Skip to main content

This page has been translated using TexTra by NICT. Please note that the translation may not be completely accurate.If you find any mistranslations, we appreciate your feedback on the "Request form for improving the automatic translation ".

Advisory Council for the Revision of the identity verification Guidelines (third meeting in fiscal 2023)

Last Updated:

An expert panel will be held for the next revision of the "DS-500 Guidelines on Online identity verification Methods for Administrative Procedures" , which has been developed as one of the Digital Society Promotion Standard Guidelines.

Overview

  • Date: December 26, 2023 (Tue) 18:00 to 20:00
  • Location: Digital Agency meeting room and online
  • Agenda:
    1. Opening
    2. Business
      1. Discussion on issues: Proposed revision of the identity verification Guidelines
        • Revision point ② "Explanation of the concept of mission execution, etc. as" basic concept ""
        • Revision point (3) "Definition and explanation of the framework of digital identity verification"
        • Revision Point (iv) "Partial Review of Guarantee Levels and Countermeasure Standards"
    3. Closing

Material

Related policy

Attendee

  • Tatsuya Kadohara (Specialist Solutions Architect, Security)
  • GOTO Satoshi (General Manager, RCS Development Dept., DX Business Div., Business Promotion Div., Toppan Edge Co., Ltd.)
  • Natsuhiko Sakimura, OpenID Foundation Chairman
  • Amane Sato (Associate Professor, Information Technology Center, The University of Tokyo / Next Generation Certification Cooperation Working Group, National Institute of Informatics Academic Certification Cooperation Committee / Trust Working Group, Chief)
  • Akihide Higo (Director, TRUSTDOCK Co., Ltd.)
  • Hisahiro Fujie (Representative Director of OpenID Foundation)
  • Minai Toru (Deputy General Manager, Market Research Office, Innovation Division, Japan Credit Bureau Co., Ltd.
  • MORIYAMA Koichi (Chief Security Architect, NTT DoCoMo Inc., Executive Council of FIDO Alliance, Board Member, Chair of FIDO Japan WG, Director of W3C, Inc. (Board Member))

Agenda (1) Opening and Outline of the Meeting

(Greetings and Secretariat Briefing)

  • Now, I would like to begin the third meeting of the Advisory Council for the Revision of the identity verification Guidelines. Thank you for taking the time out of your busy schedule to gather here.
  • It has been quite a difficult year, as information has come in that the move toward the release of NIST SP 63-63-4 is in full swing, and the international trend is to ensure interoperability. In addition, the spread of cloud services is creating conditions that enable us to respond to security issues in a detailed manner, and I feel that there are many things to consider, such as the degree to which identity confirmation and personal authentication are functioning correctly. As the standardization of local government systems advances, I am pleased to be able to return to the essence and consider revising the My Number Card Guidelines. I would like to face the issues properly and create guidelines together that can be proud of the world, so I would appreciate your continued cooperation. Thank you. 800 identity verification
  • There are three points that I would like you to discuss today, and I would like to ask you to discuss three of the six points for revision of the identity verification Guidelines that are under consideration.

Agenda (2) Discussion Points for Revision of the Guidelines

Revision point ② "Explanation of the concept of mission execution, etc. as" basic concept ""

The secretariat explained the results of the current study on revision point (2) based on Appendix 1, and the experts held a free discussion.

