Microsoft to tap VeriSign for security

[InfoSec News <isn () c4i org>]

http://news.cnet.com/news/0-1003-200-6528869.html?tag=mn_hd

By The Associated Press
Special to CNET News.com 
July 9, 2001, 9:20 p.m. PT 

SEATTLE--Microsoft will enlist VeriSign to help provide security for
its planned set of Internet services called .Net, the companies were
scheduled to announce Tuesday.

Financial terms of the deal were not disclosed.

Microsoft has been hounded by concerns over privacy and security since
announcing plans to release .Net and HailStorm, a related set of paid
subscription services ranging from banking to making dental
appointments over the Internet.

The system will depend on customers' willingness to store personal
information including credit card numbers and personal calendars via a
Microsoft system called Passport.

Passport was originally introduced as a system for remembering
multiple Web site log-ons across the Internet and is now shaping into
a cornerstone to storing personal information needed for .Net.

Through this deal, VeriSign will provide additional "digital
certificates" over the Passport system for certain transactions
requiring extra security, such as bank transfers, the companies said.

Those customers who use Microsoft's Windows desktop operating system
will find that the two services can be linked, said Microsoft Vice
President Sanjay Parthasarathy, with the digital certificates stored
on the operating system. Others will be able to store their
certificates in areas designated by VeriSign, based in Mountain View,
Calif.

The companies are touting the ease of this system, saying the added
security won't necessarily require that users use an extra password.

"The issue you deal with is that customers want ease of use but they
also want higher levels of trust," VeriSign President and Chief
Executive Stratton Sclavos said. "Before those two things were
mutually exclusive, but now they can be as simple as one password."

But Sclavos acknowledged that providing the extra security without an
extra log-on could backfire because it requires that a potential
hacker know only one password to access a broad array of personal
information.

"It needs to scale with the level of risk," he said.

The non-exclusive deal will allow both companies to partner with other
enterprises, Parthasarathy said.

Microsoft previously announced a partnership with McAfee.com, based in
Sunnyvale, Calif., to provide personal firewall security services for
Passport.




ISN is hosted by SecurityFocus.com
---
To unsubscribe email isn-unsubscribe () SecurityFocus com.