DRAFT MALAYSIAN 14G008R1 STANDARD - SIRIM Berhad …€¦ · Suruhanjaya Komunikasi dan Multimedia...

DRAFT

MALAYSIAN 14G008R1

STANDARD STAGE: PUBLIC COMMENT (40.20)

DATE: 01/08/2015 - 30/09/2015

Code of practice for deploying secure applications through the Third Party Gateway for Government Multipurpose Card - Part 2: Applet configuration (First revision) OFFICER/SUPPORT STAFF: (SD / zt)

ICS: 35.240.15

Descriptors: code of practice, secure, application, third party gateway, government multipurpose card,

applet configuration

© Copyright

DEPARTMENT OF STANDARDS MALAYSIA

For Pub

lic Com

ment

14G008R1

STANDARDS MALAYSIA 2015 - All rights reserved i

Contents

Page Committee representation .......................................................................................................... ii Foreword .................................................................................................................................... iii Introduction ................................................................................................................................ iv 1 Scope ............................................................................................................................. 1

2 Normative references .................................................................................................... 1 3 Terms and definitions .................................................................................................... 1 4 Abbreviations ................................................................................................................. 3 5 MyKad category identification........................................................................................ 4 6 TPG load/remove application for MyKad Category A ................................................... 5 7 TPG load/remove application for MyKad Category B ................................................. 18 Annex A Get sequence counter ........................................................................................... 28 Bibliography .............................................................................................................................. 29

For Pub

lic Com

ment

14G008R1

ii STANDARDS MALAYSIA 2015 - All rights reserved

Committee representation The Industry Standards Committee on Information Technology, Communications and Multimedia (ISC G) under whose authority this Malaysian Standard was developed, comprises representatives from the following organisations: Association of Consulting Engineers Malaysia Chief Government Security Office Cybersecurity Malaysia Department of Standards Malaysia Federation of Malaysian Manufacturers Institut Tadbiran Awam Negara, Malaysia Majlis Keselamatan Negara Malaysian Administrative, Modernisation and Management Planning Unit Malaysian International Chamber of Commerce and Industry Malaysian National Computer Confederation Malaysian Technical Standards Forum Bhd MIMOS Berhad Ministry of Communication and Multimedia Ministry of Domestic Trade, Co-operatives and Consumerism Ministry of Energy, Green Technology and Water Ministry of International Trade and Industry Ministry of Science, Technology and Innovation Multimedia Development Corporation Sdn Bhd Multimedia University Persatuan Industri Komputer dan Multimedia Malaysia Science and Technology Research Institute for Defence SIRIM Berhad (Secretariat) Suruhanjaya Komunikasi dan Multimedia Malaysia Telekom Malaysia Berhad The Institution of Engineers, Malaysia Universiti Teknologi Malaysia The Technical Committee on Identification Cards and Related Devices which developed this Malaysian Standard consists of representatives from the following organisations: CALMS Technologies Sdn Bhd CyberSecurity Malaysia

Datasonic Group Berhad IRIS Corporation Berhad Jabatan Imigresen Malaysia Jabatan Pendaftaran Negara Malaysia Malaysian Administrative, Modernisation and Management Planning Unit Malaysian Electronic Payment System Sdn Bhd Malaysian National Computer Confederation MIMOS Berhad Ministry of Home Affairs Multimedia Development Corporation Sdn Bhd Multimedia University Silterra Malaysia Sdn Bhd SIRIM Berhad (Secretariat) Tricubes Berhad Universiti Utara Malaysia

For Pub

lic Com

ment

14G008R1

STANDARDS MALAYSIA 2015 - All rights reserved iii

Foreword This Malaysian Standard was developed by the Technical Committee on Identification Cards and Related Devices under the authority of the Industry Standards Committee on Information Technology, Communications and Multimedia. MS 2482 consists of the following parts, under the general title Code of practice for deploying secure applications through the Third Party Gateway for Government Multipurpose Card: Part 1: Secure connectivity Part 2: Applet configuration Major modifications in this revision are as follows: a) the title has been changed to “Code of practice for deploying secure applications through

the Third Party Gateway for Government Multipurpose Card - Part 2: Applet configuration”;

b) definition of chip has been introduced in 3.5;

