What is the meaning of third party here? Is me, you or anyone? All wrong. Actually third party here means certificate authorities (CAs), who issue digital certificate to provide verification that your website does indeed represent your company.
Within so many company that provided third party certification program in Malaysia, the most famous one is the MSC Trustgate.com Sdn Bhd. MSC Trustgate.com Sdn Bhd was established in 1999 as a licensed Certification Authority (CA) operating out of the Multimedia Super Corridor in Malaysia under the Digital Signature Act 1997(DSA), a Malaysia law that sets a global precedent for the mandate of a CA. More information about MSC Trustgate pleace assess to http://www.msctrustgate.com/.
*Certification Authority (CA) is the body given the license to operate as a trusted third party in the issuance of digital certificates. Certification Authorities are an increasingly important component of electronic commerce.
Trustgate provides trusted and encryption technology that secure your online communication, hence protect your vital business information from prying eyes. Trustgate is the first Malaysian Internet trust solutions company authorized to offer 128-bit SSL Server ID that is now used in financial institutions, insurance companies, e-government, healthcare organizations and other online trading. Trustgate also provided other services such as SSL Certificate, Managed PKI, Personal ID, MyTRUST, MyKAD ID, SSL VPN, Managed Security Services, VeriSign Certified Training and Application Development.
*What is digital certificates?
According to MSC trustgate, digital signatures are like the hand signature in the digital world. It can ensure the integrity of the data. Digital certificate usually attach to an e-mail message or an embedded program in a web page that verifies that user or website is who they claim to be. The common functions of a digital certificate are user authentication, encryption and digital signatures. User authentication provides other security than using username and password. Its session management is stronger. Encryption can make the data transmission secured by using the information encrypted. The intended recipient of the data is only person to receive the message.
By using the digital certificate, the users will be able to make transaction on the internet without fear of having the personal data being stolen, information contaminated by third parties, and the transacting party denying any commercial commitment with the users. Furthermore, the digital certificates can assist the development of greater internet based activities.
Now I will like to talk about the services provided one by one.
First are the trust services. SysTrust and Webrust are registered Marks (branded services) of the CICA. These services are based on principles and criteria developed jointly by the American Institute of Certified Public Accountants (AICPA) and the CICA. These principles and Criteria are called the Trust Services Principles and Criteria. To buse these Marks, a practitioner will need to be licensed by the CICA.
The licensed practitioner provides a report that gives assurance attesting to an entity's compliance with some or all of the Trust Services Principles and Criteria. The client is then permitted to display the appropriate SysTrust oer WebTrust mark on its web site.
Second is the MyKad PKI. I think most of you already know what is MyKad. Yes, it is the Malaysian Identity card that introduce by Malaysia. Malaysian government has provided this smart National Identity Card (“MyKad”) for every citizen. MyKad with PKI capability allows its holder to conduct online transaction with government agencies and private sectors.
This PKI is also primarily develop by MSC Trustgate. MyKad now allowed Malaysia citizen to authenticate themselves online and to digitally sign documents or transactions with MyKey (The MyKad PKI solution that works with the physically MyKad) and is accepted by the Malaysian government.
The third is Secure Socket Layer (SSL), a protocol developed by Netscape for transmitting private documents via theInternet. SSL uses a cryptographic system that uses two keys to encrypt data − a public key known to everyone and a private or secret key known only to the recipient of the message. Both Netscape Navigator and Internet Explorer support SSL, and many Web sites use the protocol to obtain confidential user information, such as credit card numbers. By convention, URLs that require an SSL connection start with https: instead of http:.
Another protocol for transmitting data securely over the World Wide Web is Secure HTTP (S-HTTP). Whereas SSL creates a secure connection between a client and a server, over which any amount of data can be sent securely, S-HTTP is designed to transmit individual messages securely. SSL and S-HTTP, therefore, can be seen as complementary rather than competing technologies. Both protocols have been approved by the Internet Engineering Task Force (IETF) as a standard.
SSL can certificate enables encryption of sensitive information during online transaction. Each SSL certificate contains unique, authenticated information about the certificate owner. The users will be able to make transaction on the internet without fear of having the personal data being stolen because of a Certificate Authority verifies the identity of the certificate owner when it is issued.
VeriSign (http://www.verisign.com/) had provided a strong SSL and you can try to use it. It may help a lot in your e-commerce.
Useful links:
No comments:
Post a Comment