Skip to main content

This page has been translated using TexTra by NICT. Please note that the translation may not be completely accurate.
If you find any mistranslations, we appreciate your feedback on the "Request form for improving the automatic translation ".

Study Meeting on smartphone Installation of My Number Card Functions (5th)

Overview

  • Date and Time: Monday, July 22, 2024 (2024) from 16:00 to 17:30
  • Location: Online
  • Agenda:
    1. Opening
    2. Office Communication
    3. Proceedings
      1. Smartphone installation of My Number Card function
      2. Operation status of smartphone installation
      3. Exchange of opinions
    4. Communication
    5. Adjournment

Materials

Summary of proceedings

Date

Monday, July 22, 2024 (2024), from 4:00 p.m. to 5:30 p.m.

Location

Web conferencing

Attendees

Experts

Chairman of Tezuka, Member of Obi, Member of Taki, Member of Nomura, Member of Moriyama, Member of Kanda

Local government and industry associations

Nishimori, Director in charge of Administrative Online (Kobe-shi), Deputy Director of the Mizuochi Personal Identification Number Center, Senior Councilor of the development Department of the Hayashi Public Personal Authentication System (local governments Information Systems Institute), Chairman of the Steering Subcommittee of the MVNO Committee (Telecommunications Service Association), Mr. Yokoyama, Mr. Ono, Mr. Baba, Mr. Ito, Mr. Sugita, Mr. Saeki, Mr. Iimori, Mr. Oda, Mr. Suga, Mr. Murai, and Mr. Hangai (Telecommunications Carriers Association)

Observer

FeliCa Networks Co., Ltd., security Graduate University of Information, xID Co., Ltd., NEC Corporation, NTT Communications Corporation, Hitachi, Ltd., Reuse Mobile Japan, Japan Information Economy and Society Promotion Association, National Association of Mobile Phone Sales Agents, TRUSTDOCK CO., LTD.

Relevant Ministries and

Ministry of Internal Affairs and Communications

Secretariat, etc.

(Digital Agency)

  • Honmaru Chief Architect
  • Executive Director of the Matsudate Engineering Unit
  • Shimoe Digital social common function Group Trust Service Manager
  • For the public Group, Director-General of Murakami Department, Deputy Director-General Miura, Counsellor Kamikariya, Assistant Counsellor Koike, Tsubonochi Product Manager, Murase Project Manager

Main opinions from Members, etc. (Summary)

