Malaysian Communications and Multimedia Commission
HomeTenders & NoticesCareer@MCMCMailing ListLinksFeedbackContact UsSitemapSearch
About Us
The Law
What We Do


Licensing
Certification & Certifying Agencies
Economic Regulation
Competition
Access to Facilities & Services
Technical Regulation
Spectrum Management
Numbering & Electronic Addressing
Tecnical Working Groups
Social Regulation
Quality of Service
Required Applications Service
Rate Regulation
Universal Service Provision
Information Network Security
Mandatory Standards
Industry Forums
Industry Development
International Activities
Pre-CMA 1998
Postal Services

For The Consumer
Facts & Figures
Newsdesk
Registers

  



What We Do

Licences under the Digital Signature Act 1997
Certificate of Recognition for a Repository

Introduction

The repository service is important and critical to the operation of an open Public Key Infrastructure. The development of robust and easily accessible repository service is a crucial mechanism to maintain the quality of certification authority services. Typically, a repository will contain the licensed certification authorities’ disclosure records, certificates, the most recent Certificate Revocation List (CRL), other suspension or revocation information and other information about certification practices.

Recognised Repositories

The MCMC issues a certificate of recognition for a repository in two stages:
a)   The establishment stage; and
b)   The operation stage.


The MCMC issues the establishment stage certificate for a period of not exceeding one year. During the period, a person has to fulfil all the certification requirements and may apply for the operation stage.

A person is only allowed to carry on or operate as a recognised repository until that person has been issued with the operation stage certificate.

Qualification Requirements

A person intending to carry on or operate as a repository must satisfy the following requirements:
a)   It is a body corporate incorporated in Malaysia or a partnership within the meaning of the Partnership Act 1961 [Act 135];
b)   It maintains a registered office in Malaysia;
c)   It has a working capital reasonably sufficient, according to the requirement of the Commission, to enable it to conduct business as a Repository;
d)  

It employs as operative personnel only persons who:

a. Have not been convicted within the past fifteen years of an offence involving fraud, false statement or deception; and

b. Have demonstrated knowledge and proficiency in following the requirement of the Act and its Regulations;

e)  

The repository includes a date base that is capable of containing:

a. Certification Authority disclosure records for licensed Certification Authority;

b. Certificates to be published in the repository;

c. Notices of suspended or revoked certificates to be published by a licensed certification authority or any person suspending or revoking certificates;

d. Notice of termination of suspension of certificates to be published by a licensed certification authority or any person suspending certificates;

e. Advisory statements, written defences thereto and decisions made by the Commission thereon to be published by the Commission under the Act and its Regulations; and

f. Such other information as the Commission thinks fit;

f)   It operates by means of a trustworthy system;
g)   The repository contains no significant amount of information that the Commission finds is known or likely to be untrue, in accurate or not reasonably reliable;
h)   The repository contains certificates published by certification authorities that are required to conform to rules of practice that are similar to or more stringent that the requirement of the Act and its Regulations;
i)   It keeps and maintains an archive of certificates that have been suspended or revoked, or that have been expired at least he preceding ten years;
j)   It complies with the certification, standards and technical requirements under the Act and its Regulation; and
k)   It complies with such other requirement as the Commission thinks fit.


Application for Certification of Recognition for Repositories
a)   A person fills in Form 1;
b)  

For the establishment stage, a person must provide the following information:

  • The particular of the applicant
  • The anticipated operational costs and proposed financing;
  • Details of the personnel to be employed and their qualifications, if available;
  • The proposed operating procedure; and
  • The services to be provided and the fees and charges to be imposed thereof.
c)  

For the operation stage, a person must provide the following information:

  • All valid information submitted for the establishment stage;
  • All new information and all the changes to the information submitted for the establishment stage, if any; and
  • A report from a qualified auditor certifying that the prescribed certification, standards and technical requirements have been satisfied.
d)   The prescribed fee; and
e)   Such other information or document as the Commission may require.

 
Quick Links
       
Communications & Multimedia Act 1998
Postal Services Act 1991
  Digital Signature Act 1997  
Digital Signature Regulations 1998
Communications & Multimedia (Licensing) Regulations 1999
Communications & Multimedia (Licensing) Regulations 2000
Communications & Multimedia (Licensing) (Amendment) Regulations 2001
Communications & Multimedia (Licensing) (Exemption) Order 2000
Register of Individual Licences
Register of Class Licences