VeriSign Inc. Contracts
Sample Business Contracts
Private Label Agreement - VeriSign Inc. and VISA International Service Associaton
Services Forms
[Confidential Treatment Requested]
PLA Number: ______________________
Date of Agreement: _______________
VERISIGN PRIVATE LABEL AGREEMENT
Customer: VISA International Service Association, a Delaware
-------------------------------------------------------------
corporation
-------------------------------------------------------------
Customer Address: 900 Metro Center Boulevard, Foster City California 94404 or
-------------------------------------------------------------
P.O. Box 8999, San Francisco, California 94128-8999
-------------------------------------------------------------
Customer Contact: Irv Wentzien, Vice President
------------------------------------------------------------
Effective Date: October 3, 1996
------------------------------------------------------------
Term of Agreement: One year
------------------------------------------------------------
Exhibits Attached: Exhibit "A": Definitions
Exhibit "B": Fees
Exhibit "C": Logo Usage Guide
Exhibit "D": Project Plan Elements
Exhibit "E": System Design Specifications
Exhibit "F": Customer Requirements
Exhibit "G": Acceptance Test Procedures
Exhibit "H": Reserved
Exhibit "I": Escrow Agreement
Exhibit "J": License Agreement
Exhibit "K": Service Level Specification
Exhibit "L": Support Levels
THIS VERISIGN PRIVATE LABEL AGREEMENT ("AGREEMENT"), effective as of the
---------
Effective Date set forth above, is entered into by and between VeriSign, Inc., a
Delaware corporation, having its principal place of business at 2593 Coast
Avenue, Mountain View, California 94043 ("VERISIGN"), and the party identified
--------
above ("CUSTOMER"), having a principal address as set forth above.
--------
R E C I T A L
VeriSign provides Certificate-issuing and certain other services to members
of both public and private hierarchies. Customer wishes VeriSign to design,
build and operate a Private Label Certificate System based on Customer's Root
Key for the use by Customer to provide certificate registration, issuing and
management functions in connection with the Visa Cash stored value card and the
Chip Card Payment System, all on the terms and subject to the conditions set
forth in this Agreement.
NOW, THEREFORE, the parties hereto agree as follows:
A G R E E M E N T
<PAGE>
VeriSign Private Label Agreement
Page 2
2. VERISIGN SERVICES TO CUSTOMER
-----------------------------
2.1 DEVELOPMENT OF PRIVATE LABEL CERTIFICATE SYSTEM. VeriSign will design
and develop a Private Label Certificate System based on Customer's Root Keys, a
Protocol specified by Customer and specifications agreed upon by VeriSign and
Customer in accordance with Section 4.1 below. The Private Label Certificate
System will include provision of services described in Exhibit B hereto.
2.2 OWNERSHIP AND LICENSE OF PRIVATE LABEL CERTIFICATE SYSTEM. VeriSign
will acquire and assemble the components of the Private Label Certificate
System, consisting of hardware, software and telecommunications equipment. All
right, title and interest to the Private Label Certificate System shall belong
solely and exclusively to VeriSign, and Customer shall have no right, title or
ownership interest therein. VeriSign shall have the right to obtain and hold in
its name copyrights, registrations, patents and any similar protection which may
be available for the Private Label Certificate System or components thereof and
any derivative works thereof. In the event that any technology included in the
Private Label Certificate System as delivered to Customer by VeriSign is
hereafter covered by a claim of a patent issued to or assigned to VeriSign,
VeriSign shall grant to Customer a nonexclusive, worldwide, royalty-free license
under the relevant claim(s) to the extent necessary for Customer to use the
Private Label Certificate System as provided in this Agreement.
Commencing September 1, 1997, Customer on ninety (90) days' prior written
notice shall have the right to license the Private Label Certificate System
pursuant to a license agreement substantially in the form of Exhibit "J". To
the extent portions of the Private Label Certificate System are not owned by
VeriSign, VeriSign will arrange to obtain the right to use such items by
Customer or arrange for Customer to obtain the right to purchase or otherwise
license such items.
All right, title and interest to the Private Hierarchy Root Keys and
associated Private Keys shall belong solely and exclusively to Customer, and
VeriSign shall have no right, title or ownership interest therein. VeriSign
shall use Customer's Private Hierarchy Root Keys and associated Private Keys in
operating the Private Label Certificate System on Customer's behalf. VeriSign
agrees to provide Customer with all assistance necessary to recover and recreate
any Private Hierarchy Private Key, such assistance may include assigning to
Customer the right and ability to request such recovery from BBN.
2.3 ASSISTANCE IN DEFINING PROTOCOL. VeriSign will assist Customer is
defining a workable Protocol for secure management and handling of Certificates
in Customer's Private Hierarchy. VeriSign will provide Customer with a copy of
VeriSign's Certification Practice Statement which governs Certificate operations
in the VeriSign Public Hierarchies and details management and handling of
Certificates under a policy-based delegation of operating authority. VeriSign
will also recommend a set of operating and security practices and procedures to
mitigate risks associated with Private Key compromise and Root Key distribution
and to protect Customer's confidential authorization information.
2.4 MAINTENANCE OF PRIVATE LABEL CERTIFICATE SYSTEM AT VERISIGN SITE.
VeriSign will provide a high-security facility on VeriSign's premises in
Mountain View, California for operation of the Certificate server(s) and for
storage of Certificate Signing Units containing Customer's Private Keys when not
in use in a secure vault. VeriSign shall be responsible for maintaining the
security on its premises and shall be liable for any damages that arise out of a
breach of its security. VeriSign may move the Private Label Certificate System
to another location under VeriSign's control which provides a comparable level
of security, and VeriSign shall provide notice to Customer in advance of such
relocation. VeriSign shall establish a secure backup site at a mutually
agreeable location that ensures continued operation in the event of a technical
failure, natural disaster or any other event that disables the Mountain View (or
relocated) facility.
2.5 CERTIFICATE MANAGEMENT SERVICES. VeriSign will provide to Customer
the following services for Certificate management and operations:
<PAGE>
VeriSign Private Label Agreement
Page 3
2.5.1 SCOPE OF SERVICES. In accordance with Customer's specified
Protocol, VeriSign will provide the following services with respect to the
Certificate server(s): maintain adequate Certificate-issuing capacity to meet
Customer's reasonable forecast requirements.
2.5.2 ENROLLMENT AND RENEWAL SERVICES. Using an enrollment process
based on securely delivered certificate requests, VeriSign will issue
Certificates under Customer's name and containing Customer's Root Keys to
Subscribers in Customer's Private Hierarchy in accordance with the Protocol.
VeriSign will process renewals of Certificates in accordance with the Protocol.
Within ten (10) days after the end of each month, VeriSign will provide Customer
with a monthly report on the number of Certificates issued.
2.6 CUSTOMER SUPPORT. During the term of this Agreement, VeriSign will
supply maintenance for the Private Label Certificate System as described in this
Section 2.6 without additional charge to Customer.
2.6.1 TELEPHONE SUPPORT. VeriSign will provide telephone support as
is reasonably necessary for Customer to meet the performance criteria for the
Private Label Certificate System as provided in Exhibit "K." VeriSign will also
provide telephone support for a reasonable volume of calls to Customer-related
entities as provided in Exhibit "L." VeriSign shall provide the support
specified in this Section 2.6.1 to Customer's employees responsible for
developing and maintaining Customer Products. VeriSign will provide the names
of employees who will serve as primary points of contact for technical support
for Customer. VeriSign may change the names of designated employees at any time
by providing written notice to Customer. On VeriSign's request, Customer will
provide a list with the names of the employees designated to receive support
from VeriSign. Customer may change the names on the list at any time by
providing written notice to VeriSign.
2.6.2 ESCALATION PROCEDURES. Customer and VeriSign shall agree upon
a procedure for resolution of operating problems in the Private Label
Certificate System which provides for escalation of effort based on the problem
severity.
2.6.3 REIMBURSEMENT FOR CORRECTION OF CUSTOMER ERRORS. In the event
VeriSign is required to take actions to correct an error which is caused by
Customer errors, modifications, enhancements, software or hardware, then
VeriSign may charge Customer for the correction or repair on a time-and-
materials basis at VeriSign's rates then in effect, plus reimbursement for
reasonable travel to and from Customer's sites and out-of-pocket expenses, as
may be necessary in connection with duties performed under this Section 2.6 by
VeriSign.
2.6.4 SYSTEM RELEASES. In the event operating problems in the
Private Label Certificate System are not resolved by the escalation procedures,
Customer and VeriSign agree to evaluate the desirability of changing to a later
available release version of Private Label Certificate System and other
applications employed by VeriSign in provision of the Private Label Certificate
System. A change to release level in the Private Label Certificate System will
also be evaluated at the time new releases are tested.
2.7 ESCROW AGREEMENT. VeriSign will place in escrow pursuant to the
Escrow Agreement set forth at Exhibit "I" all information necessary to build,
support, maintain and operate the Private Label Certificate System. This
information will be released to Customer upon occurrence of the events specified
in such Escrow Agreement.
2.8 CUSTOMER MARKETING RIGHTS. VeriSign acknowledges and understands that
Customer will be marketing Certificates and Certificate services using the
Private Label Certificate Service being produced by VeriSign to Customer
hereunder. All pricing of Certificates to Customer Members under the
Certificate Authority Service marketed by Customer shall be determined by
Customer, independent of any obligation to support and operate the Private Label
Certificate Service by VeriSign hereunder. Customer shall charge its Members
directly for use of the Private Label Certificate System.
2.9 CUSTOMER PERSONNEL. Customer may, at its own cost, upon reasonable
notice and for the purpose of problem resolution, provide personnel to monitor
or participate in the operation of the Private Label Certificate Service and
provision of Customer service pursuant to Section 2.6. VeriSign agrees to
cooperate with Customer
<PAGE>
VeriSign Private Label Agreement
Page 4
personnel to permit them to assist in establishing appropriate levels of
Customer service and participate in problem verification and determination.
2.10 FINANCIAL DATA. In the event Customer ceases to have access to
financial information concerning VeriSign pursuant to its rights under that
certain Investors' Rights Agreement dated February 20, 1996, or pursuant to
filings made in accordance with the Securities Exchange Act of 1934, VeriSign
shall make available to Customer on a quarterly basis, an unaudited balance
sheet and statement of operations. Such information shall be kept confidential
by Customer in accordance with Section 6.
3. CUSTOMER OBLIGATIONS TO VERISIGN
--------------------------------
3.1 PROTOCOL. In addition to specifying functionality as incorporated in
the Customer Requirements for the product(s) or service(s) specified on Exhibit
"B" hereto and the System Design Specifications, Customer will specify a
Protocol, consisting of policies, procedures and resources to control the entire
Certificate process for its Private Hierarchy and the transactional use of
Certificates within the Private Hierarchy. The Protocol is not required to be
consistent with the requirements of VeriSign's Certification Practice Statement
for operation of VeriSign Public Hierarchies.
3.2 VERIFICATION OF SUBSCRIBER INFORMATION. Customer will provide
VeriSign with verification of enrollment information submitted by a Subscriber
who wishes to become a member of Customer's Private Hierarchy prior to
VeriSign's issuance of a Certificate to such Subscriber. Customer will provide
VeriSign with verification of a Subscriber's identity to the extent required by
the Protocol.
3.3 FORECAST. Customer agrees to provide VeriSign on a confidential basis
at the end of each calendar quarter with an updated forecast of the volume of
Certificates it expects to be required for Customer's Private Hierarchy for the
next six (6) months. The forecasts shall be by product line and based upon good
faith estimates and assumptions believed by Customer to be reasonable at the
time made.
3.4 CUSTOMER PERSONNEL. To the extent Customer personnel are provided or
take action pursuant to Sections 2.9 or 4.2, such personnel shall be provided
solely at Customer's cost, and, upon request, Customer shall provide evidence of
satisfaction of all state and federal employment laws and worker compensation
requirements in connection with such personnel. Such personnel shall execute
confidentiality agreements as VeriSign shall reasonably request, and shall agree
to abide by all reasonable VeriSign visitor regulations. Customer understands
that VeriSign operates a secure facility and that there are portions of such
facility that Customer's personnel will not be permitted to enter. In the event
that VeriSign determines that any of Customer's personnel has breached a
VeriSign visitor regulation, Customer shall immediately cause such person to be
removed from VeriSign's facility, and may provide a replacement.
4. DEVELOPMENT
-----------
4.1 DEVELOPMENT OF PROJECT PLAN. Attached as Exhibit "D" is the Project
Plan that specifies the major phases of the development of the Customer's
Private Label Certificate System, the major tasks to be completed, the
deliverables to be produced and their scheduled completion dates.
4.1.1 DEVELOPMENT OF INTERFACE SPECIFICATIONS. In accordance with
the Project Plan, Customer will create Interface Specifications for software
interface of the Private Label Certificate System to Customer's Subscriber
enrollment and authorization information and deliver the Interface
Specifications to VeriSign for review and approval. VeriSign shall deliver
written acceptance or rejection of the Interface Specifications within fourteen
(14) days. VeriSign shall promptly notify Customer of any deficiencies in the
Interface Specifications. Such notification shall be in writing and shall
contain sufficient detail to allow Customer to resolve such deficiencies. If
VeriSign fails to respond within the fourteen (14) days, Customer may submit
written notice of such failure. If VeriSign does not respond with written notice
of deficiencies as described above within two (2) days of receipt of such notice
then such failure to respond shall be deemed an acceptance by
<PAGE>
VeriSign Private Label Agreement
Page 5
VeriSign. Customer shall respond to deficiencies identified by VeriSign by
either making modifications or refuting VeriSign's arguments regarding the
deficiency. Any modification to the Interface Specifications shall be
resubmitted to VeriSign for review and approval in accordance with the
procedures outlined in this Section 4.1.1.
4.1.2 DEVELOPMENT OF PROTOCOL. In accordance with the Project Plan,
Customer will create the Protocol and deliver it to VeriSign for review and
approval. VeriSign shall deliver written acceptance or rejection of the
Protocol within fourteen (14) days. VeriSign shall promptly notify Customer of
any deficiencies in the Protocol. Such notification shall be in writing and
shall contain sufficient detail to allow Customer to resolve such deficiencies.
If VeriSign fails to respond within the fourteen (14) days, Customer may submit
written notice of such failure. If VeriSign does not respond with written
notice of deficiencies as described above within two (2) days of receipt of such
notice then such failure to respond shall be deemed an acceptance by VeriSign.
Customer shall respond to deficiencies identified by VeriSign by either making
modifications or refuting VeriSign's arguments regarding the deficiency. Any
modification to the Protocol shall be resubmitted to VeriSign for review and
approval in accordance with the procedures outlined in this Section 4.1.2.
4.1.3 DEVELOPMENT OF SYSTEM DESIGN SPECIFICATIONS. In accordance
with the Project Plan, VeriSign will create System Design Specifications for the
Private Label Certificate System and deliver the System Design Specifications to
Customer to determine material conformity to Exhibit "F" and the Protocol and
for Customer acceptance. Customer shall deliver written acceptance or rejection
of the System Design Specifications within fourteen (14) days. Customer shall
promptly notify VeriSign of any deficiencies in the System Design
Specifications. Such notification shall be in writing and shall contain
sufficient detail to allow VeriSign to resolve such deficiencies. If Customer
fails to respond within the fourteen (14) days, VeriSign may submit written
notice of such failure. If Customer does not respond with written notice of
deficiencies as described above within two (2) days of receipt of such notice
then such failure to respond shall be deemed an acceptance by Customer.
VeriSign shall respond to deficiencies identified by Customer by either making
modifications or refuting Customer's arguments regarding the deficiency. Any
modification to the System Design Specifications shall be resubmitted to
Customer for review and approval in accordance with the procedures outlined in
this Section 4.1.3.
4.1.4 DEVELOPMENT OF ACCEPTANCE TEST PROCEDURES. In accordance with
the Project Plan, Customer shall create the Acceptance Test Procedures and
deliver them to VeriSign for review and approval. VeriSign shall deliver
written acceptance or rejection of the Acceptance Test Procedures within
fourteen (14) days. VeriSign shall promptly notify Customer of any deficiencies
in the Acceptance Test Procedures. Such notification shall be in writing and
shall contain sufficient detail to allow Customer to resolve such deficiencies.
If VeriSign fails to respond within the fourteen (14) days, Customer may submit
written notice of such failure. If VeriSign does not respond with written
notice of deficiencies as described above within two (2) days of receipt of such
notice then such failure to respond shall be deemed an acceptance by VeriSign.
Customer shall respond to deficiencies identified by VeriSign by either making
modifications or refuting VeriSign's arguments regarding the deficiency. Any
modification to the Acceptance Test Procedures shall be resubmitted to VeriSign
for review and approval in accordance with the procedures outlined in this
Section 4.1.4.
4.1.5 DEVELOPMENT OF PRIVATE LABEL CERTIFICATE SYSTEM. In accordance
with the Project Plan, VeriSign will develop the Private Label Certificate
System in material conformity to the Interface Specifications and the System
Design Specifications. Development of the Private Label Certificate System will
take place at VeriSign's facility located in Mountain View, California or such
other place as VeriSign shall reasonably select. VeriSign will deliver notice
to Customer that the Private Label Certificate System is in material conformity
to the Interface Specifications and the System Design Specifications and ready
for acceptance testing on or before the date set forth in the Project Plan.
