Skip to main content

This page has been translated using TexTra by NICT. Please note that the translation may not be completely accurate.
If you find any mistranslations, we appreciate your feedback on the "Request form for improving the automatic translation ".

Promotion of DX Sub-Working Group that secured Trust (3rd meeting)

Overview

  • Date and Time: Monday, December 27, 2021 (2021) from 2:00 pm to 3:30 pm
  • Location: Online
  • Agenda:
    1. Opening
    2. Proceedings
      1. Main points of the previous meeting and status report of the fact-finding survey (Secretariat)
      2. Presentations from members and external experts
        • Daichi Tachibana (Cloud Type Electronic Signature Service Council)
        • Yuji Nakasu (SAP Japan Co., Ltd.)
      3. Free discussion
    3. Adjournment

Materials

References

Relevant policies

Summary of proceedings

Date

From 2:00 p.m. to 3:45 p.m. on Monday, December 27, 2021 (2021)

Location

Held online

Attendees

Members

  • Hiroshi Ota (Partner, Nishimura & Asahi)
  • Natsuhiko Sakimura (Senior Researcher, Tokyo Digital Ideas Co., Ltd.)
  • Kazue Sako (Professor, Department of Information Science and Engineering, School of Basic Science and Engineering, Waseda University)
  • Satoru Tezuka (Professor, Faculty of Environmental Information, Keio University) [Senior Researcher]
  • Soshi Hamaguchi (Senior Staff Member, Keio University SFC Research Institute)
  • Tatsuya Hayashi (Director of LocationMind Co., Ltd.)
  • Hiroshi Miyauchi (Attorney, Miyauchi & Mizumachi IT Law Office)
  • Kazuya Miyamura (Partner, PwC Arata LLC)
  • Makoto Takamura (Counselor to the Director-General of cybersecurity, Ministry of Internal Affairs and Communications)
  • Hiromasa Kiyo (Senior Assistant, Commercial Affairs Division, Civil Affairs Bureau, Ministry of Justice) *
  • Hidenori Sato (Planning Officer, cybersecurity Division, Commercial Information Policy Bureau, Ministry of Economy, Trade and Industry) * Attendance

Observer

  • Satoru Ijichi (Executive Director of the time business Accreditation Center, Information and Communication security Division, The Japanese Telecommunications Association)
  • Takayuki Idaka (Special Advisor for medical care Information Technology, Research development Promotion Division, Ministry of Health, Labor and Welfare Health Policy Bureau) * Attendance by proxy
  • Daishu Ohta (Chairman of the External Affairs Department of the Digital Trust Council)
  • Hirohisa Ogawa (Chairman of the Steering Committee of the Nippon Trust Technology Council and Senior Researcher, Cyber security Strategic Group, Digital Innovation Division, Mitsubishi Research Institute, Inc.)
  • Mikio Ogawa (Executive Director of Administration and Settlement Systems Department, Japanese Bankers Association)
  • OGURA Takayuki (General Manager of Corporate Sales Department, Shachihata Inc. Systems)
  • KOMATSU Hiroaki (Partner, Tokyo IT Audit Department, KPMG AZSA LLC)
  • Hajime Sato I (Executive Director of the Policy Department of the New Economy Federation)
  • Sato Tatewaki (Cloud-based Electronic Signature Service Council Secretariat)
  • Koichi Shibata (Executive Director in charge of DX Service Planning Department and Chairman of the Planning and Operation Subcommittee of the Trust Service Promotion Forum, Seiko Solutions Corporation)
  • Kenichiro Shimai (Deputy Director of medical care Information Technology Promotion Office, Research and development Promotion Division, Ministry of Health, Labor and Welfare Health Policy Bureau) * Attendance by proxy
  • SHIMAOKA Masamoto (Senior Researcher, IS Research Institute, SECOM CO., LTD.)
  • Kikuzo Sodeyama (Director of SKJ Sogo Tax Accountant Office)
  • Hajime Toyoshima Kiyoshi (DigitalBCG Japan Managing Director)
  • Yuji Nakasu (Vice President of Government Affairs, SAP Japan Co., Ltd.)
  • NAKATAKE Hiroshi (Representative of Global Legal Entity Identifier Foundation (GLEIF) Japan Office)
  • Akira Nishiyama (Special Member of the Electronic Certification Bureau Conference (Representative of Future Trust Lab))
  • Eiji Nozaki (Director of the General Affairs Division, Supervisory Bureau, Financial Services Agency
  • Tomoaki Misawa (Partner, PwC Arata LLC)
  • YAMAUCHI Toru (Managing Director of the Association for the Promotion of Information Economy and Society and Director of the Digital Trust Evaluation Center)
  • WAKAMEDA Mitsuo (Senior Researcher, Data Strategy WG, Planning Committee, Digital Economy Promotion Committee, Japan Business Federation)

Digital Agency (Secretariat)

  • Group Manager of Digital social common function Group Masanori Kusunoki, Group Deputy Manager of Shusaku Indo Group, etc.

