For Public Comment DRAFT MALAYSIAN STANDARD

Size: px

Start display at page:

Download "For Public Comment DRAFT MALAYSIAN STANDARD"

Leon Hunter
5 years ago
Views:

1 DRAFT MALAYSIAN STANDARD 14G008R1 STAGE: PUBLIC COMMENT (40.20) DATE: 01/08/ /09/2015 Code of practice for deploying secure applications through the Third Party Gateway for Government Multipurpose Card - Part 2: Applet configuration (First revision) OFFICER/SUPPORT STAFF: (SD / zt) ICS: Descriptors: code of practice, secure, application, third party gateway, government multipurpose card, applet configuration Copyright DEPARTMENT OF STANDARDS MALAYSIA

2 Contents Page Committee representation... ii Foreword... iii Introduction... iv 1 Scope Normative references Terms and definitions Abbreviations MyKad category identification TPG load/remove application for MyKad Category A TPG load/remove application for MyKad Category B Annex A Get sequence counter Bibliography STANDARDS MALAYSIA All rights reserved i

3 Committee representation The Industry Standards Committee on Information Technology, Communications and Multimedia (ISC G) under whose authority this Malaysian Standard was developed, comprises representatives from the following organisations: Association of Consulting Engineers Malaysia Chief Government Security Office Cybersecurity Malaysia Department of Standards Malaysia Federation of Malaysian Manufacturers Institut Tadbiran Awam Negara, Malaysia Majlis Keselamatan Negara Malaysian Administrative, Modernisation and Management Planning Unit Malaysian International Chamber of Commerce and Industry Malaysian National Computer Confederation Malaysian Technical Standards Forum Bhd MIMOS Berhad Ministry of Communication and Multimedia Ministry of Domestic Trade, Co-operatives and Consumerism Ministry of Energy, Green Technology and Water Ministry of International Trade and Industry Ministry of Science, Technology and Innovation Multimedia Development Corporation Sdn Bhd Multimedia University Persatuan Industri Komputer dan Multimedia Malaysia Science and Technology Research Institute for Defence SIRIM Berhad (Secretariat) Suruhanjaya Komunikasi dan Multimedia Malaysia Telekom Malaysia Berhad The Institution of Engineers, Malaysia Universiti Teknologi Malaysia The Technical Committee on Identification Cards and Related Devices which developed this Malaysian Standard consists of representatives from the following organisations: CALMS Technologies Sdn Bhd CyberSecurity Malaysia Datasonic Group Berhad IRIS Corporation Berhad Jabatan Imigresen Malaysia Jabatan Pendaftaran Negara Malaysia Malaysian Administrative, Modernisation and Management Planning Unit Malaysian Electronic Payment System Sdn Bhd Malaysian National Computer Confederation MIMOS Berhad Ministry of Home Affairs Multimedia Development Corporation Sdn Bhd Multimedia University Silterra Malaysia Sdn Bhd SIRIM Berhad (Secretariat) Tricubes Berhad Universiti Utara Malaysia ii STANDARDS MALAYSIA All rights reserved

4 Foreword This Malaysian Standard was developed by the Technical Committee on Identification Cards and Related Devices under the authority of the Industry Standards Committee on Information Technology, Communications and Multimedia. MS 2482 consists of the following parts, under the general title Code of practice for deploying secure applications through the Third Party Gateway for Government Multipurpose Card: Part 1: Secure connectivity Part 2: Applet configuration Major modifications in this revision are as follows: a) the title has been changed to Code of practice for deploying secure applications through the Third Party Gateway for Government Multipurpose Card - Part 2: Applet configuration ; b) definition of chip has been introduced in 3.5; c) definition of Secure Access Module (SAM) has been amended in 3.10; d) new Clause 5 regarding MyKad category identification has been added; e) new Figure 1, MyKad category identification process flow has been added; f) Figure 3b, TPG/load/remove process flow (part 2) for MyKad Category A has been amended; g) Table 1, Naming convention of Application Identifier (AID) has been removed for security purpose; h) new Clause 7 regarding TPG load/remove application for MyKad Category B has been added; i) new subclauses , 7.3, 7.4 and 7.5 have been added; j) new Figures 7, 8, 9, 10, 11 and 12 have been added; k) new Tables 4, 5, 6 and 7 have been added; and l) Annex A, Get sequence counter has been amended. This Malaysian Standard cancels and replaces MS :2012, Code of practice for deploying secure applications through the Third Party Gateway for Malaysia Multipurpose Smart Card - Part 2: Applet configuration. Compliance with a Malaysian Standard does not of itself confer immunity from legal obligations. STANDARDS MALAYSIA All rights reserved iii

