Entrust Secure Web Portal

1
Secure Web Portal ltinsert AE/SE name heregt
2
Agenda

• The Opportunity at Hand
• Entrust Secure Web Portal
• Entrust GetAccess
• Entrust TruePass
• Packages and Pricing

3
The Opportunity at Hand Increasing the Value of
your Web Portal
4
What is a Portal?

• A single doorway for employees,
  customers/citizens and partners into an
  organizations online services content

End User
Content
Portal
Services
Tx Requests
5
A Portal is Comprised of . . .
Firewall
Firewall
Web Servers
Application Servers
Portal Management
Content Management
End User
DMZ
Intranet
Internet
6
The Promise of Portals
Have you realized the full potential and the
associated ROI from your portal? If Not, Why?
7
The Market Reality
Achieving higher portal ROI results from adding
more higher value services and transactions.

• Your customers, partners employees are
  demanding it
• Your competitors are doing it

8
What is the Payoff?
Create stronger relationships Improve customer
acquisition retention Accelerate
processes Tighten integration with business
partners Improve employee effectiveness Gain
competitive advantage Improve brand
perception Offer new differentiated services

• Revenue

• Costs

9
How do you Add Value? . . . by Adding
Capabilities
Personalization Knowing who is accessing the
portal and providing them a customized experience
Application Integration Integrating disparate
back-end systems, services content
Personalization
Data
Binding Transactions Replacing paper-based
transactions with digital signatures that bind
all parties
Privacy Protecting transactions and user
information throughout their entire lifecycle
10
Personalization
11
Application Integration
Data
Content
Personalization
Portal
Services
End User
Tx Requests
Retail Banking
Mortgage/ Loans
Integrating more high value content and services
into the portal provides users with a better
experience
Travel Insurance
Brokerage
12
Privacy

• High Value Transactions Need for Privacy

13
Binding Transactions

• Most high-value transactions require a binding
  record

14
Entrust Secure Web Portal Enhanced Security
Enables Higher Value Return
15
Building a High-value Portal
High Value Portal
Enhanced Internet Security
Web Portal


Enhanced security enables you to add personalized
access to more and higher value applications,
services and transactions
16
Enhanced Internet Security
17
Value of Enhanced Security

• Only enhanced security can provide users with the
  same level of privacy and trust that they were
  accustomed to in the paper world

18
The Entrust Solution
Content
Personalization
Services
Secure Web Portal Solution
End User
Data
Tx Requests
Identification and Entitlements
Enhanced Identification, Privacy and Verification
Security Management
19
Entrust Secure Web Portal
Portal ROI
20
Entrust Secure Web Portal
Only Entrust Secure Web Portal provides the
comprehensive enhanced security needed to enable
a high-value web portal

• Builds the foundation for stronger relationships
  with customers, partners, citizens and employees
  through personalization
• Extends portal ROI by adding access to more and
  higher value/sensitivity applications, content
  and services through enhanced security

21
The Entrust Advantage
22
Uniquely Positioned to Deliver Value
Entrust Secure Web Portal Advantages

• Comprehensive Enhanced Security
• Automated Security Management
• Flexible Deployment
• Proven Security

23
Entrust Secure Web Portal

• Enable more higher value / sensitivity
  applications online
• Comprehensive enhanced security with multiple
  entry points
• Lower TCO through automated administration
• Automated management of digital IDs and security
  policies lessens administrative burden
• User self-enrollment and password resets
  significantly cuts down calls to the help desk
• Improve online experience with enhanced security
• Single-sign-on across multiple applications and
  domains to strengthen relationships from any
  computer anywhere
• User experience is personalized yet security is
  transparent

24
Entrust Secure Web Portal

• Increase flexibility to grow as your portal and
  security needs change
• Investment is future-proofed - can start with a
  single capability and easily integrate other
  capabilities 
• Add security while maintaining performance
• Proven deployments servicing millions of users
• Accelerate time to market
• Multiple deployment choices, automated security
  management, user self-enrollment and integration
  with leading web portal technologies  
• Increase confidence
• Comprehensive secure architecture from an
  industry leader

25
In Summary
Accelerate Processes
Offer New Services
CreateCompetitive Advantage
Strengthen Relationships
High Value Portal
Improve Employee Effectiveness
Drive Down Costs
?Portal Value ?Portal ROI
26
Entrust Secure Web Portal Comprehensive Enhanced
Security Services
27
High Value Portals Identification
Entrust Secure Web Portal Identification
Capabilities

