MYDIGITAL ID INFRASTRUCTURE Ng Kang Siong

28 June 2019

© 2019 MIMOS Berhad. All rights reserved. 1

Terms

Entity Identity

• Full name

• Date of birth

• Address

• Identity Card Number

Attributes associate with entity

One and only

• Phone Number How to link Identity to Entity?

Example:

Self claimed

Identity Provider trusted by Service Provider

• Fingerprint

© 2019 MIMOS Berhad. All rights reserved. 2

Identification Document

Identification Document Example of Issuing Bodies (Identity Provider)

Birth certificate Birth Register Office, Ministry of Interior

Passport Passport Office, Immigration Office

Driving license Transport Department

Marriage certificate Marriage Register Office

Social security card Social security

Bank statement Banks

Education certificate Schools, universities

Identity Provider links the identity with the entity.

‘Strength’ of the linkage differs.

© 2019 MIMOS Berhad. All rights reserved. 3

Example (Without National Identity Infrastructure)

Who are you?

property

school work

No single point of trust for identity

Service providers will typically demand multiple identification documents

Service providers decides type of identification documents to accept

© 2019 MIMOS Berhad. All rights reserved. 4

Malaysia National Infrastructure for Identity

5 © 2019 MIMOS Berhad. All rights reserved.

First issued under Emergency Ordinance 1948

Source: https://dailyrakyat.com/kad-pengenalan-sejarah-dan-evolusi-memacu-kepintarannya/987

Evolution of Identity Card in Malaysia

6 © 2019 MIMOS Berhad. All rights reserved.

Source: https://www.jpn.gov.my/sejarah/

Functions of National Registration Department

Jabatan Pendaftaran Negara (JPN)

7 © 2019 MIMOS Berhad. All rights reserved.

Collect, integrate and register important personal information

Issue registration certificates

Maintain permanent registers

Enforce registration acts, ordinances and regulations

Source: https://www.jpn.gov.my/dasar-agensi/

National Registration Act 1959 [Act 78]

Benefit of National Identity

• Is viewed as infrastructural cost for the nation

– No cost/minimum cost to citizen

• Simplify identity verification process

– Centralised Identity Provider

• Reduce total cost of doing business

– No need to verify multiple identity documents

© 2019 MIMOS Berhad. All rights reserved. 8

Usage Scenario of National Identity Card (MyKad)

1. Entity submits National Identity Card (MyKad) over the counter.

2. Counter staff verifies the MyKad and might performs biometric verification.

3. Identity information (attributes) on the MyKad is used.

What will happen at online counter?

© 2019 MIMOS Berhad. All rights reserved. 9

Who are you?

10 © 2019 MIMOS Berhad. All rights reserved.

This is how you show who you are

11 © 2019 MIMOS Berhad. All rights reserved.

Password One-Time PIN

SMS TAC

OTP Token

Smartcard Mobile Number

Digital Certificate

Public Key

PGP

Kerberos

LDAP

ActiveDirectory FacebookID

GoogleID AppleID

SAML

AliPay WechatID

Current Challenges

• No standardization on digital identity

• Fragmentation / domain based implementation

– Duplication of setup and maintenance cost

• Variable degree of security and privacy protection

measures by various implementations and technologies

12 © 2019 MIMOS Berhad. All rights reserved.

National Digital ID Infrastructure

• To Support Digital Economy

– Telecommunication infrastructure

– Digital ID infrastructure

• Objective of Digital ID Infrastructure

– Verifiable platform of trust for individual identity

• Online services and transactions

• Perform digital signature with non-repudiation property

13 © 2019 MIMOS Berhad. All rights reserved.

Online Access Control Framework

Entity Authentication Assurance Framework ISO/IEC 29115 and ITU-T X.1254

Entity Identity

• Full name

• Date of birth

• I. C. Number

Attributes associates with entity, example

One and only Individual or organization rep

Performs identity proofing ensuring attributes for particular entity are accurate

Enrolment Phase

Authenticator

Something you know

Something you have

Who you are

password

national ID card

biometric

digital certificate

mobile number

Issues, records and updates authenticator

passport

Authenticator Management Phase

Authentication

Process of verifying credential

Performs user authentication based on credential provided by user

Authentication Phase

Authorization

Decides the role and permission by the user

Process of allowing user to perform specific action at the application. Based on unique index provided after authentication to lookup authorization information from storage

Authorization Phase

© 2019 MIMOS Berhad. All rights reserved. 14

Access Control based on MyDigital ID

15 © 2019 MIMOS Berhad. All rights reserved.

Application Provider

MyDigital ID Issuance & Revocation

Entity Identity

• Full name

• Identity Card Number

Attributes associates with entity, example

One and only Individual or organization rep

Performs identity proofing ensuring attributes for particular entity are accurate

Enrolment Phase

Authenticator

Something you know

Something you have

password

Mobile phone with digital certificate and private key using MyDigital ID App. Digital certificate issued by licensed CA

Issues, records and updates credential

Authenticator Management Phase

Authentication

Process of verifying authenticator (MyDigital ID).

