VeriSign Inc. Contracts
Sample Business Contracts
Private Label Agreement - VeriSign Inc. and VISA International Service Associaton
Services Forms
[CONFIDENTIAL TREATMENT REQUESTED]
PLA Number:____________________
Date of Agreement: ____________
VERISIGN PRIVATE LABEL AGREEMENT
(Customer Root Key)
Customer: VISA International Service Association, a Delaware
------------------------------------------------------------
corporation
------------------------------------------------------------
Customer Address: 900 Metro Center Boulevard, Foster City California 94404 or
------------------------------------------------------------
P.O. Box 8999, San Francisco, California 94128-8999
------------------------------------------------------------
Customer Contact: Peter R. Hill
------------------------------------------------------------
Effective Date: April 2. 1996
------------------------------------------------------------
Term of Agreement: Two and one half (2.5) years from the earlier of the
----------------------------------------------------
Commencement of Pilot Program or April 1, 1997.
----------------------------------------------
Exhibits Attached: Exhibit "A": Definitions
Exhibit "B": Fees
Exhibit "C": Logo Usage Guide
Exhibit "D": Project Plan Elements
Exhibit "E": System Design Specifications
Exhibit "F": Customer Requirements for ECS
Exhibit "G": Acceptance Test Procedures
Exhibit "H": VeriSign Marketing Rights and Royalty
Obligations
Exhibit "I": Escrow Agreement
Exhibit "J": License Agreement
Exhibit "K": Service Level Specification
Exhibit "L": Support Levels
Exhibit "M": Timetable for Resolution of Outstanding
Issues
THIS VERISIGN PRIVATE LABEL AGREEMENT ("AGREEMENT"), effective as of the
---------
Effective Date set forth above, is entered into by and between VeriSign, Inc., a
Delaware corporation, having its principal place of business at 2593 Coast
Avenue, Mountain View, California 94043 ("VERISIGN"), and the party identified
--------
above ("CUSTOMER"), having a principal address as set forth above.
--------
RECITAL
VeriSign provides Certificate-issuing and certain other services to members of
both public and private hierarchies. Customer wishes VeriSign to design, build
and operate a Private Label Certificate System based on Customer's Root Key for
the use by Customer to provide certificate registration, issuing and management
functions to its member banks, all on the terms and subject to the conditions
set forth in this Agreement.
NOW, THEREFORE, the parties hereto agree as follows:
<PAGE>
VeriSign Private Label Agreement
Page 2
AGREEMENT
1. DEFINITIONS
-----------
Capitalized terms shall have the meanings shown in Exhibit "A" hereto.
2. VERISIGN SERVICES TO CUSTOMER
-----------------------------
2.1 DEVELOPMENT OF PRIVATE LABEL CERTIFICATE SYSTEM. VeriSign will design
and develop a Private Label Certificate System based on Customer's Root Keys, a
Protocol specified by Customer and specifications agreed upon by VeriSign and
Customer in accordance with Section 4.1 below. The Private Label Certificate
System will include Certificate servers, custom enrollment and verification
processes for each Certificate type specified for use by Subscribers, management
of the Certificate repository and renewal process, and procedures for operation
of the system.
2.2 OWNERSHIP AND LICENSE OF PRIVATE LABEL CERTIFICATE SYSTEM. VeriSign
will acquire and assemble the components of the Private Label Certificate
System, consisting of hardware, software and telecommunications equipment. All
right, title and interest to the Private Label Certificate System shall belong
solely and exclusively to VeriSign, and Customer shall have no right, title or
ownership interest therein. VeriSign shall have the right to obtain and hold in
its name copyrights, registrations, patents and any similar protection which may
be available for the Private Label Certificate System or components thereof and
any derivative works thereof. In the event that any technology included in the
VSE as delivered to Customer by VeriSign (the "VSE Technology") is hereafter
covered by a claim of a patent issued to or assigned to VeriSign, VeriSign shall
grant to Customer a nonexclusive, worldwide, perpetual, irrevocable, royalty-
free license under the relevant claim(s) to make, use, have made and sell any
product incorporating technology included in the VSE as delivered by VeriSign,
provided that such license shall extend only to the VSE Technology and not to
any other technology incorporated in any such product. In the event that any
technology included in the Private Label Certificate System as delivered to
Customer by VeriSign is hereafter covered by a claim of a patent issued to or
assigned to VeriSign, VeriSign shall grant to Customer a nonexclusive,
worldwide, royalty-free license under the relevant claim(s) to the extent
necessary for Customer to use the Private Label Certificate System as provided
in this Agreement.
Commencing April 1, 1998, Customer on ninety (90) days' prior written
notice shall have the right to license the Private Label Certificate System
pursuant to a license agreement substantially in the form of Exhibit "J". To
the extent portions of the Private Label Certificate System are not owned by
VeriSign, VeriSign will arrange to obtain the right to use such items by
Customer or arrange for Customer to obtain the right to purchase or otherwise
license such items.
2.3 ASSISTANCE IN DEFINING PROTOCOL. VeriSign will assist Customer in
defining a workable Protocol for secure management and handling of Certificates
in Customer's Private Hierarchy. VeriSign will provide Customer with a copy of
VeriSign's Certification Practice Statement which governs Certificate operations
in the VeriSign Public Hierarchies and a copy of the VeriSign Public Key
Infrastructure (PKI) specification, which details management and
<PAGE>
VeriSign Private Label Agreement
Page 3
handling of Certificates under a policy-based delegation of operating authority.
VeriSign will also recommend a set of operating and security practices and
procedures to mitigate risks associated with Private Key compromise and Root Key
distribution and to protect Customer's confidential authorization information.
2.4 MAINTENANCE OF PRIVATE LABEL CERTIFICATE SYSTEM AT VERISIGN SITE.
VeriSign will provide a high-security facility on VeriSign's premises in
Mountain View, California for operation of the Certificate server(s) and for
storage of Certificate Signing Units containing Customer's Private Keys when not
in use in a secure vault. VeriSign shall be responsible for maintaining the
security on its premises and shall be liable for any damages that arise out of a
breach of its security. VeriSign may move the Private Label Certificate System
to another location under VeriSign's control which provides a comparable level
of security, and VeriSign shall provide notice to Customer in advance of such
relocation. VeriSign shall establish a secure backup site at a mutually
agreeable location that ensures continued operation in the event of a technical
failure, natural disaster or any other event that disables the Mountain View (or
relocated) facility.
2.5 CERTIFICATE MANAGEMENT SERVICES. VeriSign will provide to Customer
the following services for Certificate management and operations:
2.5.1 SCOPE OF SERVICES. In accordance with Customer's specified
Protocol, VeriSign will provide the following services with respect to the
Certificate server(s): maintain adequate Certificate-issuing capacity to meet
Customer's reasonable forecast requirements, provide firewall security for all
appropriate portions of the Private Label Certificate System, maintain such
firewall security for the portion of the Private Label Certificate System
located on VeriSign premises, maintain a Certificate repository. renew, revoke
and suspend Certificates. and provide Certificate status services.
2.5.2 ENROLLMENT AND RENEWAL SERVICES. Using an enrollment process
based on security-enhanced HTML or e-mail with interfaces to Certificate
Signing Units and authorization systems, VeriSign will issue Certificates under
Customer's name and containing Customer's Root Keys to Subscribers in Customer's
Private Hierarchy in accordance with the Protocol. VeriSign will process
renewals of Certificates in accordance with the Protocol. Within ten (10) days
after the end of each month, VeriSign will provide Customer with a monthly
report on the number of Certificates issued and renewed.
2.5.3 CERTIFICATE REPOSITORY, REVOCATION AND STATUS SERVICES.
VeriSign will maintain a repository of Certificates issued in Customer's
Private Hierarchy. VeriSign will revoke and suspend Certificates in accordance
with the Protocol
2.6 CUSTOMER SUPPORT. During the term of this Agreement, VeriSign will
supply maintenance for the Private Label Certificate System as described in this
Section 2.6 without additional charge to Customer.
2.6.1 TELEPHONE SUPPORT. VeriSign will provide telephone support as
is reasonably necessary for Customer to meet the performance criteria for the
Private Label
<PAGE>
VeriSign Private Label Agreement
Page 4
Certificate System as provided in Exhibit "K". VeriSign will also provide
telephone support for a reasonable volume of calls to Customer-related entities
as provided in Exhibit "L". VeriSign shall provide the support specified in this
Section 2.6.1 to Customer's employees responsible for developing and maintaining
Customer Products. VeriSign will provide the names of employees who will serve
as primary points of contact for technical support for Customer. VeriSign may
change the names of designated employees at any time by providing written notice
to Customer. On VeriSign's request, Customer will provide a list with the names
of the employees designated to receive support from VeriSign. Customer may
change the names on the list at any time by providing written notice to
VeriSign.
2.6.2 ESCALATION PROCEDURES. Customer and VeriSign shall agree upon
a procedure for resolution of operating problems in the Private Label
Certificate System which provides for escalation of effort based on the problem
severity.
2.6.3 REIMBURSEMENT FOR CORRECTION OF CUSTOMER ERRORS. In the event
VeriSign is required to take actions to correct an error which is caused by
Customer errors, modifications, enhancements, software or hardware, then
VeriSign may charge Customer for the correction or repair on a time-and-
materials basis at VeriSign's rates then in effect, plus reimbursement for
reasonable travel to and from Customer's sites and out-of-pocket expenses. as
may be necessary in connection with duties performed under this Section 2.6 by
VeriSign.
2.6.4 SYSTEM RELEASES. In the event operating problems in the
Private Label Certificate System are not resolved by the escalation procedures,
Customer and VeriSign agree to evaluate the desirability of changing to a later
available release version of ECS, ECAS, and other applications employed by
VeriSign in provision of the Private Label Certificate System. A change to
release level in the Private Label Certificate System will also be evaluated at
the time new releases are tested.
2.7 ESCROW AGREEMENT. VeriSign will place in escrow pursuant to the
Escrow Agreement set forth at Exhibit "I" all information necessary to build.
support. maintain and operate the Private Label Certificate System. This
information will be released to Customer upon occurrence of the events specified
in such Escrow Agreement.
2.8 CUSTOMER MARKETING RIGHTS. VeriSign acknowledges and understands that
Customer will be marketing Certificates and Certificate services using the
Private Label Certificate Service being produced by VeriSign to Customer
hereunder. VeriSign will be entitled to market Customer to Members as a
Certification Authority and to sell Certificates issued in Customer's Private
Hierarchy at royalty rates specified on Exhibit "H". All pricing of
Certificates to Customer Members under the Certificate Authority Service
marketed by Customer shall be determined by Customer, independent of any
obligation to support and operate the Private Label Certificate Service by
VeriSign hereunder. Customer shall charge its Members directly for use of the
Private Label Certificate System.
2.9 CUSTOMER PERSONNEL. Customer may, at its own cost, upon reasonable
notice and for the purpose of problem resolution, provide personnel to monitor
or participate in the
<PAGE>
VeriSign Private Label Agreement
Page 5
operation of the Private Label Certificate Service and provision of Customer
service pursuant to Section 2.6. VeriSign agrees to cooperate with Customer
personnel to permit them to assist in establishing appropriate levels of
Customer service, participate in problem verification and determination, and
prepare to transfer operation of the Private Label Certificate Service to
Customer pursuant to the license set forth in Exhibit "J".
2.10 FINANCIAL DATA. In the event Customer ceases to have access to
financial information concerning VeriSign pursuant to its rights under that
certain Investors' Rights Agreement dated February 20, 1996, or pursuant to
filings made in accordance with the Securities Exchange Act of 1934, VeriSign
shall make available to Customer on a quarterly basis, an unaudited balance
sheet and statement of operations. Such information shall be kept confidential
by Customer in accordance with Section 6.
3. CUSTOMER OBLIGATIONS TO VERISIGN
--------------------------------
3.1 PROTOCOL. In addition to specifying SET-based functionality as
incorporated in the Customer Requirements for ECS and the System Design
Specifications, Customer will specify a Protocol, consisting of policies,
procedures and resources to control the entire Certificate process for its
Private Hierarchy and the transactional use of Certificates within the Private
Hierarchy. The Protocol is not required to be consistent with the requirements
of VeriSign's Certification Practice Statement for operation of VeriSign Public
Hierarchies.
3.2 VERIFICATION OF SUBSCRIBER INFORMATION. Customer will provide
VeriSign with verification of enrollment information submitted by a Subscriber
who wishes to become a member of Customer's Private Hierarchy prior to
VeriSign's issuance of a Certificate to such Subscriber. Customer will provide
VeriSign with verification of a Subscriber's identity to the extent required by
the Protocol.
3.3 FORECAST. Customer agrees to provide VeriSign on a confidential basis
at the end of each calendar quarter with an updated forecast of the volume of
Certificates it expects to be required for Customer's Private Hierarchy for the
next six (6) months. The forecasts shall be by product line and based upon good
faith estimates and assumptions believed by Customer to be reasonable at the
time made.
3.4 CUSTOMER PERSONNEL. To the extent Customer personnel are provided or
take action pursuant to Sections 2.9, 4.1.5, or 4.2, such personnel shall be
provided solely at Customer's cost, and, upon request, Customer shall provide
evidence of satisfaction of all state and federal employment laws and worker
compensation requirements in connection with such personnel. Such personnel
shall execute confidentiality agreements as VeriSign shall reasonably request,
and shall agree to abide by all reasonable VeriSign visitor regulations.
Customer understands that VeriSign operates a secure facility and that there are
portions of such facility that Customer's personnel will not be permitted to
enter. In the event that VeriSign determines that any of Customer's personnel
has breached a VeriSign visitor regulation, Customer shall immediately cause
such person to be removed from VeriSign's facility, and may provide a
replacement.
<PAGE>
VeriSign Private Label Agreement
Page 6
4. DEVELOPMENT
-----------
4.1 DEVELOPMENT OF PROJECT PLAN. Attached as Exhibit D is the Project
Plan that specifies the major phases of the development of the Customer's
Private Label Certificate System, the major tasks to be completed, the
deliverables to be produced and their scheduled completion dates.
4.1.1 DEVELOPMENT OF INTERFACE SPECIFICATIONS. In accordance with
the Project Plan. Customer will create Interface Specifications for software
interface of the Private Label Certificate System to Customer's Subscriber
enrollment and authorization information and deliver the Interface
Specifications to VeriSign for review and approval. VeriSign shall deliver
written acceptance or rejection of the Interface Specifications within fourteen
(14) days. VeriSign shall promptly notify Customer of any deficiencies in the
Interface Specifications. Such notification shall be in writing and shall
contain sufficient detail to allow Customer to resolve such deficiencies. If
VeriSign fails to respond within the fourteen (14) days, Customer may submit
written notice of such failure. If VeriSign does not respond with written
notice of deficiencies as described above within two (2) days of receipt of such
notice then such failure to respond shall be deemed an acceptance by VeriSign.
Customer shall respond to deficiencies identified by VeriSign by either making
modifications or refuting VeriSign's arguments regarding the deficiency. Any
modification to the Interface Specifications shall be resubmitted to VeriSign
for review and approval in accordance with the procedures outlined in this
Section 4.1.1 .
4.1.2 DEVELOPMENT OF PROTOCOL. In accordance with the Project Plan,
Customer will create the Protocol and deliver it to VeriSign for review and
approval. VeriSign shall deliver written acceptance or rejection of the
Protocol within fourteen ( 14) days. VeriSign shall promptly notify Customer of
any deficiencies in the Protocol. Such notification shall be in writing and
shall contain sufficient detail to allow Customer to resolve such deficiencies.
If VeriSign fails to respond within the fourteen (14) days, Customer may submit
written notice of such failure. If VeriSign does not respond with written
notice of deficiencies as described above within two (2) days of receipt of such
notice then such failure to respond shall be deemed an acceptance by VeriSign.
Customer shall respond to deficiencies identified by VeriSign by either making
modifications or refuting VeriSign's arguments regarding the deficiency. Any
modification to the Protocol shall be resubmitted to VeriSign for review and
approval in accordance with the procedures outlined in this Section 4.1.2.
4.1.3 DEVELOPMENT OF SYSTEM DESIGN SPECIFICATIONS. In accordance
with the Project Plan, VeriSign will create System Design Specifications for the
Private Label Certificate System and deliver the System Design Specifications to
Customer to determine material conformity to Exhibit "F" and the Protocol and
for Customer acceptance. Customer shall deliver written acceptance or rejection
of the System Design Specifications within fourteen (14) days. Customer shall
promptly notify VeriSign of any deficiencies in the System Design
Specifications. Such notification shall be in writing and shall contain
sufficient detail to allow VeriSign to resolve such deficiencies. If Customer
fails to respond within the fourteen (14) days, VeriSign may submit written
notice of such failure. If Customer does not respond with written
<PAGE>
VeriSign Private Label Agreement
Page 7
notice of deficiencies as described above within two (2) days of receipt of such
notice then such failure to respond shall be deemed an acceptance by Customer.
VeriSign shall respond to deficiencies identified by Customer by either making
modifications or refuting Customer' s arguments regarding the deficiency. Any
modification to the System Design Specifications shall be resubmitted to
Customer for review and approval in accordance with the procedures outlined in
this Section 4.1.3.
4.1.4 DEVELOPMENT OF ACCEPTANCE TEST PROCEDURES. In accordance with
the Project Plan, Customer shall create the Acceptance Test Procedures and
deliver them to VeriSign for review and approval. VeriSign shall deliver
written acceptance or rejection of the Acceptance Test Procedures within
fourteen (14) days. VeriSign shall promptly notify Customer of any deficiencies
in the Acceptance Test Procedures. Such notification shall be in writing and
shall contain sufficient detail to allow Customer to resolve such deficiencies.
If VeriSign tails to respond within the fourteen (14) days, Customer may submit
written notice of such failure. If VeriSign does not respond with written
notice of deficiencies as described above within two (2) days of receipt of such
notice then such failure to respond shall be deemed an acceptance by VeriSign.
Customer shall respond to deficiencies identified by VeriSign by either making
modifications or refuting VeriSign's arguments regarding the deficiency. Any
modification to the Acceptance Test Procedures shall be resubmitted to VeriSign
for review and approval in accordance with the procedures outlined in this
Section 4.1.4.
4.1.5 DEVELOPMENT OF PRIVATE LABEL CERTIFICATE SYSTEM. In accordance
with the Project Plan, VeriSign will develop the Private Label Certificate
System in material conformity to the Interface Specifications and the System
Design Specifications. Development of the Private Label Certificate System will
take place at VeriSign's facility located in Mountain View, California or such
other place as VeriSign shall reasonably select. VeriSign will deliver notice
to Customer that the Private Label Certificate System is in material conformity
to the Interface Specifications and the System Design Specifications and ready
for acceptance testing on or before the date set forth in the Project Plan.
Customer shall have the option to place two Customer employees on VeriSign's
development team for the Private Label Certificate System. Such Customer
personnel will be fully integrated into the development process and have access
to all project information. Such personnel shall be subject to Sections 3.4 and
6 of this Agreement.
4.1.6 DEVELOPMENT OF SERVICE LEVEL SPECIFICATION. Customer and
VeriSign have specified a preliminary set of performance criteria against which
to measure the adequacy of the Private Label Certificate System in Exhibit "K"
hereto, which is acceptable at the Effective Date of this Agreement. Customer
and VeriSign recognize that after completion of the major phases of development
of the Private Label Certificate System some modification of the Service Level
Specification may be desirable. After the Acceptance Test Procedures have been
approved by VeriSign, Customer and VeriSign shall cooperate in evaluating
whether the Service Level Specification should be amended by Change Order in
accordance with Section 4.1.8 and shall negotiate in good faith with respect to
this Exhibit K.
<PAGE>
VeriSign Private Label Agreement
Page 8
4.1.7 ACCEPTANCE. Acceptance testing of the Private Label
Certificate System in accordance with the Acceptance Test Procedures shall take
place at VeriSign's facility located in Mountain View, California, or such other
place as VeriSign shall reasonably select, using test data supplied by Customer
and supplemented and approved by VeriSign, and shall establish material
conformity of the Private Label Certificate System with the Interface
Specifications and the System Design Specifications. VeriSign shall be
entitled, but not obligated, to have a representative present at all such tests.
Customer shall promptly notify VeriSign of any failure of the Private Label
Certificate System discovered in testing, and any retesting required will be
performed after redelivery of a modified version of the Private Label
Certificate System to Customer by VeriSign. Customer shall deliver written
acceptance of the Private Label Certificate System after establishment of
material conformance to the Interface Specifications and the System Design
Specifications and material satisfaction of the Acceptance Test Procedures
within fourteen (14) days of the completion of the testing. Such notification
acceptance shall be in writing. If Customer fails to respond within the
fourteen (14) days, VeriSign may submit written notice of such failure. If
Customer does not respond with written notice of acceptance as described above
within two (2) days of receipt of such notice then such failure to respond shall
be deemed an acceptance by Customer.
4.1.8 CHANGE ORDERS. Any amendment to a Program Document after its
acceptance, shall only be effected by a change order ("CHANGE ORDER") approved
------------
as follows:
4.1.8.1 CUSTOMER INITIATED. Customer may initiate a Change
Order by delivering to VeriSign a writing signed by Customer's Program Manager
requesting VeriSign to prepare a proposed Change Order. Such writing shall
specify the requested change and cross-reference to Sections of the Program
Documents that are proposed to be amended.
4.1.8.2 VERISIGN INITIATED. VeriSign may initiate a Change
Order by delivering to Customer a proposed Change Order meeting the requirements
of Section 4.1.8.3.
4.1.8.3 PREPARATION. Upon receipt of a written request as set
forth above in this Section 4. 1.8, VeriSign shall, on or before fifteen (15)
days after receipt of such request, prepare for Customer's review a proposed
Change Order. Such proposed Change Order shall contain:
(i) a detailed description of the proposed
amendments to the Program Documents;
(ii) the change, if any, to scheduled delivery of any
item;
(iii) change in amounts due VeriSign under Exhibit "B"
as a result of such Change Order. It is the expectation of the parties that
enhancements, over and above the work initially specified in the Program
Documents, which both parties deem necessary to permit reasonable implementation
of the Private Label Certificate System, will be jointly funded in a spirit of
cooperation between VeriSign and Customer. Those changes specifically requested
by Customer, which are considered out of the scope of the original Program
Documents, will be provided by VeriSign at its then-current time and materials
rates.
<PAGE>
VeriSign Private Label Agreement
Page 9
4.1.8.4 EVALUATION. Customer shall evaluate, and respond to
VeriSign with respect to, any proposed Change Order on or before the fifteenth
(15) business day after receipt.
4.1.8.5 APPROVAL. Change Orders shall become effective and
shall act as amendments to this Agreement and to portions of the Program
Documents specified in such Change Orders only upon their execution by an
officer or the Program Manager of VeriSign and by an officer or the Program
Manager of Customer.
4.1.8.6 TECHNICAL SERVICES. In the event that a Change Order
alters the scope of the project as originally defined, VeriSign will provide the
following technical services to Customer at VeriSign's then standard rates:
4.1.8.6.1 Engineering assistance in developing
interfaces for Certificate services to Customer's proprietary databases
containing authorization and enrollment information regarding Subscribers.
4.1.8.6.2 Training of up to five (5) days for
Customer's employee responsible for training other employees in customer
technical support, marketing, and sales. Training shall occur at VeriSign's
facility in Mountain View, California, or at such other location as the parties
may agree.
4.2 PROJECT AUDITS. Customer shall have the right to perform a project
audit to ensure adherence by VeriSign to this Agreement subject to limitations
set forth below. Customer shall give reasonable prior notice to VeriSign of its
desire to audit VeriSign's performance under this Agreement. Customer shall
have the right to review VeriSign's progress on development of the Private Label
Certificate System and after implementation of such system, Customer shall have
the right to audit operational performance and execution of VeriSign in
connection with the Private Label Certificate System. VeriSign agrees to
cooperate with Customer personnel to permit them to assure themselves that
VeriSign is performing its obligations in a reasonable manner under this
Agreement. Such Customer personnel shall be subject to the requirements of
Sections 3.4 and 6 of this Agreement. Customer shall perform such audits only
at reasonable intervals.
5. FEES AND PENALTIES
------------------
5.1 DEVELOPMENT FEES. As consideration for the development of a Private
Label Certificate System for Customer, provision of the hardware and software
components of the system, and assistance in developing a Protocol for operation
of the Private Label Certificate System as set forth in Sections 2.1, 2.2 and
2.3 above, Customer shall pay to VeriSign the amount set forth as Development
Fees on Exhibit "B" according to the terms contained therein.
5.2 SET-UP FEES. As consideration for operation of the Private Label
Certificate System as set forth in Sections 2.4, 2.5, 2.6 and 2.7 above Customer
shall pay to VeriSign the amount set forth as Set-Up Fees on Exhibit "B"
according to the terms contained therein.
<PAGE>
VeriSign Private Label Agreement
Page 10
5.3 SUBSCRIBER FEES. Customer will pay to VeriSign as Subscriber Fees
amounts for each Subscriber initially enrolled or renewed in Customer's Private
Hierarchy through Customer the prices set forth on Exhibit "B".
5.4 TERMS OF PAYMENT. Subscriber Fees shall accrue upon issuance.
VeriSign will furnish Customer with a monthly invoice accompanied by the report
required by Section 2.5.2 above of the number and type of Certificates requested
and the number and type of Certificates issued and renewed during the prior
month. Customer will pay Subscriber Fees as set forth in Exhibit "B" for the
period therein. Subscriber Fees due VeriSign hereunder shall be paid by
Customer to VeriSign's address set forth on Page 1 above on or before the
thirtieth (30th) day after the invoice date. A late payment penalty on any
undisputed Subscriber Fees not paid when due shall be assessed at the rate of
one percent (1%) per thirty (30) days, beginning on the thirty-first (31st) day
after the day the unpaid Subscriber Fees are due.
5.5 TAXES. All taxes, duties, fees and other governmental charges of any
kind (including sales and use taxes, but excluding taxes based on the gross
revenues or net income of VeriSign) which are imposed by or under the authority
of any government or any political subdivision thereof on the Development Fees
or Set-Up Fees, Subscriber Fees or any aspect of this Agreement shall be borne
by Customer and shall not be considered a part of, a deduction from or an offset
against such fees.
5.6 DELAY PENALTY. In the event VeriSign does not operate on Visa's
behalf a Private Label Certificate System materially meeting the System Design
Specifications within four (4) weeks after the date specified as the
"Commencement of Pilot" in the Project Plan ("Penalty Date"), Customer shall be
entitled to liquidated delay damages as follows: One Thousand Dollars ($1,000)
per day for each day past the Penalty Date. VeriSign shall be entitled to an
automatic extension for any deadline that is equal in length to that of any
delay caused by any party other than VeriSign or entities controlled by
VeriSign.
5.7 DEGRADATION PENALTY. After thirty (30) days prior notice of failure
to meet the minimum service standard set forth in Exhibit "K" Service Level
Specifications, Customer shall be entitled to degradation penalties as defined
in Exhibit K.
5.8 INCENTIVE FOR EARLY COMPLETION. Both parties agree to work in good
faith to complete all tasks necessary to offer the Private Label Certificate
System as soon as possible. To provide an incentive for completion, Customer
agrees to pay VeriSign a bonus of One Thousand Dollars ($1,000) per day for
every day that it is operating a Private Label Certificate System for the Pilot
before the date of the Commencement Pilot currently listed in Project Plan. In
the event that VeriSign operates a Private Label Certificate System for Customer
on or before January 1, 1997, Customer shall pay VeriSign a bonus of Fifty
Thousand Dollars ($50,000), this bonus shall be in lieu of the One Thousand
Dollars ($1,000) per day bonus.
