Skip to main content

This page has been translated using TexTra by NICT. Please note that the translation may not be completely accurate.
If you find any mistranslations, we appreciate your feedback on the "Request form for improving the automatic translation ".

Japanese Public Key Infrastructure (JPKI) (JPKI)

We will introduce basic information (service characteristics and certification system), service introduction examples, and useful information (introduction method, procedure for introduction, Japanese Public Key Infrastructure (JPKI) usage fee, etc.) necessary for introducing Japanese Public Key Infrastructure (JPKI) (JPKI * 1) to people in local government and private business.

* 1 Japanese Public Key Infrastructure

What's New

  • October 4, 2024 We updated the number of private business using Japanese Public Key Infrastructure (JPKI).

Table of

1. About Japanese Public Key Infrastructure (JPKI)

Japanese Public Key Infrastructure (JPKI) is a service that uses E-Certificate installed in My Number Card's IC chips (not using My Number) to publicly verify the identity of users online and confirm that documents such as contracts have not been tampered with. Japanese Public Key Infrastructure (JPKI) can be installed and used not only in public authorities but also in various services in private business.

The use of Japanese Public Key Infrastructure (JPKI) is expected to improve customer service and reduce administrative costs. For example, the cost and time required for customers to fill out and mail identification documents and application forms can be reduced. In addition, the workload required for private business to receive and examine documents can be reduced.

There are 607 companies in private business that use Japanese Public Key Infrastructure (JPKI) (as of October 1, 2024). It is used in various situations such as opening bank and securities accounts and loan contracts.

This system is operated by the local governments Information Systems Institute (hereinafter referred to as "J-LIS"), a corporation jointly managed by the national government and local governments based on the Public Personal Authentication Act * 2, and has the highest level of security and reliability.

When private business introduces a Japanese Public Key Infrastructure (JPKI), there are two ways to use it. One is to become an approved business operator by obtaining the approval of the competent minister based on the Public Personal Authentication Act, and the other is to use it by entrusting the signing validation business to an approved business operator. To become an approved business operator, it is necessary to have the equipment and system for information management in the signing validation business. The equipment can also be used in the cloud. On the other hand, by entrusting the signing validation business to an approved business operator, it is possible to introduce a Japanese Public Key Infrastructure (JPKI) without requiring each business operator to install the signing validation equipment.

Efforts to spread and expand the use of My Number Card, including Japanese Public Key Infrastructure (JPKI) * 3, are being strongly promoted throughout the government, and My Number Card is becoming more and more convenient and user-friendly for the people. Currently, the number of valid applications * 4 for My Number Card exceeds the number of applications issued by driver's license card as of January 2023, accounting for two-thirds of the population (approximately 83 million applications).

* 2 Act on Certification Services for Electronic Signatures, etc. by the local governments Information System

* 3 Please refer to the following for the roadmap of main initiatives.
Priority plan Process Chart for Realization of digital society (PDF / 2,015 kb)
A passage dealing with My Number Card
P7: (4) Promotion of the spread and use of My Number Card
P24 to P25: Process Chart for digitalization, etc. of Various Cards, etc. Using My Number Card
* 4 The number of applications for issuance of My Number Card excluding cases where there were defects in the documents and cases where the application was canceled. Please refer to the following for the latest number of valid applications.
Policy Data Dashboard (Beta)

2. Service Features

It can realize "improvement of customer service" such as elimination of entry of addresses, names, etc. in application forms, etc. and reduction of labor such as mailing, etc., "reduction of office costs" such as reduction of defects due to elimination of entry, and "enhancement of security".

2.1. Improve Customer Service

You can reduce the costs that your customers incur, such as preparing and filling out identification documents and applications, and mailing them.
For example, in the case of identity verification at the time of opening a bank account, it is necessary to submit identification documents and an application form, but if a Japanese Public Key Infrastructure (JPKI) is used, identity verification and application can be performed online. This reduces the cost required for preparing, filling out, and mailing the documents. In addition, by transcribing the information from the four information (address, name, date of birth, and sex) recorded in the E-Certificate for signature, it is possible to reduce the burden and error related to customer input. In addition, identity verification is completed online, so it is possible to provide services without restrictions on time and place.

2. 2. Administrative Cost Reduction

It can reduce the administrative costs incurred by private business, such as the acceptance and examination of identification documents and application forms, and the mailing of notifications to customers.
For example, in the case of identity verification at the time of opening a bank account, there have been requests for the acceptance and examination of identity verification documents and application forms, as well as requests for the re-submission of documents in the case of incomplete entries. If Japanese Public Key Infrastructure (JPKI) is used, identity verification and application can be performed online, reducing the workload.

