Electronic Notary System
Commerce Promotion Council of Japan
(Floor 10, Time 24 Building, 2-45 Aomi, Koto-ku, Tokyo 135-73, Japan: E-mail: firstname.lastname@example.org)
ABSTRACT: Ensuring security/reliability is important in EC (Electronic Commerce). In this paper, objectives, development in Japan and other countries, needs, required functions, issues for implementation of EC are described in an electronic notary perspective.
2. Outline of Electronic Notary
3. Trends in the Electronic Notary System within and outside of Japan
4. Projects related to Electronic Notary
5. Needs for Electronic Notary in Electronic Commerce
6. Mechanisms for Securing Safety and Reliability from the Viewpoint of the Electronic Commerce Party
7. Requirements from the Viewpoints of the Electronic Notary Organization
8. Challenges for Implementing the Electronic Commerce Safety and Proposals
This paper discusses the electronic notary system the Electronic Commerce Notary Promotion Associations Working Group has been considering along with it presenting Japan's situation and the electronic notary services already implemented in the U.S. already surveyed in the group's study, the outline needs for the electronic notary and requisites of the electronic notary system.
Although electronic commerce on an open network will enable global transactions at any time from anywhere on the earth, reduce running costs and increase opportunities of trade, it will be exposed to tapping, false statements, tampering and denials and errors by both relevant and third parties.
These threats and hazards should be addressed in terms of technologies. However, there are also threats and hazards difficult to eliminate only through technologies alone, so a comprehensive scheme for preventing or solving problems with technological, administrative and institutional mechanisms should be devised by analyzing the business flows of transaction models to meet the requirements and needs.
The Electronic Notary Study Working Group is scheduled to publish Guidelines for the Electronic Notary System in March 1998. Prior to the Guidelines, the progress of the Group's study will be presented (a review is being made on demand).
(1) Definition of electronic notary
As a new concept, the definition of electronic notary will be discussed from every point of view, along with the Electronic Notary Study Working Group's idea. The existence of electronic communication abilities between relevant parties, and dispute settlement under the administration rules.
When the concept of electronic notary is accepted as a social system to some extent, an appropriate name (instead of electronic notary) should be decided.
Discussions about electronic notary requires organizing among potential components of a scheme to secure safety and reliability of electronic communications concerning trade on networks (hereinafter referred to as the Electronic Commerce Safety Scheme).
In this electronic commerce safety scheme, Electronic Exchange: Electronic mail, electronic money, contract for electronic commerce, electronic saving, etc. Constituent parts: Certification, electronic notary, operational performance rating, commerce monitor (electronic money, etc. ), commerce disposal, power control (age, location area certificate), company rating, damage compensation (insurance, warranty), network monitor, recognition, monitor.
Electronic notary is defined as a mechanism that evidences 'who (with whom)', has made electronic interchange 'what' 'when', for electric commerce, taking into consideration among potential components ('who (with whom)', should be included in the authentication function).
Components: Includes identification of the sender of electronic (digital) information, time stamps, detection of tampering, confirmation of receipt and electronic storage of original-natured evidences. Within a company, importance will also be placed on records of the approval process and the control and recording of access.
These are also useful as evidence during a problem or dispute.
Note that in the following descriptions, the administrative entity includes electronic facilities held by relevant parties, as well as trading parties, the Electronic Notary Center (tentative name).
As shown in Figure 1, electronic notary is allowed to use the authentication institution that authenticates 'who (with whom)', as its infrastructure, to carry out its functions. Moreover, in terms of relations with other organizations, the roles and definition of electronic notary will vary, depending on whether the notary system assumes use (inclusion) of services of related organizations. This paper follows the definition stated above and assumes that users rely on services offered by components (institutions) according to need.
From the viewpoint of users (unfamiliar with information technologies in particular) there are some challenges concerning operability. Role-sharing and tie-up with components are worth considering for electronic notary as a social service.
Whether electronic storage is implemented depends on the spread of electronic technologies among users.
iQjWhen Electronic Notary is Needed (Representative Cases)
The following needs are assumed:
The world's notary systems can roughly be divided into Latin (Continental) ones (notaire or notar) and the English/American-type (notary public). The latter is engaged only in signature attestation, i.e., attesting that a signature on a private debenture is the true signature of the signer with no legal qualifications required, while the former is authorized, in addition to signature attestation, to create notary deeds and must be legally eligible (Article 5 of Germany's Notary Law states that only judges can be a notary).
