The Electronic Commerce 3 the outline of electronic authentication and notarization systems

3 the outline of electronic authentication and notarization systems

(1) the outline of certification and notarization systems in traditional transactions

a. In traditional transactions (transactions other than electronic commerce) in Japan, when a corporation closes a contract such as sales, the corporation's exemplified copy of the register book or a certificate of qualification issued by a registrar to certify the existence of the company and its representative is generally used. A certificate of an impression of a seal (also issued by a registrar) is used to certify the power of representation of the person who actually conducts and concludes a contract. These copy and certificates(issued under the Commercial Registration Act) are used in submitting applications to public offices.

"The need for electronic authentication and notarization systems", a questionnairing conducted by the Study Group, indicates that about 80% of the surveyed use the copies or certificates issued under the Commercial Registration Act in contracting with an unacquainted person. Approximately 65% of the surveyed are required to attach the copies or certificates to an application submitted to a public office.

In Japan, these documents issued under the Commercial Registration Act are seemed the most reliable means to certify existence of a corporation and its director's power of representation. The reasons are as follows:

Establishment of a company cannot be deemed valid without the registration (Article 57 of Commercial Code and Article 14 of Limited Company Act),

When matters to be registered are changed, these changes cannot be set up against any third parties unless the changes are registered (Article 12 of Commercial Code),

Authenticity of the contents of the registration is guaranteed by such procedures as:

Applicants are required to submitted certain documents to a registrar,

A registrar, a public officer, examines the application,

Those who fails to register or registers false matters intentionally are punished,

A registrar is under the supervision of superior government offices and has duty of confidentiality, and

The National Reparation Act is applied to false registrations.

Accordingly, it is considered useful in the field of electronic commerce or electronic applications to establish an ele

ctronic authentication system based on the commercial registration system which publishes existence of a company and the power of the representation of its directors in the manner noted above.

b. In traditional transactions, parties involved in a contract can make a notary public certify conclusion of a contract, its contents, and the date it is concluded to prevent future disputes. Sometimes officially notarized documents prepared by a notary public are required by law to clarify that a contract is concluded and its contents are legal (Article 22 of Land and House Rent Law, etc.). It seems also useful to Establish an electronic notarization system like the notary system in traditional transactions.

(2) the outline of the electronic authentication system

In this chapter, the outline of the electronic authentication system based on an asymmetric cryptosystem discussed in the Study Group is described. Some members of the Study Group think that the systems which is not based on an asymmetric cryptosystem should also be discussed. It must be noted that systems based on a symmetric cryptosystem should be taken into consideration in the future.

a. Purpose

The electronic authentication system is a system in which an entity called "certification authority" certifies that the originator of electronic data is the right person whom the receiver of the data thinks the originator is and, when the originator is a corporation, that the director of the corporation has the power of representation in electronic commerce or applications.

b. Authentication structure

Reliability of an electronic authentication system seems to be ensured if there is a sole certification authority operated by the government, but when there are certification authorities operated by private companies there should be certain systems to ensure such reliability.

To ensure such reliability, there may be a hierarchical system in which a higher certification authority issues a certificate of public keys of lower certification authorities and there is the highest certification authority (which is the most reliable entity in the system) which ensure the reliability of the whole system. Many of the foreign laws seem to adopt such a hierarchical system.

The highest certification authority in a hierarchical system should be operated by public entity, because the certification authority should be highly reliable in issuing certificates and qualifying entities for lower certification authorities.

c. Certification Authorities

Private companies should be permitted to operate as certification authorities: all certification authorities may not be operated by public offices, because electronic authentication systems are used under various circumstances and highly reliable authentication is not always required, reliable certification authorities can be operated by private companies using appropriate cryptosystems, and there seems to be no reason not to permit private companies to be (at least) a lower certification authorities in a hierarchical system.

On the other hand, in foreign countries, it is considered appropriate that public offices play a role of the highest certification authority in a hierarchical system. From a legal standpoint, the word "authentication" traditionally means certification by public offices on whom duty of care and liability are imposed. In particular, the Ministry of Justice has jurisdiction over notary public and the commercial registration systems and these systems are deemed to be really reliable. And in traditional transactions, certification and notarization conducted by notaries public and registrars have been utilized for many years. The electronic authentication and notarization systems based on the existing commercial registration and notarization systems could be expected to be used widely in electronic commerce. The questionnairing conducted by the Study Group indicates there is great demand for such systems operated by the Ministry of Justice.

