VeriSign brings trust to the Internet. Billions of times each day VeriSign helps companies and consumers all over the world to engage in trusted communications and commerce.
As financial institutions, manufacturers, government agencies, healthcare organizations, and other enterprises leverage the Internet to link business processes, streamline communications, and conduct commerce, the protection of information assets has become a vital, yet increasingly complex, component of online data exchange. Enterprises not only must safeguard sensitive information and maintain the trust of online trading partners, but also must comply with government and industry regulations related to online data. Meanwhile virus distribution methods have evolved, the hacker arsenal has grown, and technological advances such as wireless communications have created parallel environments that must also be protected. In protecting information assets, enterprise security is now expected to provide gate-keeping functions such as data protection and network isolation, as well as facilitative functions such as exposing enterprise data to outside applications, connecting users for extended collaboration, and enabling online transactions and communications.
The foundation for providing application and network security in these multi-faceted environments is Public Key Infrastructure (PKI). Technically, PKI refers to the technology, infrastructure, and practices that support the implementation and operation of a certificate-based public key cryptographic system. The system uses a pair of mathematically related keys—called a private key and a public key—to encrypt and decrypt confidential information and to generate and verify digital signatures. (Digital signatures are used to sign transactions or to authenticate users or machines prior to granting access to resources.)
Enterprises use digital certificates to protect information assets via the following mechanisms:
- Authentication —Validates the identity of machines and users
- Encryption —Encodes data to ensure that information cannot be viewed by unauthorized users or machines
- Digital signing —Provides the electronic equivalent of a hand-written signature; also enables enterprises to verify the integrity of data and determine whether it has been tampered with in transit
- Access control —Determines which information a user or application can access and which operations it can perform once it gains access to another application; also called authorization
- Non-repudiation —Ensures that communications, data exchanges, and transactions are legally valid and irrevocable