2.3. security Fortification

Japanese Public Key Infrastructure (JPKI) uses a cryptographic technology called "public key cryptography" to ensure the security of communications.
"Public key cryptography" is a method that uses two different keys (a private key and a public key) for encryption and decryption. A feature of this method is that if one key is used for encryption, the other key cannot be used for decryption.
In addition, the My Number Card IC chip contains a private key.
If My Number Card tries to illegally read the recorded information in the IC chips, countermeasures such as automatic deletion will be taken, so there is no concern that the private keys will be defrauded.

For details of "Public Key Cryptography", please refer to the following.

3. Method of service introduction

In this chapter, we will introduce the method of service introduction for the private business who is interested in the introduction of Japanese Public Key Infrastructure (JPKI).

3.1. Service Introduction Method

When using the Japanese Public Key Infrastructure (JPKI), the service introduction business operator needs to confirm the effectiveness of the E-Certificate provided by the customer. There are two service introduction methods: One is to become a "platform business operator" that conducts the effectiveness confirmation itself, and the other is to become a "service provider business operator" that entrusts the effectiveness confirmation to the platform business operator.

3.1. 1. Method of becoming a service provider

When using a Japanese Public Key Infrastructure (JPKI), a business operator that provides services by entrusting the confirmation of the validity of the validation to a PF business operator without maintaining a signature E-Certificate facility by itself is called a service provider business operator (hereinafter referred to as a "SP business operator").
Since the confirmation of the effectiveness of the E-Certificate is entrusted, the burden of expenses related to the maintenance and operation of the facility can be reduced, the period until the introduction of the service can be shortened, and the service can be introduced inexpensively and quickly. The flow of the confirmation of the effectiveness of the E-Certificate in the case of the SP operator is as shown in Fig. 1. In general, the service usage fee specified by the PF operator occurs when using the service related to the signed validation. The fee varies depending on the PF operator.
For procedures and service usage fees for becoming an SP operator, please contact " 7.2.4. Inquiries about services provided by platform operators: ".

Illustration explaining the flow of E-Certificate validity confirmation in the case of SP operator. When the service user sends the E-Certificate to the service provider operator, the entrusted platform operator confirms the validity of the E-Certificate with the local governments Information System. The platform operator who receives the confirmed result provides the result to the service provider operator, and the service provider operator who receives the result provides the service after confirming the validity of the E-Certificate.
Fig. 1 Flow of E-Certificate Effectiveness Confirmation (SP Operator)

3.1.2. Method of becoming a platform operator

When using a Japanese Public Key Infrastructure (JPKI), a E-Certificate that confirms the effectiveness of the private business itself with J-LIS is required to develop signed validation facilities and become a "platform business operator (hereinafter referred to as a" PF business operator ")" after being certified by the competent minister based on the Public Personal Authentication Act.

The PF operator can provide the function of E-Certificate validation to another private business as a platform.
The signature validation facility to be installed can be installed in a cloud. This is expected to reduce the burden of costs related to the installation and operation of the facility and shorten the period until the introduction of the service.

When using the service, a E-Certificate and validation fee for J-LIS will be charged. The fee is based on the number of items checked. The fee is 20 yen / item for a E-Certificate for signature and 2 yen / item for a E-Certificate for user identification. From January 2023, these fees will be free for the time being.
Please refer to " 3.2 Procedures to Become a Platform Operator ".

3.2. Procedures for becoming a platform operator

When introducing services as a PF business operator, it is necessary to first obtain technical specifications and the like from J-LIS and then proceed with the procedures for certification by the competent minister. After obtaining certification, it is necessary to develop system environments for signing validation and the like.

It will take six months to one year from the acquisition of the technical specifications to the acquisition of the approval of the competent minister. For an overview of the procedures, please refer to the guidelines published by Ministry of Internal Affairs and Communications and Digital Agency below.

The overview of the procedures is shown in "C. Approval Procedures" on pages 39 to 41.

3.2.1. Acquisition of Technical Specifications, etc.

After exchanging a pledge on confidentiality with J-LIS, we will apply for the disclosure of technical specifications, etc. related to Japanese Public Key Infrastructure (JPKI). These documents are necessary for the competent minister approval procedure and system environment maintenance, but they are also necessary for the consideration of the introduction of the service. Please use them from the consideration stage.

3.2. 2. Procedures for Approval by the Competent Minister

Based on the technical specifications provided by J-LIS, we will respond to the requirements shown in the certification standards, prepare a document certifying that the requirements are satisfied, and apply for a certification examination to Ministry of Internal Affairs and Communications with the document.

