For Public Comment DRAFT MALAYSIAN STANDARD

Transcription

1 DRAFT MALAYSIAN STANDARD 14G007R1 STAGE: PUBLIC COMMENT (40.20) DATE: 01/08/ /09/2015 Code of practice for deploying secure applications through the Third Party Gateway for Government Multipurpose Card - Part 1: Secure connectivity (First revision) OFFICER/SUPPORT STAFF: (SD / rozi) ICS: Descriptors: code of practice, secure, application, third party gateway, government multipurpose card, connectivity Copyright DEPARTMENT OF STANDARDS MALAYSIA

2 Contents Page Committee representation...ii Foreword... iii Introduction...iv 1 Scope Terms and definitions Abbreviations Card Lifecycle Management System Third Party Gateway infrastructure Authentication and security access... 9 Bibliography STANDARDS MALAYSIA All rights reserved i

3 Committee representation The Industry Standards Committee on Information Technology, Communications and Multimedia (ISC G) under whose authority this Malaysian Standard was developed, comprises representatives from the following organisations: Association of Consulting Engineers Malaysia Chief Government Security Office Cybersecurity Malaysia Department of Standards Malaysia Federation of Malaysian Manufacturers Institut Tadbiran Awam Negara, Malaysia Majlis Keselamatan Negara Malaysian Administrative, Modernisation and Management Planning Unit Malaysian International Chamber of Commerce and Industry Malaysian National Computer Confederation Malaysian Technical Standards Forum Bhd MIMOS Berhad Ministry of Communication and Multimedia Ministry of Domestic Trade, Co-operatives and Consumerism Ministry of Energy, Green Technology and Water Ministry of International Trade and Industry Ministry of Science, Technology and Innovation Multimedia Development Corporation Sdn Bhd Multimedia University Persatuan Industri Komputer dan Multimedia Malaysia Science and Technology Research Institute for Defence SIRIM Berhad (Secretariat) Suruhanjaya Komunikasi dan Multimedia Malaysia Telekom Malaysia Berhad The Institution of Engineers, Malaysia Universiti Teknologi Malaysia The Technical Committee on Identification Cards and Related Devices which developed this Malaysian Standard consists of representatives from the following organisations: CALMS Technologies Sdn Bhd CyberSecurity Malaysia Datasonic Group Berhad IRIS Corporation Berhad Jabatan Imigresen Malaysia Jabatan Pendaftaran Negara Malaysia Malaysian Administrative, Modernisation and Management Planning Unit Malaysian Electronic Payment System Sdn Bhd Malaysian National Computer Confederation MIMOS Berhad Ministry of Home Affairs Multimedia Development Corporation Sdn Bhd Multimedia University Silterra Malaysia Sdn Bhd SIRIM Berhad (Secretariat) Tricubes Berhad Universiti Utara Malaysia ii STANDARDS MALAYSIA All rights reserved

4 Foreword This Malaysian Standard was developed by the Technical Committee on Identification Cards and Related Devices under the authority of the Industry Standards Committee on Information Technology, Communications and Multimedia. MS 2482 consists of the following parts, under the general title Code of practice for deploying secure applications through the Third Party Gateway for Government Multipurpose Card: Part 1 : Secure connectivity Part 2 : Applet configuration Major modifications in this revision are as follows: a) the title has been changed to Code of practice for deploying secure applications through the Third Party Gateway for Government Multipurpose Card - Part 1: Secure connectivity ; b) definitions of generic applet, generic applet module, chip and TPG Agency SAM Bank have been introduced in 2.3, 2.4, 2.5 and 2.13, respectively; c) definition of Secure Access Module (SAM) has been amended in 2.9; d) new Figure 2 regarding Agency s TPG system and network architecture for MyKad Category B has been added; e) new subclauses 6.3.4, and have been added; f) new Figures 4, 5, 6 and 7 have been added; and g) new Tables 4, 5, 6 and 7 have been added. This Malaysian Standard cancels and replaces MS :2012, Code of practice for deploying secure applications through the Third Party Gateway for Malaysia Multipurpose Smart Card - Part 1: Secure connectivity. Compliance with a Malaysian Standard does not of itself confer immunity from legal obligations. STANDARDS MALAYSIA All rights reserved iii

