Skip to main content

This page has been translated using TexTra by NICT. Please note that the translation may not be completely accurate.If you find any mistranslations, we appreciate your feedback on the "Request form for improving the automatic translation ".

Japanese Public Key Infrastructure (JPKI)

Basic information (service characteristics and certification system), service introduction examples, and useful information for service introduction (introduction method, procedure for introduction, Japanese Public Key Infrastructure usage fee, etc.) necessary for local governments and private sector to introduce Japanese Public Key Infrastructure (JPKI * 1) are summarized and introduced.

* 1 Japanese Public Key Infrastructure

What's New

Contents

1. What is Japanese Public Key Infrastructure

Japanese Public Key Infrastructure is a safe and reliable identity verification service that uses electronic certification installed in My Number Card's IC chips (My Number is not used) to authenticate users online and publicly confirm that contracts and other documents have not been tampered with. Japanese Public Key Infrastructure can be used not only by administrative agencies but also by various services in private sector.

The use of Japanese Public Key Infrastructure is expected to improve customer service and reduce administrative costs. For example, it can reduce the cost and time required for customers to fill out and mail identity verification documents and applications. It can also reduce the workload required by private sector to accept and review documents.

As of February 3, 2025, there are 652 companies in private sector that use Japanese Public Key Infrastructure. It is used in various situations, such as opening bank and securities accounts and concluding loan contracts.

This system is operated by Japan Agency for Local Authority Information Systems (hereinafter referred to as "J-LIS"), a corporation jointly managed by the national government and local public entities based on the Public Personal Authentication Law * 2, and has the highest level of security and reliability.

When private sector introduces Japanese Public Key Infrastructure, there are two ways to use it. One is to become an approved business operator after receiving approval from the competent minister based on the Public Personal Authentication Act, and the other is to entrust signature verification work to an approved business operator. To become an approved business operator, facilities and systems for information management in signature verification work are required. The facilities can also be used in the cloud. On the other hand, by entrusting signature verification work to an approved business operator, it is possible to introduce Japanese Public Key Infrastructure without requiring each business operator to develop signature verification facilities.

Efforts * 3 to popularize and expand the use of My Number Card, including Japanese Public Key Infrastructure, are being strongly promoted throughout the government, and My Number Card is becoming increasingly convenient and user-friendly for the people. Currently, the number of valid applications * 4 in My Number Card has exceeded the number of issued driver's licenses as of January 2023, reaching two-thirds of the population (about 83 million).

* 2 Act on Certification Business of Japan Agency for Local Authority Information Systems Pertaining to Electronic Signatures, etc.

* 3 Please refer to the following for the roadmap of major initiatives.
Priority Plan Roadmap for the Realization of a Digital Society (PDF / 2,015 kb)
Sections on My Number Card
P7: (4) Promoting the spread and use of My Number Card
P24 to P25: Process Chart for digitalisation of Various Cards Utilizing My Number Card

* 4 The number of My Number Card issuance applications excluding cases where there were defects in documents and cases where applications were cancelled. For the latest number of valid applications, please refer to the Dashboard on the Spread of Japanese Public Key Infrastructure.

2. Service Features

It can improve customer service by eliminating the need to fill out application forms and other forms with names and addresses and by reducing the labor involved in mailing applications. It can also reduce administrative costs by eliminating the need to fill out application forms and other forms, as well as strengthen security.

2.1. Improving Customer Service

You can reduce the costs incurred by customers, such as preparing, filling out and mailing identity verification documents and applications.
For example, in the case of identity verification at the time of opening a bank account, identity verification documents and application forms must be submitted. By using Japanese Public Key Infrastructure, identity verification and application can be made online. This reduces the cost of preparing, filling out, and mailing the documents. In addition, by transcribing information from the four information items (address, name, date of birth, and gender) recorded in the signature electronic certification, the burden and errors associated with customer input can be reduced. In addition, since identity verification is completed online, services can be provided without time or location restrictions.

2. 2. Administrative cost reduction

It can reduce the administrative costs borne by the identity verification, such as the acceptance and examination of private sector documents and applications, and the mailing of notices to customers.
For example, in the case of identity verification at the time of opening a bank account, in the past, identity verification documents and application forms were received and examined, and documents were requested to be resent in case of incomplete entries. If Japanese Public Key Infrastructure is used, identity verification and application can be made online, reducing the workload.