4.1.6 DEVELOPMENT OF SERVICE LEVEL SPECIFICATION. Customer and
VeriSign have specified in Exhibit "K" hereto a preliminary set of performance
criteria against which to measure the adequacy of the Private
Label Certificate System, which is acceptance at the Effective Date of this
Agreement. Customer and VeriSign recognize that after completion of the major
phases of development of the Private Label Certificate System some modification
of the Service Level Specification may be desirable. After the Acceptance Test
Procedures have been
<PAGE>
VeriSign Private Label Agreement
Page 6
approved by VeriSign, Customer and VeriSign shall cooperate in evaluating
whether the Service Level Specification should be amended by Change Order in
accordance with Section 4.1.8 and shall negotiate in good faith with respect to
this Exhibit K.
4.1.7 ACCEPTANCE. Acceptance testing of the Private Label
Certificate System in accordance with the Acceptance Test Procedures shall take
place at VeriSign's facility located in Mountain View, California, or such other
place as VeriSign shall reasonably select, using test data supplied by Customer
and supplemented and approved by VeriSign, and shall establish material
conformity of the Private Label Certificate System with the Interface
Specifications and the System Design Specifications. VeriSign shall be
entitled, but not obligated, to have a representative present at all such tests.
Customer shall promptly notify VeriSign of any failure of the Private Label
Certificate System discovered in testing, and any retesting required will be
performed after redelivery of a modified version of the Private Label
Certificate System t Customer by VeriSign. Customer shall deliver written
acceptance of the Private Label Certificate System after establishment of
material conformance to the Interface Specifications and the System Design
Specifications and material satisfaction of the Acceptance Test Procedures
within fourteen (14) days of the completion of the testing. Such notification
acceptance shall be in writing. If Customer fails to respond within the
fourteen (14) days, VeriSign may submit written notice of such failure. If
Customer does not respond with written notice of acceptance as described above
within two (2) days of receipt of such notice then such failure to respond shall
be deemed an acceptance by Customer.
4.1.8 CHANGE ORDERS. Any amendment to a Program Document after its
acceptance shaLl only be effected by a change order ("CHANGE ORDER") approved as
------------
follows:
4.1.8.1 CUSTOMER INITIATED. Customer may initiate a Change
Order by delivering to VeriSign a writing signed by Customer's Program Manager
requesting VeriSign to prepare a proposed Change Order. Such writing shall
specify the requested change and cross-reference to Sections of the Program
Documents that are proposed to be amended.
4.1.8.2 VERISIGN INITIATED. VeriSign may initiate a Change
Order by delivering to Customer a proposed Change Order meeting the requirements
of Section 4.1.8.3.
4.1.8.3 PREPARATION. Upon receipt of a written request as set
forth above in this Section 4.1.8, VeriSign shall, on or before fifteen (15)
days after receipt of such request, prepare for Customer's review a proposed
Change Order. Such proposed Change Order shall contain:
(i) a detailed description of the proposed
amendments to the Program Documents;
(ii) the change, if any, to scheduled delivery of any
item;
(iii) change in amounts due VeriSign under Exhibit "B"
as a result of such Change Order. It is the expectation of the parties that
enhancements over and above the work initially specified in the Program
Documents, which both parties deem necessary to permit reasonable implementation
of the Private Label Certificate System, will be jointly funded in a spirit of
cooperation between VeriSign and Customer. Those changes specifically requested
by Customer, which are out of the scope of the original Program Documents, will
be provided by VeriSign at its then-current time and materials rates.
4.1.8.4 EVALUATION. Customer shall evaluate, and respond to
VeriSign with respect to, any Change Order on or before the fifteen (15)
business day after receipt.
4.1.8.5 APPROVAL. Change Orders shall become effective and
shall act as amendments to this Agreement and to portions of the Program
Documents specified in such Change Orders only upon their execution by an
officer or the Program Manager of VeriSign and by an officer or the Program
Manager of Customer.
<PAGE>
VeriSign Private Label Agreement
Page 7
4.1.8.6 TECHNICAL SERVICES. In the event that a Change Order alters
the scope of the project as originally defined. VeriSign will provide the
following technical services to Customer at VeriSign's then standard rates:
4.1.8.6.1 Engineering assistance in developing interfaces for
Certificate services to Customer's proprietary databases containing
authorization and enrollment information regarding Subscribers.
4.1.8.6.2 Training of up to two (2) days for Customer's
employee responsible for training other employees in customer technical support,
marketing, and sales. Training shall occur at VeriSign's facility in Mountain
View, California, or at such other location as the parties may agree.
4.2 PROJECT AUDITS. Customer shall have the right to perform a project
audit to ensure adherence by VeriSign to this Agreement subject to limitations
set forth below. Customer shall give reasonable prior notice to VeriSign of its
desire to audit VeriSign's performance under this Agreement. Customer shall
have the right to review VeriSign's progress on development of the Private Label
Certificate System and after implementation of such system, Customer shall have
the right to audit operational performance and execution of VeriSign in
connection with the Private Label Certificate System. VeriSign agrees to
cooperate with Customer personnel to permit them to assure themselves that
VeriSign is performing its obligations in a reasonable manner under this
Agreement. Such Customer personnel shall be subject to the requirements of
Sections 3.4 and 6 of this Agreement. Customer shall perform such audits only
at reasonable intervals.
5. FEES AND PENALTIES
------------------
5.1 Development Fees. As consideration for the development of a Private
Label Certificate System for Customer, provision of the hardware and software
components of the system, and assistance in developing a Protocol for operation
of the Private Label Certificate System as set forth in Sections 2.1, 2.2 and
2.3 above, Customer shall pay to VeriSign the amount set forth as Development
Fees on Exhibit "B" according to the terms contained therein.
5.2 OPERATION FEES. As consideration for operation of the Private Label
Certificate System as set forth in Sections 2.4, 2.5, 2.6 and 2.7 above Customer
shall pay to VeriSign the amount set forth as Operation Fees on Exhibit "B"
according to the terms contained therein.
5.3 SUBSCRIBER FEES. Customer will pay to VeriSign as Subscriber Fees
amounts for each Subscriber initially enrolled or renewed in Customer's Private
Hierarchy through Customer the prices set forth on Exhibit "B".
5.4 TERMS OF PAYMENT. Subscriber Fees shall accrue upon issuance.
VeriSign will furnish Customer with a monthly invoice accompanied by the report
required by Section 2.5.2 above of the number and type of Certificates requested
and the number and type of Certificates issued and renewed during the prior
month. Customer will pay Subscriber Fees as set forth in Exhibit "B" for the
period therein. Subscriber Fees due VeriSign hereunder shall be paid by
Customer to VeriSign's address set forth on Page 1 above on or before the
thirtieth (30th) day after the invoice date. A late payment penalty on any
undisputed Subscriber Fees not paid when due shall be assessed at the rate of
one percent (1%) per thirty (30) days, beginning on the thirty-first (31st) day
after the day the unpaid Subscriber Fees are due.
5.5 TAXES. All taxes, duties, fees and other governmental charges of any
kind (including sales and use taxes, but excluding taxes based on the gross
revenues or net income of VeriSign) which are imposed by or under the authority
of any government or any political subdivision thereof on the Development Fees
or Operation Fees, Subscriber Fees or any aspect of this Agreement shall be
borne by Customer and shall not be considered a part of, a deduction from or an
offset against such fees.
<PAGE>
VeriSign Private Label Agreement
Page 8
5.6 DEGRADATION PENALTY. After thirty (30) days prior notice of failure
to meet the minimum service standard set forth in Exhibit "K" Service Level
Specifications, Customer shall be entitled to degradation penalties as defined
in Exhibit "K".
6. CONFIDENTIALITY
---------------
6.1 CONFIDENTIALITY. The parties acknowledge that in their performance of
their duties hereunder either party may communicate to the other (or its
designees) certain confidential and proprietary information concerning the
Customer Products, VeriSign products, the know-how, technology, techniques or
marketing plans related thereto (collectively, the "Proprietary Information")
all of which are confidential and proprietary to, and trade secrets of, the
disclosing party. Each party agrees to hold all Proprietary Information within
its own organization and shall not, without specific written consent of the
other party or as expressly authorized herein, utilize in any manner, publish,
communicate or disclose any part of the Proprietary Information to third
parties. This Section 6.1 shall impose no obligation on either party with
respect to any Proprietary Information which: (i) is in the public domain at the
time disclosed by the disclosing party; (ii) enters the public domain after
disclosure other than by breach of the receiving party's obligations hereunder
or by breach of another party's confidentiality obligations; or (iii) is shown
by documentary evidence to have been known by the receiving party prior to its
receipt from the disclosing party. Each party will take such steps as are
consistent with its protection of its own confidential and proprietary
information (but will in no event exercise less than reasonable care) to ensure
that the provisions of this Section 6.1 are not violated by its end user
customers, distributors, employees, agents or any other person.
6.2 INJUNCTIVE RELIEF. Both parties acknowledge that the restrictions
contained in this Section 6 are reasonable and necessary to protect their
legitimate interests and that any violation of these restrictions will cause
irreparable damage to the other party within a short period of time, and each
party agrees that the other party will be entitled to injunctive relief against
each violation.
7. OBLIGATIONS OF CUSTOMER
-----------------------
7.1 PROPRIETARY MARKINGS; COPYRIGHT NOTICES. The Customer agrees not to
remove or destroy any proprietary, trademark or copyright markings or notices
placed upon or contained within any VeriSign materials or documentation. The
Customer further agrees to insert and maintain: (i) within every Customer
Product and any related materials or documentation a copyright notice in the
name of VeriSign; and (ii) within the splash screens, user documentation,
printed product collateral, product packaging and advertisements for the
Customer Product, a statement that the Customer Product contains the VeriSign
technology. The Customer shall not take any action which might adversely affect
the validity of VeriSign's proprietary, trademark or copyright markings or
ownership by VeriSign thereof, and shall cease to use the markings, or any
similar markings, in any manner on the expiration of this Agreement. The
placement of a copyright notice on any of the VeriSign materials or
documentation shall not constitute publication or otherwise impair the
confidential or trade secret nature of the VeriSign materials or documentation.
7.2 VERISIGN'S INDEMNITY. CUSTOMER EXPRESSLY INDEMNIFIES AND HOLDS
HARMLESS VERISIGN, ITS SUBSIDIARIES, AGENTS AND AFFILIATES FROM: (i) ANY AND ALL
LIABILITY OF ANY KIND OR NATURE WHATSOEVER TO SUBSCRIBERS IN CUSTOMER'S PRIVATE
HIERARCHY AND TO THIRD PARTIES WHICH MAY ARISE FROM ACTS OF CUSTOMER OR FROM THE
USE OF CERTIFICATES IN CUSTOMER'S PRIVATE HIERARCHY, USE OF ANY CUSTOMER
PRODUCT, OR ANY DOCUMENTATION, SERVICES OR NAY OTHER ITEM FURNISHED BY THE
CUSTOMER TO SUBSCRIBERS IN CUSTOMER'S PRIVATE HIERARCHY, OTHER THAN LIABILITY
ARISING FROM THE VERISIGN PRODUCTS AND VERISIGN DOCUMENTATION (UNLESS SUCH
LIABILITY WOULD NOT HAVE ARISEN IN THE ABSENCE OF MODIFICATIONS TO ANY OF THE
FOREGOING BY THE CUSTOMER OR ITS EMPLOYEES, AGENTS OR CONTRACTORS) OR FROM THE
ACTS OF VERISIGN; AND (ii) ANY LIABILITY ARISING IN CONNECTION WITH AN
UNAUTHORIZED REPRESENTATION OR ANY MISREPRESENTATION OF FACT MADE BY THE
CUSTOMER OR ITS AGENTS, EMPLOYEES
<PAGE>
VeriSign Private Label Agreement
Page 9
OR DISTRIBUTORS TO ANY PARTY WITH RESPECT TO THE VERISIGN PRODUCTS OR VERISIGN
DOCUMENTATION.
7.3 CUSTOMER'S INDEMNITY. VERISIGN EXPRESSLY INDEMNIFIES AND HOLDS
HARMLESS CUSTOMER, ITS SUBSIDIARIES, AGENTS AND AFFILIATES FROM: (i) ANY AND ALL
LIABILITY OF ANY KIND OR NATURE WHATSOEVER TO ANY THIRD PARTIES THAT MAY ARISE
FROM ACTS OF VERISIGN OR FROM USE OF VERISIGN SOURCE CODE, VERISIGN'S OBJECT
CODE OR VERISIGN'S USER MANUALS (UNLESS SUCH LIABILITY WOULD NOT HAVE ARISEN IN
THE ABSENCE OF MODIFICATIONS TO ANY OF THE FOREGOING BY CUSTOMER OR ITS
EMPLOYEES, AGENTS OR CONTRACTORS); AND (ii) ANY LIABILITY ARISING IN CONNECTION
WITH AN UNAUTHORIZED REPRESENTATION OR ANY MISREPRESENTATION OF FACT MADE BY
VERISIGN OR ITS AGENTS OR EMPLOYEES TO ANY PARTY WITH RESPECT TO CUSTOMER
PRODUCTS, OR ANY VERISIGN SOFTWARE.
7.4 NOTICES. The Customer shall immediately advise VeriSign of any legal
notices served on the Customer which might affect VeriSign.
8. LIMITED WARRANTY; DISCLAIMER OF WARRANTIES; LIMITATION OF LIABILITY;
--------------------------------------------------------------------
INDEMNITIES
-----------
8.1 LIMITED WARRANTY. During the term of this Agreement, VeriSign
warrants that
8.1.1 to VeriSign's knowledge, Customer's Private Keys have not been
compromised so long as VeriSign has not provided notice to
Customer to the contrary,
8.1.2 VeriSign has used best efforts to maintain the security at its
facilities and to maintain the security of any of Customer's
private keys in its possession or control,
8.1.3 VeriSign has substantially complied with the Protocol in
issuing a Certificate to a Subscriber in Customer's Private
Hierarchy,
8.1.4 VeriSign has substantially complied with the Protocol in
renewing, revoking or suspending a Certificate, and
8.1.5 the Private Label Certificate System materially conforms to the
Interface Specifications and the System Design Specifications.
8.2 DISCLAIMER. EXCEPT FOR THE EXPRESS LIMITED WARRANTY PROVIDED IN
SECTION 8.1, VERISIGN'S PRODUCTS AND SERVICES ARE PROVIDED "AS IS" WITHOUT ANY
WARRANTY WHATSOEVER. VERISIGN DISCLAIMS ALL WARRANTIES, EXPRESS, IMPLIED OR
STATUTORY, AS TO ANY MATTER WHATSOEVER, INCLUDING ALL IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. NO ORAL OR WRITTEN
INFORMATION OR ADVICE GIVEN BY VERISIGN OR ITS EMPLOYEES OR REPRESENTATIVES
SHALL CREATE A WARRANTY OR IN ANY WAY INCREASE THE SCOPE OF VERISIGN'S
OBLIGATIONS.
CUSTOMER IS RESPONSIBLE FOR THE SECURITY, COMMUNICATION OR USE OF ITS
PRIVATE KEY, EXCEPT TO THE EXTENT SUCH PRIVATE KEY IS IN THE CUSTODY OR CONTROL
OF VERISIGN, VERISIGN SHALL NOT BE RESPONSIBLE FOR THE THEFT OR ANY OTHER FORM
OF COMPROMISE OF CUSTOMER'S PRIVATE KEY, WHICH MAY OR MAY NOT BE DETECTED EXCEPT
WHEN SUCH PRIVATE KEY IS IN THE CUSTODY OR CONTROL OF VERISIGN. VERISIGN SHALL
NOT BE LIABLE FOR ANY USE OF A KEY STOLEN OR COMPROMISED WHILE IN CUSTOMER'S
CUSTODY OR CONTROL UNLESS CUSTOMER HAS PROVIDED NOTICE TO VERISIGN IN ACCORDANCE
WITH THE PROTOCOL, AND VERISIGN HAS FAILED SUBSTANTIALLY TO COMPLY WITH THE
PROTOCOL
<PAGE>
VeriSign Private Label Agreement
Page 10
OR UNLESS CUSTOMER CAN ESTABLISH THAT SUCH THEFT OR KEY COMPROMISE OCCURRED
WHILE THE SOLE COPY OF THE KEY WAS IN THE CUSTODY OR CONTROL OF VERISIGN OR
WHILE THE KEY WAS IN THE CUSTODY OR CONTROL OF VERISIGN AND THAT THE COPY OF THE
KEY IN VERISIGN'S CUSTODY OR CONTROL WAS STOLEN OR COMPROMISED.
