Application for Digital Certificate

MPKI provides certificate lifecycle management system with an advanced web-based configuration wizards, administration and support tools, report generators and application integration modules to give an enterprise full control over its CA & to provide the critical link to MSC Trustgate as a Certification Authority. The MPKI service capabilities provide end-user registration, revocation and certification renewal with screens customized to an organization’s specific look & feel for each application.

The effectiveness and security of any PKI system depends critically on how users manage their private keys stored in the media storage (token) associated to it. The concerns to be considered are security, portability, functionality, usability, manageability & cost. For flexibility, the organization can opt to store digital certificates in soft token, USB crypto tokens or roaming with soft certificate.

Among the Components of Managed PKI are:

  • Local Hosting (Digital ID Center) - enables company to host end-user lifecycle page (enrollment & revocation) on their Web server
  • Automated Administration Toolkit - automates the registration authoring functions, allowing transparent authentication & revocation of users or devices directly from pre-existing administrative systems or databases
  • Onsite Control Center (RA admin web portal) - interface where an administrator performs in managing MPKI service including report generation

Key differential advantages

Convenient online delivery and management of digital certificates.
End-user enrollment for digital certificate and certificate issuance is done via Web-based service. Both end-user and administrator services are browser-based and accessed via the Web.

Complete control over digital certificate issuance, usage, certificate content, renewal, revocation and lifecycle management.
This is unlike the public CA deployment model whereby customers will have to rely on the public CA entirely and comply with the policies of the public CA. The public CA model also does not provide for control over service levels to end users and is difficult to scale in large user population.

Easy to use and manage with Web-based user and administrator services.
All the certificates can be applied for, registered, and enrolled online with the web browsers in a secure manner.

Some of our local customers have previously used PKI solution provided by another PKI system provider. They have decided to switch to Trustgate because of our proven ability to scale and provide reliable PKI systems for critical financial transactions.

PKI Roaming Solution

PKI Roaming Solution is focusing primarily for enterprise to securely access private information and digitally sign critical transactions from any computer terminal, anytime, anywhere, making access to a wide variety of Web-based information and services from any remote terminal fast, easy and secure. The PKI Roaming Services is a variation on the traditional credential server approach where it uses multiple, independent Roaming servers to enhance security. Each Roaming server provides a component of the key that the user employs to retrieve & decrypt user roaming profile from the Storage server.

PKI Roaming Service employs multiple physical servers to store certificates and access information multiple pieces. The pieces are later reassembled, so passwords are never revealed to back-end servers (only the user ever knows the password), ensuring that an intruder or a malevolent insider can’t crack them. When a digital certificate is downloaded to the user’s terminal, it is not stored permanently on the hard drive of the terminal, but resides temporarily in the computer’s memory. The certificate lasts only as long as you need it, ensuring that other users do not have access to you credentials.

PKI Enable Software Modules

MSC Trustgate PKI Enablement Software Modules enable your enterprise to secure the Web interfaces to applications by implementing digital certificates to authenticate users and digitally signed or protect transactions and business. This PKI Enablement Software Modules consist of cryptographic components that accelerate the process of securing new or existing applications across your enterprise. It leverages your existing information technology (IT) infrastructure, integrating smoothly with standard browsers and applications.

  • PKI Client Module
  • PKI Validation / Verification Module
  • Encryption and Decryption Module

MyTrust Multi-factor Authentication (MFA)

Advanced cyberthreats targeting government and financial institutions are growing in frequency and sophistication. With a long-standing focus on secure authentication mechanism, MSC Trustgate helps government and financial institutions implement secure MFA for transactions across various applications and multiple access channels.

MFA is an authentication platform that supports the use of more than one verification methods. It enhances the security of identity verification for online transactions. MFA delivers a secure, scalable, reliable and centralized authentication and management platform to provide identity theft protection and protection from phishing attacks. MFA authentication scheme typically must include two of the three schemes: something the user knows (e.g. PIN), something the user has (e.g. Token), something the user is (e.g. Digital Identity).

