Microsoft, Verisign to Work on Data Security Standard

Verisign Inc., a pioneer in digital authentication technology, said it will collaborate with Microsoft Corp. on standards to ensure the security of Internet messages and transactions.

The companies said the use of digital signatures, which are Verisign's core product, will go a long way toward solving the data security problems that may hinder electronic commerce over open public networks.

As part of what they call the Digital Signature Initiative, Microsoft and Verisign have already drafted specifications and policies that they say can be adopted by software developers to ensure the integrity of information as it passes over on-line networks.

Separately, Verisign said it has set up a "digital signing" service for software developers. Verisign will act as an outsourcer to authenticate data for smaller software firms that cannot afford to create their own system for certification.

Verisign, which claims to be the only company "focused 100% on digital authentication," promotes an electronic verification technique that is analogous to the signature on a driver's license that may be presented at a point of sale. The receiver of a digital signature would be able to verify the identity of the originator of a message and be assured the message had not been tampered with.

Authentication is widely seen as the missing technology link in electronic transaction systems. Scott Smith, an analyst with Jupiter Communications Co. in New York, said "signatures and certification are almost more critical than encryption," the technique of scrambling data transmissions to prevent unauthorized access.

The Verisign-Microsoft outline has been submitted to the World Wide Web Consortium, said Verisign president and chief executive Stratton D. Sclavos. Microsoft said 40 software developers have already endorsed the standards.

But Mr. Sclavos pointed out that the document is still a work in progress, and he encouraged input from other companies in the software and on-line services industries.

Verisign, which was spun off last year by the data encryption system leader RSA Data Security Inc., plans to begin selling in the second quarter a commercial publishers digital ID for $400 and an individual publishers ID for $20.

"As the Internet becomes a key delivery vehicle for both software and other digital data, the issue of content integrity becomes critical, especially with the prevalence of viruses and software counterfeiting," said Mike Rothman, a vice president for the global networking strategies service at Meta Group, Reston, Va.

Microsoft has also been involved in standards-setting for payment security over the Internet - an issue that initially divided the bank card industry, with Visa and Microsoft on one side, MasterCard and Netscape on the other. The two camps came together on a single protocol that was published last month.

Mr. Sclavos said digital certification standards are even more critical, as Internet users are more likely to exchange software and other forms of content before they start buying and selling.

For reprint and licensing requests for this article, click here.
MORE FROM AMERICAN BANKER