Material 1: Smartphone installation of My Number Card function

  • Secretariat: Apple is positive and cooperative, and the project is progressing smoothly. On the other hand, there are online news that smartphones and My Number Card will be merged into one and taken over by iPhones, and I feel that it is necessary to explain to the public in a calm manner. I would like to proceed while receiving advice from experts on how to explain the convenience of smartphones to the public without any technical errors.
  • Speaker: In addition to the fact that JPKI has been available on Android since May 11 last year, functions other than JPKI, which had been a pending issue since then, will also be available based on the revision of the law, and mdoc will be available on iPhones in a manner based on international standards. I feel that the progress has been more than expected. As a comment, I think that it is necessary to strictly manage the private keys of mobile terminal equipment holders regardless of iPhone or Android. Android has implemented strict management in which private keys and certificates are stored in GP-SE and cannot be used even if they are taken out to the outside. In the Card Substitute Electromagnetic Record this time, since attribute information is information received by the recipient, I think that the method of management is also distinguished. From page 8 of Material 1, it can be seen that it may be used for driver's license card and various qualification certificates, and there is expectation that it will be possible to have more operability than Mynaportal apps in terms of UI / UX. If we can achieve an architecture that ensures security while distinguishing between private keys and attribute information according to the smartphone ecosystem, I expect that the public will be able to use it with peace of mind.
    • Speaker: I would like to ask if the handling of FIDO at Apple this time will be different from that of Android. Please tell me whether there is no particular concern or whether it is necessary to consider again.
    • Speaker: Regarding FIDO authentication, Apple, Google, and Microsoft have basically unified their concepts so that more users can use passkeys. In addition, in December last year, the FIDO Alliance announced that they would be able to provide passkeys to password manager vendors other than Apple, Google, and Microsoft. In that sense, online authentication allows many users to use passkeys as an alternative to passwords, and I would like to understand that there is no difference between Apple and Google.
    • Speaker: , I understand. In my opinion, for example, push notifications when licenses are about to expire will be important. I think there are expectations among the people that they will be notified so that they do not forget to renew their licenses, so I would like to discuss this in the future.
  • Speaker: , we have been promoting identity confirmation by electronic methods, and we are pleased that a mechanism to confirm basic 4 information has been established this time. We also feel that it is good that Apple's response has advanced. Although we cannot disclose details, we believe that it is necessary to convey how Apple's security is secured. At the same time, mdoc conforms to the international standard of ISO18013, but since it is a data storage method, we feel that it is necessary to convey how the data is handled and how the validation is performed if it is safe.
    • Secretariat: Regarding Apple's security, we have received the same institutional measures as Android regardless of the OS or smartphone device. Android stores the private key, E-Certificate, etc. in GE-SE, obtains authentication through CC authentication EAL4 +, and performs communication in accordance with international standards. Apple will take the same measures. On the other hand, regarding mdoc, we are currently considering the storage location of the device key, safety measures, storage location of the attribute information, and third party evaluation. We would like to ask the expert teachers to continue their guidance.
    • Speaker: , I understand. If the diffusion rate of My Number Card increases, there is a possibility that privacy issues will emerge in the future in addition to security, so I would like to ask you to respond.
  • Speaker: smartphone terminal, we believe that it is difficult to achieve the same security level as the current My Number Card. It is necessary to aim for the same level as the My Number Card, but we believe that it is sufficient to explain that a certain level of security level or higher is secured even if it is different. We believe that it is sufficient for the validation side to recognize the difference and use the card if the required security level is the same as the My Number Card level, and to understand that the use of the smartphone is sufficient otherwise. Therefore, we would like to ask for further consideration as the Issue in the future. My question is that the necessity of checking the validity of the card substitute electromagnetic record is stated in the law, but I would like to ask if a mechanism for checking online will be created. In addition, it can be read that it is stated in the law that only apps that have been granted permission can be used in the smartphone terminal, but I would like to ask if a certification system will be created and only apps approved by Digital Agency, Ministry of Internal Affairs and Communications, etc. will be used.
    • Secretariat: Card Substitute Electromagnetic Record, it is stipulated that when the record expires, the issuer notifies the smartphone of the expiration and automatically expires the information on the smartphone, and that it is confirmed whether or not the record has expired when it is used, and that it is not transmitted if the record has expired. Unlike OCSP and CRL confirmation such as JPKI, the certificate of the smartphone is updated to the latest status of validity / invalidation and the validity at the time of use is confirmed. Regarding the application, it is stipulated that the transmission program is used for transmission and the reception program is used for reception, so that the program is limited and the appropriate use is ensured. Regarding the transmission program, it is stipulated that the necessary functions are specified by laws and ministerial ordinances based on them, and the Prime Minister examines whether or not they are satisfied and certifies them. Since there seems to be a need for private business, etc. to create a reception program independently, it is stipulated that the necessary functions are examined for implementation and certified. We are considering a mechanism in which you can select whether to use the program distributed by Digital Agency for free or the one created by private sector.
    • Speaker: . I think it is better to create a restriction so that the receiving program created by private business does not provide more information than necessary. There is also a privacy issue, and I think it is a problem to provide more information than necessary by mistake, so I would like to ask you to consider an examination for that.
    • Secretariat: I understand that it is a very important point. I will consider it.
  • Speaker: for signing using the E-Certificate JPKI, the idea of obtaining the Basic 4 information and signing the document is specified as one of the methods, but the E-Certificate for user authentication does not include the Basic 4 information, so it is not specified as a method of identification in the Act on Prevention of Transfer of Criminal Proceeds. Due to the revised Act, there is a possibility that the Basic 4 information can be transmitted by a method other than the JPKI, so the identification in a strict sense will be authentication using 16 characters of the E-Certificate for signing. This part has been organized based on the idea that the biometric authentication cannot be used, but if the identification can be confirmed using the biometric authentication, it will be safer and more convenient. If this point is also organized, it will be more widely used and more convenient.
    • Secretariat: Regarding the revision of the Number Act this time, we recognize that the transmission and reception of electromagnetic records is positioned as a method of identity verification, and that basic four information and a facial photograph can be used for identity verification. We believe that it should be positioned as a method of identity verification under the Act on Prevention of Transfer of Criminal Proceeds or the Prevention of Unauthorized Use of Mobile Phones Act, and we have started to consider it with the competent authorities of the systems.