2.3. Security Enhancements

Japanese Public Key Infrastructure uses a cryptographic technique called "public-key cryptography" to ensure the security of communications.
Public key cryptography uses two different keys (a private key and a public key) for encryption and decryption, and is characterized in that encryption using one key cannot be decrypted without using the other key.
In addition, the private key is recorded in the IC chips of the My Number Card.
If the information stored in the IC chips is improperly read, My Number Card takes countermeasures, such as automatically erasing the data, so there is no need to worry about the private key being stolen.

For details of "Public Key Cryptography", please refer to the following.

3. Service Deployment Methods

In this chapter, we will introduce the service introduction method for private sector who are interested in the introduction of Japanese Public Key Infrastructure.

3.1. Service Introduction Method

When using Japanese Public Key Infrastructure, service introduction business operators must confirm the effectiveness of the electronic certification provided by the customer. There are two service introduction methods: one is to become a "platform business operator" that carries out the effectiveness confirmation itself, and the other is to become a "service provider business operator" that entrusts the effectiveness confirmation to the platform business operator.

3.1. 1 Becoming a Service Provider

A service provider (hereinafter referred to as an "SP provider") is a service provider that provides services by entrusting the validation of a Japanese Public Key Infrastructure to a PF provider without in-house signature verification facilities when using the electronic certification.
Since the validity confirmation of the electronic certification is entrusted, the cost burden related to the maintenance and operation of the facility can be reduced, the period until the introduction of the service can be shortened, and the service can be introduced quickly and inexpensively. The flow of the validity confirmation of the electronic certification in the case of an SP operator is shown in Figure 1. In general, when using a service related to signature verification, a service usage fee specified by the PF operator is required. The usage fee varies depending on the PF operator.
For the procedure and service fee to become an SP business operator, please contact " 7.2.4. Inquiries regarding services provided by platform business operators, etc. ".

An illustration explaining the flow of electronic certification validity confirmation in the case of an SP operator. When a service user sends a electronic certification to a service provider operator, the entrusted platform operator confirms the validity of the electronic certification with the Japan Agency for Local Authority Information Systems. The platform operator that receives the confirmed result provides the result to the service provider operator, and the service provider operator that receives the result provides the service after confirming the validity of the electronic certification.
Figure 1: Flow of electronic certification Validity Checks (SP Operators)

3.1.2. Method of becoming a platform operator

When using the Japanese Public Key Infrastructure, the electronic certification, which confirms the validity of the private sector itself with the J-LIS, needs to establish a signature verification facility and become a "platform business operator (hereinafter referred to as a" PF business operator ")" after receiving approval from the competent minister based on the Public Personal Authentication Act.

The PF operator can provide the function of electronic certification validation to another private sector as a platform.
The signature verification facilities that should be installed can also be installed in the cloud. This is expected to reduce the cost burden related to the installation and operation of the facilities and shorten the time to introduce the service.

When using the service, a electronic certification verification fee is charged to J-LIS. The fee is a pay-as-you-go fee based on the number of confirmations. The fee is 20 yen per case for a signature electronic certification and 2 yen per case for a user certification electronic certification. From January 2023, these fees will be free for the time being.
For the procedure to become a PF business operator, please refer to " 3.2 Procedure to Become a Platform Business Operator ".

3.2. Procedures for becoming a platform operator

When introducing a service as a PF business operator, it is necessary to first obtain technical specifications, etc. from the J-LIS and then proceed with the competent minister's approval procedures. After obtaining approval, it is necessary to develop a system environment for signature verification, etc.

It takes about six months to one year from the time of obtaining the technical specifications, etc. to the time of obtaining approval from the competent minister. For an overview of the procedure, please refer to the guidelines published by Ministry of Internal Affairs and Communications and Digital Agency below.

See "c. Certification Procedures" on pages 39 to 41 for an overview of the procedures.

3.2.1. Obtaining Technical Specifications, etc.

After signing a pledge of confidentiality with J-LIS, I will apply for disclosure of technical specifications, etc. related to Japanese Public Key Infrastructure. This document is necessary for the competent minister's certification procedures and system environment development, but it is also necessary for considering the introduction of services, so please use it from the consideration stage.

3.2. 2. Competent Minister Certification Procedures

Based on the technical specifications provided by J-LIS, we will respond to the requirements shown in the certification standards and prepare documents to prove that we meet the requirements. We will apply for certification examination to Digital Agency and Ministry of Internal Affairs and Communications with the documents.