5 Introduction Overview This Malaysian Standard specifies commands for post-issuance application for the Government Multipurpose Card (MyKad). When a MyKad is inserted into an interface device (IFD), the IFD selects an applet on the MyKad and sends it a series of commands to execute. Each applet is identified and selected by its application identifier (AID). Commands are formatted and transmitted in the form of application protocol data units (APDUs). Applets reply to each APDU command with an APDU response. APDU response consists of status word (SW) that indicates the result of the operation and data. Process for loading/removal of applet on MyKad is based on the MyKad existing IC type. Objectives The objective of this standard is to facilitate application development on MyKad through the TPG of the agency. Furthermore, it ensures that these applications are to be deployed in a secure manner through a standard guidance. iv STANDARDS MALAYSIA All rights reserved

6 Code of practice for deploying secure applications through the Third Party Gateway for Government Multipurpose Card - Part 2: Applet configuration 1 Scope This Malaysian Standard provides guidance for deploying secure applications through the Third Party Gateway (TPG) for the Government Multipurpose Card (GMPC) such as MyKad issued by National Registration Department of Malaysia (NRD). This standard specifies the process and logic flow to execute loading/removal of applet as well as the description for post issuance application for MyKad. 2 Normative references The following normative references are indispensable for the application of this standard. For dated references, only the edition cited applies. For undated references, the latest edition of the normative reference (including any amendments) applies. MS :YYYY, Code of Practice for deploying secure applications through the Third Party Gateway for Government Multipurpose Card - Part 1: Secure connectivity. 3 Terms and definitions For the purposes of this standard, the following terms and definitions apply. 3.1 applet Any small applications that perform a specific task that runs within the scope of a larger program. 3.2 application Structures, data elements and program modules needed for performing a specific functionality. 3.3 Application Program Interface Application Programming Interface (API) is an interface implemented by a software program which enables it to interact with other software. In this standard, API refers to the programs interfacing CLMS to the TPG systems. 3.4 Card Lifecycle Management System Card Lifecycle Management System (CLMS) manages the card and its applets lifecycle. STANDARDS MALAYSIA All rights reserved 1

7 3.5 chip It is a small electronic device made out of a semiconductor material and is also referred as integrated circuit. 3.6 Generic Applet A pre-determined applet provided by NRD which can be customised and used by other organisations/agencies to store their business related data in MyKad. 3.7 MyKad MyKad is a multi-application Integrated Circuit(s) Card (ICC) issued by the National Registration Department of Malaysia to citizens of Malaysia. The artwork for MyKad is blue. There are two categories of MyKad in circulation i.e. Category A and Category B NOTE. For information on the categories of MyKad, refer to NRD. 3.8 MyKad applet A set of instructions that enables the creation/deletion of data items in the MyKad chip. 3.9 MyKad Software Development Kit (SDK) A set of development tools for development of application for MyKad Secure Access Module (SAM) An integrated circuit(s) card used to enhance the security and cryptography performance in secure electronic transactions. The SAM size can be in the form of normal card size of mm wide by mm height by 0.76 mm thick or the nominal size of 25 mm wide by 15 mm height by 0.76 mm thick 3.11 Secure Sockets Layer Secure Sockets Layer (SSL) is a cryptographic protocol that provides security for communications over a network Third Party Gateway Third Party Gateway (TPG) is the access point to the NRD s Card Lifecycle Management System (CLMS). The connectivity between NRD s CLMS web server and the agency s TPG server is secured through the SSL Authentication System transport key Key used to protect the Generic Applet, from any unauthorised attempts to initialise the applet. 2 STANDARDS MALAYSIA All rights reserved

