VeriSign Inc. on Thursday announced a new service designed to enable the secure delivery of software and updates over the Internet.
The new Trusted Content Delivery service relies on digital certificates and digital signatures to guarantee the authenticity and integrity of code delivered online. The solution includes a proprietary client and server, each of which has an embedded digital certificate. Each software update is also authenticated by a digital code-signing certificate.
In order to deliver an update, the software vendor passes the code to the customer via the VeriSign application, which uses a secure private connection and does not travel through public e-mail systems. The vendor sends a notification to the customer that an update is available and the customer then responds and requests the update. Each of these trasmissions also is secured through the use of a digital certificate.
Every update carries with it a unique revocation history that enables end-users to make sure theyre using the correct version of the software.
VeriSign, of Mountain View, Calif., also announced a partnership with Authentium Inc., a security software vendor, which will adapt the TCD technology for the delivery of anti-virus updates. Several viruses in recent years have attempted to fool users into opening malicious messages by masquerading as updates from anti-virus vendors.
VeriSign plans to roll out the TCD solution in the early part of 2003. It is designed mainly for medium and large enterprises with large numbers of client machines that need frequent updates.