EACH SUBSCRIBER IS RESPONSIBLE FOR THE SECURITY, COMMUNICATION OR USE OF
HIS, HER OR ITS PRIVATE KEY. VERISIGN SHALL NOT BE RESPONSIBLE FOR THE THEFT OR
ANY OTHER FORM OF COMPROMISE OF ANY SUBSCRIBER'S PRIVATE KEY, WHICH MAY OR MAY
NOT BE DETECTED. VERISIGN SHALL NOT BE LIABLE FOR ANY USE OF A STOLEN OR
COMPROMISED KEY TO FORGE A SUBSCRIBER'S DIGITAL SIGNATURE TO A DOCUMENT UNLESS
THE SUBSCRIBER OR CUSTOMER HAS PROVIDED NOTICE TO VERISIGN IN ACCORDANCE WITH
THE PROTOCOL AND VERISIGN HAS FAILED TO COMPLY WITH THE PROTOCOL.
8.3 LIMITATION OF LIABILITY. NEITHER PARTY WILL BE LIABLE TO THE OTHER
PARTY, TO A SUBSCRIBER OR TO ANY THIRD PARTY FOR ANY CONSEQUENTIAL, INDIRECT,
SPECIAL, INCIDENTAL OR EXEMPLARY DAMAGES, WHETHER FORESEEABLE OR UNFORESEEABLE
(INCLUDING, BUT NOT LIMITED TO, GOODWILL, PROFITS, INVESTMENTS, USE OF MONEY OR
USE OF FACILITIES; INTERRUPTION IN USE OR AVAILABILITY OF DATA; STOPPAGE OF
OTHER WORK OR IMPAIRMENT OF OTHER ASSETS; OR LABOR CLAIMS, EVEN IF VERISIGN HAS
BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES), ARISING OUT OF BREACH OF ANY
EXPRESS OR IMPLIED WARRANTY, BREACH OF CONTRACT, NEGLIGENCE, EXCEPT ONLY IN THE
CASE OF DEATH OR PERSONAL INJURY WHERE AND TO THE EXTENT THAT APPLICABLE LAW
REQUIRES SUCH LIABILITY. UNDER NO CIRCUMSTANCES SHALL EITHER PARTY'S LIABILITY
TO THE OTHER PARTY OR ANY SUBSCRIBER OR ANY THIRD PARTY ARISING OUT OF OR
RELATED TO THIS AGREEMENT, EXCLUDING LIABILITY FOR MONEY ACTUALLY OWED TO A
PARTY AS ROYALTY FEES, DEVELOPMENT FEES, OPERATION FEES, OR SUBSCRIBER FEES,
EXCEED $100,000.00 IN THE AGGREGATE REGARDLESS OF WHETHER ANY ACTION OR CLAIM IS
BASED ON WARRANTY, CONTRACT, TORT OR OTHERWISE. THE LIMITATION SET FORTH IN
THIS SECTION 8.3 SHALL NOT APPLY TO INDEMNITIES OR RIGHTS GRANTED BY SECTION 8.5
OR 8.6.
8.4 INDEMNITIES. Subject to the limitations set forth below and the
limitations in Section 8.3, VeriSign, at its own expense, shall (i) defend, or
at its option settle, any claim, suit or proceeding against Customer on the
basis of VeriSign's breach of any limited warranty in this Agreement in
connection with use of a Certificate in Customer's Private Hierarchy; and (ii)
pay any final judgment entered or settlement against company on such issue in
any such suit or proceedings defended by VeriSign. VeriSign shall have no
obligation to Customer pursuant to this Section 8.4 unless (a) Customer gives
VeriSign prompt written notice of the claim; (b) VeriSign is given the right to
control and direct the investigation, preparation, defense and settlement of the
claim; and (c) Customer has complied with the Protocol.
8.5 PROPRIETARY RIGHTS INFRINGEMENT BY VERISIGN.
8.5.1 Subject to the limitations set forth in this Section 8.5,
VeriSign, at its own expense, shall: (i) defend, or at its option settle, any
claim, suit or proceeding against Customer on the basis of infringement of any
United States copyright, patent, trade secret or any other intellectual property
right ("Proprietary Rights") by the unmodified Private Label Certificate System
as delivered by VeriSign or any claim that VeriSign has no right to provide the
Private Label Certificate System hereunder; and (ii) pay any final judgment
entered or settlement against Customer on such issue in any such suit or
proceeding defended by VeriSign. VeriSign shall have no obligation to Customer
pursuant to this Section 8.5.1 unless: (A) Customer gives VeriSign prompt
written notice of the claim; (B) VeriSign is given the right to control and
direct the investigation, preparation, defense and settlement of the claim; and
(C) the claim is based on Customer's use of the most recent version of the
Relatively Unmodified Private Label Certificate System in accordance with this
Agreement. A Relatively Unmodified Private Label Certificate System shall mean a
wholly unmodified Private Label Certificate System or a Private Label
Certificate System that has been modified but such modifications are not
relevant to the claim.
<PAGE>
VeriSign Private Label Agreement
Page 11
8.5.2 If VeriSign receives notice of an alleged infringement
described in Section 8.5.1, VeriSign shall have the right, at its sole option,
to obtain the right to continue use of the Private Label Certificate System or
to replace or modify the Private Label Certificate System so that it is no
longer infringing. If neither of the foregoing options is reasonably available
to VeriSign, then use of the Private Label Certificate System may be terminated
at the option of VeriSign without further obligation or liability except as
provided in Sections 8.5.1 and 9.3 and in the event of such termination,
VeriSign shall refund the Development Fees paid by Customer hereunder less
depreciation for use assuming straight line depreciation over a five (5)-year
useful life.
8.5.3 THE RIGHTS AND REMEDIES SET FORTH IN SECTIONS 8.5.1 AND 8.5.2
CONSTITUTE THE ENTIRE OBLIGATION OF VERISIGN AND THE EXCLUSIVE REMEDIES OF
CUSTOMER CONCERNING PROPRIETARY RIGHTS INFRINGEMENT BY THE VERISIGN SOFTWARE.
8.6 PROPRIETARY RIGHTS INFRINGEMENT BY CUSTOMER.
8.6.1 Subject to the limitations set forth in this Section 8.6,
Customer, at its own expense, shall: (i) defend, or at its option settle, any
claim, suit or proceeding against VeriSign on the basis of infringement of any
Proprietary Right by the Customer Product (except to the extent arising from a
Relatively Unmodified Private Label Certificate System); and (ii) pay any final
judgment entered or settlement against VeriSign on such issue in any such suit
or proceeding defended by Customer. Customer shall have no obligation to
VeriSign pursuant to this Section 8.6.1 unless: (A) VeriSign gives Customer
prompt written notice of the claim; and (B) Customer is given the right to
control and direct the investigation, preparation, defense and settlement of the
claim.
8.6.2 If Customer receives notice of an alleged infringement
described in Section 8.6.1, Customer shall have the right, at its sole option,
to obtain the right to continued use of the Private Label Certificate System or
the Customer Product or to replace or modify the Private Label Certificate
System or the Customer Product so that they are no longer infringing. If
neither of the foregoing options in this Section 8.6.2 is reasonably available
to Customer, then use of the Private Label Certificate System or the Customer
Product may be terminated at the option of Customer without further obligation
or liability except as provided in Sections 8.6.1 and 9.3, and in the event of
such termination, VeriSign shall retain all Development Fees, Operation Fees and
Subscriber Fees paid by Customer hereunder.
8.6.3 THE RIGHTS AND REMEDIES SET FORTH IN SECTIONS 8.6.1 AND 8.6.2
CONSTITUTE THE ENTIRE OBLIGATION OF CUSTOMER AND THE EXCLUSIVE REMEDIES OF
VERISIGN CONCERNING CUSTOMER'S PROPRIETARY RIGHTS INFRINGEMENT.
9. TERM AND TERMINATION
--------------------
9.1 TERMINATION. This Agreement shall terminate on the earliest of:
9.1.1 The end of the term set forth on the first page hereof;
9.1.2 Failure by either party to perform any of its material
obligations under this Agreement and the Exhibits hereto if such breach is not
cured within sixty (60) days after receipt of written notice thereof from the
other party;
9.1.3 Notice from VeriSign to the Customer after the occurrence of a
purported assignment of this Agreement in violation of Section 10.2; or
9.1.4 Notice from either party to the other if the other party is
adjudged insolvent or bankrupt, or the institution of any proceedings by or
against the other party seeking relief, reorganization or arrangement under
any laws relating to insolvency, or any assignment for the benefit of creditors,
or the appointment of a receiver, liquidator or trustee of any of the other
party's property or assets, or the liquidation, dissolution or winding up of the
other party's business.
<PAGE>
VeriSign Private Label Agreement
Page 12
9.1.5 Customer shall have the right to terminate this Agreement upon
sixty (60) days notice if the Customer support obligations provided by VeriSign
pursuant to Section 2.6 are consistently not provided, or if agreement cannot be
reached on the cost of service at the time of any annual review.
9.1.6 Upon Customer's execution of the License Agreement set forth at
Exhibit "J".
9.2 EXTENSION OF TERM. This Agreement may be renewed by the written
consent of the Customer for an additional term upon expiration of the term
provided in Section 9.1.1, under VeriSign's then-current standard terms and
conditions. Subscriber Fees and Operation Fees shall be renegotiated annually
during any extended term.
9.3 EFFECT OF TERMINATION. Upon expiration or termination of this
Agreement for any reason except for VeriSign's breach pursuant to Section 9.1.2
or if VeriSign fulfills any of the conditions stated in Section 9.1.4, all use
of the Private Label Certificate System by Customer shall cease, and Customer
shall pay to VeriSign any Subscriber Fees which have accrued in accordance with
Section 5.4 unless the termination occurred pursuant to Section 9.1.2 because of
breach by VeriSign. Such expiration or termination shall not affect Sections 6,
7, 8, and 10 of this Agreement which shall continue in full force and effect to
the extent necessary to permit the complete fulfillment thereof.
10. MISCELLANEOUS PROVISIONS
------------------------
10.1 GOVERNING LAWS; VENUE; WAIVER OF JURY TRIAL. THE LAWS OF THE STATE
OF CALIFORNIA, U.S.A. (IRRESPECTIVE OF ITS CHOICE OF LAW PRINCIPLES) SHALL
GOVERN THE VALIDITY OF THIS AGREEMENT, THE CONSTRUCTION OF ITS TERMS, AND THE
INTERPRETATION AND ENFORCEMENT OF THE RIGHTS AND DUTIES OF THE PARTIES HERETO.
THE PARTIES AGREE THAT THE UNITED NATIONS CONVENTION ON CONTRACTS FOR THE
INTERNATIONAL SALE OF GOODS SHALL NOT APPLY TO THIS AGREEMENT. THE PARTIES
HEREBY AGREE THAT ANY SUIT TO ENFORCE ANY PROVISION OF THIS AGREEMENT OR ARISING
OUT OF OR BASED UPON THIS AGREEMENT OR THE BUSINESS RELATIONSHIP BETWEEN THE
PARTIES HERETO SHALL BE BROUGHT IN THE UNITED STATES DISTRICT COURT FOR THE
NORTHERN DISTRICT OF CALIFORNIA OR THE SUPERIOR OR MUNICIPAL COURT IN AND FOR
THE COUNTY OF SANTA CLARA, CALIFORNIA, U.S.A. Each party hereby agrees that
such courts shall have exclusive in personam jurisdiction and venue with respect
to such party, and each party hereby submits to the exclusive in personam
jurisdiction and venue of such courts. The parties hereby waive any right to
jury trial with respect to any action brought in connection with this Agreement.
10.2 BINDING UPON SUCCESSORS AND ASSIGNS. Except as otherwise provided
herein, this Agreement shall be binding upon, and inure to the benefit of, the
successors, executors, heirs, representatives, administrators and assigns of the
parties hereto This Agreement shall not be assignable by either party, by
operation of law (including as a result of a merger involving a party or a
transfer of a controlling interest in a party's voting securities) or otherwise
without the prior written authorization of the nonassigning party, except that
either party may assign its rights and obligations under this Agreement to its
Affiliates, provided that the assigning party receives the nonassigning party's
prior written consent, which shall not be unreasonably withheld Any such
purported assignment or delegation shall be void and of no effect and shall
permit non-assigning party to terminate this Agreement pursuant to Section 9.
1.3.
10.3 SEVERABILITY If any provision of this Agreement, or the application
thereof, shall for any reason and to any extent, be invalid or unenforceable,
the remainder of this Agreement and application of such provision to other
persons or circumstances shall be interpreted so as best to reasonably effect
the intent of the parties hereto IT IS EXPRESSLY UNDERSTOOD AND AGREED THAT EACH
AND EVERY PROVISION OF THIS AGREEMENT WHICH PROVIDES FOR A LIMITATION OF
LIABILITY, DISCLAIMER OF WARRANTIES OR EXCLUSION OF DAMAGES IS INTENDED BY THE
PARTIES TO BE SEVERABLE AND INDEPENDENT OF ANY OTHER PROVISION AND TO BE
ENFORCED AS SUCH.
<PAGE>
VeriSign Private Label Agreement
Page 13
10.4 ENTIRE AGREEMENT This Agreement, the Appendices hereto and all
agreements referred to therein constitute the entire understanding and agreement
of the parties hereto with respect to the subject matter hereof and supersede
all prior and contemporaneous agreements or understandings between the parties.
10.5 AMENDMENT AND WAIVERS Except as otherwise expressly provided in
this Agreement, any term or provision of this Agreement may be amended, and the
observance of any term of this Agreement may be waived, only by a writing signed
by the party to be bound thereby.
10.6 ATTORNEYS' FEES Should suit be brought to enforce or interpret any
part of this Agreement, the prevailing party shall be entitled to recover, as an
element of the costs of suit and not as damages, reasonable attorneys' fees to
be fixed by the court (including without limitation, costs, expenses and fees on
any appeal).
10.7 NOTICES Whenever any party hereto desires or is required to give any
notice, demand, or request with respect to this Agreement, each such
communication shall be in writing and shall be effective only if it is delivered
sent by a courier service that confirms delivery in writing or mailed, certified
or registered mail, postage prepaid, return receipt requested, addressed as
follows:
VeriSign: To the address set forth on page 1
Attention: Stratton Sclavos, President & CEO
The Customer: To the address set forth on page l
Attention: Irv Wentzien, Vice President
Such communications shall be effective when they are received Any party
may change its address for such communications by giving notice thereof to the
other party in conformity with this Section.
10.8 FOREIGN RESHIPMENT LIABILITY THIS AGREEMENT IS EXPRESSLY MADE
SUBJECT TO ANY LAWS, REGULATIONS, ORDERS OR OTHER RESTRICTIONS ON THE EXPORT
FROM THE UNITED STATES OF AMERICA OF TECHNICAL INFORMATION, SOFTWARE OR
INFORMATION ABOUT SUCH SOFTWARE WHICH MAY BE IMPOSED FROM TIME TO TIME BY THE
GOVERNMENT OF THE UNITED STATES OF AMERICA NOTWITHSTANDING ANYTHING CONTAINED
IN THIS AGREEMENT TO THE CONTRARY, THE CUSTOMER SHALL NOT EXPORT OR RE-EXPORT,
DIRECTLY OR INDIRECTLY, ANY TECHNICAL INFORMATION, SOFTWARE OR INFORMATION ABOUT
SUCH SOFTWARE TO ANY COUNTRY FOR WHICH SUCH GOVERNMENT OR ANY AGENCY THEREOF
REQUIRES AN EXPORT LICENSE OR OTHER GOVERNMENTAL APPROVAL AT THE TIME OF EXPORT
OR RE-EXPORT WITHOUT FIRST OBTAINING SUCH LICENSE OR APPROVAL.
10.9 PUBLICITY Neither party will disclose to third parties, other than
its agents and representatives on a need-to-know basis, the terms of this
Agreement or any exhibits hereto without the prior written consent of the other
party, except (i) either party may disclose such terms to the extent required by
law; and (ii) either party may disclose the existence of this Agreement after
completion of the Pilot phase when the General Availability phase has begun.
10.10 NO WAIVER Failure by either party to enforce any provision of this
Agreement will not be deemed a waiver of future enforcement of that or any other
provision.
10.11 COUNTERPARTS This Agreement may be executed in one or more
counterparts, each of which will be deemed an original, but which collectively
will constitute one and the same instrument.
10.12 HEADINGS AND REFERENCES The headings and captions used in this
Agreement are used for convenience only and are not to be considered in
construing or interpreting this Agreement.
<PAGE>
VeriSign Private Label Agreement
Page 9
10.13 DUE AUTHORIZATION The Customer hereby represents and warrants to
VeriSign that the individual executing this Agreement on behalf of the Customer
is duly authorized to execute this Agreement on behalf of the Customer and to
bind the Customer hereby.
10.14 INDEPENDENT CONTRACTOR The relationship of VeriSign and the
Customer is that of independent contractors Neither the Customer nor the
Customer's employees, consultants, contractors or agents are agents, employees
or joint venturers of VeriSign, nor do they have any authority to bind VeriSign
by contract or otherwise to any obligation They will not represent to the
contrary, either expressly, implicitly, by appearance or otherwise.