Performs user authentication based on credential provided by user

Authentication Phase

Authorization

Decides the role and permission by the user

Process of allowing user to perform specific action at the application. Based on unique index (identity card number) provided after authentication to lookup authorization information from storage

Authorization Phase

MyDigital ID

MyDigital ID Usage

MyDigital ID Kiosks, National Registration Department, CA

MyDigital ID Issuance

Mobile Phone

Licensed Certification Authorities

Provides Digital ID Download

MyDigital ID App

Registration Counter/Kiosks

Registration personnel/Kiosks performs biometric verification of user against MyKad

Digital Signature Act 1997 National Registration Act 1959

© 2019 MIMOS Berhad. All rights reserved. 16

MyDigital ID Issuance

attributes

biometric verification

Bind entity, identity and credential using kiosk

Entity

Credential

Identity

Digital certificate

verifies with

attributes

Licensed Certification Authority

MyDigital ID App

MyDigital ID Registration

Server

Kiosk / over-the-counter

17 © 2019 MIMOS Berhad. All rights reserved.

password

MyDigital ID Revocation

attributes

biometric verification

Entity

Identity

verifies with

attributes

Licensed Certification Authority

MyDigital ID Registration

Server

Kiosk / over-the-counter

18 © 2019 MIMOS Berhad. All rights reserved.

Digital Signature Act 1997 [Act 562]

USAGE SCENARIOS OF MYDIGITAL ID

19 © 2019 MIMOS Berhad. All rights reserved.

Mobile App Usage Scenario

20 © 2019 MIMOS Berhad. All rights reserved.

Entity

MyDigital ID App

Bank Server

password

Bank App

Credential

Digital certificate

Browser App Usage Scenario

Browser

21 © 2019 MIMOS Berhad. All rights reserved.

Entity

MyDigital ID App

Bank Server

password

Bank App

Credential

Digital certificate

scan

Physical Access Scenario

22 © 2019 MIMOS Berhad. All rights reserved.

Entity

MyDigital ID App

Door Access App

Credential

Digital certificate

Door Access Server

MyGovernment Portal Services

23 © 2019 MIMOS Berhad. All rights reserved.

MyGovernment Portal Services

24 © 2019 MIMOS Berhad. All rights reserved.

MyGovernment Portal Services

25 © 2019 MIMOS Berhad. All rights reserved.

MyGovernment Portal Login using MyDigital ID

26 © 2019 MIMOS Berhad. All rights reserved.

Health Data Warehouse

27 © 2019 MIMOS Berhad. All rights reserved.

Copyright @ MSC Trustgate 2019

Visit a Website Fill up Online application

form

Embed the Signature

Request for Signature

Signature for Online Application Form

© 2019 MIMOS Berhad. All rights reserved. 28

Signed PDF

29 © 2019 MIMOS Berhad. All rights reserved.

MyDigital ID Services and Applications

30 © 2019 MIMOS Berhad. All rights reserved.

Current Services

Supported Applications and Development Platforms

IBM WebSphere Liberty

ADFS

Upcoming Services

Peer-to-peer financial platform

Digital Bank

Secure parcel drop / Drone delivery

and more to come…

Online form PDF signer PKI in blockchain usage for FI

Credit Rating Inquiry

MyDigital ID Components & Functions

31 © 2019 MIMOS Berhad. All rights reserved.

MyDigital ID App

MyDigital ID Server

Mobile App Online App

Server

Mobile phone

internet

• Authentication • Digital signature • Generation of CSR • Storage of user certificate

Issue authorization token for: • Authentication • Digital signature • Generation of CSR • Storage of user certificate

Ap

plic

atio

n P

roto

col

Laye

r C

ore

Fu

nct

ion

La

yer

MyDigital ID Ecosystem

32 © 2019 MIMOS Berhad. All rights reserved.

MyDigital ID App

Mobile phone

MyDigital ID Provider App

MyDigital ID Server

Activation Controller for • Digital ID

Management • Authentication • Digital Signature MyDigital ID

Management App

internet Mobile App

#1

App Server #1

Service Activation for • Authentication

MyDigital ID Server

Service Activation for • Digital Signature

App Server #2

Mobile App #2

MyDigital ID Server

App Server #3

Services activation for • Authentication • Digital Signature

Mobile App #3

MyDigtial ID Server

Certification Authority

Activation of MyDigital ID app and verification of user Digital ID is de-centralised

MyDigital ID Deployment

33 © 2019 MIMOS Berhad. All rights reserved.

Automated Process

Human-Assisted Process

via kiosks

via counter service

Government Services

Financial Services

Corporate Services

eCommerce Services

Community Services

Cross border Services

MyDigital ID Issuance

Government driven Industry driven

Technology Platform

Governance Framework

ksng@mimos.my

© 2019 MIMOS Berhad. All rights reserved.