|
|
 |
 |
 |
Special Report
~New Year’s Greeting~
|
 |
Takuya Goto
Chair of the Next Generation Electronic Commerce Promotion
Council of Japan (ECOM)
CEO of Kao Corporation |
 |
Happy New Year. At
the beginning of the New Year, I would like to say a few words,
as the chair of ECOM.
ECOM has launched itself into the
latter half of their activities in the first year, with each
working group engaging in ever increasing activities. Moreover,
it is around this time that discussion concerning planning
for the next fiscal year starts.
Meanwhile, I sincerely hope that
the results of ECOM activities will be widely useful for society,
and I would like to illustrate some key points of future activities
here. I am no IT expert, but I hope you find them informative.
First of all, to reflect the original
intention, I would like to confirm two major objectives in
the founding prospectus. The key sentences are: “resolving
the issues of interoperability, globalization, and other factors
involving inter-company and inter-industry information sharing
that is imperative for the utilization of RFID tags”;
“ECOM carries out activities to promote the diffusion
and development of EC and to improve an environment that facilitates
secure EC conducted by all economic entities such as general
consumers and enterprises”.
To undertake the two activities,
the following three points must be considered.
1. Do you have the
“perspective of users”?
2. Are you “responding
to changes”?
3. Isn’t
the notion of “Common sense of Japan” becoming
“nonsense to the world”?
Although not directly relevant to
IT, they are related to what I have been reminding staff in
our company. When IT becomes something very familiar, unlike
twenty or thirty years ago, those perspectives also become
important.
 Page
Top
1. Do you have the “perspective of users”? |
This is a question related to the final
target for which you strive. It has been around for quite a while,
but manufacturers produce products based on their own logic. The
enthusiasm thus expressed, “I want you to use this new product”,
is important, but the basic premise is that the product should
be something that users are eager to use. With this in mind, you
must always listen to users’ opinions and requirements.
Based on this attitude,
users’ responses will change from “I can use it,
if it’s cheap” to “I definitely want to use
it, even if it’s expensive”, and satisfactory value
can be offered. There is no way that the product would be something
thus described: “I don’t want to use it, even if
it’s cheap”.
In ECOM’s case,
it is companies, rather than consumers, who use the results
in most cases. I would definitely like to see results that users
(companies) want to use even if they need to make some investments.
The perspective behind
efforts “to improve an environment that facilitates secure
EC conducted by all economic entities” is very important
for users. Problems related information security are widely
headlined and are becoming social issues. I hope therefore that
positive results of ECOM activities could be utilized throughout
society.
Page
Top
| 2.
Are you “responding to changes”?
|
As we are all aware, business environments
are changing rapidly in many ways. They represent comparatively
small changes happening in everyday life. At the same time, the
word “structural reform” is headline-making, because
much more significant changes, like paradigm shifts, are also
gradually taking place.
I think the terms,
“inter-company and inter-industry information sharing”
in the founding prospectus of ECOM symbolize the “paradigm
shift”. The terms “inter-company and inter-industry
information sharing” do not simply mean connecting computers
together. It means companies are transcending borders and connecting
with each other as if they were parts of an in-house network
system.
It is a completely
different concept from anything previously. In the 60s and 70s,
many companies including ours introduced computer systems and
developed a variety of in-house systems for different operations,
before attempting to streamline the latter. In other words,
our attention was on the construction of in-house systems, especially
on system constructions in each section. Therefore, when it
comes to inter-company transactions, information concerning
“paper” output by a system of company A was input
to a system of company B based on the information on the “paper”.
It was a “delivery”
of information rather than information sharing between companies,
so, companies tried to reduce the volume of such “papers”
and electronically transmit information online. Our company
also strove very hard to establish a data exchange system with
partners mainly to process orders.
However, most people
now have multiple computers, “one at the office, and one
at home”. In addition, most computers are inter-connected
through the Internet.
When it comes to “inter-company
and inter-industry information sharing”, are new ways
and procedures which can respond to significant change necessary?
As I mentioned before, the conventional way involved simply
digitizing paper-based practices/operations in each company.
To be more precise,
connecting in-house systems on an operational basis is insufficient.
Each company will make the necessary changes, after assuming
the means of promoting inter-company and inter-industry information
sharing. Meanwhile, there will also be considerable BPR (Business
Process Reengineering), which will be the driving resource for
companies to invest in new systems. The inter-company and inter-industrial
diffusion of RFID tags should be promoted based on this idea.
