A Fort Knox for Web crypto keys: Inside Symantec's SSL certificate vault

At the entrance to a nondescript building on the sprawling Symantec campus in Silicon Valley, the company's Senior Director of Operations, Identity and Authentication, Paul Meijer, is presenting his badge and entering his personal identification number to get inside. A second door not far away requires him to repeat the process all over again. A dozen or so feet further is a third door, and this one requires him to press his index finger against a sensor to prove he's one of fewer than 100 Symantec employees permitted to enter.

As he negotiates a series of additional mazes inside, he comes upon still more security checkpoints. One room at the center of the building—inside two concentric squares protected by a double layer of metallic mesh that isn't easily drilled, cut, or welded, requires two authorized Symantec employees to enter. To enter, Meijer and a colleague must key in a PIN and show a fingerprint. Inside are cabinets housing special-purpose computer servers that neither of the two employees can open because the combination is held by a different class of employees. A separate room where digital certificates are generated under rigorous "key-signing ceremonies," also requires dual occupancy. To further ensure the security of the operation, the second employee who must accompany Meijer is one of fewer than two dozen people with the required access codes.