|
 Entrust IdentityGuard - benefits
| Entrust IdentityGuard - authenication
|
Entrust IdentityGuard - functioning |
| |
|
|
|
Entrust IdentityGuard is a server-based software product that has been designed to be installed as part of an organization Web infrastructure. It is written in Java and runs on the Microsoft Windows Server 2003, Sun Solaris and Linux operating systems. But it can used not only for strong authentication for web authentication, but also for securing access to internal ressources because of integration into corporate IT-infrastructure.
|
|
Entrust IdentityGuard is designed to have several servers deployed at one time in a load-balanced environment, which allows increased throughput by adding additional servers, IdentityGuard is used by some companies and agencies for thousands and millions of users.
Entrust IdentityGuard can be configured to cache user and card information, helping to accelerate employee authentication. It is designed to work with leading IP-SEC and SSL VPN remote access vendors, such as Nortel, Cisco and Juniper. This is done using the Radius standard to ensure rapid, consistent integration across remote access products. Standard Microsoft Windows client can be easily deployed using Active Directory Group Policy and Windows Installer Services stand alone or with a radius server.
Building on Entrust IdentityGuard's standard Web services approach to integration, Entrust IdentityGuard now supports protecting leading applications like Microsoft Outlook Web Access via a standard plug-in to either Microsoft IIS or Microsoft ISA Server
|
|
|
|
|
IdentityGuard security operations |
In Entrust Identity Guard, Security operations and functions – including generating, encrypting and decrypting card contents – are performed using Entrust FIPS 140-2 certified cryptographic software. This helps to improve the security for the contents of IdentityGuard, and helps to reduce the risk of a rogue employee successfully tampering information in the repository. Currently the following cryptographic algorithms are used AES 256, AES 256 in CBC mode, HMAC with SHA-256, PBE Triple DES with SHA1.
|
IdentityGuard Authentication Methods |
 |
Username & Password:
most widely accepted and understood authentication method available |
|
IP-Geolocation Authentication
: identifies the geographic location of the device being used to access applications and systems |
|
Machine Authentication:
transparent identification of device being used to access applications and systems |
|
Mobile Out-Of-Band Authentication:
transmission of a shared secret through out-of-band voice, SMS, email or text message channels (Voice or SMS Gateway required) |
|
Grid Authentication:
a physical challenge and response to random grid coordinates |
|
Scratch Pad Authentication:
a one-time password list that is revealed by the user at the time of use |
|
OTP-Tokens:
time-synchronous hardware tokens randomly generate one-time passwords |
|
Mutual Authentication:
two-way authentication that leverages existing shared secrets to confirm user identities (Grid Serial Replay, Grid Location Replay, SSL Enhanced Validation) |
|
Message & Image Replay
: a unique, personalized shared secret is presented to the user — along with an image that was selected by the user — as a method of authenticating the validity of the communication |
|
 |
|
risk based authentication |
|
|
|
|
|
|
|
|
|