5 Introduction Overview In view of the current situation where many new companies, organisations and agencies are interested to utilise the Government Multipurpose Card (MyKad), to store their business related information, National Registration Department of Malaysia () has established an infrastructure to enable the addition of new applets to be stored in the MyKad chip from external sites/agencies. This connectivity termed as Third Party Gateway (TPG) is the access point to the s Card Lifecycle Management System (CLMS).The external agency requiring the services will need to develop their TPG system interface to connect to the CLMS at. Objective The objective of this standard is to facilitate application development on MyKad through the TPG of the agency. Furthermore, it ensures that these applications are to be deployed in a secure manner through a standard guidance. iv STANDARDS MALAYSIA All rights reserved

6 Code of practice for deploying secure applications through the Third Party Gateway for Government Multipurpose Card - Part 1: Secure connectivity 1 Scope This Malaysian Standard provides guidance for deploying secure applications through the Third Party Gateway (TPG) for the Government Multipurpose Card (GMPC) such as MyKad issued by National Registration Department of Malaysia (). This standard details the remote access framework for delivering secure communication between the authorised agencies TPG systems and the Card Lifecycle Management System (CLMS) at. 2 Terms and definitions For the purposes of this standard, the following terms and definitions apply. 2.1 Application Program Interface Application Programming Interface (API) is an interface implemented by a software program which enables it to interact with other software. In this standard, API refers to the programs interfacing CLMS to the TPG systems. 2.2 Card Lifecycle Management System Card Lifecycle Management System (CLMS) manages the card and its applets lifecycle. 2.3 Generic Applet A pre-determined applet provided by which can be customised and used by other organisations/agencies to store their business related data in MyKad. 2.4 Generic Applet Module A TPG module manages signed applet and TPG Client Secure Access Certificate. 2.5 Chip It is a small electronic device made out of a semiconductor material and commonly referred as integrated circuit. 2.6 MyKad MyKad is a multi-application Integrated Circuit(s) Card (ICC) issued by the National Registration Department of Malaysia to citizens of Malaysia. The artwork for MyKad is blue. There are two categories of MyKad in circulation i.e. Category A and Category B NOTE. For information on the categories of MyKad, refer to. STANDARDS MALAYSIA All rights reserved 1

7 2.7 MyKad applet A set of instructions that enables the creation/deletion of data items in the MyKad chip. 2.8 MyKad reader Software Development Kit (SDK) A set of development tools that is obtained from the respective reader distributor or developer to read open data from MyKad. 2.9 Secure Access Module (SAM) An integrated circuit(s) card used to enhance the security and cryptography performance in secure electronic transactions. The SAM size can be in the form of normal card size of mm wide by mm height by 0.76 mm thick or the nominal size of 25 mm wide by 15 mm height by 0.76 mm thick Simple Object Access Protocol Simple Object Access Protocol (SOAP) is a protocol specification for exchanging structured information in the implementation of web services in computer networks Secure Sockets Layer Secure Sockets Layer (SSL) is a cryptographic protocol that provides security for communications over a network Third Party Gateway Third Party Gateway (TPG) is the access point to the s Card Lifecycle Management System (CLMS). The connectivity between s CLMS web server and the agency s TPG server is secured through the SSL Authentication System TPG Agency SAM Bank (applicable to MyKad Category B) A collection of SAMs housed in a secured hardware provided by to secure the process of initialisation, personalisation and data read write. 3 Abbreviations For the purposes of this standard, the following abbreviations apply. AMM APDU API CLMS CMM Application Management Module Application Protocol Data Unit Application Programming Interface Card Lifecycle Management System Card Management Module 2 STANDARDS MALAYSIA All rights reserved