3. 2.3. Getting Ready for Production

After certification is obtained, the operation is checked in the test environment of the Japanese Public Key Infrastructure. If there is no problem, the J-LIS makes a notification to receive the validity check result of the electronic certification based on the provisions of the Public Personal Authentication Act. Finally, the operation is checked in the production environment, and the service is started.

3. 3. Japanese Public Key Infrastructure Fee

The use of Japanese Public Key Infrastructure does not incur any expenses related to the acquisition or maintenance of the competent minister's certification, unlike general government licensing projects. Only the electronic certification verification fee for J-LIS is required.

The Japanese Public Key Infrastructure charge is based on the number of validity checks. The electronic certification for signature is 20 yen per case and the electronic certification for user verification is 2 yen per case.

These usage fees will be free for the time being from January 2023 * 8. The aim is to reduce the cost of using services for PF operators and support the introduction of services. For details, please refer to the following.

* 8 The CRL method will be permanently free of charge, and the OCSP responder method will be free of charge for three years for the time being.

4. Service Case Studies

In this chapter, we will introduce the case study of Japanese Public Key Infrastructure in the private sector where it is currently being introduced. We will provide you with reference information such as what kind of industry and service it is being introduced in, how it is being introduced, and what kind of advantages it has for the private sector and customers, so please use it for your consideration.
For example, in the banking and securities industry, Japanese Public Key Infrastructure is often used to open accounts, and its introduction has been recognized as effective. It eliminates the need to copy identity verification documents, fill out application forms, and send them by mail, which were required when opening an account. By using My Number Card electronic certification, you can easily and accurately apply for an account from a smartphone or other device. This leads to a reduction in administrative costs such as acceptance and screening, and an improvement in customer convenience.

5. Authentication Mechanism

For the Japanese Public Key Infrastructure, the electronic certification installed in the IC chips of the My Number Card is used. The J-LIS, the issuer of the electronic certification, becomes the trust anchor (base of reliability) and proves its effectiveness.

5.1. What is electronic certification effectiveness?

The electronic certification will lose its validity depending on the conditions, so the private sector must confirm the validity of the electronic certification submitted by the customer.

5.1. 1. electronic certification Revocation Conditions

Expiration conditions for a electronic certification include the expiration of the valid period of the electronic certification, a change in the four basic information (address, name, date of birth, and sex) on the resident's card, and the death of the applicant. There are two types of electronic certification: "electronic certification for signature" and "electronic certification for user certification," and the expiration conditions differ for each.
For details of "electronic certification for signature" and "electronic certification for user certification", please refer to " 4.2 electronic certification type ".
Please refer to the following for details of electronic certification's expiration conditions.

5.1.2. electronic certification Validation Scheme

There are two types of electronic certification validation methods: the "CRL provision method" and the "OCSP responder method."

(1) CRL Provision Method
CRL * 5 is a list of revocation information of electronic certification.

The CRL provision method is a method of periodically (once a day, etc.) providing a list of revocation information of a electronic certification.

The CRL provided by the J-LIS is updated on a daily basis. The private sector checks the validity of the electronic certification by downloading it locally and comparing it with the issuance number of the electronic certification of the service recipient.

The feature of the CRL provision method is that it can be checked offline.

* 5 Certification Revocation List

An illustration explaining the CRL provision method, in which the Japan Agency for Local Authority Information Systems locally downloads the CRL provided by the private sector and checks the validity of the CRL against the issue number of the electronic certification transmitted by the service user, thereby enabling service provision.
Figure 2: CRL Provision Method

(2) OCSP Responder Method
OCSP * 6 is a communications protocol used to verify the validity of a electronic certification.

The OCSP responder method is a method in which an inquiry about the validity of a specific electronic certification is answered individually from a response server called an "OCSP responder."

The OCSP responder stores revocation information and updates it every 15 minutes. The OCSP responder matches the revocation information with the issue number of the service user's electronic certification and provides the validation result.

The OCSP responder method is characterized by real-time confirmation. On the other hand, it should be noted that the validity of the electronic certification cannot be confirmed offline.

