Internet Services Group
The Internet Services Group consists of the Security Services business and
Information Services business. The Security Services business provides products
and services to enterprises and organizations that want to establish and deliver
secure Internet-based services for their customers and business partners. The
following types of services are included in the Security Services business:
network and applications security services, including our managed security and
global security consulting services, authentication services, including our
public key infrastructure (“PKI”) and unified authentication services, and digital
certificate services, including our commerce site. The Information Services
business provides registry services as the exclusive registry of domain names
in the .com and .net gTLDs and certain ccTLDs, as well as providing other services,
including intelligent supply chain services, real-time publisher services, and
digital brand management services.
Security Services
Network and Application Security Services
Our network and application security services include managed security services,
iDefense security intelligence services and global security consulting services
for enterprises.
Managed Security Services (“MSS”). Our MSS services enable enterprises to effectively
monitor and manage their network security infrastructure on a 24x7 basis while
reducing the associated time, expense, and personnel commitments by relying
on VeriSign’s security platform and experienced security staff. Our MSS services
include:
• Firewall Management Service. Our Firewall Management Service provides enterprises
with management and monitoring of firewalls. Our security engineers and program
managers stage the firewall devices and test them prior to deployment; once
deployed, devices are monitored for health and security events 24x7. Ongoing
device management services include rule changes, software patches and upgrades.
• Intrusion Detection/Prevention Management Service. Our Intrusion Detection/Prevention
Management Service provides management and monitoring of intrusion detection/prevention
sensors, designed to identify and counter malicious security events or potential
attacks against an organization’s network.
• Vulnerability Management Service. Our Vulnerability Management Service provides
customized identification of exploitable vulnerabilities and helps prioritize
remediation by providing up-front risk assessment and recurring vulnerability
scanning, vulnerability testing and penetration testing.
iDefense Security Intelligence Services. Our iDefense Security Intelligence
Services provide information regarding network-based threats, vulnerabilities
and malicious code to customers to aid them in making decisions in response
to threats on a real-time basis. Our network of research contributors in over
30 countries provides information about the cyber underground and software vulnerabilities.
Global Security Consulting Services and Other Services. Our Global Security
Consulting Services help enterprises assess, design, and deploy cost-effective
and scalable network security solutions. Key offerings include Payment Card
Industry security assessments, application security assessments, enterprise
risk assessments, and security program development in support of compliance
regulations and industry best practices in both the public and private sectors.
Our consulting services are also available to help enterprises integrate our
unified authentication and PKI services with existing applications and databases
and advise on policies and procedures related to the management and deployment
of digital certificates. Our Messaging Security and Compliance Services, which
include Email Security Service, Message Continuity Service and Message Archive
Service, provide enterprises the ability to secure their email system from unwanted
messages and virus attacks; loss of email and email disruption due to disasters
or system failure; and retain messages for extended periods of time to address
compliance requirements. Using our Email Security Service, an enterprise’s in-bound
email can be checked for spam and malicious code, such as viruses and worms.
Legitimate email is passed through to employees while suspicious emails are
quarantined. Periodic digests of quarantined emails are sent to employees to
review and accept or reject as appropriate. In addition, outbound email can
be checked for malicious code to protect itself and outside recipients from
risk. Our Message Continuity Service makes identical copies of messages and
retains them for thirty days, giving enterprises the ability to recover messages
lost in the event of a disaster or accidental deletion. Our Message Archive
Service stores identical copies of messages and retains them for extended periods
defined by the enterprise to address compliance or internal audit requirements.
Our Anti-Phishing Solution provides enterprises effective strategies for mitigating
and eliminating “phishing” attempts by providing services for the prevention,
detection, and response to, identity theft attacks.
Authentication Services. Our Authentication Services include our Managed PKI
Services and Unified Authentication Services that can be tailored to meet the
specific needs of enterprises that wish to issue digital certificates to employees,
customers or trading partners.