Page
Top
| 3.
Isn’t the “Common sense of Japan”
becoming “nonsense to the world”? |
I often ask our staff “isn’t
the common sense of Kao becoming nonsense to the public?”
It often happens that what is comfortable common sense in one
community becomes inapplicable to others. This seems to happen
often especially in this island nation, Japan.
Solving the issue of
“globalization” in the founding prospectus is one
of the biggest obstacles to “inter-company and inter-industry
information sharing”. Needless to say, “company”
and “industry” include those from overseas. In other
words, the scope of the “perspective of users” suddenly
becomes global, and overseas users must be included in the “users”
category.
The other day, I read
an article about World Cup Rugby: ”New Zealand chosen
to host the 2011 World Cup Rugby. Japan loses”. The article
doesn’t compare the two countries quantitatively, but
explains the reason for Japan’s defeat was a lack of political
negotiations. In fact, Japan has better playground facilities
and sophisticated transportation systems.
It is an inevitable
obstacle that has to be overcome in the world of “globalization”.
Organizations similar to ECOM exist overseas, as well as many
other related organizations besides. It is crucial to continue
thinking of the right tactic to be their “partner”.
Although it takes time to achieve, please remain patient and
do your best.
This sums up my thoughts
for the beginning of the New Year.
Finally, I hope the ECOM activities
this year will again be fruitful.
Page
Top
|
|
Revision of
the Guidelines for Personal Information Protection and Recent
Troubles |
|
ECOM promotes enlightenment of personal information
protection for EC companies and users. Mr. Masahiro Eguchi,
Research Director of ECOM (Personal Information Protection WG)
makes a report on the latest status of the “Act on the
Protection of Personal Information” and the revision of
the “Guidelines for Personal Information Protection in
EC in the Private Sector”.
|
| 1.
Introduction |
| Approximately
ten months have passed since the “Act on the Protection
of Personal Information” (hereinafter referred to as the
“Protection Act”), which aims to create a healthy
information society based on reconciliation between the usefulness
of personal information and the necessity of its protection, was
fully enforced. During that period, both administrative agencies
and business persons who handle personal information (hereinafter
referred to as “business persons”) have made all kinds
of efforts to establish the intent of the “Protection Act”
in society. Based on trends following the enforcement of the law,
the Next Generation Electronic Commerce Promotion Council of Japan
(hereinafter referred to as ECOM) has recently revised the “Guidelines
for Personal Information Protection in EC in the Private Sector”
(hereinafter referred to as “ECOM Guidelines”) for
EC business persons, which was formulated and publicly announced
to promote the protection of personal information in EC activities.
Both the current status and the outline of the revision will be
reported below.
Page
Top
|
| 2.
Situation after full enforcement |
| In
April 2005, the “Protection Act” was fully enforced
after a post-enactment preparation period of one year and ten
months. As business persons were obliged under the Act to disclose
personal data they had in their possession, they became uneasy
about “being disturbed by endless inquiries and requests
from consumers” as the enforcement day neared. But, fortunately,
their uneasiness proved unfounded. Supposedly, such inquiries
and requests were prevented because many business persons stipulated
the setting of appropriate service charges and the presentation
of identity verification materials, and made careful announcements
in advance on their websites, etc. On the other hand, personal
information leaks were very much in the news, almost daily it
seemed, which suggested the difficulty of completely preventing
them. Below are intentional cases of personal information leaks
in the EC industry (whether by insiders or by outsiders) in and
after this April.
• A price comparison site with the largest
number of users was tampered with through unlawful access and
the personal data of members who accessed the site was leaked
to outside. The site had to be closed for approximately two weeks
after detection.
• An ex-employee of a company with a store
on an Internet shopping mall broke into the mall server by making
use of ID that had been allocated to the company. He obtained
the personal data of tens of thousands of customers and sold it
to business people handling lists of names.
• By making use of spyware, an unidentified
person posing as an Internet shopping customer obtained an ID,
which was being used for business transactions with banks, from
an Internet shop owner and withdrew a total of 9,400,000 yen from
nine accounts (three banks).
• A server for operating an Internet shop
of a major apparel company was unlawfully accessed by an unidentified
person and data on approximately 4,500 customers - including credit
card information - was leaked. More than two months have passed
since the leakage occurred, but it is still uncertain when the
site will open again.
