Legal

DSA Registers

Licensed Certification Authorities
Register Of Certification Authority Licenses

  1. Pos Digicert Sdn Bhd
  2. MSC Trustgate Sdn Bhd
  3. TM Technology Services Sdn Bhd
  4. Raffcomm Technologies Sdn Bhd

Certificate Of Recognition For A Date/Time Stamp Service
Register Of Certification Date/Time Stamp Services (Regulation 70)

  1. Pos Digicert Sdn Bhd
  2. MSC Trustgate Sdn Bhd
  3. Raffcomm Technologies Sdn Bhd

Certificate Of Recognition For A Repositories
Register Of Certification Recognized Repositories

  1. Pos Digicert Sdn Bhd
  2. MSC Trustgate Sdn Bhd
  3. TM Technology Services Sdn Bhd
  4. Raffcomm Technologies Sdn Bhd

Register Of Qualified Auditors

  1. PricewaterhouseCoopers (AF1146)
  2. Ernst & Young
  3. Baker Tilly MH Consulting Sdn Bhd

The Malaysian Communications and Multimedia Commission (MCMC) took over the role of the Controller of Certification Authorities after the amendment of Digital Signature Act 1997 on 1st November 2001. Under the Act and its subsidiary legislations, there are five matters required to be registered. They are:

Licensed Certification Authority

The function of a licensed certification authority is to issue to a subscriber upon application and upon satisfaction of the licensed certification authority's requirements as to the identity of the subscriber to be listed in the certificate and upon payment of the prescribed fees and charges.

Licensed certification authority, before issuing any certificate, must take all reasonable measures to check for proper identification of the subscriber to be listed in the certificate.

The licensing of certification authorities is obligatory under the Digital Signature Act 1997.

The MCMC issues two stages of licenses for certification authorities:

  1. The establishment stage; and
  2. The operation stage.

The MCMC issues the establishment stage license for a period of not exceeding one year. During the period, a person has to fulfill all licensing requirements and may apply for the operation stage.

A person is only allowed to carry on or operate as a licensed certification authorities until that person has been issued with the operation stage of the license.

Qualification Requirements

A person intending to carry on or operate as a certification authority must satisfy the following requirements:

  1. It is a body corporate incorporated in Malaysia or a partnership within the meaning of the Partnership Act 1961;
  2. It maintains a registered office in Malaysia; 
  3. It has a working capital reasonably sufficient, according to the requirement of the Commission, to enable it to carry on or operate as a certification authority;  
  4. It files with the Commission a suitable guarantee; 
  5. It uses a trustworthy system for the generation and management of key pairs and certificates; 
  6. It uses an approved digital signature scheme for the generation of key pairs and for the creation and verification of digital signatures; 
  7. It has an operating procedure that includes a certification practice statement, the measures to be taken to check the identity of subscribers to be listed in certificates, and the repositories and date/time stamp services to be used;
  8. It employs as operative personnel only persons who;
    • Have not been convicted within the past 15 years of an offence involving fraud, false statement or deception; and
    • Have demonstrated knowledge and proficiency in following the requirement of the Act and its Regulations; 
    • It complies with the licensing, standards and technical requirements under the Act and its Regulation; and 
    • It complies with such other requirement as the Commission thinks fit.

  1. A person fills in Form 1;
  2. A person must provide the following information for the establishment stage:
    • The particular of the applicant
    • The anticipated operational costs and proposed financing;
    • Details of the personnel to be employed and their qualifications, if available;
    • The proposed operating procedure; and
    • The services to be provided and the fees and charges to be imposed thereof.
  3. A person must provide the following information for the operation stage:
    • All valid information submitted for the establishment stage;
    • All new information and all the changes to the information submitted for the establishment stage, if any;
    • A suitable guarantee; and
    • A report from a qualified auditor certifying that the prescribed licensing, standards and technical requirements have been satisfied. 
  4. The prescribed fee; and
  5. Such other information or document as the Commission may require.

