World Library  
Flag as Inappropriate
Email this Article
 

Verisign

Verisign, Inc.
VeriSign logo
Type Public
Traded as NASDAQ: VRSN
S&P 500 Component
Founded 1995 (1995)
Headquarters Reston, Virginia, United States
Key people Founder and CEO: James Bidzos
Industry Internet, Communications
Revenue
  • US$ 965.087 million (2013) [1]
  • US$ 873.592 million (2012) [1]
Operating income
  • US$ 528.232 million (2013) [1]
  • US$ 457.327 million (2012) [1]
Net income
  • US$ 544.45 million (2013) [1]
  • US$ 320.032 million (2012) [1]
Total assets
  • US$ 2,660.767 million (2013) [2]
  • US$ 2,062.476 million (2012) [1]
Total equity
  • US$ -423.558 million (2013) [2]
  • US$ -9.323 million (2012) [1]
Employees 1,040[3]
Slogan(s) Powered by Verisign
Website .com.verisignwww
Alexa rank 29,607 (August 2015)[4]

Verisign, Inc. is an American company based in Reston, Virginia, United States that operates a diverse array of network infrastructure, including two of the Internet's thirteen root nameservers, the authoritative registry for the .com, .net, and .name generic top-level domains and the .cc and .tv country-code top-level domains, and the back-end systems for the .jobs, .gov, and .edu top-level domains. Verisign also offers a range of security services, including managed DNS, distributed denial-of-service (DDoS) attack mitigation[5] and cyber-threat reporting.

In 2010, Verisign sold its authentication business unit – which included SSL certificate, PKI, Verisign Trust Seal, and Verisign Identity Protection (VIP) services – to Symantec for $1.28 billion.[6] The deal capped a multi-year effort by Verisign to narrow its focus to its core infrastructure and security business units.

Verisign's former CFO Brian Robins announced in August 2010 that the company would move from its original location of Mountain View, California, to Dulles in Northern Virginia by 2011 due to 95% of the company's business being on the East Coast.[7]

Contents

  • History 1
  • Authentication sale 2
  • Naming services 3
  • Trust seals 4
  • Company properties 5
  • Controversies 6
    • 2001: Code signing certificate mistake 6.1
    • 2002: Domain transfer law suit 6.2
    • 2003: Site Finder legal case 6.3
    • 2003: Gives up .org domain 6.4
    • 2005: Retains .net domain 6.5
    • 2010: Data breach and disclosure controversy 6.6
    • 2010 web site domain seizures 6.7
  • References 7
  • External links 8

History

Verisign was founded in 1995 as a spin-off of the RSA Security certification services business. The new company received licenses to key cryptographic patents held by RSA and a time limited non-compete agreement. The new company served as a certificate authority (CA) and its initial mission was "providing trust for the Internet and Electronic Commerce through our Digital Authentication services and products". Prior to selling its certificate business to Symantec in 2010, Verisign had more than 3 million certificates in operation for everything from military to financial services and retail applications, making it the largest CA in the world.

In 2000, Verisign acquired ICANN) and the United States Department of Commerce. Those core registry functions formed the basis for Verisign’s naming division, which is now the company’s largest and most significant business unit.[9] In 2002, Verisign was charged with violation of the Securities Exchange Act.[10] Verisign divested the Network Solutions retail (domain name registrar) business in 2003, retaining the domain name registry (wholesale) function as its core Internet addressing business.[11]

For the year ended December 31, 2010, Verisign reported revenue of $681 million, up 10% from $616 million in 2009.[12] Verisign operates two businesses, Naming Services, which encompasses the operation of top-level domains and critical Internet infrastructure, and Network Intelligence and Availability (NIA) Services, which encompasses DDoS mitigation, managed DNS and threat intelligence.