6. CONFIDENTIALITY
---------------
6.1 CONFIDENTIALITY. The parties acknowledge that in their performance of
their duties hereunder either party may communicate to the other (or its
designees) certain confidential
<PAGE>
VeriSign Private Label Agreement
Page 11
and proprietary information concerning the Customer Products, VeriSign products,
the know-how, technology, techniques or marketing plans related thereto
(collectively, the "Proprietary Information") all of which are confidential and
proprietary to, and trade secrets of, the disclosing party. Each party agrees to
hold all Proprietary Information within its own organization and shall not,
without specific written consent of the other party or as expressly authorized
herein, utilize in any manner, publish, communicate or disclose any part of the
Proprietary information to third parties. This Section 6.1 shall impose no
obligation on either party with respect to any Proprietary Information which:
(i) is in the public domain at the time disclosed by the disclosing party; (ii)
enters the public domain after disclosure other than by breach of the receiving
party's obligations hereunder or by breach of another party's confidentiality
obligations; or (iii) is shown by documentary evidence to have been known by the
receiving party prior to its receipt from the disclosing party. Each party will
take such steps as are consistent with its protection of its own confidential
and proprietary information (but will in no event exercise less than reasonable
care) to ensure that the provisions of this Section 6.1 are not violated by its
end user customers, distributors, employees, agents or any other person.
6.2 INJUNCTIVE RELIEF. Both parties acknowledge that the restrictions
contained in this Section 6 are reasonable and necessary to protect their
legitimate interests and that any violation of these restrictions will cause
irreparable damage to the other party within a short period of time, and each
party agrees that the other party will be entitled to injunctive relief against
each violation.
7. OBLIGATIONS OF CUSTOMER
-----------------------
7.1 PROPRIETARY MARKINGS; COPYRIGHT NOTICES. The Customer agrees not to
remove or destroy any proprietary, trademark or copyright markings or notices
placed upon or contained within any VeriSign materials or documentation. The
Customer further agrees to insert and maintain: (i) within every Customer
Product and any related materials or documentation a copyright notice in the
name of VeriSign; and (ii) within the splash screens, user documentation,
printed product collateral, product packaging and advertisements for the
Customer Product, a statement that the Customer Product contains the VeriSign
technology. The Customer shall not take any action which might adversely affect
the validity of VeriSign's proprietary, trademark or copyright markings or
ownership by VeriSign thereof, and shall cease to use the markings, or any
similar markings, in any manner on the expiration of this Agreement. The
placement of a copyright notice on any of the VeriSign materials or
documentation shall not constitute publication or otherwise impair the
confidential or trade secret nature of the VeriSign materials or documentation.
7.2 VERISIGN'S INDEMNITY. CUSTOMER EXPRESSLY INDEMNIFIES AND HOLDS
HARMLESS VERISIGN, ITS SUBSIDIARIES, AGENTS AND AFFILIATES FROM: (i) ANY AND ALL
LIABILITY OF ANY KIND OR NATURE WHATSOEVER TO SUBSCRIBERS IN CUSTOMER'S PRIVATE
HIERARCHY AND TO THIRD PARTIES WHICH MAY ARISE FROM ACTS OF CUSTOMER OR FROM THE
USE OF CERTIFICATES IN CUSTOMER'S PRIVATE HIERARCHY, USE OF ANY CUSTOMER
PRODUCT, OR ANY DOCUMENTATION, SERVICES OR ANY OTHER ITEM
<PAGE>
VeriSign Private Label Agreement
Page 12
FURNISHED BY THE CUSTOMER TO SUBSCRIBERS IN CUSTOMER'S PRIVATE HIERARCHY, OTHER
THAN LIABILITY ARISING FROM THE VERISIGN PRODUCTS AND VERISIGN DOCUMENTATION
(UNLESS SUCH LIABILITY WOULD NOT HAVE ARISEN IN THE ABSENCE OF MODIFICATIONS TO
ANY OF THE FOREGOING BY THE CUSTOMER OR ITS EMPLOYEES, AGENTS OR CONTRACTORS) OR
FROM THE ACTS OF VERISIGN; AND (ii) ANY LIABILITY ARISING IN CONNECTION WITH AN
UNAUTHORIZED REPRESENTATION OR ANY MISREPRESENTATION OF FACT MADE BY THE
CUSTOMER OR ITS AGENTS, EMPLOYEES OR DISTRIBUTORS TO ANY PARTY WITH RESPECT TO
THE VERISIGN PRODUCTS OR VERISIGN DOCUMENTATION.
7.3 CUSTOMER'S INDEMNITY. VERISIGN EXPRESSLY INDEMNIFIES AND HOLDS
HARMLESS CUSTOMER, ITS SUBSIDIARIES, AGENTS AND AFFILIATES FROM: (i) ANY AND ALL
LIABILITY OF ANY KIND OR NATURE WHATSOEVER TO ANY THIRD PARTIES THAT MAY ARISE
FROM ACTS OF VERISIGN OR FROM USE OF VERISIGN SOURCE CODE, VERISIGN'S OBJECT
CODE OR VERISIGN'S USER MANUALS (UNLESS SUCH LIABILITY WOULD NOT HAVE ARISEN IN
THE ABSENCE OF MODIFICATIONS TO ANY OF THE FOREGOING BY CUSTOMER OR ITS
EMPLOYEES, AGENTS OR CONTRACTORS); AND (ii) ANY LIABILITY ARISING IN CONNECTION
WITH AN UNAUTHORIZED REPRESENTATION OR ANY MISREPRESENTATION OF FACT MADE BY
VERISIGN OR ITS AGENTS OR EMPLOYEES TO ANY PARTY WITH RESPECT TO CUSTOMER
PRODUCTS, OR ANY VERISIGN SOFTWARE.
7.4 NOTICES. The Customer shall immediately advise VeriSign of any legal
notices served on the Customer which might affect VeriSign.
8. LIMITED WARRANTY: DISCLAIMER OF WARRANTIES; LIMITATION OF LIABILITY;
--------------------------------------------------------------------
INDEMNITIES
-----------
8.1 Limited Warranty. During the term of this Agreement, VeriSign
warrants that
8.1.1 to VeriSign's knowledge, Customer's Private Keys have not been
compromised so long as VeriSign has not provided notice to Customer to the
contrary,
8.1.2 VeriSign has used best efforts to maintain the security at its
facilities and to maintain the security of any of Customer's private keys in its
possession or control,
8.1.3 VeriSign has substantially complied with the Protocol in
issuing a Certificate to a Subscriber in Customer's Private Hierarchy,
8.1.4 VeriSign has substantially complied with the Protocol in
renewing, revoking or suspending a Certificate, and
8.1.5 the Private Label Certificate System materially conforms to the
Interface Specifications and the System Design Specifications.
<PAGE>
VeriSign Private Label Agreement
Page 13
8.2 DISCLAIMER. EXCEPT FOR THE EXPRESS LIMITED WARRANTY PROVIDED IN
SECTION 8.1, VERISIGN'S PRODUCTS AND SERVICES ARE PROVIDED "AS IS" WITHOUT ANY
WARRANTY WHATSOEVER. VERISIGN DISCLAIMS ALL WARRANTIES, EXPRESS, IMPLIED OR
STATUTORY, AS TO ANY MATTER WHATSOEVER, INCLUDING ALL IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. NO ORAL OR WRITTEN
INFORMATION OR ADVICE GIVEN BY VERISIGN OR ITS EMPLOYEES OR REPRESENTATIVES
SHALL CREATE A WARRANTY OR IN ANY WAY INCREASE THE SCOPE OF VERISIGN'S
OBLIGATIONS.
CUSTOMER IS RESPONSIBLE FOR THE SECURITY, COMMUNICATION OR USE OF ITS
PRIVATE KEY, EXCEPT TO THE EXTENT SUCH PRIVATE KEY IS IN THE CUSTODY OR CONTROL
OF VERISIGN. VERISIGN SHALL NOT BE RESPONSIBLE FOR THE THEFT OR ANY OTHER FORM
OF COMPROMISE OF CUSTOMER'S PRIVATE KEY, WHICH MAY OR MAY NOT BE DETECTED EXCEPT
WHEN SUCH PRIVATE KEY IS IN THE CUSTODY OR CONTROL OF VERISIGN. VERISIGN SHALL
NOT BE LIABLE FOR ANY USE OF A KEY STOLEN OR COMPROMISED WHILE IN CUSTOMER'S
CUSTODY OR CONTROL UNLESS CUSTOMER HAS PROVIDED NOTICE TO VERISIGN IN ACCORDANCE
WITH THE PROTOCOL, AND VERISIGN HAS FAILED SUBSTANTIALLY TO COMPLY WITH THE
PROTOCOL OR UNLESS CUSTOMER CAN ESTABLISH THAT SUCH THEFT OR KEY COMPROMISE
OCCURRED WHILE THE SOLE COPY OF THE KEY WAS IN THE CUSTODY OR CONTROL OF
VERISIGN OR WHILE THE KEY WAS IN THE CUSTODY OR CONTROL OF VERISIGN AND THAT THE
COPY OF THE KEY IN VERISIGN'S CUSTODY OR CONTROL WAS STOLEN OR COMPROMISED.
EACH SUBSCRIBER IS RESPONSIBLE FOR THE SECURITY, COMMUNICATION OR USE OF
HIS, HER OR ITS PRIVATE KEY. VERISIGN SHALL NOT BE RESPONSIBLE FOR THE THEFT OR
ANY OTHER FORM OF COMPROMISE OF ANY SUBSCRIBER'S PRIVATE KEY, WHICH MAY OR MAY
NOT BE DETECTED. VERISIGN SHALL NOT BE LIABLE FOR ANY USE OF A STOLEN OR
COMPROMISED KEY TO FORGE A SUBSCRIBER'S DIGITAL SIGNATURE TO A DOCUMENT UNLESS
THE SUBSCRIBER OR CUSTOMER HAS PROVIDED NOTICE TO VERISIGN IN ACCORDANCE WITH
THE PROTOCOL AND VERISIGN HAS FAILED TO COMPLY WITH THE PROTOCOL.
8.3 LIMITATION OF LIABILITY. NEITHER PARTY WILL BE LIABLE TO THE OTHER
PARTY, TO A SUBSCRIBER OR TO ANY THIRD PARTY FOR ANY CONSEQUENTIAL, INDIRECT,
SPECIAL, INCIDENTAL OR EXEMPLARY DAMAGES WHETHER FORESEEABLE OR UNFORESEEABLE
(INCLUDING, BUT NOT LIMITED TO, GOODWILL. PROFITS, INVESTMENTS, USE OF MONEY OR
USE OF FACILITIES; INTERRUPTION IN USE OR AVAILABILITY OF DATA; STOPPAGE OF
OTHER WORK OR IMPAIRMENT OF OTHER ASSETS; OR LABOR CLAIMS, EVEN IF VERISIGN HAS
BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES), ARISING OUT OF BREACH OF ANY
EXPRESS OR IMPLIED WARRANTY, BREACH OF CONTRACT,
<PAGE>
VeriSign Private Label Agreement
Page 14
NEGLIGENCE, EXCEPT ONLY IN THE CASE OF DEATH OR PERSONAL INJURY WHERE AND TO THE
EXTENT THAT APPLICABLE LAW REQUIRES SUCH LIABILITY. UNDER NO CIRCUMSTANCES SHALL
EITHER PARTY'S LIABILITY TO THE OTHER PARTY OR ANY SUBSCRIBER OR ANY THIRD PARTY
ARISING OUT OF OR RELATED TO THIS AGREEMENT, EXCLUDING LIABILITY FOR MONEY
ACTUALLY OWED TO A PARTY AS ROYALTY FEES, DEVELOPMENT FEES, SET-UP FEES, OR
SUBSCRIBER FEES, EXCEED $100,000.00 WITH RESPECT TO A SINGLE OCCURRENCE OR
$1,000,000.00 IN THE AGGREGATE REGARDLESS OF WHETHER ANY ACTION OR CLAIM IS
BASED ON WARRANTY, CONTRACT, TORT OR OTHERWISE. THE LIMITATION SET FORTH IN THIS
SECTION 8.3 SHALL NOT APPLY TO INDEMNITIES OR RIGHTS GRANTED BY SECTION 8.5 OR
8.6.
8.4 INDEMNITIES. Subject to the limitations set forth below and the
limitations in Section 8.3, VeriSign, at its own expense, shall (i) defend, or
at its option settle, any claim, suit or proceeding against Customer on the
basis of VeriSign's breach of any limited warranty in this Agreement in
connection with use of a Certificate in Customer's Private Hierarchy; and (ii)
pay any final judgment entered or settlement against company on such issue in
any such suit or proceedings defended by VeriSign. VeriSign shall have no
obligation to Customer pursuant to this Section 8.4 unless (a) Customer gives
VeriSign prompt written notice of the claim; (b) VeriSign is given the right to
control and direct the investigation, preparation, defense and settlement of the
claim; and (c) Customer has complied with the Protocol.
8.5 PROPRIETARY RIGHTS INFRINGEMENT BY VERISIGN.
8.5.1 Subject to the limitations set forth in this Section 8.5,
VeriSign, at its own expense, shall: (i) defend, or at its option settle, any
claim, suit or proceeding against Customer on the basis of infringement of any
United States copyright, patent, trade secret or any other intellectual property
right ("Proprietary Rights") by the unmodified Private Label Certificate System
as delivered by VeriSign or any claim that VeriSign has no right to provide the
Private Label Certificate System hereunder; and (ii) pay any final judgment
entered or settlement against Customer on such issue in any such suit or
proceeding defended by VeriSign. VeriSign shall have no obligation to Customer
pursuant to this Section 8.5.1 unless: (A) Customer gives VeriSign prompt
written notice of the claim; (B) VeriSign is given the right to control and
direct the investigation, preparation, defense and settlement of the claim; and
(C) the claim is based on Customer's use of the most recent version of the
Relatively Unmodified Private Label Certificate System in accordance with this
Agreement. A Relatively Unmodified Private Label Certificate System shall mean
a wholly unmodified Private Label Certificate System or a Private Label
Certificate System that has been modified but such modifications are not
relevant to the claim.
8.5.2 If VeriSign receives notice of an alleged infringement
described in Section 8.5.1, VeriSign shall have the right, at its sole option,
to obtain the right to continue use of the Private Label Certificate System or
to replace or modify the Private Label Certificate System so that it is no
longer infringing. If neither of the foregoing options is reasonably available
to VeriSign, then use of the Private Label Certificate System may be terminated
at the option of VeriSign without further obligation or liability except as
provided in Sections 8.5.1 and 9.3 and
<PAGE>
VeriSign Private Label Agreement
Page 15
in the event of such termination, VeriSign shall refund the Development Fees
paid by Customer hereunder less depreciation for use assuming straight line
depreciation over a five (5)-year useful life.
8.5.3 THE RIGHTS AND REMEDIES SET FORTH IN SECTIONS 8.5.1 AND 8.5.2
CONSTITUTE THE ENTIRE OBLIGATION OF VERISIGN AND THE EXCLUSIVE REMEDIES OF
CUSTOMER CONCERNING PROPRIETARY RIGHTS INFRINGEMENT BY THE VERISIGN SOFTWARE.
8.6 PROPRIETARY RIGHTS INFRINGEMENT BY CUSTOMER.
8.6.1 Subject to the limitations set forth in this Section 8.6,
Customer, at its own expense, shall: (i) defend, or at its option settle, any
claim, suit or proceeding against VeriSign on the basis of infringement of any
Proprietary Right by the Customer Product (except to the extent arising from a
Relatively Unmodified Private Label Certificate System); and (ii) pay any final
judgment entered or settlement against VeriSign on such issue in any such suit
or proceeding defended by Customer. Customer shall have no obligation to
VeriSign pursuant to this Section 8.6.1 unless: (A) VeriSign gives Customer
prompt written notice of the claim; and (B) Customer is given the right to
control and direct the investigation, preparation, defense and settlement of the
claim.
8.6.2 If Customer receives notice of an alleged infringement
described in Section 8.6.1, Customer shall have the right, at its sole option,
to obtain the right to continued use of the Private Label Certificate System or
the Customer Product or to replace or modify the Private Label Certificate
System or the Customer Product so that they are no longer infringing. If
neither of the foregoing options in this Section 8.6.2 is reasonably available
to Customer, then use of the Private Label Certificate System or the Customer
Product may be terminated at the option of Customer without further obligation
or liability except as provided in Sections 8.6.1 and 9.3, and in the event of
such termination, VeriSign shall retain all Development Fees, Set-Up Fees and
Subscriber Fees paid by Customer hereunder.
8.6.3 THE RIGHTS AND REMEDIES SET FORTH IN SECTIONS 8.6.1 AND 8.6.2
CONSTITUTE THE ENTIRE OBLIGATION OF CUSTOMER AND THE EXCLUSIVE REMEDIES OF
VERISIGN CONCERNING CUSTOMER'S PROPRIETARY RIGHTS INFRINGEMENT.
9. TERM AND TERMINATION
--------------------
9.1 TERMINATION. This Agreement shall terminate on the earliest of:
9.1.1 The end of the term set forth on the first page hereof;
9.1.2 Failure by either party to perform any of its material
obligations under this Agreement and the Exhibits hereto if such breach is not
cured within sixty (60) days after receipt of written notice thereof from the
other party;
<PAGE>
VeriSign Private Label Agreement
Page 16
9.1.3 Notice from VeriSign to the Customer after the occurrence of a
purported assignment of this Agreement in violation of Section 10.2; or
9.1.4 Notice from either party to the other if the other party is
adjudged insolvent or bankrupt, or the institution of any proceedings by or
against the other party seeking relief, reorganization or arrangement under any
laws relating to insolvency, or any assignment for the benefit of creditors, or
the appointment of a receiver, liquidator or trustee of any of the other party's
property or assets, or the liquidation, dissolution or winding up of the other
party's business.
9.1.5 Customer shall have the right to terminate this Agreement upon
sixty (60) days notice if the Customer support obligations provided by VeriSign
pursuant to Section 2.6 are consistently not provided, or if agreement cannot be
reached on the cost of service at the time of any annual review.
9.1.6 Upon Customer's execution of the License Agreement set forth at
Exhibit "J".
9.2 EXTENSION OF TERM. This Agreement may be renewed by the written
consent of the parties for an additional term upon expiration of the term
provided in Section 9.1.1, under VeriSign's then-current standard terms and
conditions. Subscriber Fees and Set-Up Fees shall be renegotiated annually
during any extended term.
9.3 EFFECT OF TERMINATION. Upon expiration or termination of this
Agreement for any reason except for VeriSign's breach pursuant to Section 9.1.2
or if VeriSign fulfills any of the conditions stated in Section 9.1.4, all use
of the Private Label Certificate System by Customer shall cease, and Customer
shall pay to VeriSign any Subscriber Fees which have accrued in accordance with
Section 5.4 unless the termination occurred pursuant to Section 9.1.2 because of
breach by VeriSign. Such expiration or termination shall not affect Sections 6,
7, 8, and 10 of this Agreement which shall continue in full force and effect to
the extent necessary to permit the complete fulfillment thereof.
10. MISCELLANEOUS PROVISIONS
------------------------
10.1 GOVERNING LAWS; VENUE; WAIVER OF JURY TRIAL. THE LAWS OF THE STATE
OF CALIFORNIA, U.S.A. (IRRESPECTIVE OF ITS CHOICE OF LAW PRINCIPLES) SHALL
GOVERN THE VALIDITY OF THIS AGREEMENT, THE CONSTRUCTION OF ITS TERMS, AND THE
INTERPRETATION AND ENFORCEMENT OF THE RIGHTS AND DUTIES OF THE PARTIES HERETO.
THE PARTIES AGREE THAT THE UNITED NATIONS CONVENTION ON CONTRACTS FOR THE
INTERNATIONAL SALE OF GOODS SHALL NOT APPLY TO THIS AGREEMENT. THE PARTIES
HEREBY AGREE THAT ANY SUIT TO ENFORCE ANY PROVISION OF THIS AGREEMENT OR ARISING
OUT OF OR BASED UPON THIS AGREEMENT OR THE BUSINESS RELATIONSHIP BETWEEN THE
PARTIES HERETO SHALL BE BROUGHT IN THE UNITED STATES DISTRICT COURT FOR THE
NORTHERN DISTRICT OF CALIFORNIA OR THE SUPERIOR OR MUNICIPAL COURT IN AND FOR
THE COUNTY OF SANTA CLARA,
<PAGE>
VeriSign Private Label Agreement
Page 17
CALIFORNIA, U.S.A. Each party hereby agrees that such courts shall have
exclusive in personam jurisdiction and venue with respect to such party, and
each party hereby submits to the exclusive in personam jurisdiction and venue of
such courts. The parties hereby waive any right to jury trial with respect to
any action brought in connection with this Agreement.
10.2 BINDING UPON SUCCESSORS AND ASSIGNS. Except as otherwise provided
herein, this Agreement shall be binding upon, and inure to the benefit of, the
successors, executors, heirs, representatives, administrators and assigns of the
parties hereto. This Agreement shall not be assignable by either party, by
operation of law (including as a result of a merger involving a party or a
transfer of a controlling interest in a party's voting securities) or otherwise
without the prior written authorization of the nonassigning party, except that
either party may assign its rights and obligations under this Agreement to its
Affiliates, provided that the assigning party receives the nonassigning party's
prior written consent, which shall not be unreasonably withheld. Any such
purported assignment or delegation shall be void and of no effect and shall
permit non-assigning party to terminate this Agreement pursuant to Section
9.1.3.
10.3 SEVERABILITY. If any provision of this Agreement, or the application
thereof, shall for any reason and to any extent, be invalid or unenforceable,
the remainder of this Agreement and application of such provision to other
persons or circumstances shall be interpreted so as best to reasonably effect
the intent of the parties hereto. IT IS EXPRESSLY UNDERSTOOD AND AGREED THAT
EACH AND EVERY PROVISION OF THIS AGREEMENT WHICH PROVIDES FOR A LIMITATION OF
LIABILITY, DISCLAIMER OF WARRANTIES OR EXCLUSION OF DAMAGES IS INTENDED BY THE
PARTIES TO BE SEVERABLE AND INDEPENDENT OF ANY OTHER PROVISION AND TO BE
ENFORCED AS SUCH.
10.4 ENTIRE AGREEMENT. This Agreement, the Appendices hereto and all
agreements referred to therein constitute the entire understanding and agreement
of the parties hereto with respect to the subject matter hereof and supersede
all prior and contemporaneous agreements or understandings between the parties.
10.5 AMENDMENT AND WAIVERS. Except as otherwise expressly provided in
this Agreement, any term or provision of this Agreement may be amended, and the
observance of any term of this Agreement may be waived, only by a writing signed
by the party to be bound thereby.
10.6 ATTORNEYS' FEES. Should suit be brought to enforce or interpret any
part of this Agreement, the prevailing party shall be entitled to recover, as an
element of the costs of suit and not as damages, reasonable attorneys' fees to
be fixed by the court (including without limitation, costs, expenses and fees on
any appeal).
10.7 NOTICES. Whenever any party hereto desires or is required to give
any notice, demand, or request with respect to this Agreement, each such
communication shall be in writing and shall be effective only if it is delivered
sent by a courier service that confirms delivery in writing or mailed, certified
or registered mail, postage prepaid, return receipt requested, addressed as
follows:
<PAGE>
VeriSign Private Label Agreement
Page 18
VeriSign: To the address set forth on page 1
Attention: Stratton Sclavos, President & CEO
The Customer: To the address set forth on page 1
Attention: Peter R. Hill
Such communications shall be effective when they are received. Any party
may change its address for such communications by giving notice thereof to the
other party in conformity with this Section.
10.8 FOREIGN RESHIPMENT LIABILITY. THIS AGREEMENT IS EXPRESSLY MADE
SUBJECT TO ANY LAWS, REGULATIONS, ORDERS OR OTHER RESTRICTIONS ON THE EXPORT
FROM THE UNITED STATES OF AMERICA OF TECHNICAL INFORMATION, SOFTWARE OR
INFORMATION ABOUT SUCH SOFTWARE WHICH MAY BE IMPOSED FROM TIME TO TIME BY THE
GOVERNMENT OF THE UNITED STATES OF AMERICA. NOTWITHSTANDING ANYTHING CONTAINED
IN THIS AGREEMENT TO THE CONTRARY, THE CUSTOMER SHALL NOT EXPORT OR RE-EXPORT,
DIRECTLY OR INDIRECTLY, ANY TECHNICAL INFORMATION, SOFTWARE OR INFORMATION ABOUT
SUCH SOFTWARE TO ANY COUNTRY FOR WHICH SUCH GOVERNMENT OR ANY AGENCY THEREOF
REQUIRES AN EXPORT LICENSE OR OTHER GOVERNMENTAL APPROVAL AT THE TIME OF EXPORT
OR RE-EXPORT WITHOUT FIRST OBTAINING SUCH LICENSE OR APPROVAL.
10.9 PUBLICITY. Neither party will disclose to third parties, other than
its agents and representatives on a need-to-know basis, the terms of this
Agreement or any exhibits hereto without the prior written consent of the other
party, except (i) either party may disclose such terms to the extent required by
law; and (ii) either party may disclose the existence of this Agreement.
10.10 NO WAIVER. Failure by either party to enforce any provision of this
Agreement will not be deemed a waiver of future enforcement of that or any other
provision.
10.11 COUNTERPARTS. This Agreement may be executed in one or more
counterparts, each of which will be deemed an original, but which collectively
will constitute one and the same instrument.
10.12 HEADINGS AND REFERENCES. The headings and captions used in this
Agreement are used for convenience only and are not to be considered in
construing or interpreting this Agreement.
10.13 DUE AUTHORIZATION. The Customer hereby represents and warrants to
VeriSign that the individual executing this Agreement on behalf of the Customer
is duly authorized to execute this Agreement on behalf of the Customer and to
bind the Customer hereby.
10.14 INDEPENDENT CONTRACTOR. The relationship of VeriSign and the
Customer is that of independent contractors. Neither the Customer nor the
Customer's employees, consultants,
<PAGE>
VeriSign Private Label Agreement
Page 19
contractors or agents are agents, employees or joint venturers of VeriSign, nor
do they have any authority to bind VeriSign by contract or otherwise to any
obligation. They will not represent to the contrary, either expressly,
implicitly, by appearance or otherwise
10.15 PUBLICITY. VeriSign grants Customer the right to disclose that
VeriSign is a vendor of Customer and to name publicly-announced Customer
Products that provide access to Certificates issued by VeriSign. VeriSign also
grants the Company the right to display VeriSign's logo on the Customer's WWW
site in one of the forms shown on Exhibit "C" attached to this Agreement.
Customer shall not acquire any other rights of any kind in VeriSign's trade
names, trademarks, product name or logo by use authorized in this Section.
Customer grants VeriSign the right to disclose that Customer is a vendee of
VeriSign and to name publicly announced Customer Products that provide access to
Certificates issued by VeriSign. Customer also grants VeriSign the right to
display Customer's logo on VeriSign's WWW site. VeriSign shall not acquire any
other rights of any kind in Customer's trade names, trademarks, product name or
logo by use authorized in this Section.
IN WITNESS WHEREOF, the parties have executed this Agreement as of the day
and year first written above.
CUSTOMER:
VISA INTERNATIONAL SERVICE ASSOCIATION
By: /s/ F. Dutray
-------------------------------------------
Its: Group Executive Vice President
------------------------------------------
VERISIGN, INC.
By: /s/ Stratton Sclavos
--------------------------------------------
Its: President and CEO
------------------------------------------
<PAGE>
VeriSign Private Label Agreement
Page 20
EXHIBIT "A"
DEFINITIONS
1. ACCEPTANCE means that the Acceptance Test Procedures have been
----------
performed to demonstrate that the Private Label Certificate System conforms to
the Interface Specifications and the System Design Specifications. ACCEPTED
--------
means that Acceptance has occurred.