8 CTM GA GAM GMPC ICC KMM Card Tracking Module Generic Applet Generic Applet Module Government Multipurpose Card Integrated Circuit(s) Card Key Management Module National Registration Department SAM SMM SOAP SSL TLS TPG XML Secure Access Module SAM Management Module Simple Object Access Protocol Secure Sockets Layer Transport Layer Security Third Party Gateway Extensible Markup Language 4 Card Lifecycle Management System 4.1 Overview of CLMS CLMS manages the card and its applets lifecycle. The system records the card historical data from creation until disposal/deactivation. 4.2 CLMS modules and functionalities The CLMS architecture consists of the following modules: a) Card Management Module; b) Card Tracking Module; c) Key Management Module; d) Application Management Module; and e) SAM Management Module. STANDARDS MALAYSIA All rights reserved 3

9 4.2.1 Card Management Module (CMM) The CMM is the core of CLMS which manages and keeps track of the entire lifecycle of MyKad. It contains all components necessary to provide comprehensive card management services, communications, interfacing and security. The card status tracking is managed by CMM which includes but not limited to pre-personalised, personalised, issuance, unblocking, termination, loss or damage. In addition, the card management services also manage the data store, which contains lifecycle tracking information for all the issued cards in the system. The data store also provides centralised tracking, logging, reporting and control for all the functionalities in the CLMS Card Tracking Module (CTM) CTM provides the capability to track and monitor the movement and status of MyKad throughout the card production process. Upon receiving the card serial number from the manufacturer, a new card profile is generated and its status is continuously monitored before leaving the card production centre Key Management Module (KMM) The KMM is a security system that manages the keys used to control MyKad applets. The key management system involves the process of injecting keys and generating SAM cards. The two main roles of the KMM in the CLMS are to: a) generate load/delete certificates for dynamic application loading/deletion purposes; and b) generate master keys, controller and supervisor cards for new MyKad applets. To generate load/delete certificates, KMM will need to work in synchronous with AMM to obtain the necessary applet information required to create the unique load and delete certificates. All communications between these two modules are managed by the CMM. For generating new MyKad scheme master keys, controller and supervisor cards, a generic key generation system shall be implemented Application Management Module (AMM) The AMM in CLMS is primarily responsible for managing the assembly of applets by merging the applets with the unique load/delete certificates for dynamic application loading and deletion purposes. These certificates are obtained from the KMM. All external communications to and from the AMM are managed by the CMM. To successfully assemble a MyKad applet, the AMM also requires the load/delete certificates from KMM. Therefore both AMM and KMM modules have to work in synchronous to produce a complete MyKad applet to be dynamically loaded into a MyKad. Communication between the AMM and KMM is also handled by the CMM. 4 STANDARDS MALAYSIA All rights reserved

10 4.2.5 SAM Management Module (SMM) The SMM is an independent module having its own card management module, application management module, key management module and SAM tracking module which functions in almost the same way as for the CLMS CMM, AMM, KMM and CTM. The SAM card is used to enable a secure read and write to MyKad applet and can reside at any authorised agency. 5 Third Party Gateway infrastructure 5.1 TPG network and architecture TPG infrastructure comprises the agency s TPG centralised server with a number of TPG client workstations interacting with CLMS web server via SSL connection. The infrastructure allows TPG client workstation to perform the downloading/removal of MyKad applets into/from MyKad (see Figures 1 and 2). Prior to the addition/deletion of MyKad applet into or from MyKad, an authentication has to be conducted between agency's TPG and CLMS. The communication between CLMS and TPG agencies shall conform to the following requirements: a) registered TPG client in CLMS; b) secure internet connection; c) security token/soft certificate (provided by ); and d) TPG application which communicates with CLMS Web API through SOAP Messaging. 5.2 TPG system requirements Table 1 indicates the requirements for the agency s TPG system: Table 1. Agency s TPG system requirements No Component Requirement 1. TPG system software a) The TPG system to be developed in web-based environment. b) The software used shall be able to communicate with the provided CLMS Web APIs through SOAP messaging. c) The system software shall be able to communicate with the MyKad reader SDKs. STANDARDS MALAYSIA All rights reserved 5