Based on such a concept, the Study Group discussed the details of the services to be provided by the Ministry of Justice (that is, commercial registries which has registry books or certain entities linked with the registries) .

d. Details of the services

(a) Electronic certificates for corporations

a. The certification authority issues electronic certificates (stored in an IC card or a floppy disk) in which such basic information on a company as the name of the corporation, the head office, the names of the directors, and a public key corresponding to the private key that a director of the corporation holds, and a certification statement are listed and to which a digital signature of the certification authority is attached.

As is mentioned above, a copy of the register book, a certificate of qualification and a certificate of an impression of a seal are often used to certify the existence of a company and its representative (including his or her power of representation) in transactions and applications. Therefore, we consider it useful to establish an electronic authentication system based on the commercial registration system which gives a public notice with legal validity on the existence of a company, and qualification of its representatives.

In an asymmetric cryptosystem, data which can be decrypted with A's public key are the data encrypted with A's private key. So the originator of the data is determined by certifying that the public key used to decrypt the data is A's key. An electronic certificate for a corporation certifies that a certain public key is registered in the name of a representative of a corporation.

b. The system to issue an electronic certificate for a corporation is as follows:

A representative of a corporation asking for an electronic certificate shall submit an application bearing the representative's seal impression already registered in the registration office and a public key to the certification authority, that is, the registration office.

The certification authority shall check the seal impression against the registered impression and issue an electronic certificate for the representative of the corporation.

A certificate shall be stored in an IC card or a floppy disk.

The certification authority keeps the contents of the electronic certificates in a database and verifies validity of the certificates when requested.

c. As this system is designed for dealing with all corporations, it is necessary for the authority to be accessible from anywhere in Japan. And it is necessary for the authority to confirm information about a applicant and his or her right of representation in receiving a request for issuing an electronic certificate for a corporation. For this reason, it is considered proper for the commercial registries, which is located all over the country and deal with commercial registration, to be the offices of the certification authority.

d. Information listed in a certificate is based on the commercial registration system, which has the legal effect mentioned above and is the most reliable system dealing with information on corporations. So the electronic certificates are also highly reliable and would be used widely.

The electronic certificates would be used as substitutes for copies of a register book, certificates of qualification, and certificates of impressions of seals in electronic commerce. The certificates would also be used in electronic applications for public offices when such form of applications are realized.

In a hierarchical authentication system, in which a higher certification authority issues a certificate of lower certification authority and there is the highest certification authority with high reliability, the certification authority operated by the commercial registries would issue certificates of private certification authority. In such a hierarchical certification system there should be the certification authority operated by the commercial registries.

e. Regarding the issuance of electronic certificates for corporations, study on the following points will be necessary:

Should there be the operational period of a certificate?

What should be listed in a certificate?

Should the certification authority generate a public key and a private key?

Should a new certificate be issued or should a already issued certificate be rewritten on online basis when a representative is changed?

Should the certification authority register private keys?

Should the certification authority deliver certificates on line?

Should a certificate be reissued when an IC card is lost?

Is there any possibility that a registered public key is the same as another one? How will it be checked?

Should the operational period of a certificate be determined by the validity period of the registration, or of the certificate, or of the public key?

How long should be a certificate be valid?

(b) An electronic certificate for a private person

a. Upon request by an applicant, a certification authority issues an electronic certificate (stored in an IC card or a floppy disk) in which such basic information on an applicant as the name, the address, the date of birth of the person, a public key corresponding to the private key that a person holds, and a certification statement are listed and to which a digital signature of the certification authority is attached.

b. An applicant for an electronic certificate shall submit an application bearing the applicant's registered seal impression, some kind of identification (a resident card, a certificate of a seal impression, a driver's license, etc.) to the certification authority. Unlike information on corporations, information on private persons is not registered in commercial registries. So it is necessary for private person applying for an electronic certificate to register his or her information before the certificate is issued.

c. Such an electronic certificate for a private person is an official certificate. Registration of any person in fictitious name is prevented through a strict procedure of identification and the certificate is highly reliable.