2. ACCEPTANCE TEST PROCEDURES means the acceptance test procedures to be
--------------------------
created by Customer and approved by VeriSign pursuant to Section 4.1.4. The
Acceptance Test Procedures shall include (1) the criteria against which the
Private Label Certificate System is to be measured in order to verify
conformance to the Interface Specifications and the System Design Specifications
and (2) the testing procedures to be used to establish conformance of the
Private Label Certificate System to the Interface Specifications and the System
Design Specifications. Upon approval by Customer, the Acceptance Test
Procedures shall be attached as Exhibit "G".
3. ACQUIRER means a Member financial institution that establishes an
--------
account with a Merchant and processes bank card authorizations and payments.
4. CARDHOLDER means a consumer or corporate purchaser who uses a bank card
----------
issued by an Issuer to make a purchase from a Merchant.
5. CERTIFICATE means a collection of electronic data consisting of a
-----------
Public Key, identifying information which contains information about the owner
of the Public Key, and validity information, which (or a string of bits derived
from the Public Key) has been encrypted by a third party who is the issuer of
the Certificate with such third party Certificate issuer's Private Key. This
collection of electronic data collectively serves the function of identifying
the owner of the Public Key and verifying the integrity of the electronic data.
"CERTIFY" or "CERTIFICATION" means the act of generating a Certificate.
"CERTIFIED" means the condition of having been issued a valid Certificate by a
Certifier, which Certificate has not been revoked.
6. CERTIFICATE SIGNING UNIT ("CSU") means a hardware unit or software
--------------------------------
designed for use in signing Certificates and key storage. The BBN
SafeKeyper(TM) manufactured by BBN Communications, Inc. is one hardware
implementation of a CSU.
7. CERTIFICATION AUTHORITY ("CA") means VeriSign and any entity, group,
------------------------------
division, department, unit or office which is Certified by VeriSign to, and has
accepted responsibility to, issue Certificates to specified Subscribers in a
Hierarchy in accordance with the CPS or a Protocol.
8. CERTIFICATION PRACTICE STATEMENT ("CPS") means the VeriSign
---------------------------------------
specification of policies, procedures and resources to control the entire
Certificate process and transactional use of Certificates within the VeriSign
Public Hierarchies.
<PAGE>
VeriSign Private Label Agreement
Page 21
9. CHANGE ORDER has the meaning set forth in Section 4.1.8.
------------
10. CUSTOMER AFFILIATES shall mean Visa's Subsidiaries and Related
-------------------
Entities. A "Subsidiary" shall mean a company in which on a class-by-class
basis, more than fifty percent (50%) of the stock entitled to vote for the
election of directors is owned or controlled by Customer, but only so long as
such ownership or control exists. A "Related Entity" shall mean an entity (A) at
least fifty percent (50%) of whose stock or other equity is owned by Customer's
member banks and that has the authority to process Visa payment transactions,
but only so long as such ownership exists; (B) has an equity interest in
Customer and is owned in whole by Member banks or financial institutions (e.g.,
national or regional group Members); or (C) is exclusively managed by Visa or a
national or group Member of Visa for the purpose of processing Visa payment
transactions, but only so long as such exclusive management exists.
Notwithstanding anything to the contrary set forth above, however, Subsidiaries
or Related Entities do not include any Acquirer, Issuer or individual bank or
like financial institution. Customer Affiliates include, for example, without
limitation, Visa USA, Inc, ViTAL, Inc, Plus and Interlink.
11. CUSTOMER BRAND KEY means the set of key pairs for signature and
------------------
exchange that are used by the Customer in its capacity of CA. The Customer
Brand Keys will be used as the "Root" for portions of the Private Label
Certificate System.
12. CUSTOMER PRODUCT means any product developed by Customer for use by a
----------------
Subscriber in Customer's Private Hierarchy with a Certificate issued by VeriSign
which incorporates Customer's Root Keys.
13. DIGITAL SIGNATURE means information encrypted with a Private Key which
-----------------
is appended to information to identify the owner of the Private Key and to
verify the integrity of the information. "DIGITALLY SIGNED" shall refer to
----------------
electronic data to which a Digital Signature has been appended.
14. ELECTRONIC CERTIFICATION SYSTEM ("ECS") means the Customer's name for
---------------------------------------
the Private Label Certification System.
15. ELECTRONIC COMMERCE AUTHENTICATION SYSTEM ("ECAS") means VeriSign's
-------------------------------------------------
proprietary software product marketed and developed under the name "Electronic
Commerce Authentication System" providing secure on-line Certificate issuance as
presently in existence and as developed and enhanced in the future by VeriSign.
16. FULLY AUTOMATED MERCHANT CERTIFICATE ISSUANCE means merchant
---------------------------------------------
authentication is achieved by passing the authentication information to either
Visa or a Visa Member who will then respond electronically with a confirmation
or rejection of the authentication. This method does not require human
intervention.
17. HIERARCHY means a domain consisting of a system of chained
---------
Certificates leading from the Primary Certification Authority through one or
more Certification Authorities to Subscribers.
<PAGE>
VeriSign Private Label Agreement
Page 22
18. INTERFACE SPECIFICATIONS means the interface specifications to be
------------------------
created by Customer and approved by VeriSign pursuant to Section 4.1.1.
19. INTERNET means the global computer network.
--------
20. ISSUER means a Member financial institution that establishes an
------
account for a Cardholder, issues a bank card to the Cardholder, and guarantees
payment for authorized transactions using the bank card in accordance with
association regulations and local laws.
21. MEMBER means a member of the VISA International Service Association.
------
All Issuers and Acquirers are Members.
22. MERCHANT means one who offers goods or services in exchange for
--------
payment, who accepts bank cards for payment, and who has a relationship with an
Acquirer.
23. PAYMENT GATEWAY shall mean the computer system as further defined in
---------------
SET that provides an interface between open networks, such as the Internet, and
existing payment systems, such as VisaNet.
24. PRIMARY CERTIFICATION AUTHORITY "PCA" means an entity that establishes
-------------------------------------
policies for all Certification Authorities and Subscribers within its domain.
25. PRIVATE HIERARCHY means a domain consisting of a chained Certificate
-----------------
hierarchy which is entirely self-contained within an organization or network and
not designed to be interoperable with or intended to interact through public
channels with any external organizations, networks, and public hierarchies.
26. PRIVATE KEY means a mathematical key which is kept private to the
-----------
owner and which is used through public key cryptography to encrypt electronic
authenticity data and create a Digital Signature which will be decrypted with
the corresponding Public Key.
27. PRIVATE LABEL CERTIFICATE SYSTEM means the system developed by
--------------------------------
VeriSign for Customer as more fully described in Section 2, which incorporates
the SET Module and VSE.
28. PROCESSOR means a third party which has been assigned the processing
---------
of bank card transactions by one or more Issuers or Acquirers.
29. PROGRAM DOCUMENTS means each of the Project Plan, Interface
-----------------
Specifications, Protocol, System Design Specifications, Acceptance Test
Procedures, and Service Level Specification.
30. PROTOCOL means Customer's specification of policies, procedures and
--------
resources to control the entire Certificate process and transactional use of
Certificates within Customer's Private Hierarchy.
31. PUBLIC HIERARCHY means a domain consisting of a system of chained
----------------
Certificates leading from VeriSign as the Primary Certification Authority
through one or more Certification
<PAGE>
VeriSign Private Label Agreement
Page 23
Authorities to Subscribers in accordance with the VeriSign Certification
Practice Statement. Certificates issued in a Public Hierarchy are intended to be
interoperable among organizations, allowing Subscribers to interact through
public channels with various individuals, organizations, and networks.
32. PUBLIC KEY means a mathematical key which is available publicly and
----------
which is used through public key cryptography to decrypt electronic authenticity
data which was encrypted using the matched Private Key and to verify Digital
Signatures created with the matched Private Key.
33. PUBLIC KEY INFRASTRUCTURE ("PKI") means the VeriSign specification for
---------------------------------
the architecture, techniques, practices, and procedures that collectively
support the implementation and operation of Certificate-based public key
cryptographic systems.
34. ROOT KEY means one or more public root key(s) published by the
--------
organization which generated and is entitled to use such keys as the public
components of its key pair(s) in issuing Certificates in a hierarchy over which
such organization has responsibility.
35. SECOND TIER CA means an entity in the business of selling or issuing
--------------
Certificates in Customer's Private Hierarchy Digitally Signed by such Second
Tier CA to Subscribers using the Private Label Certificate System as operated by
VeriSign directly or by sublicensing the Private Label Certificate System from
VeriSign.
36. SECURE ELECTRONIC TRANSACTIONS ("SET") means the specification
--------------------------------------
published by Customer and MasterCard International and made available to all
developers wishing to implement secure payments over the Internet and other
public and private networks.
37. SEMI-AUTOMATED MERCHANT CERTIFICATE ISSUANCE means Merchant
--------------------------------------------
authentication is achieved by comparing information provided electronically by
the Customer or Member to information provided electronically by a Merchant
where human intervention is substantially reduced as compared with the Manual
Merchant Certificate Issuance method.
38. SERVICE LEVEL SPECIFICATION means the specification attached hereto as
---------------------------
Exhibit "K" approved by Customer and VeriSign pursuant to Section 4.1.6.
39. SET MODULE shall mean the software module created by VeriSign in
----------
connection with this Agreement to implement the SET. The SET Module shall
include all software elements necessary to implement all aspects of the SET
specification, but shall not include the VISA SET Enhancements.
40. SUBSCRIBER means an individual, a device or a role/office that has
----------
requested a Certifier to issue him, her or it a Certificate.
41. SYSTEM DESIGN SPECIFICATIONS means the system design specifications to
----------------------------
be created by VeriSign in connection with the Private Label Certificate System
for acceptance testing in accordance with Section 4.1.3. The System Design
Specifications shall contain, at
<PAGE>
VeriSign Private Label Agreement
Page 24
minimum, the items listed on the outline presently attached as Exhibit "E" and
the Requirements Documents attached as Exhibit "F". Upon acceptance by Customer,
the System Design Specifications shall be attached, in lieu of such outline, as
Exhibit "E".
42. "VERISIGN AFFILIATES" shall mean a company in which, on a class by
---------------------
class basis, more than fifty percent (50%) of the stock entitled to vote for the
election of directors is owned or controlled by VeriSign, but only so long as
such ownership or control exists.
43. VISA SET ENHANCEMENTS ("VSE") shall mean the software module created
-----------------------------
by VeriSign under this Agreement which interfaces with the SET Module to provide
enhanced functionality and features unique to Customer as specified in the
Requirements Document, a current copy of which is attached as Exhibit "F," but
not necessary to fully implement the SET.
44. WWW means the system currently referenced as the "World Wide Web" for
---
organizing multi-media information distributed across network(s) such that it
can be navigated and accessed via cross linking mechanisms, and any successor to
such system, and any parallel system which uses at least all the same
communication protocols as the system currently referenced as the "World Wide
Web" or to the successor to such system, even if the administrators of such
systems choose to call them by different names.
<PAGE>
VeriSign Private Label Agreement
Page 25
EXHIBIT "B"
FEES
1. DEVELOPMENT FEES.
----------------
Customer shall pay as Development Fees the amount of * for development and
testing, less the $100,000.00 already paid pursuant to the Consulting Services
Agreement between VeriSign and Customer dated _______________, will be payable
in four equal installments due at the execution of this Agreement, Test I, Test
II, and Pilot as detailed in Exhibit "D".
2. SET-UP FEES.
-----------
A one-time Set-up Fee of * will be paid by Customer for operation and set-
up of redundant dedicated sites of the Private Label Certificate System. The
Set-up Fee shall be in two portions: an Operation Fee of * and a Back-Up Site
Operations Fee of *. One half of the Operation Fee will be payable October 1,
1996 and the other half shall be payable on December 31, 1996. The Back-Up Site
Operations Fee shall be payable upon implementation of the back-up system
specified pursuant to the Project Plan, but not earlier than January 1, 1997.
3. SUBSCRIBER FEES. For the initial Term of this Agreement, Prepaid Subscriber
---------------
Fees shall be as follows:
Prepaid Subscriber Fee* Period
1997
1998
1999
Prepaid Subscriber Fees for 1997 and 1998 shall be paid on a quarterly basis and
shall be due within thirty (30) days of the end of the calendar quarter.
Prepaid Subscriber Fees for 1999 shall be made in two equal installments,
payable within thirty (30) days after the end of the first two (2) calendar
quarters of 1999. One hundred percent (100%) of the Fees accrued and payable on
a monthly basis under this Section 3 shall be offset against such Prepaid
Subscriber Fees until the total annual prepayment is exhausted. All Subscriber
Fees from every type of Certificate shall be offset in the specified manner,
whether Cardholder, Merchant, Payment Gateway or Member.
Prepaid Subscriber Fees in a year not offset in such year shall be earned by
VeriSign and shall not be subject to future offset, however, Prepaid Subscriber
Fees for 1997 shall be used as an offset for Subscriber Fees incurred in the
first year commencing on the First Date of Operations, as defined below.
Similarly, Prepaid Subscriber Fees for 1998 and 1999 shall be used as an
_______________________
* Confidential treatment has been requested with respect to certain portions of
this exhibit. Confidential portions have been omitted from the public filing
and have been separately filed with the Securities and Exchange Commission.
<PAGE>
VeriSign Private Label Agreement
Page 26
offset for Subscriber Fees for the second year and the first half of the third
year respectively from the First Date of Operation. The "First Date of
Operation" shall be either the actual date that VeriSign operates the Private
Label Certificate System on behalf of Customer in the Pilot, as defined in the
Project Plan, or April 1, 1997, whichever comes first.
FEES PER CERTIFICATE REQUEST:
Issuer CA Certificates*
Acquirer Certificates*
Payment Gateway CA Certificates*
Quantity
Cardholder Certificates*
Quantity
Manual Merchant Certificates*
Semi-Automated Merchant Certificates
Manual Payment Gateway Certificates
Semi-Automated Payment Gateway Certificates
The parties intend to create a Fully Automated Merchant Certificate. Parties
agree to negotiate in good faith lower pricing for Fully Automated Merchant
Certificates when such Certificates are made available.
4. MOST FAVORED PRICING. VeriSign agrees that it shall offer to Customer and
--------------------
Customer's Subscribers the best pricing it offers to any other customer or
Subscriber of a customer purchasing services or Certificates through any
Certificate system offering Subscriber Certificates through the use of the VSE.
VeriSign agrees to renegotiate any of its pricing if at any time VeriSign
pricing becomes noncompetitive with the pricing of other parties offering
similar services.
5. U.S. CURRENCY. All payments hereunder shall be made in lawful United States
-------------
Currency.
______________________
* Confidential treatment has been requested with respect to certain portions of
this exhibit. Confidential portions have been omitted from the public filing
and have been separately filed with the Securities and Exchange Commission.
<PAGE>
VeriSign Private Label Agreement
Page 27
EXHIBIT "C"
LOGOS AND TRADEMARKS
VeriSign encourages its customers to use VeriSign logos, trademarks and
service marks on customer product data sheets, packaging, Web pages and
advertising, but it is important to use them properly.
When using VeriSign trademarks and service marks in ads, product packaging,
documentation or collateral materials, be sure to use the correct trademark
designator: (R) for registered trademarks, (TM) for claimed or pending
trademarks and sm for claimed or pending service marks. VeriSign trademarks and
their correct designators are depicted below. To ensure proper usage, please
allow VeriSign marketing to review any materials using or mentioning VeriSign
trademarks prior to general release.
Using these VeriSign logos does not require written permission; in fact, we
encourage you to use them on your product packaging, Web pages and marketing
collateral!
VeriSign will update this Logos and Trademarks Usage Guide on a regular
basis. To check for most current information on logo and trademark usage, check
VeriSign's Web site at http:/www.verisign.com.
VeriSign(TM)
Digital ID (sm)
Digital ID Center (sm)
<PAGE>
VeriSign Private Label Agreement
Page 28
EXHIBIT "D"
PROJECT PLAN ELEMENTS
The VeriSign Deliverables to Customer for Test I will be ready for
Acceptance Test I on or before the date agreed to by the Customer/VeriSign Joint
Project Team. Terms for delivery of development deliverables for Test II and
Test III, Pilot, and General Availability production will be specified in the
Project Plan. VeriSign will provide full production, operational facilities in
accordance with time scales agreed with Customer. The operation and support
will be implemented in phases as defined in the Project Plan (i.e. Test I, II,
III, Pilot, General Availability).
<PAGE>
VeriSign Private Label Agreement
Page 29
EXHIBIT "E"
SYSTEM DESIGN SPECIFICATIONS
The Private Label Certificate System will be based upon the VeriSign
product Electronic Commerce Authentication System plus enhancements specified by
Customer.
The parties contemplate that development, testing and implementations of
all Private Label Certificate system component will be implemented in three
phases.
The Private Label Certificate System will consist of three basic module:
ECAS, SET Module and VSE.
The System Design Specifications will implement the following requirements
documents attached in this Exhibit.
<PAGE>
Electronic Certification Services
Brand Certificate Authority
Business Policies, Procedures and Requirements
Version 1.0
April 30, 1996
<PAGE>
TABLE OF CONTENTS
1. Overview.......................................................... 1
1.1 Focus........................................................ 1
1.2 Purpose...................................................... 1
1.3 Availability/Phase........................................... 1
2. Operations......................................................... 2
2.1 Start of CA Operations....................................... 2
2.2 Operating Guidelines......................................... 2
2.3 Service Level Agreement...................................... 2
2.4 Termination of CA Operations................................. 3
2.5 Backup Requirements.......................................... 3
2.6 Archival and Retrieval....................................... 3
2.7 Contingency Requirements..................................... 3
3. Keys and Certificates............................................. 4
3.1 Certificate Formats.......................................... 4
3.2 Certificate Issuance Policies................................ 4
3.3 Brand CA Key Pairs and Corresponding CeHiScates.............. 4
3.3.1 Brand CA Geo-political Certificate Signature (T3).... 4
3.3.2 Brand CA Geo-political Key Exchange (T3)............. 4
3.3.3 Brand CA Geo-political Message Signature (T3)........ 5
3.3.4 Brand CA Issuer Certificate Signature (T2)........... 5
3.3.5 Brand CA Issuer Key Exchange (T2).................... 5
3.3.6 Brand CA Issuer Message Signature (T2)............... 5
3.3.7 Brand CA Acquirer Certificate Signature (T2)......... 5
3.3.8 Brand CA Acquirer Key Exchange (T2).................. 6
3.3.9 Brand CA Acquirer Message Signature (T2)............. 6
3.3.11 Brand CA Payment Gateway Key Exchange (T2)........... 6
3.3.12 Brand CA Payment Gateway Message Signature (T2)...... 6
3.3.13 Brand CA Root Key Exchange (GA)...................... 7
3.3.14 Brand CA Root Message Signature (GA)................. 7
3.3.15 Brand CA Backup Signature/Encryption (P)............. 7
3.3.16 Brand CA Archival Signature/Encryption (P)........... 7
3.4 External Certificates........................................ 7
3.4.1 Root CA Brand Certificate Signature (T2)............. 7
3.4.2 Root CA Brand Key Exchange (GA)...................... 8
3.4.3 Root CA Brand Message Signature (GA)................. 8
3.5 Key and Certificate Management............................... 8
3.5.1 Key Security......................................... 8
3.5.2 Key Generation....................................... 9
3.5.3 Key Expiration and Renewal........................... 9
3.5.4 Brand Key Compromise................................. 9
3.5.5 Key Backup...........................................10
i
<PAGE>
3.5.6 Key Recovery.........................................10
3.5.7 Key Transport........................................11
3.5.8 Key Archival (P).....................................11
3.5.9 Key Retrieval (P)....................................12
3.6 Underlying Cryptography......................................12
3.7 Certificate Revocation Lists (CRL) (V2)......................12
4. Interface with the Root CA........................................12
4.1 Registering with Root CA.....................................12
4.2 Certificate Request..........................................12
4.3 Certificate Renewal..........................................13
4.4 Certificate Revocation.......................................13
4.5 Root Certificates............................................13
4.6 Root Key Compromise Procedures...............................13
4.7 Messages.....................................................14
5. Interface with Geo-political CAs (T3)..............................14
5.1 Registering a Geo-political CA...............................14
5.2 Certificate Issuance Policies................................15
5.3 Certificate Revocation.......................................15
5.4 Messages.....................................................16
6. Interface with Cardholder CAs.....................................16
6.1 Registering a Cardholder CA..................................16
6.2 Certificate Issuance Policies................................17
6.3 Certificate Revocation.......................................17
6.4 Messages.....................................................18
7. Interface with Merchant CAs.......................................18
7.1 Registering a Merchant CA....................................18
7.2 Certificate Issuance Policies................................19
7.3 Certificate Revocation.......................................19
7.4 Messages.....................................................19
8. Interface with Payment Gateway CA.................................20
8.1 Registering a Payment Gateway CA.............................20
8.2 Certificate Issuance Policies................................21
8.3 Certificate Revocation.......................................21
8.4 Messages.....................................................21
9. Interface with VisaNet............................................22
10. Security (P)......................................................22
10.1 Physical Security............................................22
10.2 Network Security.............................................23
10.3 System Security..............................................24
10.4 Personnel Security Requirements..............................24
11. Auditing (P)......................................................24
12. Reporting.........................................................26
13. Outstanding Issues................................................26
ii
<PAGE>
1. OVERVIEW
This document defines the business policies, procedures and requirements
governing the design, implementation and operation of the Brand Certificate
Authority (CA). It addresses all aspects of the Brand Certificate Authority
including operations, key and certificate management, interaction with other
entities, security, auditing and reporting.
1.1 Focus
-----
This document focuses on the Brand Certificate Authority policies procedures and
requirements needed to support Visa's Secure Electronic Commerce (SEC) Services.
All CA functions are collectively known as Visa's Electronic Certification
Services (ECS).
1.2 Purpose
-------
The Brand CA (BCA) issues SEC compliant digital certificates to Brand members
(Issuers and Acquirers or their processors) that wish participate in Visra
Secure Electronic Commerce (SEC) Services. The Brand CA issues Cardholder CA
(CCA) certificates for use in issuing certificates to their cardholders and
Merchant CA (MCA) certificates for use in issuing certificates to their
merchants. In addition the Brand CA will issue certificates to Brand operated
Payment Gateway CAs (PCA) for use in issuing certificates to Acquirer Payment
Gateways. The Brand CA will also issue certificates to Geo-political CAs (GCA).
The Brand CA issues three types of certificates for each of their members:
certificate signature certificates, key exchange certificates and message
signature certificates.
The Brand CA will only directly interact with the Root CA (RCA), Geopolitical
CAs, Cardholder CAs, Merchant CAs, and Payment Gateway CAs.
The Brand CA is also responsible for establishing and publishing policies and
procedures that clearly define the purpose, usage, value and guidelines of
certificates that it issues. It also establishes policies, procedures and
requirements that govern the design, implementation and operation of subordinate
CAs within the Brand CA's domain.
1.3 Availability/Phase
------------------
The policies, procedures and requirements identified and defined within this
document are expected to be in operation and/or the deliverable met for
acceptance testing of Test 1. Exceptions to this are identified by "(xx)" where
xx represents the acceptance test of the phase upon which it must be in
operation and/or the deliverable met.
Test 1 will be based on the April/May 1996 release of the SET specifications.
Pilot will be based on Version 1.0 of SET.
For additional or specific schedule information refer to the overall Visa SEC
Service project plan.
1
<PAGE>
2. OPERATIONS
This section defines the business policies, procedures and requirements related
to the operation of the BCA.
2.1 Start of CA Operations
----------------------
To be determined.
1. Prior to the start of the BCA operations, all acceptance testing, audits,
backup and contingency procedures must be completed and have "sign off' by the
appropriate Brand officials.
2.2 Operating Guidelines
--------------------
1. The BCA will operate on GMT time. The BCA clock shall be kept accurate
within one (1) minute of actual GMT time as provided by a source that is
mutually agreed upon by Visa and VeriSign. (T2)
2. The BCA time will be synchronized with all other components of ECS.
3. The BCA will be able to support resent messages from CCAs, MCAs, PCAs and
Payment Gateways. (V2)
4. Responses to resent messages (duplicates) will rewrap the reply contents
and forward the reply to the requester. (V2)
5. The BCA shall log all incoming and response messages.
6. All transactions defined within the SET Specification document must be
supported.
7. The BCA shall maintain a database of all registration information linked
to a certificate and/or member. (T2)
8. No data that has reached the ECS domain can be lost . Refer to the SLA for
more details. (T2)
2.3 Service Level Agreement
-----------------------
1. The BCA shall be available as defined in the Service Level Agreement. (GA)
2. The BCA shall be able to process a certain number of certificates requests
per time period (peak load) as defined in the Service Level Agreement. (GA)
2
<PAGE>
2.4 Termination of CA Operations
----------------------------
To be determined.
2.5 Backup Requirements
-------------------
1. The BCA shall be backed up on a scheduled basis as defined in SLA. (T2)
2. The BCA shall back up the basic system components. (T1)
3. The BCA shall back up all elements of the CA as defined in a design
document that is mutually agreed upon by Visa and VeriSign. (T2)
4. Backup copies of the BCA archives must be stored in encrypted and signed
format as defined in a design document that is mutually agreed upon by Visa and
VeriSign. (GA)
5. All backup media must be stored offsite in secure manner. (T2)
6. System backups must be performed as defined in SLA. (T2)
2.6 Archival and Retrieval
----------------------
1. All certificates issued by the BCA and the associated registration
information, will be placed in archives. (GA)
2. The BCA archives shall be kept on read-only media (optical disk). (GA)
3. The BCA will have a mechanism to read/recall information that is stored in
archives as defined in a design document that is mutually agreed upon by Visa
and VeriSign. (GA)
2.7 Contingency Requirements
------------------------
1. The BCA must be able to recover from a RCA or BCA key compromise as defined
in the SLA. (P)
2. The BCA shall have a fully functional and secure contingency site in the
event that the primary site becomes unavailable. (P)
3. In case of disaster, the BCA must have appropriate backup facilities
operable within the time frame described within the SLA.
4. If the BCA servers or cryptographic materials become inoperable, business
resumption plans must allow the BCA services to resume within the time frame
described within the SLA.
3
<PAGE>
3. KEYS AND CERTIFICATES
This section defines the business policies, procedures and requirements related
to keys and certificates used within the BCA.
3.1 Certificate Formats
-------------------
1. All RCA certificates will formatted as described in the SET Specification
document and must include any SEC specific information.
2. All BCA certificates will formatted as described in the SET Specification
document and must include any SEC specific information.
3. All GCA certificates will formatted as described in the SET Specification
document and must include any SEC specific information.
4. All CCA certificates will formatted as described in the SET Specification
document and must include any SEC specific information.
5. All MCA certificates will formatted as described in the SET Specification
document and must include any SEC specific information.
6. All PCA certificates will formatted as described in the SET Specification
document and must include any SEC specific information.
3.2 Certificate Issuance Policies
-----------------------------
1. The BCA will only issue certificates to CCAs, MCAs, GCAs and PCAs.
3.3 Brand CA Key Pairs and Corresponding Certificates
-------------------------------------------------
This subsection defines the key pairs and corresponding certificates generated
and used within the BCA.
3.3.1 BRAND CA GEO-POLITICAL CERTIFICATE SIGNATURE (T3)
* Usage: Used to sign certificates issued to GCAs Key Size: 1024 bits
Certificate/Public Key Expiration: 6 years Private Key Expiration: 1 year.
