Make your own free website on Tripod.com

WG 15


Electronic Notary System

‚P‚X‚X‚VD‚P‚P

Katsuhiko Oride

Electronic Commerce Promotion Council of Japan
(Floor 10, Time 24 Building, 2-45 Aomi, Koto-ku, Tokyo 135-73, Japan: E-mail: oride@ecom.or.jp)

ABSTRACT: Ensuring security/reliability is important in EC (Electronic Commerce). In this paper, objectives, development in Japan and other countries, needs, required functions, issues for implementation of EC are described in an electronic notary perspective.


[Contents]


1. Introduction

2. Outline of Electronic Notary

3. Trends in the Electronic Notary System within and outside of Japan

4. Projects related to Electronic Notary

5. Needs for Electronic Notary in Electronic Commerce

6. Mechanisms for Securing Safety and Reliability from the Viewpoint of the Electronic Commerce Party

7. Requirements from the Viewpoints of the Electronic Notary Organization

8. Challenges for Implementing the Electronic Commerce Safety and Proposals


[The Text]


1. Introduction

This paper discusses the electronic notary system the Electronic Commerce Notary Promotion Associations Working Group has been considering along with it presenting Japan's situation and the electronic notary services already implemented in the U.S. already surveyed in the group's study, the outline needs for the electronic notary and requisites of the electronic notary system.

Although electronic commerce on an open network will enable global transactions at any time from anywhere on the earth, reduce running costs and increase opportunities of trade, it will be exposed to tapping, false statements, tampering and denials and errors by both relevant and third parties.

These threats and hazards should be addressed in terms of technologies. However, there are also threats and hazards difficult to eliminate only through technologies alone, so a comprehensive scheme for preventing or solving problems with technological, administrative and institutional mechanisms should be devised by analyzing the business flows of transaction models to meet the requirements and needs.

The Electronic Notary Study Working Group is scheduled to publish Guidelines for the Electronic Notary System in March 1998. Prior to the Guidelines, the progress of the Group's study will be presented (a review is being made on demand).

2. Outline of Electronic Notary

(1) Definition of electronic notary

As a new concept, the definition of electronic notary will be discussed from every point of view, along with the Electronic Notary Study Working Group's idea. The existence of electronic communication abilities between relevant parties, and dispute settlement under the administration rules.

When the concept of electronic notary is accepted as a social system to some extent, an appropriate name (instead of electronic notary) should be decided.

Discussions about electronic notary requires organizing among potential components of a scheme to secure safety and reliability of electronic communications concerning trade on networks (hereinafter referred to as the Electronic Commerce Safety Scheme).

In this electronic commerce safety scheme, Electronic Exchange: Electronic mail, electronic money, contract for electronic commerce, electronic saving, etc. Constituent parts: Certification, electronic notary, operational performance rating, commerce monitor (electronic money, etc. ), commerce disposal, power control (age, location area certificate), company rating, damage compensation (insurance, warranty), network monitor, recognition, monitor.

Electronic notary is defined as a mechanism that evidences 'who (with whom)', has made electronic interchange 'what' 'when', for electric commerce, taking into consideration among potential components ('who (with whom)', should be included in the authentication function).

Components: Includes identification of the sender of electronic (digital) information, time stamps, detection of tampering, confirmation of receipt and electronic storage of original-natured evidences. Within a company, importance will also be placed on records of the approval process and the control and recording of access.

These are also useful as evidence during a problem or dispute.

Note that in the following descriptions, the administrative entity includes electronic facilities held by relevant parties, as well as trading parties, the Electronic Notary Center (tentative name).

As shown in Figure 1, electronic notary is allowed to use the authentication institution that authenticates 'who (with whom)', as its infrastructure, to carry out its functions. Moreover, in terms of relations with other organizations, the roles and definition of electronic notary will vary, depending on whether the notary system assumes use (inclusion) of services of related organizations. This paper follows the definition stated above and assumes that users rely on services offered by components (institutions) according to need.

