Legal

Consumer Complaints Bureau

Problems

with your service?
To learn more, click here

Did you know?


SKMM is the regulator for postal services in Malaysia.

The Postal Services Act 1991 seeks SKMM to ensure the high quality conveyance of Postal articles and to protect the interest of users of postal services.


The National Postal Strategy sets out a roadmap for the Malaysian postal and courier sector 

to maintain the relevance of the sector in the overall development of the nation.

Register of Assignments

Magic Map

Want to know what's around you? Check out Magic Map

Event Calendar

  • MCMC
  • KPKK
  • MCMC Regional
  • Public Holidays

Quick Links

Home > Legal > Registers > DSA Registers

DSA Registers

Certifications

Licensed Certification Authority
Register Of Certification Authority Licenses

  1. Digicert Sdn Bhd
  2. MSC Trustgate Sdn Bhd
  3. Telekom Applied Business Sdn Bhd

Certificate Of Recognition For A Date/Time Stamp Service
Register Of Certification Recognized Date/Time Stamp Services (Regulation 70)

  1. MSC Trustgate Sdn Bhd
  2. Telekom Applied Business Sdn Bhd

Certificate Of Recognition For A Repository
Register Of Certification Recognized Repositories

  1. Digicert Sdn Bhd
  2. MSC Trustgate Sdn Bhd
  3. Telekom Applied Business Sdn Bhd

Register Of Qualified Auditors

  1. Mr. Lim Huck Hai of BDO Binder
  2. Ms Ong Ai Lin of PricewaterhouseCoopers (PWC)
  3. Ms. Susanna Lim Saw Keng of Ernst & Young
  4. Mr. Simon Kua Choo Kai of Ernst & Young
  5. Mr. Marc Sel of PWC
  6. Ms. Gloria Goh Ewe Gim of Ernst and Young

Register under the Digital Signature Act 1997

The Malaysian Communications and Multimedia Commission (MCMC) took over the role of the Controller of Certification Authorities after the amendment of Digital Signature Act 1997 on 1st November 2001. Under the Act and its subsidiary legislations, there are five matters required to be registered. They are:

Licensed Certification Authority

The function of a licensed certification authority is to issue to a subscriber upon application and upon satisfaction of the licensed certification authority's requirements as to the identity of the subscriber to be listed in the certificate and upon payment of the prescribed fees and charges.

Licensed certification authority, before issuing any certificate, must take all reasonable measures to check for proper identification of the subscriber to be listed in the certificate.

The licensing of certification authorities is obligatory under the Digital Signature Act 1997.

The MCMC issues two stages of licenses for certification authorities:

  1. The establishment stage; and
  2. The operation stage.

The MCMC issues the establishment stage license for a period of not exceeding one year. During the period, a person has to fulfill all licensing requirements and may apply for the operation stage.

A person is only allowed to carry on or operate as a licensed certification authorities until that person has been issued with the operation stage of the license.

Qualification Requirements

A person intending to carry on or operate as a certification authority must satisfy the following requirements:

  1. It is a body corporate incorporated in Malaysia or a partnership within the meaning of the Partnership Act 1961;
  2. It maintains a registered office in Malaysia; 
  3. It has a working capital reasonably sufficient, according to the requirement of the Commission, to enable it to carry on or operate as a certification authority;  
  4. It files with the Commission a suitable guarantee; 
  5. It uses a trustworthy system for the generation and management of key pairs and certificates; 
  6. It uses an approved digital signature scheme for the generation of key pairs and for the creation and verification of digital signatures; 
  7. It has an operating procedure that includes a certification practice statement, the measures to be taken to check the identity of subscribers to be listed in certificates, and the repositories and date/time stamp services to be used;
  8. It employs as operative personnel only persons who;
    • Have not been convicted within the past 15 years of an offence involving fraud, false statement or deception; and
    • Have demonstrated knowledge and proficiency in following the requirement of the Act and its Regulations; 
    • It complies with the licensing, standards and technical requirements under the Act and its Regulation; and 
    • It complies with such other requirement as the Commission thinks fit.

