Skip to main content

This page has been translated using TexTra by NICT. Please note that the translation may not be completely accurate.
If you find any mistranslations, we appreciate your feedback on the "Request form for improving the automatic translation ".

Study Meeting on smartphone Installation of My Number Card Functions (1st)

Overview

  • Date and time: Wednesday, August 3, 2022, from 13:00 to 15:00

  • Location: Online

  • Agenda:

  1. Opening
  2. Proceedings
    (1) Outline of the Meeting
    (2) Status of efforts to install smartphones
    (3) Exchange of opinions
  3. Adjournment

Materials

Summary of proceedings

Date

Wednesday, August 3, 2022, from 1:00 p.m. to 3:00 p.m.

Location

Held online

Attendees

Experts

Chairman Tezuka, Acting Chairman Ota, Member Obi, Member Taki, Member Nomura, Member Miyauchi, Member Moriyama

Local government and industry associations

Deputy Chief of the Information Policy Division of the Jinbo Future Creation Department (Maebashi City), Director in charge of promoting My Number Nishimori (Kobe), Director General of the Shimonaka Individual Number Center, Deputy Director General of the Hashimoto Individual Number Center, Senior Councilor of the development Department of the Hayashi Public Personal Authentication New System (local governments Information Systems Institute), Chief of the Management Subcommittee of the Sasaki MVNO Committee (Telecom Service Association), General Manager of the Yamada Business Department, Mr. Maruyama, Mr. Saito, Mr. Baba, Mr. Shizuka, Mr. Okada, Mr. Fukushima, Mr. Yamada, Mr. Kato, Mr. Kimishima, and Mr. Ueno (Telecommunications Carriers Association)

Observer

FeliCa Network Co., Ltd., security Graduate University of Information, xID Co., Ltd., NEC Corporation, NTT Communications Corporation, Hitachi, Ltd., Reuse Mobile Japan, Japan Information Economy and Society Promotion Association, National Association of Cellular Phone Sales Agents, Ministry of Internal Affairs and Communications

Secretariat, etc.

(Digital Agency)

  • Ezaki Chief Architect
  • Mizushima Chief Product Officer
  • Fujimoto Chief Technology Officer
  • Deputy Director for Yumoto Strategy & Organization Group Special Mission
  • Director General of Digital social common function Group Kusunoki
  • Hayashi Identity Architect, Shimoe Trust Service Manager (Digital social common function Group)
  • Counselor Kamikariya, Assistant Counselor Nikaya, Tsubonochi Product Manager (For the public Group)

Main opinions from Members, etc. (Summary)

Regarding Exhibit 2

  • Since the installation of smartphones is currently under development, it is necessary to proceed with a sense of unity with those who are actually development. We would like the Secretariat to accurately share the development situation with experts and make it in a form that allows experts to consider it.

  • It is recognized that the CC certification procedure will advance to the stage of evaluation in the future. If a Issue occurs in the CC certification procedure, it is necessary to take immediate measures.

  • For biometric authentication, only the E-Certificate for user identification is applicable at present. Isn't it necessary to consider whether biometric authentication should be applied to the E-Certificate for signature? It is necessary to consider what should be done at present and in the future.

  • Slide 2 "List of parties concerned" is a snapshot at the time of advancing the development. It is important to consider activities after the release and start of provision, and it is necessary to include a list of parties concerned in consideration of this.

  • Regarding Slide 8 "Procedure for Issuance of E-Certificate for Smartphones," biometric authentication is not the default conductor, so many people may not register as a biometric authentication. In addition, in the login authentication of Slide 9 "Use of E-Certificate for Smartphones (Mynaportal Login 1)," identity confirmation is performed by entering a password, and the default is not biometric authentication. Below, it says "Use authentication settings of smartphones," but not many people know that this is biometric authentication. I understand that development users want to create biometric authentication as a secondary terminal as described in the technical specification on Android compatibility, but from the user's point of view, it is better to review it. It will change greatly just by repeatedly reviewing how the screen transition should be so that the people can use it conveniently.

Regarding Exhibit 3

  • It is good to use this material to develop the significance and convenience of My Number System, My Number Card, and smartphone installation. Smartphone installation is the next step after Japanese Public Key Infrastructure (JPKI), and it is important to promote private sector utilization not only by the government but also by the public and private sectors. In this field, it is important to have the idea of a system to be developed by the people, and it is important for experts and the secretariat to work together.

  • In private sector, since the JPKI itself is used, including online qualification confirmation, there is a risk that it will not be in time until the operation starts unless the response is requested as soon as possible. In particular, it is important how quickly the smartphone JPKI can be visibly introduced in advance in the field that is considered to be effective.

