VeriSign and nCipher Introduce Hardware-based SSL Certificate for Web Sites

Hardware Protected SSL Certificate Will Offer a Higher Level of Security Protection for Web sites, Preventing Data Theft and Web site Spoofing

Mountain View, CA and Cambridge, UK – April 7, 2003 – VeriSign Inc., (Nasdaq: VRSN), the leading provider of digital trust services and nCipher plc (LSE: NCH), a leading provider of IT cryptographic security, today announced the Hardware Protected SSL Certificate, a new premium-grade SSL server certificate providing superior protection against online data theft and Web site spoofing. The new offering is the first available SSL certificate that assures the private key will be protected in FIPS-validated cryptographic hardware, providing a stronger level of authentication and enabling security-conscious companies to establish an advanced, more secure method of protecting online transactions.

Companies implementing the Hardware Protected SSL Certificate will be able to demonstrate visible proof of their advanced level of security and underlying hardware private key protection by displaying a distinct gold VeriSign Secure Site Seal on their Web sites. Some of the initial target markets for the Hardware Protected SSL Certificate are organisations in the financial services, government and healthcare industries that are handling sensitive data transmitted over the Internet and need to demonstrate they are employing industry best practices for protecting this information.

“Companies that rely on the Internet for business transactions cannot afford risks, even tiny ones, to their online data. Additionally, the need to protect sensitive customer data such as credit card numbers and personal information requires strong protective measures,” said Charles Kolodgy, research director for Security Products at IDC. “The ability to demonstrate premium levels of security and prove that a site or service is secured to the highest levels possible is a strong competitive advantage to companies as customers become increasingly concerned with the safety of online transactions, services and customer data.”

The VeriSign Hardware Protected SSL Certificate not only provides validation of the identity of a Web site but also proves that the private key associated with the certificate is originated, protected and managed in a way that complies with FIPS 140-2 (Federal Information Processing Standard) by using an nCipher FIPS validated hardware security module (HSM).

This sets a new security benchmark for SSL certificates. FIPS 140-2 is one of the most stringent standards in the IT security industry and is widely accepted as a demonstration of best practices security.

“VeriSign is committed to providing solutions that enable companies of all sizes to conduct communications and commerce with confidence and providing an even higher level of security for our certificates via FIPS validated hardware certainly advances that goal,” said Mike Foley, vice president for commerce and content at VeriSign. “Because of their FIPS expertise we chose nCipher hardware to protect the Hardware Protected SSL Certificate that is aimed specifically at organisations that want to take the extra steps necessary to show their customers that they, too, take trusted commerce and communications seriously.”

“There is a growing industry awareness that sensitive cryptographic keys should be protected in secure hardware and this offering is designed to increase levels of protection that ultimately reduce risk,” said Richard Moulds, vice president of marketing for nCipher. “With threats to Web site security on the rise, we are glad to be partnering with VeriSign to combine best practice security within the SSL certificate market that includes all secure Web sites and other emerging applications that use SSL including Web services and secure extranet access.”

“Users of Internet-based services need to be assured that they are safe submitting their personal information online; they need a Web site they can trust. If a customer is to have the confidence required to put his or her trust in a Web site’s seal and certificate, two critical factors must be addressed: the authentication process performed by the Certificate Authority and the security of the Web server’s SSL key. The VeriSign and nCipher hardware-protected certificate deals with both these issues in a single solution,” said Dave Cullinane, International President of the Information Systems Security Association (ISSA).

Pricing and availability
Hardware Protected SSL Certificates will be available from VeriSign in May 2003 and can also be purchased as part of a product bundle from nCipher together with an nForce or nShield HSM. The price for the certificate sold separately is $995.

About Hardware Protected SSL Certificates
The Hardware Protected SSL Certificate is a new premium-grade SSL certificated offered by VeriSign and nCipher. The SSL certificate’s private key is secured inside an nCipher nForce or nShield FIPS 140-2 validated hardware security module. Protecting the SSL key in secure cryptographic hardware provides stronger site authentication and data confidentiality for sensitive transactions.

Keys stored in software have been proven to be subject to key finding attacks which allow the attacker to perform off-line decryption of encrypted SSL transactions or set up a spoof web site that appears to be legitimate. The nShield and nForce HSMs also provide SSL acceleration functionality (up to 400 connections per second) to the web site to overcome processing bottlenecks associated with the use of encrypted SSL traffic. With this certificate companies are able to prove that the private key associated with their SSL certificate was generated inside a FIPS 140-2 validated hardware security module. The Hardware Protected SSL certificate is a standard X.509 certificate and requires no modification to existing web server software or browser.

About VeriSign, Inc.
VeriSign’s (Nasdaq:VRSN) critical infrastructure services deliver an unmatched level of security and reliability to Internet and telecommunications customers around the world. Nearly all of the Fortune 500, numerous governmental bodies and other organizations, hundreds of thousands of small businesses, and nearly one thousand telecommunications carriers and service providers rely on VeriSign to engage in trusted digital commerce and communications. Additional news and information about the company is available at

About nCipher
nCipher is redefining cryptographic security to protect points of risk across the enterprise-from network appliances to Web servers, to custom software applications and back-end databases. nCipher provides hardware and software solutions that enable organizations to implement best practice security by addressing the challenges of cryptographic key management and performance. Many of the world’s leading organizations – from Microsoft and Barclays Bank to PricewaterhouseCoopers and the U.S. Navy – rely on nCipher to deliver a sound e-security infrastructure. nCipher’s products are particularly well suited to organizations with high volumes of security-sensitive transactions, such as banking and financial institutions, government departments, e-retailers and online service providers. nCipher is listed on the London Stock Exchange as a TechMARK 100 company (LSE:NCH) with offices in Cambridge, UK; Boston, New York, Paris, Hamburg, Singapore and Tokyo. For more information on nCipher, visit

Don't miss