11 Table 1. Agency s TPG system requirements (continued) No Component Requirement 2. Internet connection through The minimum bandwidth of 156 kbps. SSL 3. Internet browser Cross-browser, with minimum TLS Security token/soft certificate The security token loaded with a valid certificate. 5. TPG system hardware The hardware such as workstation and MyKad reader. 6 STANDARDS MALAYSIA All rights reserved

12 STANDARDS MALAYSIA All rights reserved 7 Figure 1. Agency s TPG system and network architecture for MyKad Category A

13 8 STANDARDS MALAYSIA All rights reserved Figure 2. Agency s TPG system and network architecture for MyKad Category B

14 6 Authentication and security access 6.1 SSL certificate Prior to establishing the connection, shall provide SSL security certificate to the requesting agency. 6.2 SSL authentication module The agency s TPG will first authenticate the SSL authentication module server and establish a secure connection automatically. When the TPG first connects to SSL authentication module, it responds by sending the TPG its security credentials. The TPG then verifies the validity of the security credentials and establish connection with SSL authentication module. 6.3 Web API Uniform Resource Locator (URL) for CLMS Web API The CLMS Web API page will be displayed once successful connection to this website is established CLMS Web API and transaction codes The CLMS transaction codes are given in Table 2. Transaction Codes Table 2. CLMS transaction Transaction Type Output SL007 Dynamic Application Loading Applet Data and Load Certificates SL008 Dynamic Application Deletion Delete Certificates SL009 SL010 Dynamic Application Loading Completion Update Dynamic Application Deletion Completion Update Confirmation that the status has been updated Confirmation that the status has been updated SL011* Card Info Query MyKad Information SL013* Check Card Blacklist Card Blacklist Status SL014* JPN Quick Check Current Card Status * Not applicable to MyKad Category B STANDARDS MALAYSIA All rights reserved 9

15 6.3.3 XML Schema for MyKad Category A To utilise the TPG functionalities, XML messages are sent to according to the XML schema as shown in the Figure 3. Detailed descriptions of each XML tags are described in Table 3. <CLMSAPIWEBREQUEST> <TRANSACTIONCODE> </TRANSACTIONCODE> <TRANSACTIONTYPE> </TRANSACTIONTYPE> <TRANSDATETIME> </TRANSDATETIME> <TRANSACTIONDATA> <KPTNO></KPTNO> <KPTVERNO></KPTVERNO> <CHIPSN></CHIPSN> <NAME> </NAME> <BRANCHCODE> </BRANCHCODE> <USERID> </USERID> <WSID> </WSID> <AID> </AID> <APPVERNO> </APPVERNO> <SEQCTR> </SEQCTR> <TRANSDATE> </TRANSDATE> </TRANSACTIONDATA> </CLMSAPIWEBREQUEST> Figure 3. XML schema for MyKad Category A 10 STANDARDS MALAYSIA All rights reserved

16 STANDARDS MALAYSIA All rights reserved 11 Table 3. XML description for MyKad Category A XML Tag Description Load Remove Completion update for load Completion update for remove Card info query Check card blacklist TransactionCode Transaction code SL007 SL008 SL009 SL010 SL011 SL013 SL014 TransactionType TransDateTime KPTNO KPTVERNO The full description of the transaction The current date and time of transaction Format = YYYYMMDDHHMMSS The cardholder IC number The cardholder IC version number Dynamic Application Loading Current date and time Dynamic Application Deletion Current date and time Dynamic Application Loading Completion Update Current date and time Dynamic Application Deletion Completion Update Current date and time Card info Query Current date and time Check Card Blacklist Current date and time quick check JPN Quick Check Current date and time 0

