- About
- Products
- Services
- Locations
- Partners
- Developers
- Resources
- News/Events
- Customers
Strong Authentication Platform for Online Consumers: Entrust IdentityGuard
Entrust IdentityGuard for Consumers — Get Technical
Risk Based Consumer Authentication for online consumers
The foundation of the Entrust IdentityGuard open multifactor authentication platform is a server-based software product that is designed to be installed in an organization's current infrastructure. This J2EE application is written in Java and runs as a stand-alone authentication server on the Linux, Microsoft Windows and Sun Solaris operating systems. It can also be deployed in conjunction with market-leading application servers from IBM and BEA.
The Entrust IdentityGuard open multifactor authentication platform can match authentication method to the level of risk identified and to choose from a broad range of second factor and mutual authentication methods.
Authentication Applications, User Repositories and Administrative Processes
Entrust IdentityGuard has been designed to work in an organization's existing environment. It uses Web Services standards, including SOAP, to integrate with J2EE and .NET applications, and is designed to work with existing user repositories, including leading LDAP directories, Active Directory or RDBMS such as Oracle, IBM DB2, or MS SQL, and can:
- Build upon current username and password schemes
- Leverage current supported user directory or database for storage of authentication information
- Uses existing fraud detection for risk identification or can be seamlessly deployed with Entrust TransactionGuard to provide advanced fraud detection capabilities
- Maintain current administrative processes with easy-to-integrate administrative APIs or intuitive web-based user management
- Secure all APIs, both authentication and administrative, as well as connections with the Entrust IdentityGuard server, using SSL certificates such as those provided by Entrust Certificate Services
Large-Scale Deployments and Redundancy
Entrust IdentityGuard has been developed for large-scale consumer deployments, and is designed to address both high scalability and redundancy requirements by simply deploying multiple Entrust IdentityGuard servers in a load-balanced environment. This can allow organizations to increase throughput by simply adding additional Entrust IdentityGuard servers. Also, a high performance cache for user information can help to accelerate transactions.
The authentication interface is provided using either Java or Web Services in order to help meet the needs of various potential authentication applications, whether J2EE or .NET.
Like the interface to the authentication application for supported directories, the Entrust IdentityGuard can leverage the current customer's repository to store user data. This repository is leveraged to store and retrieve the authentication information for a given user. When a particular authentication option is enabled for a user, such as questions and answers or a grid card, the data is written in encrypted form to the repository. When authenticating a user, this data can be retrieved and compared before allowing the transaction to complete. This interface supports LDAP, Active Directory, JDBC or a customer-defined API.
Finally, an intuitive web-based administration interface is provided to access the various user management and authentication functions. Administrative functions are also available via API to make them available to user identity management and provisioning systems.
FIPS 140-2 Validated Cryptographic Engine
Security operations including generating, encrypting and decrypting card contents are performed using Entrust's FIPS 140-2 and Common Criteria certified cryptographic software. This means that authenticating information is generated using software that has been vetted for security and that the risk of a rogue employee successfully tampering with information in the repository is reduced.
| Data Type | Encrypted (Triple DES) |
MACed (HMAC/SHA1) |
|---|---|---|
| System Policies (Card/PIN Specs, Admin Password Policy) |
Yes | Yes |
| All Authentication Data (Grids, Q&A, Machine Fingerprint, OTP, Mutual) | Yes | Yes |
| Temporary PINs | Yes | Yes |
| System Keys | Yes | Yes |
| Challenges (Grid) | No | Yes |
Contact us to get more information on Entrust IdentityGuard. 
Contact Us
- 1-888-690-2424
- Request a call
- Find a local office
White Papers
- Security Beyond Today: Layered Security for Addressing Fraud Today
- Securing What's At Risk: A Common Sense Approach to Strong Authentication
Demo
Reports
Integration Guides
Related links
Architecture Diagram