Issued By: RCA
3.3.2 BRAND CA GEO-POLITICAL KEY EXCHANGE (T3)
* Usage: Used by the GCA to encrypt messages sent to BCA
* Key Size: 1024 bits. Certificate/Public Key Expiration: 1 year
* Private Key Expiration: 2 years. Issued By: RCA
4
<PAGE>
3.3.3 BRAND CA GEO-POLITICAL MESSAGE SIGNATURE (T3)
* Usage: Used to sign messages sent to GCAs
* Key Size: 1024 bits
* Certificate/Public Key Expiration: 2 years. Private Key Expiration: 1 year
* Issued By: RCA
3.3.4 BRAND CA ISSUER CERTIFICATE SIGNATURE (T2)
* Usage: Used to sign certificates issued to CCAs
* Key Size: 1024 bits
* Certificate/Public Key Expiration: 5 years Private Key Expiration: 1 year.
Issued By: RCA
3.3.5 BRAND CA ISSUER KEY EXCHANGE (T2)
* Usage: Used by the CCA to encrypt messages sent to BCA
* Key Size: 1024 bits
* Certificate/Public Key Expiration: 1 year
* Private Key Expiration: 2 years
* Issued By: RCA
3.3.6 BRAND CA ISSUER MESSAGE SIGNATURE (T2)
* Usage: Used to sign messages sent to CCAs
* Key Size: 1024 bits
* Certificate/Public Key Expiration: 2 years Private Key Expiration: 1 year
* Issued By: RCA
3.3.7 BRAND CA ACQUIRER CERTIFICATE SIGNATURE (T2)
* Usage: Used to sign certificates issued to MCAs
* Key Size: 1024 bits
5
<PAGE>
* Certificate/Public Key Expiration: 4 years
* Private Key Expiration: 1 year
* Issued By: RCA
3.3.8 BRAND CA ACQUIRER KEY EXCHANGE (T2)
* Usage: Used by CCA to encrypt messages sent to BCA
* Key Size: 1024 bits
* Certificate/Public Key Expiration: 1 year
* Private Key Expiration: 2 years
* Issued By: RCA
3.3.9 BRAND CA ACQUIRER MESSAGE SIGNATURE (T2)
* Usage: Used to sign messages sent to CCAs Key Size: 1024 bits
* Certificate/Public Key Expiration: 2 years
* Private Key Expiration: 1 year Issued By: RCA
3.3.10 BRAND CA PAYMENT
* Gateway Certificate Signature (T2)
* Usage: Used to sign certificates issued to PCAs
* Key Size: 1024 bits
* Certificate/Public Key Expiration: 2 years. Private Key Expiration: 1 year
* Issued By: RCA
3.3.11 BRAND CA PAYMENT GATEWAY KEY EXCHANGE (T2)
* Usage: Used by PCAs to encrypt messages sent to BCA
* Key Size: 1024 bits
* Certificate/Public Key Expiration: 1 year
* Private Key Expiration: 2 years. Issued By: RCA
3.3.12 BRAND CA PAYMENT GATEWAY MESSAGE SIGNATURE (T2)
* Usage: Used to sign messages sent to PCAs
6
<PAGE>
* Key Size: 1024 bits
* Certificate/Public Key Expiration: 2 years
* Private Key Expiration: 1 year.
* Issued By: RCA
3.3.13 BRAND CA ROOT KEY EXCHANGE (GA)
* Usage: Used by RCA to encrypt messages sent to BCA . Key Size: 2048 bits
* Certificate/Public Key Expiration: 1 year Private Key Expiration: 2 years. I
* Issued By: RCA
3.3.14 BRAND CA ROOT MESSAGE SIGNATURE (GA)
* Usage: Used to sign messages sent to the RCA
* Key Size: 2048 bits
* Certificate/Public Key Expiration: 2 years
* Private Key Expiration: 1 year
* Issued By:RCA
3.3.15 BRAND CA BACKUP SIGNATURE/ENCRYPTION (P)
* Usage: Used to sign and encrypt BCA backup data
* Key Size: 1024 bits Certificate/Public Key Expiration: n/a .
* Private Key Expiration: n/a
* Issued By: BCA
3.3.16 BRAND CA ARCHIVAL SIGNATURE/ENCRYPTION (P)
* Usage: Used to sign and encrypt BCA archival data
* Key Size: 1024 bits
* Certificate/Public Key Expiration: n/a
* Private Key Expiration: n/a
* Issued By: BCA
3.4 External Certificates
---------------------
This subsection defines the certificates used by the BCA that were issued
externally to the BCA.
3.4.1 ROOT CA BRAND CERTIFICATE SIGNATURE (T2)
* Usage: Used to authenticate certificates issued by the RCA to the BCA
* Key Size: 2048 bits
* Certificate/Public Key Expiration:
* Private Key Expiration:
7
<PAGE>
* Issued By: RCA
3.4.2 ROOT CA BRAND KEY EXCHANGE (GA)
* Usage: Used to encrypt messages sent by the BCA to the RCA
* Key Size: 2048 bits
* Certificate/Public Key Expiration:
* Private Key Expiration:
* Issued By: RCA
3.4.3 ROOT CA BRAND MESSAGE SIGNATURE (GA)
* Usage: Used to authenticate messages sent by the RCA to the BCA
* Key Size: 2048 bits
* Certificate/Public Key Expiration:
* Private Key Expiration:
* Issued By: RCA
3.5 Key and Certificate Management
------------------------------
This section defines the business policies, procedures and requirements related
to key and certificate management of the BCA.
Note: Key management requirements are based on the use of a BBN cryptographic
module. Similar methods must be used for non-BBN cryptographic modules. Visa
will review and approve methods used for non-BBN cryptographic modules prior to
implementation.
3.5.1 KEY SECURITY
1. All BCA cryptographic functions will be performed in tamper proof and
detectable hardware that complies to FIPS 140 level 3 requirements. (T2)
2. Hardware security devices shall be able to indicate failure, error
condition and evidence of tamper.
3. The PPK pair must be generated within the hardware security device in which
that key will be used. The only exception to this is in generating backup
cryptographic devices that require the same keying information.
4. The BCA private keys shall never appear outside of the hardware security
device in any form. The only exception to this is in generating backup
cryptographic devices that require the same keying information.
8
<PAGE>
5. All BCA private keys must be kept in a single tamper evident hardware
security device.
3.5.2 KEY GENERATION
1. The BCA keys must be generated according to Visa's direction as defined
in a policy document that is mutually agreed upon by Visa and VeriSign.
2. The BCA public and private key (PPK) pairs must be generated using random
(RNG) or pseudo-random (PRNG) techniques.
3. Any RNG/PRNG technique used to generate PPK pairs must have a low
correlation value of results to ensure unpredictability. Correlation values
must be documented and may be reviewed by Visa at its discretion.
4. The generation of each PPK pair must be conducted within a secure room
rated for tempest security. The equipment may, if tempest rated, suffice.
5. Authorized BCA personnel only may generate PPK pairs.
6. Before generating each PPK pair, the hardware device must be made secure
by guidelines as described by Visa International.
7. An audit control log must be kept for each PPK pair generated.
8. Brand CIK token holders may not also be Member CIK token holders.
3.5.3 KEY EXPIRATION AND RENEWAL
1. 30 days prior to expiration of existing BCA certificates, the BCA will
generate new key pairs for the corresponding application. Following key
generation, the BCA shall request a new certificate from the RCA. The new
certificate will be distributed to all the GCA, CCA, MCA, PCAs within a
message that is signed using the private key that corresponds to the valid
BCA message signature certificate. (GA)
3.5.4 BRAND KEY COMPROMISE
1. Upon the compromise of a BCA key exchange key pair, the corresponding BCA
key exchange certificate will be revoked. A new key pair will be generated
and the BCA shall request a new certificate from the RCA. The BCA will
distribute the new certificate to GCA, CCA, MCA, and PCAs within a message
that is signed using the private key that corresponds to the valid BCA
message signature certificate. (P)
2. Upon the compromise of a BCA message signature key pair, the corresponding
BCA message signature certificate will be revoked. A new key pair will be
generated and the BCA shall request a new certificate from the RCA. The BCA
will distribute the new certificate to GCA, CCA, MCA, and PCAs within a
message that is signed using the private key that corresponds to the new
BCA message signature certificate. (P)
9
<PAGE>
3. Upon the compromise of a BCA certificate signature key pair, the
corresponding BCA certificate signature certificate will be revoked. A new
key pair will be generated and the BCA shall request a new certificate from
the RCA. All GCA, CCA, MCA, and PCA certificates signed by the compromised
key will be revoked. New certificates will be issued and signed using the
newly generated key pair. The new certificates along with the new BCA
certificate signature certificate will be sent to all GCA, CCA, MCA, and
PCAs who's certificates were revoked. These certificates will be sent
within a message that is signed using the private key that corresponds to
the valid BCA message signature certificate. In addition, all other GCA,
CCA, MCA, and PCAs will receive the new certificate within a similar
message. (P)
4. Upon the compromise of a BCA Root key exchange key pair, the corresponding
BCA Root key exchange certificate will be revoked. A new key pair will be
generated and the BCA shall request a new certificate from the RCA. (GA)
5. Upon the compromise of a BCA Root message signature key pair, the
corresponding BCA Root message signature certificate will be revoked. A new
key pair will be generated and the BCA shall request a new certificate from
the RCA in a trusted, off-line manner. (GA)
3.5.5 KEY BACKUP
1. Each BCA private key will have a corresponding backup housed within a fill
device; each fill device must be kept in a separate location known only to
authorized CA personnel; access to backup key must be under dual control.
2. Backup facilities are subject to same key management requirements as the
primary facilities.
3.5.6 KEY RECOVERY
1. In the event that the BCA's private key is lost in a manner free of
compromise where equipment failure, corruption of the keying data, or passwords
are forgotten, it may be possible to restore the keying material from a secure
backup, i.e., removable storage device.
2. The secure backup process includes a datakey or token where the private key
is secured by both the physical security proprieties of the removable storage
medium and by a secret DES key that is unique to the device that originally
contained the Private Key. The latter requirement is important to assure that
the authority is restored only on the device that contained the original DES key
and that a duplicate authority is not created.
3. The DES key protecting the Private Key when secured in the removable
storage device is to be a double length key and triple encryption is to be used
to protect the Private
10
<PAGE>
Key. The encryption process is defined in Visa's Card Technologies Standards
Manual.
4. The process of removing the device from storage is to be performed under
the principle of dual control.
5. Re-initialization of the authority is to be managed, using the same
procedures as when the authority was created.
3.5.7 KEY TRANSPORT
1. Private Keys are never to be transported outside the physical protection of
the security module containing that private key during its active, useful life.
2. The Private Key may, for purposes of recovery, exist in the protected
memory of removable storage only if protected by a double length DES key that is
known only to the device were the actual Private Key is resident.
3. Transport of the data token, with the encrypted Private Key, is to be under
dual control, i.e., never to be managed under the single custody of the
transporting parties.
4. Custodians for the removable memory component are never to be holders of
the Cryptographic Ignition Keys (CIKs).
5. Every access of the removable memory component is to be logged and a
verifiable audit trail maintained by the CA.
6. When Public Keys are transported, steps must be taken to assure that the
integrity of the key is maintained. There must be no chance for the substitution
of other values. Therefore, Public Keys received by the CA for the purposes
certification, are to be protected either using the DES Algorithm or Diffie-
Hillman Exponential Key Exchange.
3.5.8 KEY ARCHIVAL (P)
1. Archival refers to the off-line, long term storage of keys that are no
longer operational.
2. The purpose of archiving is to settle disputes involving non-repudiation,
i.e., the evidence of the validity of an old digital signature.
3. To be able to establish the validity of a claim requires that any achieved
keying data be secured so that the integrity of the original key is assured.
4. The archival of a Private Key requires either the secure, long term storage
of the removable memory device or the complete storage of the physical device
used by the CA for certificate creation. In those situations where the removable
memory device can be archived, the physical device to which the removable memory
was a part must contain a single authority.
11
<PAGE>
5. For the purposes of the BCA, the archival of the private key requires the
secure storage of the removable memory of the security device used by the
authority for that Private Key. This device will contain the archived Private
Key encrypted under the secret, double length DES key known only to the security
module containing the active Private Key and distributed across the
Cryptographic Ignition Keys (CIKs) unique to that device.
6. If the device contains multiple authorities, the archival of all Private
Keys will, most likely have to be accomplished at the same time because, at no
time is a CA to archive Private Keys outside the physical device of which they
were created, protected by a DES key that is being used to protect another
archived Private Key, except by chance.
3.5.9 KEY RETRIEVAL (P)
1. For the purposes of non-repudiation, the archived Private Keys are to be
managed as if they were valid.
2. Key retrieval from an archival domain is to be accomplished using the same
care and procedures as originally used for its creation.
3.6 Underlying Cryptography
-----------------------
1. The BCA will support the RSA algorithm for public-key cryptography, SHA (1)
for hashing and DES for data encryption. Refer to the SEC Specification document
for details.
3.7 Certificate Revocation Lists (CRL) (V2)
---------------------------------------
Not applicable for of General Availability.
4. INTERFACE WITH THE ROOT CA
This subsection defines the business policies, procedures and requirements
related to the BCA's interaction with the RCA.
4.1 Registering with Root CA
------------------------
To be determined.
4.2 Certificate Request
-------------------
1. Initial BCA root certificate requests will be obtained by the RCA in a
trusted, off-line manner. (P)
2. Delivery of the Initial BCA root certificate requests will be handled as
described in a
12
<PAGE>
policy document that is mutually agreed upon by Visa and VeriSign. (P)
3. Subsequent BCA certificate requests will be obtained by the RCA via online
electronic means. (GA)
4.3 Certificate Renewal
-------------------
1. 30 days prior to expiration of existing BCA certificates, the BCA will
generate new key pairs for the corresponding application. Following key
generation, the BCA shall request a new certificate from the RCA.
4.4 Certificate Revocation
----------------------
1. Upon the compromise of any BCA key pair, the BCA must notify the RCA to
revoke the corresponding BCA certificate. A new key pair will be generated and
the BCA shall request a new certificate from the RCA.
4.5 Root Certificates
-----------------
1. All initial RCA certificates will obtained in a trusted manner. (P)
2. All initial RCA certificates will be authenticated using the public keys
contained within the RCA certificates and the associated hash values as defined
in the SEC Specification document. (P)
3. All non-initial RCA certificates will be authenticated using the public key
contained within the previous Root usage certificates. (P)
4. All RCA certificates will be stored in a tamper proof and detectable
manner. (P)
5. All certificates issued by the RCA to the BCA will be authenticated using
the public key contained within the valid RCA brand certificate signature
certificate. (P)
4.6 Root Key Compromise Procedures
------------------------------
1. Upon compromise of a RCA key pair, new RCA certificates shall be treated as
initial RCA certificates and the appropriate procedures will be applied. (P)
2. Upon the compromise of a RCA brand certificate signature key pair, the
corresponding RCA brand signature certificate and any certificates issued with
the corresponding key will not be accepted. The RCA will distribute the new RCA
brand key exchange certificate to the BCA within a message that is signed using
the private key that corresponds to the valid RCA brand message signature
certificate. All BCA certificates signed by the compromised key will be revoked.
New BCA certificates will be requested from the RCA. All CCA, MCA, GCA, PCA and
Registration Server certificates signed by BCA certificates issued by the
compromised RCA key will be revoked. New CCA, MCA,
13
<PAGE>
GCA, PCA and Registration Server certificates will be issued and signed using
newly generated BCA key pairs. The new certificates along with the new RCA and
BCA certificate signature certificates will be sent, in a trusted manner, to all
CCA, MCA, GCA, PCA and Registration Server whose certificates were revoked. (P)
3. Upon the compromise of a RCA brand key exchange key pair, the corresponding
RCA brand key exchange certificate will not be used to encrypt messages sent to
the RCA. The RCA will distribute the new RCA brand key exchange certificate to
the BCA within a message that is signed using the private key that corresponds
to the valid RCA brand message signature certificate. (P)
4. Upon the compromise of a RCA brand message signature key pair, the
corresponding RCA brand message signature certificate and any messages signed by
the compromised key pair will not be accepted. The RCA will distribute the new
RCA brand message signature certificate to the BCA within a message that is
signed using the private key that corresponds to the new RCA brand message
signature certificate. (P)
4.7 Messages
--------
1. All messages sent by the BCA to the RCA will be encrypted using the public
key contained within the valid RCA brand key exchange certificate. (GA)
2. All messages sent by the RCA to the BCA will be encrypted using the public
key contained within the valid BCA Root key exchange certificate. (GA)
3. All messages sent by the BCA to the RCA will be signed using the private
key corresponding to the valid BCA Root message signature certificate. (GA)
4. All messages sent by the RCA to the BCA will be authenticated using the
public key contained within the valid RCA brand message signature certificate.
(GA)
5. All requests for BCA certificates sent to the RCA will be formatted as
described in ??? (GA)
6. All responses to BCA certificate requests by the RCA will be formatted as
described in ??? (GA)
5. INTERFACE WITH GEO-POLITICAL CAS (T3)
This subsection defines the business policies, procedures and requirements
related to the BCA's interaction with a GCA.
5.1 Registering a Geo-political CA
------------------------------
1. The GCA entity must register with the Brand prior to issuing certificates
to it's members.
14
<PAGE>
2. The GCA entity must complete a GCA Registration Contract prior to being
issued a certificate by the Brand.
3. The GCA Registration Contract must be signed by authorized members of the
GCA entity.
4. The authorized members of the GCA entity must present proof of the
existence of the Geo-political entity (i.e. letter of incorporation).
5. The authorized members of the GCA entity must present proof of their own
identity (i.e. passport).
6. The authorized members of the GCA entity must present proof of their
relationship to GCA entity (i.e. badge).
7. The authorized members of the GCA entity must present proof of their
authorization to act on behalf of the GCA entity (i.e. letter granting authority
with appropriate letter head and signature of entity executives).
5.2 Certificate Issuance Policies
-----------------------------
1. Initial GCA certificate requests will be obtained by the BCA in a trusted,
off-line manner. This must include requests for GCA Brand (message and
encryption) certificates.
2. Subsequent GCA certificate requests will be obtained by the BCA via
electronic means.
3. All certificates issued to GCAs will be signed using the private key that
corresponds to the valid BCA Geo-political certificate signature certificate.
4. The BCA will only issue certificates to GCA certificate requests that have
passed the business constraints and edit routines as defined in a policy
document that is mutually agreed upon by Visa and VeriSign.
5. The BCA shall send a certificate request rejection response to GCA
certificate requests that have not passed the business constraints and edit
routines.
5.3 Certificate Revocation
----------------------
1. The BCA shall retain the right to revoke a GCA certificate based on
guidelines outline within the Geo-political Registration Contract.
2. Upon the compromise of a GCA Brand key exchange key pair, the GCA must
revoke the corresponding GCA Brand key exchange certificate. A new key pair will
be generated and the GCA shall request a new certificate from the BCA.
3. Upon the compromise of a GCA Brand message signature key pair, the GCA must
15
<PAGE>
revoke the corresponding GCA Brand message signature certificate. A new key pair
will be generated and the GCA shall request a new certificate from the BCA in a
trusted, off-line manner.
4. Upon the compromise of any other GCA key pair, the GCA must revoke the
corresponding GCA certificate. A new key pair will be generated and the GCA
shall request a new certificate from the BCA.
5.4 Messages
--------
1. All requests for GCA certificates sent to the BCA will be formatted as
described in ???
2. All responses to GCA certificate requests by the BCA will be formatted as
described in ???
3. All messages sent by the GCA to the BCA will be encrypted using the public
key contained within the valid BCA Geo-political key exchange certificate.
4. All messages sent by the BCA to the GCA will be encrypted using the public
key contained within the valid GCA brand key exchange certificate.
5. All request messages sent to the BCA by GCAs will be authenticated using
the public key contained within the valid GCA brand message signature
certificate.
6. All response messages sent to GCAs will be signed using the private key
that corresponds to the valid BCA Geo-political message signature certificate.
6. INTERFACE WITH CARDHOLDER CAS
This subsection defines the business policies, procedures and requirements
related to the BCA's interaction with a CCA.
6.1 Registering a Cardholder CA
---------------------------
1. The CCA entity must register with the Brand prior to issuing certificates
to it's cardholders.
2. The CCA entity must complete a CCA Registration Contract prior to being
issued a certificate by the Brand.
3. The CCA Registration Contract must be signed by authorized members of the
CCA entity.
4. The authorized members of the CCA entity must present proof of the
existence of the CCA entity (i.e. letter of incorporation).
16
<PAGE>
5. The authorized members of the CCA entity must present proof of their own
identity (i.e. passport).
6. The authorized members of the CCA entity must present proof of their
relationship to CCA entity (i.e. badge).
7. The authorized members of the CCA entity must present proof of their
authorization to act on behalf of the CCA entity (i.e. letter granting authority
with appropriate letter head and signature of entity executives).
6.2 Certificate Issuance Policies
-----------------------------
1. Initial CCA certificate requests will be obtained by the BCA in a trusted,
off-line manner. This must include requests for CCA Brand (message and
encryption) certificates.
2. Subsequent CCA certificate requests will be obtained by the BCA via
electronic means. (GA)
3. All certificates issued to CCAs will be signed using the private key that
corresponds to the valid BCA issuer certificate signature certificate.
4. The BCA will only issue certificates to CCA certificate requests that have
passed the business constraints and edit routines as defined in a policy
document that is mutually agreed upon by Visa and VeriSign.
5. The BCA shall send a certificate request rejection response to CCA
certificate requests that have not passed the business constraints and edit
routines.
6.3 Certificate Revocation
----------------------
1. The BCA shall retain the right to revoke a CCA certificate based on
guidelines outline within the CCA Registration Contract.
2. Upon the compromise of a CCA Brand key exchange key pair, the CCA must
revoke the corresponding CCA Brand key exchange certificate. A new key pair will
be generated and the CCA shall request a new certificate from the BCA.
3. Upon the compromise of a CCA Brand message signature key pair, the CCA must
revoke the corresponding CCA Brand message signature certificate. A new key pair
will be generated and the CCA shall request a new certificate from the BCA in a
trusted, off-line manner.
4. Upon the compromise of any other CCA key pair, the CCA must revoke the
corresponding CCA certificate. A new key pair will be generated and the CCA
shall request a new certificate from the BCA.
17
<PAGE>
6.4 Messages
--------
1. All requests for CCA certificates sent to the BCA will be formatted as
described in ??? (GA)
2. All responses to CCA certificate requests by the BCA will be formatted as
described in ??? (GA)
3. All messages sent by the CCA to the BCA will be encrypted using the public
key contained within the valid BCA issuer key exchange certificate. (GA)
4. All messages sent by the BCA to the CCA will be encrypted using the public
key contained within the valid CCA brand key exchange certificate. (GA)
5. All request messages sent to the BCA by CCAs will be authenticated using
the public key contained within the valid CCA brand message signature
certificate. (GA)
6. All response messages sent to CCAs will be signed using the private key
that corresponds to the valid BCA issuer message signature certificate. (GA)
7. INTERFACE WITH MERCHANT CAS
This subsection defines the business policies, procedures and requirements
related to the BCA's interaction with an MCA.
7.1 Registering a Merchant CA
-------------------------
1. The MCA entity must register with the Brand prior to issuing certificates
to it's merchants.
2. The MCA entity must complete an MCA Registration Contract prior to being
issued a certificate by the Brand.
3. The MCA Registration Contract must be signed by authorized members of the
MCA entity.
4. The authorized members of the MCA entity must present proof of the
existence of the MCA entity (i.e. letter of incorporation).
5. The authorized members of the MCA entity must present proof of their own
identity (i.e. passport).
6. The authorized members of the MCA entity must present proof of their
relationship to MCA entity (i.e. badge).
7. The authorized members of the MCA entity must present proof of their
18
<PAGE>
authorization to act on behalf of the MCA entity (i.e. letter granting authority
with appropriate letter head and signature of entity executives).
7.2 Certificate Issuance Policies
-----------------------------
1. Initial MCA certificate requests will be obtained by the BCA in a trusted,
off-line manner. This must include requests for MCA Brand (message and
encryption) certificates.
2. Subsequent MCA certificate requests will be obtained by the BCA via online
electronic means. (GA)
3. All certificates issued to MCAs will be signed using the private key that
corresponds to the valid BCA acquirer certificate signature certificate.
4. The BCA will only issue certificates to MCA certificate requests that have
passed the business constraints.
5. The BCA shall send a certificate request rejection response to MCA
certificate requests that have not passed the business constraints.
7.3 Certificate Revocation
----------------------
1. The BCA shall retain the right to revoke a MCA certificate based on
guidelines outline within the MCA Registration Contract.
2. Upon the compromise of a MCA Brand key exchange key pair, the MCA must
revoke the corresponding MCA Brand key exchange certificate. A new key pair will
be generated and the MCA shall request a new certificate from the BCA.
3. Upon the compromise of a MCA Brand message signature key pair, the MCA must
revoke the corresponding MCA Brand message signature certificate. A new key pair
will be generated and the MCA shall request a new certificate from the BCA in a
trusted, off-line manner.
4. Upon the compromise of any other MCA key pair, the MCA must revoke the
corresponding MCA certificate. A new key pair will be generated and the MCA
shall request a new certificate from the BCA.
7.4 Messages
--------
1. All requests for MCA certificates sent to the BCA will be formatted as
described in ??? (GA)
2. All responses to MCA certificate requests by the BCA will be formatted as
described in ??? (GA)
19
<PAGE>
3. All messages sent by the Acquirer CA to the BCA will be encrypted using the
public key contained within the valid BCA acquirer key exchange certificate.
(GA)
4. All messages sent by the BCA to the MCA will be encrypted using the public
key contained within the valid MCA brand key exchange certificate. (GA)
5. All request messages sent to the BCA by MCAs will be authenticated using
the public key contained within the valid MCA brand message signature
certificate. (GA)
6. All response messages sent to MCAs will be signed using the private key
that corresponds to the valid BCA acquirer message signature certificate. (GA)
8. INTERFACE WITH PAYMENT GATEWAY CA
This subsection defines the business policies, procedures and requirements
related to the BCA's interaction with a PCA.
8.1 Registering a Payment Gateway CA
--------------------------------
1. The Acquirer operating the Payment Gateway must register with the Brand
prior to accepting SEC transactions.
2. The Acquirer operating the Payment Gateway must complete an MCA
Registration Contract prior to being issued a certificate by the Brand.
3. The MCA Registration Contract must be signed by authorized members of the
MCA entity.
4. The authorized members of the MCA entity must present proof of the
existence of the MCA entity (i.e. letter of incorporation).
5. The authorized members of the MCA entity must present proof of their own
identity (i.e. passport).
6. The authorized members of the MCA entity must present proof of their
relationship to MCA entity (i.e. badge).
7. The authorized members of the MCA entity must present proof of their
authorization to act on behalf of the MCA entity (i.e. letter granting authority
with appropriate letter head and signature of entity executives).
8. The Acquirer must have a Visa approved Payment Gateway in order to be
eligible for an MCA certificate.
20
<PAGE>
8.2 Certificate Issuance Policies
1. Initial Payment Gateway certificate requests will be obtained by the BCA in
a trusted manner. This must include requests for Payment Gateway Brand (message
and encryption) certificates.
2. Subsequent Payment Gateway certificate requests will be obtained by the BCA
via online electronic means.
3. All certificates issued to Payment Gateway will be signed using the private
key that corresponds to the valid BCA payment gateway certificate signature
certificate.
4. The BCA will only issue certificates to Payment Gateway certificate
requests that have passed the business constraints.
5. The BCA shall send a certificate request rejection response to Payment
Gateway certificate requests that have not passed the business constraints.
8.3 Certificate Revocation
----------------------
1. The BCA shall retain the right to revoke a Payment Gateway certificate
based on guidelines outline within the MCA Registration Contract.
