[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Japan E-Commerce Promotion Council on CAs
--- begin forwarded text
Mime-Version: 1.0
Date: Thu, 10 Apr 1997 11:44:59 -0700
From: [email protected] (John D. Muller)
Subject: Japan E-Commerce Promotion Council on CAs
To: [email protected]
Sender: [email protected]
Precedence: bulk
Reply-To: [email protected] (John D. Muller)
Press release
Announcement of Certification Authority Guidelines in Japan
----------------------------------------------------------------------
--
Full Document
7th, April, 1997
Electronic Commerce Promotion Council of Japan
----------------------------------------------------------------------
--
1. Background
The Electronic Commerce Promotion Project partially funded by the
Japanese government was started In late 1995 . The project consists of
19 test-bed projects which experimentally provide various kinds of
electronic commerce between consumers and businesses. Currently over
350 companies participate in the projects and more than 500,000
consumers are presumed to have join. To foster Electronic Commerce(EC)
in Japan, and also to support and coordinate these projects, the
Electronic Commerce Promotion Council of Japan (ECOM) was established
in early 1996. ECOM has set up 14 Working Groups to study a wide range
of EC related issues. One of these Working Groups is the Certification
Authority(CA) Working Group which focuses on the technology, practice,
and legal environment of CA. One of objectives of this CA Working
Group is to develop the CA Guidelines. The primary draft of the
Guidelines was made public in the December 1996.
2. Objectives of the CA Guidelines
CA Guidelines provide the foundation for the operation of CAs which
issue digital certificates. A digital certificate, which
electronically verifies the identity of business parties during
network transactions, will play an important role in electronic
commerce conducted via open networks. Digital certification guarantees
the security of transaction information transmitted through networks,
and information transmitted between organizations, within
organizations and between individuals, by eliminating problems such as
wiretapping, tampering or repudiation. This fosters the reliance and
trust required to conduct business.
3. Structure of the CA Guidelines(Alpha Version)
(1) Introduction
This section first defines the basic terminology related to CAs, such
as public keys, certificates, and revocation of certificates, etc. The
section then deals with the following subjects concerning public key
infrastructure, which can be regarded as the technological foundation
of the guidelines:
(1) certificate management service for issuance, publication, and
storage of certificates, services relating to the registration and
management of personal information, and electronic notary, etc. (2)
hierarchical structure of CAs; (3) purpose of use and format of
certificates.
(2) Management requirements
As management requirements are important for increasing the
reliability of CAs, establishment and publication of policies relating
to certification, requirements needed by organizations, operational
security requirements, and information disclosure requirements are
stipulated. Within the policy arena the establishment and presentation
of provisions concerning the requirements for secure operation of
equipment and facilities, and of provisions concerning standards for
issuance of certificates are discussed. This section also stipulates
that organizational requirements must specify independence, third
party character and specialization.
(3) Service requirements
This section specifies requirements for guaranteeing security relating
to five services that constitute the certificate management service,
which is the basic service of CAs: management of the keys of CAs,
issuance of certificates, registration and publicizing of
certificates, storage and management of certificates, and revocation
of certificates. For example, in view of the serious consequences of
leakage or theft, private keys of CAs must be stored in an independent
special module with high storage capacity, and in an environment that
does not allow illegal removal of the storage module. Auditing of
certificate issuance are also discussed. The personal verification of
the applicant must be divided into three levels and that personal
verifications should be conducted according to these levels.
(4) Facilities and system requirements
This section specifies that requirements conform to measures
classified under group A of the "Information Systems Security Measures
Standards," which were announced by MITI in August 1995 and the
instruction manual was published by the Information Service Industry
Association in October 1996. Group A requirements relate to
information systems that affect people's lives, the property of
others, privacy and other social elements.
4. Forthcoming Schedule
ECOM is requesting that member companies and other relevant parties
offer their comments regarding this guidelines draft. At the same
time, the guidelines will be applied to the electronic commerce
test-bed projects sponsored by MITI ( Ministry of International Trade
& Industry), with the results of these test operations to be
incorporated in the guidelines. The final version, based on opinions
obtained from various sectors, is scheduled to be prepared and
announced by March 1998.
More information
E-mail: [email protected]
FAX : +81-3-5531-0068
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To unsubscribe from the dcsb list, send a letter to: [email protected]
In the body of the message, write: unsubscribe dcsb
Or, to subscribe, write: subscribe dcsb
If you have questions, write to me at [email protected]
--- end forwarded text
-----------------
Robert Hettinga ([email protected]), Philodox
e$, 44 Farquhar Street, Boston, MA 02131 USA
Lesley Stahl: "You mean *anyone* can set up a web site and compete
with the New York Times?"
Andrew Kantor: "Yes." Stahl: "Isn't that dangerous?"
The e$ Home Page: http://www.shipwright.com/