* 6 Online Certification Status Protocol

An illustration explaining the OCSP responder method. When a service user sends a electronic certification, the OCSP responder in Japan Agency for Local Authority Information Systems checks the validity and returns the result to private sector. private sector receives the result and can provide the service to the service user.
Figure 3 OCSP Responder Method

5.2. electronic certification type

There are two types of electronic certification: "electronic certification for signature" and "electronic certification for user certification".

5.2.1. electronic certification for signature

Electronic signatures are used to create and transmit electronic documents such as applications and contracts via the Internet, etc., and it is possible to confirm that the electronic documents created and transmitted by the users are "authentic documents created by the users and transmitted by the users." Electronic signatures using a signature electronic certification can be subject to Article 3 (Presumption of Authentic Establishment of Electronic Records) * 7 of the Act on Electronic Signatures and Certification Business. In other words, an electronic document with an electronic signature that satisfies certain requirements by the principal is presumed to be authentically established (created based on the intention of the principal).

* 7 Quoted from Article 3 of Act on Electronic Signatures and Certification Business
An electronic or magnetic record prepared for the purpose of representing information (excluding one prepared by a public officer in the course of his / her duties) is presumed to be authentically formed if the information recorded in the electronic or magnetic record is subject to an electronic signature by the principal (limited to an electronic signature that can be carried out only by the principal by properly managing the codes and articles necessary for carrying out the electronic signature).

5.2.2 electronic certification for User Certification

It is mainly used when logging in to Internet sites, etc., and it can confirm that the person who logged in is the user himself / herself.

Since the purpose of the electronic certification for signature is different from that of the electronic certification for user identification, the retained information is different. The main difference is whether or not the basic four information (address, name, sex, and date of birth) is retained in the electronic certification. The basic four information is retained in the electronic certification for signature, which is used for electronic signatures at the time of application, etc., because it is necessary to confirm the applicant's exact address, etc. The basic four information is not retained in the electronic certification for user identification, which is used for login to Internet sites, etc., because it is sufficient to confirm the identity of the applicant. electronic certification

For details of "5.2 Types of electronic certification", please refer to the following.

6. Expansion of Japanese Public Key Infrastructure functions

6.1. Updated User Information (4 Information) Provision Service (started on May 16, 2023)

Service Overview
This service enables customers to inquire the latest four information (address, name, date of birth, and sex) of the customer to J-LIS (Japan Agency for Local Authority Information Systems) at any time online, provided that prior consent has been obtained from the customer using Japanese Public Key Infrastructure. This enables financial institutions, for example, to immediately confirm changes in the customer's address, etc.

This service was launched on May 16, 2023 and is summarized below.

The details of this service are described in the following "5 Overview of the Service for Providing Latest User Information Based on Principal Consent (Basic 4 Information)" (pages 43 to 49).

Customer consent is required for private sector to provide the Services.
Such consent must be easy for customers to understand and must be obtained without fail. When obtaining consent, please refer to the following materials for points to consider.

Procedures for Use of the Service
This service is an additional service to Japanese Public Key Infrastructure, so at private sector, you need to go through the procedure for using Japanese Public Key Infrastructure first.

After completing the procedures for Japanese Public Key Infrastructure, please complete the procedures for using this service.

For details of Japanese Public Key Infrastructure, please refer to electronic certification (for private sector) Electronic certification by Japanese Public Key Infrastructure (to private sector) Japanese Public Key Infrastructure.

The procedures required to use this service are as follows.

  1. Service provider business operators (business operators that use Japanese Public Key Infrastructure by entrusting signature verification services to platform business operators)
    The service provider can receive information necessary for system support from the platform provider to which the signature verification service is entrusted.
    The platform operators supporting this service are as follows.

  2. Platform business operators (business operators using Japanese Public Key Infrastructure with the approval of the competent minister)
    It is necessary to apply to J-LIS for use of this service. Please contact the following contact information.
    Contact:
    After that, it is necessary to make a pledge of confidentiality with J-LIS and apply for disclosure of technical specifications, etc.

6.1.1. On October 29, 2024, the "Consent Support Service," which is required for the "Four Basic Information Services," was launched using Mynaportal.

By using this service, private sector can obtain consent from customers required to use the "Latest User Information (4 Information) Provision Service."
For new customers, it is easy to obtain consent from the customer at the time of application. We have also launched a "Consent Acquisition Support Service" as a method to smoothly obtain consent from existing customers. Please check the details below.