From the viewpoint of users (unfamiliar with information technologies in particular) there are some challenges concerning operability. Role-sharing and tie-up with components are worth considering for electronic notary as a social service.

Whether electronic storage is implemented depends on the spread of electronic technologies among users.

i‚QjWhen Electronic Notary is Needed (Representative Cases)

The following needs are assumed:

3. Trends in the Electronic Notary System within and outside of Japan

The world's notary systems can roughly be divided into Latin (Continental) ones (notaire or notar) and the English/American-type (notary public). The latter is engaged only in signature attestation, i.e., attesting that a signature on a private debenture is the true signature of the signer with no legal qualifications required, while the former is authorized, in addition to signature attestation, to create notary deeds and must be legally eligible (Article 5 of Germany's Notary Law states that only judges can be a notary).

Japan's Notary Law is a Latin type, following the German system, and the Japan Federation of Notary Publics is a member of the International Federation of Latin Notary. This international organization holds a general meeting every three years, and Japanese representatives who attended the meeting held in Montreal, Quebec, Canada in 1986, found that the title in English, of participants from other countries, was only 'Notary.' Thus, Japan's notary community reached a consensus that a notary public might be called just a notary in English, which was officially accepted by a memorandum form the Director of the Civil Affairs Bureau, the Ministry of Justice.

(1) Trends in Japan

Below are activities related to electronic notary:

a) Ministry of International Trade and Industry

i) Inter-Corporate High-level Electronic Commerce Promotion Project

(ii) Objectives of the Inter-Corporate High-level Electronic Commerce Promotion Project

(iii) Position of the Project

<Technological development & experiment>
Secondary supplementary budget for fiscal 1995 (21.75 billion yen)

(iv) Number of sub-projects

At present, 26 sub-projects are under way, including Tests for Creating Open Markets Accompanied by the Electronic Notary System as a sub-project related to electronic notary. Chapter 4 will deal with these sub-projects.

b) Ministry of Justice

Interim Report from the Study Group for Legislation of Electronic Commerce (Draft), March 1997

c) Ministry of Posts and Telecommunications

Report, May 1997

d) Ministry of Finance

Report, May 1997

e) National Tax Administration Agency

Report, March 1997

f) Summary

The crucial issue for the Ministry of Justice is the computerization of notarial acts at every notary's office. The electronic notary system should include attestation of electronic private documents, electronic dating, the creation of electronic notary deeds and custody and evidencing of electronic documents.

These functions may be used from the viewpoint of lawfulness (contents), and protection (punishment) of electronic official documents and telegrams. However, ordinary transaction data in electronic commerce should not be monitored by a third party (public or private), but controlled by trading parties themselves, so that the data are effective as evidence against a dispute in a security system (internal system by trading parties or a third party).

The Ministry of Posts and Telecommunications attaches the greatest importance on the computerization of the contents-certified mail, which resembles the service provided by (2) 6) USPS. At present, people are supplied with contents certification service at the counter of a post office, computerization of certification through networks equipped with attestation, time-stamps, and encryption functions (any time, any person and anywhere) that may lessen the importance of geographical locations of post offices.

The Electronic Notary Study Working Group set a lot of value on self-regulation by trading parties on the principle of free trade, and is aiming at the effective use of state-of-the-art telecommunications technologies, and dispute settlements with agreements by trading parties (open technologies and rules).

For this purpose, challenges and needs in actual business (inter-corporate, and intra-corporate business processes) are being picked up, mechanisms are being devised to address or meet them and are being summarized into Guidelines as requirements for electronic notary from the viewpoint of users, those from the viewpoint of electronic notary service providers, one of options and suggestions on how to implement the Electronic Commerce Safety Scheme.