8 4 Abbreviations For the purposes of this standard, the following abbreviations apply. AID AMM APDU API CAA CLMS CMM CTM EF FP GA GMPC ICC KMM NRD PCSC SAM SMM SSL TPG XML Application Identifier Application Management Module Application Protocol Data Unit Application Programming Interface Card Authentication Applet Card Lifecycle Management System Card Management Module Card Tracking Module Elementary File Function Provider Generic Applet Government Multipurpose Card Integrated Circuit(s) Card Key Management Module National Registration Department Personal Computer/Smart Card compliant Secure Access Module SAM Management Module Secure Socket Layer Third Party Gateway Extensible Markup Language STANDARDS MALAYSIA All rights reserved 3

9 5 MyKad category identification There are two categories of MyKad in circulation i.e. Category A and Category B. To identify the categories of MyKad, the process in Figure 1 is applicable. Figure 1. MyKad category identification process flow Based on the MyKad category identified after conducting the above process flow, the TPG load/remove application for Category A refers to Clause 6 and for Category B refers to Clause 7. NOTE. For information on the categories of MyKad, refer to NRD. 4 STANDARDS MALAYSIA All rights reserved

10 6 TPG load/remove application for MyKad Category A 6.1 Overview Processes related to the Generic Applet (GA) in MyKad include the following: a) GA loading and removing; b) GA initialisation; c) GA personalisation; and d) GA unblocking (if required). The flow for the GA processes is illustrated in Figure 2. Figure 2. Generic Applet processes for MyKad Category A 6.2 Generic Applet loading and removing The process flow for the TPG GA load/remove is illustrated in Figures 3a and 3b. STANDARDS MALAYSIA All rights reserved 5

13 The process flow consists of a number of pre-defined processes which is further elaborated in the following subclauses. In order to get the relevant applet data to be loaded into the MyKad, connection between the TPG server/workstation and CLMS web server shall be established according to requirements specified in MS Identify chip type Since different chip types are available on MyKad, it is necessary to determine whether the chip has the capability to support load/remove functionality. In general, only MyKad chip having minimum 64 Kbytes data memory supports such functionality. However, for MyKad with ST19WL66 chip, the sequence counter is required to be obtained prior to load/remove application using the process in Annex A List existing applets In a multi-application environment such as MyKad, all applications are selectable by specifying its AID. For naming convention of applet and corresponding applet name, refer to NRD for pre-issued MyKad Get card info The Get card info process is necessary prior to any load/remove process in order to extract some card parameters in MyKad. These card parameters will be used to form the required XML request message that will be sent to the CLMS server in NRD. There are four key parameters to be extracted from MyKad and placed in the respective fields of the XML. The parameters are: a) MyKad serial number (CHIPSN); b) MyKad number (KPTNO); c) MyKad version number (KPTVERNO); and d) Card holder name (NAME). For detailed information on the XML, refer to subclause of MS :YYYY. 8 STANDARDS MALAYSIA All rights reserved