3. 2.3. Preparation for Commencement of Production Use

After obtaining the certification, the operation will be verified in the test environment in Japanese Public Key Infrastructure (JPKI). If there are no problems, based on the provisions of the Public Personal Authentication Act, a notification will be submitted to receive the results of the effectiveness verification of E-Certificate from J-LIS. Finally, the operation will be verified in the production environment, and the service will be started.

3. 3. Japanese Public Key Infrastructure (JPKI) Fees

In the use of Japanese Public Key Infrastructure (JPKI), unlike general national government permission services, no costs related to the acquisition or maintenance of the approval of the competent minister are incurred. Only the E-Certificate validation fee for J-LIS is required.

The Japanese Public Key Infrastructure (JPKI) usage fee is based on the number of validity confirmations, and is 20 yen / E-Certificate for signature E-Certificate and 2 yen / reservation for user certificate reservation.

These usage fees will be free for the time being from January 2023 * 8. The aim is to lower the service usage cost of PF operators and support the introduction of services. For details, please refer to the following.

* 8 The CRL method will be free permanently, and the OCSP responder method will be free for three years for the time being.

4. Service Case Studies

This chapter introduces a case study in private business (517 companies as of February 27, 2024), where Japanese Public Key Infrastructure (JPKI) is currently installed. It contains reference information such as how it is installed in what industries and services, and what benefits it will have for private business and customers. Please use this information to consider installing it.
For example, in the banking and securities industries, Japanese Public Key Infrastructure (JPKI) is often used to open accounts, and the effect of its introduction has been recognized. By using My Number Card E-Certificate, it is possible to easily and accurately apply from smartphone, etc., without the need to copy identification documents, fill out an application form, or mail it, which was required to open an account. This leads to reduction of administrative costs such as reception and examination, and improvement of customer convenience.

5. Authentication Mechanism

For the Japanese Public Key Infrastructure (JPKI), the E-Certificate mounted on the IC chip of the My Number Card is used. The J-LIS, the issuer of the E-Certificate, becomes the Trust anchor (base point of reliability) and proves its effectiveness.

5.1. What is the effectiveness of E-Certificate?

The E-Certificate must confirm the validity of the private business submitted by the customer because the E-Certificate loses its validity depending on the conditions.

5.1. 1. E-Certificate Expiration Conditions

The E-Certificate expiration conditions include the expiration of the validity period of the E-Certificate, changes to the four basic information on the resident record (address, name, date of birth, sex), and the death of the person. There are two types of E-Certificate, "E-Certificate for signature" and "E-Certificate for user identification," and the expiration conditions are different for each.
For details of "E-Certificate for Signature" and "E-Certificate for User Identification", please refer to " 4.2 E-Certificate Type ".
Please refer to the following for more information on E-Certificate expiration conditions.

5.1.2. Method of E-Certificate validation

There are two types of E-Certificate validation methods: the CRL provision method and the OCSP responder method.

(1) CRL Provision Method
CRL * 5 is a list of revocation information of E-Certificate.

The CRL provision method is a method for periodically (e.g., once a day) providing a list of revocation information of a E-Certificate.

The CRL provided by the J-LIS is updated on a daily basis. private business verifies the validity of the E-Certificate by downloading it to the local environment and checking it against the issuing number of the E-Certificate of the service user.

The feature of the CRL provision method is that it can be checked offline.

* 5 Certification Revocation List

This illustration explains the CRL provision method. local governments downloads the CRL provided by private business Information Systems Organization locally, and verifies the validity of the CRL by checking the issuance number of E-Certificate sent from the service user against the CRL. Thus, the service can be provided.
Figure 2 CRL Provision Method

(2) OCSP Responder Method
OCSP * 6 is a communication protocol for verifying the validity of E-Certificate.

The OCSP responder method is a method in which an inquiry about the validity of a specific E-Certificate is answered individually from a response server called an "OCSP responder."

The OCSP responder stores revocation information, which is updated every 15 minutes. The OCSP responder compares the revocation information with the issue number of the E-Certificate of the service user and provides the validation results.

The OCSP responder method is characterized by the ability to check in real time. On the other hand, it should be noted that the validity of the E-Certificate cannot be checked offline.

* 6 Online Certification Status Protocol

Illustration explaining the OCSP responder method. When a service user sends a E-Certificate, the OCSP responder in the local governments Information Systems Organization checks the validity and sends the result back to private business. private business receives the result and can provide the service to the service user.
Figure 3 OCSP Responder Method

5.2. Types of E-Certificate

There are two types of E-Certificate: "E-Certificate for Signatures" and "E-Certificate for User Identification".

