News Release

This document has been translated from the Japanese original for reference purposes only. In the event of any discrepancy between this translated document and the Japanese original, the original shall prevail.

March 5, 2026

JCI Announces “FPoS IoT,” a Trust Infrastructure for IoT/M2M Devices
— The First Neo Carrier Solution: An IoT Trust Infrastructure Using eSIM as the Root of Trust —

Japan Communications Inc. (hereinafter referred to as "JCI") today announced FPoS IoT, an authentication infrastructure that ensures the authenticity of IoT and M2M devices (hereinafter collectively referred to as "IoT devices"). FPoS IoT generates a private key within the secure area of an eSIM and safely stores the key within that secure environment. By combining the private key with a digital certificate, the system ensures the authenticity of IoT devices. FPoS IoT extends the FPoS framework previously provided by JCI into the world of IoT devices. It serves as an authentication infrastructure that evolves IoT devices from simply "devices connected to a network" into "verifiable entities connected to a network."

Today, numerous IoT devices are connected to networks across various fields, including smart meters for essential utilities such as electricity, gas, and water, as well as devices used in industries such as manufacturing, healthcare, and logistics. Service providers analyze and control the data exchanged by these devices to improve services, prevent accidents, and support management or governmental decision-making. In such cases, a fundamental requirement is that the device exchanging the data is authentic—that is, it is the same device recognized by the service provider and has not been impersonated.

Many IoT systems currently rely on IDs, passwords, or software-based authentication methods to verify device authenticity. However, such information may be copied by third parties and therefore cannot completely prevent device impersonation.

Public key cryptography, on the other hand, is an effective technology for verifying authenticity. In this approach, the owner of a public key is identified through a digital certificate, and encryption is decrypted using a pair of public and private keys. The most important requirement for public key cryptography is that the private key must be unique and cannot be duplicated by third parties. If a private key were duplicated, it would become impossible to distinguish genuine devices from fraudulent ones.

For this reason, private keys have traditionally been stored within secure hardware environments known as Hardware Security Modules (HSMs). IC cards such as ATM cards, credit cards, and My Number cards are typical examples. However, because the private key is embedded during the IC card manufacturing process, additional costs are required to ensure security during production.

In contrast, JCI’s FPoS implements a mechanism in which private keys are generated and stored within secure areas built into smartphones (iPhone and Android). Because the keys are generated directly within the smartphone, the system offers advantages such as lower cost and real-time verification.

In the field of IoT devices, the use of eSIMs is expanding and may become the mainstream connectivity method for IoT devices in the future. Currently, JCI issues eSIMs to customers through eSIM platforms provided by mobile network operators (MNOs). However, under the Neo Carrier service scheduled to launch in November 2026, JCI will issue eSIMs using its own eSIM platform, enabling the realization of FPoS IoT.

Against this background, JCI plans to begin providing FPoS IoT after November 2026. By utilizing eSIM (eUICC) as a hardware-level root of trust, FPoS IoT will extend JCI’s digital identity infrastructure, FPoS, to IoT devices.

With FPoS IoT, a unique private key is generated and securely stored within the hardware-level secure area of the eSIM for each individual IoT device. A corresponding digital certificate*1 is then issued. The digital certificate records the device identification number, and the combination of the digital certificate and the private key enables the authenticity of the IoT device to be verified over the network. Through this mechanism, IoT devices can participate in networks not merely as "devices connected to a network," but as "verifiable entities connected to a network."

FPoS IoT's mechanism

*1 The digital certificates used in FPoS are issued by an accredited digital certification authority issuing accredited digital certificate under the Digital Signature Act. An accredited digital certificate satisfies strict requirements established by the government not only in terms of technology, but also in facilities, operations, and auditing systems.

About Japan Communications Inc. (JCI)
Japan Communications Inc. (JCI), founded in 1996, is a pioneer who created the MVNO market and has brought innovation to the telecommunications industry. While JCI has established a stable profit model in their main business, simple and rational mobile communication services, JCI is aiming for further growth. JCI has strengths in patented technologies such as the mobile leased line "Closed SIM-to-SIM Communication" and the digital authentication technology "FPoS," and is focusing on providing mobile communication services and digital authentication infrastructure based on the authentication technology. The PCI DSS-certified mobile leased line is adopted by high-security sectors, such as police and bank. The FPoS supports security at the highest global standards and convenience. Under the mission of "carrying bit in safety and security," JCI is aiming for developing social infrastructure such as secure mobile environment beyond national borders and is working on sustainable growth and improving corporate value.