10.15 PUBLICITY VeriSign grants Customer the right to disclose that
VeriSign is a vendor of Customer and to name publicly-announced Customer
Products that provide access to Certificates issued by VeriSign VeriSign also
grants the Company the right to display VeriSign's logo on the Customer's WWW
site in one of the forms shown on Exhibit "C" attached to this Agreement
Customer shall not acquire any other rights of any kind in VeriSign's trade
names, trademarks, product name or logo by use authorized in this Section
Customer grants VeriSign the right to disclose that Customer is a vendee of
VeriSign and the right to display Customer's logo on VeriSign's WWW site
VeriSign shall not acquire any other rights of any kind in Customer's trade
names, trademarks, product name or logo by use authorized in this Section
VeriSign shall obtain Customer's prior written consent before releasing any
public statement or press release regarding this Agreement or the services
provided hereunder.
IN WITNESS WHEREOF, the parties have executed this Agreement as of the day
and year first written above.
CUSTOMER:
VISA INTERNATIONAL SERVICE ASSOCIATION
By: F. Dutray
------------------------
Its: Executive Vice President
------------------------
VERISIGN, INC.
By: /s/ Stratton Sclavos
------------------------
Its: President and CEO
------------------------
<PAGE>
VeriSign Private Label Agreement
EXHIBIT "A"
DEFINITIONS
1. ACCEPTANCE means that the Acceptance Test Procedures have been
----------
performed to demonstrate that the Private Label Certificate System conforms to
the Interface Specifications and the System Design Specifications. ACCEPTED
means that Acceptance has occurred.
2. ACCEPTANCE TEST PROCEDURES means the acceptance test procedures to be
--------------------------
created by Customer and approved by VeriSign pursuant to Section 4. 1.4. The
Acceptance Test Procedures shall include (1) the criteria against which the
Private Label Certificate System is to be measured in order to verify
conformance to the Interface Specifications and the System Design Specifications
and (2) the testing procedures to be used to establish conformance of the
Private Label Certificate System to the Interface Specifications and the System
Design Specifications. Upon approval by Customer, the Acceptance Test Procedures
shall be attached as Exhibit "G".
3. ACQUIRER means a Member financial institution that establishes an
---------
account with a Merchant and processes bank card authorizations and payments.
4. CARDHOLDER means a consumer or corporate purchaser who uses a bank
----------
card issued by an Issuer to make a purchase from a Merchant.
5. CERTIFICATE means a collection of electronic data consisting of a
-----------
Public Key, identifying information which contains information about the owner
of the Public Key, and validity information, which (or a string of bits derived
from the Public Key) has been encrypted by a third party who is the issuer of
the Certificate with such third party Certificate issuer's Private Key. This
collection of electronic data collectively serves the function of identifying
the owner of the Public Key and verifying the integrity of the electronic data.
"CERTIFY" or "CERTIFICATION" means the act of generating a Certificate.
"CERTIFIED" means the condition of having been issued a valid Certificate by a
Certifier, which Certificate has not been revoked.
6. CERTIFICATE SIGNING UNIT ("CSU") means a hardware unit or software
--------------------------------
designed for use in signing Certificates and key storage. The BBN SafeKeyper(TM)
manufactured by BBN Communications, Inc. is one hardware implementation of a
CSU.
7. CERTIFICATION AUTHORITY ("CA") means VeriSign and any entity, group,
------------------------------
division, department, unit or office which is Certified by VeriSign to, and has
accepted responsibility to, issue Certificates to specified Subscribers in a
Hierarchy in accordance with the CPS or a Protocol.
8. CERTIFICATION PRACTICE STATEMENT ("CPS") means the VeriSign
--------------------------------
specification of policies, procedures and resources to control the entire
Certificate process and transactional use of Certificates within the VeriSign
Public Hierarchies.
9. CHANGE ORDER has the meaning set forth in Section 4.1.8.
------------
10. CUSTOMER AFFILIATES shall mean Visa's Subsidiaries and Related
-------------------
Entities. A "Subsidiary" shall mean a company in which on a class-by-class
basis. more than fifty percent (50%) of the stock entitled to vote for the
election of directors is owned or controlled by Customer, but only so long as
such ownership or control exists. A "Related Entity" shall mean an entity (A) at
least fifty percent (50%) of whose stock or other equity is owned by Customer's
member banks and that has the authority to process Visa payment transactions,
but only so long as such ownership exists; (B) has an equity interest in
Customer and is owned in whole by Member banks or financial institutions (e.g.,
---
national or regional group Members); or (C) is exclusively managed by Visa or a
national or group Member of Visa for the purpose of processing Visa payment
transactions, but only so long as such exclusive management exists.
Notwithstanding anything to the contrary set forth above, however, Subsidiaries
or Related
<PAGE>
VeriSign Private Label Agreement
Entities do not include any Acquirer, Issuer or individual bank or like
financial institution. Customer Affiliates include, for example, without
limitation, Visa USA, Inc., ViTAL, Inc., Plus and Interlink.
11. CUSTOMER BRAND KEY means the set of key pairs for signature and
------------------
exchange that are used by the Customer in its capacity of CA. The Customer Brand
Keys will be used as the "Root" for portions of the Private Label Certificate
System.
12. CUSTOMER PRODUCT means any product developed by Customer for use by a
----------------
Subscriber in Customer's Private Hierarchy with a Certificate issued by VeriSign
which incorporates Customer's Root Keys.
13. DIGITAL SIGNATURE means information encrypted with a Private Key
-----------------
which is appended to information to identify the owner of the Private Key and to
verify the integrity of the information. "Digitally Signed" shall refer to
------------------
electronic data to which a Digital Signature has been appended.
14. HIERARCHY means a domain consisting of a system of chained
---------
Certificates leading from the Primary Certification Authority through one or
more Certification Authorities to Subscribers.
15. INTERFACE SPECIFICATIONS means the interface specifications to be
------------------------
created by Customer and approved by VeriSign pursuant to Section 4.1. 1.
16. INTERNET means the global computer network.
--------
17. ISSUER means a Member financial institution that establishes an
------
account for a Cardholder, issues a bank card to the Cardholder, and guarantees
payment for authorized transactions using the bank card in accordance with
association regulations and local laws.
18. MEMBER means a member of the VISA International Service Association.
------
All Issuers and Acquirers are Members.
19. MERCHANT means one who offers goods or services in exchange for
--------
payment, who accepts bank cards for payment, and who has a relationship with an
Acquirer.
20. PRIMARY CERTIFICATION AUTHORITY ("PCA") means an entity that
---------------------------------------
establishes policies for all Certification Authorities and Subscribers within
its domain.
21. PRIVATE HIERARCHY means a domain consisting of a chained Certificate
-----------------
hierarchy which is entirely self-contained within an organization or network and
not designed to be interoperable with or intended to interact through public
channels with any external organizations. networks, and public hierarchies.
22. PRIVATE KEY means a mathematical key which is kept private to the
-----------
owner and which is used through public key cryptography to encrypt electronic
authenticity data and create a Digital Signature which will be decrypted with
the corresponding Public Key.
23. PRIVATE LABEL CERTIFICATE SYSTEM means the system developed by
--------------------------------
VeriSign for Customer as more fully described in Section 2.
24. PROCESSOR means a third party which has been assigned the processing
---------
of bank card transactions by one or more Issuers or Acquirers.
25. PROGRAM DOCUMENTS means each of the Project Plan, Interface
-----------------
Specifications, Protocol, System Design Specifications, Acceptance Test
Procedures, and Service Level Specification.
<PAGE>
VeriSign Private Label Agreement
26. PROTOCOL means Customer's specification of policies, procedures and
--------
resources to control the entire Certificate process and transactional use of
Certificates within Customer's Private Hierarchy.
27. PUBLIC HIERARCHY means a domain consisting of a system of chained
----------------
Certificates leading from VeriSign as the Primary Certification Authority
through one or more Certification Authorities to Subscribers in accordance with
the VeriSign Certification Practice Statement. Certificates issued in a Public
Hierarchy are intended to be interoperable among organizations, allowing
Subscribers to interact through public channels with various individuals,
organizations, and networks.
28. PUBLIC KEY means a mathematical key which is available publicly and
----------
which is used through public key cryptography to decrypt electronic authenticity
data which was encrypted using the matched Private Key and to verify Digital
Signatures created with the matched Private Key.
29. PUBLIC KEY INFRASTRUCTURE ("PKI") means the VeriSign specification
---------------------------------
for the architecture, techniques, practices and procedures that collectively
support the implementation and operation of certificate-based Public Key
cryptographic systems.
30. ROOT KEY means one or more public root key(s) published by the
--------
organization which generated and is entitled to use such keys as the public
components of its key pair(s) in issuing Certificates in a hierarchy over which
such organization has responsibility.
31. SERVICE LEVEL SPECIFICATION means the specification attached hereto
---------------------------
as Exhibit "K" approved by Customer and VeriSign pursuant to Section 4. l .6.
32. SUBSCRIBER means an individual, a device or a role/office that has
----------
requested a Certifier to issue him, her or it a Certificate.
33. SYSTEM DESIGN SPECIFICATIONS means the system design specifications to
----------------------------
be created by VeriSign in connection with the Private Label Certificate System
for acceptance testing in accordance with Section 4.1.3. The System Design
Specifications shall contain, at minimum, the items listed on the outline
presently attached as Exhibit "E" and the Requirements Documents attached as
Exhibit "F". Upon acceptance by Customer, the System Design Specifications shall
be attached, in lieu of such outline, as Exhibit "E".
34. VERISIGN AFFILIATES shall mean a company in which, on a class by
-------------------
class basis, more than fifty percent (50%) of the stock entitled to vote for the
election of directors is owned or controlled by VeriSign, but only so long as
such ownership or control exists.
35. WWW means the system currently referenced as the "World Wide Web" for
---
organizing multi-media information distributed across network(s) such that it
can be navigated and accessed via cross linking mechanisms, and any successor to
such system, and any parallel system which uses at least all the same
communication protocols as the system currently referenced as the "World Wide
Web" or to the successor to such system, even if the administrators of such
systems choose to call them by different names.
<PAGE>
VeriSign Private Label Agreement
EXHIBIT "B"
CUSTOMER PRODUCT AND SERVICES
The Private Label Certificate System is to be used in connection with the
following Customer product(s) or service(s): Visa Cash stored value card and
-------------------------------
Chip Card Payment Service (CCPS) The Private Label Certificate system to be
---------------------------------------------------------------------------
operated By VeriSign as CA for Customer under this Agreement will include a
---------------------------------------------------------------------------
standalone server for Certificate issuance and management and two CSUs to
-------------------------------------------------------------------------
contain the Private Hierarchy Root Keys together with custom software and
-------------------------------------------------------------------------
procedures developed by VeriSign for operation of the system. Customer shall be
-------------------------------------------------------------------------------
entitled to two key generation ceremonies under this Agreement.
--------------------------------------------------------------
--------------------------------------------------------------------------------
ADDITIONAL COMMITMENTS
During the one hundred and eighty (180) day period following execution of
this Agreement. VeriSign and Customer will cooperate in developing a Service
Level Agreement to be attached as Exhibit B to Exhibit J. This new document will
specify the performance standards for correction of errors in the Licensed
Software and will include a reasonable period for curing problems in the
Licensed Software. Exhibit B is intended to become effective at such time as
Customer exercises the option to license the VeriSign Software and operate the
Private Label Certificate System on the terms set forth in Exhibit J.
CONFIDENTIALITY
Customer and VeriSign expressly consent to disclosures of Confidential
Information made by either party to BBN in connection with custom chip
modification necessary to the CSUs used in this Private Label Certificate
System. Such disclosures shall not be a violation of Sections 6.1 or 10.9 of
this Agreement.
FEES
1. DEVELOPMENT FEES.
-----------------
Customer shall pay as Development Fees the amount of * for development and
testing, will be payable Forty Thousand Dollars * upon delivery of VeriSign
Deliverables for testing and * upon delivery of development deliverables for
Pilot, as detailed in Exhibit "D". Additional software development testing, or
policy development which is beyond the initial scope of this project shall be by
Change Order in accordance with Section 4.1.8 above at the rate of * per person
per day for system consulting and * per person per day for PKI consulting. No
additional Development Fees shall be payable with respect to the custom chip
modification work perform for the CSUs.
2. OPERATION FEES.
--------------
Customer shall pay as Operations Fees the amount of * upon delivery of
VeriSign Deliverables for testing as detailed in Exhibit "D" for a one-year
pilot term.
3. SUBSCRIBER FEES.
---------------
Subscriber Fees of * per Member Certificate shall be payable under
this Agreement.
4. U.S. CURRENCY.
-------------
All payments hereunder shall be made in lawful United States Currency.
* Confidential treatment has been requested with respect to certain
portions of this exhibit. Confidential portions have been omitted from
the public filing and have been filed separately with the Securities and
Exchange Commission.
<PAGE>
VeriSign Private Label Agreement
EXHIBIT "C"
LOGOS AND TRADEMARKS
VeriSign encourages its customers to use VeriSign logos, trademarks and
service marks on customer product data sheets, packaging, Web pages and
advertising, but it is important to use them properly.
When using VeriSign trademarks and service marks in ads, product packaging,
documentation or collateral materials, be sure to use the correct trademark
designator: /(R)/ for registered trademarks, (TM) for claimed or pending
trademarks and sm for claimed or pending service marks. VeriSign trademarks and
their correct designators are depicted below. To ensure proper usage, please
allow VeriSign marketing to review any materials using or mentioning VeriSign
trademarks prior to general release.
Using these VeriSign logos does not require written permission; in fact, we
encourage you to use them on your product packaging, Web pages and marketing
collateral!
VeriSign will update this Logos and Trademarks Usage Guide on a regular
basis. To check for most current information on logo and trademark usage, check
VeriSign's Web site at http:/www.verisign.com.
VeriSign (TM)
Digital ID sm
Digital ID Center sm
<PAGE>
VeriSign Private Label Agreement
EXHIBIT "D"
PROJECT PLAN ELEMENTS
The VeriSign Deliverables to Customer for Test I will be ready for Alpha
Test on or before the date agreed to by the Customer/VeriSign Joint Project
Team. Pilot and General Availability production dates will be specified in the
Project Plan. VeriSign will provide full production, operational facilities in
accordance with time scales agreed with Customer. The operation and support will
be implemented in phases as defined in the Project Plan (i.e. Alpha Test, Pilot,
General Availability).
Project Plan is inserted here as a separate attachment.
<PAGE>
VeriSign Private Label Agreement
EXHIBIT "E"
SYSTEM DESIGN SPECIFICATIONS
The Private Label Certificate System will be a custom-designed VeriSign
product based upon the Customer Requirements contained in Exhibit "F."
The parties contemplate that development, testing and implementation of all
Private Label Certificate System components will be implemented in three phases.
The System Design Specifications will implement the Customer Requirements
attached as Exhibit "F".
<PAGE>
VeriSign Private Label Agreement
EXHIBIT "F"
CUSTOMER REQUIREMENTS
VISA Customer Requirements include the VISA CCPS Certification Authority
---------------------------------
and RSA Key Tasks Requirements Document dated March 1996. Additional
---------------------------------------
references/requirements include:
. Integrated Circuit Card Specifications For Payment Systems Part 3
-----------------------------------------------------------------
Transaction Processing, Version 2.0 June 30, 1995;
----------------------
. Visa Integrated Circuit Card (ICC) Specifications, Version 10 July
-------------------------------------------------
31,1995;
. Visa International Risk Management and Security Integrated Circuit Card
-----------------------------------------------------------------------
Security Guidelines for: Chip Architecture and Design Operating Systems
-----------------------------------------------------------------------
Design and Vendor Viability, January 1996;
---------------------------
. RSA Key and Certification Authority, memorandum dated 15 April 1996 from
-----------------------------------
Joel Weise;
. CCPS Certification Authority and RSA Key Tasks memorandum dated May 16,
----------------------------------------------
1996 from Joel Weise;
. Untitled: "Tasks List (with responsibilities defined)" memorandum dated
-------------------------------------------------------
May 16, 1996 from Joel Weise;
. Letter of intent dated June 6th 1996 from Irv Wentzien;
. VISA Common CA Acceptance Criteria memorandum dated July 17, 1996 from
----------------------------------
Joel Weise;
. CCPS RSA Key, Data, and Certificate Formats memorandum dated October 1,
-------------------------------------------
1996 from Joel Weise.
<PAGE>
VeriSign Private Label Agreement
EXHIBIT "G"
ACCEPTANCE TEST PROCEDURES
To be developed as provided in Section 4.1.4 Acceptance Criteria memorandum
is inserted here as a separate attachment.
<PAGE>
VeriSign Private Label Agreement
EXHIBIT "H"
RESERVED
<PAGE>
VeriSign Private Label Agreement
EXHIBIT "I"
ESCROW AGREEMENT
MASTER PREFERRED ESCROW AGREEMENT
Master Number
This Agreement is effective _________________, 19___ among Data Securities
International, Inc.
("DSI"),___________________________________________________________ (" ")
and any party signing the Acceptance Form attached to this Agreement (" "),
who collectively may be referred to in this Agreement as "the parties."
A. Depositor and Preferred Beneficiary have entered or will enter into a
license agreement, development agreement, and/or other agreement regarding
certain proprietary technology of Depositor (referred to in this Agreement as
"the license agreement").
B. Depositor desires to avoid disclosure of its proprietary technology
except under certain limited circumstances.