14 6.2.4 Load/removal of applet The Load GA library applet process is required to be performed if when listing applets in the MyKad, the GA library applet is not found. The Load agency applet process is required to be performed if the agency applet is not found when listing applets in the MyKad. If the agency wishes to remove an applet from the MyKad, it is crucial to perform List existing applets function in order to verify the following: a) whether the agency applet exist in the MyKad; and b) whether the generic agency applet is the only applet in the MyKad. If yes, then the agency will then, have to perform the following: i) Remove GA library applet ; and ii) Remove agency applet. Otherwise, remove the agency applet only. The relevant data to be used for applet load and removal is retrieved by performing the connection to NRD as specified in MS NOTE. agency applet is the applet personalised by the user agency, while a generic agency applet refers to a non-personalised applet obtainable from NRD Acknowledgement of applet load/removal Upon completion of applet load/removal, the agency shall send an acknowledgement request to NRD according to the requirements specified in Table 3 of MS :YYYY (see column Completion update for load and Completion update for remove ). With this acknowledgment request, NRD are able to keep track of the current card details. 6.3 Generic Applet initialisation The initialisation process comprises of the following main processes: a) validation of transport key in both applet and initialisation SAM card; b) transfer of application keys into applet; c) formatting of applet space; and d) activate applet. The process flow shown in Figures 4a and 4b depicts the entire initialisation process. Meanwhile Table 1 describes briefly each process in Figures 4a and 4b. STANDARDS MALAYSIA All rights reserved 9

17 Table 1. Description of applet initialisation process Process Description Activate reader Select reader name for SAM card Select reader name for MyKad Establish connection with SAM card Establish communication with the smart card reader. Select the slot being used for SAM card by specifying the reader name. Select the slot being used for MyKad by specifying the reader name. Establish communication with the SAM card. Select applet for MyKad Select applet for SAM card Retrieve applet attribute from SAM card Verify PIN for SAM card Inject transport key into MyKad Compare transport key between MyKad applet and SAM Inject applet key into MyKad Applet Create data sets or EF in applet Activate applet Close reader 6.4 Generic Applet personalisation Select the specific AID of the MyKad applet for the next operation on that applet. Select the specific AID of the SAM card applet for the next operation on that applet. Get the applet information from the SAM card. If the SAM is protected with PIN, the application needs to present the PIN in order to access the SAM applet. Inject the transport key into MyKad applet. Compare the injected transport key and the transport key in SAM. If the key match, then the application can continue to perform initialisation. Transfer the applet key from SAM card into the applet. The number of keys will depend on the applet design. Create data files for the applet. Change the applet lifecycle status to active so that the applet is ready to be used. Terminate communication with the reader. The personalisation process involves encoding the necessary data into the appropriate EF space in the generic agency applet. The pre-requisites of performing applet personalisation are as follows: a) SAM card for write process; b) PCSC compatible card reader with minimum one SAM slot; and c) applet personalisation application/function. The process flow shown in Figures 5a and 5b depicts the entire applet personalisation process. Meanwhile Table 2 describes briefly each process in Figures 5a and 5b. 12 STANDARDS MALAYSIA All rights reserved

20 Table 2. Description of applet personalisation process Process Description Activate reader Select reader name for SAM Card Select reader name for MyKad Establish connection with SAM Card Establish communication with the smart card reader. Select the slot being used for SAM card by specifying the reader name. Select the slot being used for MyKad by specifying the reader name. Establish communication with the SAM card. Select applet for MyKad Select EF within the MyKad applet Select applet in SAM card Retrieve applet data in MyKad or SAM card Verify PIN for SAM card Perform challenge response Write data into applet Set write once attribute Close reader 6.5 Generic Applet unblocking Select the specific AID of the MyKad applet for the next operation on that applet. Select the specific EF that wanted to be written with data. Select the specific AID of the SAM applet. Get the applet information from the SAM card. If the SAM is protected with PIN, the application needs to present the PIN in order to access the SAM applet. After the SAM Applet is accessed, perform challenge response authentication between MyKad applet and SAM in order to gain access to the MyKad applet. Write data into the MyKad applet. For data that is supposed to be set as write once, apply the write once function. Terminate communication with the reader. In the scenario where a MyKad is blocked, the following explains the process flow of how to unblock a blocked generic agency applet. The pre-requisites of performing unblock applet process are as follows: a) SAM card for unblocking applet; b) PCSC compatible card reader with minimum one SAM slot; and c) applet unblock application/function. The process flow shown in Figures 6 depicts the entire applet unblock key process. Meanwhile Table 3 describes briefly each process in Figure 6. STANDARDS MALAYSIA All rights reserved 15

