The application of 3rd party certification programme in Malaysia







What is third party certification programme? It is actually an assessment carried out to ensure compliance with standards and criteria. Due to the increase popularity of e-commerce usage, spamming, hacking and malicious threats are prone to happen frequently. Therefore, to ensure customer information reach the intended recipient and free from intruders, third part certification programme may be one of the choices.

How does this third party certification programme really works in the ecommerce world? With that, we have to starts off with the implementation of Public Key Infrastructure (PKI) technology. When an individual (sender) wish to send highly confidential information through online, the individual needs to obtain a special certificate from the certified authorities (CA). CA will act as trusted third parties which provide you with public and private key. Public key and private key is used to encrypt and decrypt information for better security assurance. Few CA which is popular in Malaysia are MSC Trustgate.com Sdn Bhd, VeriSign.Inc and Digicert Sdn Bhd.


Application of 3rd party certification programme in Malaysia for:


1. Internet, Intranet and Server Security

To ensure the security of using internet, intranet and server, the 3rd party certification is being used to enhance the security. This is especially important if you are doing the online selling and buying transactions. For example, a Secure Socket Layers (SSL) certificate is a 3rd party certification of MSC Trustgate.com Sdn Bhd. There are 2 types of Server ID being offered which are Global Server ID and Secure Server ID.

Global Server ID enables 128-256 bit encryption to secure communications and transactions between site and visitors. Besides, it also comes with a VeriSign Secured Seal to serve as a proof that the website is genuine.

On the other hand, Secure Server ID protects the transfer of sensitive data by using 40-bit to 256-bit encryption. VeriSign Secured Seal is provided too.

By having the Server ID, it is says that user can enjoy the convenience of having the purchase order and volume discounts in few steps. Besides, it is also easy when come to set up and configuration. Server ID can efficiently manage multiple servers and renew certificates which come in flexible bundles. Moreover, broad compatibility to different operation system shows that it is user friendly.


2. Enterprise Trust Service

This service is guarded by Managed Public Key Infrastructure (MPKI). MPKI does have maximum flexibility, performance, and scalability with high availability and security. With that, organizations are likely to set up multiple digital certification programs quickly, easily and economically by having PKI and CA in shortest time, lowest price but in complete control. It is prove that MPKI is a user friendly program.


3. Secure Transactions, Documents and Email

Data are being travelled in the unsecured network whether it is confidential or not. But for those which are highly confidential, we ought to take some precautions from being intruded or altered. Digital ID is the way to help u sign and encrypt those confidential data. It is again uses both private and public key to facilitate authentication, privacy, authorization, integrity and non-repudiation.

MSC Trustgate.com offers CyptoSuite to encrypt and decrypt the file so that only intended recipient can access to it. The encrypted file can be stored or send as mail.

MSC Trustgate.com Digital ID is another product which to ensure the email remain confidential by signature and encryption. In other words, it serves as an electronic substitute for handwritten signature and sealed envelops.


4. Mobile Signature

MSC Trustgate.com offers MyTrust as the 3rd party certification tools in mobile signature. It is further subdivided to MyTrust for Government, MyTrust for Bank and Mytrust for Enterprise. This application acts similarly as the above PKI but its only different is it is in wireless form. SIM cards are first to be preloaded with MyTrust application and digital certification from licensed CA. After that, users are able to digitally sign any transaction via mobile phone. Besides MSC Trustgate.com, Digicert also offers the almost similar application which known as Digicert mobile application. It is says that transaction can being done safely no matter is through GPRS, Bluetooth or Infrared.


5. My Kad

My Kad PKI solution which is called My Key is actually invented by MSC Trustgate.com. The small chip that attach to the My Kad makes a big different compare to the previous identity card. It does not just serve as national identity card to the card holder but it is also a serve as driving licence, storing passport and medical information as well as e-cash tool. Therefore, PKI is there to give higher security by digitally sign documents or transactions. MyKey modules consist of MyKey Application Programming Interface (API), Signing module, Verification module and MyKad Client Kit.


6. E-filling

E-filling is introduced by Lembaga Hasil Dalam Negeri Malaysia (LHDNM) in collaboration with Digicert Sdn Bhd in a sense that to allow the taxpayer to declare their taxes in own convenience. The nature of the name e-filling shows us that the internet is used as the transport media. To ensure intergrity, confidentiality and authenticity, digital certificate conforms to X.509 standard is introduced by LHDNM and Digicert Sdn Bhd.


Base on the discussed application, I found that the third party certification is highly essential in the dangerous internet world. Despite the changes of norm that normal activity to be done in electronically way, we still see privacy as an important thing. Therefore, higher level security is needed. Lastly, I would like to voice out that “password does not keeps you safe anymore!!!”

----------------------------------------------------------------------------------------------------------------------------------

Related Links:


2 comments:

veloce said...

I really do not know that there are still so many precaution steps can be made...i've seen verisign logo somewhere before but don't know what the use is...now i think i have brief idea what it is now

Anonymous said...

All these are required to protect the online transaction users. There is the need to verfy that the party you are dealing with is the genuine one. The transaction also need to be secured and it's confidentiality preserved by using encryption. No systems is totally secure. Even with all the security checks in place online transaction users must be still be vigilant to minimised the risk of being compromised.

Post a Comment