The application of 3rd party certification programme in Malaysia

Third party is known as certification body or certification association (CA) as a body given the license to operate as a trusted third party in the issuance of digital certificates. It also can known as an organization to undergo auditing processes by a respected, independent and competent. The most famous application of 3rd party certification program in Malaysia is provided by the MSC Trustgate.com Sdn Bhd. This company is a licensed CA in Malaysia which incorporated in 1999, operate out of the Multimedia Super Corridor under the Digital Signature Act 1997 (DSA) in Malaysia. It offers complete security solutions for individuals, organizations, government, and e-commerce service providers by digital certificates, encryption and decryption. Their vision is to enable organizations to conduct their business securely over the internet, as much as what they have been enjoying in the physical world.

Why is the 3rd party certification needed? The reason is there are threats of internet security spreading over the net nowadays. For example, with the increase of phishing on the internet; customers want to make sure that whether they are dealing business with a trusted party. They are afraid of their personal information such as ID number, passwords, credit card numbers and so on, will be sent to those companies which do not exist in this real world. Thus, the certification from 3rd party is needed to ensure their information traveled over the Internet reaches the intended recipients and is safe.

Examples of application of third party certification programme in Malaysia :

Secured Socket Layer(SSL)
A protocol original developed by Netscape in 1996 as a way of ensuring the security of e-commerce transactions, which was for transmitting private documents securely through internet (world wide web) is secure http(S-HTTP)
Global Server ID (GSID) – strongest encryption commercially available for secure communications via Server Gated Cryptography (SGC) technology. GSID authenticates websites and enables 128- or 256-bit encryption to ensure communications and transactions between the site and visitors.
Secure Server ID – protect the transfer of sensitive data on the website, intranets, and extranets using a minimum of 40-bit and up to 256-bit encryption. This server ID includes VeriSign Secured Seal.
VeriSign, inc. is the trusted provider of internet infrastructure services for the networked world. The SSL, identity and authentication, and Domain Name Services allow companies and consumers all over the world to engage in trusted communications and commerce.

CryptoSuite
It allow to secure files and documents with a single-click of the mouse button. This utility uses digital certificate to encrypt the file so that only the intended recipient with public key can decrypt it.

MyTrust for Mobile Signature
It can turns a SIM card into mobile digital identity for secure mobile banking and other financial services. Mobile digital signature provides non-repudiation on transactions under the Digital Signature Art, 1997.

MyKad PKI(MyKey)
Our country, Malaysia, has put it in place a smart national identity card (“MyKad”) for every citizen. MyKad with PKI capability allows the holder to conduct online transaction with government agencies and private sectors.