(Expert Opinions)
  • To confirm the premise, is it correct to understand that the scope of the revised identity verification Guidelines is limited to administrative services? If so, I felt that the expression "the administrative procedure" could be replaced with the expression "the subject procedure".
    • Secretariat: Thank you for coverage is currently under review, it basically covers administrative procedures, as in the current guidelines.
  • Although it is not an opinion on the revision point itself, there is an expression of "verification of appearance" in the definition of terms on page 7, but I thought that the expression of "appearance" would make it impossible to use biometric authentication technology other than face.
    • Secretariat: Thank you for pointed out.
  • Similarly, "identification card" can be a sensitive term in some cases, so it may be worth reconsidering.
  • There is a possibility that there will be another discussion such as what is an identification card?
    • Secretariat: Thank you for The terms on this page are just the definitions of the terms in today's review materials, but we would like to review the definitions of the terms in the actual guidelines based on the opinions we received.
  • With regard to Point (2) of the revision, it seems that "2) Fairness and Accessibility" and "4) Usability" overlap in some areas. If they are to be described separately, it would be better to define what should be described in each area. Next, with regard to "3) Privacy," it is highly likely that the acquisition of the four types of information using My Number Card will become the standard way of thinking in the future, so I think it is necessary to devise how to position and describe them. In addition, NIST SP 63-63-4 mentions social security numbers, so I thought it was necessary to consider how to describe them in Japan based on that. If the term "privacy" is used, it would be more appropriate to describe that the application content and related information in the business concerned should not be used for other purposes. 800
  • "Although the terms" "confirmation" "and" "verification" "are used, I thought that it should be clarified whether the term" "confirmation" "is appropriate and how it is used separately from" "verification." ""
    • Secretariat: Thank you for terms for validation and verification. However, we did not take into account the fact that the word "verification" is included in "identity verification" in the title of the Guidelines, so we would like to reconsider the appropriate wording.
  • Verification, Validation and Proof are all difficult to translate into Japanese on a one to-one basis, but the nuances are different words, so I think it is necessary to understand them well and raise the level of maturity.
  • NIST SP 800-63-4 But there are some parts where the proper use of terms doesn't work well.
  • Regarding the fact that "2) Fairness and Accessibility" and "4) Usability" overlap, I thought it would be easier to understand if fairness is fully emphasized and usability to ensure fairness is described as such. I think it would be better to separate the discussion into a discussion of the philosophy and a discussion of points to keep in mind in implementation.
  • I feel that the definition of "5) Security" should be described. Security levels 1 to 3, how to safely manage information necessary for identity verification, false acceptance rate in biometric authentication, etc. The term security alone can be understood in various meanings.
  • I agree. When it comes to security, I think we need to list security goals.
  • It seems to be saying that there will be a trade-off with fairness and accessibility when it comes to security, but it should be understood that there are cases where that happens.
  • I was also concerned that 5) was described as opposed to 1) to 4).
  • I think that it is a part that should be carefully described, such as clarifying what should be followed in the examination of the identity verification method and giving priority to which one when there are conflicting elements.
  • There is a section on security in NIST SP 800-63, which describes security for CSP and IdP systems. Considering that, I feel that it is unavoidable to describe it as in the current document, but I think it is good because this study will lead to feedback to NIST. There are discussions on various attack methods and vulnerabilities in identity verification methods, but I don't seem to be saying that, so I agree with the definition of security. It may be required to compile a separate document on threats and vulnerabilities in identity verification methods.
  • The document says that these five points are important, and it says that it is not good to choose a method with a high security level without knowing the definition of the fifth point, so I felt that there was a strong feeling, but I feel that it is difficult to see where it is.
