office work Authorization （ Office site survey can be carried out by the appointed research institute specified by the state ） Application （ voluntary ） Reexamination of authorization standard ・ Ensure the safety of electronic signature ・ Cope with the new electronic signature system ・ Cope with the new business model Etc Apply for issue of an electronic certificate Validation check of Certification Sender Receiver Authentication entrepreneur Authentication entrepreneur Image of digital signature and authentication work Notes: A foreign authentication entrepreneur is also able to receive authorization Send a e-signed electronic document with attaching certificate Issue Certificate By displaying the authorized work, It become possible to identify applicant is true or not

34. 34 ① Equipment used for business （ No. 1 ） ・ Severe storage of the private key used for authentication business ・ Use of equipment which has safety and reliability etc ② Check method weather the applicant is true or false （ No. 2) ・ Ask for presentation of the certificate which a public organization issues ③ Other business process ( No. 3) ・ Define business management regulation and attempt suitable authority distribution ・ Suitable indication of CRL etc Those who were condemned to the punishment beyond confinement or the punishment by this violation of a method, or canceled authorization, cannot receive authorization during a fixed period. １． Necessary condition for receiving authorization （ Article 6 Clause 1 ） B-2 Necessary condition,result and duty for authorization 2 ． Result of authorization ○ Can display that concerned business has got authorization.(Article 13 Clause 1) ・ Trust standard of authorized company ○ In case of judge, article 3 ( presumption) becomes easy to be effective. 3 ． Duty of authorized authentication entrepreneur ○ Preservation duty of Check data whether the applicant is true or false etc (File preservation duty) (Article 11) ○ Using of applicant check data for other purpose is forbidden (article 12) etc ○ Penal regulation about the act to which user does faithless proof to an authorized authentication entrepreneur etc (3 or less years of penal servitude, or 2M\ or less fine) (Article 41) etc 4 ． Penal regulations

35. 35 C Other necessary things 1. Assistance about authorized authentication business etc (Article 33) ２． Measure performed by the state government (Article 34 ) ① Evaluation method of digital signature technology (code technology etc.) ② Evaluation method about the means of security maintenance fort authentication business Investigation and research by the minister in charge Educational activities and publicity work by the state government ① Nudge about digital signature handling and proper key management ・ Treat same manner as handwriting signature and sealing ・ Prevent the disclosure of private key etc ② Make well-known the authorization system of authentication business 1)Brew the understanding of people 2) Promote smooth utilization of digital signature and authentication business 1) Offer information and advice to authorized authentication business provider and it’s user, and other assistance 2) Reflect to the standard of authorization system ◆ Establishment of a procedure required for international mutual recognition of authorized authentication business ◆ Notification of CA public key information ◆ Reexamination of digital signature system ◆ Issue of the certificate by the user discernment function

36. 36 Legal system of each countries about digital signature Decide upon the legal system about digital signature and authentication in every country in the world Decide upon the legal system about digital signature and authentication in every country in the world Canada USA （ Federal law ） EC (EU) Singapore Korea Japan Malaysia UN (UNCITRAL) Adopted the digital signature model act in order that each countries promote to prepare the act related to digital signature Australia New Zealand It is the world tendency which adopt what has the following functions as a definition of digital signature like the definition of the digital signature law of Japan. ・ Peculiar to an individual and possible to specify an individual. ・ A signature means is under control of a signer completely ・ Technically neutral ・ The existence of an alteration is verifiable. It is the world tendency which adopt what has the following functions as a definition of digital signature like the definition of the digital signature law of Japan. ・ Peculiar to an individual and possible to specify an individual. ・ A signature means is under control of a signer completely ・ Technically neutral ・ The existence of an alteration is verifiable. Member nations are working jointly to establish the unified legal system within the area about digital signature and authentication according to the EC Directive

37. 37 Thank you http://www.meti.go.jp/policy/netsecurity/ Office of IT Security Policy, METI, Japan TEL: +81-3-3501-0397 FAX: +81-3-3501-6639 mailto: machida-noboru@meti.go.jp