Application for Digital Certificate

MPKI provides certificate lifecycle management system with an advanced web-based configuration wizards, administration and support tools, report generators and application integration modules to give an enterprise full control over its CA & to provide the critical link to MSC Trustgate as a Certification Authority. The MPKI service capabilities provide end-user registration, revocation and certification renewal with screens customized to an organization’s specific look & feel for each application.

The effectiveness and security of any PKI system depends critically on how users manage their private keys stored in the media storage (token) associated to it. The concerns to be considered are security, portability, functionality, usability, manageability & cost. For flexibility, the organization can opt to store digital certificates in soft token, USB crypto tokens or roaming with soft certificate.

Among the Components of Managed PKI are:

  • Local Hosting (Digital ID Center) - enables company to host end-user lifecycle page (enrollment & revocation) on their Web server
  • Automated Administration Toolkit - automates the registration authoring functions, allowing transparent authentication & revocation of users or devices directly from pre-existing administrative systems or databases
  • Onsite Control Center (RA admin web portal) - interface where an administrator performs in managing MPKI service including report generation

Key differential advantages

Convenient online delivery and management of digital certificates.
End-user enrollment for digital certificate and certificate issuance is done via Web-based service. Both end-user and administrator services are browser-based and accessed via the Web.

Complete control over digital certificate issuance, usage, certificate content, renewal, revocation and lifecycle management.
This is unlike the public CA deployment model whereby customers will have to rely on the public CA entirely and comply with the policies of the public CA. The public CA model also does not provide for control over service levels to end users and is difficult to scale in large user population.

Easy to use and manage with Web-based user and administrator services.
All the certificates can be applied for, registered, and enrolled online with the web browsers in a secure manner.

Some of our local customers have previously used PKI solution provided by another PKI system provider. They have decided to switch to Trustgate because of our proven ability to scale and provide reliable PKI systems for critical financial transactions.

PKI Roaming Solution

PKI Roaming Solution is focusing primarily for enterprise to securely access private information and digitally sign critical transactions from any computer terminal, anytime, anywhere, making access to a wide variety of Web-based information and services from any remote terminal fast, easy and secure. The PKI Roaming Services is a variation on the traditional credential server approach where it uses multiple, independent Roaming servers to enhance security. Each Roaming server provides a component of the key that the user employs to retrieve & decrypt user roaming profile from the Storage server.

PKI Roaming Service employs multiple physical servers to store certificates and access information multiple pieces. The pieces are later reassembled, so passwords are never revealed to back-end servers (only the user ever knows the password), ensuring that an intruder or a malevolent insider can’t crack them. When a digital certificate is downloaded to the user’s terminal, it is not stored permanently on the hard drive of the terminal, but resides temporarily in the computer’s memory. The certificate lasts only as long as you need it, ensuring that other users do not have access to you credentials.

PKI Enable Software Modules

MSC Trustgate PKI Enablement Software Modules enable your enterprise to secure the Web interfaces to applications by implementing digital certificates to authenticate users and digitally signed or protect transactions and business. This PKI Enablement Software Modules consist of cryptographic components that accelerate the process of securing new or existing applications across your enterprise. It leverages your existing information technology (IT) infrastructure, integrating smoothly with standard browsers and applications.

  • PKI Client Module
  • PKI Validation / Verification Module
  • Encryption and Decryption Module

MyTrust Multi-factor Authentication (MFA)

Advanced cyberthreats targeting government and financial institutions are growing in frequency and sophistication. With a long-standing focus on secure authentication mechanism, MSC Trustgate helps government and financial institutions implement secure MFA for transactions across various applications and multiple access channels.

MFA is an authentication platform that supports the use of more than one verification methods. It enhances the security of identity verification for online transactions. MFA delivers a secure, scalable, reliable and centralized authentication and management platform to provide identity theft protection and protection from phishing attacks. MFA authentication scheme typically must include two of the three schemes: something the user knows (e.g. PIN), something the user has (e.g. Token), something the user is (e.g. Digital Identity).

Internet applications can leverage on MSC Trustgate’s MFA platform to verify the credentials of users via multiple form factors such as User-Password, SMS-OTP (One Time Password), FIDO (Fast ID On-Line), Mobile OTP, OCRA Token and QR code. MSC Trustgate’s MFA can effectively mitigate risk for online access or transaction to enable true efficiency and satisfying customers’ complex requirement.

