[ISN] Microsoft to tap VeriSign for security

From: InfoSec News (isnat_private)
Date: Tue Jul 10 2001 - 02:01:02 PDT

  • Next message: InfoSec News: "[ISN] The Enemy Within"

    By The Associated Press
    Special to CNET News.com 
    July 9, 2001, 9:20 p.m. PT 
    SEATTLE--Microsoft will enlist VeriSign to help provide security for
    its planned set of Internet services called .Net, the companies were
    scheduled to announce Tuesday.
    Financial terms of the deal were not disclosed.
    Microsoft has been hounded by concerns over privacy and security since
    announcing plans to release .Net and HailStorm, a related set of paid
    subscription services ranging from banking to making dental
    appointments over the Internet.
    The system will depend on customers' willingness to store personal
    information including credit card numbers and personal calendars via a
    Microsoft system called Passport.
    Passport was originally introduced as a system for remembering
    multiple Web site log-ons across the Internet and is now shaping into
    a cornerstone to storing personal information needed for .Net.
    Through this deal, VeriSign will provide additional "digital
    certificates" over the Passport system for certain transactions
    requiring extra security, such as bank transfers, the companies said.
    Those customers who use Microsoft's Windows desktop operating system
    will find that the two services can be linked, said Microsoft Vice
    President Sanjay Parthasarathy, with the digital certificates stored
    on the operating system. Others will be able to store their
    certificates in areas designated by VeriSign, based in Mountain View,
    The companies are touting the ease of this system, saying the added
    security won't necessarily require that users use an extra password.
    "The issue you deal with is that customers want ease of use but they
    also want higher levels of trust," VeriSign President and Chief
    Executive Stratton Sclavos said. "Before those two things were
    mutually exclusive, but now they can be as simple as one password."
    But Sclavos acknowledged that providing the extra security without an
    extra log-on could backfire because it requires that a potential
    hacker know only one password to access a broad array of personal
    "It needs to scale with the level of risk," he said.
    The non-exclusive deal will allow both companies to partner with other
    enterprises, Parthasarathy said.
    Microsoft previously announced a partnership with McAfee.com, based in
    Sunnyvale, Calif., to provide personal firewall security services for
    ISN is hosted by SecurityFocus.com
    To unsubscribe email isn-unsubscribeat_private

    This archive was generated by hypermail 2b30 : Tue Jul 10 2001 - 02:16:55 PDT