Category: Security

Events identity OpenID Security

Participating in the panel "Current Status and Future of OSS Initiatives in Economic Security" at Okinawa Open Days

Nat 2025-12-04 No Comments

I'm writing this on the day of the event, or rather, right now (12/4 9:45 AM) at my desk preparing for the panel, and I will be appearing on the panel mentioned above. There will be an 8-minute presentation on the panel, and the thumbnail is the cover of that presentation. Once it's finished, I'll upload the materials here. [Updated 13:23] Here are the materials. Please review them.

Further display Participating in the panel "Current Status and Future of OSS Initiatives in Economic Security" at Okinawa Open Days
identity Security Government

"DS-511 Guidelines for Handling Digital Identities in Identity Verification in Administrative Procedures, etc." has been published

Nat 2025-09-30 No Comments

The Digital Identity Guidelines, which we have been involved in formulating for three years as an expert (Revision of the Identity Verification Guidelines: Expert Meeting on Issues, Examples, and Methods in Identity Verification Practices and Their Guidelines), have now been published. They can be viewed on the Digital Society Promotion Standard Guidelines page. This guide...

Further display "DS-511 Guidelines for Handling Digital Identities in Identity Verification in Administrative Procedures, etc." has been published
The UK Online Anne Z Act is being discussed in various ways
AI identity Security Public policy Government Overseas

[Age Verification] UK Online Safety Law is being toyed with in various ways: Bypassing it with VPNs and bypassing biometric authentication with Death Stranding

Nat 2025-08-06 No Comments

What is the UK's Online Safety Act? The UK's Online Safety Act was officially enacted into law on October 2023, 10, and will come into full effect on March 26, 2025 (the actual implementation date will be determined for each article). It requires online service providers to take measures against illegal or...

Further display [Age Verification] UK Online Safety Law is being toyed with in various ways: Bypassing it with VPNs and bypassing biometric authentication with Death Stranding
Study Group on the Realization of a Safe and Secure Metaverse
identity Security Your Privacy Public policy

Ministry of Internal Affairs and Communications Study Group on the Realization of a Safe and Secure Metaverse Announces 2025 Draft Report - Identity Verification, Privacy, and Accountability in the Metaverse (Public comments accepted until August 8th)

Nat 2025-07-23 No Comments

P.S.: Public comments are being accepted from August 8th to 4th. If you have any opinions, please visit https://www.soumu.go.jp/menu_news/s-news/27iicp01_01.html. The submission form and other details are available on this page of e-gov. Today, the 02000126th year of Reiwa...

Further display Ministry of Internal Affairs and Communications Study Group on the Realization of a Safe and Secure Metaverse Announces 2025 Draft Report - Identity Verification, Privacy, and Accountability in the Metaverse (Public comments accepted until August 8th)
The Financial Services Agency amends its supervisory guidelines. Phishing-resistant authentication methods will become mandatory. It's not biometric authentication as some articles say!
identity Security

The Japanese Financial Services Agency amends supervisory guidelines. Phishing-resistant authentication methods will become mandatory. It is not biometric authentication as some media say, however! Public comments are open until August 8th.

Nat 2025-07-16 Comment

On the 15th, the Financial Services Agency began accepting public comments under the title "Publication of a partial revision (draft) of the "Comprehensive Supervision Guidelines for Financial Instruments Business Operators, etc." The deadline is 18:17 PM on Monday, August 00th (must arrive by this date). This case concerns the theft of customer information (login IDs, etc.) from phishing sites disguised as securities company websites...

Further display The Japanese Financial Services Agency amends supervisory guidelines. Phishing-resistant authentication methods will become mandatory. It is not biometric authentication as some media say, however! Public comments are open until August 8th.
The threat of real-time phishing that cannot be prevented by one-time passwords - The true nature of phishing resistance using passkeys
identity Security

The threat of real-time phishing that cannot be prevented by one-time passwords - The true nature of phishing resistance using passkeys

Nat 2025-06-20 No Comments

In recent years, phishing attacks targeting financial institutions and other organizations have become more sophisticated, and a method called "real-time phishing" in particular has become a serious threat. This type of attack can even invalidate one-time passwords (OTPs), which have traditionally been considered effective in preventing phishing attacks.

Further display The threat of real-time phishing that cannot be prevented by one-time passwords - The true nature of phishing resistance using passkeys
identity Security Your Privacy

Japan Post to consider introducing 7-digit alphanumeric address recognition for deliveries to Rakuten Group and other companies...

Nat 2025-05-26 No Comments

The top story in the Nikkei newspaper on May 5th was "Japan Post to consider introducing 26-digit alphanumeric address identification for deliveries to Rakuten Group and other companies", but experts have already started to comment on it. Professor Ichiro Sato of the National Institute of Informatics and editorial committee member Naoki Asakawa of Nikkei BP are both right. Of course, on the other hand...

Further display Japan Post to consider introducing 7-digit alphanumeric address recognition for deliveries to Rakuten Group and other companies...
identity Security

Authorized Push Payment (APP) Fraud and the Impact of Digital Identity Wallets

Nat 2025-05-24 No Comments

I wrote this report a few months ago, but I think it's important, so I'm publishing it here. It's 4 A28 pages long... It's related to the current topic of securities account fraud, and was brought up at the 29th Shirahama Cybercrime Symposium, "Rethinking Identity: Anonymity, Impersonation, Persona, and the Non-Human."

Further display Authorized Push Payment (APP) Fraud and the Impact of Digital Identity Wallets
The Financial Services Agency has requested financial institutions to review the practice of sending password-protected ZIP files via email (so-called PPAP).
Security

The Financial Services Agency has requested financial institutions to review the practice of sending password-protected ZIP files via email (so-called PPAP).

Nat 2025-05-24 No Comments

According to a May 5 report by Nikkin, the Financial Services Agency has asked financial institutions to reconsider the practice of sending password-protected ZIP files by email (so-called PPAP). This is because there is a risk of information leakage if the recipient's security software cannot detect malware (malicious programs). Now...

Further display The Financial Services Agency has requested financial institutions to review the practice of sending password-protected ZIP files via email (so-called PPAP).
identity Security Your Privacy Public policy Government

[Digital Agency] Summary of the Expert Meeting (FY6) on Revision of Identity Verification Guidelines has been published

Nat 2025-04-01 No Comments

On April 4, the Digital Agency published the summary of the expert meeting (1 fiscal year) for revising the identity verification guidelines. The "DS-6 Guidelines on Online Identity Verification Methods in Administrative Procedures" (commonly known as the "Identity Verification Guidelines") provides a method for safely verifying identities when digitizing administrative procedures.

Further display [Digital Agency] Summary of the Expert Meeting (FY6) on Revision of Identity Verification Guidelines has been published