Adaptive Intelligent System

One of the key features of MFA platform is transparently monitoring user behaviour to identify anomalies and then calculate the risk associated with a particular request or transaction in real-time. It has the ability to increase the strength of authentication based on real-time risk of customer behaviour, rather than forcing all users to authenticate based on static policy.

Benefits of MFA

  • Fully Automated
  • Drastically reduces the time and cost of provisioning, administration and management of users and tokens

  • Omni Channel Support
  • Supports an omni channel user experience – one device can become the authenticator for a range of digital channels

  • Low Cost of Ownership
  • Substantially reduces the total cost of operation compared to traditional strong authentication environments

Comparison between MFA and SMS OTP

Secure High Low
Device Profiling Yes No
Private Key Ownership Yes No
Support Digital Certificate Yes No
Transact While Oversea Yes No
Man in the Middle Attack Yes No
Cost Per Transaction Per Transaction
Scalable and Adaptable Yes No
Quick and Simple Deployment Yes No

MyTrust Signer

Digitally signing a document has been made easy, efficient and secure by the prevailing electronic document software such as Adobe® that supports the authentication of digital data based on public key infrastructure (PKI) technologies. With digital signature, many companies have adopted electronic documents in place of paper documents where traditional pen-and ink signatures were used.

MSC Trustgate’s digitally signature platform complies with the Digital Signatures Act 1997/98 of Malaysia and other international standard, making digitally signed documents legally binding and non-repudiable. Recipients can be confident and assured that the digitally signed document has not been altered and it has been signed by someone that the recipients trusted.

Why MyTrust Signer?

  • Prevalent Adoption of E-Document
  • 90% per of business records created are electronic

  • Convenient
  • Can access anytime and anywhere, easy tracking search and retrieve, which is crucial for time-sensitive cases

  • Cost Saving
  • Eliminating paper based approval processes, Reduce the amount of physical storage required for paper documents

  • Authenticity and Integrity
  • Assure that the content has not been changed or tampered with since it was digitally signed

  • Non-Repudiation
  • Documents are digitally signed and legally binding

Features of of MyTrust Signer

  • Individual document signing (Smart Card / USB Token) or bulk signing of corporate documents (HSM Certificates)
  • SHA 256 support
  • Revocation checking on signing certificates
  • Time Stamping
  • QR-Code embedded for signature verification

Sample of Signed PDF document

Public Key Infrastructure Implementation Services

As Malaysia’s premier licensed Certification Authority, MSC Trustgate not merely consults but offers a hands-on day-to-day experience as a CA for managed/outsource Public Key Infrastructure - based on our annually WebTrust Principles and Criteria for Certificate Authorities audit data centre, housed in the broadband MSC corridor in Cyberjaya, with repository, revocation and key escrow services. Our Certificate Practice Statement includes highest liability level to ensure premium trusted services.

Leverage the opportunities of either an independent/private in-house or a fully outsource-PKI solution and optimize application integration across the enterprise network.

To handle high volumes of users, enable on growth and ensure 24x7 operations business critical intranets and Web sites, enterprises need a public key infrastructure built for performance, scalability and availability.

Security Consultancy Services

Security plays an important role for distributed heterogeneous and mission critical applications valuable business resources that are accessible over the network need to be protected against misuse to ensure the business runs smoothly.

As a trusted authority in Malaysia, we bring you the full spectrum of security solutions to help you build a solid, secure and trusted environment for your organization. Our services include vulnerability scanning, security assessment, security architecture design, intrusion prevention, security audit and consultancy. Our consultants have extensive experience in implementing IT security and our Security Management framework (SMF) conforms to SAS 70 standard. We delivers to you an effective security infrastructure that not only help you protect your network from attacks, but also save you time and money from having to constantly react to security problem.

TG Signer – Your preferred Document Signing Platform

TG Signer is a complete solution for document approval workflows, advanced digital signatures and document status tracking. It is designed to quickly optimise the way businesses deliver, review, approve and sign their business documents.

