Skip to main content

This page has been translated using TexTra by NICT. Please note that the translation may not be completely accurate.
If you find any mistranslations, we appreciate your feedback on the "Request form for improving the automatic translation ".

The results of the compilation of "Opinions on the Specifications of Vaccination Certificates for the Novel Coronavirus Vaccine (Electronic Issue)" have been announced.

Published:

From Friday, September 17 to Thursday, September 30, Digital Agency held a "Issue to Seek Opinions on the Specifications of the Novel Coronavirus Vaccination Certificate (Electronic )," and the total number of responses was 18,659. Thank you for your cooperation.

Assuming a specific use cases, we have summarized the main opinions and response policies of business operators, local government, medical institutions, and public institutions that plan to use 2 d codes and APIs as follows.

Summary of Survey Results

  • Number of questions: 5 (3 required)
  • Total number of opinions: 18,659

Group to which the person who gave the opinion belongs

  • Operator: 3,966 (21.3%)
  • Local government: 417 (2.2%)
  • Public institutions: 413 (2.2%)
  • Medical institutions: 1,100 (5.9%)

Consideration of use by those who have expressed their opinions

  • 2 d code usage: 351 (1.9%)
  • API usage: 57 (0.3%)
  • Dual use: 443 (2.4%)
  • Neither: 17,808 (95.4%)

A major use cases

  • When entering restaurants, events, live venues, etc.
  • Reservations time for lodging or long-distance travel
  • At the time of application for special services, etc. by presenting the vaccination certificate
  • Visiting medical institutions
  • Reservations for the third dose of vaccine

Main Opinions and Direction of Response (2 d Code)

Comments on 2 d Code Specifications

[Operator]

  • What can be used overseas / Response to foreigners
    • In order to make it possible to use it overseas, I would like you to ensure compatibility with the EU Digital COVID Certificate and to support unification with overseas travel apps such as the IATA Travel Pass.
    • It is necessary to have a function to read QR certificates vaccinated overseas such as in Europe and import them into the Japanese version.
    • We would like you to consider the response to inbound users.
    • I would like to have as many languages as possible.
  • Information contained in a two dimensional code
    • (For a casual use cases) Users should be able to control the information displayed, such as not wanting their dates of birth or names to be known.
    • In security, it should be divided into two codes, "a code that proves only that the user has been vaccinated without privacy information" and "a code that contains privacy information," and the user should be able to select the code at will.
    • I would like it to be indicated only whether or not it has been vaccinated.
    • What information is contained in the 2 d code is unknown
  • Contrivances against counterfeiting
    • We need a way to verify that the two dimensional code is real.
    • The code should have a timestamp indicating the date of creation and be signed by a trusted E-Certificate.
    • Shouldn't a [timer display in the QR display screen] be installed as standard to prevent "perjury of vaccination certificate by screenshot, etc."?
    • We would like the server side to determine whether the vaccination certificate is valid and return a token, etc. that returns the status.
    • I want you to include a photo of my face.
  • Use of My Number Card
    • Isn't it enough to certify in My Number Card only for strict purposes?
    • My Number Card essential should be avoided
    • I would like driver's license card to be able to handle it.
  • I would also like to have contact information (phone number, etc.) in case of an infected person.
  • I would like to be able to register the information of my family (dependents).
  • I would like you to make it known to everyone.

[local government]

  • Concern about accuracy of VRS data
  • Concerns about the display of names in the case of foreign characters and in the registration of non-Japanese aliases
  • Concerns over Identity Verification with Owners of 2 d Codes
  • Consideration for people who cannot be vaccinated due to individual circumstances

[medical care Workers]

  • I would like to see a unified code system including other vaccinations (in cooperation with JAHIS).
  • Based on the breakthrough infection, I would like to be able to display the negative certificate in the same app.

[Public Institutions]

  • I would like you to consider issuing it at a convenience store.
  • Development of communication environment (development of public wifi) / specifications that can be used without communication

[Other]

  • Integration into Mynaportal
  • I would like you to support AppleWallet and AppleWatch.
  • I would like to start it as a mini app via an app such as LINE or PayPay.
  • I would like it to be compatible with smartphones that do not use the NFC (Near Field Communication) function.
  • I would like to be able to use My Number instead of My Number Card.