22 Table 3. Description of applet unblock key process Process Description Activate reader Select reader name for SAM card Select reader name for MyKad Establish connection with SAM card Establish communication with the smart card reader. Select the slot being used for SAM card by specifying the reader name. Select the slot being used for MyKad by specifying the reader name. Establish communication with the SAM card. Select applet for MyKad Select applet for SAM card Retrieve applet attribute from SAM card Verify PIN for SAM card Perform challenge response Perform unblock applet Close reader Select the specific AID of the MyKad applet for the next operation on that applet. Select the specific AID of the SAM. Get the applet information from the SAM card. If the SAM is protected with PIN, the application needs to present the PIN in order to access the SAM applet. After the SAM Applet is accessed, perform challenge response authentication between MyKad applet and SAM in order to gain access to the MyKad applet. Perform unblock operation to the MyKad applet. Terminate communication with the reader. STANDARDS MALAYSIA All rights reserved 17

23 7 TPG load/remove application for MyKad Category B 7.1 Overview Processes related to the Generic Applet (GA) in MyKad include the following: a) GA loading and removing; b) GA initialisation; and c) GA personalisation. The flow for the GA processes is illustrated in Figure 7. Figure 7. Generic Applet processes for MyKad Category B 18 STANDARDS MALAYSIA All rights reserved

24 7.2 Generic Applet loading and removing Applet loading Figure 8 describes the process of loading an agency applet from MyKad. Meanwhile, Table 4 describes briefly process in Figure 8. Figure 8. Process of loading an agency applet into MyKad Category B STANDARDS MALAYSIA All rights reserved 19

25 In order to get the relevant applet data to be loaded into the MyKad, connection between the TPG server/workstation and CLMS web server shall be established according to requirements specified in MS Table 4. Description of applet loading process for MyKad Category B Process Request ObjFile from Agency Server Description The workstation requests the ObjFile, which is essentially the signed and pre-assembled applet, from the Agency Server if it is not already cached. This process is required to only execute once on each workstation start-up to minimize unnecessary bandwidth use. Obtain Load Approval from NRD Acknowledgment of Applet Loading Applet removal MyKad is required to go through the approval process from NRD before applet loading is permitted. The connection to NRD is performed as described in MS Upon completion or should error occur during Applet Loading, the agency shall send an acknowledgment to NRD. Figure 9 describes the process of removing an agency applet from MyKad. Meanwhile, Table 5 describes briefly process in Figure 9. Table 5. Description of applet removal process for MyKad Category B Process Obtain Removal Approval from Agency Server Acknowledgment of Applet Removal Description MyKad is required to go through the approval process from Agency Server before applet removal is permitted Upon completion or should error occur during Applet Removal, the agency shall send an acknowledgment to NRD. 20 STANDARDS MALAYSIA All rights reserved

27 7.3 Generic Applet initialisation This subclause describes the initialisation process of applet. Applet is configured during this process. The EF files and read/write attributes are configured into the applet as per the applet profile. Figure 10 depicts the initialisation process. Meanwhile Table 6 describes briefly process in Figure 10. Table 6. Description of applet initialisation process for MyKad Category B Process Description Activate reader Select applet for MyKad Authenticate Transport Key Inject applet key into MyKad Applet Activate applet Acknowledgment of Applet Initialisation Close reader Establish communication with the smart card reader. Select the specific AID of the MyKad applet for the next operation on that applet. The workstation will first authenticate with MyKad using the default Transport Key in the SAM Bank Transfer the applet key from SAM Bank into the applet. The number of keys will depend on the applet design. Change the applet lifecycle status to active so that the applet is ready to be used. Upon completion or should error occur during initialisation, the agency shall send an acknowledgment to NRD as described in MS Terminate communication with the reader. 22 STANDARDS MALAYSIA All rights reserved