c) definition of Secure Access Module (SAM) has been amended in 3.10;

d) new Clause 5 regarding MyKad category identification has been added;

e) new Figure 1, MyKad category identification process flow has been added;

f) Figure 3b, TPG/load/remove process flow (part 2) for MyKad Category A has been

amended;

g) Table 1, Naming convention of Application Identifier (AID) has been removed for security purpose;

h) new Clause 7 regarding TPG load/remove application for MyKad Category B has been

added;

i) new subclauses 7.1. 7.2, 7.3, 7.4 and 7.5 have been added;

j) new Figures 7, 8, 9, 10, 11 and 12 have been added;

k) new Tables 4, 5, 6 and 7 have been added; and

l) Annex A, “Get sequence counter” has been amended. This Malaysian Standard cancels and replaces MS 2582-2:2012, Code of practice for deploying secure applications through the Third Party Gateway for Malaysia Multipurpose Smart Card - Part 2: Applet configuration. Compliance with a Malaysian Standard does not of itself confer immunity from legal obligations.

For Pub

lic Com

ment

14G008R1

iv STANDARDS MALAYSIA 2015 - All rights reserved

Introduction Overview This Malaysian Standard specifies commands for post-issuance application for the Government Multipurpose Card (MyKad). When a MyKad is inserted into an interface device (IFD), the IFD selects an applet on the MyKad and sends it a series of commands to execute. Each applet is identified and selected by its application identifier (AID). Commands are formatted and transmitted in the form of application protocol data units (APDUs). Applets reply to each APDU command with an APDU response. APDU response consists of status word (SW) that indicates the result of the operation and data. Process for loading/removal of applet on MyKad is based on the MyKad existing IC type. Objectives The objective of this standard is to facilitate application development on MyKad through the TPG of the agency. Furthermore, it ensures that these applications are to be deployed in a secure manner through a standard guidance.

For Pub

lic Com

ment

14G008R1

STANDARDS MALAYSIA 2015 - All rights reserved 1

Code of practice for deploying secure applications through the Third Party Gateway for Government Multipurpose Card - Part 2: Applet

configuration

1 Scope This Malaysian Standard provides guidance for deploying secure applications through the Third Party Gateway (TPG) for the Government Multipurpose Card (GMPC) such as MyKad issued by National Registration Department of Malaysia (NRD). This standard specifies the process and logic flow to execute loading/removal of applet as well as the description for post issuance application for MyKad.

2 Normative references The following normative references are indispensable for the application of this standard. For dated references, only the edition cited applies. For undated references, the latest edition of the normative reference (including any amendments) applies. MS 2482-1:YYYY, Code of Practice for deploying secure applications through the Third Party Gateway for Government Multipurpose Card - Part 1: Secure connectivity.

3 Terms and definitions For the purposes of this standard, the following terms and definitions apply. 3.1 applet Any small applications that perform a specific task that runs within the scope of a larger program. 3.2 application Structures, data elements and program modules needed for performing a specific functionality. 3.3 Application Program Interface Application Programming Interface (API) is an interface implemented by a software program which enables it to interact with other software. In this standard, API refers to the programs interfacing CLMS to the TPG systems. 3.4 Card Lifecycle Management System Card Lifecycle Management System (CLMS) manages the card and its applets lifecycle.

For Pub

lic Com

ment

14G008R1

2 STANDARDS MALAYSIA 2015 - All rights reserved

3.5 chip It is a small electronic device made out of a semiconductor material and is also referred as integrated circuit. 3.6 Generic Applet A pre-determined applet provided by NRD which can be customised and used by other organisations/agencies to store their business related data in MyKad. 3.7 MyKad MyKad is a multi-application Integrated Circuit(s) Card (ICC) issued by the National Registration Department of Malaysia to citizens of Malaysia. The artwork for MyKad is blue. There are two categories of MyKad in circulation i.e. Category A and Category B NOTE. For information on the categories of MyKad, refer to NRD.