Certificate Of Recognition For A Repository

The repository service is important and critical to the operation of an open Public Key Infrastructure. The development of robust and easily accessible repository service is a crucial mechanism to maintain the quality of certification authority services. Typically, a repository will contain the licensed certification authorities’ disclosure records, certificates, the most recent Certificate Revocation List (CRL), other suspension or revocation information and other information about certification practices.

Recognized Repositories

The MCMC issues a certificate of recognition for a repository in two stages:

  1. The establishment stage; and
  2. The operation stage.

The MCMC issues the establishment stage certificate for a period of not exceeding one year. During the period, a person has to fulfill all the certification requirements and may apply for the operation stage.

A person is only allowed to carry on or operate as a recognized repository until that person has been issued with the operation stage certificate.

Qualification Requirements

A person intending to carry on or operate as a repository must satisfy the following requirements:

  1. It is a body corporate incorporated in Malaysia or a partnership within the meaning of the Partnership Act 1961 [Act 135];It maintains a registered office in Malaysia; It has a working capital reasonably sufficient, according to the requirement of the Commission, to enable it to conduct business as a Repository; It employs as operative personnel only persons who:
  2. Have not been convicted within the past fifteen years of an offence involving fraud, false statement or deception; andHave demonstrated knowledge and proficiency in following the requirement of the Act and its Regulations;
  3. The repository includes a date base that is capable of containing:
  4. Certification Authority disclosure records for licensed Certification Authority;
  5. Certificates to be published in the repository;
  6. Notices of suspended or revoked certificates to be published by a licensed certification authority or any person suspending or revoking certificates;
  7. Notice of termination of suspension of certificates to be published by a licensed certification authority or any person suspending certificates;
  8. Advisory statements, written defenses thereto and decisions made by the Commission thereon to be published by the Commission under the Act and its Regulations; and
  9. Such other information as the Commission thinks fit;
     
  10. It operates by means of a trustworthy system;
  11. The repository contains no significant amount of information that the Commission finds is known or likely to be untrue, in accurate or not reasonably reliable;
  12. The repository contains certificates published by certification authorities that are required to conform to rules of practice that are similar to or more stringent that the requirement of the Act and its Regulations;
  13. It keeps and maintains an archive of certificates that have been suspended or revoked, or that have been expired at least he preceding ten years;
  14. It complies with the certification, standards and technical requirements under the Act and its Regulation; and
  15. It complies with such other requirement as the Commission thinks fit.

  1. Content 1

    A way of vouching the exact time when a computer record (messages, document, or even digital signatures) was created or last modified is by using a digital date/time stamping system. A digital date/time stamp is basically a cryptographically non-forgeable digital declarations which can be used as evidence of the date and time a computer record was created. The date/time stamp can be attached to a digital signature, message or other document if required by any written law.

    Recognized Date/Time Stamp Services

    The Commission issues a certificate of recognition for a date/time stamp service in two stages:

    1. The establishment stage; and
    2. The operation stage.

    The Commission issues the establishment stage certificate for a period of not exceeding one year. During the period, a person has to fulfill all the certification requirements and may apply for the operation stage.

    A person is only allowed to carry on or operate as a recognized date/time stamp service until that person has been issued with the operation stage certificate.

    Qualification Requirements

    A person intending to carry on or operate as a repository must satisfy the following requirements:

    1. It is a body corporate incorporated in Malaysia or a partnership within the meaning of the Partnership Act 1961 [Act 135];
    2.  It maintains a registered office in Malaysia;
    3. It has a working capital reasonably sufficient, according to the requirement of the Commission, to enable it to conduct business as a Repository;
    4. It employs as operative personnel only persons who:
      • Have not been convicted within the past fifteen years of an offence involving fraud, false statement or deception; and
      • Have demonstrated knowledge and proficiency in following the requirement of the Act and its Regulations;
    5. It operates by means of a trustworthy system;
    6. It uses a reasonably secure and tamper-proof mechanism as it’s time-stamping device;
    7. It keeps and maintains an archive of documents that have been time-stamped, irrespective that the contents of the document itself are not disclosed, within at least the preceding ten years;
    8. It complies with the certification, standards and technical requirements under the Act and its Regulation; and
    9. It complies with such other requirement as the Commission thinks fit.