Verisign's share price tumbled in early 2014, hastened by the U.S. government's announcement that it would "relinquish oversight of the Internet's domain-naming system to a non-government entity".[13]

Authentication sale

Security token produced by Verisign

On August 9, 2010, Symantec completed its approximately $1.28 billion acquisition of Verisign's authentication business, including the Secure Sockets Layer (SSL) Certificate Services, the Public Key Infrastructure (PKI) Services, the Verisign Trust Services, the Verisign Identity Protection (VIP) Authentication Service, and the majority stake in Verisign Japan.[14]

Naming services

Verisign's core business is its naming services division. The division operates the authoritative domain name registries for two of the Internet's most important zone files for these particular domains and host the domains from their domain servers. Registry operators are the "wholesalers" of Internet domain names, while domain name registrars act as the “retailers”, working directly with consumers to register a domain name address.

Verisign also operates two of the Internet’s thirteen "root servers" which are identified by the letters A-M (Verisign operates the “A” and “J” root servers). The root servers form the top of the hierarchical Domain Name System that supports all Internet communication. Verisign also generates the globally recognized root zone file and is also responsible for processing changes to that file once they are ordered by ICANN and approved by the U.S. Department of Commerce. Changes to the root zone were originally distributed via the A root server, but now they are distributed to all thirteen servers via a separate distribution system which Verisign maintains. Verisign is the only one of the 12 root server operators to operate more than one of the thirteen root nameservers. The A and J root servers are "anycasted” and are no longer operated from any of the company's own datacenters as a means to increase redundancy and availability and mitigate the threat of a single point of failure.

VeriSign's naming services division dates back to 1993 when Network Solutions was awarded a contract by the National Science Foundation to manage and operate the civilian side of the Internet's domain name registrations. Network Solutions was the sole registrar for all of the Internet's non governmental generic top-level domains until 1998 when ICANN was established and the new system of competitive registrars was implemented. As a result of these new policies, Network Solutions divided itself into two divisions. The NSI Registry division was established to manage the authoritative registries that the company would still operate and was separated from the customer-facing registrar business that would have to compete with other registrars. The divisions were even geographically split with the NSI Registry moving from the corporate headquarters in Herndon, Virginia, to nearby Dulles, Virginia. In 2000, VeriSign purchased Network Solutions taking over its role in the Internet DNS. The NSI Registry division eventually became VeriSign's naming services division while the remainder of Network Solutions was later sold by VeriSign in 2003 to Pivotal Equity Group.

Trust seals

Verisign is also offering trust seal products for e-commerce sites, competing in this space with TrustE, BBB Online, and WebTrust.[15]

Company properties

Following the sale of its authentication services division in 2010, Verisign relocated from its former headquarters in Mountain View, California, to the headquarters of the naming division in Sterling, Virginia (originally NSI Registry's headquarters). Verisign began shopping that year for a new permanent home shortly after moving. They signed a lease for 12061 Bluemont Way in Reston, the former Sallie Mae headquarters, in 2010 and decided to purchase the building in September 2011. They have since terminated their lease of their current space in two buildings at Lakeside@Loudoun Technology Center. The company completed its move at the end of November 2011. The new headquarters is located in the Reston Town Center development which has become a major commercial and business hub for the region. In addition to its Reston headquarters, Verisign owns three data center properties. One at 22340 Dresden Street in Dulles, Virginia not far from its corporate headquarters (within the large Broad Run Technology Park), one at 21 Boulden Circle in New Castle, Delaware, and a third in Fribourg, Switzerland. Their three data centers are mirrored so that a disaster at one data center has a minimal impact on operations. Verisign also leases an office suite in downtown Washington, D.C., on K street where its government relations office is located. It also has leased server space in numerous internet data centers around the world where the DNS constellation resolution sites are located, mostly at major internet peering facilities. One such facility is at the Equinix Ashburn Datacenter in Ashburn, Virginia, one of the world's largest datacenters and internet transit hubs.