C. The availability of the proprietary technology of Depositor is
critical to Preferred Beneficiary in the conduct of its business and, therefore,
Preferred Beneficiary needs access to the proprietary technology under certain
limited circumstances.
D. Depositor and Preferred Beneficiary desire to establish an escrow with
DSI to provide for the retention, administration and controlled access of
certain proprietary technology materials of Depositor.
E. The parties desire this Agreement to be supplementary to the license
agreement pursuant to 11 United States [Bankruptcy] Code, Section 365(n).
ARTICLE 1 -- DEPOSITS
1.1 Obligation to Make Deposit. Upon the signing of this Agreement by the
--------------------------
parties, including the signing of the Acceptance Form, Depositor shall deliver
to DSI the proprietary information and other materials ("deposit materials")
required to be deposited by the license agreement or, if the license agreement
does not identify the materials to be deposited with DSI, then such materials
will be identified on an Exhibit A. If Exhibit A is applicable, it is to be
prepared and signed by Depositor and Preferred Beneficiary. DSI shall have no
obligation with respect to the preparation, signing or delivery of Exhibit A.
1.2 Identification of Tangible Media. Prior to the delivery of the
--------------------------------
deposit materials to DSI, Depositor shall conspicuously label for identification
each document, magnetic tape, disk, or other tangible media upon which the
deposit materials are written or stored. Additionally, Depositor shall complete
Exhibit B to this Agreement by listing each such tangible media by the item
label description, the type of media and the quantity. The Exhibit B must be
signed by Depositor and delivered to DSI with the deposit materials. Unless and
until Depositor makes the initial deposit with DSI, DSI shall have no obligation
with respect to this Agreement, except the obligation to notify the parties
regarding the status of the deposit account as required in Section 2.2 below.
1.3 Deposit Inspection. When DSI receives the deposit materials and the
------------------
Exhibit B, DSI will conduct a deposit inspection by visually matching the
labeling of the tangible media containing the deposit materials to the item
descriptions and quantity listed on the Exhibit B. In addition to the deposit
inspection, Preferred Beneficiary may elect to cause a verification of the
deposit materials in accordance with Section 1.6 below.
<PAGE>
VeriSign Private Label Agreement
1.4 Acceptance of Deposit. At completion of the deposit inspection, if
---------------------
DSI determines that the labeling of the tangible media matches the item
descriptions and quantity on Exhibit B, DSI will date and sign the Exhibit B and
mail a copy thereof to Depositor and Preferred Beneficiary. If DSI determines
that the labeling does not match the item descriptions or quantity on the
Exhibit B, DSI will (a) note the discrepancies in writing on the Exhibit B; (b)
date and sign the Exhibit B with the exceptions noted; and (c) provide a copy of
the Exhibit B to Depositor and Preferred Beneficiary. DSI's acceptance of the
deposit occurs upon the signing of the Exhibit B by DSI. Delivery of the signed
Exhibit B to Preferred Beneficiary is Preferred Beneficiary's notice that the
deposit materials have been received and accepted by DSI.
1.5 Depositor's Representations. Depositor represents as follows:
---------------------------
a. Depositor lawfully possesses all of the deposit materials
deposited with DSI;
b. With respect to all of the deposit materials, Depositor has the
right and authority to grant to DSI and Preferred Beneficiary the rights as
provided in this Agreement;
c. The deposit materials are not subject to any lien or other
encumbrance; and
d. The deposit materials consist of the proprietary, information and
other materials identified either in the license agreement or Exhibit A, as the
case may be.
1.6 Verification. Preferred Beneficiary, shall have the right, at
------------
Preferred Beneficiary's expense, to cause a verification of any deposit
materials. A verification determines, in different levels of detail, the
accuracy, completeness, sufficiency and quality of the deposit materials. If a
verification is elected after the deposit materials have been delivered to DSI,
then only DSI, or at DSI' s election an independent person or company selected
and supervised by DSI, may perform the verification.
1.7 Deposit Updates. Unless otherwise provided by the license agreement,
---------------
Depositor shall update the deposit materials within 60 days of each release of a
new version of the product which is subject to the license agreement. Such
updates will be added to the existing deposit. All deposit updates shall be
listed on a new Exhibit B and the new Exhibit B shall be signed by Depositor.
Each Exhibit B will be held and maintained separately within the escrow account.
An independent record will be created which will document the activity for each
Exhibit B. The processing of all deposit updates shall be in accordance with
Sections 1.2 through 1.6 above. All references in this Agreement to the deposit
materials shall include the initial deposit materials and any updates.
1.8 Removal of Deposit Materials. The deposit materials may be removed
----------------------------
and/or exchanged only on written instructions signed by Depositor and Preferred
Beneficiary,, or as otherwise provided in this Agreement.
ARTICLE 2 -- CONFIDENTIALITY AND RECORD KEEPING
2.1 Confidentiality. DSI shall maintain the deposit materials in a
---------------
secure, environmentally safe, locked receptacle which is accessible only to
authorized employees of DSI. DSI shall have the obligation to reasonably protect
the confidentiality of the deposit materials. Except as provided in this
Agreement, DSI shall not disclose, transfer, make available, or use the deposit
materials. DSI shall not disclose the content of this Agreement to any third
party. If DSI receives a subpoena or other order of a court or other judicial
tribunal pertaining to the disclosure or release of the deposit materials, DSI
will immediately notify the parties to this Agreement. It shall be the
responsibility of Depositor and/or Preferred Beneficiary to challenge any such
order; provided, however, that DSI does not waive its rights to present its
position with respect to any such order. DSI will not be required to disobey any
court or other judicial tribunal order. (See Section 7.5 below for notices of
requested orders.)
2.2 Status Reports. DSI will issue to Depositor and Preferred Beneficiary
--------------
a report profiling the account history at least semi-annually. DSI may provide
copies of the account history pertaining to this Agreement upon the request of
any party to this Agreement.
<PAGE>
VeriSign Private Label Agreement
2.3 Audit Rights. During the term of this Agreement, Depositor and
------------
Preferred Beneficiary shall each have the right to inspect the written records
of DSI pertaining to this Agreement. Any inspection shall be held during normal
business hours and following reasonable prior notice.
ARTICLE 3 -- GRANT OF RIGHTS TO DSI
3.1 Title to Media. Depositor hereby transfers to DSI the title to the
--------------
media upon which the proprietary information and materials are written or
stored. However, this transfer does not include the ownership of the proprietary
information and materials contained on the media such as any copyright, trade
secret, patent or other intellectual property rights.
3.2 Right to Make Copies. DSI shall have the right to make copies of the
--------------------
deposit materials as reasonably necessary to perform this Agreement. DSI shall
copy all copyright, nondisclosure, and other proprietary notices and titles
contained on the deposit materials onto any copies made by DSI. With all deposit
materials submitted to DSI, Depositor shall provide any and all instructions as
may be necessary to duplicate the deposit materials including but not limited to
the hardware and/or software needed.
3.3 Right to Sublicense Upon Release. As of the effective date of this
--------------------------------
Agreement, Depositor hereby grants to DSI a non-exclusive, irrevocable,
perpetual, and royalty-free license to sublicense the deposit materials to
Preferred Beneficiary upon the release, if any, of the deposit materials in
accordance with Section 4.5 below. Except upon such a release, DSI shall not
sublicense or otherwise transfer the deposit materials.
ARTICLE 4 -- RELEASE OF DEPOSIT
4.1 Release Conditions. As used in this Agreement, "Release Conditions"
------------------
shall mean the following:
a. Depositor's failure to carry out obligations imposed on it
pursuant to the license agreement; or
b. Depositor's failure to continue to do business in the ordinary
course.
4.2 Filing For Release. If Preferred Beneficiary believes in good faith
------------------
that a Release Condition has occurred, Preferred Beneficiary may provide to DSI
written notice of the occurrence of the Release Condition and a request for the
release of the deposit materials. Upon receipt of such notice, DSI shall provide
a copy of the notice to Depositor, by certified mail, return receipt requested,
or by commercial express mail.
4.3 Contrary Instructions. From the date DSI mails the notice requesting
---------------------
release of the deposit materials, Depositor shall have ten business days to
deliver to DSI Contrary Instructions. "Contrary Instructions" shall mean the
written representation by Depositor that a Release Condition has not occurred or
has been cured. Upon receipt of Contrary Instructions, DSI shall send a copy to
Preferred Beneficiary by certified mail, return receipt requested, or by
commercial express mail. Additionally, DSI shall notify both Depositor and
Preferred Beneficiary that there is a dispute to be resolved pursuant to the
Dispute Resolution section of this Agreement (Section 7.3). Subject to Section
5.2, DSI will continue to store the deposit materials without release pending
(a) joint instructions from Depositor and Preferred Beneficiary, (b) resolution
pursuant to the Dispute Resolution provisions, or (c) order of a court.
4.4 Release of Deposit. If DSI does not receive Contrary Instructions
------------------
from the Depositor, DSI is authorized to release the deposit materials to the
Preferred Beneficiary or, if more than one beneficiary is registered to the
deposit, to release a copy of the deposit materials to the Preferred
Beneficiary. However, DSI is entitled to receive any fees due DSI before making
the release. This Agreement will terminate upon the release of the deposit
materials held by DSI.
<PAGE>
VeriSign Private Label Agreement
4.5 Use License Following Release. Unless otherwise provided in the
-----------------------------
license agreement, upon release of the deposit materials in accordance with this
Article 4, Preferred Beneficiary shall have a non-exclusive, non-transferable,
irrevocable right to use the deposit materials for the sole purpose of
continuing the benefits afforded to Preferred Beneficiary by the license
agreement. Preferred Beneficiary shall be obligated to maintain the
confidentiality of the released deposit materials.
ARTICLE 5 -- TERM AND TERMINATION
5.1 Term of Agreement. The initial term of this Agreement is for a period
-----------------
of one year. Thereafter, this Agreement shall automatically renew from year-to-
year unless (a) Depositor and Preferred Beneficiary jointly instruct DSI in
writing that the Agreement is terminated; or (b) the Agreement is terminated by
DSI for nonpayment in accordance with Section 5.2. If the Acceptance Form has
been signed at a date later than this Agreement, the initial term of the
Acceptance Form will be for one year with subsequent terms to be adjusted to
match the anniversary date of this Agreement. If the deposit materials are
subject to another escrow agreement with DSI, DSI reserves THE right, after the
initial one year term, to adjust the anniversary date of this Agreement to match
the then prevailing anniversary date of such other escrow arrangements.
5.2 Termination for Nonpayment. In the event of the nonpayment of fees
--------------------------
owed to DSI, DSI shall provide written notice of delinquency to all parties to
this Agreement. Any party to this Agreement shall have the right to make the
payment to DSI to cure the default. If the past due payment is not received in
full by DSI within one month of the date of such notice, then DSI shall have the
right to terminate this Agreement at any time thereafter by sending written
notice of termination to all parties. DSI shall have no obligation to take any
action under this Agreement so long as any payment due to DSI remains unpaid.
5.3 Disposition of Deposit Materials Upon Termination. Upon termination
-------------------------------------------------
of this Agreement by joint instruction of Depositor and Preferred Beneficiary,
DSI shall destroy, return, or otherwise deliver the deposit materials in
accordance with such instructions. Upon termination for nonpayment, DSI may, at
its sole discretion, destroy the deposit materials or return them to Depositor.
DSI shall have no obligation to return or destroy the deposit materials if the
deposit materials are subject to another escrow agreement with DSI.
5.4 Survival of Terms Following Termination. Upon termination of this
---------------------------------------
Agreement, the following provisions of this Agreement shall survive:
a. Depositor' s Representations (Section 1.5) .
b. The obligations of confidentiality with respect to the deposit
materials.
c. The licenses granted in the sections entitled Right to Sublicense
Upon Release (Section 3.3) and Use License Following Release
(Section 4.5), if a release of the deposit materials has occurred
prior to termination.
d. The obligation to pay DSI any fees and expenses due.
e. The provisions of Article 7.
f. Any provisions in this Agreement which specifically state they
survive the termination or expiration of this Agreement.
ARTICLE 6 -- DSI'S FEES
6.1 Fee Schedule. DSI is entitled to be paid its standard fees and
------------
expenses applicable to the services provided. DSI shall notify the party
responsible for payment of DSI' s fees at least 90 days prior to any increase in
<PAGE>
VeriSign Private Label Agreement
fees. For any service not listed on DSI's standard fee schedule, DSI will
provide a quote prior to rendering the service, if requested.
6.2 Payment Terms. DSI shall not be required to perform any service
------------
unless the payment for such service and any outstanding balances owed to DSI are
paid in full. All other fees are due upon receipt of invoice. If invoiced fees
are not paid, DSI may terminate this Agreement in accordance with Section 5.2.
Late fees on past due amounts shall accrue at the rate of one and one-half
percent per month (18% per annum) from the date of the invoice.
ARTICLE 7 -- LIABILITY AND DISPUTES
7.1 Right to Rely on Instructions. DSI may act in reliance upon any
-----------------------------
instruction, instrument, or signature reasonably believed by DSI to be genuine.
DSI may assume that any employee of a party to this Agreement who gives any
written notice, request, or instruction has the authority to do so. DSI shall
not be responsible for failure to act as a result of causes beyond the
reasonable control of DSI.
7.2 Indemnification. DSI shall be responsible to perform its obligations
---------------
under this Agreement and to act in a reasonable and prudent manner with regard
to this escrow arrangement. Provided DSI has acted in the manner stated in the
preceding sentence, Depositor and Preferred Beneficiary each agree to indemnify,
defend and hold harmless DSI from any and all claims, actions, damages,
arbitration fees and expenses, costs, attorney' s fees and other liabilities
incurred by DSI relating in any way to this escrow arrangement.
7.3 Dispute Resolution. Any dispute relating to or arising from this
------------------
Agreement shall be resolved by arbitration under the Commercial Rules of the
American Arbitration Association. Unless otherwise agreed by Depositor and
Preferred Beneficiary, arbitration will take place in San Diego, California,
U.S.A. Any court having jurisdiction over the matter may enter judgment on the
award of the arbitrator(s). Service of a petition to confirm the arbitration
award may be made by First Class mail or by commercial express mail, to the
attorney for the party or, if unrepresented, to the party at the last known
business address.
7.4 Controlling Law. This Agreement is to be governed and construed in
---------------
accordance with the laws of the State of California, without regard to its
conflict of law provisions.
7.5 Notice of Requested Order. If any party intends to obtain an order
-------------------------
from the arbitrator or any court of competent jurisdiction which may direct DSI
to take, or refrain from taking any action, that party shall:
a. Give DSI at least two business days' prior notice of the hearing;
b. Include in any such order that, as a precondition to DSI's
obligation, DSI be paid in full for any past due fees and be paid for the
reasonable value of the services to be rendered pursuant to such order; and
c. Ensure that DSI not be required to deliver the original (as
opposed to a copy) of the deposit materials if DSI may need to retain the
original in its possession to fulfill any of its other escrow duties.
ARTICLE 8 -- GENERAL PROVISIONS
8.1 Entire Agreement. This Agreement, which includes the Acceptance Form
----------------
and the Exhibits described herein, embodies the entire understanding between all
of the parties with respect to its subject matter and supersedes all previous
communications, representations or understandings,-either oral or written. No
amendment or modification of this Agreement shall be valid or binding unless
signed by all the parties hereto, except Exhibit A need not be signed by DSI and
Exhibit B need not be signed by Preferred Beneficiary.
8.2 Notices. All notices, invoices, payments, deposits and other
-------
documents and communications shall be given to the parties at the addresses
specified in the attached Exhibit C and Acceptance Form. It shall be the
<PAGE>
VeriSign Private Label Agreement
responsibility of the parties to notify each other as provided in this Section
in the event of a change of address. The parties shall have the right to rely on
the last known address of the other parties. Unless otherwise provided in this
Agreement, all documents and communications may be delivered by First Class
mail.
8.3 Severability. In the event any provision of this Agreement is found
------------
to be invalid, voidable or unenforceable, the parties agree that unless it
materially affects the entire intent and purpose of this Agreement, such
invalidity, voidability or unenforceability shall affect neither the validity of
this Agreement nor the remaining provisions herein, and the provision in
question shall be deemed to be replaced with a valid and enforceable provision
most closely reflecting the intent and purpose of the original provision.
8.4 Successors. This Agreement shall be binding upon and shall inure to
----------
the benefit of the successors and assigns of the parties. However, DSI shall
have no obligation in performing this Agreement to recognize any successor or
assign of Depositor or Preferred Beneficiary unless DSI receives clear,
authoritative and conclusive written evidence of the change of parties.
Data Securities International, Inc.
______________________________
By: _______________________ By: _______________________________
Name: _______________________ Name: _______________________________
Title: _______________________ Title: _______________________________
Date: _______________________ Date: _______________________________
<PAGE>
EXHIBIT "J"
CUSTOM CERTIFICATE SYSTEM LICENSE AGREEMENT
THIS CUSTOM CERTIFICATE SYSTEM LICENSE AGREEMENT ("Agreement") effective as
of the last date of execution, is entered into by and between VeriSign, Inc., a
Delaware corporation ("VeriSign"), having a principal mailing address at 2593
Coast Avenue, Mountain View, California 94043, and the entity named below as
"Customer" ("Customer"), having a principal address as set forth below.