• Managed PKI Services. The Managed PKI Service is a managed service that allows
an organization to use our trusted data processing infrastructure to develop
and deploy customized digital certificate services for its user communities.
The Managed PKI Service can be used by our customers to provide digital certificates
for a variety of applications, such as: controlling access to sensitive data
and account information, enabling digitally-signed email, encryption of email,
or Secure Socket Layer (“SSL”) sessions. The Managed PKI Service can help customers
create an online electronic trading community, manage supply chain interaction,
facilitate and protect online credit card transactions or enable access to virtual
private networks.
• Unified Authentication Services. Unified Authentication provides a single,
integrated platform for provisioning and managing all types of strong, two-factor
authentication credentials used to validate users, devices or applications for
a variety of purposes, such as remote access, windows logon, and Wi-Fi access.
Unified Authentication supports strong authentication using smart cards, device-generated
one-time passwords and digital certificates, as well as PKI-based encryption,
digital signing and non-repudiation. Unified Authentication can be run at the
enterprise or through VeriSign’s infrastructure.
• VeriSign Affiliate PKI Software and Services. VeriSign Affiliate PKI Software
and Services are sold to a wide variety of entities that provide electronic
commerce and communications services over wired and wireless Internet Protocol,
or IP, networks. We designate these types of organizations as “VeriSign Affiliates”
and provide them with a combination of technology, support and marketing services
to facilitate their initial deployment and ongoing delivery of digital certificate
services. In some instances, we have invested in VeriSign Affiliates and hold
a minority interest of less than 20%.
VeriSign Affiliates typically enter into a multi-year technology licensing
agreement with us whereby we receive up-front licensing fees for the Service
Center or Processing Center technology, as well as ongoing royalties from each
digital certificate or the Managed PKI Service sold by the VeriSign Affiliate.
Digital Certificate Services
Digital certificate services include our SSL digital certificate services and
code signing digital certificate services. SSL certificate services enable Internet
merchants to implement and operate secure Web sites that utilize SSL protocol.
These services provide Internet merchants with the means to authenticate themselves
to consumers and to encrypt communications between consumers and the merchant
websites. Our code signing digital certificate services provide software developers
the means to identify themselves and the authenticity of their software to consumers
and relying software applications.
We currently offer the following SSL and code signing digital certificate services.
• Secure Site and Secure Site Pro. Both our Secure Site and Secure Site Pro
certificates enable up to 256-bit SSL encryption when both the web server and
the client browser support such sessions. Secure Site Pro, our premium certificate
offering, implements Server Gated Cryptography, a technology which automatically
steps-up encryption levels to 128-bit in certain client/browser configurations.
Secure Site Pro also includes a third party site availability monitoring evaluation,
a network security monitoring trial, a site performance monitoring evaluation,
and additional warranty protection.
• Code Signing Certificates. We offer several code signing certificates based
on the platform for which customers wish to sign the code. Platforms include
Microsoft Authenticode, Microsoft Office and VBA, Symbian, Sun Java, Netscape,
Microsoft Smartphone, Macromedia Shockwave and Marimba Castanet.
• Thawte Branded Digital Certificates. We offer SSL and code signing certificates
under the Thawte brand. These services use the same underlying infrastructure,
and are targeted at small businesses and independent software developers.
Information Services
VeriSign’s Information Services business includes our domain name registry
services for the .com and .net gTLDs and certain ccTLDs, managed domain name
services, intelligent supply chain services, real-time publisher services and
digital brand management services.
Domain Name Registry Services. We are the exclusive registry of domain names
within the .com and .net gTLDs under agreements with the Internet Corporation
for Assigned Names and Numbers, or ICANN, and the Department of Commerce, or
DOC. As a registry, we maintain the master directory of all second-level domain
names in these top-level domains. We own and maintain the shared registration
system that allows all registrars to enter new second-level domain names into
the master directory and to submit modifications, transfers, re-registrations
and deletions for existing second-level domain names.