• Identification
• Key enabler for delivering personalized content
• Strengthens the one-to-one relationship and
  provides incentive to the user to return to the
  portal
• Single Sign-On (SSO)
• Manage one user identity for all portal resources
• Deliver convenience to end user
• Lowers administration costs
• Flexible Authentication
• Leverage methods of varying strengths required to
  meet the needs of a diverse user community

28
Identification Features
Entrust Secure Web Portal Identification
Capabilities

• Single entry and access point for a user across
  multiple applications and resources
• Supports the broadest range of authentication
  methods available today
• LDAP (Passwords in external directories), Smart
  Cards, Tokens, Certificates, Entrust TruePass
  with multiple authentication methods
• Open framework enables customers and partners to
  plug-in support for new and emerging
  authentication technologies, such as biometrics
• Identification can be mapped to back-end
  applications

29
Identification
Entrust Secure Web Portal Identification
Capabilities
Web Servers Across multiple domains
App serversContent managementPortal management
End User
?
?
?
30
High Value Portals Enhanced Identification
Entrust Secure Web Portal Enhanced
Identification Capabilities

• You cannot move higher value/sensitivity
  applications online, unless you can identify
  users with certainty
• Enhanced identification is critical
• User name and password is not enough for valuable
  or sensitive transactions
• Multiple-method authentication from any computer
  anywhere
• Based on digital IDs available via roaming,
  roaming with SMS messaging or voice (optional),
  local storage, smart cards or tokens
• Allows you to deliver more cost effective
  authentication balancing strength of
  identification with cost and deployment complexity

31
Enhanced Identification Cost/Security Tradeoffs
Entrust Secure Web Portal Enhanced
Identification Capabilities
Highest
Value of Transaction
Confidence in Authentication

• Additional Factors
• Challenge Response
• Mobile Device3rd party tokens

Lowest
Cost of Deployment
Highest
Lowest
32
Enhanced Identification
Entrust Secure Web Portal Enhanced
Identification Capabilities
Optional Strong Roaming access to digital ID

• Digital ID-based authentication
• Stronger than user name password
• Enables SSO to web resources
• Flexible authentication approaches
• Protection from malicious attacks

33
High Value Portals Entitlements
Entrust Secure Web Portal Entitlements
Capabilities

• Entitlements
• Key enabler for delivering personalized content
• To deliver services of any value, sensitivity or
  relationship impact you must ensure users access
  only authorized resources
• Provide appropriate level of access for each
  individual, based on their relationship with the
  organization
• Lowers the cost, reduces development time and
  removes the pain of securing applications
  individually
• Manages risk as more services and applications
  are moved to the Web

34
Entitlements Features
Entrust Secure Web Portal Entitlements
Capabilities

• Roles Based Access Control (RBAC)
• Proven model for simplifying and managing large
  numbers of users and privileges
• An organization defines roles based on the
  varying levels of access that it needs
• Roles are then mapped to appropriate users and
  resources to deliver the appropriate entitlements
  and access control
• Rules
• The roles-based model is further refined by
  allowing the customer to define rules based on
  Boolean logic (e.g. A user can only access a
  resource if he is a Supplier and Manager )

35
Roles Based Access
Entrust Secure Web Portal Entitlements
Capabilities
36
High Value Portals Privacy
Entrust Secure Web Portal Privacy Capabilities

• You cant integrate more and higher
  value/sensitivity impact applications, if
  information is at risk of being exposed
• Privacy is critical
• Confidentiality and privacy protection through
  encryption of data from browser to back-end
• Benefits
• Protection against theft of user data from web
  servers
• SSL only protects from the browser to the Web
  Server

37
Enhanced Privacy
Entrust Secure Web Portal Privacy Capabilities

• Confidentiality and privacy protection through
  encryption of data from browser to back-end
• Protection against theft of customer data from
  web servers
• Global Impact
• Gramm-Leach-Bliley Act
• HIPPA (Healthcare)
• EU directive on data security privacy

38
High Value Portals Verification
Entrust Secure Web Portal Verification
Capabilities

• You cant integrate more and higher
  value/sensitivity applications, if transactions
  are not binding
• Verification is critical
• Accountability through electronic proof of
  transactions (verifiable) via digital signatures
• Benefits
• Paperwork reduction since even complex
  transactions can be signed online
• Accelerate processes
• Reduce costs

39
Enhanced Verification
Entrust Secure Web Portal Verification
Capabilities

• Accountability through electronic proof of
  transactions (verifiable through digital
  signatures)
• Time stamped receipts of signature
• Entire context of document can be signed

