Entrust TruePass

Get Technical

Frequently Asked Questions

  1. What is Entrust TruePass™?
  2. Who needs Entrust TruePass?
  3. My Web site already uses SSL. How does Entrust TruePass work with SSL?
  4. Does Entrust TruePass use SSL?
  5. How does Entrust TruePass enable “roaming”?
  6. What does “zero footprint” really mean?
  7. Does Entrust TruePass support smart cards and tokens?
  8. Does Entrust TruePass support the use of a local desktop digital ID?
  9. Is single sign-on across multiple domains supported with Entrust TruePass?
  10. Has Entrust TruePass undergone any external security validation?
  11. Can Entrust TruePass work with third-party digital IDs?
  12. Does Entrust TruePass protect information on Web forms only?
  1. What is Entrust TruePass™? (top)

    Entrust TruePass is a Web portal security solution that allows organizations to: a) identify individuals using with digital IDs; b) provide a verifiable record of transactions with digital signatures; and c) protect sensitive data on and beyond Web servers with encryption. Entrust TruePass enables online businesses to build a more trusted relationship with their customers, suppliers and partners without deploying complex, confusing security plug-ins, and without restricting user mobility.

  2. Who needs Entrust TruePass? (top)

    Entrust TruePass is ideal for online businesses aiming to:

    • Move more and higher value and higher sensitivity applications, data and services online
    • Enable online transactions with a verifiable audit trail
    • Deliver electronic receipts to customers by incorporating digital signatures
    • Enable protection of data from browsers to Web servers and beyond to back-end applications
    • Implement a consistent and trusted manner of identifying users while avoiding password lists that may be stored on Web servers and be susceptible to theft
    • Serve a varied group of users through a standard web browser
    • Deliver varying levels of strong identification methods to users including smart cards, tokens, desktop digital IDs or roaming digital IDs.
  3. My Web site already uses SSL. How does Entrust TruePass work with SSL? (top)

    SSL provides security for applications that facilitate common, low value transactions. It ensures the Web server is properly identified to the Web browser (through a digital certificate) and it protects sensitive data between the browser and the server.

    Entrust TruePass builds on SSL security in three important ways:

    1. It provides digital IDs to enable end-user authentication so that both user and Web server are identified prior to transactions taking place. These digital IDs also permit this authentication process to occur from any computer with a web browser-a benefit over methods that require a user’s credentials to be stored on, and therefore accessed from, a particular computer or browser.
    2. It enables digital signatures for transactions — a feature that is not universally supported or offered by browser technology alone.
    3. Through its enhanced privacy capabilities, Entrust TruePass enables bi-directional and continuous encryption of user data at the browser and through to a back-end server and then back to the browser. With SSL, data is decrypted when it is received by the Web server. With Entrust TruePass, the data remains encrypted while on the Web server, preventing data theft or unauthorized access.
  4. Does Entrust TruePass use SSL? (top)

    Yes. A Web server certificate (such as those available through Entrust Certificate Services) is used to identify the Web server to the browser, and to build a private session between a browser and a Web server. Web site visitors will see the familiar SSL lock icon in the browser user interface. Entrust TruePass adds to the SSL security as described in the previous question.

  5. How does Entrust TruePass enable “roaming”? (top)

    Entrust TruePass delivers true roaming to users by allowing them to move between any PC or Macintosh computer and still be able to strongly authenticate to Web applications. Entrust TruePass quickly and transparently communicates with any IE or Netscape 4.x-plus level browser giving the user access to their digital ID — without them having to download, install and configure an application on every computer they use. TruePass is a small Java applet (>100k) that is dynamically downloaded at login time for the user and there are no confusing browser dialogs or installation requirements.

    Roaming is also enabled through Entrust TruePass’s ability to support authentication with smart cards. By their very nature, smart cards enable users to travel from one computer to another, gaining access to their digital ID through a PIN that is only known to them. This does require some minimum operating system, browser, and hardware requirements and increased costs to be met, so this may not be an ideal roaming scenario for large-scale deployments of users.