3.8 MyKad applet A set of instructions that enables the creation/deletion of data items in the MyKad chip. 3.9 MyKad Software Development Kit (SDK) A set of development tools for development of application for MyKad. 3.10 Secure Access Module (SAM) An integrated circuit(s) card used to enhance the security and cryptography performance in secure electronic transactions. The SAM size can be in the form of normal card size of 85.60 mm wide by 53.98 mm height by 0.76 mm thick or the nominal size of 25 mm wide by 15 mm height by 0.76 mm thick 3.11 Secure Sockets Layer Secure Sockets Layer (SSL) is a cryptographic protocol that provides security for communications over a network. 3.12 Third Party Gateway Third Party Gateway (TPG) is the access point to the NRD’s Card Lifecycle Management System (CLMS). The connectivity between NRD’s CLMS web server and the agency’s TPG server is secured through the SSL Authentication System. 3.13 transport key Key used to protect the Generic Applet, from any unauthorised attempts to initialise the applet.

For Pub

lic Com

ment

14G008R1


4 Abbreviations For the purposes of this standard, the following abbreviations apply. AID Application Identifier

AMM

Application Management Module

APDU Application Protocol Data Unit

API

Application Programming Interface

CAA

Card Authentication Applet

CLMS

Card Lifecycle Management System

CMM

Card Management Module

CTM

Card Tracking Module

EF

Elementary File

FP

Function Provider

GA Generic Applet

GMPC

Government Multipurpose Card

ICC Integrated Circuit(s) Card

KMM

Key Management Module

NRD National Registration Department

PCSC Personal Computer/Smart Card compliant

SAM

Secure Access Module

SMM SAM Management Module

SSL

Secure Socket Layer

TPG Third Party Gateway

XML Extensible Markup Language

For Pub

lic Com

ment

14G008R1


5 MyKad category identification There are two categories of MyKad in circulation i.e. Category A and Category B. To identify the categories of MyKad, the process in Figure 1 is applicable.

Figure 1. MyKad category identification process flow

Based on the MyKad category identified after conducting the above process flow, the TPG load/remove application for Category A refers to Clause 6 and for Category B refers to Clause 7. NOTE. For information on the categories of MyKad, refer to NRD.

For Pub

lic Com

ment

14G008R1


6 TPG load/remove application for MyKad Category A 6.1 Overview Processes related to the Generic Applet (GA) in MyKad include the following: a) GA loading and removing; b) GA initialisation; c) GA personalisation; and d) GA unblocking (if required). The flow for the GA processes is illustrated in Figure 2.

Figure 2. Generic Applet processes for MyKad Category A

6.2 Generic Applet loading and removing The process flow for the TPG GA load/remove is illustrated in Figures 3a and 3b.

For Pub

lic Com

ment

14G008R1


Figure 3a. TPG load/remove process flow (part 1) for MyKad Category A

For Pub

lic Com

ment

14G008R1


Figure 3b. TPG load/remove process flow (part 2) for MyKad Category A

For Pub

lic Com

ment

14G008R1


The process flow consists of a number of pre-defined processes which is further elaborated in the following subclauses. In order to get the relevant applet data to be loaded into the MyKad, connection between the TPG server/workstation and CLMS web server shall be established according to requirements specified in MS 2482-1. 6.2.1 Identify chip type Since different chip types are available on MyKad, it is necessary to determine whether the chip has the capability to support load/remove functionality. In general, only MyKad chip having minimum 64 Kbytes data memory supports such functionality. However, for MyKad with ST19WL66 chip, the sequence counter is required to be obtained prior to load/remove application using the process in Annex A. 6.2.2 List existing applets In a multi-application environment such as MyKad, all applications are selectable by specifying its AID. For naming convention of applet and corresponding applet name, refer to NRD for pre-issued MyKad. 6.2.3 Get card info The “Get card info” process is necessary prior to any load/remove process in order to extract some card parameters in MyKad. These card parameters will be used to form the required XML request message that will be sent to the CLMS server in NRD. There are four key parameters to be extracted from MyKad and placed in the respective fields of the XML. The parameters are: a) MyKad serial number (CHIPSN); b) MyKad number (KPTNO); c) MyKad version number (KPTVERNO); and d) Card holder name (NAME). For detailed information on the XML, refer to subclause 6.3.3 of MS 2482-1:YYYY.

