Targeting software providers that want to deliver their wares more securely over the Internet, VeriSign Inc. today announced its Trusted Content Delivery service.
TCD is designed to be an open platform that allows ASPs and Web-based application providers to secure the transmission of updates to customers, according to VeriSign spokesman Patrick Burns.
Software updates, such as antivirus software updates in particular, are often corrupted in the transmission process from provider to customer, according to VeriSign. With TCD, providers have the capability to embed security within their update process and create a secure channel between themselves and their customers.
The price will be based on invidividual service agreements between providers and VeriSign, Burns told ASPnews.
“VeriSign is in a unique position to extend our code signing expertise and our digital certificate experience to leading antivirus providers and other software providers,” Burns said. “We have heard directly from leading software providers that updates are an area of security concern for them and that they want to develop the most secure channels possible for delivering those updates to their customers.”
According to VeriSign, the TCD service will be available in the first quarter of next year and will address the following issues:
- Anti-Intrusion: VeriSign reports that TCD will ensure that all points of entry between the user, the system administrator and VeriSign are secured by digital certificates embedded in the client and server components of the software.
- Update spoofing: Software updates will authenticated by a VeriSign
digital code-signing certificate to prevent spoofing by individuals or
organizations pretending to be legitimate software providers. - Hoax warnings and notifications: According to VeriSign, each update notification and
communication between it and the customer will be secured by a digital
certificate and passed securely through the VeriSign application, not
via public e-mail. - Content level control: Each update maintains its own
revocation history, which, according to VeriSign, allows providers to
ensure that end-users use the appropriate version of updates. Content level control features also
permit revocation of updates found to be flawed after their initial
release. - Software piracy: System administrators and IT managers are provided
with an audit trail on the update status on all clients across their network.
In related news, VeriSign announced a joint development agreement with
Authentium Inc. to adapt TCD concepts and to provide a secure distribution process
for delivering anti-virus software and updates over the Internet.
San Diego-based Authentium is the parent company of Command Software Systems, a Jupiter, Fla.-based company that produces anti-virus, identity-protection and security software.
“The recent compromise at Kapersky Labs, in which subscribers were potentially
duped into accepting fake updates which contained the Bridex Worm,
demonstrates the critical importance of this enhanced approach to update
security,” said John Sharp, president and CEO of Authentium in a statement
VeriSign is listed by ASPnews as a Top 30 Service Enabler.
Do you have a comment or question about this article or the ASP industry in general? Speak out in the ASP Discussion Forum.