2. Upon the compromise of a Payment Gateway Brand key exchange key pair, the
Payment Gateway must revoke the corresponding Payment Gateway Brand key exchange
certificate. A new key pair will be generated and the Payment Gateway shall
request a new certificate from the BCA.
3. Upon the compromise of a Payment Gateway Brand message signature key pair,
the Payment Gateway must revoke the corresponding Payment Gateway Brand message
signature certificate. A new key pair will be generated and the Payment Gateway
shall request a new certificate from the BCA in a trusted manner.
4. Upon the compromise of any other Payment Gateway key pair, the Payment
Gateway must revoke the corresponding Payment Gateway certificate. A new key
pair will be generated and that Payment Gateway shall request a new certificate
from the BCA.
8.4 Messages
--------
1. All requests for Payment gateway certificates sent to the BCA will be
formatted as described in ??? (GA).
2. All responses to Payment gateway certificate requests by the BCA will be
formatted as described in ??? (GA).
3. All messages sent by the Payment gateway to the BCA will be encrypted using
21
<PAGE>
the public key contained within the valid BCA payment gateway key exchange
certificate (GA).
4. All messages sent by the BCA to the Payment gateway will be encrypted using
the public key contained within the valid Payment gateway brand key exchange
certificate (GA).
5. All request messages sent to the BCA by Payment gateways will be
authenticated using the public key contained within the valid Payment gateway
brand message signature certificate (GA).
6. All response messages sent to Payment gateways will be signed using the
private key that corresponds to the valid BCA payment gateway message signature
certificate (GA).
9. INTERFACE WITH VISANET
There is no interface between the BCA and VisaNet. Future interface may be
implemented to facilitate the automation of registration and management of
member certificates.
10. SECURITY (P)
This section identifies the physical, electronic and personnel security policies
and procedures to which the BCA must comply.
10.1 Physical Security
-----------------
1. All BCA servers and cryptographic materials shall reside in a secure
facility used solely for BCA purposes; no other business activities may be
performed within the same facility.
2. The BCA facility must provide protection of the BCA servers and
cryptographic materials from unauthorized access, modification, substitution,
insertion and deletion.
3. The BCA facility will provide protection such that attempts described above
will not be successful or will have a high probability of being detected.
4. All access to the BCA servers and cryptographic materials shall be only by
authorized personnel.
5. No unauthorized personnel shall be allowed access to secure areas where the
BCA servers or cryptographic materials are maintained.
6. No guests or "piggy backers" of authorized personnel shall be allowed
access to secure areas where the BCA servers or cryptographic materials are
maintained.
22
<PAGE>
7. An audit control log of all access to room with the BCA server and
cryptographic materials must be kept and reviewed by designated BCA management;
this may be an electronic audit log.
8. Physical modification or movement of the BCA servers or cryptographic
materials must be under dual control and require prior notification. Visa may
oversee such modification or movement at its discretion.
9. An audit control log of all physical modifications or movements of the BCA
servers or cryptographic materials must be strictly enforced.
10. The BCA facility will be protected with an intrusion alarm system and 24
hour guard; camera surveillance is recommended.
11. The BCA facility will have auxiliary power to ensure uninterrupted
operation in the event of a central power failure.
12. Designated BCA management personnel will routinely inspect alarm system and
auxiliary power source at least once every two weeks.
13. Records of alarm and auxiliary power inspections must be maintained.
14. Unauthorized access or potential compromise must be immediately reported to
Visa International.
15. Backup facilities are subject to same physical security requirements as the
primary facilities.
10.2 Network Security
----------------
1. The BCA must not be connected to a network that serves non-BCA functions.
2. Electronic access to the BCA must be restricted to data that is to be used
only by authorized users.
3. CA network must be thoroughly researched, analyzed and tested to ensure
adequate security before deployment.
4. CA network must respect the International Organization for Standardization
(ISO) Open Systems Interconnection (ISO) seven layer model. Those seven are:
Physical Link Network Transport Session Presentation Application
5. CA network must be implemented securely to mitigate exposures within each
of the seven levels of the ISO model.
6. CA network must be implemented securely to mitigate exposure to cracking,
sniffing, spoofing and denial of service attacks.
23
<PAGE>
7. CA network architecture must be reviewed every six months to ensure
exposures within each layer are mitigated.
8. CA network architecture must be modified immediately upon receipt of
generally available information or notification by Visa International regarding
weaknesses discovered within any of the seven layers.
9. Access to CA network shall be only by authorized personnel; each of the
seven network layers shall be secured to ensure only authorized personnel have
access to the CA network.
10. CA server administrators will continually monitor for unauthorized access,
performance tuning and other network administrative tasks. Unauthorized access
will be immediately reported to Visa International.
11. At its discretion Visa may analyze and/or test a CA network implementation
to ensure known attack points do not present exposure to unauthorized access.
12. Backup facilities are subject to same network security requirements as the
primary facilities.
10.3 System Security
---------------
1. User ID's are to be used to maintain individual accountability, tracking
what a user is doing within the system.
2. Passwords are to be assigned by the system and changed every other month on
a rotating basis, i.e., half of password changed on a monthly basis.
3. Passwords are never to be stored on the system except as cryptograms.
4. Passwords are to managed consistent with the guidelines set forth in the
Department of Defense Password Management Guideline, i.e., the Green Book and
FIPS PUB 112 - Password Usage.
10.4 Personnel Security Requirements
-------------------------------
1. All personnel with access to the BCA servers and cryptographic materials
shall be subject to a thorough background check as approved by Visa
International; Visa, at its sole discretion, may modify background check
procedures as it deems appropriate.
11. AUDITING (P)
1. All auditing processes and procedures are to be consistent with the
recording, examining and reviewing of security related functions of a trusted
system, where a security related activity is any activity or event that relates
to the access of an object.
24
<PAGE>
Typical events that will require logging include:
* Logons (successful and unsuccessful)
* Logouts
* Remote System Access
* File Opens, Closes, Renames and Deletions
* Changes in Privileges or Security Attributes
2. All auditable actions/events are to be associated to an authenticated ID.
Audit trails produced by the system must show the ID of the user who initiated
each action.
3. Each time that an audit event occurs, the system is to write, at least, the
following information:
* Date and time of the event
* Unique ID of the user who initiated the event
* Type of event
* Success or failure
* Origin of the request ( e.g., terminal ID) . Name of object involved
(e.g., file being created/deleted)
* Description of modifications to security database
4. Audit procedures are to be consistent with the requirements as set forth in
the Orange Book (Trusted Computer Systems Evaluation Criteria; DOD 520.28-STD)
for security protection of level B2.
5. Audit confirmation is to be provided to confirm that passwords are being
protected consistent with B2 Levels of security of the Orange Book and as set
forth in the Department of Defense Password Management Guideline, i.e., the
Green Book and FIPS PUB 112 - Password Usage.
6. An annual EDP audit report at a SAS 70 level of review is to be performed
annually and the results of that audit made available to Visa International.
7. All audit control logs must be reviewed by management on a monthly basis
and retained for up to three years.
25
<PAGE>
8. All Acquirer CA audit control logs, policies or procedures may be subject
to inspection by Visa International at anytime.
12. REPORTING
To be defined.
13. OUTSTANDING ISSUES
The following are outstanding issues that need to be resolved. Each issue
includes a brief description, group that identified the issue and the time frame
by which it must be resolved.
1. What if an Issuer/Acquirer cert must be revoked? - Visa (T2)
2. Key Archival/Key Retrieval - VISA has asked us to archive private keys for
the purposes of validating old digital signatures. I have recommended that they
revisit this requirement, because archival of public keys would make more sense.
This issue remains open. - VeriSign (P)
3. Physical Security - VISA has requested that their CA services be housed in
a facility separate from VeriSign's CA operations. VeriSign will fulfill this
requirement at GA physically separating VISA CA operations from VeriSign
operations. This separation will not include the customer service department. -
VeriSign (P)
4. System Security - VISA has made reference to a DOD Publication in managing
user passwords. If this mandates O.S. security higher than C2, this may be an
issue. - VeriSign (P)
5. Auditing - VISA has made reference to DOD Publications and B2 security in
the April 26 version of the CA requirements. VeriSign needs to analyze cost and
sizing impacts of such a requirement. This issue remains open. VeriSign (P)
6. VeriSign to Visa interface documents need to be finalized. - Visa (T1)
26
<PAGE>
VeriSign Private Label Agreement
Page 30
EXHIBIT "F"
INTERFACE SPECIFICATIONS
These specifications are contained in the VAP Interface Specifications,
Release 10.2, dated August 1995. This document has already been delivered to
VeriSign by Customer.
<PAGE>
VerSign Private Label Agreement
Page 31
EXHIBIT "G"
ACCEPTANCE TEST PROCEDURES
[POST CLOSING ITEM]
<PAGE>
VerSign Private Label Agreement
Page 32
EXHIBIT "H"
VERISIGN MARKETING RIGHTS AND ROYALTY OBLIGATIONS
VeriSign shall have the right to market the VSE only as set forth on this
Exhibit "H".
1. MARKETING RIGHTS. VeriSign shall have the right to license to Eligible
----------------
Customers ECS pursuant to a license substantially in the form of Exhibit "J" or
to provide Certificate registration, issuing and management functions to
Eligible Customers using ECS. "Eligible Customers" shall mean: any Member of
Visa and any entity providing Financial Services. "Financial Services" shall
mean any of the following: banking, savings and loans, thrifts, insurance,
lending, EDI, credit card issuance and service, commercial network transactions,
companies facilitating commercial transactions over networks (e.g. CyberCash,
DigiCash, and VeriFone), deposit taking, financial intermediaries and the like.
2. CHARGES. VeriSign shall determine the fees it charges for licensing of ECS
-------
or operation of ECS on behalf of the Second Tier CA in its sole discretion.
3. VERISIGN RESERVED RIGHTS. VeriSign shall be entitled to create a software
------------------------
module with the functionality of the VSE provided that VeriSign does not make
use of the source code to the VSE or the System Design Specifications, Interface
Specifications and Customer Requirements that are confidential or proprietary to
Customer in creation of its own product. This Section shall not limit VeriSign's
use for any purpose of residuals resulting from access to such source code. The
term "residuals" means information in non-tangible form which may be retained by
persons who have had access to such source code, including ideas, concepts,
know-how or techniques contained therein.
4. ROYALTIES. VeriSign will pay Customer a seven percent (7%) royalty on (i)
---------
all revenues from sales of any ECAS System to a Visa Member or Visa Processor
and (ii) all revenues from sales of ECS or any derivative work created from ECS
which shall not include any derivative works generated from the ECAS System
alone. This royalty shall be paid on a quarterly basis and due within thirty
(30) days of the end of the calendar quarter in which such revenue was received.
This royalty shall terminate when Customer has been paid, either through the
royalty defined above or through cash payment to Customer or a combination of
both methods, its Initial Development Investment ("IDI") of * ("Date of
Recoupment"). In the event that any obligation of Visa or VeriSign is modified
via an amendment to this Agreement or the Change Order defined in Section 4.1.8
and such amendment or modification changes a royalty obligation, the IDI or any
other aspect of this Section 4, such amendment or change request shall include
an explicit statement of the effect of such modification on the IDI. "All
revenues from sales" means the gross amount of all cash, in-kind or other
consideration receivable by VeriSign at any time in
______________________
* Confidential treatment has been requested with respect to certain portions of
this exhibit. Confidential portions have been omitted from the public filing and
have been separately filed with the Securities and Exchange Commission.
<PAGE>
VerSign Private Label Agreement
Page 33
consideration of the licensing of the relevant system, excluding any amounts
receivable by VeriSign for sales and used taxes, shipping, insurance and duties,
and reduced by all discounts, refunds or allowances granted in the ordinary
course of business.
VeriSign will pay Customer a seven percent (7%) royalty on all revenue received
from issuance of certificates by any system defined in this Section 4(i) and
4(ii) above ("Customer Related Certificates"). This royalty shall be due
quarterly and paid within thirty (30) days after the end of the calendar quarter
in which such revenue was received. This royalty shall terminate on the fifth
(5th) anniversary of the Date of Recoupment or ten (10) years after the first
publicly available pilot of the ECS System, whichever comes first.
5. U.S. CURRENCY. All payments hereunder shall be made in lawful United
--------------
States Currency. If VeriSign receives payment in foreign currencies, the amount
of its license fees due to Customer shall be calculated using the closing
exchange rate published in the Wall Street Journal, Western Edition, on the last
business day such journal is published in the calendar quarter immediately
preceding the date of payment.
6. TERMS OF PAYMENT. License fees shall accrue with respect to ECS licensed
----------------
or otherwise distributed by VeriSign or on the date that VeriSign receives the
revenue from the Second Tier CA or Subscriber therefor. License fees due
Customer hereunder shall be paid by VeriSign to the attention of Peter R. Hill
at Customer's address set forth above on or before the thirtieth (30th) day
after the close of the calendar quarter during which the license fees accrued. A
late payment penalty on any undisputed license fees not paid when due shall be
assessed at the rate of one percent (1%) per thirty (30) days beginning on the
thirty-first (31st) day after the day the unpaid license fees are due.
7. LICENSE REPORT. A report in reasonably detailed form setting forth the
--------------
calculation of license fees due from VeriSign and signed by a responsible
officer of VeriSign shall be delivered to Customer on or before the thirtieth
(30th) day after the close of each calendar quarter, regardless of whether
license fee payments are required to be made pursuant to Section 4. The report
shall include, at a minimum, the following information (if applicable to
VeriSign's designated method of calculating license fees) with respect to the
relevant quarter: (i) the total number of ECS licensed or otherwise distributed
by VeriSign (indicating the names and versions thereof), (ii) the total revenue
from sales of such ECS, (iii) the number and class of Certificates issued for
which a royalty is due; and (iv) total license fees accrued.
8. AUDIT RIGHTS. Customer shall have the right, at its sole cost and expense,
------------
to have an independent certified public accountant conduct during normal
business hours not more frequently than annually, an audit of the appropriate
records of VeriSign to verify the number of copies of ECS licensed or otherwise
distributed by VeriSign, the number and class of Certificates issued, and if
relevant to VeriSign's designated method of calculating license fees, the amount
of revenues from sales therefor. Such certified public accountant shall adhere
to any nondisclosure provisions committed to by VeriSign to a Second Tier CA or
subscriber. If such amounts are found to be different than those reported or the
license fees accrued are different than those reported, VeriSign will be
invoiced or credited for the difference, as applicable. Any additional
<PAGE>
VerSign Private Label Agreement
Page 34
license fees, along with the late payment penalty assessed in accordance with
Section 6, shall be payable within thirty (30) days of such invoice. If a
deficiency in license fees paid by VeriSign is greater than five percent (5%) of
the license fees reported by VeriSign for any quarter, VeriSign will pay the
reasonable expenses associated with such audit, in addition to the deficiency.
9. EVALUATION COPIES. VeriSign may deliver copies of ECS to prospective
-----------------
Second Tier CAs on a trial basis for evaluation purposes only (each, an
"Evaluation Copy") provided that each such prospective Second Tier CA has
received a written or electronic trial license prohibiting the Second Tier CA
from copying, modifying, reverse engineering, decompiling or disassembling the
code for the VSE code or any part thereof. No royalties on income from licensing
ECS shall be reportable or payable with respect to Evaluation Copies. Per copy
Certificate charges will accrue if applicable.
10. VOLUME CREDIT. Each Certificate issued by a Second Tier CA using ECS, and
-------------
each Certificate issued by VeriSign while operating ECS on behalf of a Second
Tier CA, shall be counted as a Certificate issued by Customer or on behalf of
Customer by VeriSign for purposes of calculating royalties and license fees due
from Customer under Exhibit "B" or the License Agreement when and if executed in
the form of Exhibit "J" with Customer. Customer shall receive one hundred
percent (100%) volume credit for all Customer Related Certificates. The
cumulative total for certificates generated by Customer and Customer Related
Certificates shall be used in determining the volume pricing available for
Customer under Exhibit B. This cumulative total shall not be reset annually or
at any time during this Agreement.
<PAGE>
VeriSign Private Label Agreement
Page 35
EXHIBIT "I"
ESCROW AGREEMENT
MASTER PREFERRED ESCROW AGREEMENT
Master Number ________________
This Agreement is effective ______________, 19__ among Data Securities
International, Inc. ("DSI"), ________________________________________
("_______") and any party signing the Acceptance Form attached to this Agreement
("_____"), who collectively may be referred to in this Agreement as "the
parties."
A. Depositor and Preferred Beneficiary have entered or will enter into a
license agreement, development agreement, and/or other agreement regarding
certain proprietary technology of Depositor (referred to in this Agreement as
"the license agreement").
B. Depositor desires to avoid disclosure of its proprietary technology except
under certain limited circumstances.
C. The availability of the proprietary technology of Depositor is critical to
Preferred Beneficiary in the conduct of its business and, therefore, Preferred
Beneficiary needs access to the proprietary technology under certain limited
circumstances.
D. Depositor and Preferred Beneficiary desire to establish an escrow with DSI
to provide for the retention, administration and controlled access of certain
proprietary technology materials of Depositor.
E. The parties desire this Agreement to be supplementary to the license
agreement pursuant to 11 United States [Bankruptcy] Code, Section 365(n).
ARTICLE 1 -- DEPOSITS
1.1 Obligation to Make Deposit. Upon the signing of this Agreement by the
--------------------------
parties, including the signing of the Acceptance Form, Depositor shall deliver
to DSI the proprietary information and other materials ("deposit materials")
required to be deposited by the license agreement or, if the license agreement
does not identify the materials to be deposited with DSI, then such materials
will be identified on an Exhibit A. If Exhibit A is applicable, it is to be
prepared and signed by Depositor and Preferred Beneficiary. DSI shall have no
obligation with respect to the preparation, signing or delivery of Exhibit A.
1.2 Identification of Tangible Media. Prior to the delivery of the deposit
--------------------------------
materials to DSI, Depositor shall conspicuously label for identification each
document, magnetic tape, disk, or other tangible media upon which the deposit
materials are written or stored. Additionally, Depositor shall complete Exhibit
B to this Agreement by listing each such tangible media by the item label
description, the type of media and the quantity. The Exhibit B must be signed
by
<PAGE>
VeriSign Private Label Agreement
Page 36
Depositor and delivered to DSI with the deposit materials. Unless and until
Depositor makes the initial deposit with DSI, DSI shall have no obligation with
respect to this Agreement, except the obligation to notify the parties regarding
the status of the deposit account as required in Section 2.2 below.
1.3 Deposit Inspection. When DSI receives the deposit materials and the
------------------
Exhibit B, DSI will conduct a deposit inspection by visually matching the
labeling of the tangible media containing the deposit materials to the item
descriptions and quantity listed on the Exhibit B. In addition to the deposit
inspection, Preferred Beneficiary may elect to cause a verification of the
deposit materials in accordance with Section 1.6 below.
1.4 Acceptance of Deposit. At completion of the deposit inspection, if DSI
---------------------
determines that the labeling of the tangible media matches the item descriptions
and quantity on Exhibit B, DSI will date and sign the Exhibit B and mail a copy
thereof to Depositor and Preferred Beneficiary. If DSI determines that the
labeling does not match the item descriptions or quantity on the Exhibit B, DSI
will (a) note the discrepancies in writing on the Exhibit B; (b) date and sign
the Exhibit B with the exceptions noted; and (c) provide a copy of the Exhibit B
to Depositor and Preferred Beneficiary. DSI's acceptance of the deposit occurs
upon the signing of the Exhibit B by DSI. Delivery of the signed Exhibit B to
Preferred Beneficiary is Preferred Beneficiary's notice that the deposit
materials have been received and accepted by DSI.
1.5 Depositor's Representations. Depositor represents as follows:
---------------------------
a. Depositor lawfully possesses all of the deposit materials deposited
with DSI;
b. With respect to all of the deposit materials, Depositor has the right
and authority to grant to DSI and Preferred Beneficiary the rights as
provided in this Agreement;
c. The deposit materials are not subject to any lien or other
encumbrance; and
d. The deposit materials consist of the proprietary information and other
materials identified either in the license agreement or Exhibit A, as
the case may be.
1.6 Verification. Preferred Beneficiary shall have the right, at Preferred
------------
Beneficiary's expense, to cause a verification of any deposit materials. A
verification determines, in different levels of detail, the accuracy,
completeness, sufficiency and quality of the deposit materials. If a
verification is elected after the deposit materials have been delivered to DSI,
then only DSI, or at DSI's election an independent person or company selected
and supervised by DSI, may perform the verification.
1.7 Deposit Updates. Unless otherwise provided by the license agreement,
---------------
Depositor shall update the deposit materials within 60 days of each release of a
new version of the product which is subject to the license agreement. Such
updates will be added to the existing deposit. All deposit updates shall be
listed on a new Exhibit B and the new Exhibit B shall be signed by Depositor.
Each Exhibit B will be held and maintained separately within the escrow account.
<PAGE>
VeriSign Private Label Agreement
Page 37
An independent record will be created which will document the activity for each
Exhibit B. The processing of all deposit updates shall be in accordance with
Sections 1.2 through 1.6 above. All references in this Agreement to the deposit
materials shall include the initial deposit materials and any updates.
1.8 Removal of Deposit Materials. The deposit materials may be removed and/or
----------------------------
exchanged only on written instructions signed by Depositor and Preferred
Beneficiary, or as otherwise provided in this Agreement.
ARTICLE 2 -- CONFIDENTIALITY AND RECORD KEEPING
2.1 Confidentiality. DSI shall maintain the deposit materials in a secure,
---------------
environmentally safe, locked receptacle which is accessible only to authorized
employees of DSI. DSI shall have the obligation to reasonably protect the
confidentiality of the deposit materials. Except as provided in this Agreement,
DSI shall not disclose, transfer, make available, or use the deposit materials.
DSI shall not disclose the content of this Agreement to any third party. If DSI
receives a subpoena or other order of a court or other judicial tribunal
pertaining to the disclosure or release of the deposit materials, DSI will
immediately notify the parties to this Agreement. It shall be the
responsibility of Depositor and/or Preferred Beneficiary to challenge any such
order; provided, however, that DSI does not waive its rights to present its
position with respect to any such order. DSI will not be required to disobey
any court or other judicial tribunal order. (See Section 7.5 below for notices
of requested orders.)
2.2 Status Reports. DSI will issue to Depositor and Preferred Beneficiary a
--------------
report profiling the account history at least semi-annually. DSI may provide
copies of the account history pertaining to this Agreement upon the request of
any party to this Agreement.
2.3 Audit Rights. During the term of this Agreement, Depositor and Preferred
------------
Beneficiary shall each have the right to inspect the written records of DSI
pertaining to this Agreement. Any inspection shall be held during normal
business hours and following reasonable prior notice.
ARTICLE 3 -- GRANT OF RIGHTS TO DSI
3.1 Title to Media. Depositor hereby transfers to DSI the title to the media
--------------
upon which the proprietary information and materials are written or stored.
However, this transfer does not include the ownership of the proprietary
information and materials contained on the media such as any copyright, trade
secret, patent or other intellectual property rights.
3.2 Right to Make Copies. DSI shall have the right to make copies of the
--------------------
deposit materials as reasonably necessary to perform this Agreement. DSI shall
copy all copyright, nondisclosure, and other proprietary notices and titles
contained on the deposit materials onto any copies made by DSI. With all
deposit materials submitted to DSI, Depositor shall provide any and all
instructions as may be necessary to duplicate the deposit materials including
but not limited to the hardware and/or software needed.
<PAGE>
VeriSign Private Label Agreement
Page 38
3.3 Right to Sublicense Upon Release. As of the effective date of this
--------------------------------
Agreement, Depositor hereby grants to DSI a non-exclusive, irrevocable,
perpetual, and royalty-free license to sublicense the deposit materials to
Preferred Beneficiary upon the release, if any, of the deposit materials in
accordance with Section 4.5 below. Except upon such a release, DSI shall not
sublicense or otherwise transfer the deposit materials.
ARTICLE 4 -- RELEASE OF DEPOSIT
4.1 Release Conditions. As used in this Agreement, "Release Conditions" shall
------------------
mean the following:
a. Depositor's failure to carry out obligations imposed on it pursuant to
the license agreement; or
b. Depositor's failure to continue to do business in the ordinary course.
4.2 Filing For Release. If Preferred Beneficiary believes in good faith that a
------------------
Release Condition has occurred, Preferred Beneficiary may provide to DSI written
notice of the occurrence of the Release Condition and a request for the release
of the deposit materials. Upon receipt of such notice, DSI shall provide a copy
of the notice to Depositor, by certified mail, return receipt requested, or by
commercial express mail.
4.3 Contrary Instructions. From the date DSI mails the notice requesting
---------------------
release of the deposit materials, Depositor shall have ten business days to
deliver to DSI Contrary Instructions. "Contrary Instructions" shall mean the
written representation by Depositor that a Release Condition has not occurred or
has been cured. Upon receipt of Contrary Instructions, DSI shall send a copy to
Preferred Beneficiary by certified mail, return receipt requested, or by
commercial express mail. Additionally, DSI shall notify both Depositor and
Preferred Beneficiary that there is a dispute to be resolved pursuant to the
Dispute Resolution section of this Agreement (Section 7.3). Subject to Section
5.2, DSI will continue to store the deposit materials without release pending
(a) joint instructions from Depositor and Preferred Beneficiary, (b) resolution
pursuant to the Dispute Resolution provisions, or (c) order of a court.
4.4 Release of Deposit. If DSI does not receive Contrary Instructions from the
------------------
Depositor, DSI is authorized to release the deposit materials to the Preferred
Beneficiary or, if more than one beneficiary is registered to the deposit, to
release a copy of the deposit materials to the Preferred Beneficiary. However,
DSI is entitled to receive any fees due DSI before making the release. This
Agreement will terminate upon the release of the deposit materials held by DSI.
4.5 Use License Following Release. Unless otherwise provided in the license
-----------------------------
agreement, upon release of the deposit materials in accordance with this Article
4, Preferred Beneficiary shall have a non-exclusive, non-transferable,
irrevocable right to use the deposit materials for the sole purpose of
continuing the benefits afforded to Preferred Beneficiary by the license
agreement. Preferred Beneficiary shall be obligated to maintain the
confidentiality of the released deposit materials.
<PAGE>
VeriSign Private Label Agreement
Page 39
ARTICLE 5 -- TERM AND TERMINATION
5.1 Term of Agreement. The initial term of this Agreement is for a period of
-----------------
one year. Thereafter, this Agreement shall automatically renew from year-to-year
unless (a) Depositor and Preferred Beneficiary jointly instruct DSI in writing
that the Agreement is terminated; or (b) the Agreement is terminated by DSI for
nonpayment in accordance with Section 5.2. If the Acceptance Form has been
signed at a date later than this Agreement, the initial term of the Acceptance
Form will be for one year with subsequent terms to be adjusted to match the
anniversary date of this Agreement. If the deposit materials are subject to
another escrow agreement with DSI, DSI reserves the right, after the initial one
year term, to adjust the anniversary date of this Agreement to match the then
prevailing anniversary date of such other escrow arrangements.
5.2 Termination for Nonpayment. In the event of the nonpayment of fees owed to
--------------------------
DSI, DSI shall provide written notice of delinquency to all parties to this
Agreement. Any party to this Agreement shall have the right to make the payment
to DSI to cure the default. If the past due payment is not received in full by
DSI within one month of the date of such notice, then DSI shall have the right
to terminate this Agreement at any time thereafter by sending written notice of
termination to all parties. DSI shall have no obligation to take any action
under this Agreement so long as any payment due to DSI remains unpaid.