For Pub

lic Com

ment

14G008R1


6.2.4 Load/removal of applet The “Load GA library applet” process is required to be performed if when listing applets in the MyKad, the GA library applet is not found. The “Load agency applet” process is required to be performed if the agency applet is not found when listing applets in the MyKad. If the agency wishes to remove an applet from the MyKad, it is crucial to perform “List existing applets” function in order to verify the following: a) whether the agency applet exist in the MyKad; and b) whether the generic agency applet is the only applet in the MyKad. If yes, then the

agency will then, have to perform the following:

i) “Remove GA library applet”; and ii) “Remove agency applet”.

Otherwise, remove the agency applet only. The relevant data to be used for applet load and removal is retrieved by performing the connection to NRD as specified in MS 2482-1. NOTE. “agency applet” is the applet personalised by the user agency, while a “generic agency applet” refers to a non-personalised applet obtainable from NRD.

6.2.5 Acknowledgement of applet load/removal Upon completion of applet load/removal, the agency shall send an acknowledgement request to NRD according to the requirements specified in Table 3 of MS 2482-1:YYYY (see column “Completion update for load” and “Completion update for remove”). With this acknowledgment request, NRD are able to keep track of the current card details. 6.3 Generic Applet initialisation The initialisation process comprises of the following main processes: a) validation of transport key in both applet and initialisation SAM card; b) transfer of application keys into applet; c) formatting of applet space; and d) activate applet. The process flow shown in Figures 4a and 4b depicts the entire initialisation process. Meanwhile Table 1 describes briefly each process in Figures 4a and 4b.

For Pub

lic Com

ment

14G008R1


Figure 4a. Applet initialisation process flow (part 1) for MyKad Category A

For Pub

lic Com

ment

14G008R1


Figure 4b. Applet initialisation process flow (part 2) for MyKad Category A

For Pub

lic Com

ment

14G008R1


Table 1. Description of applet initialisation process

Process Description

Activate reader Establish communication with the smart card reader.

Select reader name for SAM card Select the slot being used for SAM card by specifying the reader name.

Select reader name for MyKad Select the slot being used for MyKad by specifying the reader name.

Establish connection with SAM card Establish communication with the SAM card.

Select applet for MyKad Select the specific AID of the MyKad applet for the next operation on that applet.

Select applet for SAM card Select the specific AID of the SAM card applet for the next operation on that applet.

Retrieve applet attribute from SAM card Get the applet information from the SAM card.

Verify PIN for SAM card If the SAM is protected with PIN, the application needs to present the PIN in order to access the SAM applet.

Inject transport key into MyKad Inject the transport key into MyKad applet.

Compare transport key between MyKad applet and SAM

Compare the injected transport key and the transport key in SAM. If the key match, then the application can continue to perform initialisation.

Inject applet key into MyKad Applet Transfer the applet key from SAM card into the applet. The number of keys will depend on the applet design.

Create data sets or EF in applet Create data files for the applet.

Activate applet Change the applet lifecycle status to “active” so that the applet is ready to be used.

Close reader Terminate communication with the reader.

6.4 Generic Applet personalisation The personalisation process involves encoding the necessary data into the appropriate EF space in the generic agency applet.

The pre-requisites of performing applet personalisation are as follows: a) SAM card for write process; b) PCSC compatible card reader with minimum one SAM slot; and c) applet personalisation application/function.

The process flow shown in Figures 5a and 5b depicts the entire applet personalisation process. Meanwhile Table 2 describes briefly each process in Figures 5a and 5b.

For Pub

lic Com

ment

14G008R1


Figure 5a. Applet personalisation process flow (part 1) for MyKad Category A

For Pub

lic Com

ment

14G008R1


Figure 5b. Applet personalisation process flow (part 2) for MyKad Category A

For Pub

lic Com

ment

14G008R1


Table 2. Description of applet personalisation process

Process Description


Select reader name for SAM Card Select the slot being used for SAM card by specifying the reader name.


Establish connection with SAM Card Establish communication with the SAM card.


Select EF within the MyKad applet Select the specific EF that wanted to be written with data.

Select applet in SAM card Select the specific AID of the SAM applet.

Retrieve applet data in MyKad or SAM card Get the applet information from the SAM card.


Perform challenge response After the SAM Applet is accessed, perform challenge response authentication between MyKad applet and SAM in order to gain access to the MyKad applet.

