Hours after rumors began circulating about an impending mega-deal, Symantec on Thursday afternoon announced it has acquired the identity and authentication business of VeriSign for $1.28 billion.

Symantec now will assume ownership of VeriSign’s flagship SSL Certificate Services, in addition to its Public Key Infrastructure (PKI), Identity Protection (VIP) Authentication and Trust services. VeriSign will retain its domain name services unit, which manages the world’s more than 100 million .com and .net domains.

“The part that Symantec is buying is the original VeriSign,” John Pescatore, vice president and research fellow at analyst firm Gartner, told SCMagazineUS.com on Wednesday. “What’s left is what Network Solutions was before VeriSign bought them [in 2000 for $21 billion].”

Symantec President and CEO Enrique Salem said the purchase, scheduled to close in September, speaks to the tug-of-war ongoing between end-users’ desire to conduct business online in a trusted environment with IT departments’ mission to provide appropriate access and protect corporate assets.

“We believe the solution to this dilemma lies in the ubiquity of identity-based security,” Salem said. “With the combined products and reach from Symantec and VeriSign, we are poised to drive the adoption of identity security as the means to provide simple and secure access to anything from anywhere, to prevent identity fraud and to make online experiences more user-friendly and hassle-free.”

But Pescatore labeled the deal “riskier that average.”

He said Symantec may have overpaid, given the fact that VeriSign gradually has seen revenue fall in its authentication business. Many consumers are turning to companies such as Comodo and Go Daddy for cheaper SSL certificates, which enable the encryption of online transactions.

In addition, Symantec may be challenged to harmonize the new services with its existing portfolio, Pescatore said.

“They’re buying what is largely a commoditized business,” he said. “It’s not synergistic or related to their mainstream desktop business or their storage business…When pieces don’t fit together, they usually don’t last together forever.”

Symantec plans to integrate the SSL services with its Critical System Protection and Protection Suite for Servers product line.

In addition to VeriSign’s SSL business, Symantec picks up the company’s Identity and Authentication Services unit. This is comprised of two-factor authentication, fraud detection and PKI offerings. In addition, Big Yellow takes over the Trust Services unit, which sells the well-known VeriSign “Trust Seal.”

VeriSign will keep two of its smaller information security-related units: its distributed denial-of-service (DDoS) monitoring and mitigation division and its iDefense Security Intelligence Services.