Below are cases of personal
data leaks due to the negligence and carelessness of business
persons.
• Secret data including personal information
that employees took home were leaked on the Internet through file-swapping
software.
• Sales representatives, who took personal
computers containing personal data with them when they went out
on business, lost them in transit.
• It was discovered that microfilms on
which customer handling data was recorded were lost, when personal
information was simultaneously checked.
• Personal computers with personal data
still in them were scrapped.
Personal information
leaks, including only the cases that were reported to supervisory
ministries, amounted to 894 cases in six months (public announcement
by the Cabinet Office), and in contrast to the aims of the “Protection
Act”, feelings of uneasiness have been growing among consumers
since the Act was enforced. For the purpose of helping consumers
feel more secure about the Internet society, business persons
are required to solemnly deal with a range of issues.
Page
Top
|
| 3.
Revision points of the “ECOM Guidelines (Ver. 4.0)” |
In this revision, rules to be observed
by business persons to strengthen the safe management of personal
data were added. The main points will be presented below.
(1) Overall understanding of personal data
Business persons have
to regularly check the possession status of personal information
that they have obtained and to correctly understand the contents
and quantity of personal data and databases. In addition, it is
important to carefully examine the status of use on an as-needed
basis and to safely dispose of information that will not be used
any more.
(2) Countermeasures against physical theft and
losses
A considerable number
of personal information leaks have been caused by thefts and losses
of personal computers, recording media and other similar devices
containing personal information, and it is very rare that these
items are found or returned after the incidents. Business persons
have to take serious note of this fact and take appropriate and
effective measures to prevent thefts and losses. As for the operation
of client terminals for individual use with especially high theft
and loss risks, it is desirable to take the following measures.
[1] Prohibition of the storage of personal databases
in client terminals (excluding personal data
for communication, such as e-mail addresses and telephone numbers)
[2] Restrictions on outside use and thorough inventory control
[3] Start-up locks when leaving the office and transporting, data
file encryption and storage in
lockable lockers
(3) Countermeasures against unlawful access and
viruses
Business persons have to take preventive
measures against unlawful access to, and the entry of viruses
into personal information databases that they have in their possession,
by taking necessary and appropriate measures based on the latest
technology.
Below are specific countermeasures that business persons should
take against unlawful access and viruses.
[1] Business persons should monitor unlawful
access and the entry of viruses at all times, and
when they detect any malfunctions, they should immediately shut
down the entire system or
partially isolate the problem area from networks to confirm safety.
[2] When business persons limit access, they must collect detailed
operation logs to use them
in investigating the causes of accidents. It is desirable to have
operation logs for six
months or more.
[3] Business persons should prohibit network connections with
personal computers for private
use which have not been consented to by persons responsible for
the protection of personal
information, as well as with personal computers that have not
been inspected.
[4] Business persons should not transmit or exchange unencrypted
files, including personal
information on the Internet.
(4) Strengthening of personnel safety management
Personnel safety management
means the provision of education and training to employees with
regard to both the conclusion of contracts with provisions for
personal data nondisclosure and the handling of personal information,
but many business persons have indicated that personnel safety
management is lagging behind compared to organizational or technological
safety management. Continual education and training is important
for the following purposes: to rediscover the fact that the problem
with the handling of personal information comes down to the “quality
of personnel” and to truly establish in-company rules. In
providing education and training to employees, it is important
to document concepts and rules in relation to the protection of
personal information in a way that is easy to understand and to
confirm the level of understanding of participants. In addition,
it is desirable to coordinate personnel safety management with
personnel systems and working regulations from the viewpoint of
the protection of personal information and to clarify penalties
including disciplinary actions for intentional behaviors, serious
faults and violations.
(5) Thorough implementation of safe disposal
Business persons have
to confirm that personal information will not be unintentionally
leaked when they scrap personal computers and electronic media
in which personal information has been recorded. They should erase
all recorded information by making use of software for complete
erasure, etc., when they dispose of personal computers and other
similar products (or they should entrust reliable business persons
with this task). They should also thoroughly and completely scrap
recording media by destroying them with shredders and by taking
other similar measures.
*Reference to the full text of the revised ECOM
Guidelines
ECOM website (http://www.ecom.jp/)
Page
Top
|
| 4.
