Pilot Phase Safety Guide (For Users)

1. Introduction

The Web/A Form Maker (the "Tool") and the documents generated by it currently display warnings such as "EXPERIMENTAL" or "PILOT PHASE."

This indicates that the system is currently in the "Technical Verification and Pilot Operation Phase." We are testing security and usability as we move toward full production. We ask all users to follow the guidelines below when using the tool.

2. Precautions for Use

2.1. Data to Avoid

As the tool is an evolving prototype, please DO NOT enter the following types of information to minimize the risk of a security incident:

• Sensitive Personal Information: Information that could lead to discrimination or disadvantage, such as medical history, beliefs, or social status.
• Passwords for Other Services: Login credentials for banking, email, SNS, etc., which pose a high risk of identity theft.
• Highly Confidential Information: Any data that could cause significant damage to an organization or individual if leaked.

2.3. Key Management and Authenticity

The authenticity of certificates issued by this system is based on "private keys" managed by the issuer. During the pilot phase, these keys are managed in a prototype environment.

• Keys and certificates used for signing have expiration dates. Verification may fail after the expiration date.
• In case of suspected key loss or compromise, issuers will immediately revoke the affected keys.

2.4. Support and Inquiry Response

As this project is an experimental endeavor, we do not provide 24/7 commercial-grade support.

• Contact for Issues or Questions: Please contact your organization's system administrator or use the Product Team's issue tracker.
• Response Hours: Support is generally provided on a "best-effort" basis during weekday business hours.
• Emergency Response: If a critical security flaw is discovered, we may suspend the entire system or revoke keys without prior notice.

3. Latest Security Technologies

To prepare for future standard data exchange, this system experimentally incorporates the following advanced security technologies:

1. Passkey (WebAuthn) Authentication: Leverages device-standard biometrics (Passkeys) to provide phishing-resistant, secure authentication and signing. This technically proves the presenter is the legitimate registrant (person authentication) without relying on passwords.
2. HPKE (Layer 2 Encryption): Utilizes Hybrid Public Key Encryption (HPKE), ensuring that only the intended recipient can decrypt the content. This provides end-to-end privacy where even the server cannot view the data.
3. Post-Quantum Cryptography (PQC): Standardizes digital signatures using modern lattice-based algorithms (ML-DSA) that are resistant to future decryption risks posed by quantum computers.
4. HMP (Human-Machine Parity) Trial: A concept to ensure parity between "what humans see" and "what machines process." We are trialing a unique defensive mechanism that scans both the visible fields and digital data during signing to detect opaque or hidden information.

4. In Case of Issues

If you notice suspicious behavior (e.g., unintended data transmission, warnings being bypassed, or data leaks) while using the tool, stop immediately and contact the Product Team. Additionally, if "Signature Verification" fails for a document, it may indicate that the document has been tampered with or that the key has been revoked.

5. Related Materials (For Technical Experts)

For detailed technical responses and audit reports, please refer to:

• Web/A Security Audit Index

Web/A Product Team - Pilot Safety Policy (2024-12-31)