5.3 Disposition of Deposit Materials Upon Termination. Upon termination of
-------------------------------------------------
this Agreement by joint instruction of Depositor and Preferred Beneficiary, DSI
shall destroy, return, or otherwise deliver the deposit materials in accordance
with such instructions. Upon termination for nonpayment, DSI may, at its sole
discretion, destroy the deposit materials or return them to Depositor. DSI
shall have no obligation to return or destroy the deposit materials if the
deposit materials are subject to another escrow agreement with DSI.
5.4 Survival of Terms Following Termination. Upon termination of this
---------------------------------------
Agreement, the following provisions of this Agreement shall survive:
a. Depositor's Representations (Section 1.5).
b. The obligations of confidentiality with respect to the deposit
materials.
c. The licenses granted in the sections entitled Right to Sublicense Upon
Release (Section 3.3) and Use License Following Release (Section 4.5),
if a release of the deposit materials has occurred prior to
termination.
d. The obligation to pay DSI any fees and expenses due.
e. The provisions of Article 7.
f. Any provisions in this Agreement which specifically state they survive
the termination or expiration of this Agreement.
<PAGE>
VeriSign Private Label Agreement
Page 40
ARTICLE 6 -- DSI'S FEES
6.1 Fee Schedule. DSI is entitled to be paid its standard fees and expenses
------------
applicable to the services provided. DSI shall notify the party responsible for
payment of DSI's fees at least 90 days prior to any increase in fees. For any
service not listed on DSI's standard fee schedule, DSI will provide a quote
prior to rendering the service, if requested.
6.2 Payment Terms. DSI shall not be required to perform any service unless the
-------------
payment for such service and any outstanding balances owed to DSI are paid in
full. All other fees are due upon receipt of invoice. If invoiced fees are not
paid, DSI may terminate this Agreement in accordance with Section 5.2. Late fees
on past due amounts shall accrue at the rate of one and one-half percent per
month (18% per annum) from the date of the invoice.
ARTICLE 7 -- LIABILITY AND DISPUTES
7.1 Right to Rely on Instructions. DSI may act in reliance upon any
-----------------------------
instruction, instrument, or signature reasonably believed by DSI to be genuine.
DSI may assume that any employee of a party to this Agreement who gives any
written notice, request, or instruction has the authority to do so. DSI shall
not be responsible for failure to act as a result of causes beyond the
reasonable control of DSI.
7.2 Indemnification. DSI shall be responsible to perform its obligations under
---------------
this Agreement and to act in a reasonable and prudent manner with regard to this
escrow arrangement. Provided DSI has acted in the manner stated in the
preceding sentence, Depositor and Preferred Beneficiary each agree to indemnify,
defend and hold harmless DSI from any and all claims, actions, damages,
arbitration fees and expenses, costs, attorney's fees and other liabilities
incurred by DSI relating in any way to this escrow arrangement.
7.3 Dispute Resolution. Any dispute relating to or arising from this Agreement
------------------
shall be resolved by arbitration under the Commercial Rules of the American
Arbitration Association. Unless otherwise agreed by Depositor and Preferred
Beneficiary, arbitration will take place in San Diego, California, U.S.A. Any
court having jurisdiction over the matter may enter judgment on the award of the
arbitrator(s). Service of a petition to confirm the arbitration award may be
made by First Class mail or by commercial express mail, to the attorney for the
party or, if unrepresented, to the party at the last known business address.
7.4 Controlling Law. This Agreement is to be governed and construed in
---------------
accordance with the laws of the State of California, without regard to its
conflict of law provisions.
7.5 Notice of Requested Order. If any party intends to obtain an order from
-------------------------
the arbitrator or any court of competent jurisdiction which may direct DSI to
take, or refrain from taking any action, that party shall:
a. Give DSI at least two business days' prior notice of the hearing;
<PAGE>
VeriSign Private Label Agreement
Page 41
b. Include in any such order that, as a precondition to DSI's obligation,
DSI be paid in full for any past due fees and be paid for the
reasonable value of the services to be rendered pursuant to such
order; and
c. Ensure that DSI not be required to deliver the original (as opposed to
a copy) of the deposit materials if DSI may need to retain the
original in its possession to fulfill any of its other escrow duties.
ARTICLE 8 -- GENERAL PROVISIONS
8.1 Entire Agreement. This Agreement, which includes the Acceptance Form and
----------------
the Exhibits described herein, embodies the entire understanding between all of
the parties with respect to its subject matter and supersedes all previous
communications, representations or understandings, either oral or written. No
amendment or modification of this Agreement shall be valid or binding unless
signed by all the parties hereto, except Exhibit A need not be signed by DSI and
Exhibit B need not be signed by Preferred Beneficiary.
8.2 Notices. All notices, invoices, payments, deposits and other documents and
-------
communications shall be given to the parties at the addresses specified in the
attached Exhibit C and Acceptance Form. It shall be the responsibility of the
parties to notify each other as provided in this Section in the event of a
change of address. The parties shall have the right to rely on the last known
address of the other parties. Unless otherwise provided in this Agreement, all
documents and communications may be delivered by First Class mail.
8.3 Severability. In the event any provision of this Agreement is found to be
------------
invalid, voidable or unenforceable, the parties agree that unless it materially
affects the entire intent and purpose of this Agreement, such invalidity,
voidability or unenforceability shall affect neither the validity of this
Agreement nor the remaining provisions herein, and the provision in question
shall be deemed to be replaced with a valid and enforceable provision most
closely reflecting the intent and purpose of the original provision.
8.4 Successors. This Agreement shall be binding upon and shall inure to the
----------
benefit of the successors and assigns of the parties. However, DSI shall have
no obligation in performing this Agreement to recognize any successor or assign
of Depositor or Preferred Beneficiary unless DSI receives clear, authoritative
and conclusive written evidence of the change of parties.
_________________________ Data Securities International, Inc.
By:______________________ By: _______________________________
Name: ___________________ Name: _____________________________
Title: __________________ Title: ____________________________
Date: ___________________ Date: _____________________________
<PAGE>
VeriSign Private Label Agreement
Page 42
Custom Certificate System License Agreement Number: _______________
Date of Agreement: ________________________________________________
EXHIBIT "J"
CUSTOM CERTIFICATE SYSTEM LICENSE AGREEMENT
THIS CUSTOM CERTIFICATE SYSTEM LICENSE AGREEMENT ("Agreement") effective as
of the last date of execution, is entered into by and between VeriSign, Inc., a
Delaware corporation ("VeriSign"), having a principal mailing address at 2593
Coast Avenue, Mountain View, California 94043, and the entity named below as
"Customer" ("Customer"), having a principal address as set forth below.
Customer:
VISA International Service Association
--------------------------------------
(Name and jurisdiction of incorporation)
Customer Address:
______________________________________
______________________________________
______________________________________
Customer Legal Contact:
______________________________________
(name, telephone and title)
Customer Billing Contact:
______________________________________
(name, telephone and title)
Customer Technical Contact:
______________________________________
(name, telephone and title)
Customer Commercial Contact:
______________________________________
(name, telephone and title)
<PAGE>
VeriSign Private Label Agreement
Page 43
1. DEFINITIONS
-----------
The following terms when used in this Agreement shall have the following
meanings:
1.1 "CERTIFICATE" means a collection of electronic data consisting of a
Public Key, identifying information which contains information about the owner
of the Public Key, and validity information, which (or a string of bits derived
from the Public Key) has been encrypted by a third party who is the issuer of
the Certificate with such third party Certificate issuer's Private Key. This
collection of electronic data collectively serves the function of identifying
the owner of the Public Key and verifying the integrity of the electronic data.
"CERTIFY" or "CERTIFICATION" means the act of generating a Certificate.
"CERTIFIED" means the condition of having been issued a valid Certificate by a
Certifier, which Certificate has not been revoked.
1.2 "CERTIFICATE MANAGEMENT SYSTEM ('CMS')" means VeriSign's proprietary
software product marketed and developed under the name "Certificate Management
System" providing secure off-line certificate issuance as presently in existence
and as developed and enhanced in the future by VeriSign.
1.3 "CERTIFICATE SIGNING UNIT ('CSU')" means a hardware unit or software
designed for use in signing Certificates and key storage. The BBN
SafeKeyper(TM) manufactured by BBN Communications, Inc. is one hardware
implementation of a CSU.
1.4 "CERTIFICATE SUBSCRIPTION SERVICE" means the operation of the Licensed
Software to provide Certificate registration, issuing and management functions
on behalf of Second Tier CAs.
1.5 "CERTIFICATION AUTHORITY" OR "CA" means VeriSign and any entity,
group, division, department, unit or office which is Certified by VeriSign to,
and has accepted responsibility to, issue Certificates to specified Subscribers
in a Hierarchy in accordance with the CPS or a Protocol.
1.6 "CERTIFICATION PRACTICE STATEMENT" OR "CPS" means the VeriSign
specification of policies, procedures and resources to control the entire
Certificate process and transactional use of Certificates within the VeriSign
Public Hierarchies.
1.7 "CUSTOMER AFFILIATES" shall mean Visa's Subsidiaries and Related
Entities. A "Subsidiary" shall mean a company in which on a class-by-class
basis, more than fifty percent (50%) of the stock entitled to vote for the
election of directors is owned or controlled by Customer, but only so long as
such ownership or control exists. A "Related Entity" shall mean an entity (A)
at least fifty percent (50%) of whose stock or other equity is owned by
Customer's member banks and that has the authority to process Visa payment
transactions, but only so long as such ownership exists; (B) has an equity
interest in Customer and is owned in whole by Member banks or financial
institutions (e.g., national or regional group Members); or (C) is exclusively
---
managed by Visa or a national or group Member of Visa for the purpose of
processing Visa payment transactions, but only so long as such exclusive
management exists.
<PAGE>
VeriSign Private Label Agreement
Page 44
Notwithstanding anything to the contrary set forth above, however, Subsidiaries
or Related Entities do not include any Acquirer, Issuer or individual bank or
like financial institution. Customer Affiliates include, for example, without
limitation, Visa USA, Inc, ViTAL, Inc, Plus and Interlink.
1.8 "CUSTOMER PRODUCT" means any product including some or all of the
Licensed Software developed by Customer for use by a Subscriber in VISA's
Private Hierarchy with a Certificate issued by VISA or by a Second Tier CA to
VISA which incorporates VISA's Root Keys.
1.9 "DIGITAL SIGNATURE" means information encrypted with a Private Key
which is appended to information to identify the owner of the Private Key and to
verify the integrity of the information. "DIGITALLY SIGNED" shall refer to
----------------
electronic data to which a Digital Signature has been appended.
1.10 "ELECTRONIC COMMERCE AUTHENTICATION SYSTEM ('ECAS')" means VeriSign's
proprietary software product marketed and developed under the name "Electronic
Commerce Authentication System" providing secure on-line certificate issuance as
presently in existence and as developed and enhanced in the future by VeriSign.
1.11 "HIERARCHY" means a domain consisting of a system of chained
Certificates leading from the Primary Certification Authority through one or
more Certification Authorities to Subscribers.
1.12 "INTERNET" means the global computer network commonly known as
"Internet".
1.13 "LICENSED SOFTWARE" means the object code and source code of the
VeriSign Software as specified on Exhibit "A" (License and Maintenance Fees)
hereto as having been licensed by Customer. Only those portions of the VeriSign
Software specified as having been licensed are included in the Licensed
Software.
1.14 "NEW RELEASE" means a version of the VeriSign Software which shall
generally be designated by a new version number which has changed from the prior
number only to the right of the decimal point (e.g., Version 2.2 to Version
2.3).
1.15 "NEW VERSION" means a version of the VeriSign Software which shall
generally be designated by a new version number which has changed from the prior
number to the left of the decimal point (e.g., Version 2.3 to Version 3.0).
1.16 "PRIMARY CERTIFICATION AUTHORITY" OR "PCA" means an entity that
establishes policies for all Certification Authorities and Subscribers within
its Private Hierarchy.
1.17 "PRIVATE HIERARCHY" means a domain consisting of a chained
Certificate hierarchy which is entirely self-contained within an organization or
network and not designed to be interoperable with or intended to interact
through public channels with any external organizations, networks, and public
hierarchies. [I am not sure whether this definition correctly
<PAGE>
VeriSign Private Label Agreement
Page 45
describes an SET CA - while the hierarchy is self-contained, it is intended to
interact with an "external organization" and on any network.]
1.18 "PRIVATE KEY" means a mathematical key which is kept private to the
owner and which is used through public key cryptography to encrypt electronic
authenticity data and create a Digital Signature which will be decrypted with
the corresponding Public Key.
1.19 "PUBLIC HIERARCHY" means a domain consisting of a system of chained
Certificates leading from VeriSign as the Primary Certification Authority
through one or more Certification Authorities to Subscribers in accordance with
the VeriSign Certification Practice Statement. Certificates issued in a Public
Hierarchy are intended to be interoperable among organizations, allowing
Subscribers to interact through public channels with various individuals,
organizations, and networks.
1.20 "PUBLIC KEY" means a mathematical key which is available publicly and
which is used through public key cryptography to decrypt electronic authenticity
data which was encrypted using the matched Private Key and to verify Digital
Signatures created with the matched Private Key.
1.21 "PUBLIC KEY INFRASTRUCTURE (PKI)" means the VeriSign specification
for the architecture, techniques, practices, and procedures that collectively
support the implementation and operation of Certificate-based public key
cryptographic systems.
1.22 "ROOT KEY" means one or more public root key(s) published by the
organization which generated and is entitled to use such keys as the public
components of its key pair(s) in issuing Certificates in a hierarchy over which
such organization has responsibility.
1.23 "SECOND TIER CA" means an entity in the business of selling or
issuing Certificates in VISA's Private Hierarchy digitally signed by such Second
Tier CA to Subscribers, by virtue of authority of Customer and using VISA's
Certificate Subscription Service directly or by sublicensing the Licensed
Software from Customer.
1.24 "SECURE ELECTRONIC TRANSACTIONS ('SET')" means the specification
published by Visa International Service Association and MasterCard International
and made available to all developers wishing to implement secure payments over
the Internet and other public and private networks.
1.25 "SET MODULE" shall mean the software module created by VeriSign to
implement the SET. The SET Module shall include all software elements necessary
to implement all aspects of the SET specification, but shall not include the
VSE.
1.26 "SUBSCRIBER" means an individual, a device or a role/office that has
requested a Certifier to issue him, her or it a Certificate.
1.27 "USER MANUAL" means the most current version of the user or operating
manual customarily supplied by VeriSign to customers who license the VeriSign
Object Code, if any.
<PAGE>
VeriSign Private Label Agreement
Page 46
1.28 "VERISIGN AFFILIATES" shall mean a company in which, on a class by
class basis, more than fifty percent (50%) of the stock entitled to vote for the
election of directors is owned or controlled by VeriSign, but only so long as
such ownership or control exists.
1.29 "VERISIGN OBJECT CODE" means the Licensed Software in machine-
readable, compiled object code form.
1.30 "VERISIGN SOFTWARE" means VeriSign proprietary software known as
Certificate Management System, Electronic Commerce Authentication System, SET
Module and VSE as described in the User Manuals associated therewith. "VeriSign
Software" shall also include all modifications and enhancements (including all
New Releases and New Versions) to such programs as provided by VeriSign to
Customer pursuant to Sections 4.3 and 4.4.
1.31 "VISA" means VISA International Service Association and its
Affiliates.
1.32 "VSE SOURCE CODE" means the mnemonic, high level statement versions
of the VSE written in the source language used by programmers.
1.33 "VSE ('VISA SET ENHANCEMENTS')" shall mean the software module
created by VeriSign under contract from VISA which interfaces with the SET
Module to provide enhanced functionality and features unique to VISA, but not
necessary to fully implement the SET.
1.34 "WWW" means the system currently referenced as the "World Wide Web"
for organizing multi-media information distributed across network(s) such that
it can be navigated and accessed via cross linking mechanisms, and any successor
to such system, and any parallel system which uses at least all the same
communication protocols as the system currently referenced as the "World Wide
Web" or to the successor to such system, even if the administrators of such
systems choose to call them by different names.
2. GRANT OF LICENSES; LIMITATIONS
------------------------------
2.1 VSE SOURCE CODE LICENSE. If a VSE Source Code license is specified in
-----------------------
Exhibit "A", VeriSign hereby grants Customer a non-exclusive, non-transferable,
non-assignable, perpetual worldwide license to: (i) modify the VSE Source Code
(all such modifications to the VSE Source Code referenced collectively as
"Customer Modifications"); and (ii) maintain Customer Products and support
Subscribers .
2.2 VERISIGN SOFTWARE OBJECT CODE LICENSE. VeriSign hereby grants
-------------------------------------
Customer a worldwide non-exclusive, non-transferable, non-assignable, perpetual
license to use the Licensed Software to provide Certificate Subscription
Services; and sublicense the VeriSign Object Code to Second Tier CAs to permit
such Second Tier CAs to provide Certificate Subscription Services.
2.3 LIMITATIONS ON LICENSES. The licenses granted in Sections 2.1 and 2.2
-----------------------
shall be limited as follows:
<PAGE>
VeriSign Private Label Agreement
Page 47
2.3.1 LIMITATION ON DISTRIBUTEES. The VeriSign Object Code shall be
--------------------------
sublicensed or otherwise distributed only to Second Tier CAs. Second Tier CAs
shall be prohibited from redistributing or licensing the VeriSign Object Code or
any portion of the Licensed Software.
2.3.2 LICENSE RESTRICTED TO LICENSED SOFTWARE. Customer may not use,
---------------------------------------
modify, sublicense or incorporate into any Customer Product any software module
or other technology component derived from the VeriSign Software which is not
designated as Licensed Software on Exhibit "A".
2.3.3 VERISIGN ROOT KEYS. Any Customer Product and Licensed Software
------------------
must include VISA's Private Hierarchy Root Key and may include VeriSign's Root
Keys.
2.3.4 RESTRICTION ON COPYING. Customer may not copy or reproduce the
----------------------
VeriSign Software or any part, version or form thereof, except as expressly
permitted in Section 2.2.
2.4 TITLE.
-----
2.4.1 IN VERISIGN. Except for the limited licenses granted in
-----------
Sections 2.1 and 2.2, VeriSign shall at all times retain full and exclusive
right, title and ownership interest in and to the VeriSign Software and in any
and all related patents, trademarks, copyrights and proprietary and trade secret
rights.
2.4.2 IN CUSTOMER. Customer shall at all times retain full and
-----------
exclusive right, title and ownership interest in and to the Customer
Modifications representing incremental modifications to the VeriSign Software
(but not in any part of the VeriSign Software, either as a component of a
derivative work or otherwise) and in any and all related patents, copyrights and
proprietary and trade secret rights; provided, however, that Customer hereby
agrees that it will not assert against VeriSign any of such patents, copyrights
or proprietary or trade secret rights with respect to any software or products
developed by VeriSign without reference to the source code for the Customer
Modifications.
3. LICENSE FEES
------------
3.1 LICENSE FEES. In consideration of VeriSign's grant to Customer of the
------------
limited license rights hereunder, Customer shall pay to VeriSign the amounts set
forth below (the "License Fees"):
3.1.1 SOURCE CODE LICENSE FEES. If VeriSign is granting to Customer
------------------------
VSE Source Code license rights as indicated on Exhibit "A", Customer shall pay
to VeriSign the source code License Fees specified on Exhibit "A" upon execution
of this Agreement.
3.1.2 OBJECT CODE LICENSE FEES. In consideration of VeriSign's grant
------------------------
to Customer of the VeriSign Object Code license rights, Customer shall pay to
VeriSign the object code License Fees specified on Exhibit "A" subject to the
following:
<PAGE>
VeriSign Private Label Agreement
Page 48
3.1.2.1 ONE-TIME PAID-UP LICENSE FEE. If a one-time paid-up License
----------------------------
Fee is specified on Exhibit "A", a License Fee in the amount specified on
Exhibit "A" shall be due upon execution of this Agreement.
3.1.2.2 PER CERTIFICATE, FIXED DOLLAR LICENSE FEE. If a per
-----------------------------------------
Certificate, fixed dollar License Fee is specified on Exhibit "A", a License Fee
shall be due for each Certificate issued by Customer or a Second Tier CA using
the Licensed Software or a Customer Product, in the amount specified on Exhibit
"A".
3.2 TAXES. All taxes, duties, fees and other governmental charges of any
-----
kind (including sales and use taxes, but excluding taxes based on the gross
revenues or net income of VeriSign) which are imposed by or under the authority
of any government or any political subdivision thereof on the License Fees or
any aspect of this Agreement shall be borne by Customer and shall not be
considered a part of, a deduction from or an offset against License Fees.
3.3 TERMS OF PAYMENT. Per Certificate License Fees shall accrue upon the
----------------
issuance of a Certificate by Customer or Second Tier CA using the Licensed
Software or any Customer Product. One time paid up License Fees are due upon
execution of this Agreement. License Fees due VeriSign hereunder shall be paid
by Customer to the attention of the Software Licensing Department at VeriSign's
address set forth above on or before the thirtieth (30th) day after the close of
the calendar quarter during which the License Fees accrued. A late payment
penalty on any undisputed License Fees not paid when due shall be assessed at
the rate of one percent (1%) per thirty (30) days, beginning on the thirty-first
(31st) day after the last day of the calendar quarter to which the delayed
payment relates.
3.4 U.S. CURRENCY. All payments hereunder shall be made in lawful United
-------------
States currency.
3.5 LICENSING REPORT. A report in reasonably detailed form setting forth
----------------
the calculation of License Fees due from Customer and signed by a responsible
officer of Customer shall be delivered to VeriSign on or before the thirtieth
(30th) day after the close of each calendar quarter during the term of this
Agreement, regardless of whether License Fee payments are required to be made
pursuant to Section 3.3. The report shall include, at a minimum, the following
information (if applicable to Customer's designated method of calculating
License Fees) with respect to the relevant quarter: (i) the total number of
copies/units of Customer Products licensed or otherwise distributed by Customer
(indicating the names and versions thereof); (ii) total License Fees accrued;
and (iii) the total number and type of Certificates issued.
3.6 AUDIT RIGHTS. VeriSign shall have the right, at its sole cost and
------------
expense, to have an independent certified public accountant conduct during
normal business hours and not more frequently than annually, an audit of the
appropriate records of Customer to verify the number of copies/units of Customer
Products licensed or otherwise distributed by Customer, the number and class of
Certificates issued, and, if relevant to Customer's designated method of
calculating License Fees. If such amounts are found to be different than those
reported, or the License Fees
<PAGE>
VeriSign Private Label Agreement
Page 49
accrued are different than those reported, Customer will be invoiced or credited
for the difference, as applicable. Any additional License Fees, along with the
late payment penalty assessed in accordance with Section 3.3, shall be payable
within thirty (30) days of such invoice. If the deficiency in License Fees paid
by Customer is greater than five percent (5%) of the License Fees reported by
Customer for any quarter, Customer will pay the reasonable expenses associated
with such audit, in addition to the deficiency.
3.7 EVALUATION COPIES. Customer may deliver copies of Customer Products
-----------------
to prospective Second Tier CAs on a trial basis for evaluation purposes only
(each, an Evaluation Copy") provided that each such prospective Second Tier CA
has received a written or electronic trial license prohibiting the Second Tier
CA from copying, modifying, reverse engineering, decompiling or disassembling
the VeriSign Object Code or any part thereof.
3.8 MFN PRICING. VeriSign agrees to provide Customer with Most Favored
-----------
Nation ("MFN") pricing on all License Fees, excluding maintenance fees and
upgrade charges related to the Licensed Software but including any customer
discount. MFN pricing shall mean that Customer receives the best pricing offered
by VeriSign to any third party under similar terms and conditions. In the event
that VeriSign offers better pricing to a third party under different terms and
conditions, VeriSign agrees to offer such better pricing to Customer under
terms and conditions similar to those offered to the third party. Under no
circumstances will the License Fee charged in Section 3.1.2.1 above, after any
Customer Discount offered pursuant to Section 3.9 below, exceed One Million
Dollars ($1,000,000).
3.9 CUSTOMER DISCOUNT. VeriSign agrees to offer Customer the following
-----------------
discount on the License Fee charged pursuant to Section 3.1.2.1:
Discount* Date License Executed*
-----------------------------------
4. SUPPORT AND MAINTENANCE
-----------------------
4.1 OPTIONAL MAINTENANCE. For the year commencing upon the date of this
--------------------
Agreement and for each year thereafter commencing on the anniversary of such
expiration, Customer may elect to purchase annual maintenance, as described in
Section 4.3, by paying the then-current annual maintenance fee. Such amount
shall be payable for the first year upon the execution of this Agreement and for
each subsequent year in advance of the commencement of such year. VeriSign may
cease to offer maintenance for future maintenance terms by notice delivered to
Customer twelve (12) months or more before the end of the then-current
maintenance term. VeriSign shall not be obligated to provide maintenance for
versions older than the next most current version. For the purpose of this
Section 4.1, "versions" shall refer to the integer portion of the release of a
product (i.e., the "version" of Release 1.2 of a product is 1, therefore, when
----
Release 3.0 of that product is introduced, VeriSign would not be required to
support any Release 1.x).
4.2 ADDITIONAL CHARGES. In the event VeriSign is required to take actions
------------------
to correct a difficulty or defect which is traced to Customer errors,
modifications, enhancements, software or hardware, then Customer shall pay to
VeriSign its time and materials charges at VeriSign's rates then in effect. In
the event VeriSign's personnel must travel to perform maintenance or on-site
support, Customer shall reimburse VeriSign for any reasonable out-of-pocket
expenses incurred,
______________________
* Confidential treatment has been requested with respect to certain portions of
this exhibit. Confidential portions have been omitted from the public filing
and have been separately filed with the Securities and Exchange Commission.
<PAGE>
VeriSign Private Label Agreement
Page 50
including travel to and from Customer's sites, lodging, meals and shipping, as
may be necessary in connection with duties performed under this Section 4 by
VeriSign.
4.3 MAINTENANCE PROVIDED BY VERISIGN. For periods for which Customer has
--------------------------------
paid an annual maintenance fee, VeriSign will provide Customer with the
following services:
4.3.1 TELEPHONE SUPPORT. VeriSign will provide telephone support to
-----------------
Customer during VeriSign's normal business hours. VeriSign may provide on-site
support reasonably determined to be necessary by VeriSign at Customer's location
specified on page 1 hereof. VeriSign shall provide the support specified in
this Section 4.3.1 to Customer's employees responsible for developing Customer
Products, maintaining Customer Products, and providing support to Second Tier
CAs. VeriSign will provide the name of an employee who will serve as a single
point of contact for support to Customer. VeriSign may change the name at any
time by providing written notice to Customer. On VeriSign's request, Customer
will provide a list with the names of the employees designated to receive
support from VeriSign. Customer may change the names on the list at any time by
providing written notice to VeriSign.
4.3.2 ERROR CORRECTION. In the event Customer discovers an error in
----------------
the Licensed Software which causes the Licensed Software not to operate in
material conformance to VeriSign's published specifications therefor, Customer
shall submit to VeriSign a written report describing such error in sufficient
detail to permit VeriSign to reproduce such error. Upon receipt of any such
written report, VeriSign will use its reasonable business judgment to classify a
reported error as either: (i) a "Level 1 Severity" error, meaning an error that
causes the Licensed Software to fail to operate in a material manner or to
produce materially incorrect results and for which there is no workaround or
only a difficult workaround; or (ii) a "Level 2 Severity" error, meaning an
error that produces a situation in which the Licensed Software is usable but
does not function in the most convenient or expeditious manner, and the use or
value of the Licensed Software suffers no material impact. VeriSign will
acknowledge receipt of a conforming error report within two (2) business days
and (A) will use its continuing best efforts to provide a correction for any
Level I Severity error to Customer as early as practicable; and (B) will use its
reasonable efforts to include a correction for any Level 2 Severity error in the
next release of the VeriSign Software.