40
Customer Success
Entrust GetAccess Customer Success
Telia Happy customer for 3 years with 600,000
users
Washington Mutual 1.5 million users rolled out
in 6 weeks
Perot Systems Using GetAccess, Mobile Server
TruePass internally now a Perot bundle for
customers
Telefonica Using GetAccess Mobile Server to
secure B2C portal
41
Customer Success
Entrust TruePass Customer Success
Illinois EPA Using Digital Signatures with
Accelio eForms for Verification
RBC Improving Customer Service by Delivering
Automated Transaction Processing Applications
Online
42
Customer Success
Entrust Secure Web Portal Customer Success
43
Summary
Entrust Secure Web Portal Summary

• Only Entrust Secure Web Portal provides the
  enhanced security needed to enable a high value
  web portal
• Delivers enhanced security
• Identification, entitlements, verification,
  privacy and security management
• Powers personalization
• Enables moving more and higher value/sensitivity
  applications online
• Entrust Secure Web Portal advantages
• Comprehensive Enhanced Security
• Automated Security Management
• Flexible Deployment
• Proven Security

44
Putting it All Together
Entrust Secure Web Portal Architecture
Firewall
Firewall
Web Servers
Application ServerPortal ManagementContent
Management
End User
Optional External Authorization Service
User ID / PW
Roaming Optional EAS
Portal Application Plug-ins
GetAccessRunTimes
Local Storage
TruePassRunTimes
Smart Cards Tokens
Digital ID
(DMZ)
(Intranet)
(Internet)
45
Entrust GetAccess 4.6
46
GetAccess Delivers Performance
Entrust GetAccess Advantages Performance
Performance

• Availability Automatic fail-over, system
  monitoring, auto restart to ensure highest
  availability
• Throughput Proven performance for million of
  users exceeds market reqts
• Deployment Speed Automatic (self-serve)
  registration and automatic entitlements
  provisioning (via LDAP) lower deployment time and
  cost
• Corporate More cash than NETE RSAS
  BALT140 active customers

47
Availability
Entrust GetAccess Advantages Performance
48
Availability
Entrust GetAccess Advantages Performance
Server Components
Web Serverwith Runtime
?
Multiple Active Servers
GetAccess connected to back-end

• Automatic No intervention needed
• Transparent No user/session data lost
• Immediate No downtime
• Standards Based Robust
• Dynamic No configuration needed on Web server

49
Throughput
Entrust GetAccess Advantages Performance
50
Architecture Based on Real World
Entrust GetAccess Advantages Performance

• Entrust GetAccess performance reflects its more
  secure architecture
• GetAccess performs identification and
  entitlements assertion at login
• At login, entitled resources are assigned to
  eliminate the need for caching.
• Slower than identification only login but
  eliminates the need to test entitlements again on
  subsequent accesses
• SMS ensures that user updates are instantly
  provided
• Competitive architectures assess entitlements at
  each access attempt
• Slows every subsequent step after login
• Requires the use of the insecure caching
  architecture

51
GetAccess Delivers Performance
Entrust GetAccess Advantages Performance
Web Server with
End User
Server
52
Competitor Performance
Entrust GetAccess Advantages Performance
Web Server with
End User
Server
?
53
Improvement Release after Release
Entrust GetAccess Advantages Performance

• While continuing to ensure security, Entrust has
  demonstrated increased performance in login rates
  and authorizations release after release

400 Improvement
GetAccess 3.2
4.0
4.5
4.6
54
Throughput
Entrust GetAccess Advantages Performance

• GetAccess can sustain 20 logins per second or 40
  burst (med config)

55
Registration Provisioning
Entrust GetAccess Advantages Performance
56
Auto-Registration Provisioning
Entrust GetAccess Advantages Performance
Server Components
Web Serverwith Runtime
End User
57
Auto-Registration Provisioning
Entrust GetAccess Advantages Performance
Server Components
Web Serverwith Runtime
End User
58
GetAccess Delivers Flexibility
Entrust GetAccess Advantages Flexibility
Flexibility

• Interoperability Working with variety of web
  infrastructure platforms plus proxy solution (for
  server independence) allows us to sell into
  almost any environment
• Administration Delegation of specific functions
  and/or specific user groups allows you to
  leverage current business processes
• Web and Non-Web App Support Support for non-web
  app identification and entitlements allows you to
  extend your portal efforts deeper for more
  services
• Wireless PDA, phone support allows you to reach
  broader audiences

59
Platform Support
Entrust GetAccess Advantages Flexibility
How?

• GetAccess supports all industry leading
  infrastructure components including
• Web Servers Operating Systems
• Databases Directories
• Authentication technologies
• GetAccess Proxy server addresses situations where
  you need support for a Web platform we dont
  currently offer

60
Platform Support
Entrust GetAccess Advantages Flexibility
GetAccess 4.6
61
Administration
Entrust GetAccess Advantages Flexibility
How?

