Proposal of an Identity Verification System Using Trusted Execution Environment in the Japan's Digital Authentication App
Abstract
As digital identity systems continue to evolve, ensuring the secure handling of personal data and authentication tokens on the service provider side has become increasingly critical. Japan's My Number Card is a national identification card that contains an IC chip storing personal information such as name, address, and date of birth, and is increasingly used for digital services. The Digital Authentication App provided by Japan's Digital Agency enables online identity verification using the My Number Card and provides APIs that allow service providers to access user information with the user’s consent. Although the Digital Agency mandates the secure management of such data, its guidelines do not specify concrete technical countermeasures for server-side environments that process and store tokens and personal data. To address this issue, we propose a practical server-side architecture that integrates AWS Nitro Enclaves, a Trusted Execution Environment (TEE), with Japan's Digital Authentication App APIs. Our system confines OpenID Connect (OIDC) token validation and user information access entirely within a TEE, thereby resisting insider threats and compromised operating systems. Furthermore, audit logs are protected with digital signatures and hash chaining, enabling verifiable integrity and non-repudiation. To validate the feasibility and performance of the proposed architecture, we implemented a prototype demo system and conducted measurement experiments. Preliminary measurement results indicate that the integration of TEE introduces limited performance overhead while enhancing security guarantees. This architecture demonstrates a practical and scalable approach
to strengthening trust in digital authentication services from the service provider's perspective.
Keywords
Full Text:
PDFRefbacks
- There are currently no refbacks.