(2) Trends in the U.S.

a) Cybernotary

Needs for mechanisms are increasing to equip international trading with safety due to differences in legislation and conventions, and difficulties in building up trusting relations among trading parties. At present, however, neither technological infrastructure nor legal framework has been implemented. Cybernotary is a project initiated by the U.S. International Business Conference to remedy the lack of safety in international trade digitally made by U.S. parties by establishing a quasi-public position, roles and responsibilities of which is now under consideration.

b) Commerce-Net

Commerce-Net supports inter-operability of Internet EDI to implement appropriate standardization of software products.

(i) Participants

(ii) Functions

Encryption algorithm, key control, integrity of contents, authentication and non-refusal of sender, receipt of signature and non-refusal of receipt, tracking, etc.

(iii) Results

Requirements for Inter-operable Internet EDI (draft-ietf-edint-req-01.txt)
ftp://ds.internic.net/internet-drafts/draft-ietf-ediint-req-01.txt

c) Trust e

This is an organization that approves a 'Trust Mark' for privacy and security in online trade, as well as creates/accepts reliable marks. The three marks below are now being used:

  1. No Exchange: Indicates a site where anonymity is secured in transaction or tracking.
  2. One-to-One Exchange: Indicates a site where the transactions or personal data are not disclosed to any third party.
  3. Third Party Exchange: Indicates a site where the transactions or personal data are disclosed to third parties.

d) Surety Technologies

This organization provides Electronic Notary services to verify whether a specific piece of information actually existed in a specific format at a specific time, and the information remains un-tampered.

(i) URL of its home page

http://www.surely.com/

(ii) Targeted markets

(iii) Pricing (tentative)

20 - 7.5 cents per event (varies with gross volume per year)

(iv) Flow of the Electronic Notary service

Figure 2: Flow of the Electronic Notary service

e) Netdox

Established by the merging of Doloitte & Touche and the Thurston group in January 1997 (in Chicago).

Authenticated data interchange service at a commercial basis is scheduled to start in September 1997.

(i) URL of its home page

http://www.netdox.com/

(ii) Basic services

(iii) Targeted markets

(iv) Pricing

Pricing competitive with postal services

Figure 3: Flow of Authenticated Data Interchange

f) USPS

USPS announced the Electronic Postmark service on February 19, 1997. This is an email service with digital stamps on the Internet, and will be available within the coming six months (with time-stamps and the attestation of being tamperless ). Authentication technologies are also scheduled within 18 months.

Price: 22 cents per 50K bytes (compared with 32 cents for ordinary post)

(i) URL of its home page

http://www.usps.gov/news/press/96/96108new.htm

(ii) Technological tie-ups

Figure 4: Image of the Arrival Notice

(3) Summary

What impressed the Electronic Notary Study Group most deeply during a tour in North America was that technologies of Surety were appreciated highly, and service providers (NetDox, USPS, zantaz, etc.) were based on technologies now emerging.

zantaz provides the Digital Safe* service (archive and retrieval offerings).

Surety Technologies believes that, since the Electronic Notary certificate is legally authorized as evidneces, an increase in users of this service will form a new commercial practice, which will raise the legal position of the Electronic Notary service.

Although there are differences in the notary system and perception of safety, private service providers are striving to play important roles in this social system in the U.S.

In addition, a variety of software products have been developed for business communications, such as order placement' and some software products are equipped with mechanisms to secure safety and reliability (e.g., response with digital signature).

Trade participants there are assuming a basic stance to address problems as their own responsibilities.

4. Projects related to Electronic Notary

(1) Tests for creating open markets with the electronic notary system

  1. Target models: presentation of official documents, application for qualifying tests of the Information Technology Engineer, for example, mail-order systems, auction of used books, membership book sales systems, and electronic publishing
  2. Organization: Electronic Notary Center (including CA)

(2) Electronic-commerce support system with electronic notary

  1. Target model: rental business (rental companies and agencies)
  2. Processes: from inquiry and estimate to contract and modification to contract
  3. Organizations: Electronic Notary Center and Negotiation Center

(3) Development and tests of the common infrastructure technologies for implementing the Digital Trading House

  1. Target model: membership digital trading house on open networks
  2. Process: digitization of sales promotion procedures (exploitation and selection of trade counterparts)
  3. Functions: purchase functions (registration of bidding offers and confirmation of successful bids), supply functions (retrieval of bidding offers, and confirmation of tenders and successful bids)
  4. Software for members: browser, bidding functions, secure communications library (encryption and signature)

(4) Development and test of electronic notary functions

  1. Target model: issuance of estimates and agreements
  2. Functions: time-stamping, and secrecy protection functions (key is divided into participants of N, and when K out of N gathers, the key will be reproduced.)

