The System Subcommittee has studied on the following themes: electronic authentication systems based on the commercial registration system; electronic notarization system based on the notarization system; and legislation on electronic signatures. An outline of the themes as well as the significance of electronic authentication are given below.
In conducting electronic commerce and applications, certain authentication methods to identify parties to a transaction or an application are needed. Of some possible authentication methods one of the most popular authentication methods is a digital signature using public key cryptography which has already been put to practical use. In this report, the word "electronic signature" means a certain result of data processing concerning electronic data which is generated to realize electronic authentication and the word "digital signature" means an electronic signature using public key cryptography.
It is necessary, in using a digital signature, to know whose private key corresponds to the public key which is used to verify digital signatures in order to the confirm identity of a generator of electronic data with a digital signature. Although there are some methods for obtaining information that tie such public keys to a specific person, a certification authority as an authority providing such information will be needed when conducting telecommunications using digital signatures among unspecified parties through open networks.
The following is an example of the role of a certification authority in telecommunications through open networks. First, a sender of data registers with a certification authority. Then, the sender obtains electronic data certification authority (hereinafter "certificate") bearing the digital signature of the certification authority upon which a public key corresponding to a private key used to generate the digital signature and the name of the sender appears. The sender then sends data with his/her digital signature together with such certificate to a receiver. The receiver of the data verifies the digital signature of the sender using the public key listed in the certificate. Thus, the receiver can confirm that the sender of the data is the person listed on the certificate and that the data has not been altered since the digital signature was attached to the data (as for the details of the scheme, please refer to the interim report). Such certification authorities have been established in some countries and some private companies have started acting as certification authorities in Japan.
Electronic authentication is a method for identifying parties to a telecommunication in data transmission. Such identification has been conducted in current transactions and applications to public entities as well as in electronic commerce and applications. Of the methods for such identification, a corporation's certified copy of the commercial register, certification of qualifications, and certificate of an impression of a seal, all of which are based on the information registered in the commercial register, have been widely used as a means to confirm the existence of a party , the existence of a representative ,as well as whether the representative is identical. So it is desirable to establish a highly reliable electronic authentication system using the information listed in the commercial register. For this reason, the System Subcommittee has studied the establishment of an electronic authentication system based on the commercial registration system.
In current paper-based transactions, the notarization system as well as the commercial registration system are used to ensure security. A notary attaches an officially-stamped date to a document to certify the existence of the document in a certain point in time, notarizes an electronic private document to certify the authenticity of the document, and prepares a notarial document which has some legal effects. The role of the notarization system is to prevent future disputes from occurring by certifying the existence of certain facts, and the system is widely used in actual transactions. But, in the current notarization system, the service is offered only to paper-based documents and there is no notarization service for electronic data. The System Subcommittee has discussed whether there is a necessity to expand the scope of the notarization system to electronic data and the details of such an electronic notarization system.
Electronic signatures including digital signatures, as their names imply, are thought to have the same functions as those of signatures and seals. As such , it may be possible to establish the same legal effects of electronic signatures as those of signatures and seals. Furthermore, there may be some necessity to create legal framework for certification authorities who play an important role in the use of electronic signatures in open networks. In addition, there also may be some necessity for legislation concerning the legal relationship of parties to electronic transactions and electronic authentication.
Many foreign countries including various states in the United States and Germany have established so-called electronic signature laws to deal with such issues by establishing some legal effects of electronic signatures or by setting up legal frameworks on certification authorities. In such a situation, the necessity of legislation on electronic signatures and the contents of such legislation if deemed necessary should be studied in Japan. So the System Subcommittee has discussed various issues on the legislation of electronic signatures.
The Ministry of Finance, the Ministry of Trade and Industry and the Ministry of Post and Telecommunications as well as the Study Group are studying issues relating to electronic authentication, which are the main focus of discussions in the Study Group. Other than studies conducted by such Ministries, in September 1997, a committee on electronic commerce was established at the High Information-oriented Society Development Office of the Cabinet "in order to clarify basic concepts and major issues regarding electronic commerce and to discuss how to foster the same".
On May 16, 1997, the Cabinet established on "Action Plan for Reforms in the Economic Structure". That says, "full-scale diffusion of orders and joint planning and development (electronic commerce) using networks should be realized in all areas of transactions between businesses and between businesses and consumers by 2001." In order to realize this, the plan clearly directs that, "all issues on a system to foster electronic commerce and all legal issues surrounding electronic contract transactions should be discussed quickly and all necessary measures which take the conclusions of such discussion into consideration should be implemented by 2001,." In relation to this, the plan provides that , "work toward the establishment of electronic authentication and notarization systems based on the commercial registration system and the notarization system, including legislation, should be started in fiscal 1998. Issues on authentication through telecommunication networks should be discussed, taking the variety of transactions into account.