Entrust Technologies is trying to blend the concepts of security and mobility with its latest product offering.
Entrust/TruePass was announced yesterday at the company's SecureSummit 2000 user conference. Entrust is billing the software as the first "truly zero footprint" security software for mobile users because it doesn't require a browser plug-in or Active X controls to work. Users don't have to install additional software or contend with security warning dialogs, Entrust said.
TruePass allows digital certificates, digital signatures, encryption and PKI (public key infrastructure) to work beneath intranet, extranet and Internet applications in a way that is transparent to users. A 70K-byte Java applet, which downloads automatically, is the only addition to the client's software.
Web sites using the software will keep their own look and feel, said Eric Skinner, Entrust product manager.
Users can log on from anywhere using Internet Explorer and Netscape Communicator. Users also can be enrolled automatically to access sites with TruePass, using shared secrets -- informationalready known about the user by the company -- or existing passwords that can be migrated for use with TruePass.
TruePass can be used to supplement SSL (secure sockets layer) encryption, the company said. To Entrust, SSL encryption only occurs when information has been passed to the Web server. With TruePass, data can be encrypted from the moment it is entered into an electronic form, and theinformation will stay encrypted until it reaches the final back-end system.
TruePass supports Internet Explorer 4.0 and higher and Netscape Communicator 4.0 and higher on Windows 95, 98 NT or 2000. It will support Communicator 4.0 on Macintosh and is expected to support Internet Explorer on that platform in the third quarter. Linux support is expected in the second half of the year.
It also integrates with getAccess from enCommerce Inc., which recently merged with Entrust. The 4.0 release of getAccess, which allows single infrastructure sign on, was announced yesterday. The product now permits single sign on for non-Web enabled resources such as client-server and legacy applications. The 4.0 version generates a unique key every time a user logs in, monitors all user activity during each session and performs continuous monitoring to ward off attacks.
Also being touted at the conference is Entrust's outsourcing service. Entrust@YourService allows customers looking to outsource PKI projects the choice of participating in those projects orturning over control to Entrust and First Data Corp., the company chosen to host the service. Customers will be required to buy software leases and will be charged a per user/per year fee of between US$15 and $38, depending on the services.
Entrust believes that most organizations will choose a hybrid approach, offloading some work, but keeping control of certain aspects like CA (certificate authority) and policy management. Entrust backs up this view, citing figures from the Aberdeen Group, which found that 40 percent of companies prefer to implement a hybrid solution versus 34 percent that like to keep projects in house and 11 percent that prefer to outsource. Twelve percent had no preference.