Entrust IdentityGuard - components

		PRACTICE

Identity Guard

Entrust IdentityGuard consists mainly of an J2EE application which runs on an built-in Apache Tomcat, Bea Weblogic or IBM Websphere Application Server, on Windows 2003, AIX, Solaris or Red Hat Enterprise.

The repository for storage and retrieval of the authentication methods and encrypted authentication data can be an LDAP directory or an RDBMS, which is accessed via JDBC. There is a FIPS 140-2 validated cryptographic engine for doing all cryptographic computations (AES 256, AES 256 in CBC mode, HMAC with SHA-256, PBE Triple DES with SHA1. )

There is an Admin Console for user generation, assignment of centralized policy and management. Entrust IdentityGuard delivers an image library of over 300 images for use with mutual authentication (image replay)

Identity Guard can be used via Web Service (SOAP for J2EE or .NET services) or radius server (from 3rd parties) or e.g. from Windows Logon Gina.



	IdentityGuard - Enterprise Architecture source: Entrust Inc.

Identity Guard in Windows

	Small Client for Windows desktops (GINA Chain)
	Existing AD Deployment (single or multi-domain)
	Configurable support for MS RAS, IP-SEC, and 802.1x clients built-in

Identity Guard for Remote Access

	via Radius
	IP-SEC or SSL Gateways
	Configuration-only integration!
	Cisco, Juniper, Nortel, Checkpoint,

Repository Integration

	Leverages existing user entries
	Adds attributes to object classes for LDAP or independent table for RBDMS
	Read and Write operations required for some authentication options
	Microsoft Active Directory on Microsoft Windows 2003 Server
	Microsoft Active Directory Application Mode (ADAM) on Microsoft Windows Server 2003
	Sun ONE Directory Server 5.2
	Critical Path Injoin 4.2
	Novell eDirectory (8.7, 8.8)
	IBM Tivoli Directory Server 5.2 and 6.0
	Oracle Internet Directory 10.1.2.1.0
	Oracle 9i and 10g database
	IBM DB2 8.2
	Microsoft SQL Server (2000 SP4, 2005)
	MySQL (4.1, 5.0)
	PostgreSQL (8.1, 8.2.4)

Web Application Integration

	WSDL Interface for J2EE & .NET applicactions, Built-in Tomcat, Bea Weblogic Server (8.1 SP5,9.1) , IBM WebSphere (6.0) Application Server
	Included Java bindings
	Included ISAPI filter for IIS/ISA

Security of Data in Use

	Ecrypted	MACed
System Policies (Card/Pin Specs, Admin Password Policy)	Yes	Yes
All Authentication Data (Grids, Q&A, Machine Fingerprint, OTP, Mutual)	Yes	Yes
Temporary Pins	Yes	Yes
System Keys	Yes	Yes
Current Grid Challenges	No	Yes

Deployment, Grid Card Issuance Process

A deployment guide for Entrust IdentityGuard covers recommendations for all authentication methods in detail. E.g. Grid cards can be produced individual or in bulk, on-demand production vs. pre-production and later assignment to users. Grid output format can be CSV or XML for inhouse production with plastic or paper cards, the card design is completely customizable.

		DOWNLOADS

	Data Sheet IdentityGuard for Consumer
	Data Sheet IdentityGuard for Enterprise
	White Paper: IdentityGuard for Windows
	Data Sheet IdentityGuard Mini Token
	see the IdentityGuard Flash Demos
	of course, there are more information material for interested customers - please contact us

Entrust IdentityGuard - authenication Which authentication methods (strong, mutual, out-of-band) are provided by Entrust Identity Guard? Here you can find a detailed description of all possilble mechanisms.

Entrust IdentityGuard Entrust IdentitiyGuard is a versatile authentication platform, which is offering different authentication methods covering most different requirements regarding security and convencience.