Entrust Entelligence Security Provider

Features and Benefits

Deploying Entelligence Security Provider to enable security in the enterprise allows organizations to:

  • Use digital IDs to clearly identify users who have access to networks and other resources on the local network or via the Internet over VPN or Wireless
  • Use digital IDs to clearly identify the machines that are connecting to the network to ensure that no rogue or unsanctioned machine has access
  • Encrypt and digitally sign files to protect access to sensitive information stored locally, on the network, on removable memory devices and in transit via email or through other means
  • Quickly and efficiently deploy digital identities for users and machines in large organizations
  • Minimize costs of IT infrastructure and ongoing operations
  • Mitigate costs from information theft or tampering
  • Automate user administration
  • Reduce the impact of security on end-user behavior to ensure adoption

The Entrust Entelligence® Security Provider security platform is composed of two components — Entelligence® Security Provider for Windows and Entelligence® Security Provider for Outlook.

Entrust Entelligence® Security Provider for Windows is a digital ID management client for the Entrust Authority Security Manager certificate authority that seamlessly delivers a managed Entrust digital ID for users and/or for machines to the native Windows security architecture. This tight integration with Windows security allows Entrust digital ID users to take advantage of the authentication, digital signature and data encryption capabilities built into a wide range of security-aware applications while delivering all the functional and cost benefits of deploying managed Entrust digital IDs. Entelligence Security Provider for Windows can also be deployed on Windows domain controllers, IIS servers, authentication servers and desktops to deliver managed Entrust digital IDs to machines, allowing machine authentication applications to ensure that no rogue or unsanctioned machine connects to the network.

As it delivers enhanced security management and strong key protection to the Microsoft platform, Entelligence Security Provider automatically and transparently manages the Entrust digital ID for the user and for the machine, allowing all key and certificate updates, maintenance of decryption key histories, key backups, revocation checks and name changes to happen automatically.

Entelligence® Security Provider for Outlook complements Security Provider for Windows by delivering capabilities that simplify the delivery of secure messages from the sender to the recipient's desktop. It increases the performance and simplicity of secure messaging by transferring all the complexities of secure mail processing to the Entrust Entelligence Messaging Server, with no impact to the end user.

The Entrust Entelligence™ Security Provider platform combines thin-client components for rapid deployment with broad application support without sacrificing the ease-of-use and administration that have been the hallmark of Entrust solutions. Deploying the Entelligence Security Provider platform allows organizations to:

  • Improve enterprise security
    • Deliver a digital ID (x.509 certificates and associated keys) to the native Windows security architecture (CryptoAPI)
    • A user's digital ID can be stored on local files, on a roaming server, or on secure devices such as smart cards or tokens. For example, a digital ID used for authentication to the wireless LAN can be stored on an Entrust USB Token. This enables a stronger, two-factor authentication to the corporate network while enabling automatic and transparent protection of valuable data. The machine digital ID will be stored in an encrypted area of the Windows registry.
    • Enable strong certificate-based authentication of users who access networks and other resources directly on the local network or via the Internet over VPN or WLAN
    • Enables strong certificate-based authentication of machines who are connecting to the network to ensure that all Windows network devices are trusted
    • Allows users to protect sensitive data by digitally signing and encrypting files for themselves or others
    • Provide the encryption and decryption keys necessary to protect information stored locally in a central repository or on the network, and as it is shared in workgroups or communicated via email or other means
    • Deliver the transparent key backup and flexible recovery capabilities that are essential in recovering information in case of forgotten passwords or the loss or damage to decryption keys.
    • Improves the performance and ease of use of secure email by enhancing Microsoft Outlook S/MIME capabilities to transfer the complexities of security processing to the Entelligence Messaging Server

    Entelligence Security Provider is built on a FIPS validated security kernel and leverages core cryptographic services from the native Microsoft security architecture, which has also been FIPS validated.

  • Simplify and automate user management
    • Delegated and distributed user management through Web interfaces allows flexible user administration models and roles, including remote management over the Internet.
    • Flexible user registration tools, including automatic enrollment and self-service Web interfaces for enrollment and recovery to enable fast deployment in large organizations and to reduce help desk calls.
    • Seamless and automatic management of the lifecycles of the digital ID - from automatic rollovers of the keys in advance of expiry, to transparent updates and application of security policies.
    • Rapid revocation of digital IDs to protect access to networks and information, and to protect users from identity theft.
  • Accelerate deployment while minimizing cost
    • Small components of approximately 1MB enable easy application deployment.
    • Application configurations stored and managed in the Windows Registry allow for extensive customization
    • Leverages Microsoft® Windows™ Installer technology for reliable and effective deployment.
    • Seamlessly integrates with native Windows security capabilities to enable authentication, encryption and digital signature capabilities with no additional integration.
    • A single Entrust digital ID extends to secure a number of applications including authentication VPN, Web portals, email, e-forms, etc.).

Get more technical details on Entrust Entelligence Security Provider.

For more information about Entrust Entelligence Security Provider or to place an order, contact us online.