We are also the exclusive registry for domain names within the .tv and .cc
ccTLDs. These top-level domains are supported by our global name server constellation
and shared registration system. In addition, we have made .bz domain name registration
services available through our outsourced hosting environment, which enables
domain name registrars and resellers to simultaneously access .bz registries.
We also provide internationalized domain name, or IDN, services that enable
Internet users to access Web sites in their local language characters. Currently,
IDNs are available in more than 350 languages such as Chinese, Greek, Korean
and Russian.
Intelligent Supply Chain Services. We offer supply chain information for retail,
pharmaceutical and consumer goods customers for marketing and operations purposes.
Our point-of-sale data service is a hosted, Web-based solution for accessing
and managing daily updates of point-of-sale data from multiple key retailer
partners. An electronic product code is a unique number that corresponds with
an individual product (or container of products). Radio frequency identification
(“RFID”) tags are small chips with antennas that contain an electronic product
code (“EPC”). We have been selected by EPCglobal, a not-for-profit joint-venture
formed by The Uniform Code Council, Inc. and EAN International, to operate the
authoritative root directory for the EPCglobal Network, the authoritative directory
of information sources that are available to describe products assigned EPCs.
The EPCglobal Network is a concept that if proven will enable users to find
and share information about products in the supply chain using the Internet
infrastructure. For example, by using an EPC in conjunction with the EPCglobal
Network, a manufacturer or retailer would be able to look up detailed information
about a product or package, such as its manufacture date, location and expiration
date. Additionally, we offer managed services that are designed to work in conjunction
with RFID and bar code technology and the EPC root directory to facilitate the
secure sharing of product data across diverse supply chains.
Real-Time Publisher Services. We offer a suite of intelligent infrastructure
services that allow organizations to collect and organize large amounts of constantly
updated content, and distribute it, in real time, to enterprises, web-portal
developers, application developers, and consumers. The real-time publisher services
also make it easier for publishers of all sizes to distribute and track their
content feeds, which may improve the reliability and quality of their real-time
content.
Digital Brand Management Services. We offer a range of services that we refer
to as digital brand management services to help enterprises, legal professionals,
information technology professionals and brand marketers monitor, protect and
build digital brand equity. These services include domain name registration
services for both gTLDs such as .com and ccTLDs, such as .de and .jp, and our
brand monitoring services.
Communications Services Group
The Communications Services Group provides managed solutions to fixed line,
broadband, mobile operators and enterprise customers through our integrated
communications, content and commerce platform. Our communications services offerings
include network connectivity and interoperability services and intelligent database
services; our content services offerings include content and application services
and messaging services; and our commerce services offerings include clearing
and settlement services, and billing and payment services.
Communications Services
Network Connectivity and Interoperability Services
Through our network connectivity and interoperability services, we provide
connections and services that signal and route information within and between
telecommunication carrier networks.
• SS7 Connectivity and Signaling Services. Our Signaling System 7, or SS7,
network, is an industry-standard system of protocols and procedures that is
used to control telephone communications and provide routing information in
association with vertical calling features, such as calling card validation,
local number portability, toll-free number database access and caller identification.
Our SS7 trunk signaling service reduces post-dial delay, allowing call connection
almost as soon as dialing is completed which enables telecommunications carriers
to deploy a full range of intelligent database services more quickly and cost
effectively. By using our trunk-signaling service, carriers simplify SS7 link
provisioning, and reach local exchange carriers and wireless carriers’ networks
through our direct access to hundreds of carriers.
• Wireless Roaming Services. We offer wireless carriers seamless roaming services
using the ANSI-41 and GSM signaling protocols that allow carriers to provide
support for roamers visiting their service area and for their customers when
they roam outside their service area. This service also allows number validation
inside and outside carriers’ service areas by accessing our SS7 network. Our
Interstandard Roaming service manages signaling conversion across protocols
to provide activation processing, international customer care, end-user billing,
and fraud protection, while our Wireless Data Roaming service enables carriers
to offer wireless data roaming to their subscribers over Wi-Fi, CDMA2000 and
GSM/GPRS networks.