Application For Certification Authority License

  1. A person fills in Form 1;
  2. A person must provide the following information for the establishment stage:
    • The particular of the applicant
    • The anticipated operational costs and proposed financing;
    • Details of the personnel to be employed and their qualifications, if available;
    • The proposed operating procedure; and
    • The services to be provided and the fees and charges to be imposed thereof.
  3. A person must provide the following information for the operation stage:
    • All valid information submitted for the establishment stage;
    • All new information and all the changes to the information submitted for the establishment stage, if any;
    • A suitable guarantee; and
    • A report from a qualified auditor certifying that the prescribed licensing, standards and technical requirements have been satisfied. 
  4. The prescribed fee; and
  5. Such other information or document as the Commission may require.

Certificate Of Recognition For A Repository

The repository service is important and critical to the operation of an open Public Key Infrastructure. The development of robust and easily accessible repository service is a crucial mechanism to maintain the quality of certification authority services. Typically, a repository will contain the licensed certification authorities’ disclosure records, certificates, the most recent Certificate Revocation List (CRL), other suspension or revocation information and other information about certification practices.

Recognized Repositories

The MCMC issues a certificate of recognition for a repository in two stages:

  1. The establishment stage; and
  2. The operation stage.

The MCMC issues the establishment stage certificate for a period of not exceeding one year. During the period, a person has to fulfill all the certification requirements and may apply for the operation stage.

A person is only allowed to carry on or operate as a recognized repository until that person has been issued with the operation stage certificate.

Qualification Requirements

A person intending to carry on or operate as a repository must satisfy the following requirements:

  1. It is a body corporate incorporated in Malaysia or a partnership within the meaning of the Partnership Act 1961 [Act 135];It maintains a registered office in Malaysia; It has a working capital reasonably sufficient, according to the requirement of the Commission, to enable it to conduct business as a Repository; It employs as operative personnel only persons who:
  2. Have not been convicted within the past fifteen years of an offence involving fraud, false statement or deception; andHave demonstrated knowledge and proficiency in following the requirement of the Act and its Regulations;
  3. The repository includes a date base that is capable of containing:
  4. Certification Authority disclosure records for licensed Certification Authority;
  5. Certificates to be published in the repository;
  6. Notices of suspended or revoked certificates to be published by a licensed certification authority or any person suspending or revoking certificates;
  7. Notice of termination of suspension of certificates to be published by a licensed certification authority or any person suspending certificates;
  8. Advisory statements, written defenses thereto and decisions made by the Commission thereon to be published by the Commission under the Act and its Regulations; and
  9. Such other information as the Commission thinks fit;
     
  10. It operates by means of a trustworthy system;
  11. The repository contains no significant amount of information that the Commission finds is known or likely to be untrue, in accurate or not reasonably reliable;
  12. The repository contains certificates published by certification authorities that are required to conform to rules of practice that are similar to or more stringent that the requirement of the Act and its Regulations;
  13. It keeps and maintains an archive of certificates that have been suspended or revoked, or that have been expired at least he preceding ten years;
  14. It complies with the certification, standards and technical requirements under the Act and its Regulation; and
  15. It complies with such other requirement as the Commission thinks fit.

Certificate Of Recognition For A Date Service

A way of vouching the exact time when a computer record (messages, document, or even digital signatures) was created or last modified is by using a digital date/time stamping system. A digital date/time stamp is basically a cryptographically non-forgeable digital declarations which can be used as evidence of the date and time a computer record was created. The date/time stamp can be attached to a digital signature, message or other document if required by any written law.

Recognized Date/Time Stamp Services

The Commission issues a certificate of recognition for a date/time stamp service in two stages:

  1. The establishment stage; and
  2. The operation stage.

The Commission issues the establishment stage certificate for a period of not exceeding one year. During the period, a person has to fulfill all the certification requirements and may apply for the operation stage.

A person is only allowed to carry on or operate as a recognized date/time stamp service until that person has been issued with the operation stage certificate.