Minutes

  • The Secretariat explained Materials 1-1 "Explanatory Materials for the Secretariat," Materials 1-2 "Examples of Use of Trust Services in Foreign Countries (Electronic Prescription Service in Estonia)," and Materials 1-3 "Report on the Survey of Questionnaire on Trust Services."
  • External experts gave presentations on the needs and Trust of Issue services in DX on Material 2 "Necessity of Promoting the Spread of Cloud-based Electronic Signature Services Supporting' Digital Principles'" and Material 3 "The Current Status of Trust Services and Issue as Recognized by SAP".
  • In the open discussion, the following remarks were mainly made.
    • In international money transfers, trade transactions, and exchange transactions, anti-money laundering requires strict confirmation at the time of transfer, up to the beneficiaries and rulers of the beneficial receipt, so considerable manpower and systems are invested in screening. In import and export transactions, considerably strict declaration is required, such as the port of loading, the place of loading via, the port of discharge, the place of delivery, the type of business, and the purpose of import. Digital certificates backed by corporate registration play a large part in securing the efficiency of the process and international credibility.
      In the European PoC of e-Seal, it is being conducted in validation, which is a framework for international mutual certification. In fields other than trade and financial transactions, the use of e-Seal is being promoted with peace of mind in a framework using digital certificates backed by laws such as the Remote Contract Signing Act. However, in Japan, the legal backing of e-Seal has not yet been clarified. In the SDG, environment, and human rights frameworks, it is required to ensure traceability that is internationally certified, so I strongly feel that the development of a proper framework is now necessary.
    • Regarding Material 3, there is a description of "Standard Electronic Signatures (Standard)" in the "Definition of Three Types of Electronic Signatures" section. Isn't the expression of simply E-Certificate (Simple) correct? Since it will affect future discussions, it is requested that the expression be corrected to the correct expression on the eIDAS. (* The presenter will correct the material later.)
    • Regarding the relationship between electronic contracts and electronic signatures, it can be arranged that the Trust service called electronic signatures is used in the Trust application service called the electronic contract system of SAP. Since it is possible to select multiple electronic signatures in the electronic contract system, it is important to consider the Trust service and the Trust application service separately.
    • Regarding Exhibit 3, there was a comment that the safety of electronic signatures has not yet spread. However, when asked whether electronic signatures are safe because hanko can be forged, I think that electronic signatures are very safe compared to hanko. I think it is necessary to spread this awareness.
    • Please tell us what the Cloud-based Electronic Signature Service Council thinks about the uniqueness of the internal process of cloud-based electronic signatures as indicated in Q & amp; A of Article 3 of the Government's Electronic Signatures in Global and National Commerce Act. Quite strict uniqueness levels are indicated for Electronic Signatures in Global and National Commerce Act accredited certification business operators, but what level of uniqueness are they trying to ensure for cloud-based electronic signatures? Cloud-based electronic signatures are so-called assurance levels, and it seems that they are currently at the level of IAL1 and AAL2. Are you thinking of disclosing the levels of IAL and AAL in the future?
    • At the Cloud-based Electronic Signature Service Council, the uniqueness level of Q & amp; A under Article 3 of the Electronic Signatures in Global and National Commerce Act is being discussed. We recognize that we need to discuss a unified view in the future, and we will officially respond when we are able to discuss.
    • Although there is a lot of room for digitization in digital completion in terms of identity verification in response to the Criminal Proceeds Act, such as KYC and AML, there are some Trust that cannot be covered by Issue services alone. Please tell us about Issue and efforts that you have noticed in dialogue with Europe.
    • It is not easy to confirm the so-called de facto ruler. Financial institutions use considerable physical strength to confirm by calling or sending things. There is no mechanism for global standardized confirmation. The first step is whether or not it is registered with a reliable organization, and from there, the confirmation of capital relationship, etc. must be done separately at different levels. Overseas, GLEIF's LEI is an overseas version of the corporate My Number, but we have started talking about whether or not we can cooperate with eKYC. Separately, SWIFT, an organization that manages communication between financial institutions, is talking about doing eKYC. Even in Japan, it is important to know that this person is definitely registered as a corporation, and it is important to have a mechanism that can be seen from overseas.
    • Regarding Attachment 1-2, since electronic prescription is medical care information and a service that handles serious personal data, it is considered to be a direction that Japan should aim at in the area where a high assurance level is required, because it is a Trust service that has a Trust policy and is recognized by law, and a implementation example and operation example of a service that uses authentication by a eID equivalent to a My Number Card or a Public Personal Authentication.
    • Regarding Material 2, in the explanation that the user support of the party signature type has not spread, the number of certificates issued for the certified authentication service is shown as the basis. However, since the party signature type includes the party signature type other than the certified authentication service, it is misleading to interpret that the certified authentication service has not spread, or that the party signature type has not spread.
      Please tell us the evidence of the survey in the pie chart on page 5. We believe that the evidence is based on the results of the questionnaire conducted by the companies of the Cloud-based Electronic Signature Service Council to their customers. However, it is necessary to take into account that the graph based on the questionnaire of your organization is the result of the questionnaire conducted by the cloud-based electronic signature service provider to its customers.