• Voice Over Internet Protocol (“VoIP”) Services. Our Wireless IP Connect service
is a managed service that allows wireless operators to provide full VoIP-to-wireless
roaming to their subscribers, while our IP Connect Suite allows VoIP providers,
cable operators and MSOs to extend VoIP services across multiple access methods
to enterprise customers. VeriSign SIP-7 Service integrates SIP (Session Initiation
Protocol)-based VoIP platforms with the existing SS7 network, allowing seamless
interconnection between IP networks and the Public Switch Telephone Network
(“PSTN”).
• Communications Assistance for Law Enforcement Act (“CALEA”). Our NetDiscovery
services enable telecommunications carriers to meet the requirements of CALEA
through provisioning, access and delivery of call information from carriers
to law enforcement agencies.
Intelligent Database Services
We enable carriers to find and interact with network databases and conduct
database queries that are essential for many advanced services, including the
following:
• Number Portability. Local Number Portability (“LNP”) and Wireless Number
Portability (“WNP”) allow telephone subscribers to switch local service providers
while keeping the same telephone number.
• Calling Name (“CNAM”) Delivery. Our CNAM Delivery service enables carriers
to query regional Bell operating companies and major independent carriers and
provide customers with caller identification services.
• Line Information Database (“LIDB”). LIDB provides subscriber information
(such as the subscriber’s service profile and billing specifications) to other
carriers enabling them to respond to calls (e.g. whether to block certain calls,
allow collect calls, etc.).
• Toll-free Database Services. Leveraging VeriSign’s SS7 network, our toll-free
services allow customers to complete 8xx calls throughout the U.S. and Canada.
• TeleBlock Do Not Call (“DNC”). TeleBlock DNC provides telemarketers with
a DNC management tool that automatically screens and blocks outgoing calls to
national, state, third-party and in-house DNC lists.
Content Services
Application and Content Services
Our application services enable providers to deliver content through secure
customized, branded content acquisition portals and allow for the exchange of
pictures, videos, alerts and other forms of multimedia content across a wide
range of connected devices and networks. Our content services manage content
aggregation, formatting, mediation, digital rights management and delivery through
these services. We have a library of over 150,000 items, including ringtones,
graphics, games and applications that we offer in over two dozen countries around
the world. In the U.S., U.K., and Australia we operate under our Jamster brand,
in the U.K. under our Ringtoneking brand, and in Europe under our Jamba! brand.
Messaging Services
Our Multi-Media Messaging services (“MMS”) allow subscribers to send pictures,
audio and video between different service providers and devices and is provided
on a service bureau basis that connects to wireless service providers’ multimedia
messaging centers and routes MMS messages between service providers. Through
our hosted services we also facilitate the sharing, distribution and storage
of multimedia messages for our customers in the U.S., Canada, New Zealand and
Mexico. Our Inter-Carrier Messaging services allow wireless subscribers to send
text and multi-media messages between different service providers and devices.
Through our MetcalfTM Global Messaging services, we enable wireless carriers
to offer short messaging services (“SMS”) between carrier systems and devices,
and across disparate networks and technologies so that customers can exchange
messages outside the carrier’s network.
Commerce Services
Clearing and Settlement Services
Through our Wireline Clearinghouse Services, we serve as a distribution and
collection point for billing information and payment collection for services
provided by one carrier to customers billed by another.
Our Wireless Clearinghouse Services enable wireless carriers to clear and settle
telephone traffic charges with their roaming partners domestically and internationally.
We also provide wireless carriers with fraud management, SS7 monitoring, and
other services.
Billing and Payment Services
We offer advanced billing, payment and customer care services to mobile operators.
Through our speedSUITETM, SmartPayTM and PrePayINTM services, we provide wireless
carriers with an end-to-end customer relationship management system that supports
advance pay, prepaid and post-paid wireless services. Carriers have access to
a real-time account management platform, administered via a Web interface, designed
to make prepaid wireless plans flexible and convenient.
