Preferred Provider Agreement

EXHIBIT 10.18

-------------



CONFIDENTIAL TREATMENT REQUESTED





MICROSOFT/VERISIGN

CERTIFICATE TECHNOLOGY PREFERRED PROVIDER AGREEMENT





Company: MICROSOFT CORPORATION (Washington)

-----------------------------------------------------

(name and jurisdiction of incorporation)



Company Address: One Microsoft Way

-----------------------------------------------------



Redmond, Washington 98052-6399

-----------------------------------------------------



Company Contact:

-----------------------------------------------------



Effective Date: May 1, 1997

-----------------------------------------------------



Term: Two (2) years from Effective Date

-----------------------------------------------------





THIS MICROSOFT/VERISIGN CERTIFICATE TECHNOLOGY PREFERRED PROVIDER AGREEMENT ("Agreement"), effective as of the Effective Date set forth above, is entered into by and between VeriSign, Inc., a Delaware corporation, ("VeriSign") having

-------- its principal place of business at 2593 Coast Avenue, Mountain View, California 94043 and Microsoft Corporation, a Washington corporation, ("Microsoft") having

--------- a principal address as set forth above.





--------



The purpose of this Agreement is to set out the terms and conditions under which each party will become the Preferred Provider of the other's existing products and services that involve the use of Certificate technology and will work closely together to bring new products and services to market. VeriSign will make the Microsoft Technology Platform (including Windows 95, Windows NT Workstation, Windows NT Server, *** ) its preferred platform for delivering existing and new products and services *** . Microsoft will make VeriSign the Preferred Provider of Certificate Authority products and services that are used by Microsoft customers or for Microsoft internal use. Microsoft will promote VeriSign as the Preferred Provider in its strategic marketing programs related to commercial Certificate Authority products and services.





---------



1. DEFINITIONS

-----------



1.1 Certificate means a message that, at least, states a name or

----------- identifies the IA,



*** Confidential treatment has been requested with respect to certain portions of this exhibit. Confidential portions have been omitted from the public filing and have been filed separately with the Securities and Exchange Commission. identifies the Subscriber, contains the Subscriber's public key, identifies its operational period, contains a certificate serial number, and is digitally signed by the IA. "Certify" or "Certification" means the act of generating a

------- ------------- Certificate. "Certified" means the condition of having been issued a valid

--------- Certificate by a Certifier, which Certificate has not been revoked.



1.2 Certificate Revocation List ("CRL") means a periodically (or

----------------------------------- exigently) issued list, digitally signed by an IA, of certificates that have been suspended or revoked prior to their expiration date. The list generally indicates the issuer's name, the time of issue, the time of the next scheduled CRL issue, the suspended or revoked certificates' serial numbers, and the specific times and reasons for suspension and revocation.



1.3 Certification Authority or Certifier ("CA") means VeriSign or any

------------------------------------ entity which is authorized to issue Certificates.



1.4 Certification Practice Statement ("CPS") means VeriSign's statement of

-------------------------------- the practices an IA in the VeriSign Public Certification Service employs in issuing Certificates, as further described in Section 2.2 of this Agreement.



1.5 Digital ID means VeriSign's service-marked name for a Certificate.

----------



1.6 Digital Signature means a transformation of a message, using an

----------------- asymmetric cryptosystem, such that a person having the initial message and the signer's Public Key can accurately determine whether the transformation was created using the Private Key that corresponds to the signer's Public Key and whether the message has been altered since the transformation was made.



1.7 ECAS means VeriSign's proprietary software product marketed and

---- developed under the name "Electronic Commerce Authentication System" providing secure on-line Certificate issuance as presently in existence and as developed and enhanced in the future by VeriSign.



1.8 Issuing Authority ("IA") means the VeriSign Root or a Certification

------------------------ Authority that issues, suspends or revokes a Certificate within the VeriSign Public Certification Services. An Issuing Authority is identified by a distinguished name on all Certificates and CRLs it issues.



1.9 Microsoft Product means any product developed by Microsoft that

----------------- utilizes a commercial Certificate.



1.10 Microsoft Technology Platform means the existing Microsoft products

----------------------------- currently known as Windows NT Server, Windows 95, Windows NT Workstation, Internet Information Server, Certificate Server, Internet Explorer, Crypto API and ActiveX, as they may be revised or updated from time to time during the term of this Agreement.



1.11 Preferred Provider means a provider of products and services which

------------------ are a preferred choice for internal use and recommended to customers as a preferred choice through the strategic marketing programs and other commitments set forth in this Agreement.





1.12 Private Key means a mathematical key (kept secret by the holder) used

----------- to create Digital Signatures and, depending upon the algorithm, to decrypt messages encrypted with the corresponding Public Key.



1.13 Public Key means a mathematical key that can be made publicly

---------- available and which is used to verify signatures created with its corresponding Private Key. Public Keys are also used to encrypt messages or files which can then only be decrypted using the matching Private Key.



