SSL Certificate to Secure Online Transactions

VeriSign and nCipher announce a new hardware-based SSL certificate that they say should help protect sites against data theft and Web-site spoofing.

Hoping to engender a greater level of trust by consumers in e-commerce Web sites, VeriSign Inc. and nCipher plc. on Monday announced a new hardware-based SSL (Secure Sockets Layer) certificate that the companies say should help protect sites against data theft and Web-site spoofing.

The Hardware Protected SSL Certificate will fill the same identification role as normal SSL server certificates, but it will also provide proof that the certificates private key was originated in and is stored in an HSM (hardware security module). The nCipher HSM is FIPS (Federal Information Processing Standard) 140-2 certified. The standard, developed by the National Institute of Standards and Technology, lays out a stringent set of criteria for HSMs, and the new VeriSign-nCipher solution is currently the only one that includes a FIPS 140-2 certified HSM.

The two companies plan to market and sell the solution jointly, with the target markets being financial services, government and health care organizations. Sites that employ the new certificate will also get to display a VeriSign Secure Site seal on their pages.

Executives at both companies say Web site operators are looking for ways to reassure consumers that their credit card data is being transmitted safely and handled by a secure server. And, with concern over some recent vulnerabilities related to the SSL protocol and some of its implementations, any extra security assurances that sites can give their customers will go a long way.

Officials at VeriSign, based in Mountain View, Calif., and nCipher, of Cambridge, U.K., say this service is a step toward making SSL more trusted. Analysts share that sentiment.

"Companies that rely on the Internet for business transactions cannot afford risks, even tiny ones, to their online data. Additionally, the need to protect sensitive customer data such as credit card numbers and personal information requires strong protective measures," said analyst Charles Kolodgy, at International Data Corp. in Framingham, Mass. "The ability to demonstrate premium levels of security and prove that a site or service is secured to the highest levels possible is a strong competitive advantage to companies as customers become increasingly concerned with the safety of online transactions, services and customer data."

The Hardware Protected SSL Certificates can be purchased directly from VeriSign or as part of a bundle with one of nCiphers nForce or nShield HSMs. The solution will be available in May, starting at $4,500.

Most Recent Security Stories:

Search for more stories by Dennis Fisher.
Find white papers on security.
For more security news, check out Ziff Davis Medias Security Supersite.