Conclusion |
Japan has not yet fully found the ideal
way of protecting personal information. The Cabinet Office has
again recently started the “Committee on the Protection
of Personal Information” of the Social Policy Council to
begin a follow-up on the situation after the enforcement of the
“Protection Act”. It is said that the Ministry of
Economy, Trade and Industry will revise the guidelines for the
protection of personal information and will expand and improve
questions and answers. It is expected that FY2006 will be a year
in which the ideal method of protecting personal information will
be further explored and a foundation for the establishment of
the protection of personal information in line with actual societal
conditions will be built; that is, a year in which both the public
and private sectors will be as busy as, or even busier than FY2005,
but a year in which significant outcomes will be produced.
|
|
Activity
Report of the “ebXML Asia Committee” |
|
|
From November 21-26, 2005, the Fourteenth
ebXML Asia Committee Plenary Meeting (eAC:ebXML Asia Committee)
was held in Taipei, China.
Mr. Masato Tamori,
Research Director of ECOM (Technological Infrastructure Development
Group), reports on committee decisions in this meeting and an
outline of the activities they have been carrying out.
Page
Top
|
| 1.
What is the ebXML Asia Committee? |
|
|
The ebXML Asia Committee (http://www.ebxmlasia.org/)
is a regional committee jointly initiated by the Electronic Commerce
Promotion Council of Japan (ECOM), the Korea Institute for Electronic
Commerce (KIEC) and the Taipei Computer Association of Chinese
Taipei in December, 2000.
The objectives of their
activities are the promotion of ebXML in Asia, co-support for
ebXML activities in Asian countries, and EC development in Asian
regions. Over 21 organizations from ten countries and regions
(Indonesia, Australia, Korea, Singapore, Taiwan, China, Japan,
Pakistan, Hong Kong and Malaysia) are members of the committee.
While the ebXML Asia
Committee is working alongside other international organizations
as shown in Figure 1, their activities are undertaken by two major
task groups (the Core Component Task Group (CCTG) and Interoperability
Task Group (ITG)) and by the R&R Federation Joint Project
with the Working Group 2 of ISO/IEC JTC1 SC32.
Page
Top
|
|
2. Taipei meeting and its agenda |
|
|
The agenda of the Taipei meeting is as
follows:
1) Changes in the committee’s name and its scope
The eAC has changed its
name as follows, after looking back on the five years’ of
activities since its establishment:
| ebXML Asia Committee (eAC) |
 |
eBusiness Asia Committee (eAC) |
This is due to the expanded
scope of the committee, from “Establishment of XML infrastructure
in the Asian region and promotion of ebXML technologies”
to “Facilitation of e-business in the Asian region”
However, activities still
include the promotion and enlightenment of XML based technologies
(ebXML/Web Service).
2) Creation of road maps(for eAC and for each
task group)
In accordance with 1),
road maps were created to clarify the following three year’s
activities and action policies for eAC and each task group. The
following are the action policy of eAC and outline of the roadmaps:
3) Agenda of the task groups (including the joint project)
The following agenda was discussed in
each task group (including the joint project)
Details of the agenda are or will be introduced in the ECOM News
and JEDIC Newsletter on their respective websites: (
http://www.ecom.jp/ and
http://www.ecom.jp/jedic/).
(1) Core Component Task Group (CCTG)
(Issues)
·  Examination
of methodologies to assign unique IDs to objects and its rulemaking
Examination of ”Product” issues (How to identify products.
It attempts to define the difference
in concepts between sales and logistics.
(Reference)
·JEDIC
Newsletter No. 72: ”UN/CEFACT Forum/Lyon Meeting”
(2) Interoperability Task Group (ITG)
(Issues)
· Proposals
to OASIS·ebMS Version 3.0 (the version which added interoperability
function
between ebXML and web services, client server-typed messaging
service (pull messaging
function), etc.)
·Introduction
of reliability test tools.
·Examination
on global interoperability tests
(Reference)
·ECOM
Newsletter No.11: “ebMS Vr.3.0”(plan)
(3) R&R Federation Joint Project (RRF)
(Issues)
· Implementation
of R&R Asia Federation Demonstration Test (face to face test)
(Reference)
· JEDIC
Newsletter No. 72: ”Report on the Progress of the ebXML
R&R Federation Demonstration
Test”
·ECOM
News No. 7: ”Report on the Progress of the R&R Federation
Joint Project and the
R&R Federation Joint Tokyo Meeting”
4) Other proceedings
· The current chair, Mr. Hisanao Sugamata,
Research Director of ECOM, and vice chair, Mr. Frank Lin from
Taipei, were reelected.
