VeriSign strikes Microsoft authentication deal

The companies agree to build identity verification services based on the software giant's Windows Server 2003 product line.

Matt Hines Staff Writer, CNET News.com
Matt Hines
covers business software, with a particular focus on enterprise applications.
Matt Hines
2 min read
Security and billing applications maker VeriSign said Wednesday that it established a new partnership with Microsoft to build authentication services based on the software giant's Windows Server 2003 product line.

Get Up to Speed on...
Enterprise security
Get the latest headlines and
company-specific news in our
expanded GUTS section.

VeriSign says the collaboration will produce tools for enterprise network authentication--or identity verification--that are cheaper and more easily installed than current technologies. The company demonstrated a beta version of the system at this week's RSA Security conference in San Francisco. VeriSign expects the service to become available to the public sometime this summer.

The Mountain View, Calif.-based software maker is increasing its presence in the burgeoning network authentication space, where it will compete against RSA for corporate dollars. VeriSign has also become a driving force behind Open Authentication Reference Architecture (OATH), a nascent system for user identification and access protection for corporate networks. Using OATH, individuals access a network with a physical "token" that may feature a smart card, a password generator and other tools.

Under the pact, VeriSign plans to extend several software protocols it previously licensed from Microsoft as part of a strategic partnership it signed in June 2003. In doing so, the company believes that it can streamline public key infrastructure (PKI) technology and combine those tools with additional authentication credentials, such as One Time Password tokens, smart cards and a desktop version of PKI.

VeriSign promised that the new system would be featured in a variety of applications for Microsoft products, including virtual private networks, wireless-access systems and e-mail security tools.

The authentication service will include reference implementations of the OATH architecture, which aims to enable identification credentials to be used across disparate software and hardware systems. The new VeriSign product also promises to give network administrators the ability to use Microsoft's Active Directory software to manage users and Microsoft's Management Console to distribute authentication credentials.

VeriSign representatives said the Microsoft-based authentication service would greatly increase companies' ability to create more secure enterprise networks without investing in new operating system software.

"By leveraging existing standards in an open architecture framework, this solution allows customers to deploy a variety of strong credential options utilizing their existing Microsoft infrastructure," Judy Lin, executive vice president at VeriSign, said in a statement.