4.3.3 NEW RELEASES AND NEW VERSIONS. VeriSign will provide Customer
-----------------------------
information relating to New Releases and New Versions of the VeriSign Software
during the term of this Agreement. New Releases will be provided at no
additional charge. New Versions will be provided at VeriSign's standard upgrade
charges in effect at the time. Any New Releases or New Versions acquired by
Customer shall be governed by all of the terms and provisions of this Agreement.
4.4 LAPSED MAINTENANCE. In the event Customer has not purchased optional
------------------
maintenance with respect to any Licensed Software, Customer may obtain a license
of a New Release of such Licensed Software or any service which is provided as a
part of maintenance by paying the maintenance fees which would otherwise have
been due from the expiration of
<PAGE>
VeriSign Private Label Agreement
Page 51
maintenance provided pursuant to Section 4.1 to the date such New Release is
licensed or such service is provided.
5. MASTER COPY
-----------
As soon as practicable, but not later than five (5) business days after the
date of execution of this Agreement, VeriSign shall deliver to Customer one (1)
copy of each of the VeriSign Object Code, the VSE Source Code (if licensed
hereunder) and the User Manual in the manner designated on Exhibit "A".
6. ADDITIONAL OBLIGATIONS OF CUSTOMER
----------------------------------
6.1 CUSTOMER PRODUCT MARKETING. Customer is authorized to represent to
--------------------------
Second Tier CAs and Subscribers only such facts about the VeriSign Software as
VeriSign states in its published product descriptions, advertising and
promotional materials or as may be stated in other non-confidential written
material furnished by VeriSign.
6.2 CUSTOMER SUPPORT. Customer shall, at its expense, provide all support
----------------
for the Licensed Software, Customer Products to Second Tier CAs and Subscribers.
6.3 LICENSE AGREEMENTS. Customer shall cause to be delivered to each
------------------
Second Tier CA a license agreement which shall contain, at a minimum,
substantially all of the limitations of rights and the protections for VeriSign
which are contained in Sections 2.3, 6.4.2, 6.5, 7.2, 7.3, 9.8 and 9.9 of this
Agreement and shall prohibit Second Tier CAs pursuant to written agreements from
modifying, reverse engineering, decompiling or disassembling the VeriSign Object
Code or any part thereof, to the extent permitted by applicable law. Customer
shall use commercially reasonable efforts to ensure that all Second Tier CAs
abide by the terms of such agreements.
6.4 CONFIDENTIALITY; PROPRIETARY RIGHTS.
-----------------------------------
6.4.1 CONFIDENTIALITY. .The parties acknowledge that in their
---------------
performance of their duties hereunder the parties will communicate to each other
(or its designees) certain confidential and proprietary information concerning
their respective businesses and products, and know-how, technology, techniques
or marketing plans related thereto (collectively, the "Know-How") all of which
are confidential and proprietary to, and trade secrets of that party. Each
party agrees to hold all the Know-How within its own organization and shall not,
without specific written consent of the other party or as expressly authorized
herein, utilize in any manner, publish, communicate or disclose any part of the
Know-How to third parties. This Section 6.4.1 shall impose no obligation on
either party with respect to any Know-How which: (i) is in the public domain at
the time disclosed by the party owning such Know-How; (ii) enters the public
domain after disclosure other than by breach of the receiving party's
obligations hereunder or by breach of another party's confidentiality
obligations; or (iii) is shown by documentary evidence to have been known by the
receiving party prior to its receipt from the disclosing party. Each party will
take such steps as are consistent with that party's protection of its own
confidential and proprietary information (but will in no event exercise less
than reasonable care) to ensure that the provisions of this Section 6.4.1 are
not violated by any third
<PAGE>
VeriSign Private Label Agreement
Page 52
party including each party's, employees, agents, Customer's Second Tier CA's, or
any other person.
6.4.2 PROPRIETARY MARKINGS; COPYRIGHT NOTICES. Customer agrees not
---------------------------------------
to remove or destroy any proprietary, trademark or copyright markings or
notices placed upon or contained within the VeriSign Source Code, VeriSign
Object Code, User Manuals or any related materials or documentation. Customer
further agrees to insert and maintain: (i) within every Customer Product and
any related materials or documentation a copyright notice in the name of
Customer; and (ii) within the splash screens, user documentation, printed
product collateral, product packaging and advertisements for the Customer
Product, a statement that the Customer Product contains the VeriSign Software.
Customer shall not take any action which might adversely affect the validity of
VeriSign's proprietary, trademark or copyright markings or ownership by
VeriSign thereof, and shall cease to use the markings, or any similar markings,
in any manner on the expiration or other termination of the license rights
granted pursuant to Section 2.
6.4.3 SOURCE CODE. Customer acknowledges the extreme importance of
-----------
the confidentiality and trade secret status of the VSE Source Code and Customer
agrees, in addition to complying with the requirements of Sections 6.4.1 and
6.4.2 as they relate to the VSE Source Code, to: (i) inform any employee that is
granted access to all or any portion of the VSE Source Code of the importance of
preserving the confidentiality and trade secret status of the VSE Source Code;
and (ii) maintain a controlled, secure environment for the storage and use of
the VSE Source Code.
6.4.4 NO PUBLICATION. The placement of a copyright notice on any of
--------------
the VeriSign Software shall not constitute publication or otherwise impair the
confidential or trade secret nature of the VeriSign Software.
6.4.5 INJUNCTIVE RELIEF. Both parties acknowledge that the
-----------------
restrictions contained in this Section 6.4 are reasonable and necessary to
protect both parties' legitimate interests and that any violation of these
restrictions will cause irreparable damage to the other party within a short
period of time and each party agrees that the other party will be entitled to
injunctive relief against each violation.
6.5 FEDERAL GOVERNMENT SUBLICENSE. Any sublicense of a Customer Product
-----------------------------
acquired from Customer under a United States government contract shall be
subject to restrictions as set forth in subparagraph (c)(l)(ii) of Defense
Federal Acquisition Regulations Supplement (DFARS) Section 252.227-7013 for
Department of Defense contracts and as set forth in Federal Acquisition
Regulations (FARs) Section 52.227-19 for civilian agency contracts or any
successor regulations. Customer agrees that any such sublicense shall set forth
all of such restrictions and the tape or diskette label for the Customer Product
and any documentation delivered with the Customer Product shall contain a
restricted rights legend conforming to the requirements of the current,
applicable DFARS or FARs.
<PAGE>
VeriSign Private Label Agreement
Page 53
6.6 NOTICES. Each party shall immediately advise the other party of any
-------
legal notices served on that party which might affect the other party.
6.7 VERISIGN'S INDEMNITY. CUSTOMER EXPRESSLY INDEMNIFIES AND HOLDS
--------------------
HARMLESS VERISIGN, ITS SUBSIDIARIES, AGENTS AND AFFILIATES FROM: (i) ANY AND ALL
LIABILITY OF ANY KIND OR NATURE WHATSOEVER TO CUSTOMER'S SECOND TIER CAs OR
SUBSCRIBERS AND THIRD PARTIES WHICH MAY ARISE FROM ACTS OF CUSTOMER OR FROM THE
LICENSE OF CUSTOMER PRODUCTS BY CUSTOMER OR ANY DOCUMENTATION, SERVICES OR ANY
OTHER ITEM FURNISHED BY CUSTOMER TO ITS SECOND TIER CAs, OTHER THAN LIABILITY
ARISING FROM THE VERISIGN SOURCE CODE, THE VERISIGN OBJECT CODE OR THE USER
MANUALS (UNLESS SUCH LIABILITY WOULD NOT HAVE ARISEN IN THE ABSENCE OF
MODIFICATIONS TO ANY OF THE FOREGOING BY CUSTOMER OR ITS EMPLOYEES, AGENTS OR
CONTRACTORS) OR FROM THE ACTS OF VERISIGN; AND (ii) ANY LIABILITY ARISING IN
CONNECTION WITH AN UNAUTHORIZED REPRESENTATION OR ANY MISREPRESENTATION OF FACT
MADE BY CUSTOMER OR ITS AGENTS OR EMPLOYEES TO ANY PARTY WITH RESPECT TO THE
VERISIGN SOFTWARE OR ANY CUSTOMER PRODUCTS.
6.8 CUSTOMER'S INDEMNITY. VERISIGN EXPRESSLY INDEMNIFIES AND HOLDS
--------------------
HARMLESS CUSTOMER, ITS SUBSIDIARIES, AGENTS AND AFFILIATES FROM: (i) ANY AND ALL
LIABILITY OF ANY KIND OR NATURE WHATSOEVER TO ANY THIRD PARTIES THAT MAY ARISE
FROM ACTS OF VERISIGN OR FROM USE OF VERISIGN SOURCE CODE, VERISIGN'S OBJECT
CODE OR VERISIGN'S USER MANUALS (UNLESS SUCH LIABILITY WOULD NOT HAVE ARISEN IN
THE ABSENCE OF MODIFICATIONS TO ANY OF THE FOREGOING BY CUSTOMER OR ITS
EMPLOYEES, AGENTS OR CONTRACTORS); AND (ii) ANY LIABILITY ARISING IN CONNECTION
WITH AN UNAUTHORIZED REPRESENTATION OR ANY MISREPRESENTATION OF FACT MADE BY
VERISIGN OR ITS AGENTS OR EMPLOYEES TO ANY PARTY WITH RESPECT TO CUSTOMER
PRODUCTS, OR ANY VERISIGN SOFTWARE.
7. LIMITED WARRANTY; DISCLAIMER OF WARRANTIES; LIMITATION OF LIABILITY;
--------------------------------------------------------------------
INTELLECTUAL PROPERTY INDEMNITIES
---------------------------------
7.1 LIMITED WARRANTY. During the initial ninety (90)-day term of this
----------------
Agreement VeriSign warrants that the Licensed Software specified in this
Agreement will operate in material conformance to VeriSign's published
specifications for such Licensed Software. VeriSign does not warrant that the
VeriSign Software or any portion thereof is error-free. Customer's exclusive
remedy, and VeriSign's entire liability in tort, contract or otherwise, shall be
correction of any warranted nonconformity as provided in Section 4.3.2. This
limited warranty and any obligations of VeriSign under Section 4.1 shall not
apply to any Customer Modifications or any nonconformities caused thereby and
shall terminate immediately if Customer makes any modification to the VeriSign
Software other than Customer Modifications.
<PAGE>
VeriSign Private Label Agreement
Page 54
7.2 DISCLAIMER. EXCEPT FOR THE EXPRESS LIMITED WARRANTY PROVIDED IN
----------
SECTION 7.1, VERISIGN'S PRODUCTS AND SERVICES ARE PROVIDED "AS IS" WITHOUT ANY
WARRANTY WHATSOEVER. VERISIGN DISCLAIMS ALL WARRANTIES, EXPRESS, IMPLIED OR
STATUTORY, AS TO ANY MATTER WHATSOEVER, INCLUDING ALL IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. NO ORAL OR WRITTEN
INFORMATION OR ADVICE GIVEN BY VERISIGN OR ITS EMPLOYEES OR REPRESENTATIVES
SHALL CREATE A WARRANTY OR IN ANY WAY INCREASE THE SCOPE OF VERISIGN'S
OBLIGATIONS.
7.3 LIMITATION OF LIABILITY. NEITHER PARTY WILL BE LIABLE TO THE OTHER
-----------------------
PARTY, TO A SUBSCRIBER OR TO ANY THIRD PARTY FOR ANY CONSEQUENTIAL, INDIRECT,
SPECIAL, INCIDENTAL OR EXEMPLARY DAMAGES, WHETHER FORESEEABLE OR UNFORESEEABLE
(INCLUDING, BUT NOT LIMITED TO, GOODWILL, PROFITS, INVESTMENTS, USE OF MONEY OR
USE OF FACILITIES; INTERRUPTION IN USE OR AVAILABILITY OF DATA; STOPPAGE OF
OTHER WORK OR IMPAIRMENT OF OTHER ASSETS; OR LABOR CLAIMS, EVEN IF VERISIGN HAS
BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES), ARISING OUT OF BREACH OF ANY
EXPRESS OR IMPLIED WARRANTY, BREACH OF CONTRACT, NEGLIGENCE, EXCEPT ONLY IN THE
CASE OF DEATH OR PERSONAL INJURY WHERE AND TO THE EXTENT THAT APPLICABLE LAW
REQUIRES SUCH LIABILITY. UNDER NO CIRCUMSTANCES SHALL EITHER PARTY'S LIABILITY
TO THE OTHER PARTY OR ANY SUBSCRIBER OR ANY THIRD PARTY ARISING OUT OF OR
RELATED TO THIS AGREEMENT, EXCLUDING LIABILITY FOR LICENSE FEES, MAINTENANCE
FEES OR UPGRADE FEES ACTUALLY OWED TO A PARTY, EXCEED $100,000 WITH RESPECT TO A
SINGLE OCCURRENCE OR $1,000,000 IN THE AGGREGATE REGARDLESS OF WHETHER ANY
ACTION OR CLAIM IS BASED ON WARRANTY, CONTRACT, TORT OR OTHERWISE. THE
LIMITATION SET FORTH IN THIS SECTION 7.3 SHALL NOT APPLY TO INDEMNITIES OR
RIGHTS GRANTED BY SECTION 7.4 OR 7.5.
7.4 PROPRIETARY RIGHTS INFRINGEMENT BY VERISIGN.
-------------------------------------------
7.4.1 OBLIGATION TO DEFEND. VeriSign, at its own expense, shall: (i)
--------------------
defend, or at its option settle, any claim, suit or proceeding against Customer
on the basis of infringement or misappropriation of any United States patent,
copyright, trade secret or any other intellectual property right by the Licensed
Software as delivered by VeriSign (excluding the Customer Modifications) or any
claim that VeriSign has no right to license the Licensed Software hereunder; and
(ii) pay any final judgment entered or settlement against Customer on such issue
in any such suit or proceeding defended by VeriSign. VeriSign shall have no
obligation to Customer pursuant to this Section 7.4.1 unless: (A) Customer gives
VeriSign prompt written notice of the claim; (B) VeriSign is given the right to
control and direct the investigation, preparation, defense and settlement of the
claim; and (C) the claim is based on Customer's use of the most recent version
or the immediately preceding version of the Licensed Software in accordance with
this Agreement.
<PAGE>
VeriSign Private Label Agreement
Page 55
7.4.2 VERISIGN OPTIONS. If VeriSign receives notice of an alleged
----------------
infringement, VeriSign shall have the right, at its sole option, to obtain the
right to continue use of the Licensed Software or to replace or modify the
Licensed Software so that it is no longer infringing. If neither of the
foregoing options is reasonably available to VeriSign, then the license rights
granted pursuant to Section 2 may be terminated at the option of either party
hereto without further obligation or liability except as provided in Sections
7.4.1 and 8.3 and in the event of such termination, VeriSign shall refund the
License Fees paid by Customer hereunder ("Refunded Fees") less depreciation for
use assuming straight line depreciation over a five (5)-year useful life.
Alternatively, if VeriSign is unable to obtain the necessary rights to permit
Customer to continue use of the Licensed Software, Customer may obtain a license
permitting its use of the Licensed Software. Customer may seek reimbursement for
any such fees up to the amount of Refunded Fees. If Customer obtains such a
license from a third party, then this Agreement shall continue with both
parties' rights and obligations unchanged.
7.4.3 EXCLUSIVE REMEDIES. THE RIGHTS AND REMEDIES SET FORTH IN
------------------
SECTIONS 7.4.1 AND 7.4.2 CONSTITUTE THE ENTIRE OBLIGATION OF VERISIGN AND THE
EXCLUSIVE REMEDIES OF CUSTOMER CONCERNING VERISIGN'S PROPRIETARY RIGHTS
INFRINGEMENT.
7.5 PROPRIETARY RIGHTS INFRINGEMENT BY CUSTOMER.
-------------------------------------------
7.5.1 OBLIGATION TO DEFEND. Subject to the limitations set forth
--------------------
below, Customer, at its own expense, shall: (i) defend, or at its option settle,
any claim, suit or proceeding against VeriSign on the basis of infringement or
misappropriation of any United States patent, copyright, trade secret or any
other intellectual property right by any Customer Product (excluding the
unmodified VeriSign Software) or the Customer Modifications; and (ii) pay any
final judgment entered or settlement against VeriSign on such issue in any such
suit or proceeding defended by Customer. Customer shall have no obligation to
VeriSign pursuant to this Section 7.5.1 unless: (A) VeriSign gives Customer
prompt written notice of the claim; and (B) Customer is given the right to
control and direct the investigation, preparation, defense and settlement of the
claim.
7.5.2 EXCLUSIVE REMEDIES. THE RIGHTS AND REMEDIES SET FORTH IN
------------------
SECTION 7.5.1 CONSTITUTE THE ENTIRE OBLIGATION OF CUSTOMER AND THE EXCLUSIVE
REMEDIES OF VERISIGN CONCERNING CUSTOMER'S PROPRIETARY RIGHTS INFRINGEMENT.
8. TERM AND TERMINATION
--------------------
8.1 TERM. The license rights granted pursuant to Section 2 shall be
----
effective as of the date hereof and shall continue in full force and effect for
each item of Licensed Software for the period set forth on Exhibit "A" unless
sooner terminated pursuant to the terms of this Agreement. Either party shall
be entitled to terminate all the license rights granted pursuant to this
Agreement at any time on written notice to the other in the event of a default
by the other party and a failure
<PAGE>
VeriSign Private Label Agreement
Page 56
to cure such default within a period of thirty (30) days following receipt of
written notice specifying that a default has occurred.
8.2 INSOLVENCY. Upon the institution of any proceedings by or against
----------
either party seeking relief, reorganization or arrangement under any laws
relating to insolvency, or upon any assignment for the benefit of creditors, or
upon the appointment of a receiver, liquidator or trustee of any of either
party's property or assets, or upon the liquidation, dissolution or winding up
of either party's business, then and in any such events all the license rights
granted pursuant to this Agreement may immediately be terminated by the other
party upon giving written notice.
8.3 DISPOSITION OF VERISIGN SOFTWARE AND USER MANUALS ON TERMINATION.
----------------------------------------------------------------
Upon the termination of this Agreement pursuant to a breach by Customer, the
remaining provisions of this Agreement shall remain in full force and effect,
and Customer shall cease making copies of, using or licensing the VeriSign
Software, User Manual and Customer Products, excepting only such copies of
Customer Products necessary to fill orders placed with Customer prior to such
expiration or termination. Customer shall destroy all copies of the VeriSign
Software, User Manual and Customer Products not subject to any then-effective
license agreement with a Second Tier CA and all information and documentation
provided by VeriSign to Customer (including all Know-How), other than such
copies of the VeriSign Object Code, the User Manual and the Customer Products as
are necessary to enable Customer to perform its continuing support obligations
in accordance with Section 6.2, if any, and except as provided in the next
following sentence. If Customer has licensed VeriSign Source Code hereunder,
for a period of one (1) year after the date of expiration or termination of the
license rights granted under this Agreement for any reason other than as a
result of default or breach by Customer, Customer may retain one (1) copy of the
VeriSign Source Code and is hereby licensed for such term to use such copy
solely for the purpose of supporting Second Tier CAs and Subscribers. Upon the
expiration of such one (l)-year period, Customer shall return such single copy
of the VeriSign Source Code to VeriSign or certify to VeriSign that the same has
been destroyed. In the event that this Agreement is terminated because of
VeriSign's breach, Customer's rights under Section 2 shall continue
indefinitely.
9. MISCELLANEOUS PROVISIONS
------------------------
9.1 GOVERNING LAWS. THE LAWS OF THE STATE OF CALIFORNIA, U.S.A.
--------------
(IRRESPECTIVE OF ITS CHOICE OF LAW PRINCIPLES) SHALL GOVERN THE VALIDITY OF THIS
AGREEMENT, THE CONSTRUCTION OF ITS TERMS, AND THE INTERPRETATION AND ENFORCEMENT
OF THE RIGHTS AND DUTIES OF THE PARTIES. THE PARTIES AGREE THAT THE UNITED
NATIONS CONVENTION ON CONTRACTS FOR THE INTERNATIONAL SALE OF GOODS SHALL NOT
APPLY TO THIS AGREEMENT. THE PARTIES AGREE THAT ANY SUIT TO ENFORCE ANY
PROVISION OF THIS AGREEMENT OR ARISING OUT OF OR BASED UPON THIS AGREEMENT OR
THE BUSINESS RELATIONSHIP BETWEEN THE PARTIES SHALL BE BROUGHT IN THE UNITED
STATES DISTRICT COURT FOR THE NORTHERN DISTRICT OF CALIFORNIA OR THE SUPERIOR OR
MUNICIPAL COURT IN AND FOR THE COUNTY OF SANTA CLARA, CALIFORNIA, U.S.A. Each
party agrees that such
<PAGE>
VeriSign Private Label Agreement
Page 57
courts shall have exclusive in personam jurisdiction and venue with respect to
such party, and each party submits to the exclusive in personam jurisdiction and
venue of such courts.
9.2 BINDING UPON SUCCESSORS AND ASSIGNS. Except as otherwise provided
-----------------------------------
herein, this Agreement shall be binding upon, and inure to the benefit of, the
successors, representatives, administrators and assigns of the parties hereto.
This Agreement shall not be assignable by either party, by operation of law or
otherwise, without the prior written consent of the other party, which shall not
be unreasonably withheld. Any such purported assignment or delegation without
the other party's written consent shall be void and of no effect.
9.3 SEVERABILITY. If any provision of this Agreement is found to be
------------
invalid or unenforceable, the remainder of this Agreement shall be interpreted
so as best to reasonably effect the intent of the parties hereto. IT IS
EXPRESSLY UNDERSTOOD AND AGREED THAT EACH AND EVERY PROVISION OF THIS AGREEMENT
WHICH PROVIDES FOR A LIMITATION OF LIABILITY, DISCLAIMER OF WARRANTIES OR
EXCLUSION OF DAMAGES IS INTENDED BY THE PARTIES TO BE SEVERABLE AND INDEPENDENT
OF ANY OTHER PROVISION AND TO BE ENFORCED AS SUCH.
9.4 ENTIRE AGREEMENT. This Agreement and the exhibits and schedules
----------------
hereto constitute the entire understanding and agreement of the parties hereto
with respect to the subject matter hereof and supersede all prior and
contemporaneous agreements, representations and understandings between the
parties.
9.5 AMENDMENT AND WAIVERS. Any term or provision of this Agreement may be
---------------------
amended, and the observance of any term of this Agreement may be waived, only by
a writing signed by the party to be bound.
9.6 ATTORNEYS' FEES. The prevailing party in any action or proceeding to
---------------
enforce or interpret any part of this Agreement shall be entitled to recover its
reasonable attorneys' fees (including fees on any appeal).
9.7 NOTICES. Any notice, demand, or request with respect to this
-------
Agreement shall be in writing and shall be effective only if it is delivered by
hand or mailed, certified or registered mail, postage prepaid, return receipt
requested, addressed to the appropriate party at its address set forth on page
1. Such communications shall be effective when they are received by the
addressee; but if sent by certified or registered mail in the manner set forth
above, they shall be effective not later than ten (10) days after being
deposited in the mail. Any party may change its address for such communications
by giving notice to the other party in conformity with this Section.
9.8 FOREIGN RESHIPMENT LIABILITY. THIS AGREEMENT IS EXPRESSLY MADE
----------------------------
SUBJECT TO ANY LAWS, REGULATIONS, ORDERS OR OTHER RESTRICTIONS ON THE EXPORT
FROM THE UNITED STATES OF AMERICA OF THE VERISIGN SOFTWARE OR CUSTOMER PRODUCTS
OR OF INFORMATION ABOUT THE VERISIGN SOFTWARE OR CUSTOMER PRODUCTS WHICH MAY BE
IMPOSED FROM TIME TO TIME BY THE GOVERNMENT OF THE UNITED STATES OF AMERICA.
<PAGE>
VeriSign Private Label Agreement
Page 58
NOTWITHSTANDING ANYTHING CONTAINED IN THIS AGREEMENT TO THE CONTRARY, CUSTOMER
SHALL NOT EXPORT OR REEXPORT, DIRECTLY OR INDIRECTLY, ANY VERISIGN SOFTWARE OR
CUSTOMER PRODUCTS OR INFORMATION PERTAINING THERETO TO ANY COUNTRY FOR WHICH
SUCH GOVERNMENT OR ANY AGENCY THEREOF REQUIRES AN EXPORT LICENSE OR OTHER
GOVERNMENTAL APPROVAL AT THE TIME OF EXPORT OR REEXPORT WITHOUT FIRST OBTAINING
SUCH LICENSE OR APPROVAL.
9.9 TRADEMARKS. By reason of this Agreement or the performance hereof,
----------
Customer shall acquire no rights of any kind in any VeriSign trademark, trade
name, logo or product designation under which the VeriSign Software was or is
marketed and Customer shall not make any use of the same for any reason except
as expressly authorized by this Agreement or otherwise authorized in writing by
VeriSign.
9.10 PUBLICITY. Neither party will disclose to third parties, other than
---------
its agents and representatives on a need-to-know basis, the terms of this
Agreement or any exhibits hereto (including without limitation any
License/Product Schedule) without the prior written consent of the other party,
except (i) either party may disclose such terms to the extent required by law,
(ii) either party may disclose the existence of this Agreement; and (iii)
VeriSign shall have the right to disclose that Customer is a Customer of the
VeriSign Software and that any publicly-announced Customer Product incorporates
the VeriSign Software. Customer shall provide to VeriSign, solely for
VeriSign's display purposes, one (I) working copy of each Customer Product which
consists solely of computer software and one (1) working or non-working unit of
any hardware product in which is incorporated a Customer Product which consists
of an integrated circuit or other hardware.
9.11 REMEDIES NON-EXCLUSIVE. Except as otherwise expressly provided, any
----------------------
remedy provided for in this Agreement is deemed cumulative with, and not
exclusive of, any other remedy provided for in this Agreement or otherwise
available at law or in equity. The exercise by a party of any remedy shall not
preclude the exercise by such party of any other remedy.
<PAGE>
VeriSign Private Label Agreement
Page 59
IN WITNESS WHEREOF, the parties have executed this Agreement as of the date of
the last signature below, unless a different effective date is specified on the
first page of this Agreement.
CUSTOMER:
VISA INTERNATIONAL SERVICE ASSOCIATION
By: __________________________________________
Printed Name: ________________________________
Title: _______________________________________
Date: ________________________________________
<PAGE>
VeriSign Private Label Agreement
Page 60
EXHIBIT "K"
SERVICE LEVEL AGREEMENT*
Secure Electronic Commerce
Services (SEC)
Electronic Certification
Services (ECS)
Service Level Agreement
Review Copy
Visa International / VeriSign
--------------------------------------------------------------------------------
Version 1.0
1
__________________________
* Confidential treatment has been requested with respect to certain portions of
this exhibit. Confidential portions have been omitted from the public filing
and have been separately filed with the Securities and Exchange Commission.