·The Fifteenth eAC Meeting is scheduled to be held in mid-May,
2006, in Wuhan, China (or Malaysia or Japan)
(This project is jointly
implemented by Japan Information Processing Development Corporation
/ Electronic Commerce Promotion Center and Next Generation Electronic
Commerce Promotion Council of Japan, as one of the projects sponsored
by the Ministry of Economy, Trade and Industry.)
Page
Top
|
|
Outline of Lectures at the
“Seventh ECOM Seminar 2005”
Efforts to Cope with Implementation
of e-Document Law – Report on the Result of Interoperability
Test Based on Long-Term Storage Formats – |
|
On December
16 (Friday), 2005, a monthly ECOM seminar was held under the
above-mentioned theme at the Kikai Shinko Kaikan Building (Shibakoen,
Minato-ku, Tokyo). On the day, 108 visitors including members
and the general audience attended the seminar.
Three lecturers, who are members of Long
Term Signature Diffusion Sub Working Group (SWG), gave presentations.
Lecture materials are released on
the website for ECOM members (http://kaiin.ecom.jp/).
Page
Top
|
| Lecture
1: e-Document Law and Measures in Response to Long-Term Storage
of Electronic
Documents |
Mr. Michihiro Kimura, Executive
Expert, Corporate IT Division, NEC Corporation
With the aim of both
securing the authenticity and visibility of documents and vouchers
and electronically storing them, the e-Document Law was enforced
in April 2005 based on IT development in recent years, amid
the IT regulatory reforms of the “e-Japan Strategy II
Acceleration Package”. Impediments to the long-term storage
of electronic documents are as follows: degradation of recording
media and devices, compromised algorithms and file incompatibility.
For the purpose of taking appropriate preventive measures against
these impediments before problems occur, it is necessary to
take the following actions: (1) selection of high-quality recording
media to detect the degradation of recording media, regular
checkups and switches between media, (2) storage of information
that is necessary for re-verification, introduction of long-term
storage formats and selection of long-term operation time stamp
authorities, (3) introduction of long-term storage file formats
to avoid dependence on specific vendors and shifts from existing
systems. The details have been discussed since 2000 by the Long
Term Signature Format Diffusion SWG of ECOM.
The life expectancy
of devices that are intimately related to long-term storage
is significantly affected by environmental factors and handling
methods. The following countermeasures protect against the degradation
of recording media and devices: (1) selection of highly reliable
media, (2) long-term provision and maintenance of drives, (3)
securing the quality of data when it is written, (4) maintenance
of the quality during the data is stored, (5) prevention of
erasure by mistake, and (6) protection of transportable media.
It is desirable to establish criteria to easily identify which
media are appropriate for long-term storage, including criteria
for mark expressions of these media. It is also important to
select highly reliable media and to migrate every 3-10 years
in line with advances in media and technology. Digital signatures
have the limitation that the authenticity of signature keys
cannot be discerned even if they are stolen or falsified. It
is necessary to enable the re-verification of the past effectiveness
of signatures even if signatures lose effect or the period of
validity expires, by introducing an invalidation scheme and
setting the period of validity. The following methods enable
re-verification: (1) long-term signature formats in which time
stamps are repeated, (2) storage in tamper resistant management
devices, (3) e-document storage ASP under strict operation and
(4) an e-notaries public consignment service. ECOM recommends
long-term storage formats in particular. As for the file incompatibility
problem, it is necessary to prepare file formats that are appropriate
for the lifecycle of e-documents (generation, proccessing, registration,
keeping, storage and disposal). From the viewpoint of keeping,
it is necessary to prepare formats that can be immediately referred
to when necessary, and from the viewpoint of storage, it is
necessary to prepare formats that are appropriate for long-term
storage. In the process of a shift to long-term storage documents,
e-documents in existing systems will be converted (into formats
such as PDF/A, TIFF and XML) and signatures and time stamps
will be affixed to them. In the process of extending the period
of storage of long-term storage documents, it is necessary to
affix time stamps to signatures, time stamps and related verification
information. At present, there is an enormous variety of standardized
storage formats. For the purpose of presenting the minimum range
of standardization and securing the uniqueness of interpretations,
ECOM has developed a long-term signature format profile and
is conducting interoperability tests on data that has been generated
by the products of various organizations.