  1. A person fills in Form 1
  2. For the establishment stage, a person must provide the following information:
    • The particular of the applicant
    • The anticipated operational costs and proposed financing;
    • Details of the personnel to be employed and their qualifications, if available;
    • The proposed operating procedure; and
    • The services to be provided and the fees and charges to be imposed thereof.
  3. For the operation stage, a person must provide the following information
    • All valid information submitted for the establishment stage;
    • All new information and all the changes to the information submitted for the establishment stage, if any; and
    • A report from a qualified auditor certifying that the prescribed certification, standards and technical requirements have been satisfied. 
  4. The prescribed fee; and
  5. Such other information or document as the Commission may require.

Recognition Of Foreign Certification Authority

The Commission may recognize by order of published in the Gazette, certification authorities licensed or otherwise authorized by governmental entities outside Malaysia. A certificate issued by recognized foreign certification authorities has the same effect as a certificate issued by a licensed certification authority of Malaysia.

Criteria For Recognition Of Foreign Certification Authorities

  1. A foreign certification authority is eligible for recognition if an international treaty, agreement or convention concerning the recognition of its certificates has been concluded to which Malaysia is a party;
  2. It must be licensed or otherwise authorized by the relevant governmental entity in that country to carry on or operate as a certification authority in that country;
  3. The certificate issued by the foreign certification authority demonstrates a level of security equal to or more stringent than the level of security of a certificate issued by a licensed certification authority in Malaysia;
  4. It has established a local agent for service of process in Malaysia;
  5. It complies with the standards and technical requirements under the Act and its Regulations; and
  6. It complies with such other requirements as the Commission thinks fit
  7. Application for the Recognition of a Foreign Certification Authority.

Application For Recognition Of Foreign Certification Authorities

  1. A foreign certification authority must apply in writing to the Commission for the recognition.
  2. The application above must be accompanied by the following documents:
  3. Proof that the criteria for recognition of foreign certification authorities have been satisfied, including a report from a qualified auditor certifying that the prescribed standards and technical requirements have been satisfied;
  4. The prescribed fee; and
  5. Such other information or document as the Commission may require.

  1. Content 1
    Application for licensed certification authority 
    Establishment Stage RM 2,500.00
    Operation Stage RM 2,500.00
    Granting Fee RM30,000.00
    Annual Operating Fee RM 2,500.00
    Renewal of license RM 2,500.00
    Transfer of license RM 2,500.00
    Recognition of Repository / Date / Time Stamp Service Fee Structure
    Establishment Stage RM 2,500.00
    Annual Operating Fee RM 2,500.00
    Operation Stage RM 2,500.00
    Granting Fee RM30,000.00
    Annual Operating Fee RM 2,500.00 
    Renewal of Certificate of Recognition RM30,000.00
    Recognition of foreign certification authority RM 2,500.00

1. Pos Digicert Sdn Bhd (457608-K)
No 8-3A-02 Star Central
Lingkaran Cyberpoint Timur
63000 Cyberjaya
Selangor Darul Ehsan

Licence No: LPBP-1/2020(4)
Issuing date: 25 December 2020
Expiry date: 24 December 2025

Tel: +603 8800 6000
www.posdigicert.com.my
Disclosure Record
Annual Compliance Audit Report 

2. MSC Trustgate.Com Sdn Bhd (478231-X)
Suite 2-9, Level 2 Block 4801
CBD Perdana
Jalan Perdana
63000 Cyberjaya
Selangor

Licence No: LPBP-2/2020(4)
Issuing date: 25 July 2020
Expiry date: 24 July 2025

Tel: +603 8318 1800
Fax: +603 8319 1800
www.msctrustgate.com
Disclosure Record
Annual Compliance Audit Report