  6. What does “zero footprint” really mean? (top)

    Entrust TruePass is a “zero footprint” solution because:

    • Entrust TruePass does not require manual download and execution of an installation program prior to Web site access;
    • For roaming users, Entrust TruePass does not force the user to agree to potentially confusing security warning dialogs; and
    • Entrust TruePass does not have a noticeable download time. In fact, download is transparent to the end-user.

    Entrust TruePass is a small (>100K) Java applet that is loaded automatically and transparently (to the end user) run by the browser in the Java “sandbox” for roaming deployments. By running in the sandbox, Entrust TruePass reduces deployment concerns since it cannot access the computer’s hard drive or network resources. More importantly, Java applets that run in the sandbox do not require the user to be prompted with security warnings. However, there may be instances where business policies may demand local digital ID storage or smart card usage. This scenario would cause a security dialog to appear the first time the user accesses their digital ID (as this would go outside of the Java sandbox of the browser). Entrust TruePass fully supports these additional requirements, allowing organizations to make a business choice between complete transparency (achieved through roaming) and added flexibility (which may be achieved through local storage of the digital ID so that other applications can also leverage its presence).

  7. Does Entrust TruePass support smart cards and tokens? (top)

    Yes, Entrust TruePass supports a broad range of smart cards and tokens to enable strong user authentication. Through the Windows security framework and smart card vendor software, Entrust TruePass can use the digital ID that is stored on a smart card or token for all Entrust TruePass enhanced security capabilities.

    Entrust USB Tokens offer organizations a secure, cost-effective, two-factor authentication approach that is designed to work seamlessly with Entrust TruePass. Each user's unique digital ID (or portions of their digital ID) may be stored directly on the Entrust USB Token to enable strong authentication as well as digital signatures and encryption.

  8. Does Entrust TruePass support the use of a local desktop digital ID? (top)

    Yes. Entrust TruePass supports multiple authentication methods, including the ability to use a digital ID that is stored on a desktop. In addition, Entrust TruePass supports multiple methods of desktop storage, including an Entrust Desktop Profile (EPF) and the Windows digital ID store.

  9. Is single sign-on across multiple domains supported with Entrust TruePass? (top)

    Yes. Entrust TruePass allows users to log in once and enjoy single sign-on (SSO) across single Web domains as well as multiple Web domains. This allows organizations to engage partners, suppliers, and customers in their secure Web portal environment without requiring them to re-authenticate each time they attempt to access resources that may happen to reside on a different domain.

  10. Has Entrust TruePass undergone any external security validation? (top)

    Yes. Entrust TruePass is the first Java applet to achieve FIPS 140-1 validation. Entrust TruePass achieved FIPS 140-1 Level 1 certification, demonstrating Entrust's commitment to delivering enhanced security solutions that organizations can count on to be secure. Entrust TruePass 7.0 also adheres to IETF RFC 3039 by providing the ability to support a separate key pair for digital signatures to comply with the European Union Digital Signature Directive. Entrust TruePass 7.0 delivers support for a 3-key pair model that defines a separate key pair to perform encryption, authentication, and digital signatures.

  11. Can Entrust TruePass work with third-party digital IDs? (top)

    Yes. Entrust TruePass supports the use of third-party digital IDs in smart cards, tokens or using the Windows digital ID store.

  12. Does Entrust TruePass protect information on Web forms only? (top)

    Entrust TruePass 7.0 makes it possible to encrypt and digitally sign attachments submitted to and downloaded from a Web site. Organizations can deploy interactive forms and reporting applications enabling users to submit sensitive information online whether they are using XML, HTML, or file attachments. Organizations can securely return updates, approvals, and instructions to the users in real-time eliminating paper based processes and increasing efficiency substantially.

Contact Us