The following
future problems exist with the diffusion of e-documents: interoperability
is not secure due to differences between the “Directive
for the Legal Interpretation of the Directive for Handling the
e-Book Storage Law” (as of February 28, 2005, National
Tax Agency), which stipulates that “attention should be
paid to the necessity of affixing a time stamp to both e-signature
data and image data“, and the “Guideline for the
Safe Management of Medical Care Information Systems” (as
of March, 2005, Ministry of Health, Labour and Welfare), which
stipulates ”the necessity of affixing a time stamp for
the whole document including an e-signature.” In the future,
it will be necessary to conform to standards across business
categories.
Page
Top
|
| Lecture
2: Long-Term Storage Formats of Electronic Signature Documents |
Mr. Kazuya Miyazaki
Manager, Information Technology R&D Center, Mitsubishi Electric
Corporation
Digitalization of documents
is advancing from paper documents to e-Documents in terms of
efficiency and resource saving. However, e-Documents are inferior
to paper documents in the following aspects: originality, perfectibility,
authenticity and credibility. Therefore, as means of securing
the reliability of e-Documents, electronic signatures (digital
signatures) are used, although these have the disadvantage of
shorter effectiveness in the following areas: (1) period of
validity for PKI certificates, (2) invalidation of PKI certificates
and (3) vulnerability to cryptographic technologies. Ministries
have been discussing electronic archive since 1999, and securing
credibility of e-Documents is the requirement. In other words,
the following must be proven. “Who wrote the document,
when it was created the document and the fact no falsification
has been made”. Currently, in order to secure the credibility
by cryptographic technologies, development of the e-Document
Law and Guideline for Time Business (November 5, 2004, Ministry
of Internal Affairs and Communications) is underway.
Long-term storage formats
of electronically signed documents are electronic signature
formats which can verify “the effectiveness of the signature
at some previous point” to overcome the disadvantages
of electronic signatures. ECOM has been examining and developing
its profile. This method had the following characteristics:
(1) a third-party verification possible, (2) third-party able
to take over the extension process, (3) encapsulation by the
latest cryptographic technologies, (4) only CA and TSA for TTP,
(5) gaining multiple time stamps can increase the level of security.
The future challenges
include: (1) how to respond to the unforeseen invalidation of
TSA certificates, (2) vulnerability to cryptographic technologies,
(3) how to store trusted points. As for the countermeasures,
it is desirable to take the following actions: (1) affixation
of multiple time stamps; (2) establishment of a reliable organization
which will be in charge for monitoring/evaluation of vulnerable
cryptographic technologies, proposals of countermeasures’
policies and storage and disclosure of vulnerability histories;
(3) promoting the establishment of reliable methods, organizations
and systems for permanent storage and the disclosure of trusted
points; (4)securing the interoperability of long-term storage
formats in Security WG/Long-Term Signature Format Diffusion
SWG of ECOM and (5) developing technologies which are not dependent
on computational security.
Page
Top
|
| Lecture
3: ECOM’s Interoperability Pilot Test Based on Long-Term Signature
Formats |
Mr. Kenji Urushima, Entrust Japan Co., Ltd.
Long-term signature
formats can guarantee “the time of signing and the names
of signatories” and identify “documents signed”
“even if the time of certification validity expires or
old cryptographic algorithms are compromised”, and are
classified into two types: a format based on extended CMS signed
data (RFC 3369), which is used for signature cipher e-mails
and general e-signature data, and XML format. The technological
cores of the long-term signature formats are as follows: (1)
affixation of time stamps to signatures, (2) affixation of CRL,
a certificate that is needed to verify signatures and time stamps
and (3) affixation of archive time stamps based on the latest
cryptographic algorithm for the abovementioned (1) and (2) to
extend the period of storage. Time stamps (TS) have the following
problems: (1) only with time stamps, it cannot be confirmed
to what documents they have been affixed, (2) it cannot be confirmed
who has affixed time stamps, and (3) even people with malicious
intent can affix valid time stamps. Therefore, it is necessary
to prepare “containers” of signatures and time stamps.