3. Telekom Applied Business Sdn Bhd (455343-U)
Level 15, Menara TM ONE,
No.1, Jalan Damansara,
60000 Kuala Lumpur.

Licence No: LPBP-3/2021(2)
Issuing date: 1 August 2021
Expiry date: 31 July 2024

Tel: +603 2241 4917/+6013 399 9398
https://www.tmca.com.my/
Disclosure Record
Annual Compliance Audit Report

4. Raffcomm Technologies  Sdn Bhd (1000449-W)
Lot 32.02 Level 32
Sunway Putra Tower
100, Jalan Putra
50350 Kuala Lumpur 

Licence No: LPBP-4/2021 (1)
Issuing date: 1 May 2021
Expiry date: 30 April 2024


Tel: +603 4040 0091
Fax: +603 4040 0095
www.rafftech.my
Disclosure Record
Annual Compliance Audit Report

1. Pos Digicert Sdn Bhd (457608-K)
No 8-3A-02 Star Central
Lingkaran Cyberpoint Timur
63000 Cyberjaya
Selangor Darul Ehsan

Certificate No: PPR-1/2020(4)
Issuing date: 25 December 2020
Expiry date: 24 December 2025

Tel: +603 8800 6000
www.posdigicert.com.my
Disclosure Record
Annual Compliance Audit Report 

2. MSC Trustgate.Com Sdn Bhd (478231-X)
Suite 2-9, Level 2 Block 4801
CBD Perdana
Jalan Perdana
63000 Cyberjaya
Selangor

Licence No: PPR-2/2020(4)
Issuing date: 25 July 2020
Expiry date: 24 July 2025

Tel: +603 8318 1800
Fax: +603 8319 1800
www.msctrustgate.com
Disclosure Record
Annual Compliance Audit Report

3. Telekom Applied Business Sdn Bhd (455343-U)
Level 15, Menara TM ONE,
No. 1, Jalan Damansara,
60000 Kuala Lumpur.

Certificate No: PPR-3/2021(2)
Issuing date: 1 August 2021
Expiry date: 31 July 2024

Tel: +603 2241 4917 / +6013 399 9398
https://www.tmca.com.my/
Disclosure Record
Annual Compliance Audit Report

4. Raffcomm Technologies  Sdn Bhd (1000449-W)
Lot 32.02 Level 32
Sunway Putra Tower
100, Jalan Putra
50350 Kuala Lumpur 

Licensed No: PPR-4/2021 (1)
Issuing date: 1 May 2021
Expiry date: 30 April 2024


Tel: +603 8686 1230
Fax: +603 8686 1231
www.rafftech.my

1. Pos Digicert Sdn Bhd (457608-K)
No 8-3A-02 Star Central
Lingkaran Cyberpoint Timur
63000 Cyberjaya
Selangor Darul Ehsan

Certificate No: PPTM-1/2020 (1)
Issuing date: 25 December 2020
Expiry date: 24 December 2025

Tel: +603 8800 6000
www.posdigicert.com.my

2. MSC Trustgate.Com Sdn Bhd (478231-X)
Suite 2-9, Level 2 Block 4801
CBD Perdana
Jalan Perdana
63000 Cyberjaya
Selangor

Certificate No: PPTM-2/2021(1)
Issuing date: 25 July 2021
Expiry date: 24 July 2024

Tel: +603 8318 1800
Fax: +603 8319 1800
www.msctrustgate.com

3. Raffcomm Technologies  Sdn Bhd (1000449-W)
Lot 32.02 Level 32
Sunway Putra Tower
100, Jalan Putra
50350 Kuala Lumpur 

Licensed No: PPTM-3/2021 (1)
Issuing date: 1 May 2021
Expiry date: 30 April 2024


Tel: +603 4040 0091
Fax: +603 4040 0095
www.rafftech.my

 

None

Related Content
Share this article
Follow