TOPPAN Holdings Co., Ltd. TOPPAN Digital/NICT/ISARA develops an IC card system capable of hybrid support of quantum-resistant computer encryption and current encryption

[TOPPAN Holdings Co., Ltd.] TOPPAN Digital/NICT/ISARA develops an IC card system capable of hybrid support of quantum-resistant computer encryption and current encryption ​
TOPPAN Holdings Co., Ltd. Press release: October 7, 2024 TOPPAN Digital/NICT/ISARA develops an IC card system capable of hybrid support of quantum-resistant computer encryption and current encryption Enabling a smooth transition to quantum-resistant computer cryptography for the realization of safe and secure social infrastructure TOPPAN Digital Co., Ltd.
(Headquarters: Bunkyo-ku, Tokyo, President: Kazunori Sakai,
hereinafter referred to as TOPPAN Digital), a group company of TOPPAN Holdings, and National Institute of Information and Communications Technology (Chairman: Hideyuki Tokuda, hereinafter referred to as NICT) ISARA Corporation (Headquarters: Ontario, Canada, CEO: Atsushi Yamada, hereinafter ISARA) is a company that uses post-quantum cryptography (PQC), which is difficult to break even with quantum computers, and the current We have developed an IC card system “SecureBridgeTM” that is compatible with both encryption and encryption. The three parties have been collaborating on research since April 2021 regarding the implementation of PQC on IC cards, and this time, they have announced the development of the “PQC CARD(R)” (*1) and private certificate authority (*1) developed in October 2022. *2) has been updated to support electronic certificates (hereinafter referred to as hybrid certificates) that enable both PQC and current cryptographic authentication. In addition, this system has been implemented on the quantum cryptography network testbed operated by NICT as the Healthcare Long-term Integrity and Confidentiality Protection System (H-LINCOS) (* We applied it to user authentication in 3) and confirmed its effectiveness. Going forward, the three parties will utilize this technology to promote efforts toward the practical application and advancement of quantum secure cloud technology that will enable the safe distribution, storage, and utilization of highly confidential information into the future. Part of this verification was carried out with support from the Cabinet Office SIP Program “Promoting the Application of Advanced Quantum Technology Platforms to Social Issues” (Research Promotion
Corporation: National Institute for Quantum and Radiological Science and Technology). I did.
https://prcdn.freetls.fastly.net/release_image/33034/1517/33034-1517-dfd3159023cc415e42f819d542069997-900×347.jpg

Image of usage of hybrid compatible PQC CARD(R) (C) TOPPAN Digital Inc. ■ Background Services provided via the Internet, such as online medical treatment and e-commerce, are securely protected by encryption technology. However, in the future, there is a risk that quantum computers will be able to break the currently widespread cryptographic techniques. Therefore, there is an urgent need to transition to PQC, which is difficult to decipher even with quantum computers, especially in systems that handle important information such as medical, financial, and administrative information. In August 2024, the National Institute of Standards and Technology (NIST), a U.S. government agency, announced the PQC algorithm, which is the de facto global standard, and the transition trend is expected to accelerate further in the future. However, in recent years, information systems have become larger and more complex, and the transition period to complete PQC is expected to take a long time. If there is a mix of systems that have been migrated and systems that have not been migrated, authentication and encrypted communication will be difficult because the same encryption technology cannot be used on the accessing side and the accessed side. Therefore, TOPPAN Digital, NICT, and ISARA have developed an IC card system “SecureBridgeTM” that is hybrid compatible with both PQC and current encryption. We also combined these systems with H-LINCOS and conducted operational verification. In the future, we will enable a smooth transition to PQC in order to realize safe and secure social infrastructure. ■ Features of hybrid compatible IC card system “SecureBridgeTM” ・Compatible with both PQC and current encryption The PQC signature algorithm “ML-DSA” (*4), which is the de facto global standard, announced by NIST in August 2024, and “ECDSA” (*5), the signature algorithm used in the current encryption standard. ) is available for both. This allows you to authenticate against systems in various migration situations. ・Supports long-term transition period and enables safe and smooth transition Systems that handle important information are often complex and large-scale, so the transition period to PQC is expected to be long. Hybrid certificates can accommodate a variety of system conditions during the transition period, ensuring a secure long-term transition period and supporting a smooth transition. ■ Overview of demonstration experiment Purpose: Confirm basic operations such as user authentication and identify technical issues using the hybrid compatible IC card system “SecureBridgeTM” Implementation period: April to September 2024 Implementation details: In H-LINCOS operated by NICT, hybrid support is provided with IC cards that only support current cryptography and are used as HPKI cards (public key
authentication cards for health care), which are qualification certificates held by medical workers. In each case, we confirmed that the person’s identity was correctly authenticated using a compatible IC card, and that the electronic medical record system could be viewed. Results: We confirmed that user authentication can be performed correctly on a server that supports hybrid, whether the IC card supports only current encryption or hybrid. As a result, we were able to verify that hybrid certificates can be used to authenticate systems with various migration statuses. This result can contribute to making the long-term transition to PQC safe and smooth. ■ Role of the three parties TOPPAN Digital: Development of hybrid certificate support for IC card systems including “PQC CARD(R)” through
collaboration with ISARA, and collaboration with H-LINCOS NICT: Overall structure of this development, provision of long-term secure data storage and exchange system “H-LINCOS” aimed at healthcare applications ISARA: Development of hybrid certificate issuing function for private certificate authority through collaboration with TOPPAN Digital, development of “ML-DSA” firmware (*6) for IC cards ■ Future goals TOPPAN Digital will put the hybrid certificate-compatible IC card system “SecureBridgeTM” into limited practical use in the medical and financial industries that require high security in 2025, and will begin full-scale provision in 2030. We aim to In addition, TOPPAN Digital, NICT, and ISARA will utilize this technology to promote efforts toward the practical application and advancement of quantum secure cloud technology that will enable the safe distribution, storage, and utilization of highly confidential information into the future. I’m going. We aim to apply and expand PQC not only to the security of IC cards but also to a wide range of services via the Internet, including the protection and management of personal information in medical, financial, and administrative settings, and promote the development and demonstration of usage cases. Masu. *1 “PQC CARD(R)” IC card equipped with PQC.
https://www.holdings.toppan.com/ja/news/2022/10/newsrelease221024_1.html *2 Private certificate authority A private certificate authority is a system that operates within a limited range, such as an internal network, and has the function of issuing electronic certificates that guarantee the validity of servers. *3 H-LINCOS H-LINCOS (Healthcare long-term integrity and confidentiality protection system) is a long-term secure data storage and exchange system for healthcare, which uses confidential communication such as secret sharing and quantum cryptography, and public key authentication technology to secure electronic medical record data. It is a long-term secure data storage and exchange system for healthcare that provides highly available backup and mutual use between medical institutions. Reference: December 12, 2019 NICT press release
https://www.nict.go.jp/press/2019/12/12-1.html *4 ML-DSA A
next-generation cryptographic algorithm determined by NIST in August 2024 as Federal Information Processing Standards (FIPS). It is derived from the electronic signature algorithm “CRYSTALS-Dilithium” that uses lattice cryptography. *5 ECDSA Electronic signature algorithm based on public key cryptography ECC. It also has the advantage of having a key size that is about 1/10th that of RSA, which is also a public key cryptosystem, yet has the same level of security. *6 Firmware Software built into equipment to control hardware. *Product and service names mentioned in this news release are trademarks or registered trademarks of each company. *The information contained in this news release is current as of the date of announcement. It is subject to change without prior notice. Above