17 12 STANDARDS MALAYSIA All rights reserved Table 3. XML description for MyKad Category A (continued) XML Tag Description Load Remove Completion update for load Chip SN Name BranchCode UserID WSID The chip serial number Full name of the cardholder The branch code where the transaction is performed The user ID of the person that perform the transaction The workstation ID where the transaction is performed Branch code UserID Workstation ID AID The applet identifier The applet ID to be loaded Branch code UserID Workstation ID Branch code UserID Workstation ID Completion update for remove Branch code UserID Workstation ID Card info query Branch code UserID Workstation ID The applet ID to be removed The applet ID that has been loaded The applet ID that has been removed Check card blacklist Branch code UserID Workstation ID quick check Branch code UserID Workstation ID

18 STANDARDS MALAYSIA All rights reserved 13 Table 3. XML description for MyKad Category A (concluded) XML Tag Description Load Remove Completion update for load AppVerNo Applet version number The applet version number to be loaded SeqCtr Sequence counter The applet version number to be loaded The applet version number that has been loaded The applet version number that has been loaded Completion update for remove The applet version number that has been loaded The applet version number that has been loaded Card info query Check card blacklist quick check TransDate Transaction date Current date Current date Current date Current date Current date Current date Current date

19 6.3.4 XML Schema for MyKad Category B To utilise the TPG functionalities, XML messages are sent to according to the XML schema. The message can be constructed in either SOAP 1.1 format or SOAP 1.2 format SOAP 1.1 format Figure 4 is a sample SOAP 1.1 request. The placeholders shown need to be replaced with actual values (see Table 4). POST /TPGCLMS.asmx HTTP/1.1 Host: [CLMS HOST NAME] Content-Type: text/xml; charset=utf-8 Content-Length: SOAPAction: [CLMS HOST SOAP ACTION] <?xml version="1.0" encoding="utf-8"?> <soap:envelope xmlns:xsi=" xmlns:xsd=" xmlns:soap=" <soap:body> <samrelay xmlns=[clms HOST SAM RELAY URL]> <action>[transaction NAME]</action> <cryptogram> [CRYPTOGRAM PARAMETER] </cryptogram> </samrelay> </soap:body> </soap:envelope> Figure 4. XML schema for SOAP request Table 4. Placeholders description for SOAP request Placeholders CLMS HOST NAME CLMS HOST SOAP ACTION CLMS HOST SAM RELAY URL TRANSACTION NAME CRYPTOGRAM PARAMETER Host name of JPN CLMS Description Action name defined by JPN CLMS URL for SAM Relay defined by JPN CLMS Transaction name defined by JPN CLMS Encrypted parameter constructed by JPN CLMS 14 STANDARDS MALAYSIA All rights reserved

20 Figure 5 is a sample SOAP 1.1 response. The placeholders shown results returned by CLMS (see Table 5). HTTP/ OK Content-Type: text/xml; charset=utf-8 Content-Length: <?xml version="1.0" encoding="utf-8"?> <soap:envelope xmlns:xsi=" xmlns:xsd=" xmlns:soap=" <soap:body> <samrelayresponse xmlns=" <samrelayresult>[result TYPE]</samRelayResult> <result>[cryptogram RESULT]</result> <status>[status CODE]</status> </samrelayresponse> </soap:body> </soap:envelope> Placeholders RESULT TYPE CRYPTOGRAM RESULT STATUS CODE Figure 5. XML schema for SOAP response Table 5. Results description for SOAP response Description Type of results returned by JPN CLMS Encrypted results constructed by JPN CLMS Status code returned by JPN CLMS STANDARDS MALAYSIA All rights reserved 15

