MYDIGITAL ID INFRASTRUCTURE

Ng Kang Siong
28 June 2019

© 2019 MIMOS Berhad. All rights reserved. 1

 Terms

Entity Identity

Attributes associate
with entity
Example:
• Full name

• Date of birth

• Address

One and only • Identity Card

Number

How to link Identity to Entity? • Phone Number

Self claimed • Fingerprint

Identity Provider trusted by Service Provider

© 2019 MIMOS Berhad. All rights reserved. 2

 Identification Document

Identification Document Example of Issuing Bodies (Identity Provider)

Birth certificate Birth Register Office, Ministry of Interior

Passport Passport Office, Immigration Office

Driving license Transport Department

Marriage certificate Marriage Register Office

Social security card Social security

Bank statement Banks

Education certificate Schools, universities

Identity Provider links the identity with the entity.

‘Strength’ of the linkage differs.

© 2019 MIMOS Berhad. All rights reserved. 3

 Example (Without National Identity Infrastructure)

work
school

property

Service providers will typically

demand multiple identification
documents
Who are you?
Service providers decides
type of identification documents to
accept No single point of trust for identity

© 2019 MIMOS Berhad. All rights reserved. 4

 Malaysia National Infrastructure for Identity

First issued under Emergency Ordinance 1948

Source: https://dailyrakyat.com/kad-pengenalan-sejarah-dan-evolusi-memacu-kepintarannya/987
© 2019 MIMOS Berhad. All rights reserved. 5
 Evolution of Identity Card in Malaysia

Source: https://www.jpn.gov.my/sejarah/
© 2019 MIMOS Berhad. All rights reserved. 6
 Functions of National Registration Department
Jabatan Pendaftaran Negara (JPN)

Collect, integrate and register important personal

information

Issue registration certificates

Maintain permanent registers

Enforce registration acts, ordinances and regulations

National Registration Act 1959 [Act 78]

Source: https://www.jpn.gov.my/dasar-agensi/
© 2019 MIMOS Berhad. All rights reserved. 7
 Benefit of National Identity

• Is viewed as infrastructural cost for the nation

– No cost/minimum cost to citizen
• Simplify identity verification process
– Centralised Identity Provider
• Reduce total cost of doing business
– No need to verify multiple identity documents

© 2019 MIMOS Berhad. All rights reserved. 8

 Usage Scenario of National Identity Card (MyKad)

1. Entity submits National Identity Card (MyKad) over the counter.

2. Counter staff verifies the MyKad and might performs biometric verification.
3. Identity information (attributes) on the MyKad is used.
What will happen at online counter?

© 2019 MIMOS Berhad. All rights reserved. 9

 Who are you?

© 2019 MIMOS Berhad. All rights reserved. 10

 This is how you show who you are

LDAP AppleID Digital Certificate

GoogleID
SAML Password OTP Token
One-Time PIN Smartcard Kerberos
WechatID Mobile Number AliPay
SMS TAC FacebookID PGP
ActiveDirectory Public Key

© 2019 MIMOS Berhad. All rights reserved. 11

 Current Challenges

• No standardization on digital identity

• Fragmentation / domain based implementation

– Duplication of setup and maintenance cost

• Variable degree of security and privacy protection

measures by various implementations and technologies

© 2019 MIMOS Berhad. All rights reserved. 12

 National Digital ID Infrastructure

• To Support Digital Economy

– Telecommunication infrastructure
– Digital ID infrastructure

• Objective of Digital ID Infrastructure

– Verifiable platform of trust for individual identity
• Online services and transactions
• Perform digital signature with non-repudiation property

© 2019 MIMOS Berhad. All rights reserved. 13

 Online Access Control Framework

Entity Authentication Assurance Framework ISO/IEC 29115 and ITU-T X.1254

Authenticator Authentication Authorization
Enrolment Phase Phase Phase
Management Phase
Performs user
Performs identity proofing authentication based Decides the role and
Issues, records and
ensuring attributes for particular on credential permission by the
updates authenticator
entity are accurate provided by user user

Entity Identity Authenticator Authentication Authorization

Attributes associates
Something you know Process of verifying Process of allowing
with entity, example
password credential user to perform
• Full name specific action at the
Something you have application.
• Date of birth
national ID card
• I. C. Number digital certificate Based on unique
One and only index provided after
Individual or organization rep mobile number
authentication to
passport lookup
Who you are authorization
information from
biometric
storage
© 2019 MIMOS Berhad. All rights reserved. 14
 Access Control based on MyDigital ID
MyDigital ID Kiosks, National Registration Department, CA Application Provider

MyDigital ID Issuance & Revocation MyDigital ID Usage

Authenticator Authentication Authorization

Enrolment Phase Phase Phase
Management Phase
Performs user
Performs identity proofing Issues, records and authentication based Decides the role and
ensuring attributes for particular updates credential on credential permission by the
entity are accurate provided by user user

