Despite the rise of data sovereignty issues with the advent of Cloud computing, Symantec says the geographic location of PKI (public key infrastructure) certificates is no drama.
Certificates are currently generated in various countries and regions, though authentication SME senior principal systems engineer, Nick Savvides, said location is not the main factor.
“Because private keys are in the possession of the end user, as opposed to the organisation, it hasn’t tended to be a problem,” he said.
Symantec has a PKI Certificate Operations Centre in Melbourne, where online identities are verified and customer authentication services are housed.
Secret keys are also generated and secured at the facility, which are then issued to web sites, software code, devices and users.
“When you issue a gatekeeper certificate, it identifies the user and it requires a very rigorous process,” Savvides said.
The verification process can include a face-to-face interview at Australia Post, as well as providing evidence of identity and documents that have been verified.
Savvides adds Symantec checks people against denied and black lists, and researches companies before issue certificates.
Currently over a million web sites are secured using technology from Symantec’s Melbourne facility.
In addition to that, Savvides said there are millions of devices being authenticated.
“A lot of the time devices such as set-top boxes authenticate back to its network operator with certificates,” he said.
Savvides estimates there are approximately 600 million certificates embedded in devices.
“A lot of companies choose not to deploy the technology internally themselves because they are manufacturers of devices and not security companies,” he said.
“They come to us instead and we provide the security for them.”
Patrick Budmar covers consumer and enterprise technology breaking news for IDG Communications. Follow Patrick on Twitter at @patrick_budmar.