(5) Inter-corporate EC concept

  1. Target model: inter-corporate trading with open EDI
  2. Process: from order to settlement
  3. Functions: electronic notary functions and netting
  4. Organization: Information Management Center (IMC)

(6) Study and tests of standard protocols for inter-corporate electronic commerce and settlement

  1. Target model: inter-corporate trading on open network
  2. Process: ordering systems and settlement systems
  3. Functions: authentication of trade data and payment information
  4. Organization: Management center (Notary Bureau and witness)

5. Needs for Electronic Notary in Electronic Commerce

(1) Inter-corporate trade

(i) Characteristics of each type of trade

Consideration is required for each type and step of trade, e.g., continued trade or one-time trade (market-type) or the process before the conclusion of a basic agreement or after.

Figure 5: Characteristics of Each Type of Trade

(ii) Characteristics of developed and standard products

Developed products: protection of secrecy, difficulty of replacement and rapid shortening of product life-cycles

Standard products: alternatives, corporate potentiality, market type and more opportunities for smaller businesses

(iii) Threats from third parties

Trade types, trade processes and threats for each event (false statements, tapping and tampering)

(iv) Threats from counterparts

Intentional: tampering, denial and leakage of secrecy

Accidental: errors (operation error, input error, etc.)

Figure 6: Threats from Counterparts

(2) Intra-corporate processes

Spread of the Internet has resulted in a construction of intranets inside intra-corporate information systems and extranets connecting multiple organizations. Under these circumstances, one of the challenges is security and most people tend to attribute this problem to external factors.

Actually, however, some surveys have revealed that internal factors cause the majority of problems related to security.

Breakdown of causes of damage

Figure 7: Breakdown of Causes of Damage

Source: Information Week/Ernst and Young/Data General (as of Oct. 1996)

Where needs exist for intra-corporate electronic notary should be identified, while taking into consideration electronic data interchange with external entities.

‡@Measures to cope with Problems related to Own Processing in Companies and Organizations

Decision making procedure, recording and saving of approval facts of various approval processes (changeable, fixed)

¨ Process Recording

‡ACountermeasures against Threats from New Information Infrastructure

Threats from the network: False statement, wiretapping

¨ Enhancement of certification and access control

‡BSafety and Reliability Measures for Electronic Information which is Emerging outside of Information Systems

Contracts and IOUs between employees and companies ¨ Existence of actual results and saving content recordings

‡CMaintenance of Trust and Reliability of outside people

Transparency of companies, audit acceptance ¨ System operations with safety and reliability

(3) Summary

Models of both inter-corporate trade and intra-business process imply the existence of needs (for securing reliability and safety). Levels of urgency vary with the value of trade information.

As an easy-to-understand example, the level of requirements for electronic notary on trade information will be different between a large-amount transaction and a small-amount deal. The extent of confidentiality or credit conditions of counterparts should also affect the concerns of a party.

Since electronic commerce has just started, all the needs (and definition) for electronic notary are not able to be clarified. Therefore, actual examples should be further collected.