  • If you think that the positioning of 1.3 will include a message to readers that there are identification guarantee levels and personal identification guarantee levels, and that it is necessary to select a identity verification method by evaluating risks from each viewpoint, I think the meaning will be understood to some extent as it is, but I think it is better to supplement it as well as everyone's opinion. Also, I was reading it because I thought it was ambitious in fairness and accessibility, but "We must adopt a identity verification method that can be used by everyone" seemed to be a fairly strong expression. I read it as saying to adopt a universal one, but I was a little worried that it would be overinterpreted. It does not mean that fairness and accessibility should be low, but I understand that the original idea was to make 99% of people digital and convenient, while paying attention to the remaining 1% in advance, and prepare a realistic and operational relief method, and I think it is a part related to the positioning of this document.
  • There is an expression of "heuristic control" in the "basic concept", but I think that it is a word that is not familiar to the general public even though it is understood in this conference, so I think that "it is possible to find it later" should be replaced with another expression that is understood by the general reader.
  • In terms of fairness and accessibility, I think it would be a good idea to consider not only online procedures but also offline procedures. One local government had an opinion that it wanted to save staff costs by providing an efficient method for those who can perform online procedures, and that it wanted to support those who have difficulty performing online procedures offline. In that sense, I felt it would be a good idea to include offline methods as an alternative method in the basic concept.
  • NIST SP 800-63-4 highlights Trusted Referrals and states that there is a need for someone to help connect them to the digital fabric by supporting them offline. Although there is a problem of whether it is realistic in Japan, I think it is also useful to consider whether or not to step into it.
  • This is a very weak point of the Japanese government, and I believe that the identity verification Guidelines should be implemented so that the world can gradually improve.
  • I have the impression that the scope has expanded and the volume has increased in a way that includes both the basic concept required for digital identity verification and the basic concept required for digitalisation administrative procedures.
  • I feel that the content in the document is basically correct, but I think it is important to evaluate and improve it. Even in the usability evaluation of web services that I am in charge of, I sometimes find opinions that the creator would never have imagined, so I think it is important to receive feedback from users and improve it, not just make it and finish it. It costs a lot, so I don't think it will be easy, though. In the translated version of SP 800-63-4 by OpenID Foundation Japan, I was impressed by the words, "It should be easy for users to do the right thing, difficult to do the wrong thing, and easy to recover when the wrong thing happens."
  • It's a bit off topic, but 3) in the privacy section, "minimization of acquired information" and "notification of purpose" are described, but the OECD has 8 principles and the ISO has 11 principles, and I was curious about the reason why only these 2 were taken out. In addition, it is described that "the combination of minimum attribute information uniquely identifies the applicant", but if this is the purpose of identification, I think it should be described in the first part, and there may be a doubt as to whether this is really the purpose of identification. If it is used for administrative procedures, it will lead to the story that there is no problem as long as there is a My Number.
    • Secretariat: Thank you for Eight Principles, the Secretariat also has a sense of challenge, so we would like to consider it again in response to today's comments. We also feel that the purpose of identification is as you pointed out, so we will reconsider it.
  • 1) Regarding the execution of the mission, is the identity verification for administrative procedures described here only for Japanese nationals? Or does it include foreign residents and travelers? I think it is premised on appropriate and accurate identity verification according to the type of administrative service, but in the concept of alternative means and exceptional measures, there is a description of "in the event that the implementation of the mission is impeded by adopting a strict identity verification method," so I thought that users might be in trouble later if such annotative content precedes.
    • Secretariat: Thank you for may also be eligible.
  • There is also an assumption that strict procedures are not user-friendly. In this regard, I feel that it is good to just say that we should do what we want to do.
  • I think everyone is stuck in the expression of trade-off. I feel that the meaning of acceptance of risk based on risk assessment is a little too emphasized.
    • Secretariat: Thank you for The points you have pointed out are reasonable. We would like to reflect the opinions you have given us today and make the document even better.