Entity Identity Authenticator Authentication Authorization

Attributes associates MyDigital ID Process of verifying Process of allowing

with entity, example
authenticator user to perform
Something you know
• Full name (MyDigital ID). specific action at the
• Identity Card
password application.
Number Something you have
Mobile phone with Based on unique
One and only index (identity card
Individual or organization rep digital certificate
and private key number) provided
using MyDigital ID after authentication
App. Digital to lookup
certificate issued by authorization
licensed CA information from
© 2019 MIMOS Berhad. All rights reserved.
storage 15
 MyDigital ID Issuance

National Registration Act 1959

Digital Signature Act 1997

Licensed Certification Authorities

Provides
Digital ID Download
MyDigital ID
App
Registration
Counter/Kiosks Mobile Phone
Registration
personnel/Kiosks
performs biometric
verification of user
against MyKad

© 2019 MIMOS Berhad. All rights reserved. 16

 MyDigital ID Issuance

Identity
Kiosk / over-the-counter

verifies with

attributes
MyDigital ID
Entity attributes Registration
Server

biometric verification

Credential
password Licensed Certification
Digital certificate Authority

MyDigital ID App
Bind entity, identity and credential using kiosk

© 2019 MIMOS Berhad. All rights reserved. 17

 MyDigital ID Revocation

Identity
Kiosk / over-the-counter
verifies with

attributes
MyDigital ID
attributes Registration
Entity Server

biometric verification

Licensed Certification
Authority

Digital Signature Act 1997 [Act 562]

© 2019 MIMOS Berhad. All rights reserved. 18

 USAGE SCENARIOS OF MYDIGITAL ID

© 2019 MIMOS Berhad. All rights reserved. 19

 Mobile App Usage Scenario

Entity
Bank App Bank Server
password

MyDigital ID App

Credential
Digital certificate

© 2019 MIMOS Berhad. All rights reserved. 20

 Browser App Usage Scenario

Browser

Entity scan

Bank App Bank Server

password

MyDigital ID App

Credential
Digital certificate

© 2019 MIMOS Berhad. All rights reserved. 21

 Physical Access Scenario

Door Access
Server

Entity

Door Access App

MyDigital ID App

Credential
Digital certificate

© 2019 MIMOS Berhad. All rights reserved. 22

 MyGovernment Portal Services

© 2019 MIMOS Berhad. All rights reserved. 23

 MyGovernment Portal Services

© 2019 MIMOS Berhad. All rights reserved. 24

 MyGovernment Portal Services

© 2019 MIMOS Berhad. All rights reserved. 25

 MyGovernment Portal Login using MyDigital ID

© 2019 MIMOS Berhad. All rights reserved. 26

 Health Data Warehouse

© 2019 MIMOS Berhad. All rights reserved. 27

 Signature for Online Application Form

Fill up Online application

Visit a Website
form

Embed the
Request for Signature
Signature

Copyright @ MSC Trustgate 2019

© 2019 MIMOS Berhad. All rights reserved. 28

 Signed PDF

© 2019 MIMOS Berhad. All rights reserved. 29

 MyDigital ID Services and Applications

Current Services Upcoming Services

Peer-to-peer financial platform
Digital Bank Credit Rating Inquiry
Secure parcel drop / Drone delivery
Online form PDF signer PKI in blockchain usage for FI

Supported Applications and Development Platforms

IBM WebSphere Liberty

ADFS
and more to come…

© 2019 MIMOS Berhad. All rights reserved. 30

 Application Protocol MyDigital ID Components & Functions
Layer

Mobile phone

internet Online App

Mobile App
Server

MyDigital ID MyDigital ID
App Server
Core Function

Issue authorization token for:

Layer

• Authentication • Authentication
• Digital signature • Digital signature
• Generation of CSR • Generation of CSR
• Storage of user certificate • Storage of user certificate

© 2019 MIMOS Berhad. All rights reserved. 31

 MyDigital ID Ecosystem
Certification Authority
MyDigital ID MyDigital ID
Provider App Server

Activation Controller for

• Digital ID
Mobile phone Management
• Authentication
MyDigital ID • Digital Signature
Management
App
internet MyDigital ID
Mobile App App Server #1
Server
#1
Service Activation for
Mobile App • Authentication
#2

Mobile App App Server #2 MyDigital ID

#3 Server
App Server #3
Service Activation for
• Digital Signature
MyDigital ID
App Services activation for
MyDigtial ID
• Authentication
Server
• Digital Signature

Activation of MyDigital ID app and verification of user Digital ID is de-centralised

© 2019 MIMOS Berhad. All rights reserved. 32

 MyDigital ID Deployment Government Services
MyDigital ID Issuance
Financial Services
Automated Process
via kiosks Cross border Services

eCommerce Services
Human-Assisted Process
via counter service Community Services

Corporate Services

Governance Framework
Technology Platform

Government driven Industry driven

© 2019 MIMOS Berhad. All rights reserved. 33

 ksng@mimos.my

© 2019 MIMOS Berhad. All rights reserved.