Entrust TruePass

Features and Benefits

Entrust TruePass™ facilitates secure on-line transactions and communications. By assigning digital IDs to on-line users, Entrust TruePass provides encryption which makes it possible to protect sensitive information. It also provides digital signature capabilities which can be used to identify and verify those parties involved when conducting Web transactions.

With unmatched choice of strong authentication methods, user mobility and ease of deployment and use, Entrust TruePass can help you quickly deploy more secure on-line services to millions of users.

Uses SSL, But Strengthens the Security

A Web server certificate (such as those available through Entrust Certificate Services) is used to authenticate the Web server to the browser, and to build a private session between a browser and a Web server. Web site visitors will see the familiar SSL lock icon in the browser. For those organizations that are dealing with legislative regulations and compliance issues or need to provide customers with additional privacy, Entrust TruePass can provide an additional layer of encryption that extends the encryption capabilities beyond the SSL session.

Roaming Capabilities for Mobile Users

Entrust TruePass software allows users to access their digital ID used to secure Web communications from nearly any PC or Macintosh computer connected to the Internet. In environments that require higher levels of security, user roaming capabilities within the Entrust TruePass solution can be enabled to support authentication using smart cards.

“Zero Footprint” for Easy Rollout to end-users

Entrust TruePass software has been designed as a “zero footprint” solution making it easier to roll out to your customers because:

• Entrust TruePass software does not require manual download and execution of an installation program prior to Web site access;
• For roaming users, Entrust TruePass software does not force the user to agree to potentially confusing security warning dialogs; and
• Entrust TruePass software does not have a noticeable download time period. In fact, download is transparent to the end-user.

Entrust TruePass software is a small (>100K) Java applet that in roaming deployments can be loaded automatically and transparently by the browser in the Java “sandbox”. By operating in the sandbox, Entrust TruePass can reduce deployment related concerns that involve accessing computer hard drive or network resources. More importantly, Java applets that run in the sandbox do not require the user to be prompted with security warnings.

There may be instances where business policies may demand local digital ID storage or smart card usage. This scenario would cause a security dialog to appear only the first time the user accesses their digital ID (as this would go outside of the Java sandbox of the browser). Entrust TruePass is designed to support these additional requirements, providing organizations with the ability to make a business choice between complete transparency (achieved through roaming) and added flexibility (which may be achieved through local storage of the digital ID so that other applications can also leverage its presence).

Single Sign-on Across Multiple Web Domains

Entrust TruePass software allows users to log in once and enjoy single sign-on (SSO) across single Web domains as well as multiple Web domains. This can allow organizations to engage partners, suppliers, and customers in their secure Web portal environment without requiring them to re-authenticate each time they attempt to access resources that may happen to reside on a different domain.

Support for Smart Cards, Tokens and Third-Party Digital IDs

Entrust TruePass supports a broad range of smart cards and tokens to enable strong user authentication. Through existing Microsoft Windows security capabilities and smart card vendor software, Entrust TruePass software can use the digital ID that is stored on a smart card or a token for all Entrust TruePass enhanced security capabilities.

Entrust USB Tokens offer organizations a more secure, cost-effective, two-factor authentication approach that is designed to work seamlessly with Entrust TruePass. Each user’s unique digital ID (or portions of their digital ID) may be stored directly on the Entrust USB Token to enable strong authentication as well as digital signatures and encryption.

Entrust TruePass software supports the use of third-party digital IDs in smart cards, tokens or locally stored in the Microsoft Windows digital ID store. Click here for more information on the types of authentication methods Entrust supports.

Use of a Digital ID Stored on the Desktop

Entrust TruePass software is capable of supporting multiple authentication methods, including the ability to use a digital ID that is stored on a desktop. In addition, Entrust TruePass software can support multiple methods of desktop storage, including an Entrust Desktop Profile (EPF) and the ability to create and store a digital ID in the Microsoft Windows digital ID store. A digital ID that is stored on the desktop can be used with other security applications to secure email, files and folders, VPN access and more.

Automatic User Enrollment

Users are able to register for a digital ID and immediately have it available for them to use — all without administrator involvement. Existing shared secrets or other pieces of information can be used to uniquely identify users (an example could be name + mother’s maiden name + last paycheck amount). The registration process is fully configurable and can include information that is held by the company and/or by third party sources (such as Equifax). The level of complexity and depth required for users to enroll can be at the discretion of the deploying organization and may be distinct for different levels of users.

Automatic User Password Reset

Users forget their passwords; this is a reality that every organization is forced to deal with daily. Entrust TruePass allows users to reset their own passwords, removing the burden from the technical support organization. As a result, organizations can set up Web locations that users can go to when they need to reset their forgotten password.

Enhanced Security Management, Including Automatic Renewal of Users

Entrust TruePass provides automatic and transparent digital ID management, allowing users to enroll only once for a digital ID. When a digital ID expires, it is automatically renewed, with the new identity instantly available and ready for use. This can reduce the ongoing administration and management costs associated with most other Web security solutions.

Industry Standards-Based, Open Architecture

With the use of standards, organizations are able to better understand, integrate, and maintain their IT infrastructures. This also allows them to better leverage current investments by having knowledge of new products that also use relevant standards. Entrust TruePass is designed to interoperate with leading application servers, Web browsers and servers, directories and more by implementing a variety of Web and security standards including: Java, XML, HTTPS, LDAP, PKCS #7, J2EE, PKIX, and more.

External Security Validation - Industry Recognition

Entrust TruePass software is the first Java applet to achieve FIPS 140-1 validation. Entrust TruePass has also achieved FIPS 140-2 Level 1 certification, demonstrating Entrust’s commitment in delivering enhanced security solutions.

• Entrust Delivers Broad End-User Strong Authentication an Encryption for Identity Theft

• Total Economic Impact™ of Entrust TruePass and Token-based Authentication
• Technical Overview

• Sun Microsystems
• SAP
• IBM
• Citrix
• BEA