Japan's Notary Law is a Latin type, following the German system, and the Japan Federation of Notary Publics is a member of the International Federation of Latin Notary. This international organization holds a general meeting every three years, and Japanese representatives who attended the meeting held in Montreal, Quebec, Canada in 1986, found that the title in English, of participants from other countries, was only 'Notary.' Thus, Japan's notary community reached a consensus that a notary public might be called just a notary in English, which was officially accepted by a memorandum form the Director of the Civil Affairs Bureau, the Ministry of Justice.
(1) Trends in Japan
Below are activities related to electronic notary:
i) Inter-Corporate High-level Electronic Commerce Promotion Project
(ii) Objectives of the Inter-Corporate High-level Electronic Commerce Promotion Project
(iii) Position of the Project
Secondary supplementary budget for fiscal 1995 (21.75 billion yen)
(iv) Number of sub-projects
At present, 26 sub-projects are under way, including Tests for Creating Open Markets Accompanied by the Electronic Notary System as a sub-project related to electronic notary. Chapter 4 will deal with these sub-projects.
Interim Report from the Study Group for Legislation of Electronic Commerce (Draft), March 1997
Report, May 1997
Report, May 1997
Report, March 1997
The crucial issue for the Ministry of Justice is the computerization of notarial acts at every notary's office. The electronic notary system should include attestation of electronic private documents, electronic dating, the creation of electronic notary deeds and custody and evidencing of electronic documents.
These functions may be used from the viewpoint of lawfulness (contents), and protection (punishment) of electronic official documents and telegrams. However, ordinary transaction data in electronic commerce should not be monitored by a third party (public or private), but controlled by trading parties themselves, so that the data are effective as evidence against a dispute in a security system (internal system by trading parties or a third party).
The Ministry of Posts and Telecommunications attaches the greatest importance on the computerization of the contents-certified mail, which resembles the service provided by (2) 6) USPS. At present, people are supplied with contents certification service at the counter of a post office, computerization of certification through networks equipped with attestation, time-stamps, and encryption functions (any time, any person and anywhere) that may lessen the importance of geographical locations of post offices.
The Electronic Notary Study Working Group set a lot of value on self-regulation by trading parties on the principle of free trade, and is aiming at the effective use of state-of-the-art telecommunications technologies, and dispute settlements with agreements by trading parties (open technologies and rules).
For this purpose, challenges and needs in actual business (inter-corporate, and intra-corporate business processes) are being picked up, mechanisms are being devised to address or meet them and are being summarized into Guidelines as requirements for electronic notary from the viewpoint of users, those from the viewpoint of electronic notary service providers, one of options and suggestions on how to implement the Electronic Commerce Safety Scheme.
Needs for mechanisms are increasing to equip international trading with safety due to differences in legislation and conventions, and difficulties in building up trusting relations among trading parties. At present, however, neither technological infrastructure nor legal framework has been implemented. Cybernotary is a project initiated by the U.S. International Business Conference to remedy the lack of safety in international trade digitally made by U.S. parties by establishing a quasi-public position, roles and responsibilities of which is now under consideration.
Commerce-Net supports inter-operability of Internet EDI to implement appropriate standardization of software products.
Encryption algorithm, key control, integrity of contents, authentication and non-refusal of sender, receipt of signature and non-refusal of receipt, tracking, etc.
Requirements for Inter-operable
Internet EDI (draft-ietf-edint-req-01.txt)
This is an organization that approves a 'Trust Mark' for privacy and security in online trade, as well as creates/accepts reliable marks. The three marks below are now being used:
This organization provides Electronic Notary services to verify whether a specific piece of information actually existed in a specific format at a specific time, and the information remains un-tampered.
(i) URL of its home page
(ii) Targeted markets
(iii) Pricing (tentative)
20 - 7.5 cents per event (varies with gross volume per year)
(iv) Flow of the Electronic Notary service
Figure 2: Flow of the Electronic Notary service
Established by the merging of Doloitte & Touche and the Thurston group in January 1997 (in Chicago).
Authenticated data interchange service at a commercial basis is scheduled to start in September 1997.
(i) URL of its home page
(ii) Basic services
(iii) Targeted markets
Pricing competitive with postal services
Figure 3: Flow of Authenticated Data Interchange
USPS announced the Electronic Postmark service on February 19, 1997. This is an email service with digital stamps on the Internet, and will be available within the coming six months (with time-stamps and the attestation of being tamperless ). Authentication technologies are also scheduled within 18 months.