29 7.4 Generic Applet personalisation and data read/write This subclause describes the process for data personalisation, reading and writing onto MyKad. Figure 11 depicts the applet personalisation and data read/write process. Meanwhile Table 7 describes briefly process in Figure 11. Figure 11. Applet personalisation and data read/write for MyKad Category B 24 STANDARDS MALAYSIA All rights reserved

30 Table 7. Description of applet personalisation and data read/write for MyKad Category B Activate reader Process Select applet for MyKad and EF to read/write Authenticate transport key Obtain read/write approval Description Establish communication with the smart card reader. Select the specific AID of the MyKad applet, and the specific EF for the next operation on that applet The workstation will first authenticate with MyKad using the default Transport Key in the SAM Bank Approval from Agency Server is requested to gain read/write access to the agency applet Perform read/write Close reader Data is read from/written to the agency applet Terminate communication with the reader. STANDARDS MALAYSIA All rights reserved 25

31 7.5 TPG batch update Figure 12 describes the process to update information and transaction records stored at TPG server to NRD. Figure 12. Process to update information and transaction records stored at TPG server to NRD. 26 STANDARDS MALAYSIA All rights reserved

32 The process in Figure 12 is described as follows: a) Window scheduler will check if it is the right time to send records of applet loading and deletion to CLMS 1.0 or not. If yes, the batch update process is invoked. Else the window scheduler will continue to check for the right time. b) Window scheduler will call CLMSAPIRequest webservice to trigger batch update for records of applet loading and deletion. If the window schedule successfully call the webservice, records of applet loading and deletion will starts to transfer to CLMS 1.0. c) If window scheduler failed to call the webservice, window scheduler will retry till the counter reaches maximum count. Then window scheduler will return to process a). STANDARDS MALAYSIA All rights reserved 27

33 Annex A (normative) Get sequence counter The process flow in Figure A.1 is only required for MyKad with ST19WL66 chip. The sequence counter of the ST19WL66 chip shall be retrieved from the output. Figure A.1. Get sequence counter process flow 28 STANDARDS MALAYSIA All rights reserved

34 Bibliography [1] ISO/IEC , Identification cards - Integrated circuit cards - Part 13: Commands for application management in a multi-application environment STANDARDS MALAYSIA All rights reserved 29

35 Acknowledgements Members of Technical Committee on Identification Cards and Related Devices Prof Dr Zulkhairi Mohd Dahalin (Chairman) Ms Syuibah Abirah Tarmizi (Deputy Chairman) Ms Salwa Denan (Secretary) Ms Koh Lee Ching Ms Norahana Salimin/ Mr Ahmad Dahari Jarno Mr Wong Chee Wai/ Mr Ramzani Abd Raub Ms Connie Yee/ Mr Tan Jia Giin/ Ms Anis Azalina Mohamed Ms Nurul Ashikin Subli/ Ms Rohana Ismail Ms Rajeswari Subaramaniam/ Ms Nur Diyana Fazlollah Suhaimi Ms Rohaila Abdul Latif Mr R Kunaseelan Mr Ahmad Nizar Harun/ Ms Siti Sarah Ramli Mr Tahiruddin Hamdan Mr Shamsul Azhar Mohd Akhbar Universiti Utara Malaysia Multimedia Development Corporation Sdn Bhd SIRIM Berhad CALMS Tecnologies Sdn Bhd CyberSecurity Malaysia Datasonic Group Berhad IRIS Corporation Berhad Jabatan Imigresen Malaysia Jabatan Pendaftaran Negara Malaysia Malaysian Electronic Payment System Sdn Bhd Malaysian National Computer Confederation MIMOS Berhad Silterra Malaysia Sdn Bhd Tricubes Berhad STANDARDS MALAYSIA All rights reserved

For Public Comment DRAFT MALAYSIAN STANDARD

For Public Comment DRAFT MALAYSIAN STANDARD DRAFT MALAYSIAN STANDARD 14G007R1 STAGE: PUBLIC COMMENT (40.20) DATE: 01/08/2015-30/09/2015 Code of practice for deploying secure applications through the Third Party Gateway for Government Multipurpose