5.2.1. E-Certificate for Signature

It is used when creating and sending electronic documents such as applications and contracts on the Internet, etc., and it is possible to verify that the electronic documents created and sent by the users are "authentic documents created by the users and sent by the users." Electronic signatures using a E-Certificate for signatures can be subject to Article 3 (Presumption of Authentic Creation of Electronic Records) * 7 of the Act on Electronic Signatures and Authentication Services. In other words, an electronic document with an electronic signature that meets certain requirements by the Principal is presumed to have been authentically created (created based on the intention of the Principal).

* 7 Quoted in Article 3 of the Act on Electronic Signatures and Authentication Services
Electronic or magnetic records that are prepared for the purpose of representing information (excluding those prepared by a public officer in the course of his / her duties) are presumed to have been authentically created if the information recorded in the electronic or magnetic records has been electronically signed by the Principal (limited to electronic signatures that only the Principal can perform by properly managing the codes and materials necessary for performing such electronic signatures).

5.2.2 E-Certificate for User Identification

It is mainly used when logging in to Internet sites, etc., and it is possible to verify that the person who has logged in is the user himself / herself.

In addition, there are differences in the information to be held between the E-Certificate for signatures and the E-Certificate for user identification due to their different uses. The main difference is whether or not the Basic 4 information (address, name, sex, date of birth) is held in the E-Certificate. The E-Certificate for signatures used for electronic signatures at the time of application, etc. requires confirmation of the accurate address, etc. of the Applicant, etc., so the Basic 4 information is held in the E-Certificate. The E-Certificate for user identification used for login to Internet sites, etc. does not hold the Basic 4 information because it is sufficient to confirm the identity of the Applicant.

For details of "5.2 E-Certificate Types," please refer to the following.

6. Functional expansion of Japanese Public Key Infrastructure (JPKI)

Provision of the latest user information (4 information) (started on May 16, 2023)

Service Overview

Based on the premise that the consent of the Principal has been obtained in advance using Japanese Public Key Infrastructure (JPKI), the latest four pieces of information (address, name, date of birth, and sex) of the customer can be referred to the J-LIS (local governments Information Systems Institute) online at any time. This enables, for example, financial institutions to immediately confirm changes in the address, etc. of the customer.

The service was launched on May 16, 2023. An overview is provided below.

The details of this service are described in "5. Overview of the Service Providing the Latest User Information Based on the Consent of the Principal (Basic 4)" below (pages 43 to 49).

Customer consent is required for private business to provide the Services.
Such consent is required to be easy for customers to understand and to be obtained without fail. In obtaining consent, the following materials contain matters to be noted, so please check them.

Procedures for Use of the Service

This service is an additional service to the Japanese Public Key Infrastructure (JPKI), so you need to go through the procedures to use the private business first at the Japanese Public Key Infrastructure (JPKI).

Please complete the procedures for using this service after completing the procedures for Japanese Public Key Infrastructure (JPKI).

For more information on Japanese Public Key Infrastructure (JPKI), please refer to E-Certificate (for private business) E-Certificate by Japanese Public Key Infrastructure (JPKI) (for private business) Japanese Public Key Infrastructure (JPKI).

The procedures necessary for using this service are as follows.

  1. Service provider business operators (business operators who use validation by entrusting signed Japanese Public Key Infrastructure (JPKI) services to platform business operators)
    The service provider may receive information necessary for system support from the platform operator to whom the signed validation business is entrusted.
    Platform operators supporting this service are as follows.

  2. Platform business operators (business operators using Japanese Public Key Infrastructure (JPKI) that have themselves been certified by the competent minister)
    You need to apply to J-LIS to use this service. Please contact the following contact information.
    Contact: Utilization of My Number Card in private business, local governments Information System
    In addition, it is necessary to apply for the disclosure of technical specifications, etc. after exchanging a pledge on confidentiality with J-LIS.

Installation of the My Number Card function (E-Certificate) on the smartphone (started on May 11, 2023)

By incorporating the functions of E-Certificate in My Number Card into smartphone, it has become possible to apply for and use various My Number Card services anytime and anywhere with just one smartphone without carrying a My Number Card.

Details are provided below. Please refer to it when considering the use of this service. We will continue to expand the information gradually in the future.

7. Inquiries

7.1. Frequently Asked Questions

Please refer to the following pages for Frequently Asked Questions (FAQs).

7.2. Contact information

7.2.1. Contact information for the briefing session for the Digital Agency Host Organization

In Digital Agency, we hold explanatory meetings for groups so that many private business can use Japanese Public Key Infrastructure (JPKI).
If you wish to hold a briefing session for groups or have any questions, please contact the following.