Customer:
VISA International Service Association
--------------------------------------
(Name and jurisdiction of incorporation)
Customer Address:
900 Metro Center Boulevard, Foster City California 94404 or
------------------------------------------------------------
P.O. Box 8999, San Francisco, California 94128-8999
----------------------------------------------------
Customer Legal Contact:
Andrew Konstantaras, Counsel, 415-432-8066
------------------------------------------
(name, telephone and title)
Customer Billing Contact:
Irv Wentzien, VP, 415-432-3460
------------------------------
(name, telephone and title)
Customer Technical Contact:
Joel Weise, Chip Card Technology Manager, 415-432-3863
------------------------------------------------------
(name, telephone and title)
Customer Commercial Contact:
Joel Weise, Chip Card Technology Manager, 415-432-3863
------------------------------------------------------
(name, telephone and title)
<PAGE>
VeriSign, Inc.
Custom Certificate System License Agreement
Page 2
1. DEFINITIONS
-----------
The following terms when used in this Agreement shall have the following
meanings:
1.1 "CERTIFICATE" means a collection of electronic data consisting of a
Public Key, identifying information which contains information about the owner
of the Public Key, and validity information, which (or a string of bits derived
from the Public Key) has been encrypted by a third party who is the issuer of
the Certificate with such third party Certificate issuer's Private Key. This
collection of electronic data collectively serves the function of identifying
the owner of the Public Key and verifying the integrity of the electronic data.
"Certify" or "Certification" means the act of generating a Certificate.
"Certified" means the condition of having been issued a valid Certificate by a
Certifier, which Certificate has not been revoked.
1.2 "CERTIFICATE SIGNING UNIT ('CSU')" means a hardware unit or software
designed for use in signing Certificates and key storage. The BBN SafeKeyper(TM)
manufactured by BBN Communications, Inc. is one hardware implementation of a
CSU.
1.4 "CERTIFICATION AUTHORITY" OR "CA" means VeriSign and any entity,
group, division, department, unit or office which is Certified by VeriSign to,
and has accepted responsibility to, issue Certificates to specified Subscribers
in a Hierarchy in accordance with the CPS or a Protocol.
1.5 "CERTIFICATION PRACTICE STATEMENT" OR "CPS" means the VeriSign
specification of policies, procedures and resources to control the entire
Certificate process and transactional use of Certificates within the VeriSign
Public Hierarchies.
1.6 "CUSTOMER PRODUCT" means any product including some or ail of the
Licensed Software developed by Customer for use by a Subscriber in VlSA's
Private Hierarchy with a Certificate issued by aVISA which incorporates VlSA's
Root Keys.
1.7 "DIGITAL SIGNATURE" means information encrypted with a Private Key
which is appended to information to identify the owner of the Private Key and to
verify the integrity of the information. "DIGITALLY SIGNED" shall refer to
----------------
electronic data to which a Digital Signature has been appended.
1.8 "HIERARCHY" means a domain consisting of a system of chained
Certificates leading from the Primary Certification Authority through one or
more Certification Authorities to Subscribers.
1.9 "INTERNET" means the global computer network commonly known as
"Internet".
1.10 "LICENSED SOFTWARE" means the object code of the VeriSign Software
as specified on Exhibit "A" (License and Maintenance Fees) hereto as having been
licensed by Customer. Only those portions of the VeriSign Software specified as
having been licensed are included in the Licensed Software.
1.11 "NEW RELEASE" means a version of the VeriSign Software which shall
generally be designated by a new version number which has changed from the prior
number only to the right of the decimal point (e.g., Version 2.2 to Version
2.3).
1.12 "NEW VERSION" means a version of the VeriSign Software which shall
generally be designated by a new version number which has changed from the prior
number to the left of the decimal point (e.g., Version 2.3 to Version 3.0).
1.13 "PRIMARY CERTIFICATION AUTHORITY" OR "PCA" means an entity that
establishes policies for all Certification Authorities and Subscribers within
its Private Hierarchy.
<PAGE>
VeriSign, Inc.
Custom Certificate System License Agreement
Page 3
1.14 "PRIVATE HIERARCHY" means a domain consisting of a chained
Certificate hierarchy which is entirely self-contained within an organization or
network and not designed to be interoperable with or intended to interact
through public channels with any external organizations, networks, and public
hierarchies.
1.15 "PRIVATE KEY" means a mathematical key which is kept private to the
owner and which is used through public key cryptography to encrypt electronic
authenticity data and create a Digital Signature which will be decrypted with
the corresponding Public Key.
1.16 "PUBLIC HIERARCHY" means a domain consisting of a system of chained
Certificates leading from VeriSign as the Primary Certification Authority
through one or more Certification Authorities to Subscribers in accordance with
the VeriSign Certification Practice Statement. Certificates issued in a Public
Hierarchy are intended to be interoperable among organizations, allowing
Subscribers to interact through public channels with various individuals,
organizations, and networks.
1.17 "PUBLIC KEY" means a mathematical key which is available publicly
and which is used through public key cryptography to decrypt electronic
authenticity data which was encrypted using the matched Private Key and to
verify Digital Signatures created with the matched Private Key.
1.18 "PUBLIC KEY INFRASTRUCTURE (PKI)" means the VeriSign specification
for the architecture, techniques, practices, and procedures that collectively
support the implementation and operation of Certificate-based public key
cryptographic systems.
1.19 "ROOT KEY" means one or more public root key(s) published by the
organization which generated and is entitled to use such keys as the public
components of its key pair(s) in issuing Certificates in a hierarchy over which
such organization has responsibility.
1.20 "SUBSCRIBER" means an individual, a device or a role/office that has
requested a Certifier to issue him, her or it a Certificate.
1.21 "USER MANUAL" means the most current version of the user or
operating manual customarily supplied by VeriSign to customers who license the
VeriSign Object Code, if any.
1.22 "VERISIGN OBJECT CODE" means the Licensed Software in machine-
readable, compiled object code form.
1.23 "VERISIGN SOFTWARE" means VeriSign proprietary software for the
Private Label Certificate System as described in the UserManuals associated
therewith. "VeriSign Software" shall also include all modifications and
enhancements (including all New Releases and New Versions) to such programs as
provided by VeriSign to Customer pursuant to Sections 4.3, 4.4, and 4.5.
1.24 "VISA" means VISA International Service Association.
1.25 "WWW" means the system currently referenced as the "World Wide Web"
for organizing multimedia information distributed across network(s) such that it
can be navigated and accessed via cross linking mechanisms, and any successor to
such system, and any parallel system which uses at least all the same
communication protocols as the system currently referenced as the "World Wide
Web" or to the successor to such system, even if the administrators of such
systems choose to call them by different names.
2. GRANT OF LICENSES; LIMITATIONS
------------------------------
2.1 VERISIGN SOFTWARE OBJECT CODE LICENSE. VeriSign hereby grants
-------------------------------------
Customer a worldwide non-exclusive, non-transferable, non-assignable license
during the term specified in Section 8 to use the Licensed
<PAGE>
VeriSign, Inc.
Custom Certificate System License Agreement
Page 4
Software to act as the Primary Certification Authority for Customer's Private
Hierarchy and to make, have made and sell Customer Products.
2.2 LIMITATIONS ON LICENSES. The license granted in Section 2.1 shall be
-----------------------
limited as follows:
2.2.1 LIMITATION ON DISTRIBUTEES. The VeriSign Software shall not be
--------------------------
sublicensed or otherwise distributed .
2.2.2 LICENSE RESTRICTED TO LICENSED SOFTWARE. Customer may not use,
---------------------------------------
modify, sublicense or incorporate into any Customer Product any software module
or other technology component derived from the VeriSign Software which is not
designated as Licensed Software on Exhibit "A".
2.2.3 ROOT KEYS. Any Customer Product and Licensed Software must
---------
include VlSA's Private Hierarchy Root Key.
2.2.4 RESTRICTION ON COPYING. Customer may not copy or reproduce the
----------------------
VeriSign Software or any part, version or form thereof, except as expressly
permitted in Section 2.1.
2.3 TITLE. Except for the limited license granted in Section 2.1,
-----
VeriSign shall at all times retain full and exclusive right, title and ownership
interest in and to the VeriSign Software and in any and all related patents,
trademarks, copyrights and proprietary and trade secret rights.
3. LICENSE FEES
------------
3.1 LICENSE FEES. In consideration of VeriSign's grant to Customer of the
------------
limited license rights hereunder, Customer shall pay to VeriSign the amounts
specified on Exhibit "A."
3.2 TAXES. All taxes, duties, fees and other governmental charges of any
-----
kind (including sales and use taxes, but excluding taxes based on the gross
revenues or net income of VeriSign) which are imposed by or under the authority
of any government or any political subdivision thereof on the License Fees or
any aspect of this Agreement shall be borne by Customer and shall not be
considered a part of, a deduction from or an offset against License Fees.
3.3 TERMS OF PAYMENT. License Fees are due upon execution of this
----------------
Agreement and shall be paid by Customer to the attention of the Software
Licensing Department at VeriSign's address set forth above.
3.4 U.S. CURRENCY. All payments hereunder shall be made in lawful United
-------------
States currency.
4. SUPPORT AND MAINTENANCE; DEVELOPMENT
------------------------------------
4.1 OPTIONAL MAINTENANCE. For the year commencing upon the date of this
--------------------
Agreement and for each year thereafter commencing on the anniversary of such
expiration, Customer may elect to purchase annual maintenance, as described in
Section 4.3, by paying the then-current annual maintenance fee. Such amount
shall be payable for the first year upon the execution of this Agreement and for
each subsequent year in advance of the commencement of such year. VeriSign may
cease to offer maintenance for future maintenance terms by notice delivered to
Customer ninety (90) days or more before the end of the then current maintenance
term.
4.2 ADDITIONAL CHARGES. In the event VeriSign is required to take actions
------------------
to correct a difficulty or defect which is traced to Customer errors,
modifications, enhancements, software or hardware, then Customer shall pay to
VeriSign its time and materials charges at VeriSign's rates then in effect. In
the event VeriSign's personnel must travel to perform maintenance or on-site
support, Customer shall reimburse VeriSign for any reasonable
<PAGE>
VeriSign, Inc.
Custom Certificate System License Agreement
Page 5
out-of-pocket expenses incurred, including travel to and from Customer's sites,
lodging, meals and shipping, as may be necessary in connection with duties
performed under this Section 4 by VeriSign.
4.3 MAINTENANCE PROVIDED BY VERISIGN. For periods for which Customer has
--------------------------------
paid an annual maintenance fee, VeriSign will provide Customer with the
following services:
4.3.1 TELEPHONE SUPPORT. VeriSign will provide telephone support to
-----------------
Customer during VeriSign's normal business hours. VeriSign may provide on-site
support reasonably determined to be necessary by VeriSign at Customer's location
specified on page 1 hereof. VeriSign shall provide the support specified in this
Section 4.3.1 to Customer's employees responsible for developing Customer
Products and maintaining Customer Products. VeriSign will provide the name of an
employee who will serve as a single point of contact for support to Customer.
VeriSign may change the name at any time by providing written notice to
Customer. On VeriSign's request, Customer will provide a list with the names of
the employees designated to receive support from VeriSign. Customer may change
the names on the list at any time by providing written notice to VeriSign.
4.3.2 ERROR CORRECTION. In the event Customer discovers an error in
----------------
the Licensed Software which causes the Licensed Software not to operate in
material conformance to VeriSign's published specifications therefor, Customer
shall submit to VeriSign a written report describing such error in sufficient
detail to permit VeriSign to reproduce such error. Upon receipt of any such
written report, VeriSign will use its reasonable business judgment to classify a
reported error as either: (i) a "Level 1 Severity" error, meaning an error that
causes the Licensed Software to fail to operate in a material manner or to
produce materially incorrect results and for which there is no workaround or
only a difficult workaround; or (ii) a "Level 2 Severity" error, meaning an
error that produces a situation in which the Licensed Software is usable but
does not function in the most convenient or expeditious manner, and the use or
value of the Licensed Software suffers no material impact. VeriSign will
acknowledge receipt of a conforming error report within two (2) business days
and (A) will use its continuing best efforts to provide a correction for any
Level 1 Severity error to Customer as early as practicable; and (B) will use its
reasonable efforts to include a correction for any Level 2 Severity error in the
next release of the VeriSign Software. In the event that VeriSign fails to
comply with the Service Level Agreement attached as Exhibit B to this Exhibit J,
and VeriSign is unable to cure the problem within a reasonable period specified
in Exhibit B, Customer shall have the right to obtain release of the source code
for the Licensed Software from escrow. Customer's rights to the source code
released from escrow shall be limited to use for the purpose of Customer's
operation of the Private Label Certificate System, and Customer may not resell,
sublicense or otherwise permit the use of such source code by any third party
unless VeriSign gives prior written authorization on mutually agreeable terms
and conditions.
4.3.3 NEW RELEASES AND NEW VERSIONS. VeriSign will provide Customer
-----------------------------
information relating to New Releases and New Versions of the VeriSign Software
during the term of this Agreement. New Releases will be provided at no
additional charge. New Versions will be provided at VeriSign's standard upgrade
charges in effect at the time. Any New Releases or New Versions acquired by
Customer shall be governed by all of the terms and provisions of this Agreement.
4.4 LAPSED MAINTENANCE. In the event Customer has not purchased optional
------------------
maintenance with respect to any Licensed Software, Customer may obtain a license
of a New Release of such Licensed Software or any service which is provided as a
part of maintenance by paying the maintenance fees which would otherwise have
been due from the expiration of maintenance provided pursuant to Section 4.1 to
the date such New Release is licensed or such service is provided.
4.5 DEVELOPMENT. If Customer requests that VeriSign make modifications or
-----------
enhancements to the Licensed Software, VeriSign agrees to perform work on such
modifications or enhancements at its lowest time and materials rates then in
effect for a similar type of consulting work.
<PAGE>
VeriSign, Inc.
Custom Certificate System License Agreement
Page 6
5. MASTER COPY
-----------
As soon as practicable, but not later than five (5) business days after the
date of execution of this Agreement, VeriSign shall deliver to Customer one (1 )
copy of each of the VeriSign Object Code and the User Manual in the manner
designated on Exhibit "A" together with the CSUs and standalone server used as
part of the Private Label Certificate System as operated by VeriSign.
6. ADDITIONAL OBLIGATIONS OF CUSTOMER
6.1 CUSTOMER PRODUCT MARKETING. Customer is authorized to represent
--------------------------
Subscribers only such facts about the VeriSign Software as VeriSign states in
its published product descriptions, advertising and promotional materials or as
may be stated in other non-confidential written material furnished by VeriSign.
6.2 CUSTOMER SUPPORT. Customer shall, at its expense, provide all support
----------------
for the Licensed Software, and Customer Products to Subscribers.
6.3 CONFIDENTIALITY; PROPRIETARY RIGHTS.
-----------------------------------
6.3.1 CONFIDENTIALITY. Customer acknowledges that in VeriSign's
---------------
performance of its duties hereunder VeriSign will communicate to Customer (or
its designees) certain confidential and proprietary information concerning the
VeriSign Software, and know-how, technology, techniques or marketing plans
related thereto (collectively, the "Know-How") ail of which are confidential and
proprietary to, and trade secrets of, VeriSign. Customer agrees to hold all the
VeriSign Know-How within its own organization and shall not, without specific
written consent of VeriSign or as expressly authorized herein, utilize in any
manner, publish, communicate or disclose any part of the VeriSign Know-How to
third parties. This Section 6.4.1 shall impose no obligation on Customer with
respect to any Know-How which: (i) is in the public domain at the time disclosed
by VeriSign; (ii) enters the public domain after disclosure other than by breach
of Customer's obligations hereunder or by breach of another party's
confidentiality obligations; or (iii) is shown by documentary evidence to have
been known by Customer prior to its receipt from VeriSign. Customer will take
such steps as are consistent with Customer's protection of its own confidential
and proprietary information (but will in no event exercise less than reasonable
care) to ensure that the provisions of this Section 6.4.1 are not violated by
Customer's employees, agents or any other person.
6.3.2 PROPRIETARY MARKINGS; COPYRIGHT NOTICES. Customer agrees not
---------------------------------------
to remove or destroy any proprietary, trademark or copyright markings or notices
placed upon or contained within the VeriSign Object Code, User Manuals or any
related materials or documentation. Customer further agrees to insert and
maintain: (i) within every Customer Product and any related materials or
documentation a copyright notice in the name of Customer; and (ii) within the
splash screens, user documentation, printed product collateral, product
packaging and advertisements for the Customer Product, a statement that the
Customer Product contains the VeriSign Software. Customer shall not take any
action which might adversely affect the validity of VeriSign's proprietary,
trademark or copyright markings or ownership by VeriSign thereof, and shall
cease to use the markings, or any similar markings, in any manner on the
expiration or other termination of the license rights granted pursuant to
Section 2.
6.3.3 PROHIBITED ACTIVITIES. Customer shall not modify, translate,
---------------------
reverse engineer, decompile or disassemble the VeriSign Software or any part
thereof.
