VeriSign Inc. has unveiled its Shared Hosting Security Service aimed at providing secure and authenticated transactions to businesses doing e-commerce on shared hosting platforms.
The product will be marketed under the name Secure Site Services by ISPs and Web hosting companies. EarthLink Inc., for example, has already signed an agreement with VeriSign to embed Secure Site Services into its future offerings.
For the most part, e-business transactions are secured using the Secure Sockets Layer (SSL) protocol. In an SSL session, the server sends a public key to a browser, which the browser uses to send back a secret key to encrypt the session. What VeriSign does is authenticate the business before a session is started. So, for example, a user planning to make a purchase from a VeriSign-secured site would first get authentication that the business is who it says it is and owns the domain name. Once authenticated, the SSL session starts.
This third-party verification service has been available to e-businesses running on dedicated servers, but not those on shared hosting platforms, says Ben Golub, vice president of VeriSign Web Trust Services.
"In the shared hosting environment, what we've found is for a variety of technologic or economic reasons ISPs have been unable to offer individual certificates for each business sitting on a shared server," he says. With new service "we will do the same authentication steps [as we do for business hosted on dedicated servers] for each of the 100 merchants on an ISP server. Then we'll link that merchant to the ISP's encryption certificate."
Businesses using the Secure Site Services will display a VeriSign Secure Site Seal, which users can click on to get information about that company.
VeriSign is partnering with Dun & Bradstreet and will use the latter's database of 64 million registered businesses for authentication purposes.