As reported in the attached article, Verisign has received a license to export certificates that will enable Netscape and Microsoft web servers used by approved financial institutions and subsidiaries of U.S. companies to communicate using 128-bit encryption with client software worldwide.

As you will recall, Netscape and Microsoft announced last month that they had received approval to export client and server software containing 128-bit SSL encryption for home banking uses. Digital certificates would be issued to the banks using these servers, and the exported client-side 128-bit encryption would operate only with institutions that have such certificates.

This license obtained by Verisign is the final approval that was needed for these plans to be implemented. The fact that the Verisign approval also includes foreign subsidiaries of U.S. companies indicates that the government has made the decision to extend to U.S. companies with overseas offices the same favorable treatment that they have already given to banks.

VeriSign Wins Wider US Encryption Export Approval

MOUNTAIN VIEW, Calif., July 13 (Reuter) - Privately-held VeriSign Inc. said it has received broader U.S. government approval for the export of powerful encryption products for use by U.S. companies overseas.

Greg Smirin, Group product manager at VeriSign, said the company late last week received Commerce Department approval to ship so-called 128-bit encryption in products for all U.S.-based companies doing business abroad.

Specifically, the approval enables VeriSign to use the stronger encryption, which can be used to protect data being transmitted over the Internet from being read by third parties, in its Web server certificate products.

Servers are a type of computer which can connect a large number of individual computers across a network, and are used to store information and respond to inquiries from within a private network or the Internet at large.

Just last month, the U.S. government gave Microsoft Corp. (MSFT) and Netscape Communications Corp. (NSCP) licenses to use the strong encryption capabilities to protect financial transactions between banks and their customers around the world.

The latest agreement extends this export approval to U.S. companies operating servers outside the country.

VeriSign, based in Mountain View, operates as a third party which issues and manages digital certificates, which are used to verify and authenticate communications and transactions securely over the Internet.

As part of last month's decision, Netscape said VeriSign will serve as the certificate authority for Netscape's products and Smirin said VeriSign will be issuing certificates for Microsoft products as well.

In addition, Smirin said, VeriSign has worked with both Netscape and Microsoft to agree on how they will use certificates in a way which will enable them to operate with both Netscape and Microsoft software.

"We have worked together with Microsoft and Netscape for coming up with a compatible format," he said.

Microsoft and Netscape provide the browsers which enable people to use the World Wide Web multimedia portion of the Internet, in addition to server software used in creating and maintaining Web sites on the Internet.

Encryption technology uses software to scramble sensitive information and make it unreadable to anyone that does not have the right 'key.' The strength of the lock depends on the length of the numeric key.

Prior to June this year, U.S. export regulations had limited U.S. software products to no more than 64-bit encryption for financial data and 40-bit encryption in other applications.

Each additional bit doubles the number of possible sequences, greatly increasing its strength.

With the new approvals, browsers may be exported with the capability to use 128 bit encryption and to operate with 128-bit certificates on servers when they encounter them, Smirin said.

"I think we're going to sell thousands of these certificates," he said in an interview over the weekend.

The certificates will be priced at $695 each, roughly double the price of domestically issued ones due in part to added administration costs, and include its NetSure Protection against theft, impersonation, corruption and loss of data up to $100,000.

VeriSign's certificates are designed to expire yearly, to ensure users keep up to date with technology.

VeriSign was spun off from RSA Data Security before RSA's merger with Security Dynamics.

Other investors in VeriSign include Microsoft, AT&T Corp Cisco Systems Comcast, Intuit Reuters Holdings Plc (RTRSY), Softbank (9984.Q), Ameritech First Data, GemPlus and Visa.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

For further information please contact L. Benjamin Ederington on Tel: + 202-429-6411, Fax: 202-429-3902 or E-mail: bedering@steptoe.com