VeriSign, nCipher Team on Hardware SSL Certs

Security software and services vendor VeriSign has teamed up with British cryptography firm nCipher to offer the Hardware Protected SSL Certificate, an Secure Socket Layer server certificate the companies say will offer better protection against online data theft and Web site spoofing.

The new offering is said to be the first available SSL certificate that assures the private key will be protected in a FIPS-validated cryptographic hardware, from nCipher, thus providing a stronger level of authentication.

VeriSign is bundling into the offering a premium level of security for SSL certificates.

“We will ensure that the digital certificate is issued to an entity whose organization characteristics have been verified in a number of ways,” says Kevin Trilli, director of product marketing for VeriSign. Any site that uses the offering will be allowed to display VeriSign’s Secure Site Seal.

“The padlock has not been sufficient,” Trilli says. When a site visitor clicks on a padlock, the text displayed is meant to be read by someone familiar with PKI, for instance.

Protecting the private key in hardware is the essential innovation in the combined offering. The nCipher hardware security module (HSM) complies with Federal Information Processing Standard (FIPS) 140-2, a stringent standard representative of industry best practice. VeriSign chose nCipher as a partner in the effort because of the firm’s expertise in FIPS.

The companies see the joint effort as a way to spread the use of hardware-protected SSL certificates more into financial services, government and healthcare industries handling sensitive data transmitted over the Internet.

The Hardware-Protected SSL Certificate will be available from VeriSign in May, and can be purchased as part of a product bundle from nCipher with its nShield of nForce HSM. Pricing for a package is being discounted to $4,500 through Q3, after which is will revert to more standard pricing of approximately $9,000, nCipher indicated.

VeriSign reports that it has 400,000 active digital certificates, which it estimates to be 90% of the market. Figures compiled by NetCraft show 187,000 digital certificates are associated with public DNS records. The difference is the number of certificates used inside firewalls that the Netcraft spider cannot detect.

* John Desmond writes for, a JupiterMedia property.

News Around the Web