Internet applications can leverage on MSC Trustgate’s MFA platform to verify the credentials of users via multiple form factors such as User-Password, SMS-OTP (One Time Password), FIDO (Fast ID On-Line), Mobile OTP, OCRA Token and QR code. MSC Trustgate’s MFA can effectively mitigate risk for online access or transaction to enable true efficiency and satisfying customers’ complex requirement.

Adaptive Intelligent System

One of the key features of MFA platform is transparently monitoring user behaviour to identify anomalies and then calculate the risk associated with a particular request or transaction in real-time. It has the ability to increase the strength of authentication based on real-time risk of customer behaviour, rather than forcing all users to authenticate based on static policy.

Benefits of MFA

  • Fully Automated
  • Drastically reduces the time and cost of provisioning, administration and management of users and tokens

  • Omni Channel Support
  • Supports an omni channel user experience – one device can become the authenticator for a range of digital channels

  • Low Cost of Ownership
  • Substantially reduces the total cost of operation compared to traditional strong authentication environments

Comparison between MFA and SMS OTP

Secure High Low
Device Profiling Yes No
Private Key Ownership Yes No
Support Digital Certificate Yes No
Transact While Oversea Yes No
Man in the Middle Attack Yes No
Cost Per Transaction Per Transaction
Scalable and Adaptable Yes No
Quick and Simple Deployment Yes No

MyTrust Signer

Digitally signing a document has been made easy, efficient and secure by the prevailing electronic document software such as Adobe® that supports the authentication of digital data based on public key infrastructure (PKI) technologies. With digital signature, many companies have adopted electronic documents in place of paper documents where traditional pen-and ink signatures were used.

MSC Trustgate’s digitally signature platform complies with the Digital Signatures Act 1997/98 of Malaysia and other international standard, making digitally signed documents legally binding and non-repudiable. Recipients can be confident and assured that the digitally signed document has not been altered and it has been signed by someone that the recipients trusted.

Why MyTrust Signer?

  • Prevalent Adoption of E-Document
  • 90% per of business records created are electronic

  • Convenient
  • Can access anytime and anywhere, easy tracking search and retrieve, which is crucial for time-sensitive cases

  • Cost Saving
  • Eliminating paper based approval processes, Reduce the amount of physical storage required for paper documents

  • Authenticity and Integrity
  • Assure that the content has not been changed or tampered with since it was digitally signed

  • Non-Repudiation
  • Documents are digitally signed and legally binding

Features of of MyTrust Signer

  • Individual document signing (Smart Card / USB Token) or bulk signing of corporate documents (HSM Certificates)
  • SHA 256 support
  • Revocation checking on signing certificates
  • Time Stamping
  • QR-Code embedded for signature verification

Sample of Signed PDF document

Public Key Infrastructure Implementation Services

As Malaysia’s premier licensed Certification Authority, MSC Trustgate not merely consults but offers a hands-on day-to-day experience as a CA for managed/outsource Public Key Infrastructure - based on our annually WebTrust Principles and Criteria for Certificate Authorities audit data centre, housed in the broadband MSC corridor in Cyberjaya, with repository, revocation and key escrow services. Our Certificate Practice Statement includes highest liability level to ensure premium trusted services.

Leverage the opportunities of either an independent/private in-house or a fully outsource-PKI solution and optimize application integration across the enterprise network.

To handle high volumes of users, enable on growth and ensure 24x7 operations business critical intranets and Web sites, enterprises need a public key infrastructure built for performance, scalability and availability.

Security Consultancy Services

Security plays an important role for distributed heterogeneous and mission critical applications valuable business resources that are accessible over the network need to be protected against misuse to ensure the business runs smoothly.

As a trusted authority in Malaysia, we bring you the full spectrum of security solutions to help you build a solid, secure and trusted environment for your organization. Our services include vulnerability scanning, security assessment, security architecture design, intrusion prevention, security audit and consultancy. Our consultants have extensive experience in implementing IT security and our Security Management framework (SMF) conforms to SAS 70 standard. We delivers to you an effective security infrastructure that not only help you protect your network from attacks, but also save you time and money from having to constantly react to security problem.