Qualification Requirements

A person intending to carry on or operate as a repository must satisfy the following requirements:

  1. It is a body corporate incorporated in Malaysia or a partnership within the meaning of the Partnership Act 1961 [Act 135];
  2.  It maintains a registered office in Malaysia;
  3. It has a working capital reasonably sufficient, according to the requirement of the Commission, to enable it to conduct business as a Repository;
  4. It employs as operative personnel only persons who:
    • Have not been convicted within the past fifteen years of an offence involving fraud, false statement or deception; and
    • Have demonstrated knowledge and proficiency in following the requirement of the Act and its Regulations;
  5. It operates by means of a trustworthy system;
  6. It uses a reasonably secure and tamper-proof mechanism as it’s time-stamping device;
  7. It keeps and maintains an archive of documents that have been time-stamped, irrespective that the contents of the document itself are not disclosed, within at least the preceding ten years;
  8. It complies with the certification, standards and technical requirements under the Act and its Regulation; and
  9. It complies with such other requirement as the Commission thinks fit.

Application For Certification Of Recognition For Date/Time Stamp Services

  1. A person fills in Form 1
  2. For the establishment stage, a person must provide the following information:
    • The particular of the applicant
    • The anticipated operational costs and proposed financing;
    • Details of the personnel to be employed and their qualifications, if available;
    • The proposed operating procedure; and
    • The services to be provided and the fees and charges to be imposed thereof.
  3. For the operation stage, a person must provide the following information
    • All valid information submitted for the establishment stage;
    • All new information and all the changes to the information submitted for the establishment stage, if any; and
    • A report from a qualified auditor certifying that the prescribed certification, standards and technical requirements have been satisfied. 
  4. The prescribed fee; and
  5. Such other information or document as the Commission may require.

Recognition Of Foreign Certification Authority

The Commission may recognize by order of published in the Gazette, certification authorities licensed or otherwise authorized by governmental entities outside Malaysia. A certificate issued by recognized foreign certification authorities has the same effect as a certificate issued by a licensed certification authority of Malaysia.

Criteria For Recognition Of Foreign Certification Authorities

  1. A foreign certification authority is eligible for recognition if an international treaty, agreement or convention concerning the recognition of its certificates has been concluded to which Malaysia is a party;
  2. It must be licensed or otherwise authorized by the relevant governmental entity in that country to carry on or operate as a certification authority in that country;
  3. The certificate issued by the foreign certification authority demonstrates a level of security equal to or more stringent than the level of security of a certificate issued by a licensed certification authority in Malaysia;
  4. It has established a local agent for service of process in Malaysia;
  5. It complies with the standards and technical requirements under the Act and its Regulations; and
  6. It complies with such other requirements as the Commission thinks fit
  7. Application for the Recognition of a Foreign Certification Authority.

Application For Recognition Of Foreign Certification Authorities

  1. A foreign certification authority must apply in writing to the Commission for the recognition.
  2. The application above must be accompanied by the following documents:
  3. Proof that the criteria for recognition of foreign certification authorities have been satisfied, including a report from a qualified auditor certifying that the prescribed standards and technical requirements have been satisfied;
  4. The prescribed fee; and
  5. Such other information or document as the Commission may require.

Digital Signature License Fee Structure

Application for licensed certification authority 
Establishment Stage RM 2,500.00
Operation Stage RM 2,500.00
Granting Fee RM30,000.00
Annual Operating Fee RM 2,500.00
Renewal of license RM 2,500.00
Transfer of license RM 2,500.00
Recognition of Repository / Date / Time Stamp Service Fee Structure
Establishment Stage RM 2,500.00
Annual Operating Fee RM 2,500.00
Operation Stage RM 2,500.00
Granting Fee RM30,000.00
Annual Operating Fee RM 2,500.00 
Renewal of Certificate of Recognition RM30,000.00
Recognition of foreign certification authority RM 2,500.00

List of Licensed Certification Authorities

  1. Digicert Sdn Bhd (457608-K)
    No 3-20 & 3-22 Jalan Jalil Perkasa 14
    Aked Esplanad, Bukit Jalil
    57000 Kuala Lumpur