  • E-mail: mynumber _ team _ atmark _ digital. go. jp
    When sending mail, please change " _ atmark _ " to "@" (one byte). To prevent spam mail, "@" is displayed as " _ atmark _ ".
  • E-mail subject: "Inquiries about the briefing session for JPKI organizations (name of business operator)"
  • Main text: Enter the name of the business operator, the name of the department, the name of the person in charge, and the contact information.

In the briefing for organizations, we introduce information useful for considering the introduction of Mynaportal, such as an overview of My Number Card and Japanese Public Key Infrastructure (JPKI), use cases, the latest trends, and an overview of Japanese Public Key Infrastructure (JPKI).

Agenda for explanatory meetings for organizations (examples)

  • 1. My Number Card
    • 1.1. Overview of My Number Card
    • 1.2. Current application and Issue status and future use scene expansion
  • 2. Usage Examples (Japanese Public Key Infrastructure (JPKI))
    • 2.1 List of Service Providers
    • 2.2 Use Cases
  • 3. Japanese Public Key Infrastructure (JPKI)
    • 3.1. Overview of Japanese Public Key Infrastructure (JPKI)
    • 3.2. Function Expansion and Latest Information
      • 3.2.1. smartphone Mounted
      • 3.2.2. Provision of Basic4 Information based on the consent of the Principal
      • 3.2.3. Free use of E-Certificate for the time being
  • 4. Mynaportal
  • 5. Overseas Cases

7.2. 2. Contact information for introduction of Japanese Public Key Infrastructure (JPKI)

We can provide consultation and inquiries about how to use Japanese Public Key Infrastructure (JPKI)'s own services and case studies.

  • E-mail: mynumber _ team _ atmark _ digital. go. jp
    When sending mail, please change " _ atmark _ " to "@" (one byte). To prevent spam mail, "@" is displayed as " _ atmark _ ".
  • Email subject: Write "Inquiry about JPKI (name of business operator)"
  • Mail text: Enter the name of the business operator, the name of the department, the name of the person in charge, and the contact information.

In addition to the contact information above, please also contact the person in charge of the Japanese Public Key Infrastructure (JPKI) Public Personal Authentication listed below for inquiries about the certification by the competent minister in Ministry of Internal Affairs and Communications.
When sending mail, please change " _ atmark _ " to "@" (one byte). To prevent spam mail, "@" is displayed as " _ atmark _ ".

  • Email address: kouteki-kojin _ atmark _ soumu. go. jp

7.2.3. Inquiries about the Platform Operator System

If you have questions about the legal system, such as if you do not know what the platform operator system is like or how to obtain the approval of the competent minister to become a platform operator, please contact the contact person of Ministry of Internal Affairs and Communications below.

Contact: Utilization of My Number Card in private business, (Ministry of Internal Affairs and Communications)

  • Email subject: Enter "Inquiries about the PF Business Operator System, etc. (Business Operator / Organization Name)"
  • Mail text: Enter the name of the business operator / organization, the name of the department, the name of the person in charge, and the contact information.

7.2.4. Contact information for inquiries about services provided by platform operators

If you would like to know more information about the services provided by PF Operators for customers or SP Operators, please contact the following PF Operators.

When sending mail, please change " _ atmark _ " to "@" (one byte). To prevent spam mail, "@" is displayed as " _ atmark _ ".

The above is posted only for those PF business operators who have obtained approval to post inquiries.
In addition, some PF operators do not provide the function of E-Certificate validity confirmation for SP operators as a platform.

8. Related Documents

8.1. Japanese Public Key Infrastructure (JPKI) Guidelines for private business Use

This is a guideline published by private business for the purpose of supporting the consideration of the use of Japanese Public Key Infrastructure (JPKI) in Ministry of Internal Affairs and Communications and explaining the introduction procedure. It summarizes the outline and merits of the service, and the guide to the use of the service (information systems facilities necessary for private business, certification standards and procedures of the competent minister, E-Certificate validation fees).

Please refer to this document for detailed and comprehensive information when considering the introduction of the service.

The Ministry of Internal Affairs and Communications website where this report is posted is as follows. Please also refer to it.

8.2. Procedure Flow for Provision of Expired Information by Signatory validation Holder, etc. (private business)

J-LIS introduces the procedures, business flow, and documents necessary for the procedures related to the signed Japanese Public Key Infrastructure (JPKI) when private business introduces validation as a PF business operator.

To confirm the necessary procedures with J-LIS, please refer to the following documents.

The website of J-LIS that contains the materials is as follows. Please also refer to it.