Controversies

2001: Code signing certificate mistake

In January 2001, Verisign mistakenly issued two Class 3 code signing certificates to an individual claiming to be an employee of Microsoft.[16] The mistake was not discovered and the certificates revoked until two weeks later during a routine audit. Because Verisign code-signing certificates do not specify a Certificate Revocation List Distribution Point however, there was no way for them to be automatically detected as having been revoked, placing Microsoft's customers at risk. Microsoft had to later release a special security patch in order to revoke the certificates and mark them as being fraudulent.[17]

2002: Domain transfer law suit

In 2002, Verisign was sued for domain slamming – transferring domains from other registrars to themselves by making the registrants believe they were merely renewing their domain name. Although they were found not to have broken the law, they were barred from suggesting that a domain was about to expire or claim that a transfer was actually a renewal.[18]

2003: Site Finder legal case

In September 2003, Verisign introduced a service called

  • Verisign website

External links

  1. ^ a b c d e f g h "VERISIGN INC/CA 2013 Q4 Quarterly Report Form (10-K)" (XBRL). United States Securities and Exchange Commission. February 21, 2014. 
  2. ^ a b "VERISIGN INC/CA 2014 Q1 Quarterly Report Form (10-Q)" (XBRL). United States Securities and Exchange Commission. April 24, 2014. 
  3. ^ "VeriSign, Inc. – Fact Sheet". Investor.verisign.com. Retrieved July 13, 2013. 
  4. ^ "verisign.com Site Overview".  
  5. ^ Lombard, Lisa (May 2013). "DDoS and other Malicious Attacks take advantage of Vulnerable Printers" (PDF). Teletimes. p. 26. 
  6. ^ Antone Gonsalves (May 20, 2010). "Symantec To Buy VeriSign Unit For $1.28 Billion – Storage – Disaster". Informationweek.com. Retrieved July 13, 2013. 
  7. ^ Verisign shifts headquarters to Virginia
  8. ^ "VeriSign buys domain firm"
  9. ^ Kell, John (25 July 2013). "VeriSign boosts profit 23% on revenue, margins". The Wall Street Journal. 
  10. ^ "The Emerson Firm Announces Class Action Lawsuit Against VeriSign Inc. on Behalf of Investors — VRSN". May 16, 2002. Retrieved Jul 19, 2013. 
  11. ^ "VeriSign To Sell Network Solutions, Exit Registrar Business"
  12. ^ "VERISIGN REPORTS 10% YEAR-OVER-YEAR REVENUE GROWTH IN 2010"
  13. ^ "VeriSign Inc. (VRSN) Pulled Back After Government Transition". 18 March 2014. Retrieved 12 April 2014. 
  14. ^ "Symantec Acquires VeriSign for $1.28 Billion"
  15. ^ Jagdish Pathak (2005). Information Technology Auditing: An Evolving Agenda. Springer. p. 57.  
  16. ^ "Microsoft Security Bulletin MS01-017: Erroneous VeriSign-Issued Digital Certificates Pose Spoofing Hazard".  
  17. ^ "Windows Security Update: Verisign Digital Certificates Spoofing Hazard".  
  18. ^ TheRegister.co.uk: VeriSign slammed for domain renewal scam
  19. ^ "Litigation Documents". ICANN.org. March 26, 2007. Retrieved August 21, 2007. 
  20. ^ ICANN.org
  21. ^ ICANN.org
  22. ^ "Kremen v. Network Solutions, Inc." (PDF). July 25, 2003. Archived from the original (PDF) on February 3, 2007. Retrieved August 21, 2007. 
  23. ^ ICANN.org
  24. ^ "ICANN". www.icann.org. Retrieved 2015-10-01. 
  25. ^ a b Bradley, Tony. "VeriSign Hacked: What We Don't Know Might Hurt Us". PCWorld. Retrieved July 13, 2013. 
  26. ^ Albanesius, Chloe (February 2, 2012). "VeriSign Hacked Multiple Times in 2010 | News & Opinion". PCMag.com. Retrieved July 13, 2013. 
  27. ^ "82 Websites removed by DNS removal". Retrieved November 12, 2010. 
  28. ^ "Verisign implicated in DNS annulment". Retrieved November 12, 2010. 
  29. ^ "Verisign acknowledges DNS removals". Retrieved November 12, 2010. 
  30. ^ "Peer-to-peer response to Verisign's DNS removals". Retrieved November 12, 2010. 
  31. ^ 213.251.145.96
  32. ^ guardian.co.uk
  33. ^ "EFF warns of Internet chokepoints". Retrieved November 12, 2010. 