Revision Point (3) "Defining the Framework for Digital identity verification"

The secretariat explained the results of the current study on revision point (3) based on Document 1, and the experts held a free discussion.

(Expert Opinions)

  • Regarding the term "certification linkage," I have discussed with experts that it is not actually linking certification but distributing Assertions. I think that a different term should be considered in the identity verification Guidelines. In addition, the FAL of NIST SP 63-63-4, 800, mainly describes the status of mutual TLS certification, etc., and I have an impression that it is a little different from IAL and AAL. I also think that it is better to raise the viewpoint to the linkage between services, such as the risks that arise when collaborating as a business, and I think that a term like "service linkage" is more appropriate, although it is a common expression.
  • On page 22, there are three diagrams: "Federated Authentication Model," "Federated Unauthenticated Model," and "Wallet Model." The CSPs shown here are internal. If you add an external CSP to the diagram and draw a border around the RP, Verifier, and CSP, you can represent each model in a single diagram.
  • I think it will change depending on who draws the diagram from, so I think it can be expressed collectively by adding how to cooperate with external CSPs on the basis of the "non-authentication cooperation model" in the center, which is the easiest for readers to imagine. The "wallet model" only applies the method in which Holder appears as an authentication means.
  • Note that the Verifier depicted in the "wallet model" diagram and the Verifier depicted in the two "federated authentication" and "non-federated non-authentication" diagrams have completely different meanings.
  • I think the "wallet model" diagram should not be combined with the other two because it is a proof of entitlement, and I think the point is not so much whether you are who you say you are, but whether the credentials you hold qualify you for the service.
  • I'm sure NIST's attention is focused on the structure of this model, but I don't think it's adding new topics, just changing the way it's called.
    • Secretariat: Thank you for While referring to what will be described in the Second Public Draft of SP 800-63-4, which is scheduled to be released in the future, I think that it is necessary to discuss whether the figure of the model itself should be the subject of explanation. In addition, when actually organizing the concept of the model, I think that it is a matter of concern whether to express the "authentication linkage model" and the "non-authentication linkage model" as separate figures or to combine them into one figure with an explanation of the changing roles.
  • Even if there is a majority of opinion that it is better not to call it "authentication linkage," I feel that it is better to include the linkage itself. When my organization created internal digital identity guidelines, I received opinions from experts on how to handle this linkage. Based on the ID held by your system, the identification assurance level as an IdP, the authentication assurance level of the person in question, and each assurance level of the linkage partner system as axes, possible threats can be organized in a matrix format, so I think it is better not to avoid discussing linkage.
  • Since the "non-authentication linkage model" is completed in one entity, it can be verified for each operation. However, in the case of multiple entities like the "authentication linkage model", it becomes impossible to verify what kind of operation the other party is doing between each entity. Since the element of trust comes out there, I think it is very important to be able to divide the entity and discuss what kind of risk will arise when it is divided.
  • In this guideline, is the main body of identity verification always the administration?
    • Secretariat: Thank you for This is not necessarily the case. I think that the case of C2G, which receives attributes from the private sector, must be explicitly considered in this revision.
  • I think it is true that there are cases where attributes are received from the private sector. However, although attributes are received, it depends on whether the identity verification is done by the administration or completely depends on it, so I don't think this model can be written without making a break. If the "certified linkage model" is to be effective, for example, the identity verification result of a certain business operator will be blindly trusted, and only the RP will be prepared by the administration, but I still have some doubts about whether it is acceptable for the administration. Instead, I was aware that the original form is to receive attributes provided by Business A as metadata and treat them as auxiliary attributes for the identity verification procedure. What do you think?
    • Secretariat: Thank you for In that case, I think the G2G use case applies very well. In other words, in the case of cross-ministerial collaboration, I think both ministries can be on the RP side or the IdP side.
  • I think that the case of Public Personal Authentication using My Number Card falls under the "certification linkage model", and the certification linkage described by NIST was trying to realize the acceptance of private CSPs.
  • As it is written on page 22 that "utilizing various government certification infrastructure", I thought that the private sector was not included in the target.
  • I think the discussion of federation as a technology is a little different from the discussion of federated, which is a certification infrastructure for the government.
  • In the Federal PKI, for example, it is quite common for aircraft manufacturers to use PIV-I to authenticate and accept personnel who handle confidential information. I think Japan must also consider such a case. Given such developments, I think it should be assumed that the IdP part is not necessarily the government.
