Application for Digital Certificate

MPKI provides certificate lifecycle management system with an advanced web-based configuration wizards, administration and support tools, report generators and application integration modules to give an enterprise full control over its CA & to provide the critical link to MSC Trustgate as a Certification Authority. The MPKI service capabilities provide end-user registration, revocation and certification renewal with screens customized to an organization’s specific look & feel for each application.

The effectiveness and security of any PKI system depends critically on how users manage their private keys stored in the media storage (token) associated to it. The concerns to be considered are security, portability, functionality, usability, manageability & cost. For flexibility, the organization can opt to store digital certificates in soft token, USB crypto tokens or roaming with soft certificate.

Among the Components of Managed PKI are:

  • Local Hosting (Digital ID Center) - enables company to host end-user lifecycle page (enrollment & revocation) on their Web server
  • Automated Administration Toolkit - automates the registration authoring functions, allowing transparent authentication & revocation of users or devices directly from pre-existing administrative systems or databases
  • Onsite Control Center (RA admin web portal) - interface where an administrator performs in managing MPKI service including report generation

Key differential advantages

Convenient online delivery and management of digital certificates.

End-user enrollment for digital certificate and certificate issuance is done via Web-based service. Both end-user and administrator services are browser-based and accessed via the Web.

Easy to use and manage with Web-based user and administrator services.

All the certificates can be applied for, registered, and enrolled online with the web browsers in a secure manner.

Complete control over digital certificate issuance, usage, certificate content, renewal, revocation and lifecycle management.

This is unlike the public CA deployment model whereby customers will have to rely on the public CA entirely and comply with the policies of the public CA. The public CA model also does not provide for control over service levels to end users and is difficult to scale in large user population.


Some of our local customers have previously used PKI solution provided by another PKI system provider. They have decided to switch to Trustgate because of our proven ability to scale and provide reliable PKI systems for critical financial transactions.

PKI Roaming Solution

PKI Roaming Solution is focusing primarily for enterprise to securely access private information and digitally sign critical transactions from any computer terminal, anytime, anywhere, making access to a wide variety of Web-based information and services from any remote terminal fast, easy and secure. The PKI Roaming Services is a variation on the traditional credential server approach where it uses multiple, independent Roaming servers to enhance security. Each Roaming server provides a component of the key that the user employs to retrieve & decrypt user roaming profile from the Storage server.

PKI Roaming Service employs multiple physical servers to store certificates and access information multiple pieces. The pieces are later reassembled, so passwords are never revealed to back-end servers (only the user ever knows the password), ensuring that an intruder or a malevolent insider can’t crack them. When a digital certificate is downloaded to the user’s terminal, it is not stored permanently on the hard drive of the terminal, but resides temporarily in the computer’s memory. The certificate lasts only as long as you need it, ensuring that other users do not have access to you credentials.

PKI Enable Software Modules

MSC Trustgate PKI Enablement Software Modules enable your enterprise to secure the Web interfaces to applications by implementing digital certificates to authenticate users and digitally signed or protect transactions and business. This PKI Enablement Software Modules consist of cryptographic components that accelerate the process of securing new or existing applications across your enterprise. It leverages your existing information technology (IT) infrastructure, integrating smoothly with standard browsers and applications.

  • PKI Client Module
  • PKI Validation / Verification Module
  • Encryption and Decryption Module