Benefits of using this service
  • Advantages for Business Operators
    • It becomes easy to obtain the consent of existing customers.
    • The system development cost required for consent acquisition is reduced.
    • After obtaining consent, the administrative costs required for procedures to change the four basic information, such as address, are reduced.
    • Customer information can be updated at all times by preventing erroneous input of customer change documents.
  • Benefits to the public
    • You can easily follow the procedure by using the Mynaportal.
    • When there is a change in address, etc. due to moving, etc., the necessary procedures are not required.
Examples of guidance e-mails to customers

Please refer to the following for guidance on the consent procedure. In addition, the text data of the email sample will be distributed at the time of disclosure of the specifications.

Contact Information

For inquiries about this service, please contact:
Forms: from the inquiry form regarding the use of
*Please select "Basic 4 Information Services" in the question of "5. Please select the content of the inquiry" in the form.

6.2. Equipping smartphones with the functions of My Number Card (electronic certification) (starting on May 11, 2023)

By incorporating the My Number Card electronic certification function into a smartphone, customers can subscribe to and use various My Number Card services anytime, anywhere with just one smartphone, without having to carry a My Number Card.

The details are listed below. Please refer to them when considering the use of this service. We will continue to expand the information gradually.

7. Inquiries

7.1. Frequently Asked Questions

For frequently asked questions, please refer to the following pages:

7.2. Inquiries

7.2.1. My Number Card in general

For inquiries about My Number Card in general, please check the for inquiries about My Number System.

7.2. 2. Introduction of Japanese Public Key Infrastructure

For the introduction of Japanese Public Key Infrastructure, please contact from the inquiry form regarding the use of [Digital Agency] My Number Card (Japanese Public Key Infrastructure).
In addition, we also accept inquiries from those who wish to hold information sessions for groups or who have questions. At the information sessions, we hold information sessions for groups so that many private sector can use Japanese Public Key Infrastructure. We introduce useful information for considering the introduction of My Number Card, such as an overview of Japanese Public Key Infrastructure and Japanese Public Key Infrastructure, use cases, the latest trends, and an overview of. Mynaportal

7.2.3. Approval by the competent minister in Japanese Public Key Infrastructure

Please send an e-mail to the following address.
When sending an e-mail, please send it to the two e-mail addresses of Digital Agency and Ministry of Internal Affairs and Communications listed in the e-mail address below, after filling in the matters listed in the e-mail address below.

  • Send To
    To prevent spam, "@" is displayed as " _ atmark _ ". When you send mail, please change " _ atmark _ " to "@" (one byte).
    • Email address (Digital Agency): mynumber _ team _ atmark _ digital. go. jp
    • Email address (Ministry of Internal Affairs and Communications): kouteki-kojin _ atmark _ soumu. go. jp
  • Content of Delivery
    • Mail Subject
      • Enter "Inquiries about the PF business operator system, etc. (name of business operator / organization)"
    • Mail Body
      • Name of business / organization, department, name of person in charge, contact information (email address & phone number)

7.2.4. Other Services

For other services, please check each service site.

7.2.5. Contact information regarding services provided by platform operators

If you would like to know more detailed information about the services provided by PF Business for customers or SP Business, please contact the following PF Business.

When you send mail, replace " _ atmark _ " with "@" (one byte). To prevent spam, "@" is displayed as " _ atmark _ ".

Of the PF business operators, only those who have obtained the consent of the contact person are listed above.
In addition, some PF operators do not provide the function of electronic certification validation as a platform for SP operators.

8. Related Documents

8.1. private sector Guidelines for Japanese Public Key Infrastructure Use

This is a guideline published by Ministry of Internal Affairs and Communications for the purpose of supporting the consideration of the use of Japanese Public Key Infrastructure in private sector and explaining the introduction procedure. It summarizes the outline and benefits of the service, the guide for using the service (information systems necessary for private sector, certification standards and procedures by the competent minister, electronic certification verification fees), etc.

Please refer to this document for detailed and comprehensive information when considering the introduction of the service.

Please refer to the following Ministry of Internal Affairs and Communications website for more information.

8.2. Revocation Information Provision Procedure Flow for Signature Verifiers, etc. (private sector)

When private sector introduces Japanese Public Key Infrastructure as a PF business operator, J-LIS introduces the procedures, business flow, and documents required for the procedures related to signature verification.

To confirm the necessary procedures with J-LIS, refer to the following materials.

Please refer to the following J-LIS website for more information.