VeriSign® Data Protection

 

VeriSign provides data protection for Polaris Marketing Research’s special data reporting website, www.stattrac.com . VeriSign’s services to StatTrac include, as excerpted from its website (http://www.verisign.com):

"A Server ID, also known as a digital certificate, is the electronic equivalent of a business license. Server IDs are issued by a trusted third party, called a Certification Authority (CA). VeriSign® is the world's leading CA, having issued more than 410,000 Server IDs. The CA that issues a Server ID is vouching for your right to use your company name and Web address, just as the office of the Secretary of State does when it issues Articles of Incorporation. CAs can also issue digital certificates to individuals.

"Before issuing a Server ID, VeriSign® reviews your credentials - such as your organization's Dun & Bradstreet number or Articles of Incorporation - and completes a thorough background checking process to ensure that your organization is what it claims to be, and is not claiming a false identity. Then VeriSign issues your organization a Server ID, which is an electronic credential that your business can present to prove its identity or right to access information (see "How Digital Certificates Work" below).

"A Server ID from VeriSign provides the ultimate in credibility for your online business. VeriSign's rigorous authentication practices set the industry standard. VeriSign documents its carefully crafted and time-proven practices and procedures in a Certificate Practices Statement. And VeriSign annually undergoes an extensive SAS 70 Type II audit by KPMG. Employees responsible for dealing with certificates undergo complete background checks and thorough training.

"VeriSign Server IDs work in conjunction with Secure Sockets Layer (SSL) technology, which is the industry-standard protocol for secure, Web-based communications between your server and your customer's browser. Your site can communicate securely with any customer who uses Netscape Navigator, Microsoft Internet Explorer, or most popular e-mail programs. Once activated by your Server ID, SSL immediately begins providing you with the following components of secure online transactions:

"Authentication – By checking your VeriSign Server ID, your customers can verify that the Web site belongs to you, and not an impostor. This bolsters their confidence in submitting confidential information.

Message privacy – SSL encrypts all information exchanged between your Web server and customers, such as credit card numbers and other personal data, using a unique session key. To securely transmit the session key to the consumer, your server encrypts it with your public key. Each session key is used only once, during a single session (which may include one or more transactions) with a single customer. These layers of privacy protection ensure that information cannot be viewed if it is intercepted by unauthorized parties.

"Message integrity – When a message is sent, the sending and receiving computers each generate a code based on the message content. If even a single character in the message content is altered en route, the receiving computer will generate a different code, and then alert the recipient that the message is not legitimate. With message integrity, both parties involved in the transaction know that what they’re seeing is exactly what the other party sent.

"As part of its Secure Site services, VeriSign provides 128-bit Global Server IDs (included with VeriSign’s Secure Site Pro and Commerce Site Pro Services) that automatically ensure a minimum level of 128-bit SSL encryption when communicating with both domestic and export versions of Netscape Communicator and Internet Explorer. The encryption power of 128-bit SSL Global Server IDs make them ideal for sites that exchange sensitive information with customers. VeriSign is one of the only providers authorized by the U.S. Department of Commerce to sell 128-bit SSL IDs in the U.S."