Price: 22 cents per 50K bytes (compared with 32 cents for ordinary post)
(i) URL of its home page
(ii) Technological tie-ups
Figure 4: Image of the Arrival Notice
What impressed the Electronic Notary Study Group most deeply during a tour in North America was that technologies of Surety were appreciated highly, and service providers (NetDox, USPS, zantaz, etc.) were based on technologies now emerging.
zantaz provides the Digital Safe* service (archive and retrieval offerings).
Surety Technologies believes that, since the Electronic Notary certificate is legally authorized as evidneces, an increase in users of this service will form a new commercial practice, which will raise the legal position of the Electronic Notary service.
Although there are differences in the notary system and perception of safety, private service providers are striving to play important roles in this social system in the U.S.
In addition, a variety of software products have been developed for business communications, such as order placement' and some software products are equipped with mechanisms to secure safety and reliability (e.g., response with digital signature).
Trade participants there are assuming a basic stance to address problems as their own responsibilities.
(i) Characteristics of each type of trade
Consideration is required for each type and step of trade, e.g., continued trade or one-time trade (market-type) or the process before the conclusion of a basic agreement or after.
Figure 5: Characteristics of Each Type of Trade
(ii) Characteristics of developed and standard products
Developed products: protection of secrecy, difficulty of replacement and rapid shortening of product life-cycles
Standard products: alternatives, corporate potentiality, market type and more opportunities for smaller businesses
(iii) Threats from third parties
Trade types, trade processes and threats for each event (false statements, tapping and tampering)
(iv) Threats from counterparts
Intentional: tampering, denial and leakage of secrecy
Accidental: errors (operation error, input error, etc.)
Figure 6: Threats from Counterparts
Spread of the Internet has resulted in a construction of intranets inside intra-corporate information systems and extranets connecting multiple organizations. Under these circumstances, one of the challenges is security and most people tend to attribute this problem to external factors.
Actually, however, some surveys have revealed that internal factors cause the majority of problems related to security.
Breakdown of causes of damage
Figure 7: Breakdown of Causes of Damage
Source: Information Week/Ernst and Young/Data General (as of Oct. 1996)
Where needs exist for intra-corporate electronic notary should be identified, while taking into consideration electronic data interchange with external entities.
@Measures to cope with Problems related to Own Processing in Companies and Organizations
Decision making procedure, recording and saving of approval facts of various approval processes (changeable, fixed)
¨ Process Recording
ACountermeasures against Threats from New Information Infrastructure
Threats from the network: False statement, wiretapping
¨ Enhancement of certification and access control
BSafety and Reliability Measures for Electronic Information which is Emerging outside of Information Systems
Contracts and IOUs between employees and companies ¨ Existence of actual results and saving content recordings
CMaintenance of Trust and Reliability of outside people
Transparency of companies, audit acceptance ¨ System operations with safety and reliability
Models of both inter-corporate trade and intra-business process imply the existence of needs (for securing reliability and safety). Levels of urgency vary with the value of trade information.
As an easy-to-understand example, the level of requirements for electronic notary on trade information will be different between a large-amount transaction and a small-amount deal. The extent of confidentiality or credit conditions of counterparts should also affect the concerns of a party.
Since electronic commerce has just started, all the needs (and definition) for electronic notary are not able to be clarified. Therefore, actual examples should be further collected.
Based on needs, functions required of electronic notary can be summarized as shown in the figure below:
Figure 8: Functions Required of Electronic Notary
Table 1 lists technologies related to implementation of functions required of electronic notary, which includes technologies for the digital signature, encryption, time stamp, digital safe, and access control. Descriptions of individual technologies are omitted.
Table 1 Functions Required of Electronic Notary and Related Technologies
|Functions Required of Electronic Notary||Related Technologies, etc.|
|Authentication of sender||Authentication and digital signature|
|Time stamp||Time-stamping (GMT)|
|Prevention of tampering||Encryption|
|Detection of tampering||Digital information on
networks: digital signature
Information to be stored: MAC (authenticator)
|Confirmation of arrival||Digital signature|
|Electronic storage of originality-guaranteed information||MAC, encryption, access control and digital safe|
|Recording of processes||Authentication, digital signature, MAC, encryption, access control, and digital safe|
|Control and recording of access||Authentication, access control, and digital safe|
The date and time given by a person other than relevant parties (a third party).
(i) Objectives of the time stamp
Example: Digital preservation with higher reliability (to prevent information from tampering)
a. When a digital document existed.