Paper-based ink signing is no longer an effective tool for document approval in today’s competitive digital business environment. Implementing digital signatures services through TG Signer delivers value on many fronts:

  • Increases process efficiency – shorten your sales cycle by signing online & reduce customer drop- off rates when waiting for ink signatures; free your staff to do core business rather than chase paper.

  • Cutpaper-related costs – printing, couriering, faxing, scanning, searching for paper documents & archiving are all time-consuming and expensive processes. On top of this ink signatures are insecure which can lead to fraud, compliance failure costs, heavy fines & reputation damage.

  • Increase security – ensure the digital identities of your transacting parties are verified securely and signed documents are cryptographically locked from unauthorised change; ensure legal certainty using an undisputable evidence trail.

  • Eliminate errors and re-work – by putting the approval process online Tg Signer can prevent documents from being submitted with missing signatures, initials or incomplete form fields.

  • Increase visibility – track the true status of your documents, know with certainty that your documents were indeed received, reviewed and signed by each signatory with the exact date/time each action was performed based on trusted time server.

  • Provide a great user experience – make life simpler and save time for your customers, employees & business partners by doing business smartly. Demonstrate your digital security innovativeness and ultimately increasing your brand loyalty.

Why TG Signer?

Making the process of applying & verifying advanced digital signatures extremely easy. This is the key to high user adoption - the process must be simple, quick, seamless and enjoyable experience! TG Signer users can review and sign documents from any location, on any device and at any time. Documents are synched across multiple devices so that the latest information is always available.

Utilising the most advanced cryptographic security in innovative ways to minimise the complexity for users. As a result TG Signer can produce the strongest level EU Qualified Signatures that are verifiable and legally enforceable for the long-term. You no longer have to choose between security or ease of use - have both!

Integrating & embedding the TG Signer functionality easily within your own business application web pages using the high-level API so that you remain in complete control of the branding and the user experience.

Flexible deployment - choose between TG Signer Enterprise for an on-premise deployment, our public TG Signer Cloud service or a privately hosted cloud service.

Providing a complete out of the box e-Trust infrastructure, including Certificate Authority (CA), real- time Validation Authority (VA) and Time Stamp Authority (TSA) servers. No other single solution globally can offer this level of functionality! Existing enterprise, internet or national level trust service providers can also be registered as trust anchors. Adobe CDS and AATL based signatures are fully supported for automatic trust in Adobe Reader.

TG Signer digital signatures can provide Legal enforceability, traceability & accountability by providing strong evidence that electronic documents are 100% protected and signed by a particular person at a specific date & time and without any document changes occurring.

Some of the Features:

Multiple User Authentication Options

Document Signing Process

Web and Mobile Interface

Properties of Digital Signatures

Signer authentication - Proof of who actually signed the document. i.e. digital signatures linking the user’s signature to an actual identifiable entity.

Data integrity - Proof that the document has not been changed since signing. The digital signature depends on every binary bit of the document and therefore can’t be re-attached to any other document.

Non-repudiation - The signer should not be able to falsely deny having signed. That is, it should be possible to prove in a court that the signer in fact created the signature. Comply to Digital Signature Act 1997.

Date and Time Stamping Service


MSC Trustgate's trusted timestamping Software as s Service (SaaS) provides a low cost and easy method to apply RFC 3161 trusted timestamps to time-sensitive transactions through Malaysia Standard Time (MST) and UTC (Coordinated Universal Time) sources. MSC Trustgate timestamping service helps organizations reduce potential liability associated with time-sensitive transactions by providing a long term validation and non-repudiation of the time and date the transaction took place using standards-based implementation that is easily recognizable and compatible.

Adding a trusted timestamp to code or an electronic signature provides a digital seal of data integrity and a trusted date and time of when the transaction took place. Recipients of documents and code with a trusted timestamp can verify when the document or code was digitally or electronically signed, as well as verify that the document or code was not altered after the date the timestamp vouches for.

Features and Benefits:

  • Quick and easy to set up with no technical expertise required
  • Recognized and compatible with most systems and applications, including Microsoft and Adobe
  • RFC 3161 compliant with strong 256-bit hash algorithm
  • Verifies when the document/data was signed and that it has not been altered
  • Produces legally admissible, secure non-repudiation signatures
  • SaaS-based model means MSC Trustgate manages all maintenance, security, and audits

Products Related to Timestamping