dcsimg
RealTime IT News

VeriSign to Offer Security Service to Software Providers

Targeting software providers that want to deliver their wares more securely over the Internet, VeriSign Inc. today announced its Trusted Content Delivery service.

TCD is designed to be an open platform that allows ASPs and Web-based application providers to secure the transmission of updates to customers, according to VeriSign spokesman Patrick Burns.

Software updates, such as antivirus software updates in particular, are often corrupted in the transmission process from provider to customer, according to VeriSign. With TCD, providers have the capability to embed security within their update process and create a secure channel between themselves and their customers.

The price will be based on invidividual service agreements between providers and VeriSign, Burns told ASPnews.

"VeriSign is in a unique position to extend our code signing expertise and our digital certificate experience to leading antivirus providers and other software providers," Burns said. "We have heard directly from leading software providers that updates are an area of security concern for them and that they want to develop the most secure channels possible for delivering those updates to their customers."

According to VeriSign, the TCD service will be available in the first quarter of next year and will address the following issues:

  • Anti-Intrusion: VeriSign reports that TCD will ensure that all points of entry between the user, the system administrator and VeriSign are secured by digital certificates embedded in the client and server components of the software.
  • Update spoofing: Software updates will authenticated by a VeriSign digital code-signing certificate to prevent spoofing by individuals or organizations pretending to be legitimate software providers.
  • Hoax warnings and notifications: According to VeriSign, each update notification and communication between it and the customer will be secured by a digital certificate and passed securely through the VeriSign application, not via public e-mail.
  • Content level control: Each update maintains its own revocation history, which, according to VeriSign, allows providers to ensure that end-users use the appropriate version of updates. Content level control features also permit revocation of updates found to be flawed after their initial release.
  • Software piracy: System administrators and IT managers are provided with an audit trail on the update status on all clients across their network.
In related news, VeriSign announced a joint development agreement with Authentium Inc. to adapt TCD concepts and to provide a secure distribution process for delivering anti-virus software and updates over the Internet.

San Diego-based Authentium is the parent company of Command Software Systems, a Jupiter, Fla.-based company that produces anti-virus, identity-protection and security software.

"The recent compromise at Kapersky Labs, in which subscribers were potentially duped into accepting fake updates which contained the Bridex Worm, demonstrates the critical importance of this enhanced approach to update security," said John Sharp, president and CEO of Authentium in a statement

VeriSign is listed by ASPnews as a Top 30 Service Enabler.


Do you have a comment or question about this article or the ASP industry in general? Speak out in the ASP Discussion Forum.