  • I think there are quite a lot of private sources for attribute information.
  • Based on the fact that the revised guidelines are scheduled to be published in 2024 or 2007, I think it is a matter of considering what possibilities, including the "Wallet model", should be considered.
    • Secretariat: Thank you for Yes. I would like to proceed with consideration while being conscious of the fact that the guidelines will be used for about five years after publication.
  • When considering not only Japanese nationals who have the Basic Resident Register but also foreign nationals and travelers from overseas, I think we cannot ignore various partnerships. Even if we leave the "wallet model" aside for now, I think it is good to have the resolution of whether it is an "authenticated linkage model" or an "unauthenticated linkage model" and apply it to it.
  • I think it is important to be able to draw a border around an entity freely after decomposing it.
  • Experts tend to use well-organized diagrams to explain this sort of thing, but I think what's important for readers is whether they can visualize and map things that are familiar to them when they use them. In actual system development, the majority of cases are "non-authenticated collaboration models" that are completed using internal IDPs, but I think there are diagrams of "authenticated collaboration models" to make readers aware that there are also ways to explicitly separate entities using external IDPs. However, I think it's better to mention that the use cases change depending on who the RP or IdP is. Most readers would only imagine that Digital Agency prepares an IdP and the services of the Cabinet Office and Ministries receive the certification results by Public Personal Authentication, so if it's assumed as a scope, I think it will probably not be understood unless I write that this pattern occurs due to changes in roles in this model.
  • On the question of whether it is appropriate to recommend the "Federated Identity Model", what is the aim? I think readers will be confused if it is recommended without a set of typical use cases. I felt that it is appropriate to discuss it after confirming the aim of the secretariat.
    • Secretariat: Thank you for The original aim was to avoid the proliferation of authentication mechanisms. Of course, there will be cases where the existing authentication mechanisms are insufficient or excessive, so based on the earlier discussion on fairness, I do not think it is possible to limit the description to this authentication mechanism. On the other hand, it is difficult to set up an authentication mechanism independently, so it is desirable to recommend the "authentication linkage model" as a description in this guideline.
  • I think the idea is reasonable, look around and see if there is an existing IdP that meets the requirements, right?
    • Secretariat: Thank you for Yes. I believe that IDPs that can be used by central government ministries and agencies will be introduced in reference materials.
  • If it is based on the premise that specific candidates are listed, such as the public private Authentication App for My Number Card, I think that policy is fine.
  • I understand very well the message that we do not want mass production of IDPs, but I feel that the distribution of descriptions in the entire document will also change if we do so. I felt that there will be more descriptions about the certification linkage assurance level than the identification assurance level and the person certification assurance level because practical contents such as which IDPs are acceptable as RPs are required. Does the secretariat think so?
    • Secretariat: Thank you for This is a matter of concern at the moment, and I feel that it is necessary to consider where we should focus on and where we should eliminate the rest, based on the fact that there are cases like the Thai case, where it has become easier to understand as a result of omitting some explanations with determination. I believe that everyone is aware of this, but the current guidelines do not even separate the identification assurance level from the authentication assurance level, and they are treated as levels A, B, and C together. I believe that the authentication linkage assurance level will be discussed on the premise of understanding the identification assurance level and the authentication assurance level, so I think a certain amount of description is necessary.
  • At the beginning, you can feel the difficulty of considering the identification guarantee level and personal authentication guarantee level, and at the end, you can mention FAL and ask someone to do it.
  • In that sense, I thought it would be possible to solve the problem by writing in a flow such as sorting out the identification guarantee level and the authentication guarantee level, and then saying that RP and IdP can be separated.
  • That's right. There is a model in which you think hard about the personal identification guarantee level and the personal authentication guarantee level and use them around.
  • It may be a little off, but when it comes to allowing the participation of IDPs from the private sector, I believe that the government will have to recognize the IDPs in some way. Are preparations being made for this?
    • Secretariat: Thank you for At this point, there is no confirmed information that I can give you, but we are considering it, and I think we need to consider whether it is consistent with the identity verification Guidelines for private sector. I am strongly aware that it is necessary to consider it as a guideline for external alignment.
    • Secretariat: Thank you for model, so we would like to reflect your opinions in our future consideration. In addition, I believe that some additional matters that need to be considered have come up, so we will consider that point as well, although it may be in the next fiscal year.