References

On November 29, 2010, the U.S. Immigration and Customs Enforcement (U.S. ICE) issued seizure orders against 82 web sites with .com Internet addresses that were reported to be involved in the illegal sale and distribution of counterfeit goods.[27] As registry operator for .com, Verisign performed the required takedowns of the 82 sites under order from law enforcement.[28] InformationWeek reported that "Verisign will say only that it received sealed court orders directing certain actions to be taken with respect to specific domain names".[29] The removal of the 82 Websites was cited as an impetus for the launch of "the Dot-P2P Project"[30] in order to create a decentralized DNS service without centralized registry operators. Following the disappearance of WikiLeaks[31] during the following week[32] and its forced move to wikileaks.ch, a Swiss domain, the Electronic Frontier Foundation warned of the dangers of having key pieces of Internet infrastructure such as DNS name translation under corporate control.[33]

2010 web site domain seizures

Because of the lack of details provided by Verisign, it was not clear whether the breach impacted the Certificate Signing business, acquired by Symantec in late 2010. According to Oliver Lavery, the Director of Security and Research for nCircle "Can we trust any site using Verisign SSL certificates? Without more clarity, the logical answer is no”.[25]

In February 2012 Verisign revealed that their network security had been repeatedly breached in 2010. Verisign stated that the breach did not impact the Domain Name System (DNS) that they maintain, but would not provide details about the loss of data. Verisign was widely criticized for not disclosing the breach earlier and apparently attempting to hide the news in an October 2011 SEC filing.[25][26]

2010: Data breach and disclosure controversy

In mid-2005, the existing contract for the operation of .net expired and five companies, including Verisign, bid for management of it. Verisign's bid was backed by numerous IT and telecom heavyweights including Microsoft, IBM, Sun Microsystems, MCI, and others, which all asserted that Verisign had a perfect record operating .net. They proposed Verisign continue to manage the .net DNS due to its critical importance as the domain underlying numerous "backbone" network services. On June 8, 2005, ICANN announced that Verisign had been approved to operate .net until 2011. More information on the .net bidding process is available at ICANN.[23] On July 1, 2011, ICANN announced that VeriSign's approval to operate .net was extended another six years, until 2017.[24]

2005: Retains .net domain

In keeping with ICANN’s charter to introduce competition to the domain name marketplace, Verisign agreed to give up its operation of .com, which, at the time had more than 34 million registered addresses.

2003: Gives up .org domain

[22] matter decided by the Ninth circuit.sex.com documents some of the criticisms that have been raised regarding the settlement. Additionally Verisign was involved in the [21] The ICANN comments mailing list archive[20]

This article was sourced from Creative Commons Attribution-ShareAlike License; additional terms may apply. World Heritage Encyclopedia content is assembled from numerous content providers, Open Access Publishing, and in compliance with The Fair Access to Science and Technology Research Act (FASTR), Wikimedia Foundation, Inc., Public Library of Science, The Encyclopedia of Life, Open Book Publishers (OBP), PubMed, U.S. National Library of Medicine, National Center for Biotechnology Information, U.S. National Library of Medicine, National Institutes of Health (NIH), U.S. Department of Health & Human Services, and USA.gov, which sources content from all federal, state, local, tribal, and territorial government publication portals (.gov, .mil, .edu). Funding for USA.gov and content contributors is made possible from the U.S. Congress, E-Government Act of 2002.
 
Crowd sourced content that is contributed to World Heritage Encyclopedia is peer reviewed and edited by our editorial staff to ensure quality scholarly research articles.
 
By using this site, you agree to the Terms of Use and Privacy Policy. World Heritage Encyclopedia™ is a registered trademark of the World Public Library Association, a non-profit organization.
 


Copyright © World Library Foundation. All rights reserved. eBooks from Project Gutenberg are sponsored by the World Library Foundation,
a 501c(4) Member's Support Non-Profit Organization, and is NOT affiliated with any governmental agency or department.