Direction of Response to Comments on 2 d Code Specifications

(1) International compatibility / multilingual support

We have adopted the ICAO standard in consideration of compatibility with EU-DCC as you pointed out. We will continue to firmly respond to cross-border interoperability based on international trends.

Regarding SMART Health Cards, which is a standard for domestic use, it was pointed out that if English is supported, it may be used overseas. Therefore, we plan to support English for those who apply for travel from the time of provision of the application.

In addition, regarding the multilingual support for applications, we will consider responding not only in Japanese but also in English in response to your opinions.

(2) Addition or deletion of information to the vaccination certificate

There were many opinions such as addition or deletion of information presented in the vaccination certificate. However, since sufficient information has been provided as vaccination record information at the time of provision of the application, there is no plan to add information. We will consider responses as necessary while monitoring the situation.

Regarding the display information on the application, there were many opinions from those who confirmed the vaccination certificate and those who presented the information that they felt concerns about personal data. Therefore, we will change the display information to be able to display the information in the following three levels on the application screen so that users can select the information presentation level by themselves.

(A) Level at which only vaccination can be confirmed
(B) A level at which only the two dimensional code can be confirmed
(C) two dimensional code + the level at which information (contained in the code) can be displayed

(3) Anti-counterfeiting

As a simple check, it is possible to identify whether or not it is displayed in the application by displaying the clock on the information presentation screen of the application. In addition, the data contained in the two dimensional code is digitally signed by a private key generated by the public key encryption method, and it is possible to determine whether or not the information has been tampered with. Even after the start of use of the application, we will review the response as necessary while understanding the counterfeiting method.

(4) Application format

This time, the purpose of use is clear, and it is a function implementation that will be unnecessary after a certain period of time, and it is a short-term implementation. From the viewpoint of reducing the time required for validation, etc. regarding the scope of influence on other functions, we expect to provide it as an individual application. In addition, we will consider cooperation with functions that increase user convenience, such as AppleWallet.

Key Opinions and Response Directions (API)

API Specification Proposal

Multi-factor authentication

  • Implement multi-factor authentication due to concerns over personal data leaks
  • Two step verification is essential

Security

  • Concerned about leakage of personal data (security)
  • Due to the fear of spoofs, I feel that the operation of using the date of birth as the password of the API is not appropriate from the viewpoint of security.
  • The API response should not include the personal data and should return whether or not it has been vaccinated. If the detailed API response requires the last number of vaccinations and the last date of vaccination, the identification requirements for the API accessor should be strict.

Direction of response to comments on API specifications

When I checked your opinions, I found that there are concerns about security, and careful responses are required. In addition, it was confirmed that many business operators said that they do not have plans to use API because they could not imagine much development that would match the system use cases cost for API use at this point. Therefore, we will consider the details of the provision of API to business operators after the method of using the vaccination certificate in future government measures is clarified.

Main Opinions and Direction of Response (Others)

In addition, we have received the following valuable opinions. This time, we have presented our policy based on the opinions of people who plan to use this application.

We will use it as a reference when considering and judging the future direction.

  • There are citizens who cannot have a vaccination certificate. I wonder if it will promote discrimination in a situation where it is difficult for some people to have a vaccination certificate. I also wonder if people who do not have a vaccination certificate will suffer disadvantages.
  • Under the premise that the vaccine effect is unknown, the use of vaccination certificates may promote an increase in people's flow, resulting in further spread of infection.
  • There may be many negative cases handled overseas.

This two dimensional code provides a vaccination certificate based on the vaccinations Act, and I believe that there are various ways to use the vaccination certificate, depending on each local government and business operator, including those that strictly require identity verification and those that simply require presentation.

We will appropriately work on the relevant departments, including the COVID-19 pandemic Measures Promotion Office of the Cabinet Secretariat, to spread measures against the novel coronavirus by appropriately using vaccination certificates.

Share: