As an expert, I provided comments on legal and technical aspects to the final report of the "Use Case Demonstration Project for the Realization of a Trusted Web" project entitled "Information Services International-Dentsu, Ltd.: A new mechanism for promoting 'trusted transactions based on KYC/KYB'" which is an initiative using OpenID4VC.

Trusted Web Promotion CouncilIt was carried out as part of"Use Case Demonstration Project for the Realization of a Trusted Web in FY2022 Supplementary Budget" OfFinal report meetingis currently being implemented. It will be held on 2/29 and 3/4.

Event Outline

Date and Time	令和6年2月29日（木）9:55~17:00（12:00~13:00休憩） 令和6年3月4日（月）10:00~17:05（12:00~13:00休憩） *Times may vary slightly.
形式	Online (Zoom)
How to apply	Please apply below. If you wish to attend both days, please apply for both. To register for the event on Thursday, February 2th,CLICK HERE To register for participation on Monday, March 3th,CLICK HERE

I am participating in this demonstration as an expert in charge of the following use cases:

2/29

Times of Day	Type	Item
November 29st 10:00~ 11:00	report	Information Services International-Dentsu Ltd. (A new system to promote "trustworthy transactions based on KYC/KYB")

This initiative will utilize Trusted Web technology in the future, making it possible to verify the trust of information across entities, and thus KYC.¹/KYB²If issuers of certificates related to KYC/KYB are able to provide verifiable credentials (VC), it would be possible to reuse KYC/KYB data, which could improve efficiency and promote trustworthy transactions. Based on this, this is a demonstration project to consider and verify a new mechanism for promoting trustworthy transactions based on KYC/KYB, using the example of "opening a corporate account at a financial institution."

In the demonstration,Dentsu Institute of Researchhas a long track record in eKYC business targeting financial institutions, etc.ACSiONIn addition, we are considering a KYC/KYB VC issuance service and conducting verification using a prototype system with the cooperation of financial institutions. In terms of technology, we provide the core functions of OAuth2.0 and OpenID Connect (OIDC) as APIs.Authletehas joined the company and will incorporate OID4VCI (OpenID four Verifiable Credential Issuance), which adds the latest specifications to its products, into its architecture.

The main comments provided were:

• [Legal implications]In practice, KYC/KYB information is sufficiently reliable and technically³However, this may not be possible from a legal standpoint, such as the Criminal Proceeds Act. We need to consider amending the law, and it is very good to have received suggestions on this point.
• [Technical suggestions]In the VC Issuer-Holder-Verifier model, the fact that the verifier is anonymous from the issuer's perspective is of great privacy significance to the holder (target individual), but from the VC issuer's (issuer's) perspective, not knowing who will use the information and for what purpose is a major risk factor. To improve this situation, it may be technically possible to group verifiers in similar business categories with the same purpose and apply audience restriction to them. For example, it may be possible to send a VP request with a group signature, and have the issuer issue a VC to that group.⁴We would like to see these points fed back to standard-making organizations.

There are many other questions, but I will answer them all later.TrustedWeb YouTube ChannelIt should be available on twitter, so please refer to that. Once it is released, I will also include a link to this article.

1. Know Your Customer. Personal Identification
2. Know Your Business. Corporate identity verification
3. Verifiable Presentation
4. This could potentially solve the "arteries and veins/information flow and the golden dragon" problem - the issue of paying for information - that has been pointed out by the Trusted Web Promotion Council.