A standard for “containers” was formulated by the
ETSI (European Telecommunications Standards Institute) in 2000
and has been repeatedly revised since then.
When only the standard
specifications of long-term signature formats are used, the
following two problems exist: (1) formats of low necessity are
included and (2) it is difficult to determine implementation
because the specifications are not clear. In consideration of
these problems, ECOM has formulated the “Long-term Signature
Format Profile of ECOM”, which includes minimum arrangements
that are necessary for exchanging long-term signature data in
Japan. The points of the profile of ECOM are as follows: (1)
it includes two versions, CAdES (CMS) and XAdES (XML), (2) the
latest specifications have been adopted, (3) formats of low
necessity have been eliminated and (4) the storage method of
verification information has been clarified.
On this occasion, ECOM
conducted a pilot test to verify conformity with this profile
and interoperability. The test was roughly classified into (1)
the online matrix generation and mutual verification test to
confirm that effective ES (Electronic Signature)-format data
that is generated by other companies’ products can be
mutually read and verified, and (2) the off-line common data
verification test to confirm both the verification function
of implemented long-term signature formats and conformity with
the profile of ECOM. Fourteen companies participated in the
test, ten of which participated based on CAdES and the rest
based on XAdES. Irrespective of level differences between existing
and new products and between prototypes and final products,
all of the products of the companies passed the test as they
conformed to the profile of ECOM, excluding the non-support
function, and because they had the necessary verification functions.
Through this interoperability
test, the following concerns and problems became evident: (1)
the setting of verification times in certificates, (2) grace
periods, etc. Owing to the voluntary cooperation and assistance
of various people and participating members, we were able to
successfully conclude the pilot test and confirm the interoperability
of the products of participating companies with regard to the
CAdES and XAdES formats based on the profile of ECOM. It is
expected that the products will be used with a sense of security
for long-term storage in the area of document storage, and will
be further diffused in an accelerated manner.
*Abbreviations
ASP:Application Service Provider
CA:Certificate Authority
CAdES:CMS Advanced Electronic Signatures
CMS:Cryptographic Message Syntax
CRL:Certificate Revocation List
TSA:Time Stamp Authority
TTP:Trusted Third Party
XAdES:XML Advanced Electronic Signatures |
 |
|
|
The Announcement of the “RFID
Tag Diffusion Promotion Seminar”
Utilization of RFID tags toward Enhancement of Inter-Industrial
Competitiveness
|
|
With the joint corporation of the Next
Generation Electronic Commerce Promotion Council of Japan, the
Ministry of Economy, Trade and Industry (METI) and the Japan
Information Processing Development Corporation/Electronic Commerce
Promotion Center (JIPDEC/ECPC) will hold an “RFID Tags
Diffusion Promotion Seminar” to promote the introduction
and implementation of RFID tags. This is a part of the FY2005
RFID Tag System Development Survey (infrastructure development
of the inter-company information sharing).
This time, we will introduce RFID tags
pilot tests by the Ministry of Economy, Trade and Industry and
the activity results of survey research on inter-company utilization
of RFID tags, etc., in Sapporo, Nagoya and Fukuoka.
In parallel, at the venues, we display
RFID tags attached to products, which were used for the pilot
tests in FY2004, and you can watch a video introducing the pilot
tests.