6.3.4 NO PUBLICATION. The placement of a copyright notice on any of
--------------
the VeriSign Software shall not constitute publication or otherwise impair the
confidential or trade secret nature of the VeriSign Software .
6.3.5 INJUNCTIVE RELIEF. Customer acknowledges that the
-----------------
restrictions contained in this Section 6.4 are reasonable and necessary to
protect VeriSign's legitimate interests and that any violation of these
restrictions
<PAGE>
VeriSign, Inc.
Custom Certificate System License Agreement
Page 7
will cause irreparable damage to VeriSign within a short period of time and
Customer agrees that VeriSign will be entitled to injunctive relief against each
violation.
6.4 FEDERAL GOVERNMENT SUBLICENSE. Any sublicense of a Customer Product
-----------------------------
acquired from Customer under a United States government contract shall be
subject to restrictions as set forth in subparagraph (c)(1)(ii) of Defense
Federal Acquisition Regulations Supplement (DFARS) Section 252.227-7013 for
Department of Defense contracts and as set forth in Federal Acquisition
Regulations (FARs) Section 52.227-19 for civilian agency contracts or any
successor regulations. Customer agrees that any such sublicense shall set forth
all of such restrictions and the tape or diskette label for the Customer Product
and any documentation delivered with the Customer Product shall contain a
restricted rights legend conforming to the requirements of the current,
applicable DFARS or FARs.
6.5 NOTICES. Customer shall immediately advise VeriSign of any legal
-------
notices served on Customer which might affect VeriSign or the VeriSign Software.
6.6 INDEMNITY. CUSTOMER EXPRESSLY INDEMNIFIES AND HOLDS HARMLESS
---------
VERISIGN, ITS SUBSIDIARIES, AGENTS AND AFFILIATES FROM: (i) ANY AND ALL
LIABILITY OF ANY KIND OR NATURE WHATSOEVER TO CUSTOMER'S SUBSCRIBERS AND THIRD
PARTIES WHICH MAY ARISE FROM ACTS OF CUSTOMER OR FROM THE LICENSE OF CUSTOMER
PRODUCTS BY CUSTOMER OR ANY DOCUMENTATION, SERVICES OR ANY OTHER ITEM FURNISHED
BY CUSTOMER TO ITS SUBSCRIBERS, OTHER THAN LIABILITY ARISING FROM THE VERISIGN
OBJECT CODE OR THE USER MANUALS OR FROM THE ACTS OF VERISIGN; AND (ii) ANY
LIABILITY ARISING IN CONNECTION WITH AN UNAUTHORIZED REPRESENTATION OR ANY
MISREPRESENTATION OF FACT MADE BY CUSTOMER OR ITS AGENTS OR EMPLOYEES TO ANY
PARTY WITH RESPECT TO THE VERISIGN SOFTWARE OR ANY CUSTOMER PRODUCTS .
7. LIMITED WARRANTY; DISCLAIMER OF WARRANTIES; LIMITATION OF LIABILITY;
--------------------------------------------------------------------
INTELLECTUAL PROPERTY INDEMNITIES
---------------------------------
7.1 LIMITED WARRANTY. During the initial ninety (90)-day term of this
----------------
Agreement VeriSign warrants that the Licensed Software specified in this
Agreement will operate in material conformance to VeriSign's published
specifications for such Licensed Software. VeriSign does not warrant that the
VeriSign Software or any portion thereof is error-free. Customer's exclusive
remedy, and VeriSign's entire liability in tort, contract or otherwise, shall be
correction of any warranted nonconformity as provided in Section 4.3.2. This
limited warranty and any obligations of VeriSign under Section 4.1 shall
terminate immediately if Customer makes any modification to the VeriSign
Software.
7.2 DISCLAIMER. EXCEPT FOR THE EXPRESS LIMITED WARRANTY PROVIDED IN
----------
SECTION 7.1, THE VERISIGN SOFTWARE IS PROVIDED "AS IS" WITHOUT ANY WARRANTY
WHATSOEVER. VERISIGN DISCLAIMS ALL WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS
TO ANY MATTER WHATSOEVER, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT OF THIRD PARTY RIGHTS.
VERISIGN DISCLAIMS ANY WARRANTY OR REPRESENTATION TO ANY PERSON OTHER THAN
CUSTOMER WITH RESPECT TO THE VERISIGN SOFTWARE. CUSTOMER SHALL NOT, AND SHALL
TAKE ALL MEASURES NECESSARY TO INSURE THAT ITS AGENTS AND EMPLOYEES DO NOT, MAKE
OR PASS THROUGH ANY SUCH WARRANTY ON BEHALF OF VERISIGN TO ANY THIRD PARTY.
7.3 LIMITATION OF LIABILITY. IN NO EVENT WILL VERISIGN BE LIABLE TO
-----------------------
CUSTOMER (OR TO ANY PERSON CLAIMING RIGHTS DERIVED FROM CUSTOMER) FOR INDIRECT,
INCIDENTAL, SPECIAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES ARISING OUT OF OR
RELATED TO THE TRANSACTIONS CONTEMPLATED UNDER THIS AGREEMENT, INCLUDING BUT NOT
LIMITED TO LOST PROFITS, BUSINESS INTERRUPTION OR LOSS OF BUSINESS INFORMATION,
<PAGE>
VeriSign, Inc.
Custom Certificate System License Agreement
Page 8
EVEN IF VERISIGN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. UNDER NO
CIRCUMSTANCES SHALL VERISIGN'S TOTAL LIABILITY ARISING OUT OF OR RELATED TO THIS
AGREEMENT EXCEED THE TOTAL AMOUNT PAID BY CUSTOMER TO VERISIGN HEREUNDER,
REGARDLESS OF WHETHER ANY ACTION OR CLAIM IS BASED ON WARRANTY, CONTRACT, TORT
OR OTHERWISE.
7.4 PROPRIETARY RIGHTS INFRINGEMENT BY VERISIGN.
-------------------------------------------
7.4.1 OBLIGATION TO DEFEND. Subject to the limitations set forth
--------------------
below and in Section 7.3, VeriSign, at its own expense, shall: (i) defend, or at
its option settle, any claim, suit or proceeding against Customer on the basis
of infringement or misappropriation of any United States, copyright or trade
secret in the field of cryptography by the Licensed Software as delivered by
VeriSign or any claim that VeriSign has no right to license the Licensed
Software hereunder; and (ii) pay any final judgment entered or settlement
against Customer on such issue in any such suit or proceeding defended by
VeriSign. VeriSign shall have no obligation to Customer pursuant to this Section
7.4.1 unless: (A) Customer gives VeriSign prompt written notice of the claim;
(B) VeriSign is given the right to control and direct the investigation,
preparation, defense and settlement of the claim; and (C) the claim is based on
Customer's use of the most recent version or the immediately preceding version
of the Licensed Software in accordance with this Agreement.
7.4.2 VERISIGN OPTIONS. If VeriSign receives notice of an alleged
----------------
infringement, VeriSign shall have the right, at its sole option, to obtain the
right to continue use of the Licensed Software or to replace or modify the
Licensed Software so that it is no longer infringing. If neither of the
foregoing options is reasonably available to VeriSign, then the license rights
granted pursuant to Section 2 may be terminated at the option of either party
hereto without further obligation or liability except as provided in Sections
7.4.1 and 8.3 and in the event of such termination, VeriSign shall refund the
License Fees paid by Customer hereunder less depreciation for use assuming
straight line depreciation over a five (5)-year useful life.
7.4.3 EXCLUSIVE REMEDIES. THE RIGHTS AND REMEDIES SET FORTH IN
------------------
SECTIONS 7.4.1 AND 7.4.2 CONSTITUTE THE ENTIRE OBLIGATION OF VERISIGN AND THE
EXCLUSIVE REMEDIES OF CUSTOMER CONCERNING VERISIGN'S PROPRIETARY RIGHTS
INFRINGEMENT.
7.5 PROPRIETARY RIGHTS INFRINGEMENT BY CUSTOMER.
-------------------------------------------
7.5.1 OBLIGATION TO DEFEND. Subject to the limitations set forth
--------------------
below, Customer, at its own expense, shall: (i) defend, or at its option settle,
any claim, suit or proceeding against VeriSign on the basis of infringement or
misappropriation of any United States, copyright or trade secret by any Customer
Product (excluding the unmodified VeriSign Software); and (ii) pay any final
judgment entered or settlement against VeriSign on such issue in any such suit
or proceeding defended by Customer. Customer shall have no obligation to
VeriSign pursuant to this Section 7.5.1 unless: (A) VeriSign gives Customer
prompt written notice of the claim; and (B) Customer is given the right to
control and direct the investigation, preparation, defense and settlement of the
claim.
7.5.2 EXCLUSIVE REMEDIES. THE RIGHTS AND REMEDIES SET FORTH IN
------------------
SECTION 7.5.1 CONSTITUTE THE ENTIRE OBLIGATION OF CUSTOMER AND THE EXCLUSIVE
REMEDIES OF VERISIGN CONCERNING CUSTOMER'S PROPRIETARY RIGHTS INFRINGEMENT.
8. TERM AND TERMINATION
--------------------
8.1 TERM. The license rights granted pursuant to Section 2 shall be
----
effective as of the date hereof and shall continue in full force and effect for
each item of Licensed Software for the period set forth on Exhibit "A" unless
sooner terminated pursuant to the terms of this Agreement. Either party shall be
entitled to terminate all the
<PAGE>
VeriSign, Inc.
Custom Certificate System License Agreement
Page 9
license rights granted pursuant to this Agreement at any time on written notice
to the other in the event of a default by the other party and a failure to cure
such default within a period of thirty (30) days (five (5) days if the default
involves the payment of money) following receipt of written notice specifying
that a default has occurred.
8.2 INSOLVENCY. Upon the institution of any proceedings by or against
----------
either party seeking relief, reorganization or arrangement under any laws
relating to insolvency, or upon any assignment for the benefit of creditors, or
upon the appointment of a receiver, liquidator or trustee of any of either
party's property or assets, or upon the liquidation, dissolution or winding up
of either party's business, then and in any such events all the license rights
granted pursuant to this Agreement may immediately be terminated by the other
party upon giving written notice.
8.3 DISPOSITION OF VERISIGN SOFTWARE AND USER MANUALS ON TERMINATION.
----------------------------------------------------------------
Upon the expiration or termination pursuant to this Section 8 of the license
rights granted pursuant to Section 2, the remaining provisions of this Agreement
shall remain in full force and effect, and Customer shall cease making copies
of, using or licensing the VeriSign Software, User Manual and Customer Products,
excepting only such copies of Customer Products necessary to fill orders placed
with Customer prior to such expiration or termination. Customer shall destroy
all copies of the VeriSign Software, User Manual and Customer Products and all
information and documentation provided by VeriSign to Customer (including all
Know-How), other than such copies of the VeriSign Object Code, the User Manual
and the Customer Products as are necessary to enable Customer to perform its
continuing support obligations in accordance with Section 6.2, if any.
9. MISCELLANEOUS PROVISIONS
------------------------
9.1 GOVERNING LAWS. THE LAWS OF THE STATE OF CALIFORNIA, U.S.A.
--------------
(IRRESPECTIVE OF ITS CHOICE OF LAW PRINCIPLES) SHALL GOVERN THE VALIDITY OF THIS
AGREEMENT, THE CONSTRUCTION OF ITS TERMS, AND THE INTERPRETATION AND ENFORCEMENT
OF THE RIGHTS AND DUTIES OF THE PARTIES. THE PARTIES AGREE THAT THE UNITED
NATIONS CONVENTION ON CONTRACTS FOR THE INTERNATIONAL SALE OF GOODS SHALL NOT
APPLY TO THIS AGREEMENT. THE PARTIES AGREE THAT ANY SUIT TO ENFORCE ANY
PROVISION OF THIS AGREEMENT OR ARISING OUT OF OR BASED UPON THIS AGREEMENT OR
THE BUSINESS RELATIONSHIP BETWEEN THE PARTIES SHALL BE BROUGHT IN THE UNITED
STATES DISTRICT COURT FOR THE NORTHERN DISTRICT OF CALIFORNIA OR THE SUPERIOR OR
MUNICIPAL COURT IN AND FOR THE COUNTY OF SANTA CLARA, CALIFORNIA, U.S.A. Each
party agrees that such courts shall have exclusive in personam jurisdiction and
venue with respect to such party, and each party submits to the exclusive in
personam jurisdiction and venue of such courts.
9.2 BINDING UPON SUCCESSORS AND ASSIGNS. Except as otherwise provided
-----------------------------------
herein, this Agreement shall be binding upon, and inure to the benefit of, the
successors, representatives, administrators and assigns of the parties hereto.
This Agreement shall not be assignable by Customer, by operation of law or
otherwise, without the prior written consent of VeriSign, which shall not be
unreasonably withheld; provided, however, that VeriSign may withhold its consent
to the assignment of this Agreement if it provides for a fully paid-up License
Fee. Any such purported assignment or delegation without VeriSign's written
consent shall be void and of no effect.
9.3 SEVERABILITY. If any provision of this Agreement is found to be
------------
invalid or unenforceable, the remainder of this Agreement shall be interpreted
so as best to reasonably effect the intent of the parties hereto. IT IS
EXPRESSLY UNDERSTOOD AND AGREED THAT EACH AND EVERY PROVISION OF THIS AGREEMENT
WHICH PROVIDES FOR A LIMITATION OF LIABILITY, DISCLAIMER OF WARRANTIES OR
EXCLUSION OF DAMAGES IS INTENDED BY THE PARTIES TO BE SEVERABLE AND INDEPENDENT
OF ANY OTHER PROVISION AND TO BE ENFORCED AS SUCH.
<PAGE>
VeriSign, Inc.
Custom Certificate System License Agreement
Page 10
9.4 ENTIRE AGREEMENT. This Agreement and the exhibits and schedules
----------------
hereto constitute the entire understanding and agreement of the parties hereto
with respect to the subject matter hereof and supersede all prior and
contemporaneous agreements, representations and understandings between the
parties.
9.5 AMENDMENT AND WAIVERS. Any term or provision of this Agreement may be
---------------------
amended, and the observance of any term of this Agreement may be waived, only by
a writing signed by the party to be bound.
9.6 ATTORNEYS' FEES. The prevailing party in any action or proceeding to
---------------
enforce or interpret any part of this Agreement shall be entitled to recover its
reasonable attorneys' fees (including fees on any appeal).
9.7 NOTICES. Any notice, demand, or request with respect to this
-------
Agreement shall be in writing and shall be effective only if it is delivered by
hand or mailed, certified or registered mail, postage prepaid, return receipt
requested, addressed to the appropriate party at its address set forth on page
1. Such communications shall be effective when they are received by the
addressee; but if sent by certified or registered mail in the manner set forth
above, they shall be effective not later than ten (10) days after being
deposited in the mail. Any party may change its address for such communications
by giving notice to the other party in conformity with this Section.
9.8 FOREIGN RESHIPMENT LIABILITY. THIS AGREEMENT IS EXPRESSLY MADE
----------------------------
SUBJECT TO ANY LAWS, REGULATIONS, ORDERS OR OTHER RESTRICTIONS ON THE EXPORT
FROM THE UNITED STATES OF AMERICA OF THE VERISIGN SOFTWARE OR CUSTOMER PRODUCTS
OR OF INFORMATION ABOUT THE VERISIGN SOFTWARE OR CUSTOMER PRODUCTS WHICH MAY BE
IMPOSED FROM TIME TO TIME BY THE GOVERNMENT OF THE UNITED STATES OF AMERICA.
NOTWITHSTANDING ANYTHING CONTAINED IN THIS AGREEMENT TO THE CONTRARY, CUSTOMER
SHALL NOT EXPORT OR REEXPORT, DIRECTLY OR INDIRECTLY, ANY VERISIGN SOFTWARE OR
CUSTOMER PRODUCTS OR INFORMATION PERTAINING THERETO TO ANY COUNTRY FOR WHICH
SUCH GOVERNMENT OR ANY AGENCY THEREOF REQUIRES AN EXPORT LICENSE OR OTHER
GOVERNMENTAL APPROVAL AT THE TIME OF EXPORT OR REEXPORT WITHOUT FIRST OBTAINING
SUCH LICENSE OR APPROVAL.
9.9 TRADEMARKS. By reason of this Agreement or the performance hereof,
----------
Customer shall acquire no rights of any kind in any VeriSign trademark, trade
name, logo or product designation under which the VeriSign Software was or is
marketed and Customer shall not make any use of the same for any reason except
as expressly authorized by this Agreement or otherwise authorized in writing by
VeriSign.
9.10 PUBLICITY. Neither party will disclose to third parties, other than
---------
its agents and representatives on a need-to-know basis, the terms of this
Agreement or any exhibits hereto (including without limitation any
License/Product Schedule) without the prior written consent of the other party,
except (i) either party may disclose such terms to the extent required by law;
(ii) either party may disclose the existence of this Agreement; and (iii)
VeriSign shall have the right to disclose that Customer is an Customer of the
VeriSign Software and that any publicly-announced Customer Product incorporates
the VeriSign Software. Customer shall provide to VeriSign, solely for VeriSign's
display purposes, one (1 ) working copy of each Customer Product which consists
solely of computer software and one (1 ) working or non-working unit of any
hardware product in which is incorporated a Customer Product which consists of
an integrated circuit or other hardware.