1.14 Root means the IA that issues the first Certificate in a

---- certification chain. The Root's Public Key must be known in advance by a Certificate user in order to validate a certification chain. A Root's Public Key is made trustworthy by some mechanism other than a Certificate, such as the policies and procedures defined for that infrastructure.



1.15 Subscriber means a person who is the subject of a Certificate,

---------- accepts it, and uses or is capable of using, and authorized to use, the Private Key that corresponds to the Public Key listed in the Certificate.



1.16 WWW or Web means World Wide Web, a hypertext-based, distributed

---------- information system in which users may create, edit, or browse hypertext documents; a graphical document publishing and retrieval medium; a collection of linked documents that reside on the Internet.



2. SCOPE

-----



2.1 VeriSign Will Migrate Existing Products and Services to Microsoft Technology Platform.



VeriSign will migrate its existing products and services to the Microsoft Technology Platform during the normal course of planned system upgrades and enhancements, provided the Microsoft Technology Platform is able to met the technical requirements of the specific product or service. The specific products and services to be considered will include the following:



A. Digital ID Center operator tools will be migrated to Windows 95

and Windows NT Workstation within 6 months of satisfaction of

VeriSign technical requirements.



B. ***



C. Web pages on VeriSign Web sites that are accessed by customers

using Microsoft Internet Explorer will be updated to include the

use of ActiveX controls to perform enrollment and other

operations within 6 months of satisfaction of VeriSign technical



*** Confidential treatment has been requested with respect to certain portions of this exhibit. Confidential portions have been omitted from the public filing and have been filed separately with the Securities and Exchange Commission.





D. VeriSign will make best efforts to release the commercial version

of ECAS on Microsoft NT Server and Microsoft Internet Information

Server no later than one year after release on other platforms.

Once ECAS is released on the Microsoft Technology Platform, new

releases of ECAS will thereafter be released on such Microsoft

Technology Platform with equivalent functionality and

simultaneously with VeriSign's new releases on the then current

Sun/Solaris platform.



E. VeriSign will make best efforts to migrate servers used by

VeriSign to perform back-end operations (including signing

servers, authentication servers, lifecycle management servers,

but excluding Oracle database server) to Windows NT Server within

one year of the satisfaction of VeriSign technical requirements.



F. VeriSign will make reasonable efforts to migrate its internal

systems to Microsoft Windows 95, Windows NT Workstation, and

Windows NT Server within one year after execution of this

Agreement. To the extent VeriSign migrates VeriSign internal

systems, Microsoft will provide VeriSign the opportunity to

acquire "Not for Resale" or "NFR" Microsoft software at published

prices for NFR software to complete the migration. VeriSign's

use of the software will be subject to the terms and conditions

of the End User License Agreement ("EULA") accompanying such

software; provided however, any restrictions contained in the

EULA against VeriSign's use of the software in a production

environment shall not apply.



G. ***



H. ***





In order to expedite the migration process, VeriSign will train up to five (5) members of its technical staff to become Certified Microsoft Professionals for Windows NT Server. Microsoft will provide VeriSign with access to training materials and programs for training of VeriSign's technical staff at Microsoft's expense.



2.2 ***





*** Confidential treatment has been requested with respect to certain portions of this exhibit. Confidential portions have been omitted from the public filing and have been filed separately with the Securities and Exchange Commission.





2.3 Microsoft Will Make VeriSign the Preferred Provider of Commercial Certificate Authority Services Acquired by Customers through the Microsoft Technology Platform.



VeriSign will be Microsoft's Preferred Provider of commercial Certificate Authority services that are necessary for the effective use of Microsoft Products and services. Preferred Provider status means that Microsoft will use commercially reasonable efforts to provide preferential placement of VeriSign services in Microsoft Products in initial and subsequent releases by listing VeriSign services before any non-preferred providers in any listing of service providers that is displayed in the product and in a distinguished form (e.g., through default registration links, specific and unique graphics, logos, sizing, ad banners, preferred CA WWW Page, etc.). The parties recognize that such preferential listing shall exclude situations such as programmatic enumeration (such as in the case of trusted roots) due to design characteristics of Microsoft's certificate management architecture. The Microsoft Products may include:



. Internet Explorer

. Internet Information Server

. Exchange mail client



Microsoft may publish certain criteria that other Certificate Authorities or other potential Preferred Providers must meet to be recognized as a trusted Certificate Authority or a Preferred Provider on Microsoft Certificate Authority pages or to be enabled in Microsoft Products, including bundling of the trusted CA's root keys in such products. Such criteria may include: objectively reviewed and published a certification practice statement, audited secure facilities and practices, third party accreditation, volume scaleability, liability insurance, etc. Prior to issuing final criteria for Certificate Authorities and Preferred Provider status, Microsoft will provide to VeriSign for review and comment its proposed criteria and consider VeriSign's comments if provided in a timely manner.



To attain and retain Preferred Provider status for commercial Certificate Authority services in Microsoft Products, VeriSign must meet the following criteria:



A. VeriSign must provide, within commercially reasonable

limitations, a specific service that Microsoft deems necessary

for the effective use of a Microsoft Product and must make that

...