Global Server - Common Questions

Global Server IDs are a form of Digital ID, the electronic counterpart to driver's licenses, passports, and business licenses. You can present a Digital ID electronically to prove your identity or your right to access information or services online. By using a VeriSign Æ Global Server ID from Soltrus, you enable your site to conduct authenticated, strongly encrypted online commerce. Users visiting your site will be able to submit credit card numbers or other personal information to your site, with assurance that they are really doing business with you (and not an impostor) and that the information which they are sending to you can not be intercepted or decrypted by anyone other than the intended recipient.

Technically, Digital IDs (also known as digital certificates) bind an identity to a pair of electronic keys that can be used to encrypt and sign digital information.

A Digital ID makes it possible to verify someone's claim that they have the right to use a given key, helping to prevent people from using phony keys to impersonate other users. Used in conjunction with encryption, Digital IDs provide a complete security solution, assuring the identity of one or all parties involved in a transaction. A Digital ID is issued by a trusted third party (like Soltrus) called a Certification Authority (CA). A CA acts somewhat like a Passport Office. CAs must take steps to establish the identity of the people or organizations to whom they issue Digital IDs. Once they have established an organization's identity, they issue a certificate that contains that organization's public key.

The primary difference between the two types of VeriSign Server IDs from Soltrus is the strength of the SSL session that each enables. SSL comes in two strengths, 40-bit and 128-bit, which refer to the length of the "session key" generated by every encrypted transaction. The longer the key, the more difficult it is to break the encryption code. 128-bit SSL encryption is the world's strongest: according to RSA Labs, it would take a trillion-trillion years to crack using today's technology.

MicrosoftÆ and NetscapeÆ offer two versions of their Web browsers, export and domestic, that enable different levels of encryption depending on the type of Server ID with which the browser is communicating.

• Global Server IDs enable 128-bit SSL encryption - the world's strongest - with both domestic and export versions of Microsoft and Netscape browsers.
• Secure Server IDs enable 40-bit SSL when communicating with export-version Netscape and Microsoft Internet Explorer browsers (used by most people in the U.S. and worldwide), and 128-bit SSL encryption when communicating with domestic-version Microsoft and Netscape browsers.

Another key difference between 128-bit SSL Global Server IDs and 40-bit SSL Secure Server IDs is the number of server platforms that support them. Global Server IDs are supported by many major platforms, while Secure Server IDs are supported by a much longer, more comprehensive list of platforms.

Server IDs enable secure online communications through Secure Sockets Layer (SSL) technology. Global Server IDs enable the negotiation of SSL or TLS sessions using strong 128-bit RC2 or RC4 encryption.

Encryption is a method of scrambling messages so they cannot be read without encryption keys. The length of the key used to encrypt messages is a good indication of the amount of effort needed to decrypt that message. Any software with encryption features having key lengths over 40 bits is considered strong encryption.

Many feel that 40-bit encryption is too weak given the computing power available today. In a January 1999 experiment sponsored by RSA Data Security, a message that was 40 bit-encrypted was decrypted by a University of California graduate student in under 8 hours.

However, by increasing the length of the key by one bit, the amount of effort required to crack the code doubles. Global Server IDs from Soltrus enable certain types of browsers, available almost everywhere in the world, to initiate 128-bit sessions with the server. 128-bit encrypted messages are 309,485,009,821,345,068,724,781,056 times harder to break than 40-bit messages. Thus, it would take the same technology used to crack the RSA 40-bit message 1 trillion x 1 trillion years to crack a 128-bit message. That's several trillion times longer than the age of the Earth.

Until recently, export versions of web browsers encrypted data only in 40-bit sessions. Now, the latest export and domestic versions of Netscape and Microsoft Internet Explorer browsers can encrypt transactions with your site using strong encryption in 128 bit sessions.

A Global Server ID provides you and your customers with 128-bit SSL or TLS encryption security - a much greater degree of security in transactions than would be possible with 40-bit capable browsers. Global Server IDs can both protect the security of your transactions, as well as encourage a much broader group of customers around the world to use your services.

