Strong Authentication for the Enterprise: Entrust IdentityGuard

Strong Authentication for the Enterprise

Strong authentication is a tool that your organization likely uses in some form today. Whether it is for VPN remote access, Microsoft® Windows® security, or web-based applications, you are now looking for ways to provide strong authentication to a wider audience, with greater control and flexibility in determining how to secure different users and transactions — based on the risk associated with those transactions.

Entrust IdentityGuard is a strong authentication platform that enables you to layer security across your diverse users, transactions and applications — according to risk assessment. It is a common sense approach to strong authentication (read more in the white paper) that enables you to apply the right level of strong authentication tailored to the assessed risk for the transaction that the user is performing. The strong authentication platform integrates with your existing environment and minimizes the impact of security on your users including employees, customers and partners.

Strong Authentication that Costs Less
Traditional methods of strong authentication include time-synchronous hardware tokens that randomly generate one-time passwords, such as RSA SecurID tokens. Entrust IdentityGuard makes it possible to save more than 80% off the purchase cost of RSA SecurID tokens. In addition, Entrust IdentityGuard offers more two-factor authentication and mutual authentication options to strengthen user authentication in ways that improve acceptance for your users.

None of Entrust IdentityGuard's authentication methods require distribution of hardware or software. By leveraging existing devices and knowledge already possessed by the user, and by leveraging very cost effective physical form factors, organizations can anticipate substantially lower authentication costs versus conventional time-synchronous tokens while still achieving the goal of strong, mutual authentication.

Layering Strong Authentication Matches Security to Risk
As part of a layered defense against online attacks, organizations need to connect fraud detection capabilities to the risk assessment process to ensure the right level of security is applied to a given transaction. Entrust IdentityGuard provides organizations with the ability to react in real-time, based on their risk-assessment analysis, to apply strong authentication to protect against identity attacks that lead to identity theft, transaction fraud and unauthorized access.

There are many reasons why it makes sense to layer strong authentication across your online environment:

  • Stronger security for transactions with greater risk
  • Minimize the impact of security on the user experience by requiring stronger authentication only when required to reduce the risk of fraud
  • Reduce the cost of deploying varying degrees of security to all users, managed under one risk-based strong authentication platform
  • Apply strong authentication across the many different channels over which you communicate with your employees, partners and customers such as over the Internet, the telephone and in-person

Strong Authentication For A Wider Audience
Entrust IdentityGuard user authentication methods are easily understood across diverse communities and they leverage existing devices and knowledge already possessed by the user.


Security Grid
Grid location challenge and response

Machine
Authorized set of workstations

Knowledge
Challenge / response questions

Scratch Pad
One-time password list

Mobile
One-time-passcode with mobile device (SMS/email/voice)
  • Grid Authentication: easy to use and affordable physical challenge and response for two-factor authentication
  • Machine Authentication: transparent identification of device used by user for access to applications and systems
  • Knowledge-based Authentication: use of existing shared secrets to challenge the user
  • Scratch Pad Authentication: delivering a one-time password list that is revealed by the user at the time or use
  • Mobile, Out-Of-Band Authentication: transmission of a shared secret through voice, SMS or email text message

Learn more about Entrust IdentityGuard strong user authentication methods.

Strong Authentication For All Parties
Entrust IdentityGuard delivers mutual authentication – also called two-way authentication – in addition to strong user authentication. This means that you can make it possible for your users (employees, partners and customers) to be confident that they are accessing your legitimate website or responding to an authentic email message.


Serial Replay
Grid card serial number

Grid Location Replay
Grid locations shown specific to user

Message Replay
User entered message

Image Replay
User selected image

Each of the Entrust IdentityGuard server authentication options can be used in web applications or email communications to provide users with confidence that they are communicating with the right organization. These techniques are very helpful in deterring phishing attacks.

  • Serial Number Replay: users are presented with the serial number from their unique security grid cards
  • Grid Location Replay: users are presented with values from specific coordinates on their unique security grid cards
  • Message Replay: a unique shared secret is presented to the user
  • Image Replay: an image that was selected by the user is presented as a method of authenticating the validity of the communication

Learn more about Entrust IdentityGuard mutual authentication methods.

Strong Authentication for Remote Access
Entrust IdentityGuard now offers strong authentication for remote access applications by leveraging the Radius protocol, a standard supported by leading remote access products. There is no need to deploy additional client software, helping to reduce both cost and time to deployment. Cisco and Nortel have achieved Entrust Ready status enabling integration with Entrust IdentityGuard for two-factor authentication to their VPN remote access products.

Multi-Channel Authentication

Entrust IdentityGuard has been designed to support other channels including telephone, email, SMS text message, kiosk and in-person transactions. Authentication methods can be performed via keypads and do not require complex user interfaces. They fit easily into alternative channels. For example, grid authentication could be easily used to support automated call center authentication of users by prompting for a grid location challenge and having the user enter the response via the telephone touch-tone pad. By providing this extensibility, organizations can leverage their initial Entrust IdentityGuard investment across multiple channels.

Learn more about Entrust IdentityGuard Strong Authentication Methods:

Download the whitepaper "A Common Sense Approach to Strong Authentication"