9.11 REMEDIES NON-EXCLUSIVE. Except as otherwise expressly provided, any
----------------------
remedy provided for in this Agreement is deemed cumulative with, and not
exclusive of, any other remedy provided for in this Agreement or otherwise
available at law or in equity. The exercise by a party of any remedy shall not
preclude the exercise by such party of any other remedy.
<PAGE>
VeriSign, Inc.
Custom Certificate System License Agreement
Page 11
IN WITNESS WHEREOF, the parties have executed this Agreement as of the date
of the last signature below, unless a different effective date is specified on
the first page of this Agreement.
CUSTOMER:
VISA INTERNATIONAL SERVICE ASSOCIATION
By:___________________________________
Printed Name:_________________________
Title:________________________________
Date:_________________________________
VERISIGN, INC.
By:___________________________________
Printed Name:_________________________
Title:________________________________
Date:_________________________________
<PAGE>
VeriSign Private Label Agreement
EXHIBIT "K"
SERVICE LEVEL SPECIFICATION
CHIP CARD PAYMENT SERVICE
(CCPS) & STORED VALUE
CARD (SVC) CERTIFICATION
AUTHORITY
Chip Card Certification
AUTHORITY (CCCA)
SERVICE LEVEL AGREEMENT
VISA INTERNATIONAL / VERISIGN
Version 1.1
OCTOBER 1996
<PAGE>
TABLE OF CONTENTS
OVERVIEW................................................. 1
CCCA SYSTEM DESCRIPTION.................................. 1
SCOPE.................................................... 2
WITHIN SCOPE........................................ 2
OUTSIDE OF SCOPE.................................... 2
DEFINITION.......................................... 2
CCCA SERVICE LEVELS................................. 3
SERVICE AVAILABILITY................................ 3
Definition..................................... 3
Measurement.................................... 4
Minimum Service Level Requirement.............. 4
RESPONSE TIME....................................... 4
Definition..................................... 4
Measurement.................................... 4
Minimum Service Level Requirement.............. 5
DATA MANAGEMENT..................................... 6
Definition..................................... 6
Measurement.................................... 6
Minimum Service Level Requirement.............. 6
SYSTEM MONITORING AND OUTAGE REPORTING.............. 6
Definition..................................... 6
Measurement.................................... 7
Minimum Service Level Requirement.............. 7
SCHEDULED DOWN TIME................................. 7
Definition..................................... 8
Measurement.................................... 8
Minimum Service Level Requirement.............. 8
BACKUP.............................................. 8
Definition..................................... 8
Measurement.................................... 8
Minimum Service level Requirement.............. 8
KEY COMPROMISE...................................... 9
CONTINGENCY OPERATIONS / RECOVERY................... 9
Definition..................................... 9
Measurement.................................... 9
Minimum Service Level Requirement.............. 9
REPORTING........................................... 9
PENALTIES........................................... 9
VERISIGN CCCA CUSTOMER SUPPORT SERVICE LEVELS............ 10
AVAILABIL1TY........................................ 10
RESPONSE TIME....................................... 10
CUSTOMER SUPPORT CALLBACK SMEFRAMES AND DEFINITION.. 10
<PAGE>
OVERVIEW
This Service Level Agreement (SLA) between Visa International (Visa) and
VeriSign, Inc. (VeriSign) details the terms for the supply of services by
VeriSign to Visa for the operation of the Visa Chip Card Certification Service
(CCCA). It specifically addresses the service levels that will be in effect for
the pilot phases of the CCPS and SVC Diamond projects. Additional service levels
may be implemented after the commencement of either of these two pilots.
This SLA is comprised of two components. The first addresses service levels for
CCCA. The second addresses service levels for VeriSign CCCA customer support.
CCCA SYSTEM DESCRIPTION
A logical depiction of the CCCA system is presented below:
[DRAWING OF TWO RECTANGLES LABLED "ISSUER" AND "VISA"
WITH CONNECTING HORIZONTAL BARS]
<PAGE>
SCOPE
VeriSign will be developing and operating a Certificate Authority on behalf of
Visa
WITHIN SCOPE
The following components of CCCA are addressed within the scope of this service
level agreement:
Brand Certificate Authority (Brand CA)
Acceptance of Issuer Public Key from Visa
Generation of Issuer Public Key Certificates
Reconveyance of Issuer Public Key Certificate to Visa
OUTSIDE OF SCOPE
The following components of CCCA are not addressed within the scope of this
service level agreement:
Visa system infrastructure
Deployment of Visa Scheme Public Keys
Issuer to Visa key management processes
Establishment of trust between Issuers and Visa
Conveying of Issuer Public Key Certificate to Issuer
DEFINITION
Brand Certificate Authority
The Brand CA issues EMV compliant Issuer Public Key Certificates to Brand
members (i.e., Issuers) that wish to use the Visa Chip Card Payment Systems
(CCPS) and/or Stored Value Card (SVC) products.
For CCPS the Brand CA generates Issuer Public Key Certificates to enable
Issuers to utilize Static Data Authentication for their customer needs.
For SVC the Brand CA generates Issuer Public Key Certificates to enable
Issuers to utilize Dynamic Data Authentication for their customer needs.
CCCA SERVICE LEVELS
For the purpose of this SLA, CCCA is considered to have one major operational
component:
1. Certification Processing Service
This is the ability to process the certificate transaction (i.e.,
certificate request, certificate generation, certificate response) and
return an appropriate signed response to the requester.
<PAGE>
SERVICE AVAILABILITY
Definition
Initially, for the pilot phases of the projects covered by this SLA, the
Brand Certificate Authority (Brand CA) operations require manual
procedures. These are performed off-line and need the presence of
authorized Visa and VeriSign personnel. To maintain multiple controls over
the use of the Visa Brand Private Keys, three (3) of five (5) key
custodians must be present to enable the generation of any Issuer Public
Key Certificate. At least one designated key custodian must be present from
Visa and at least one designated key custodian must be present from
VeriSign to perform this service, i.e., the three key custodians must not
all be representatives from one organization. The designation of the key
custodians from each organization is not a part of this SLA, but all key
custodians must be approved by Visa.
The Brand certificate authority must be available during the normal hours
of operation, as well as after hours by prior arrangement.
Normal hours of operation for the Brand CA are 0800 - 1700 PT, 5 days a
week, 52 weeks a year. Visa will normally provide VeriSign with one working
day advance notice of any required Brand CA operation.
In the event of extreme conditions, such as disaster recovery or key
compromise, Visa may require Brand CA operations outside of the normal
operating periods. Under such circumstances, Visa shall provide VeriSign
with a two (2) day advance notice of the required Brand CA operations.
Measurement
The measurement for service availability is the amount of time that the CA
is capable of receiving, processing and responding to incoming certificate
transactions from the requesting entity (i.e., the Issuer through Visa).
Nonavailability is the amount of time that the CA is not capable of
receiving, processing and responding to incoming certificate transactions
from the requesting entity.
Minimum Service Level Requirement
The Brand CA must be available to process 99% of the certificate requests
and perform necessary administrative functions.
RESPONSE TIME
Definition
There are two components of response time for the Brand CA.
-2-
<PAGE>
1. The amount of time that it takes VeriSign to respond to a Visa request
for Brand CA operations.
VeriSign must respond to a Visa request for Brand CA operations within
one working day during normal operating hours. Under extreme
conditions, VeriSign must respond to a Visa request for Brand CA
operations within one (1) hour during normal operating hours.
2. The amount of time that the actual Brand CA operation requires. All
Brand CA operations must be processed and validated within 8 hours of
the start of the operation. If the validation process is extended by
factors out of VeriSign's control, VeriSign will not be penalized.
Measurement
The measurement for response to requests for Brand CA operations is based
upon the time elapsed from when Visa contacts VeriSign to inform them of
the intent to perform a Brand CA operation until VeriSign confirms their
availability to perform a Brand CA operation.
The measurement for performing Brand CA operations is based upon the time
elapsed from when Visa staff arrives at VeriSign to begin the operation
until the operation is completed and verified.
Minimum Service Level Requirement
For the Brand CA, 99% of the requests for Brand CA operations must be
responded to within the required time and 99% of the Brand CA operations
must be performed within the required time.
DATA MANAGEMENT
Definition
CCCA data, which includes system logs, transaction history, certificate
registration data and certificates, must be available to support various
legal, billing and customer service requirements. The archive retention and
retrieval requirements for the CCCA data will vary by data type as
described below:
Registration data and certificates
This data will be kept available for immediate review for 90 days
prior to being archived. Archived data will be maintained for the
length of the one year pilot and must be retrievable within 24 hours
of request. At the end of the pilot project, all archived data will be
returned to VISA.
-3-
<PAGE>
System logs and transaction history
This data will be kept available for immediate review for 90 days
prior to being archived. Archived data will be maintained for the
length of the one year pilot and must be retrievable within 24 hours
of request. At the end of the pilot project, all archived data will be
returned to VISA.
Measurement
The measurement for data management is based upon the data being available,
within the periods specified above.
Minimum Service Level Requirement
The data management requirements must be met 99% of the time.
SYSTEM MONITORING AND OUTAGE REPORTING
Definition
Monitoring
The key storage units for all of the CAs must be checked for tampering on a
daily basis. The applications and/or systems for the Certification
Processing Service must be monitored continually and a status check taken
every 24 hours.
Outage Reporting
All CCCA hardware and/or software faults shall be logged, tracked and
reported using a suitable computer-based system and provided to Visa within
two (2) hours of occurrence.
All CCCA system hardware, network, and software failures, their impact on
CCCA operations and any actions taken to correct the problem, including an
event log shall be reported to Visa on a monthly basis. In addition, Visa
shall be notified within one hour of any major failure that affects the
normal operation of CCCA.
Measurement
The status checks must be recorded on a status log and signed by the
VeriSign system operator. This status log must be available for review by
Visa at any time.
Problem / event logs and system logs will record outages and causes (if
known). These also must be made available to Visa for review at any time.
-4-
<PAGE>
Minimum Service Level Requirement
Compliance with the monitoring, logging and reporting requirements must be
99%.
SCHEDULED DOWN TIME
Definition
There will be a scheduled down time period weekly to perform maintenance,
backup and upgrade functions for the CAs. This period will not exceed 12
hours and will be at the same time each week as agreed to by Visa and
VeriSign. If a longer down time window is needed, it must be agreed to in
advance by Visa and VeriSign.
Measurement
The measurement for scheduled down time for any CA is based on the time
elapsed from when the CA is not capable of performing operations until it
becomes available for performing operations. Daily system logs will
indicate scheduled system down time and can be used to track outages.
Minimum Service Level Requirement
99% of the down times must be within the required period.
BACKUP
Definition
At a minimum, all data related to the Brand CAs, including application
files and databases, system tables, log files, etc., will be backed up on a
scheduled, daily basis. In addition, the Brand CA application and all
system components will be backed up on a monthly basis. All backups must be
done non disruptively without adversely impacting normal CCCA operations.
The backup files must be stored in a secure off-site facility as agreed
upon by VeriSign and Visa.
Measurement
Daily system logs will indicate time and location of backup files, backup
media identification and any other relevant information needed for recovery
of backup files.
Minimum Service level Requirement
The backup requirements must be met 99% of the time.
-5-
<PAGE>
KEY COMPROMISE
The management of key compromise, CRL processing, replacement of Visa
Scheme keys and the re-generation of Issuer Public Key Certificates will
not be a provided service for the pilot phases of CCCA.
CONTINGENCY OPERATIONS/RECOVERY
Definition
If any single component of the Brand CA fails, the component shall be
recovered to the point of failure within five (5) calendar days.
In the event of a total Brand CA failure, a complete recovery must occur
within five (5) calendar days and normal operations should begin with
recovery to the point of failure for all systems and files. In the interim
period before normal operations have begun, Access to Service must be
available to receive certificate transactions, queue the transactions for
future processing and provide an appropriate signed response to the
requesting entity.
Measurement
The measurement for recovery of an CCCA system component or a total system
outage will the length of time between the point that the outage occurs and
the point that a full recovery to normal operations has been completed.
The ability to satisfy the recovery and/or contingency operations
requirements will be demonstrated through periodic scheduled tests.
Minimum Service Level Requirement
The recovery and contingency operations requirements must be met 99% of the
time.
REPORTING
VeriSign shall provide Visa with reporting on a scheduled basis. This will
include both service level and activity reporting and may be either on hard
copy or electronic (i.e., report or data files) form as agreed to by Visa
and VeriSign.
PENALTIES
All service levels are calculated, and penalties assessed, on a monthly
basis.
-6-
<PAGE>
VERISIGN CCCA CUSTOMER SUPPORT SERVICE LEVELS
VeriSign will provide support to Visa as described in the customer support
requirements section of the contract. The VeriSign interface for customer
support will be limited to designated individuals within Visa.
AVAILABLITY
VeriSign Customer Service must be available to accept and respond to
problem calls from Visa 0800 - 1700 PT, 5 days a week, 52 weeks a year,
(i.e., a standard financial Industry schedule).
RESPONSE TIME
Normal Hours of Operation
Between 0800 and 1700 PT, a human VeriSign Customer Support representative
should respond immediately (i.e., answer the telephone within a queue time
of 120 seconds).
CUSTOMER SUPPORT CALLBACK TIMEFRAMES AND DEFINITIONS
VeriSign Customer Support will, at a minimum, initiate a return telephone
call to Visa to establish if the problem has been corrected based on the
following call reporting criteria:
Problem Severity Definition Callback Frequency
-------------------------------------------------------------------------------------------
1 Entire population of a CA 60 minutes
impacted
-------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------
In every case, if the problem has not been corrected within the callback
frequency, VeriSign Customer Support will monitor the problem to determine
if any corrective work has begun. If it has, then VeriSign Customer Support
will continue to monitor the situation and provide status to Visa until the
problem is resolved to the satisfaction of Visa. If not corrective work has
begun, VeriSign Customer Support will escalate the problem to the next
support level.
-7-
<PAGE>
VeriSign Private Label Agreement
EXHIBIT "L"
SUPPORT LEVELS
1. SECOND-LEVEL SUPPORT FOR MEMBERS
VeriSign will provide second level telephone support for any problem
concerning a Certificate issued to a Member during the times set forth in
Section 2 below. In the event that a Member problem is not resolved by the first
level good-faith efforts of VISA Member Support, VeriSign will provide second
level telephone support for a reasonable volume of calls from VISA Member
Support. Upon VISA Member Support's providing VeriSign with a clear description
of the unresolved problem, VeriSign will verify the problem's existence and
determine the conditions under which the problem may recur. After such
verification and determination, VeriSign will, at its option,
1.1 use its best efforts to provide an immediate fix for the
problem;
1.2 use its best efforts to provide a temporary solution of or
workaround to the problem;
1.3 provide a statement that the problem will be corrected in a
future release;
1.4 provide a statement that more information about the problem is
required (however, after sufficient information, in VeriSign's opinion, is
provided to VeriSign, VeriSign will provide to Customer one of the other four
support alternatives contained in this Section 1); or
1.5 provide a statement that the Private Label Certificate System
operates as described in VeriSign's then current user documentation or that the
problem arises when such Private Label Certificate System is used other than in
a manner for which it was designed.
In the case of such second-level support, VeriSign will not contact a
Member directly for more information about the problem unless VISA Member
Support so requests.
The following chart summarizes telephone support provided in this Section:
=========================================================================================================================
Type of Certificate Entity Supported First Level Second Level Third Level
-------------------------------------------------------------------------------------------------------------------------
VISA Chipcard CA Issuers, VISA Member Support VeriSign N/A
=========================================================================================================================
2. TIMES TELEPHONE SUPPORT IS PROVIDED
VeriSign will accept and log all second level support requests received
from Customer on a twenty-four (24) hour per day, seven (7) day per week basis,
including national holidays. VeriSign will provide regular telephone support for
both second level on Monday through Friday 8:00 a.m. to 5:00 p.m., local time,
and will provide critical corrective support after hours (outside the hours of
8:00 a.m. to 5:00 p.m., local time) and on national holidays. A problem is
considered critical when the Private Label Certificate System will not operate
or the Customer cannot perform its business function due to a Private Label
Certificate System problem.
3. CUSTOMER RESPONSIBILITIES FOR TELEPHONE SUPPORT
Customer will (i) identify, document and report to VeriSign each problem
with the Private Label Certificate System necessitating telephone support, (ii)
supply VeriSign with all documentation and assistance necessary to demonstrate
and allow VeriSign to diagnose the problem, and (iii) install each solution to
such problem
<PAGE>
VeriSign Private Label Agreement
provided by VeriSign. If Customer requests corrective changes to
the Private Label Certificate System and VeriSign determines that the reported
malfunction is not related to the Private Label Certificate System, VeriSign may
charge Customer for its diagnostic services on a time and materials basis.
Customer will assure the proper use, management and supervision of any
application programs, audit controls, operating methods and office procedures
necessary for the intended use of the Private Label Certificate System.
Customer will provide the first-level support to Members through VISA
Member Support as provided in Section 1 above.