Exhibit 2: Operational status of smartphones

  • Speaker: certificates, did you have any target figures in Digital Agency? Given the strong impact of smartphones and the large number of Android devices, I think this number of downloads is conservative. I would like to ask whether you made a modest start due to concerns about obstacles in the event of large-scale deployment, and what kind of public relations efforts you made.
    • Secretariat: Digital Agency has not set a target number in an authorized form. Since we want many people to install smartphones, we are conducting public relations in various media in cooperation with Ministry of Internal Affairs and Communications and J-LIS. We think that increasing use cases is the best dissemination measure, but we recognize that efforts are necessary in terms of numbers.
    • Speaker: My Number Card is considered to be highly effective in terms of public relations. It is important to enrich Issue outside the house, such as convenience store Issue and health insurance card, and in the future, iPhones will be available, so it is considered that there will be opportunities in terms of public relations. Among them, convenience store use cases is considered to be an extremely important, and it is considered that attaching a seal such as "It is not necessary to carry around My Number Card" to kiosk terminals is the most effective as a place to be seen. We would like to ask you to consider it. use cases
    • Secretariat: family, mini-emergency, health insurance card response, and disaster response are important. We will consider it from the viewpoint that if it is equipped with a smartphone, it will be more effective because you usually carry a smartphone, and we will conduct public relations activities with the aim of supporting iPhones next spring, including convenience store Issue.
  • Speaker: NTT DOCOMO's efforts, it has been possible to confirm the identity of the D account by setting E-Certificate on the smartphone since February 2024, and it has been well received by users. It will be a good reference for other operators. As stated in the service launch schedule in the future, we expect to increase the number of users by comprehensively improving the response to tax returns and health insurance card, and the fact that it cannot be used if the smartphone is changed to a new model. In addition, page 3 of Material 1 describes the use of biometric authentication, but in the current Mynaportal app, even if biometric authentication is set to be used as the default, a password input and biometric authentication selection screen is displayed, and it is necessary to transition to three screens before biometric authentication. For general bank apps, biometric authentication can be used as the default if biometric authentication is set, so we think that there is room for improvement in this UX. Regarding iPhones, we expect that the UX will be improved by the new method of mdoc, but we think that the number of users will increase by working on the UX improvement of the Mynaportal app on Androids.
    • Secretariat: We will promptly consider specific improvement plans and also consider comprehensive improvements.
  • Speaker: The time has come to consider how to increase the use of smartphones in the future, and the administrative field should be delved into. For example, in the use of health insurance card, the elderly may need to present elderly beneficiaries, so it is conceivable to expand it sequentially as an adjunct. There are various methods in the field of child care support. We would like to see the active use of smartphones in the administrative field in the future.
    • Secretariat: It is as you said. We will consider thoroughly utilizing it in hospitals and other public service.
    • Speaker: Hospital has become more smoothly authenticated than before. If the card reader is compatible with smartphones, we believe that the counter operation of the hospital will be further smoothly improved. We should expand the use of these.
  • Speaker: Smartphone is more convenient than My Number Card when using Mynaportal. Therefore, in order to expand the use, it is necessary to inform the public what kind of information can be obtained in Mynaportal. In particular, information related to medical care should be made known in cooperation with Ministry of Health, Labor and Welfare. In addition, health insurance card will be abolished in December, so I would like to request that health insurance card respond to smartphones as soon as possible. By telling that hospital reception can be done on smartphones, I believe that the burden of bringing My Number Card to users will be reduced and the psychological barrier will be reduced. I would like to request that you proceed with consideration.
    • Secretariat: health insurance card is being discussed with Ministry of Health, Labor and Welfare and the Payment Fund. We will make efforts to realize the convenience promptly, including making it known to Mynaportal.

Exchange of opinions

  • Speaker: disaster, but I think it is highly likely that people will evacuate with a smartphone, and I think it is possible to appeal the superiority of having a smartphone. In addition, there are people who react negatively just by hearing the word My Number Card, so there is a possibility that the explanation of having a My Number Card in a smartphone will be resisted. On the contrary, I think it is better to appeal with a different name such as an identification card.
    • Secretariat: As a valuable opinion, it will be shared and examined in Digital Agency.
  • Speaker: MVNO basically handles smartphone terminals distributed in the open market, and we believe that the scope of cooperation is small compared to mobile carriers, such as acquisition of CC certification. We will cooperate as much as possible as an MVNO, but we would like to request comprehensive efforts so that open market terminal users do not suffer from disadvantages such as being unable to use smartphone installations.
    • Speaker: carrier terminals and open market terminals.
    • Secretariat: As a valuable opinion, it will be shared and examined in Digital Agency.
  • Speaker: I feel that we are making good progress, but the future is very important. Android is already in operation, but it is important to respond so that there is no difference from the viewpoint of users due to the addition of iPhones. I would like Digital Agency to respond so that there is no sense of incongruity regardless of which device is used by absorbing the difference in platforms. I would like experts to point out from that perspective in the future.

End