Procedures for the issuance of a certificate are as follows.

First of all, a public key to be listed in a certificate and a private key corresponding to the public key should be generated prior to the issuance of a certificate. A director of a company, the applicant, should be responsible for the generation and management of the private key, so, in the following system, an applicant generates the keys by himself/herself and the keys are stored on an IC card. The measures for generation and management of the keys should be examined.

1. Submission of a Public Key, Application Form for the Issuance of a Certificate

   An applicant shall apply for the issuance of a certificate to a commercial registry. In order to apply the issuance of a certificate , a completed application form with the impression of a seal registered in advance by the commercial registry and an IC card on which a private key and a public key are stored are required.

   [Comment]

   From the security perspective, a private key should not be stored in the IC card when this submission of a public key . Only a public key should be handed to a registrar.

2. Examination by a Registrar, Registration in the Commercial Register

   A registrar of the commercial registry shall examine the application form using the commercial register and a registered impression of a seal. After this application form examination, a registrar registers that the director of the corporation submitted a public key in the commercial register.

3. Notification to the Certification Center

   A registrar of the commercial registry shall notify the Certification Center that a public key has been submitted and other information necessary to prepare a certificate.

4. Issuance of a Certificate

   A registrar of the Certification Center shall issue a certificate based on information notified by a registrar of the commercial registry. The certificate is one of the documents based on the Commercial Registration Act like a corporation's certified copy of the commercial register, certificate of qualifications, and certificate of an impression of a seal.

   To determine the contents of the certificates, convenience of users and interoperability should be taken into consideration, so it may be based on such a standard as X.509 issued by the International Telecommunication Union (ITU). In addition, all necessary items needed in commercial transactions should be listed in the certificate and the items should be listed in Japanese (probably as well as in English). The following items could be listed in the certificate. Discussions on the items, however, should be continued in the future.

   • The trade name or name, and the company number
   • The seat of head office or main office
   • The qualifications, name and birthday of the director, if any
   • The limit on the power of representation of the director
   • The director's public key information (and the cryptographic algorithm identifier)
   • The name of the commercial registry
   • The serial number of the certificate
   • The date and time on which the certificate becomes valid
   • The date and time on which the certificate expires

The public key of the registrar of the Certification Center, which is used to verify a digital signature attached to a certificate, should be published on an on-line basis. A issued certificate shall be transmitted to the commercial registry and be recorded in the Certificate File in the Certification Center.

5. Distribution of a certificate

   The Certification Center issues a certificate. The registrar of the commercial registry stores the certificate into the IC Card which used to request the certificate, and distribute the IC card to the applicant.

   [Comment]

   It is also possible to deliver a certificate to the applicant via network.