  • Slide 4: Regarding "My Number Card by smartphone Installation of goal Function," use cases, which is frequently used, should be cherished. When obtaining a certificate of residence at a convenience store Issue, experiences such as not taking out My Number Card and only using a smartphone may be an important narrative. In addition, it is important to improve it by PDCA, etc. after product release. Discussions tend to progress along prominent narratives, but it would be good if discussions could be made based on figures such as the dropout rate, the download rate, and the number of use cases being used.

  • Regarding use cases, I feel that there are still hidden services that are highly convenient for users who have not yet been seen as online procedures in private service, and I think that we should proceed with it while borrowing the wisdom of private business. In the medical care field, when I actually listen to elderly people, they are reluctant to bring My Number Card, so I think that if one smartphone could do everything, it would be used more.

  • Regarding Slide 15 "Use of biometric authentication (Substitute for User Authentication Password)", it says "Use PIN" as the authentication operation flow (image), but it is different from the actual Android screen. On Android, using biometric authentication is the default. It is better to stick to the screen, including the details.

  • Regarding Slide 21 "③ Application for Whitelist Registration", it is important to use a third party organization, etc. to confirm the safety of whitelist management, rather than simply registering for whitelist management.

  • Regarding the information disclosure in September described in Slide 21 "③ Application for White List Registration", since the scene in which the My Number Card is held up to the smartphone to confirm the identity is spreading in private business, it is thought that the scene of using the My Number Card will further advance if the My Number Card function is installed in the smartphone.

Other matters

  • Last fiscal year, the Ministerial Ordinance of Ministry of Internal Affairs and Communications was changed, and it was decided that the authentication of identity confirmation used for administrative proceduer should be certified by Electronic Signatures in Global and National Commerce Act. At present, efforts are being made on the Digital Garden City Concept, and there is a method called "Maebashi ID," which uses the certification method of the Electronic Signatures in Global and National Commerce Act of My Number Card in Maebashi City. The methods are different for both, but the direction is the same to use My Number Card so that it can be used securely and conveniently in local government and private sector. The relationship between the two should be sorted out.

  • The smartphone JPKI will be incorporated into the Mynaportal app, but the Mynaportal app has been evaluated as inconvenient by users. Even if it is not in time for the first release, it may be possible to take a budget and lead to an effort to improve the usability.

  • Since various local government are considering the next application for the Digital Garden City Concept, it may be necessary to make efforts to have local government, which aims to provide new services in the future Digital Garden City Concept, use the functions installed in smartphones.

  • When using a smartphone installed in a public institution or hospital, there are still legal restrictions, partly because the Public Personal Authentication Act is strict for use in private sector. Solving this problem is an important point for use in private sector. This time, what is installed in a smartphone has the same certification power as a registered seal, and it should not be used casually. It is necessary to make people aware that in the case of an important manifestation of intention, it is necessary to certify the same as a registered seal on a smartphone, and it is necessary to consider that it is a "signature equivalent to a registered seal on a smartphone" as an application.

  • The definition of identity verification in Act on Prevention of Transfer of Criminal Proceeds clearly states that a signature E-Certificate is used for identity verification when using the service. In other words, a registered seal is affixed when using the service. If this function is used widely, it is better to deepen the discussion.

  • As long as we create a national infrastructure for electronic authentication, security should be considered. At the time of the previous consultation on the second draft report, we raised the issue of security by design. In accordance with the stage of progress, evaluation and security design should be continuously advanced in iterations as needed.

  • Regarding the application for the white list, not only how to operate it, but also the relationship between the PF operator and the SP operator, etc., since there is weight in putting it on the white list, it should be thoroughly examined.

  • In terms of separation from the registered seal, it may be considered to separate the service level, such as separating the signature from the personal identification.

  • This trial will be a fairly advanced mechanism, but we should work on international standardization so that it can be used not only in Japan but also internationally.

  • Unlike a card that can be physically removed from the system, a GP-SE for key management corresponding to a registered seal is provided in an Always-On state (always available) when installed in a smartphone. Since it is necessary to correctly control so that a registered seal will not be inadvertently requested from the outside in app cooperation, etc., it is requested that the design of app cooperation APIs, etc. be carefully considered.

  • It may be a matter of next fiscal year or later, but I expect that a forum such as the Study Group on the Ideal of the Next-Generation Certification Infrastructure will be launched. At present, signatures using the classical PKI, in which the Basic 4 information is described in the JPKI certificate, are implemented. Therefore, it is inevitable to present the Basic 4 information even if it is not necessary in association with the presentation of the JPKI certificate at the time of signature validation, and the validation of signatures must be entrusted to an approved business operator in consideration of personal data protection, etc. This reduces the significance of introducing PKI by half and is also a high cost factor for the use of JPKI. In the future, we believe that SSI (Self-Sovereign Identity), etc., which certifies only the necessary attributes, should be introduced and validation of signatures should be made end-to-end in the mechanism of transition.

End