(c) Affairs contingent on the issuance of an electronic certificate

a. Either a corporate representative or a private person received an electronic certificate would request the certification authority to revoke his or her certificate, in case he or she has lost a private key. The certification authority shall keep a revocation list and certify whether a key listed in a certain certificate is not in the revocation list, that is, whether a certain certificate is valid when one requests to certify such validity.

b. In traditional transactions, a certificate of one's registered seal impression has no general operational period. Individual laws and ordinances determine when a certificate used in individual cases should be issued, according to the individual circumstances. In case of electronic certificates, general operational period could be determined, but, on the other hand, a system in which the validity of a certificate should be confirmed in using the certificate could be adopted.

(3) the outline of the electronic notarization system

a. purpose

An electronic notarization system is a system to certify that a electronic message including a written contract is legally prepared by the right person listed in a message, to attach a fixed date to the message, and to prepare a notarial document electronically, a copy of which is preserved and used to certify their existence and their contents.

b. the operator of the electronic notarization system

Now, notarization is mainly conducted by notaries public and the Judicial Affairs Bureaus (which also play roles of commercial registries). Some people insist that the electronic notarization should be conducted by notaries public and the Judicial Affairs Bureaus.

In the current legal system, notarization is conducted by public entities with legal authority. Qualification for notaries public conducting such notarization are highly restricted (most of the notaries public have the eligibility for practicing legal profession). Notaries public are supervised by the Minister of Justice, and if they breach their legal obligations, they will be punished under the punitive provisions. Notaries public are prohibited from holding another position concurrently, and reasons for disqualification are provided by law. The State Tort Liability Act could be applied to their errors.

From a legal standpoint, contract-based certification conducted by private companies should not be called "notarization". So it seems inaccurate to regard such certification as a part of electronic certification conducted by private companies. If such certification is regarded as a part of electronic authentication by private companies, users could have a false idea that such certification is conducted by public authorities.

Some think that electronic notarization systems based on a cryptosystem and conducted by private companies should not be prohibited. But, in such case, there must be such regulation on qualification, legal obligations, and punishment as current notaries public are imposed on. Among the opinions collected through the questionnairing, there are some opinions that regulations will be required on the companies that operate the system as well as on technical sides. It seems inappropriate to take only the technical sides of a system into consideration in rating reliability of the system.

When a private company operates a electronic notarization system and preserves electronic messages to certify the contents of its original, the company could obtain a monopolized control of the information on transactions. In such cases, there must be some methods to keep the information stored appropriately.

Besides, qualification for inspecting contents of data which are equivalent to notarial documents from a legal standpoint should be fairly restricted.

c. Outline of services

(a) Notarization of electronic private messages

a. A notarial bureau shall receive an electronic private message from a private person (an applicant), inspect its contents, attach a certification statement to the massage, and return it to the person. Such inspection and certification would be helpful to realize safe electronic commerce.

b. Such notarization and a fixed date attached to a massage could be used to preserve the message as an evidence which would be useful in case of a dispute arising later.

c. When notarization of an electronic private document is conducted, what kind of keys should be used as keys of an applicant? If it is registered in an certification authority, the key can be authenticated by the certification authority. There could be some limitation on qualification of keys to be used to generate a digital signature attached to a notarized message.

(b)an electronic fixed date

a. A notarial bureau shall attach a fixed date to an electronic message sent from an applicant.

b. There seems to be necessity for such fixed date to certify the time when a contract was made in electronic commerce. It would be useful to preserve a copy of the message with its fixed date for prevention of alteration of an electronic message, which cannot be altered. Such fixed date would also be useful if it is legally regarded as a substitute for a fixed date on a paper required in certain cases (for example, transfer of a claim) by law.

(c) Preparation of an electronic notarial document

A notarial bureau shall prepare an electronic notarial document.

In preparing such electronic notarial documents, a notarial bureau shall identify an applicant with highly reliable electronic authentication system.

(d) Preservation and certification of an electronic document

A notarial bureau shall preserve authenticated private electronic message, private electronic messages with a fixed date, and electronic notarial documents and certify existence of such documents and their contents.