21 SOAP 1.2 format Figures 6 is a sample SOAP 1.2 request. The placeholders shown need to be replaced with actual values (see Table 6). POST /TPGCLMS.asmx HTTP/1.1 Host: [CLMS HOST NAME] Content-Type: application/soap+xml; charset=utf-8 Content-Length: 39 <?xml version="1.0" encoding="utf-8"?> <soap12:envelope xmlns:xsi=" xmlns:xsd=" xmlns:soap12=" <soap12:body> <samrelay xmlns=[clms HOST SAM RELAY URL] > <action>[transaction NAME]</action> <cryptogram>[cryptogram PARAMETER]</cryptogram> </samrelay> </soap12:body> </soap12:envelope> Figure 6. XML schema for SOAP request Table 6. Placeholders description for SOAP request Placeholders Description CLMS HOST NAME Host name of JPN CLMS CLMS HOST SOAP ACTION CLMS HOST SAM RELAY URL TRANSACTION NAME CRYPTOGRAM PARAMETER Action name defined by JPN CLMS URL for SAM Relay defined by JPN CLMS Transaction name defined by JPN CLMS Encrypted parameter constructed by JPN CLMS 16 STANDARDS MALAYSIA All rights reserved

22 Figures 7 is a sample SOAP 1.2 response. The placeholders shown results returned by CLMS (see Table 7). HTTP/ OK Content-Type: application/soap+xml; charset=utf-8 Content-Length: <?xml version="1.0" encoding="utf-8"?> <soap12:envelope xmlns:xsi=" xmlns:xsd=" xmlns:soap12=" <soap12:body> <samrelayresponse xmlns=" <samrelayresult>[result TYPE]</samRelayResult> <result>[cryptogram RESULT]</result> <status>[status CODE]</status> </samrelayresponse> </soap12:body> </soap12:envelope> Figure 7. XML schema for SOAP response Table 7. Results description for SOAP response Placeholders Description RESULT TYPE Type of results returned by JPN CLMS CRYPTOGRAM RESULT Encrypted results constructed by JPN CLMS STATUS CODE Status code returned by JPN CLMS STANDARDS MALAYSIA All rights reserved 17

23 Bibliography [1] MS :YYYY, Government Multipurpose Card - Part 1: General characteristics - Code of practice [2] MS :YYYY, Government Multipurpose Card - Part 2: Data format for National ID application - Code of practice [3] ISO/IEC 7816 (all parts), Identification cards - Integrated circuit cards 18 STANDARDS MALAYSIA All rights reserved

24 Acknowledgements Members of Technical Committee on Identification Cards and Related Devices Prof Dr Zulkhairi Mohd Dahalin (Chairman) Ms Syuibah Abirah Tarmizi (Deputy Chairman) Ms Salwa Denan (Secretary) Ms Koh Lee Ching Ms Norahana Salimin/ Mr Ahmad Dahari Jarno Mr Wong Chee Wai/ Mr Ramzani Abd Raub Ms Connie Yee/ Mr Tan Jia Giin/ Ms Anis Azalina Mohamed Ms Nurul Ashikin Subli/ Ms Rohana Ismail Ms Rajeswari Subaramaniam/ Ms Nur Diyana Fazlollah Suhaimi Ms Rohaila Abdul Latif Mr R Kunaseelan Mr Ahmad Nizar Harun/ Ms Siti Sarah Ramli Mr Tahiruddin Hamdan Mr Shamsul Azhar Mohd Akhbar Universiti Utara Malaysia Multimedia Development Corporation Sdn Bhd SIRIM Berhad CALMS Tecnologies Sdn Bhd CyberSecurity Malaysia Datasonic Group Berhad IRIS Corporation Berhad Jabatan Imigresen Malaysia Jabatan Pendaftaran Negara Malaysia Malaysian Electronic Payment System Sdn Bhd Malaysian National Computer Confederation MIMOS Berhad Silterra Malaysia Sdn Bhd Tricubes Berhad STANDARDS MALAYSIA All rights reserved