Revision Point (iv) "Partial Review of Guarantee Levels and Countermeasure Standards"

The secretariat explained the results of the current study on revision point ④ based on Appendix 1, and the experts held a free discussion.

(Expert Opinions)

  • I think that the level of identification assurance will depend on how much detailed information the RP wants, but how many administrative procedures are there that would be in trouble without a detailed level?
    • Secretariat: Thank you for If anything, due to the reclassification this time, various procedures were concentrated at Level 2, and there were too many elements that were difficult to organize only at Level 2. Therefore, it is my understanding that the intention to break it down came first. The RP's requests were considered based on the understanding that they should be organized according to the type of administrative procedures.
  • I see. Then, if 2C is not appropriate for most of the administrative procedures, there is a possibility that the level will not be covered.
    • Secretariat: Thank you for In theory, that could be the case.
  • In that sense, we are trying to figure out where to draw an evaluation.
    • Secretariat: Thank you for You are absolutely right.
  • The difference between 2A, 2B, and 2C is whether to respond to loan-to-loan attacks or to consider such threats. Also, the difference between 2A and 2D is whether it is verified by a machine or by human inspection.
    • Secretariat: Thank you for Yes, I think so.
  • On page 32, it is stated that "digital authenticity verification using IC chips, etc." is mandatory for Identity Assurance Level 3, but if this is allowed, it will not be possible to issue Identity Assurance Level 3 credentials because bootstrapping is not possible.
  • In that sense, I think it is necessary to have a perspective on how to include fairness in the discussion. The bootstrap story may be a typical example, but considering that procedures themselves must be provided equally to those who do not have anything or have no access to it, I don't think we should create something that has no alternative.
  • When classifying existing certification methods in the private sector in the past, methods such as "mailing a copy of identity verification documents" and "uploading photographed images" were classified at a lower level. In the table on page 33, I think it will be ranked lower than 2E, but is it correct to understand that the classification of this area is being considered with a view to not recognizing some existing methods and discarding them?
    • Secretariat: Thank you for That point is under consideration, and I recognize that it is necessary to consider it while comparing it with the treatment of Level 1 registration codes, but the current situation is that it has not been considered in this proposal for segmentation.
  • Of course, the strength of the method by mail is lower than that of face-to-face, so if you have a strong will to "abolish this method in a few years," I think it is good that such content is reflected.
  • There are still many operations such as mailing a pre-printed application form to an address registered in the Basic Resident Register, signing, sealing, attaching a copy of the driver's license, and then returning it. I think there is no problem if the revised guidelines state that in principle it will be face-to-face or online and that mailing will be listed as an alternative, but I think it is still a little strict not to allow it at all. There may be cases where it is not very realistic depending on the number of mails to be sent because of the additional cost of receiving mail only for the person himself, but I feel that there is also a discussion about whether it falls under Level 2 because it is confirmed face-to-face.
  • There may be a misunderstanding, so I would like to confirm it. In SP 63-63-4A, the registered code is Identity Assurance Level 1, which means that the registered code can be sent to addresses that are not limited to the address of the so-called place of residence but also include phone numbers and e-mail addresses to verify the address. It can not be used to verify the address, but the registered code itself can be used even at Level 2 and Level 3, and it is said that it is possible to use the registered code as a stopgap to resume the suspended Identity Proofing session. The Japanese private identity verification is not for the purpose of verifying the address, but for the purpose of appearing at the post office and making a receipt in person, and the registered code is used to resume the Identity Proofing session. Therefore, if you simply write Identity Verification using the registered code in Level 1, most readers will probably misunderstand it. It is said that the registered code is basically used to connect to another route that checks the face-to-face photo certificate, so if you organize and recognize it, you will not get lost. 800
  • The mail to be received only by the person himself is what is called 2D here.
  • Yes, I think you can use it as a level 2 one.
  • I think it would be good if it is a identity verification method by mail within the provisions of the Act on the Prevention of Unauthorized Use of Mobile Phones, which is a specific matter transmission type mail to be received only by the person himself.
  • If I remember correctly, it is almost the same as the Act on Prevention of Transfer of Criminal Proceeds. In the case of the specific matter transmission type, only the registered code is delivered and I have to go to the designated place to show it. Depending on the card company, they upload the identity verification document first and send it to you by registered mail without forwarding it. However, I think that it is an interpretation that they use the registered code to connect the series of processes that the identity verification document has already been uploaded and if you can reach the address, you receive it at the end, so you need to be careful. However, I think it is necessary to discuss whether the image is OK when uploading the identity verification document this time.
    • Secretariat: Thank you for Identification Code. In addition, we recognized that it is necessary to sort out which identification by mail is equivalent to face-to-face identification, without confusing it with the Identification Code.
  • Regarding the axis of the matrix, I separate face-to-face and remote depending on whether or not the appearance is verified, but I think it is originally a matter of how much resistance to presentation attacks is maintained. Supervised Remote is specified not only by the presence of a Supervisor but also by environmental conditions, and the reason is to ensure resistance to presentation attacks. So, I don't think it is very good to separate face-to-face and remote. Similarly, I think this level 2B and 2C are divided by whether or not there is resistance to lending and borrowing.