Operations Infrastructure
Our operations infrastructure consists of secure data centers in Mountain View,
California; Dulles, Virginia; Lacey, Washington; Providence, Rhode Island; Overland
Park, Kansas; Melbourne, Australia; and Kawasaki, Japan. Most of these secure
data centers operate on a 24-hour a day, 7 days per week, 365 days a year basis,
supporting our business units and services. Key features of our operations infrastructure
include:
• Distributed Servers. We deploy a large number of high-speed servers to support
capacity and availability demands that in conjunction with our proprietary software
offers automatic failover, global and local load balancing and threshold monitoring
on critical servers.
• Advanced Telecommunications. We deploy and maintain redundant telecommunications
and routing hardware and maintain high-speed connections to multiple Internet
service providers (“ISPs”) to ensure that our mission critical services are
readily accessible to customers at all times.
• Network Security. We incorporate architectural concepts such as protected
domains, restricted nodes and distributed access control in our system architecture.
We have also developed proprietary communications protocols within and between
software modules that are designed to prevent most known forms of electronic
attacks. In addition, we employ firewalls and intrusion detection software,
and contract with security consultants who perform periodic attacks to test
our systems and security risk assessments.
As part of our operations infrastructure for our domain name registry services,
we operate all domain name servers that answer domain name lookups for the .com
and .net zones. We also operate two of the thirteen externally visible root
zone server addresses, including the “A” root, which is considered to be the
authoritative root zone server of the Internet’s domain name system (“DNS”).
The domain name servers provide the associated name server and IP address for
every .com and .net domain name on the Internet and a large number of other
top-level domain queries, resulting in an average of over 15 billion responses
per day during 2005. These name servers are located around the world, providing
local domain name service throughout North America, Europe, and Asia. Each server
facility is a controlled and monitored environment, incorporating security and
system maintenance features. This network of name servers is one of the cornerstones
of the Internet’s DNS infrastructure.
To provide our communications services, we operate a SS7 network composed of
specialized switches, computers and databases strategically located across the
United States. These elements interconnect our customers and U.S. telecommunications
carriers through leased lines. Our network currently consists of 16 mated pairs
of SS7 signal transfer points (“STPs”) that are specialized switches that route
SS7 signaling messages, and into which our customers connect. We own ten pairs
of STPs and lease capacity on six pairs of STPs from regional providers. Our
SS7 network control center, located in Overland Park, Kansas, is staffed 24
hours a day, 365 days a year.
Call Centers and Help Desk. We provide customer support services through our
phone-based call centers, email help desks and Web-based self-help systems.
Our California call center is staffed 24 hours a day, 365 days a year and employs
an automated call directory system to support our Security Services business.
Our Georgia call center is staffed from 8:00 a.m. to 7:00 p.m. Eastern Time
and our Washington state call center is staffed from 8:00 a.m. to 5:00 p.m.
Pacific Time and employs an automated call directory system to support our Communications
Services business. Our Virginia call center is staffed 24 hours a day, 365 days
a year to support our Information Services business. All call centers have a
staff of trained customer support agents and provide Web-based support services
that are available 24 hours a day, 365 days a year, utilizing customized automatic
response systems to provide self-help recommendations.
Operations Support and Monitoring. We have an extensive monitoring capability
that enables us to track the status and performance of our critical database
systems and our global resolution systems. Our distributed Network Operations
Centers are staffed 24 hours a day, 365 days a year.
Disaster Recovery Plans. We have disaster recovery and business continuity
capabilities that are designed to deal with the loss of entire data centers
and other facilities. Our Information Services business maintains dual mirrored
data centers that allow rapid failover with no data loss and no loss of function
or capacity. Our PKI business is similarly protected by having service capabilities
that exist in both of our East and West Coast data center facilities. Our critical
data services (including digital certificates, domain name registration, telecommunications
services and global resolution) use advanced storage systems that provide data
protection through techniques such as mirroring and remote replication.