Example: Idea of a patent
b. Electronic commerce
Example: Public bidding (digital trading house), and cooling-off
c. Digital application and filing
Certification to a third party of who sent digital information with what content to whom and when.
(i) Objectives of certification of the content
(ii) Requirements for certification of the content
Who (with whom): Authentication
When: Time stamp (on limited occasions)
What: Existence of the content (bit array) (private institutions have to secure confidentiality of communications.)
Certification of confirmed delivery of digital information from a sender.
(i) Objectives of certification of delivery
Example: Order slip
(ii) Implementation of certification of delivery
Digital data are stored as evidences.
(ii) Requirements (estimated)
Digital preservation of documents specified by law.
(i) Current situations
(ii) Requirement for digital preservation proposed by the Sub-committee
Relevant parties have to implement necessary notary functions by taking into consideration economical merits and convenience, so costs needed for administration are estimated as shown in models I<II<III<IV.
Therefore, models should be selective according to trusting relations with trade counterparts, the value of trade information (amount, confidentiality, etc.), and requirements for digital preservation as evidences, e.g., certification of time.
Below are described models for implementing electronic notary, feasibility of services for each model (e.g., time certification will be implemented in model IV) and typical examples of these models.
Various models can be designed for data interchange among participants in electronic commerce. These models are summarized in Figure 9.
Figure 9: Electronic Notary Models
Out of functions required of the electronic notary system, the model III, the digital platform among relevant parties, has difficulty in implementing certification of time. This is because integrity of the time stamp given by a relevant party cannot be certified.
While digital preservation by a third party seems safer due to independence of personal management, securer digital preservation systems are being studied and developed. So, the weight of human factors will reduce. As a result, certification of time and secure digital preservation are expected to be implemented on the common digital platform operated by relevant parties.
Figure 10: Functions by Electronic Notary Model
Figure 11: Typical Examples
Multiple administrative systems may be operated by public institutions, private organizations, and intra-corporate functions, depending on types of user and service.
About administration, we expect more discussions as to roles of relevant organizations, and further consideration from the viewpoint of economical advantages and convenience for users.
Figure 12: Administrative Organizations of the Electronic Notary Systems
If the Electronic Notary Center (tentative name) is established, concrete talks are needed about its service functions, assignment and the range of responsibilities, and formats of operation (e.g., inter-operation). The following points are now under consideration, so we omit descriptions of them:
(2) Requirements for the Electronic Notary Center
(3) Inter-operability of the Electronic Notary Center
(4) Connections from the Electronic Notary Center to authentication institutions
(5) Scope of responsibilities of the Electronic Notary Center
(6) Challenges for establishing the Electronic Notary Center
Since the following issues are now being considered, we describe them briefly:
Problems incidental to electronic commerce will include technological troubles, which should be addressed within a very short time. Mechanisms are necessary to meet this requirement.
The propriety and procedures require further consideration regarding disposition by suspending trade, i.e., a party who interfered with trade or made unfair trade is disabled from continuing trade. For example, information on such party is published.
(i) Personal attributes
As part of control of authority, access by a person under age should be restricted. For example, the person is allowed to access a cyber-shop, but not to do shopping.
(ii) Restriction on regions
Validity or eligibility of a region should be checked, e.g., verifying that an order has been placed from a region export to which is not restricted.
Trade on networks must be monitored to prevent, for example, illegal copy of image data, or abnormal flow of electronic money, which may lead to disputes. Illegal copy can be detected with the watermarking technology using multiple monitoring servers.
Participants in electronic commerce must be equipped with electronic and administrative facilities. These facilities should be evaluated with some criteria, and the results published to support efficient trade.
Reference data should be provided to help users comprehensively evaluate credibility of companies making electronic commerce. Ultimately, however, trade must be made at user's risk.
Loss or damage (damage to a party or third party) incidental to electronic commerce will be compensated with some insurance or guarantee.
@Clear definition (broader sense, narrow sense)
Roles of Electronic Commerce Safety Organization (tentative name) and Electronic Notary
Difference between Electronic Certification and Electronic Notary
Deepening of Electronic Notary Needs
Roles by Electronic Notary Models (internal, external: private, public)
Requirements and maintenance of Electronic Commerce Electronic Saving (example: output is not possible.)
BMaintaining Continuity of Operations Inside and Outside of a Company
Necessity of Seamless Security Infrastructure
CRole of Digital Information and Analog Information (human or paper society)
EProblems to Make it Happen
(cost balance, etc.)
[ECOM HOME PAGE]