Please refer to ECOM’s web site (http://www.ecom.jp/seminar/rfid_seminar.html)
for more details of the program and registration for the seminar
Page
Top
 Sapporo
Venue |
| Date |
January 31 (Tuesday), 2006, 13:00~17:00 |
| Place |
Room Tancho, SAPPORO GARDEN PALACE (Kita 1 Nishi 6, Cyuoku,
Sapporo, Hokkaido) |
| Program: |
“Measures of METI regarding RFID Tag Diffusion Promotion
and Analysis of Results of RFID Tags Pilot Test in FY2004” |
| “Progress on HIBIKI Project for Realization of
5 Yen Tags” |
| “Efforts toward the Promotion of RFID Tag Utilization” |
| “Outline of RFID Tag Pilot Test in FY2005”
|
| “RFID Tag Pilot Test in FY2005:
RFID Tag Pilot Project for the Establishment of Future Store
Services” |
| Nagoya
Venue |
| Date |
February 7 (Tuesday), 2006 13:00~17:00 |
| Place |
Meeting room, 5F, Sakae Gas Building (Sakae3-15-33, Nakaku,
Nagoya, Aichi) |
| Program: |
“Measures of METI regarding RFID Tag Diffusion Promotion” |
| “Progress on HIBIKI Project for Realization of 5
Yen Tags” |
| “Analysis of Results of RFID Tag Pilot Test in FY2004” |
| “Efforts toward the Promotion of RFID Tag Utilization” |
| “Outline of RFID Tag Pilot Test in FY2005”
|
| “RFID Tags Pilot Test in FY2005: Progress of ASEAN
Returnable Container Pilot Project by RFID Tags” |
| Fukuoka
Venue |
| Date |
February 10 (Friday), 2006 13:00~17:00 |
| Place |
International Conference Hall, 4F, ACROS Fukuoka (Tenjin
1-1-1, Cyuoku, Fukuoka City, Fukuoka) |
| Program: |
“Measures of METI regarding RFID Tag Diffusion Promotion” |
| “Progress on HIBIKI Project for Realization of 5
Yen Tags” |
| “Analysis of Results of RFID Tag Pilot Test in FY2004” |
| “Efforts toward the Promotion of RFID Tag Utilization” |
| “Outline of RFID Tag Pilot Test in FY2005” |
| “RFID Tag Pilot Test in FY2005: Progress of Autonomous
Service Robot Project by RFID Tags at Shopping Malls " |
|
|
Announcement of
the “Tenth ECOM Seminar”
Latest Trends in Overseas |
|
As IT improves and the Internet penetrates further,
the EC global market continues to expand.
In this seminar, the latest trends
on how EC is progressing overseas will be reported with particular
focus on the current status and trends especially in the U.S.
and China which has grown remarkably.
In addition, as utilization moves toward
e-Governments striving to improve the quality of administration
services, we will introduce case examples of electronic applications
and efforts on electronic signature/authentication which is
the basis of electronic applications in Canada and Germany.
| Date: |
February 9, 2006 (Thursday) 13:30~16:45 |
| Place: |
Meeting room, 6F 6D-1,2,3, Kikai Shinko Kaikan Bldg. (3-5-8,
Shibakoen, Minato-ku, Tokyo) |
| Application for attendance: |
please register on the website of ECOM (http://www.ecom.jp/seminar/seminar10.html) |
Program
For details, please refer to the website of ECOM (http://www.ecom.jp/seminar/seminar10.html).
| 13:30~14:30 |
Lecture1: “The Current Status and Outlook
of EC in Europe and the U.S.” |
| 14:30~15:30 |
Lecture 2: “The Current Status and Latest Trends
of EC in China |
| 15:30~15:45 |
Coffee Break |
| 15:45~16:15 |
Lecture 3: Overseas Efforts toward the Utilization of
Electronic Applications~Improvement of administration services
by one-stop applications in Canada and Germany~ |
| 16:15~16:45 |
Lecture 4: “Trends of Electronic Signature/Authentication
in Europe” |
.Page
Top
|
|
From the Secretary-General |
|
|
The concrete results of RFID tag introduction
are becoming clear by many factors including the effect of RFID
Tag Pilot Tests by the Ministry of Economy, Trade and Industry.
Komatsu Ltd., a board member of ECOM, and whose plant we toured
last year, announced their plan to “introduce the production
management system based on RFID tags for all construction machinery
plants in Japan by the end of FY2006”. More reports on the
effects of RFID tag introduction will thus definitely be unveiled.
RFID Tag Diffusion Promotion
Seminars will be held in Sapporo (1/31), Nagoya (2/7) and Fukuoka
(2/10). On these days, we will explain the FRID tag pilot tests
conducted by the Ministry of Economy, Trade and Industry and the
results of research surveys toward inter-company RFID tag utilization.
In parallel, we will display RFID tags and you may watch a video
related to the pilot tests. We are looking forward to your regional
participation.
(Hamanaka)
Page
Top
|
|
ECOM News No. 10
Issue Date: January 27, 2006
Issuer: Next Generation Electronic Commerce Promotion Council
of Japan
Kikai Shinko Kaikan Bldg 3F
3-5-8, Shibakoen, Minato-ku Tokyo 105-0011, Japan
Tel: +81-3-3436-7500, Fax: +81-3-3436-7570
|
|