<PAGE>
Page 2 Visa SEC Service
REVIEW COPY Electronic Certification Services (ECS)
April 17, 1996 Visa /VeriSign Service Level Agreement
--------------------------------------------------------------------------------
April 1996
2
<PAGE>
Visa SEC Service Page i
Electronic Certification Services (ECS) REVIEW COPY
Visa / VeriSign Service Level Agreement April 18, 1996
--------------------------------------------------------------------------------
TABLE OF CONTENTS
I. OVERVIEW 1
II. ECS SYSTEM DESCRIPTION 1
1. Brand Certificate Authority 2
2. Cardholder Certificate Authority 2
3. Merchant Certificate Authority 2
4. Payment Gateway Certificate Authority 2
III. SCOPE 3
A. WITHIN SCOPE 3
B. OUTSIDE OF SCOPE 3
IV. ECS SERVICE LEVELS 4
A. SERVICE AVAILABILITY 4
1. Definition 4
2. Measurement 5
3. Minimum Service Level Requirement 5
B. RESPONSE TIME 6
1. Definition 6
2. Measurement 6
3. Minimum Service Level Requirement 7 7
C. THROUGHPUT 7
1. Definition 7
2. Measurement 8
3. Minimum Service Level Requirement 8
D. DATA MANAGEMENT 9
3
<PAGE>
1. Definition 9
2. Measurement 9
3. Minimum Service Level Requirement 9
E. SYSTEM MONITORING AND OUTAGE REPORTING 9
1. Definition 9
2. Measurement 10
3. Minimum Service Level Requirement 10
F. SCHEDULED DOWN TIME 10
1. Definition 10
2. Measurement 11
3. Minimum Service Level Requirement 11
G. BACKUP 11
1. Definition 11
2. Measurement 11
3. Minimum Service level Requirement 11
H. KEY COMPROMISE 12
1. Definition 12
2. Measurement 12
3. Minimum Service Level Requirement 12
I. CONTINGENCY OPERATIONS / RECOVERY 12
1. Definition 12
2. Measurement 13
3. Minimum Service Level Requirement 13
J. REPORTING 13
K. PENALTIES 14
1. Access to Service 14
2. On-line Certification Processing Service 15
3. Off-line Certification Processing Service 16
V. VERISIGN ECS CUSTOMER SUPPORT SERVICE LEVELS 17
A. Availability 17
4
<PAGE>
B. RESPONSE TIME 17
C. CUSTOMER SUPPORT CALLBACK TIMEFRAMES AND DEFINITIONS 17
5
<PAGE>
I. OVERVIEW
This Service Level Agreement (SLA) between Visa International (Visa) and
VeriSign, Inc. (VeriSign) details the terms for the supply of services by
VeriSign to Visa for the operation of the Visa Electronic Certification
Services (ECS). It specifically addresses the service levels that will be
in effect for the ECS pilot as defined in the project plan,. Service levels
for the test phases of ECS will be addressed separately.
This SLA is comprised of two components. The first addresses service levels
for ECS. The second addresses service levels for VeriSign ECS customer
support.
II. ECS SYSTEM DESCRIPTION
A logical depiction of the ECS system is presented below:
[DIAGRAM DEPICTING A "CERTIFICATE REQUESTER" CONNECTED TO A
CLOUD DEPICTING THE INTERNET, CONNECTED TO A USER INTERFACE
WHICH IS CONNECTED TO A PAYMENT GATEWAY CERTIFICATE AUTHORITY,
MERCHANT CERTIFICATE AUTHORITY AND A CARDHOLDER CERTIFICATE
AUTHORITY WHICH ARE THEN CONNECTED TO AN ACQUIRING BANK, VISA
AND AN ISSUING BANK.]
The logical components that are specifically addressed by this service level
agreement are described below:
1. BRAND CERTIFICATE AUTHORITY
The Brand CA issues SEC compliant digital certificates to Brand
members (Issuers and Acquirers or their processors) that wish
participate in Visa's Secure Electronic Commerce (SEC) Service. The
Brand CA issues Issuer certificates for use in issuing certificates to
the Issuer's cardholders and Acquirer certificates for use in issuing
certificates to the Acquirer's merchants. In addition the Brand CA
will issue certificates to Brand or Geo-political operated Payment
Gateway CAs for use in issuing certificates to Acquirer Payment
Gateways. The Brand CA will also issue certificates to Geo-political
CAs The Brand CA issues three types of certificates for each of their
members: certificate signature certificates, key exchange certificates
and message signature certificates.
2. CARDHOLDER CERTIFICATE AUTHORITY
The Cardholder CA issues SEC compliant digital certificates to the
Issuer's cardholders that wish to participate in Visa's Secure
Electronic Commerce (SEC) Service. The Cardholder CA issues a
signature certificate to each cardholder.
3. MERCHANT CERTIFICATE AUTHORITY
The Merchant CA issues SEC compliant digital certificates to the
Acquirer's merchants that wish to participate in Visa's Secure
Electronic Commerce (SEC) Service. The Merchant CA issues two types of
certificates to each merchant: key exchange certificates and message
signature certificates.
4. PAYMENT GATEWAY CERTIFICATE AUTHORITY
The Payment Gateway CA issues SEC compliant digital certificates to
the Payment Gateway's that wish to participate in Visa's Secure
Electronic Commerce (SEC)
6
<PAGE>
Service. The Payment Gateway CA issues two types of certificates to
each Payment Gateway: key exchange certificates and message signature
certificates.
III. SCOPE
VeriSign will be developing and operating a Certificate Authority on behalf
of Visa.
A. WITHIN SCOPE
The following components of ECS are addressed within the scope of this
service level agreement:
. Brand Certificate Authority (BCA)
. Payment Gateway Certificate Authority (PCA)
. Cardholder Certificate Authority (CCA)
. Merchant Certificate Authority (MCA)
B. OUTSIDE OF SCOPE
The following components of ECS are not addressed within the scope of this
service level agreement:
. Visa Access Point (VAP)
. VisaNet components (systems and network)
. Issuer components
. Acquirer components
. Geo-political Certificate Authority
IV. ECS SERVICE LEVELS
For the purpose of this SLA, ECS is considered to have two major
operational components:
1. Access to Service
This is the ability to receive a certificate transaction from a
requesting entity (e g., cardholder, merchant, payment gateway),
provide an appropriate signed response to the requester, and either
forward the certificate transaction to the appropriate CA for
immediate processing or queue it for subsequent processing (if the CA
is not available at that time).
2. Certification Processing Service
This is the ability to fully process the certificate transaction
(e.g., certificate request,
7
<PAGE>
certificate query, certificate response) and return an appropriate
signed response to the requester.
A. SERVICE AVAILABILITY
1. Definition
Access to Service
Access to ECS must be available, seven (7) days a week, twenty-four (24) hours a
day, 365 days a year.
On-line Certification Processing Service
All of the 'on-line' certificate authorities (CCA, MCA and PCA) must be
available for processing certificate transactions and performing administrative
functions such as regenerating keys seven (7) days a week, twenty-four (24)
hours a day, 365 days a year with the exception of scheduled down time
Off-line Certification Processing Service
Initially, the brand certificate operations require manual procedures, are
performed off-line and require the presence of authorized Visa and VeriSign
personnel. The Brand certificate authority must be available during the normal
hours of operation, as well as after hours by prior arrangement.
Normal hours of operation for the Brand CA are 0600 - 1800 PT. Visa will
normally provide VeriSign with a twenty-four (24) hour advance notice of any
required Brand CA operation.
In the event of extreme conditions, such as disaster recovery or key compromise,
Visa may require Brand CA operations outside of the normal operating periods.
Under such circumstances, Visa shall provide VeriSign with a two (2) hour
advance notice of the required Brand CA operations. Therefore, the Brand CA must
be available for issuing Cardholder CA, Merchant CA, Payment Gateway CA and Geo-
political CA certificates and performing administrative functions such as
generating keys seven (7) days a week, twenty-four (24) hours a day, 365 days a
year with the exception of scheduled downtime.
2. Measurement
Access to Service
The measurement for service availability is the amount of time that the
certificate processing service is capable of receiving and responding to
incoming certificate transactions in an appropriate manner, even if it is not
capable of certification processing. Nonavailability is the amount of time that
the requesting entity cannot access the service at all.
Certification Processing Service
The measurement for service availability is the amount of time that the CA is
capable of receiving, processing and responding to incoming certificate
transactions from the requesting entity (e.g., merchant, acquirer, issuer,
cardholder, payment gateway). Nonavailability is the amount of time that
8
<PAGE>
the CA is not capable of receiving, processing and responding to incoming
certificate transactions from the requesting entity (e.g., merchant, acquirer,
issuer, cardholder, payment gateway).
3. Minimum Service Level Requirement Access to Service
Access to Service availability must be *.
Certification Processing Service
The Brand CA must be available to process * of the certificate requests and
perform administrative functions such as generating keys.
All other CAs must be available to process certificate transactions and perform
administrative functions such as generating keys * of the time. Specifically,
for the on-line CAs (i.e., CCA, MCA, PCA), the total unscheduled downtime per
month must not exceed *;no single CA type can exceed * unscheduled downtime per
month; no single unscheduled outage of any CA can exceed *.
B. Response Time
1. Definition
Access to Service
The requesting entity must be able to submit a transaction and receive an
appropriate signed response within *.
On-line Certification Processing Service
On-line CAs must respond to all certificate transactions within one
(1) minute.
Off-line Certification Processing Service
There are two components of response time for the Brand CA.
1. The amount of time that it takes VeriSign to respond to a Visa request for
Brand CA operations
VeriSign must respond to a Visa request for Brand CA operations within *
during normal operating hours. Under extreme conditions, VeriSign must respond
to a Visa request for Brand CA operations within *.
2. The amount of time that the actual Brand CA operation requires
All Brand CA operations must be processed and validated within hour(s) of the
start of the operation. The specification timeframe will be determined at a
later date.
* Confidential treatment has been requested with respect to certain
portions of this exhibit. Confidential portions have been omitted from the
public filing and have been filed separately with the Securities and Exchange
Commission.
9
<PAGE>
2. Measurement
Access to Service
The measurement for response time is based upon the time elapsed from when a
certificate transaction reaches VeriSign's Internet access point until the
corresponding response message leaves VeriSign's Internet access point.
On-line Certification Processing Service
The measurement for response time is based upon the time elapsed from when a
certificate transaction reaches VeriSign's Internet access point until the
corresponding response message leaves
VeriSign's Internet access point.
Off-line Certification Processing Service
The measurement for response to requests for Brand CA operations is based upon
the time elapsed from when Visa contacts VeriSign to inform them of the intent
to perform a Brand CA operation until VeriSign confirms their availability to
perform a Brand CA operation.
The measurement for performing Brand CA operations is based upon the time
elapsed from when the operation starts until it is completed and verified.
3. Minimum Service Level Requirement
Access To Service
Access to Service response times must be met * of the time.
Certification Processing Service
For the on-line CAs, * of the certificate transactions must be responded to
within the required time.
For the Brand CA, * of the requests for Brand CA operations must be responded to
within the required time and * of the Brand CA operations must be performed
within the required time.
C. Throughput
1. Definition
Access to Service
The facilities that are providing Access to Service must be capable of meeting
the response time criteria identified above while supporting the following peak
certificate transaction per hour loads:
* Confidential treatment has been requested with respect to certain
portions of this exhibit. Confidential portions have been omitted from the
public filing and have been filed separately with the Securities and Exchange
Commission.
10
<PAGE>
1996 1997 1998 1999
All certificate transactions
(peak per hour). *
On-line Certification Processing Service
On-line CAs must be capable of meeting the response time criteria identified
above while supporting the following peak certificate transaction per hour
loads:
Review Copy Electronic Certification Services (ECS)
a) Cardholder Certificate Authority
1996 1997 1998 1999
Cardholder certificate
transactions (peak per hour) *
b) Merchant Certificate Authority
1996 1997 1998 1999
Merchant certificate
transactions (peak per hour) *
c) Payment Gateway Certificate Authority
1996 1997 1998 1999
Payment gateway certificate
transactions (peak per hour) *
Off-line Certification Processing
Throughput is not a factor for the Brand CA because all operations will be
performed sequentially and are dependent upon manual processes.
2. Measurement
The measurement for throughput is based upon the actual volumes of certificate
transactions that are processed by the various ECS system components while
meeting response time criteria.
3. Minimum Service Level Requirement Throughput requirements must be met *
of the time.
D. Data Management
1. Definition ECS data, which includes system logs, transaction history,
certificate registration data and certificates, must be available to support
various legal, billing and customer service requirements. The on-line access,
archive retention and retrieval requirements for the ECS data will vary by data
type as described below:
* Confidential treatment has been requested with respect to certain
portions of this exhibit. Confidential portions have been omitted from the
public filing and have been filed separately with the Securities and Exchange
Commission.
11
<PAGE>
Registration data and certificates
This data will be kept on-line for 90 days prior to being archived. Archived
data will be maintained for seven (7) years and must be retrievable, on-line and
/ or on hard copy, within six (6) hours of request.
System logs and transaction history
This data will be kept on-line for 90 days prior to being archived. Archived
data will be maintained for one year and must be retrievable, either on-line and
/ or on hard copy, within twenty-four (24) hours of request.
2. Measurement
The measurement for data management is based upon the data being available,
either on-line or retrieved from archive, within the periods specified above.
3. Minimum Service Level Requirement
The data management requirements must be met * of the time.
E. System Monitoring and Outage Reporting
1. Definition
Monitoring
The key storage units for all of the CAs must be checked for tampering on a
daily basis. The applications and/or systems for the Access to Service
facilities and Certification Processing Service must be monitored continually
and a status check taken every 30 minutes.
Outage Reporting
All ECS hardware and/or software faults shall be logged, tracked and reported
using a suitable computer-based system and provided to Visa within two (2) hours
of occurrence.
All ECS system hardware, network, and software failures, their impact on ECS
operations and any actions taken to correct the problem, including an event log
shall be reported to Visa according to the schedule listed in Section V.C -
Customer Callback Timeframes and Definitions. In addition, Visa shall be
notified within one hour of any major failure that affects the normal operation
of ECS.
2. Measurement The status checks must be recorded on a status log and signed by
the VeriSign system operator. This status log must be available for review by
Visa at any time.
Problem / event logs and system logs will record outages and causes (if known).
These also must be made available to Visa for review at any time.
* Confidential treatment has been requested with respect to certain
portions of this exhibit. Confidential portions have been omitted from the
public filing and have been filed separately with the Securities and Exchange
Commission.
12
<PAGE>
3. Minimum Service Level Requirement
Compliance with the monitoring, logging and reporting requirements must be *.
F. Scheduled Down Time
1. Definition
Access to Service
There is no scheduled down time for the Access to Service facility.
Certification Processing Service
There will be a scheduled down time period weekly to perform maintenance, backup
and upgrade functions for the CAs. This period will not exceed * and will be at
the same time each week as agreed to by Visa and VeriSign. If a longer down time
window is needed, it must be agreed to in advance by Visa and VeriSign.
2. Measurement
The measurement for scheduled down time for any CA is based on the time elapsed
from when the CA is not capable of performing operations until it becomes
available for performing operations. During this down time period, certificate
transactions intended for the CA must be accepted, an appropriate signed
response message returned to the requester, and the transaction queued for
processing when the CA becomes available again for performing operations. Daily
system logs will indicate system down time and the cause (if known) and can be
used to track outages.
3. Minimum Service Level Requirement
* of the down times must be within the required period. In addition, the
access to the service (i.e., the receipt of certificate transactions, return of
appropriate signed response, queuing of transaction for subsequent processing)
must be available * of the time.
G. Backup
1. Definition
At a minimum, all data related to the CAs, including application files and
databases, system tables, log files, etc., will be backed up on a scheduled,
daily basis. In addition, the CA application and all system components will be
backed up on a weekly basis. All backups must be done non-disruptively without
adversely impacting normal ECS operations. The backup files must be stored in a
secure off-site facility as agreed upon by VeriSign and Visa.
2. Measurement
Daily system logs will indicate time and location of backup files, backup media
identification and any other relevant information needed for recovery of backup
files.
* Confidential treatment has been requested with respect to certain
portions of this exhibit. Confidential portions have been omitted from the
public filing and have been filed separately with the Securities and Exchange
Commission.
13
<PAGE>
3. Minimum Service level Requirement
The backup requirements must be met * of the time.
H. KEY COMPROMISE
1. Definition
On-line Certification Processing Service
In the event of a key compromise, an on-line CA must be able to revoke
certificates generated with the compromised key or keys, generate new keys,
request a new certificate from the appropriate CA, regenerate subordinate
certificates with the new keys, and have these certificates available for
distribution within twenty-four (24) hours of the time that the compromise is
identified for merchants, payment gateways, MCAs, CCAs, GCAs and PCAs. The
timeframe for cardholders will be y hours for certificates. In addition, the new
public key must be published as specified by Visa.
Off-line Certificate Processing Service
In the event of a key compromise, the Brand CA must be able to revoke
certificates generated with the compromised key or keys, generate new keys and
have a new certificate(s) request ready to submit to the Root CA within two
hours of the time that the compromise is identified. In addition, the new public
key must be published as specified by Visa.
2. Measurement
The measurement of recovery from key compromise is the elapsed period of time
between the point at which the key compromise is identified and the point in
time at which the regenerated certificates are available for distribution (on-
line CAs) or a new certificate(s) request is ready for submission to the Root CA
(Brand CA).
3. Minimum Service Level Requirement
The key compromise recovery time frames must be met * of the time.
I. CONTINGENCY OPERATIONS / RECOVERY
1. Definition
Access to Service
In the event of a failure of the Access to Service facilities, a switch must
immediately occur to a backup set of facilities. At no time should a requesting
entity not be able to submit a certificate transaction and receive an
appropriate signed response.
* Confidential treatment has been requested with respect to certain
portions of this exhibit. Confidential portions have been omitted from the
public filing and have been filed separately with the Securities and Exchange
Commission.
14
<PAGE>
Certification Processing Service
If any single component of the Certification Processing Service (e.g., CA)
fails, the component shall be recovered to the point of failure within six (6)
hours. In the interim period before normal operations have been restored, Access
to Service must be available with certificate transactions accepted and queued
for future processing and an appropriate signed response returned to the
requesting entity. If at the end of six hours the failed component has not been
recovered, operations for that component will be performed at the backup site
until such time as the component at the primary site has recovered.
In the event of a total Certification Processing Service failure, a switch to a
backup facility must occur. Within twenty-four (24) hours, normal operations
should begin at the alternate site with recovery to the point of failure for all
systems and files. In the interim period before normal operations have begun at
the alternate site, Access to Service must be available to receive certificate
transactions, queue the transactions for future processing and provide an
appropriate signed response to the requesting entity. When the primary site has
recovered, upon agreement by Visa and VeriSign, operation of the Certification
Processing Service will be switched back to the primary site with no loss of
data.
2. Measurement
The measurement for recovery of an ECS system component or a total system outage
will the length of time between the point that the outage occurs and the point
that a full recovery to normal operations has been completed.
The ability to satisfy the recovery and / or contingency operations requirements
will be demonstrated through periodic scheduled tests.
3. Minimum Service Level Requirement
The recovery and contingency operations requirements must be met * of the
time.
J. REPORTING
VeriSign shall provide Visa with reporting on a scheduled basis. This will
include both service level and activity reporting and may be either on hard copy
or electronic (i.e., report or data files) form as agreed to by Visa and
VeriSign.
K. PENALTIES
All service levels are calculated, and penalties assessed, on a monthly basis.
1. Access to Service
Availability
Service Level: * availability, 24 hours per day, 7 days per week, 365 days
per year
* Confidential treatment has been requested with respect to certain
portions of this exhibit. Confidential portions have been omitted from the
public filing and have been filed separately with the Securities and Exchange
Commission.
15
<PAGE>
Penalty:
* $5,000
$10,000
$15,000
Below $5,000 per percent
Considered to be grounds for termination of contract
Response Time
Service Level: 100% of certificate transactions received, responded to
(appropriate signed response) within *.
Penalty:
* $500
$1,000
$1,500
$2,000
$2,500
Below $500 per percent
Considered to be grounds for termination of contract
2. On-line Certification Processing Service
Availability
Service Level: * availability, 24 hours per day, 7 days per week, 365 days
per year with exception of scheduled downtime.
Penalty:
* $5,000 per CA
$10,000 per CA
$15,000 per CA
Below $5,000 per percent per CA
Considered to be grounds for termination of contract
Response Time
Service Level: * of certificate transactions received, responded to
(appropriate signed response) within *.
* Confidential treatment has been requested with respect to certain
portions of this exhibit. Confidential portions have been omitted from the
public filing and have been filed separately with the Securities and Exchange
Commission.
16
<PAGE>
Penalty:
* $500 per CA
$1,000 per CA
$1,500 per CA
$2,000 per CA
$2,500 per CA
Below $500 per percent per CA
Considered to be grounds for termination of contract
3. Off-line Certification Processing Service
Availability
Service Level: * availability during normal operating hours and upon request
with proper notification.
Penalty: $10,000 per occurrence of non-availability.
Response Time
Service Level: * of requests for Brand CA operations must be responded to
within * during normal operating hours. Under extreme conditions,
VeriSign must respond to a Visa request for Brand CA operations within *.
* of Brand CA operations must be processed and validated within * of the start
of the operation.
V. VERISIGN ECS CUSTOMER SUPPORT SERVICE LEVELS
VeriSign will provide support to Visa as described in the customer support
requirements section of the contract. The VeriSign interface for customer
support will be limited to designated individuals within Visa.
A. Availability
VeriSign Customer Service must be available to accept and respond to problem
calls from Visa seven (7) days a week, twenty-four (24) hours a day.
B. Response Time
Normal Hours of Operation Between 0600 and 1800 PT, VeriSign Customer Support
should respond immediately (i.e., answer the telephone within three rings).
Outside of Normal Hours of Operation Between 1800 and 0600 PT, VeriSign Customer
Support should respond within fifteen (15) minutes.
* Confidential treatment has been requested with respect to certain
portions of this exhibit. Confidential portions have been omitted from the
public filing and have been filed separately with the Securities and Exchange
Commission.
17
<PAGE>
C. Customer Support Callback Timeframes and Definitions
VeriSign Customer Support will ,at a minimum, initiate a return telephone call
to Visa to establish if the problem has been corrected based on the following
call reporting criteria:
Problem Callback
Severity Definition Frequency
1 Entire population of a CA impacted 30 minutes
2 Multiple Member CAs impacted 60 minutes
3 Single Member CA impacted 90 minutes
4 Single cardholder or merchant impacted 120 minutes
In every case, if the problem has not been corrected within the callback
frequency, VeriSign Customer Support will monitor the problem to determine if
any corrective work has begun. If it has, then VeriSign Customer Support will
continue to monitor the situation and provide
18
<PAGE>
VeriSign Private Label Agreement
Page 61
EXHIBIT "L"
SUPPORT LEVELS
1. Second-Level Support for Members
VeriSign will provide second level telephone support for any problem
concerning a Certificate issued to a Member on a twenty-four (24) hour per day,
seven (7) day per week basis. In the event that a Member problem is not
resolved by the first level good-faith efforts of VISA Member Support, VeriSign
will provide second level telephone support for a reasonable volume of calls
from VISA Member Support Upon VISA Member Support's providing VeriSign with a
clear description of the unresolved problem, VeriSign will verify the problem's
existence and determine the conditions under which the problem may recur. After
such verification and determination, VeriSign will, at its option,
1.1 use its best efforts to provide an immediate fix for the problem;
1.2 use its best efforts to provide a temporary solution of or workaround
to the problem;
1.3 provide a statement that the problem will be corrected in a future
release;
1.4 provide a statement that more information about the problem is
required (however, after sufficient information, in VeriSign's
opinion, is provided to VeriSign, VeriSign will provide to Customer
one of the other four support alternatives contained in this Section
1); or
1.5 provide a statement that the Private Label Certificate System operates
as described in VeriSign's then current user documentation or that the
problem arises when such Private Label Certificate System is used
other than in a manner for which it was designed
In the case of such second-level support, VeriSign will not contact a
Member directly for more information about the problem unless VISA Member
Support so requests.
2. THIRD-LEVEL SUPPORT FOR CARDHOLDERS AND MERCHANTS
In the event that a Cardholder or Merchant problem has not been resolved by
the good-faith efforts of the relevant Member at the first level or by VISA at
the second level, VeriSign will provide telephone support for a reasonable
volume of calls to VISA as the third level. Upon VISA's providing VeriSign with
a clear description of the unresolved problem, VeriSign will verify the
problem's existence and determine the conditions under which the problem may
recur. After such verification and determination, VeriSign will, at its option,
2.1 use its best efforts to provide an immediate fix for the problem;
<PAGE>
VeriSign Private Label Agreement
Page 62
2.2 use its best efforts to provide a temporary solution of or workaround
to the problem;
2.3 provide a statement that the problem will be corrected in a future
release;
2.4 provide a statement that more information about the problem is
required (however, after sufficient information, in VeriSign's
opinion, is provided to VeriSign, VeriSign will provide to Customer
one of the other four support alternatives contained in this Section
2); or
2.5 provide a statement that the Private Label Certificate System operates
as described in VeriSign's then current user documentation or that the
problem arises when such Private Label Certificate System is used
other than in a manner for which it was designed.
In the case of third level support provided for Cardholder and Merchant
problems, VeriSign will not contact the Member directly for more information
about the problem unless VISA so requests, and VeriSign will not contact the
Merchant or Cardholder directly under any circumstances.
The following chart summarizes telephone support provided in this Section:
================================================================================================================
Type of Certificate Entity Supported First level Second level Third level
----------------------------------------------------------------------------------------------------------------
Member Issuers, VISA Member VeriSign N/A
Acquirers, Support
Processors
----------------------------------------------------------------------------------------------------------------
Cardholder Cardholders Member VISA VeriSign
----------------------------------------------------------------------------------------------------------------
Merchant Merchants Member VISA VeriSign
================================================================================================================
3. TIMES TELEPHONE SUPPORT IS PROVIDED
VeriSign will accept and log all second level support requests received
from Customer on a twenty-four (24) hour per day, seven (7) day per week basis,
including national holidays. VeriSign will provide regular telephone support
for both second level and third level on Monday through Friday 8:00 a.m. to
5:00 p.m., local time, and will provide critical corrective support after hours
(outside the hours of 8:00 a.m. to 5:00 p.m., local time) and on national
holidays. A problem is considered critical when the Private Label Certificate
System will not operate or the Customer cannot perform its business function due
to a Private Label Certificate System problem.
<PAGE>
VeriSign Private Label Agreement
Page 63
4. CUSTOMER RESPONSIBILITIES FOR TELEPHONE SUPPORT
Customer will (i) identify, document and report to VeriSign each problem
with the Private Label Certificate System necessitating telephone support, (ii)
supply VeriSign with all documentation and assistance necessary to demonstrate
and allow VeriSign to diagnose the problem, and (iii) install each solution to
such problem provided by VeriSign. If Customer requests corrective changes to
the Private Label Certificate System and VeriSign determines that the reported
malfunction is not related to the Private Label Certificate System, VeriSign may
charge Customer for its diagnostic services on a time and materials basis.
Customer will assure the proper use, management and supervision of any
application programs, audit controls, operating methods and office procedures
necessary for the intended use of the Private Label Certificate System.
Customer will provide the first-level support to Members through VISA
Member Support as provided in Section I above. Customer will provide second-
level support to Cardholders and Merchants through VISA as provided in Section 2
above.
<PAGE>
VeriSign Private Label Agreement
Page 64
EXHIBIT "M"
TIMETABLE FOR RESOLUTION OF OUTSTANDING ISSUES
Open Issues Date for Resolution
----------- -------------------
1. Logo Usage Guide to be attached to Agreement as Exhibit "C June 30, 1996
2. Add description of level of telephone support for Payment
Gateway to Exhibit "L" June 30, 1996
3. VISA Requirements for ECS (Exhibit "F') to be finalized as
to issues indicated as open therein June 30, 1996
4. System Design Specifications to be attached to Agreement as
Exhibit "E" after approval by VISA In accordance with
Project Plan
5. Acceptance Test Procedures to be attached to Agreement as
Exhibit "G" upon approval by VISA In accordance with
Project Plan
6. Service Level Specification to be reevaluated for possible
modification after Acceptance Test Procedures have been
approved. In accordance with
Project Plan