      On page 7, the total sales of DocuSign are shown. It is known that there are multiple services such as observer-type electronic signatures, observer-type digital signatures, and party-type digital signatures among DocuSign services. Is it arranged that only business-type services, excluding party-type services, are increasing? Among observer-type electronic signatures, there are observer-type electronic signatures and observer-type digital signatures. Please indicate whether the observer-type signature service being considered by the Cloud Electronic Signature Service Council is an observer-type electronic signature or an observer-type digital signature, and tell us what kind of applications you think are suitable for the spread of "just the right Trust."
    • We believe that user choice is important for "just right." We believe that 4-8 on page 8 of Exhibit 2 are "just right Trust" with a balance between UI/UX and security. We believe that both digital signatures of the witness type and electronic signatures of the witness type are options, and that services other than 4-8 will be available in the future.
    • In Trust, the truth is that there is more of a sense of security than safety. The reason for the Trust of a seal that seems to be completely compromised in a customary manner is that it has become customary in the flow that the seal originally existed in the documents above. I was shocked to see page 12 of Handout 1-2, but the digitalization of the Issue Document is extremely low. It is not good to have 5% including the plan to make it online. First of all, it is important to significantly increase the ratio of the Issue Document to the private sector of the administration and make the online and electronic Trust more familiar. It is possible to decide on your own, including the process, within the Administrative organization, so I would like you to do it quickly.
    • Regarding the fact that the progress of notification of disposition / Issue from the administration to the private sector is limited, efforts are being made to electronic Issue of administrative documents by granting GPKI government position certificates to PDF documents using government position certificates. For example, since the establishment of the Digital Agency, in the certification of Electronic Signatures in Global and National Commerce Act certified business operators, in order to promote efforts to electronic Issue by attaching GPKI government position certificates to PDFs, certification documents are basically transition to electronic Issue. In this way, we hope to expand efforts to electronic Issue with GPKI in the future.
    • We would like you to proceed strongly and rapidly. The use of Trust services from the government like this has great significance for the formation of Trust.
    • On page 2 of Exhibit 1-2, regarding the electronic prescription service in Estonia, is it okay to limit the identification to an ID card? What is Estonia doing about the risk of reusing prescriptions when they are digitized?
      On page 5, with this mechanism, it seems that the database accessed by the hospital reaches the database accessed by the pharmacy, but is it possible to confirm whether or not it has been received?
    • Additional research is required for the details, but it is currently possible that the first action is to certify that the person who has come is the one who is prescribing the drug, so it is understood that the person is basically authenticated by the ID card. Regarding the response to the reuse of prescriptions, it is inferred that the evidence that the drug was prescribed with the person's authentication at the pharmacy is basically left in the database, thereby preventing the prescription of multiple drugs with one prescription.
      Regarding the database, it is inferred that a reliable medical institutions sends the issuance information of a prescription to the database of the Health Insurance Fund with an e-seal attached, and when it is recorded in the database of the Health Insurance Fund, the time is correctly managed and sent as a time stamp, and the guarantee of the deliverer and the guarantee of the delivery time are recorded using the Trust service.
    • When introducing efforts to spread Trust services in Europe and the United States, it is necessary to discuss separately whether the reason is that there is institutional backing or that the concept of contracts and billing is naturally working because individual players understand it. If a system is created for anything, there is a risk that the system will become rigid because it is not so easy to fix a system once it has been created unless there is a problem. I would like you to discuss it by looking at whether it should be done by a system or as a business practice.
    • In the case of Europe, there are some countries that are forced to take over the market by looking ahead to a certain extent, so it is necessary to consider taking a policy that the government of procurement will use Trust services first and consider the spread together.
    • Regarding the electronic prescription in Estonia in Attachment 1-2, in the request for issuance of the prescription, it is stated that the patient will contact the doctor at the hospital by interview, email, or line, but if the patient's identity is not confirmed, the drug will not be delivered to the wrong person because the identity is confirmed at the eID when the doctor hands over the drug. However, if the patient's identity is not confirmed at the first request for issuance, there is a possibility that the prescription will be issued and no one will receive it.
    • It is a detailed story, so I have not been able to investigate it to that extent, but I guess that in the process of promoting digitization, they are taking a rational form based on the idea that the convenience of services will be reduced by strictly verifying identity.
  • The secretariat explained that the meeting materials will be published on the Digital Agency website later, that additional opinions and questions will be communicated to the secretariat and used as a reference for future operations, and that the minutes of the meeting will be published after the members confirm the content.
  • The secretariat explained that the next meeting of the sub-working group is scheduled to be held online from 4:30 p.m. on January 25, 2022 (2022).

End