6. Mechanisms for Securing Safety and Reliability from the Viewpoint of the Electronic Commerce Party

(1) Needs and functions required of electronic notarym

Based on needs, functions required of electronic notary can be summarized as shown in the figure below:

Figure 8: Functions Required of Electronic Notary

(2) Descriptions of functions required of electronic notary

  1. Identification of the sender: functions to identify the sender.
  2. Time stamp: the date and hour added to digital information.
  3. Detection of tampering: functions to detecting tampering of digital information.
  4. Confirmation of arrival: functions to confirm that digital information has received by the specified receiver.
  5. Electronic storage of originality-guaranteed information: secure electronic storage functions to guarantee originality of information.
  6. Approval functions: functions to record processes of approval.
  7. Access control and recording: functions to control and record access to databases.

(3) Functions required of electronic notary and related technologies

Table 1 lists technologies related to implementation of functions required of electronic notary, which includes technologies for the digital signature, encryption, time stamp, digital safe, and access control. Descriptions of individual technologies are omitted.

Table 1 Functions Required of Electronic Notary and Related Technologies

Functions Required of Electronic Notary Related Technologies, etc.
Authentication of sender Authentication and digital signature
Time stamp Time-stamping (GMT)
Prevention of tampering Encryption
Detection of tampering Digital information on networks: digital signature
Information to be stored: MAC (authenticator)
Confirmation of arrival Digital signature
Electronic storage of originality-guaranteed information MAC, encryption, access control and digital safe
Recording of processes Authentication, digital signature, MAC, encryption, access control, and digital safe
Control and recording of access Authentication, access control, and digital safe

(4) Electronic Notary (Certificate) services

a) Certification of time

The date and time given by a person other than relevant parties (a third party).

(i) Objectives of the time stamp

Example: Digital preservation with higher reliability (to prevent information from tampering)

a. When a digital document existed.

Example: Idea of a patent

b. Electronic commerce

Example: Public bidding (digital trading house), and cooling-off

c. Digital application and filing

(ii) Others

b) Certification of the existence of the content

Certification to a third party of who sent digital information with what content to whom and when.

(i) Objectives of certification of the content

(ii) Requirements for certification of the content

Who (with whom): Authentication

When: Time stamp (on limited occasions)

What: Existence of the content (bit array) (private institutions have to secure confidentiality of communications.)

c) Certification of delivery

Certification of confirmed delivery of digital information from a sender.

(i) Objectives of certification of delivery

Example: Order slip

(ii) Implementation of certification of delivery

d) General digital storage

Digital data are stored as evidences.

(i) Objectives

(ii) Requirements (estimated)

e) Statutory digital preservation

Digital preservation of documents specified by law.

(i) Current situations

(ii) Requirement for digital preservation proposed by the Sub-committee

(5) Differences in electronic notary models and functions for each model, and examples

Relevant parties have to implement necessary notary functions by taking into consideration economical merits and convenience, so costs needed for administration are estimated as shown in models I<II<III<IV.

Therefore, models should be selective according to trusting relations with trade counterparts, the value of trade information (amount, confidentiality, etc.), and requirements for digital preservation as evidences, e.g., certification of time.

Below are described models for implementing electronic notary, feasibility of services for each model (e.g., time certification will be implemented in model IV) and typical examples of these models.

a) Electronic notary models

Various models can be designed for data interchange among participants in electronic commerce. These models are summarized in Figure 9.


Figure 9: Electronic Notary Models

b) Differences among functions for each model of electronic notary

Out of functions required of the electronic notary system, the model III, the digital platform among relevant parties, has difficulty in implementing certification of time. This is because integrity of the time stamp given by a relevant party cannot be certified.

While digital preservation by a third party seems safer due to independence of personal management, securer digital preservation systems are being studied and developed. So, the weight of human factors will reduce. As a result, certification of time and secure digital preservation are expected to be implemented on the common digital platform operated by relevant parties.

Figure 10: Functions by Electronic Notary Model

c) Actual examples of electronic notary models


Figure 11: Typical Examples

(6) Administration of the electronic notary system

Multiple administrative systems may be operated by public institutions, private organizations, and intra-corporate functions, depending on types of user and service.

About administration, we expect more discussions as to roles of relevant organizations, and further consideration from the viewpoint of economical advantages and convenience for users.

