Empowering Secure Digital Experiences for Malaysia

PKI & Digital Signature for KPKT eSPA

A secure, compliant and efficient digital signing framework under the Digital Signature Act 1997, enabling KPKT’s eSPA ecosystem with trusted digital certificates issued by Pos Digicert.

View Process Flows Contact Pos Digicert

Digital certificates, eKYC, and signing flows are integrated to support developers, buyers, witnesses, landowners and officers within eSPA/HIMS.

Legal Snapshot DSA 1997

Digital Signature Act 1997

Effective 1 October 1998

Governs the creation and use of digital signatures in Malaysia.

Section 62(2)

Legally Binding

Digital signatures are as legally binding as handwritten signatures, thumbprints or other marks.

Sections 64 & 65

Valid & Enforceable

Digitally signed messages (and their copies) are valid, enforceable and effective as if written on paper.

Enabled By

PKI & Digital Certificates

Certificates issued by Pos Digicert, Malaysia’s premier Certification Authority.

Legal Effect of Digital Signatures

Under the Digital Signature Act 1997, documents and messages signed with a valid digital signature carry full legal weight, equivalent to traditional paper-based signatures.

Section 62(2) – A document signed with a digital signature in accordance with the Act is as legally binding as one signed with a handwritten signature or thumbprint.
Section 64 – A digitally signed message is valid, enforceable and effective as if written on paper.
Section 65 – A copy of a digitally signed message is as valid as the original unless a unique original is designated by the signer.

Regulatory Alignment

Digital certificates and signatures used in eSPA support compliance with Malaysian laws → Housing Development (Control and Licensing) Act 1966 [Act 118]:

Documents signed via digital certificates remain valid and cannot be tampered with after signing under the legal framework of the DSA 1997.

Public Key Infrastructure (PKI)

PKI provides the technical and trust foundation that enables secure digital signatures for eSPA. It ensures that every signature is bound to a verified identity and that documents are protected against manipulation.

PKI Components

Customer / User – Individuals such as buyers, witnesses, landowners and officers.
Registration Authority (RA) – Validates identity and registration information.
Certification Authority (CA) – Pos Digicert issues and manages digital certificates.
Signatures Repository – Stores certificates and related information.
Relying Parties / Systems – eSPA, HIMS and other systems that rely on digital signatures.

Identity Verification Digital Integrity Non-repudiation Secure Transactions

Electronic Know Your Customer (eKYC)

eKYC is used to verify the identity of applicants before a digital certificate is issued. It ensures that certificates are only granted to legitimate individuals.

What is iDsaya?

A mobile app designed to deliver a secure digital identity.
Enables passwordless authentication and digital signing.
Manages digital certificate PIN and TOTP used during the signing process.

What is eKYC?

“Electronic Know Your Customer”.
Uses biometric authentication and facial recognition to verify user identity and documents quickly and securely.
Includes ID document verification and live facial recognition to prevent identity fraud.

Process Flows

The following diagrams summarise the flows extracted from the PKI & Digital Signature documentation for KPKT eSPA, covering eKYC, individual registration, developer quota management and the digital signing journey.

eKYC Process Applicant Journey

Download eKYC App

Applicant downloads the eKYC app (iDsaya) on their mobile phone.

User creates an account in the app.

Capture MyKad/Passport

Take a picture of the front of MyKad or Passport.

Live Facial Recognition

Front-facing facial scan to verify liveness and match ID.

ID Verification

System verifies identity and document authenticity.

Result Notification

If rejected, applicant receives notification to redo eKYC; if approved, proceeds to certificate activation.

Individual Registration & Certificate Activation System & Individual

Role Registration

Developer/HIMS registers roles such as Buyer, Witness, Landowner, Officer in the system.

eKYC Email

System sends eKYC email invitation to the individual.

Complete eKYC

Individual completes the eKYC process via iDsaya.

Set PIN

User sets a Digital Certificate PIN within the app.

Activate Certificate

Certificate is activated for either 1-month or 1-year validity.

Signing Email

System sends an email for digital signing that will require the PIN & TOTP via iDsaya.

Sign Agreement

Individual signs the purchase agreement in HIMS using the activated certificate.

Developer Digital Certificate Quota & Purchasing Process Developer & Pos Digicert

Developer registers their “Kod Pemaju” in HIMS.

Request Quota

Developer requests digital certificate quota (units & duration).

Quotation

Pos Digicert Retail Team provides quotation to developer.

PO / Proof of Payment

Developer submits Purchase Order or proof of payment.

Invoice & DO

Finance issues invoice and Delivery Order to developer.

Update Quota

Pos Digicert Retail Team updates quota in HIMS and notifies developer & finance (with screenshot).

Check Quota Balance

Developer logs into HIMS to check quota balance.

Digital Signing Flow in HIMS / eSPA Digital Signature Application

Signing Email

System sends email to the individual to sign the purchase agreement.

Authentication

User uses Digital Certificate PIN and TOTP via iDsaya to authenticate.

Digital Signature

System applies a digital signature based on the issued digital certificate.

Document Protection

Signed document becomes tamper-evident and protected under DSA 1997.

Audit Trail

All signing actions are recorded for verification and audit purposes.

Benefits & Challenges of Digital Certificates

Benefits

High Security

Ensures the authenticity of the signer’s identity.
Digital certificates provide strong cryptographic protection.

Identity Verification & Audit Record

eKYC links the digital certificate to a verified individual.
Every signing action is recorded for audit and compliance.

Effective & Efficient

Speeds up the signing of agreements and approvals.
Supports electronic data collection and reduces manual paperwork.
Helps reduce operational costs for all stakeholders.

Challenges

Implementation Cost – Initial setup, integration and certificate costs.
User Acceptance – Requires adoption and change from manual to digital processes.
Awareness – Continuous education needed on digital signatures and their legal effect.

Security & Data Integrity Security & Compliance Process Efficiency

Despite these challenges, digital certificates significantly enhance trust, security and efficiency in document handling within eSPA.

Digital Transformation at KPKT

The implementation of PKI and digital certificates within eSPA forms part of KPKT’s broader digital transformation, moving from manual and paper-based processes to secure, end-to-end digital workflows.

Replaces physical signatures with legally recognised digital signatures.
Streamlines housing-related approvals and agreements.
Improves transparency and traceability in transactions.

Powered by Pos Digicert

Pos Digicert underpins this transformation as the trusted Certification Authority:

Issues and manages digital certificates for eSPA/HIMS users.
Provides secure infrastructure for digital signing and certificate lifecycle management.
Supports compliance with Malaysian cryptographic and digital identity regulations.

Contact Pos Digicert

For enquiries on digital certificates, eKYC integration, or digital signing for KPKT eSPA, please contact Pos Digicert.

Pos Digicert Sdn Bhd

Email: [email protected]
Website: www.posdigicert.com.my

📧 Email Our Retail