Write data into applet Write data into the MyKad applet.

Set write once attribute For data that is supposed to be set as write once, apply the write once function.


6.5 Generic Applet unblocking In the scenario where a MyKad is blocked, the following explains the process flow of how to unblock a blocked generic agency applet. The pre-requisites of performing unblock applet process are as follows: a) SAM card for unblocking applet; b) PCSC compatible card reader with minimum one SAM slot; and c) applet unblock application/function. The process flow shown in Figures 6 depicts the entire applet unblock key process. Meanwhile Table 3 describes briefly each process in Figure 6.

For Pub

lic Com

ment

14G008R1


Figure 6. Applet unblock key process flow for MyKad Category A

For Pub

lic Com

ment

14G008R1


Table 3. Description of applet unblock key process

Process Description


Select reader name for SAM card Select the slot being used for SAM card by specifying the reader name.


Establish connection with SAM card Establish communication with the SAM card.


Select applet for SAM card Select the specific AID of the SAM.

Retrieve applet attribute from SAM card Get the applet information from the SAM card.


Perform challenge response After the SAM Applet is accessed, perform challenge response authentication between MyKad applet and SAM in order to gain access to the MyKad applet.

Perform unblock applet Perform unblock operation to the MyKad applet.


For Pub

lic Com

ment

14G008R1


7 TPG load/remove application for MyKad Category B 7.1 Overview Processes related to the Generic Applet (GA) in MyKad include the following: a) GA loading and removing; b) GA initialisation; and c) GA personalisation. The flow for the GA processes is illustrated in Figure 7.

Figure 7. Generic Applet processes for MyKad Category B

For Pub

lic Com

ment

14G008R1


7.2 Generic Applet loading and removing 7.2.1 Applet loading Figure 8 describes the process of loading an agency applet from MyKad. Meanwhile, Table 4 describes briefly process in Figure 8.

Figure 8. Process of loading an agency applet into MyKad Category B

For Pub

lic Com

ment

14G008R1


In order to get the relevant applet data to be loaded into the MyKad, connection between the TPG server/workstation and CLMS web server shall be established according to requirements specified in MS 2482-1.

Table 4. Description of applet loading process for MyKad Category B

Process Description

Request ObjFile from Agency Server

The workstation requests the ObjFile, which is essentially the signed and pre-assembled applet, from the Agency Server if it is not already cached. This process is required to only execute once on each workstation start-up to minimize unnecessary bandwidth use.

Obtain Load Approval from NRD

MyKad is required to go through the approval process from NRD before applet loading is permitted. The connection to NRD is performed as described in MS 2482-1.

Acknowledgment of Applet Loading

Upon completion or should error occur during Applet Loading, the agency shall send an acknowledgment to NRD.

7.2.2 Applet removal

Figure 9 describes the process of removing an agency applet from MyKad. Meanwhile, Table 5 describes briefly process in Figure 9.

Table 5. Description of applet removal process for MyKad Category B

Process Description

Obtain Removal Approval from Agency Server

MyKad is required to go through the approval process from Agency Server before applet removal is permitted

Acknowledgment of Applet Removal

Upon completion or should error occur during Applet Removal, the agency shall send an acknowledgment to NRD.

For Pub

lic Com

ment

14G008R1


Figure 9. Process of removing an agency applet from MyKad Category B

For Pub

lic Com

ment

14G008R1


7.3 Generic Applet initialisation This subclause describes the initialisation process of applet. Applet is configured during this process. The EF files and read/write attributes are configured into the applet as per the applet profile. Figure 10 depicts the initialisation process. Meanwhile Table 6 describes briefly process in Figure 10.

Table 6. Description of applet initialisation process for MyKad Category B

Process Description



Authenticate Transport Key The workstation will first authenticate with MyKad using the default Transport Key in the SAM Bank

Inject applet key into MyKad Applet

Transfer the applet key from SAM Bank into the applet. The number of keys will depend on the applet design.

Activate applet Change the applet lifecycle status to “active” so that the applet is ready to be used.

Acknowledgment of Applet Initialisation

Upon completion or should error occur during initialisation, the agency shall send an acknowledgment to NRD as described in MS 2482-1.