  • Overseas, credit cards generally require activation after receipt, but in Japan, with some exceptions, the cards sent are ready to use. The reason is that the reliability of the post office is high. If we consider the possibility that the reliability will decrease in the future, I think additional consideration will be necessary.
  • I feel that there is a tendency to consider it okay if the order is reversed as long as the elements are in place. I understand that if the order changes, the operation will change and it will be available after the online identification is completed after receiving it because the identity has already been confirmed on the premise that the credit card sent by registered mail is immediately available. That aspect needs careful consideration, but I feel it is quite a difficult part.
  • Does it mean the resistance to the attack of stealing mails?
  • It is such as receiving fraud.
  • I don't think it happens in Japan, but there is a possibility that there are areas where the mailing situation is not good, for example, mail is thrown away.
  • I think the figure on page 33 is very well thought out. I really feel the importance of checking the IC chip, and 2A, 2B, 2C followed by 2D, 2E is very much in line with my feeling. On the other hand, I think the bootstrap problem you commented at the beginning is so.
  • The bootstrap problem is that, for example, in My Number Card, if you drop a card, anyone will be caught.
  • Even if you have lost the My Number Card itself, if there is another one issued on the premise that you have the My Number Card, you can recover your account based on it. I think there are various ways to do it.
  • In this figure, I don't think I explicitly show the strength of the diagonal relationship like 2B and 2D, but I got the impression that the certification strength was generally higher in order of ABCDE.
    • Secretariat: Thank you for Regarding the expression of subdivided Level 2, as a result of discussions within the secretariat on whether to give A to the one with the higher intensity or the other way around, it was tentatively arranged as follows.
  • I also got the impression that the certification strength is in the order of ABCDE. I have heard that financial institutions are also introducing IC chip reading devices at their counters, and I feel that the private sector is also moving in this direction.
  • Regarding level 3 in the third row of the table on page 31, I think that the verification of digital signatures is very good, and IC chips are also recommended. On the other hand, there is a story that digital signatures on driver's licenses are not updated when addresses are changed. It is a story that systems and cards themselves need to be changed, but I would like to tell you that only My Number Card has a system that can reliably use digital signatures.
  • Regarding the fourth level, Level 1, I think sending a registration code to an e-mail address and confirming it is good in terms of establishing a channel, but even if the e-mail address is not written in the evidence and you send it there and confirm it, I don't think you can tell whether it is under control or not. I think the quality differs between mailing to an address written in the evidence and sending to an e-mail address that is not written in the evidence.
  • What to do in Japan needs to be considered separately, but what NIST IAL1 says is that the address declared by the applicant can be used for verification, so regardless of whether or not he / she really lives at that address, we will check to the extent that we can receive the package that has arrived, so I feel that it is level 1, and level 2 and level 3 do not allow it, so the simply declared address is not used for verification. We will only validate by verifying the signature of the address written on the IC chip, so in the case of level 2 and level 3, I thought that the registration code can be used only to move the connection of the Proofing session to another path. It doesn't feel so strange, and if the address declared at level 2 or level 3 can be used for verification, it feels a bit sloppy, so I think the feeling is almost the same.
  • What kind of case is assumed for face-to-face verification without face verification on page 33? If you allow Verify without face verification, it is not necessary to limit Evidence to ID with a face photo.
    • Secretariat: Thank you for SP 800-63-4, there is a description that IAL1 is newly established as a level that can be verified without face verification, and we assume a identity verification equivalent to this. In addition, as you pointed out, there is a possibility that there is a mismatch in the Evidence part, so we will check it.
  • In the table on page 33, the second line is particularly noticeable, but I feel that there are few options overall. Don't you need to check if it fits the current Japanese situation? I wondered if the American people have so many identity verification documents with photos, and when I looked it up, there was a document called the Implementation Guide for SP 800. 0-63-3, which gives details, and it says that the American people generally have these identification documents, Superior has this, and Strong has this. The NIST guidelines are for government officials, so the first one is based on the PIV card, and I felt that such a difference should be noted.
    • Secretariat: Thank you for . We are currently considering the types and scores of identification documents, and some of them have not yet been sorted out on a threat basis, so we will reconsider based on the comments we received.
  • As you can see from the actual list, I have a feeling that there are quite a few people who don't have it.
  • I think it is necessary to consider the facial recognition My Number Card as a new pattern, and while I am not supposed to have a electronic certification, I think there is information in the IC chips such as the information entry aid on the face of the ticket, so I felt that it is necessary to consider whether this can be used at Level 2 or Level 3.
    • Secretariat: Thank you for face recognition My Number Card, I will organize where it applies while confirming the specifications in the future.
  • As for reference information, at a forum on CBDC held by the Bank of Japan on December 8, a presentation was made on digital identity guidelines within private companies. I think there are various ideas on guarantee levels, but I introduced them as a reference.
    • Secretariat: Thank you for , I will use it as a reference.

Closing and Next Announcement

(Secretariat)
  • That's all I would like to discuss today. The next meeting is scheduled for Tuesday, January 30, 2024, and we are planning to discuss the points for revision that have not been discussed today. Thank you very much for participating for a long time today and for your various opinions.

END