    Licence No: LPBP-2/2010-(2)
    Issuing date: 25 Dec 2010
    Expiry date: 24 Dec 2015

    Tel: +603 8992 8800
    Fax: +603 8992 8810
    www.digicert.com.my
     
  2. MSC Trustgate.Com Sdn Bhd (478231-X)
    Suite 2-9, Level 2 Block 4801
    CBD Perdana
    63000 Cyberjaya
    Selangor

    Licence No: LPBP-2/2010(1)
    Issuing date: 25 July 2010
    Expiry date: 24 July 2015

    Tel: +603 8318 1800
    Fax: +603 8319 1800
    www.msctrustgate.com
     
  3. Telekom Applied Business Sdn Bhd (455343-U)
    16th Floor Tower 2 Faber Towers
    Jalan Desa Bahagia, Taman Desa
    58100 Kuala Lumpur

    Licence No: LPBP-3/2013
    Issuing date: 1 April 2013
    Expiry date: 31 Mac 2018

    Tel: +603 7984 4989
    Fax: +603 7980 1605
    www.tab.com.my
     

List of Recognized Repositories

  1. Digicert Sdn Bhd (457608-K)
    No 3-20 & 3-22 Jalan Jalil Perkasa 14
    Aked Esplanad, Bukit Jalil
    57000 Kuala Lumpur

    License No: PPR-2/2010-(2)
    Issuing date: 25 Dec 2010
    Expiry date: 24 Dec 2015

    Tel: +603 8992 8800
    Fax: +603 8992 8810
    www.digicert.com.my
     
  2. MSC Trustgate.Com Sdn Bhd (478231-X)
    Suite 2-9, Level 2 Block 4801
    CBD Perdana
    Jalan Perdana
    63000 Cyberjaya
    Selangor

    License No: PPR-2/2010(1)
    Issuing date: 25 July 2010
    Expiry date: 24 July 2015

    Tel: +603 8318 1800
    Fax: +603 8319 1800
    www.msctrustgate.com
     
  3. Telekom Applied Business Sdn Bhd (455343-U)
    16th Floor Tower 2 Faber Towers
    Jalan Desa Bahagia, Taman Desa
    58100 Kuala Lumpur

    Licence No: PPR-3/2013
    Issuing date: 1 April 2013
    Expiry date: 31 Mac 2018

    Tel: +603 7984 4989
    Fax: +603 7980 1605
    www.tab.com.my

List of Recognized Date/Time Stamp Services

  1.  MSC Trustgate.Com Sdn Bhd (478231-X)
     Suite 2-9, Level 2 Block 4801
     CBD Perdana
     Jalan Perdana
     63000 Cyberjaya
     Selangor

              License No: PPR-2/2010(1)
              Issuing date: 25 July 2010
              Expiry date: 31 Dec  2012

              Tel: +603 8318 1800
              Fax: +603 8319 1800
              www.msctrustgate.com

        2.  Telekom Applied Business Sdn Bhd (455343-U)
             16th Floor Tower 2 Faber Towers
             Jalan Desa Bahagia, Taman Desa
             58100 Kuala Lumpur

             Licence No: PPTM-2/2013
             Issuing date: 1 April 2013
             Expiry date: 31 Mac 2018

             Tel: +603 7984 4989
             Fax: +603 7980 1605
             www.tab.com.my
 

List of Recognized Foreign Certification Authorities

None


Associate

It is the quality of the human capital that will determine if we can meet our aspirations of achieving a high value, and high income, economy by 2020. As we progress towards becoming a developed nation, we must do our part to equip fellow Malaysians with the skills and knowledge to succeed as a productive member of the knowledge-led economy.

Associate Links :

The listed links are for MCMC Staff ONLY

Industry

Malaysians are now more exposed to the various media platforms than in previous years. As the authority and custodian of the Communications and Multimedia Act 1998, Postal Services Act 2001 and Digital Signature Act 1997, the Commission’s functions and responsibilities are becoming increasingly more apparent and significant.

Services
References
Consumer

Back To Top