For Pub

lic Com

ment

14G008R1


Figure 10. Applet initialisation process for MyKad Category B

For Pub

lic Com

ment

14G008R1


7.4 Generic Applet personalisation and data read/write This subclause describes the process for data personalisation, reading and writing onto MyKad. Figure 11 depicts the applet personalisation and data read/write process. Meanwhile Table 7 describes briefly process in Figure 11.

Figure 11. Applet personalisation and data read/write for MyKad Category B

For Pub

lic Com

ment

14G008R1


Table 7. Description of applet personalisation and data read/write for MyKad Category

B

Process Description


Select applet for MyKad and EF to read/write

Select the specific AID of the MyKad applet , and the specific EF for the next operation on that applet

Authenticate transport key The workstation will first authenticate with MyKad using the default Transport Key in the SAM Bank

Obtain read/write approval Approval from Agency Server is requested to gain read/write access to the agency applet

Perform read/write Data is read from/written to the agency applet


For Pub

lic Com

ment

14G008R1


7.5 TPG batch update Figure 12 describes the process to update information and transaction records stored at TPG server to NRD.

Figure 12. Process to update information and transaction records stored at TPG server

to NRD.

For Pub

lic Com

ment

14G008R1


The process in Figure 12 is described as follows: a) Window scheduler will check if it is the right time to send records of applet loading and

deletion to CLMS 1.0 or not. If yes, the batch update process is invoked. Else the window scheduler will continue to check for the right time.

b) Window scheduler will call CLMSAPIRequest webservice to trigger batch update for

records of applet loading and deletion. If the window schedule successfully call the webservice, records of applet loading and deletion will starts to transfer to CLMS 1.0.

c) If window scheduler failed to call the webservice, window scheduler will retry till the

counter reaches maximum count. Then window scheduler will return to process a).

For Pub

lic Com

ment

14G008R1


Annex A (normative)

Get sequence counter The process flow in Figure A.1 is only required for MyKad with ST19WL66 chip. The sequence counter of the ST19WL66 chip shall be retrieved from the output.

Figure A.1. Get sequence counter process flow

For Pub

lic Com

ment

14G008R1


Bibliography [1] ISO/IEC 7816-13, Identification cards - Integrated circuit cards - Part 13: Commands for

application management in a multi-application environment

For Pub

lic Com

ment

STANDARDS MALAYSIA 2015 - All rights reserved

Acknowledgements Members of Technical Committee on Identification Cards and Related Devices Prof Dr Zulkhairi Mohd Dahalin (Chairman) Universiti Utara Malaysia

Ms Syuibah Abirah Tarmizi (Deputy Chairman)

Multimedia Development Corporation Sdn Bhd

Ms Salwa Denan (Secretary) SIRIM Berhad

Ms Koh Lee Ching CALMS Tecnologies Sdn Bhd

Ms Norahana Salimin/

Mr Ahmad Dahari Jarno

CyberSecurity Malaysia

Mr Wong Chee Wai/

Mr Ramzani Abd Raub

Datasonic Group Berhad

Ms Connie Yee/

Mr Tan Jia Giin/

Ms Anis Azalina Mohamed

IRIS Corporation Berhad

Ms Nurul Ashikin Subli/

Ms Rohana Ismail

Jabatan Imigresen Malaysia

Ms Rajeswari Subaramaniam/

Ms Nur Diyana Fazlollah Suhaimi

Jabatan Pendaftaran Negara Malaysia

Ms Rohaila Abdul Latif Malaysian Electronic Payment System Sdn Bhd

Mr R Kunaseelan Malaysian National Computer Confederation

Mr Ahmad Nizar Harun/

Ms Siti Sarah Ramli

MIMOS Berhad

Mr Tahiruddin Hamdan Silterra Malaysia Sdn Bhd

Mr Shamsul Azhar Mohd Akhbar Tricubes Berhad

For Pub

lic Com

ment

DRAFT MALAYSIAN 14G008R1 STANDARD - SIRIM Berhad …€¦ · Suruhanjaya Komunikasi dan Multimedia...

Documents

Transcript of DRAFT MALAYSIAN 14G008R1 STANDARD - SIRIM Berhad …€¦ · Suruhanjaya Komunikasi dan Multimedia...