SSL Certificate to Secure Online Transactions
VeriSign and nCipher announce a new hardware-based SSL certificate that they say should help protect sites against data theft and Web-site spoofing.Hoping to engender a greater level of trust by consumers in e-commerce Web sites, VeriSign Inc. and nCipher plc. on Monday announced a new hardware-based SSL (Secure Sockets Layer) certificate that the companies say should help protect sites against data theft and Web-site spoofing. The Hardware Protected SSL Certificate will fill the same identification role as normal SSL server certificates, but it will also provide proof that the certificates private key was originated in and is stored in an HSM (hardware security module). The nCipher HSM is FIPS (Federal Information Processing Standard) 140-2 certified. The standard, developed by the National Institute of Standards and Technology, lays out a stringent set of criteria for HSMs, and the new VeriSign-nCipher solution is currently the only one that includes a FIPS 140-2 certified HSM. The two companies plan to market and sell the solution jointly, with the target markets being financial services, government and health care organizations. Sites that employ the new certificate will also get to display a VeriSign Secure Site seal on their pages.
Executives at both companies say Web site operators are looking for ways to reassure consumers that their credit card data is being transmitted safely and handled by a secure server. And, with concern over some recent vulnerabilities related to the SSL protocol and some of its implementations, any extra security assurances that sites can give their customers will go a long way.
Find white papers on security.
For more security news, check out Ziff Davis Medias Security Supersite.