Skip to main content

Verisign Gets Root-Security Assignment

Cable Television Laboratories Inc. has tapped VeriSign Inc. as its root-certificate authority (root CA), charged with handling the digital certificates used to shield cable modems and multimedia terminal adapters from hackers.

By hosting and managing the Root CA operation, VeriSign will serve as the starting point for authenticating the digital certificates embedded in Data Over Cable Service Interface Specification (DOCSIS) 1.0 and PacketCable-based MTAs.

DOCSIS 1.1 and Packet-Cable specifications require digital certificates and a public-key infrastructure to prevent pirates from cloning the equipment and stealing cable services.

CableLabs sought a company to handle the security root because it did not have the in-house elements needed to run such an operation full-time, VeriSign director of product marketing Bob Pratt said. "It's a very specialized skill," he added.

The addition of digital certificates enables cable operators to "securely identify every modem and MTA on the network," said Nancy Davoust, a consultant working on the project with CableLabs through the organization's partnership with YAS Corp. Davoust said it could take
CableLabs about six months to finalize the process.

VeriSign will essentially hold the certificate "roots" in its safe room for CableLabs and check and sign the certificates for equipment manufacturers, Davoust said. In turn, a vendor would need to get the private key for those certificates, which is burned directly into the read-only memory of the equipment prior to shipment.

Though VeriSign is the root-certificate authority, manufacturers still can choose from any certificate-authority technology, as long as it conforms to International Telecommunications Union standards.

Though VeriSign's role with CableLabs appears prestigious, "the money in this market will be made from providing the manufacturers with the capability to issue certificates into the modems themselves," said Ian Gordon, director of market development at Entrust Technologies Inc., a VeriSign competitor.

So far, VeriSign leads the cable market in that area. It has signed deals with 3Com Corp., Toshiba America Information Systems Inc. and Terayon Communications Systems Inc.

Entrust recently struck a similar security-measures agreement with Thomson Multimedia, a cable-modem manufacturer with whom it has a longstanding relationship.

Other cable-modem vendors will likely select their security partners within the next three to six months as DOCSIS 1.1 certification testing at CableLabs continues to ramp up, Pratt forecasted.