Figure 12: Administrative Organizations of the Electronic Notary Systems

7. Requirements from the Viewpoints of the Electronic Notary Organization

If the Electronic Notary Center (tentative name) is established, concrete talks are needed about its service functions, assignment and the range of responsibilities, and formats of operation (e.g., inter-operation). The following points are now under consideration, so we omit descriptions of them:

(1) Classification of services of the Electronic Notary Center

(2) Requirements for the Electronic Notary Center

(3) Inter-operability of the Electronic Notary Center

(4) Connections from the Electronic Notary Center to authentication institutions

(5) Scope of responsibilities of the Electronic Notary Center

(6) Challenges for establishing the Electronic Notary Center

8. Challenges for Implementing the Electronic Commerce Safety and Proposals

Since the following issues are now being considered, we describe them briefly:

(1) Components

a) Reconciliation

Problems incidental to electronic commerce will include technological troubles, which should be addressed within a very short time. Mechanisms are necessary to meet this requirement.

b) Disposition by suspending trade

The propriety and procedures require further consideration regarding disposition by suspending trade, i.e., a party who interfered with trade or made unfair trade is disabled from continuing trade. For example, information on such party is published.

c) Control of authorization

(i) Personal attributes

As part of control of authority, access by a person under age should be restricted. For example, the person is allowed to access a cyber-shop, but not to do shopping.

(ii) Restriction on regions

Validity or eligibility of a region should be checked, e.g., verifying that an order has been placed from a region export to which is not restricted.

d) Monitoring of trade

Trade on networks must be monitored to prevent, for example, illegal copy of image data, or abnormal flow of electronic money, which may lead to disputes. Illegal copy can be detected with the watermarking technology using multiple monitoring servers.

e) Rating of administrative abilities

Participants in electronic commerce must be equipped with electronic and administrative facilities. These facilities should be evaluated with some criteria, and the results published to support efficient trade.

f) Rating of companies

Reference data should be provided to help users comprehensively evaluate credibility of companies making electronic commerce. Ultimately, however, trade must be made at user's risk.

g) Compensation of damage

Loss or damage (damage to a party or third party) incidental to electronic commerce will be compensated with some insurance or guarantee.

i‚Q)Problems about Electronic Notary

‡@Clear definition (broader sense, narrow sense)

Roles of Electronic Commerce Safety Organization (tentative name) and Electronic Notary

Difference between Electronic Certification and Electronic Notary

‡AElectronic Commerce

Deepening of Electronic Notary Needs

Roles by Electronic Notary Models (internal, external: private, public)

Requirements and maintenance of Electronic Commerce Electronic Saving (example: output is not possible.)

‡BMaintaining Continuity of Operations Inside and Outside of a Company

Necessity of Seamless Security Infrastructure

‡CRole of Digital Information and Analog Information (human or paper society)

‡DGlobal Cooperation

‡EProblems to Make it Happen (cost balance, etc.)


[Reference Materials]


  1. Electronic Commerce - Condition for Japan' s Revival, by Norihiko Ishiguro
  2. Guidebook to the Corporate Trade Laws, by Masao Kishida
  3. Will and Notary, by Takuji Kurata
  4. Considerations about Electronic Commerce, by the Ministry of International Trade and Industry
    (Interim Report by the Study Group for Electronic Commerce Environments)
  5. Electronic Commerce and Laws, by Takashi Uchida
  6. Interim Report from the Study Group for Legislation of Electronic Commerce (Draft) on March 21, 1997
  7. Preservation of Ledgers and Documents (draft) on March 26, 1997
  8. Progress and Future Development of the Digital Applications and Digital Preservation of Documents by the Ministry of International Trade and Industry, by Kazunari Kaino
  9. Digital Preservation and Computerization of Administrative Procedures, by Nagaaki ooyama
  10. Survey on Social Roles and Trends in Various Countries of the Electronic Notary System, by the Global Communication Center of International University

[ECOM HOME PAGE]

[WG PAGE]