North American companies may use Global Server IDs to:

• communicate using strong encryption with customers, suppliers, or employees inside North America who are not using the North America-only 128-bit versions of the Microsoft Internet Explorer or Netscape Navigator
• communicate using strong encryption with employees or subsidiaries outside North America
• communicate using strong encryption with partners or customers outside North America

The server on which the Global Server ID is located must be running one of the following:

• Compaq/Tandem iTP Webserver
• Hewlett Packard Virtual Vault (with Netscape Enterprise)
• Lotus Domino 4.6.2+ (Please note that GO does not yet support Global Secure Server IDs)
• Microsoft IIS 3.0+ … Nanoteq NetSeq server
• one of the Netscape Suite Spot Server, 3.0+ or later (e.g. Netscape Enterprise 3.0+, Netscape Proxy 3.0+, 2.01c, etc.)
• IBM HTTP Server
• Nanotez NetSeq Server

Customers or users connecting to the web server should have one of the following compatible client applications:

• Microsoft Internet Explorer 4.0 or later
• Microsoft Internet Explorer 3.02 with a special patch or later
• Netscape Navigator 4.0 or later

They will need to upgrade. Both Microsoft and Netscape make their latest browser versions available free on their web sites.

Server Gated Cryptography (SGC) is Microsoft's name for the entire set of technologies which enable strong encryption when an appropriately configured server encounters an appropriately configured client. Part of the SGC technology involves the use of special digital certificates by Microsoft IIS servers. VeriSign Global Server IDs for Microsoft fulfill the role of the SGC special digital certificates.

40-bit SSL encryption is ideal for security-sensitive intranets, extranets, and low-volume Web sites. 128-bit SSL encryption is the standard for large-scale online merchants, banks, brokerages, health care organizations and insurance companies worldwide.

Global Server IDs enable SSL. Therefore, you may replace your existing Secure Server ID with a Global Server ID. Because older browsers are not compatible with Global Server IDs and SGC technology, many of our customers choose to maintain two sets of pages: one secured with a regular Secure Server ID, and one secured with a Global Server ID.

Presently, the categories are defined as the following (for complete and exact definitions, please carefully review the Global Server ID Subscriber Agreement): Server IDs are issued to:

• Banks and Financial Institutions, including holding companies; community, regional and money centre financial institutions; savings associations; trust companies; and regulated savings banks
• Insurance Companies, defined as companies whose primary and predominant business activity is the writing of insurance or the reinsurance of risks
• Health and Medical Organizations, the primary purpose of which is the lawful provision of "health or medical services," not including biochemical or pharmaceutical manufacturers and military government entities
• Online Merchants, defined as entities regularly engaged in the lawful commerce that uses means of electronic communications (that is, the Internet) to conduct commercial transactions

Yes. According to the Global Server ID Subscriber Agreement:

• If you are a Bank, Financial Institution or Banking and Financial Service System, you shall implement or utilize your Global Server ID only to secure financial transaction/communications. No client-to-client usage is authorized.
• If you are a Health and Medical Organization, you shall implement or utilize your Global Server ID only to secure health/medical information. No client-to-client usage is authorized.
• If you are an Online Merchant, you shall implement or utilize your Global Server ID only for the purchase or sale of goods and software and provision of services connected with the purchase or sale of goods and software, including interactions between purchasers and sellers necessary for ordering, payment, and delivery of goods and software. No customer-to-customer communications or transactions are allowed.

The following examples offer some general usage guidelines for your Global Server ID. However, your organization is responsible for ensuring that your use of a Global Server ID is in compliance with Canadian and U.S. export laws.

• Communication with browsers within Canada or the U.S.: Without the need for further action, you may use the Global Server ID to communicate using 128-bit encryption with any domestic or export version browser in the United States.
• Communication with employees and subsidiaries outside Canada and the U.S.: You may use the Global Server ID to communicate with employees or majority-owned subsidiaries outside the U.S. Either you must apply for a specific export approval from the U.S. Bureau of Export Administration or you must qualify for this use of Global Server IDs under the terms of an Encryption Licensing Arrangement issued to your company, your server software company, or Soltrus by the U.S. Bureau of Export Administration.
• Communication with partners or customers outside Canada and the U.S.: Global Server IDs provide an excellent technical solution for strongly encrypted global extranets or for communication with specific customers outside North America. However, you will need to obtain an Encryption Licensing Arrangement from the proper export regulation authorities in Canada or the U.S. to engage in this sort of activity, or you must qualify for this use of Global Server IDs under the terms of an export license issued to your company, Microsoft, or Soltrus. The licensing agreement will most likely require that you maintain some form of client restricted access to the system (e.g. through the use of passwords or client certificates.)