• Absolutely no desktop software purely
  browser-based
• Allows granular delegated access based on Who
  AND What
• Allows definition of administrators such as
• Joe can only reset passwords, but for all users
• Charlie can only assign the HR role for users in
  NY

62
Administration
Entrust GetAccess Advantages Flexibility
Super User
New York
Santa Clara
Ottawa
63
Multi-Domain Support
Entrust GetAccess Advantages Flexibility
How?

• GetAccess provides single-sign-on across multiple
  Internet Domains
• Only GetAccess provides Entitlements across
  multiple Internet Domains
• Only GetAccess provides Centralized Session
  Management across multiple Internet Domains

64
Multi-Domain Support
Entrust GetAccess Advantages Flexibility
65
Interoperability
Entrust GetAccess Advantages Flexibility
How?

• Due to its adherence to open standards and
  flexible architecture, GetAccess has demonstrated
  interoperability with the broadest range of
  third-party tools available in the market today
• WebLogic Websphere Domino
• Documentum Broadvision Oracle
• ATG Dynamo Peoplesoft Epicentric
• Plumtree iPlanet App Svr Others

66
Interoperability
Entrust GetAccess Advantages Flexibility

• Real World Examples
• IBM WebSphere - Hydro Quebec, McLane Co., One
  Galaxy/Spanish Bay
• BEA WebLogic Sprint, Vodafone, Yazaki
• Epicentric Large multi-national financial
  institution
• Plumtree Corporation Zimmer
• BroadVision - Agilent Technologies, KPN, Ricoh,
  Telia
• Vignette Egg, AutoDesk
• Peoplesoft - Partners Healthcare
• NetDynamics - 3Com, BYU

67
Non-Web Integration
Entrust GetAccess Advantages Flexibility
How?

• With its CAAS API, GetAccess allows customers to
  expand their Identification and Entitlements
  umbrella to protect non-Web and legacy
  applications
• IVR Client/Server Mainframe
• Emerging technologies (Streaming Audio/Video,
  etc.)

68
Wireless Support
Entrust GetAccess Advantages Flexibility
How?

• The GetAccess Mobile Server allows users to
  access online resources using non-traditional
  devices such as PDAs and mobile phones

69
Wireless Support
Entrust GetAccess Advantages Flexibility
Server Components
Web Server with
End User
Standard GetAccessarchitecture
Snap-in Mobile Server
Mobile Server
70
Customization
Entrust GetAccess Advantages Flexibility
How?

• GetAccess has a robust set of toolkits to allow
  you to integrate your applications as tightly as
  they need
• Only GetAccess provides events (hooks) that
  allows you to modify the behavior of the system
  at critical junctures (logins, logouts,
  revocation, user creation, etc.)
• Support provided in Java and C

71
Easy Migration to Entrust TruePass
Entrust GetAccess Advantages Flexibility
How?

• Remove the barriers to adding higher value or
  sensitive applications and transactions that
  require enhanced security

72
GetAccess Delivers without Sacrificing Security
Entrust GetAccess Advantages Security
Security

• Entrust GetAccesss security capabilities have
  been designed from the ground up with the product
  not added as patches or after thoughts. This
  means that Entrust has not had to sacrifice
  performance or flexibility to deliver security.
• Non-Caching Architecture GetAccess does not
  cache user information in the DMZ where it is
  vulnerable to attack for use in hacks such as
  identity theft
• Centralized Session Management GetAccess
  ensures the integrity of each user session to
  protect against unauthorized access
• Growth to Entrust TruePass Application security
  can be seamless increased through the addition of
  Entrust TruePass

73
No Caching
Entrust GetAccess Advantages Security

• What is caching?
• Components remember things for which they have
  made earlier requests to databases, directories,
  or back-end systems
• The next time a request for that same piece of
  information is needed, the software has the
  information available and does not need to make a
  database dip, LDAP query, etc.
• While caching can certainly deliver performance
  boosts, it can also lead to serious security
  flaws in a systems architecture
• This is largely dependent on the nature of the
  data being cached and the location of the cache

74
Caching Architectures
Entrust GetAccess Advantages Security

• Other vendors use a caching implementation that
  is severely flawed
• For example, one vendor caches the users
  password and privileges
• Caching any user privilege information, passwords
  in particular, is a significant security risk
• It can allow unauthorized or even deleted users
  to log in and access resources
• Information is cached at their web agent
• This means that the most sensitive data about the
  user (password and privilege information) is
  available in the DMZ, typically considered the
  single most vulnerable part of the corporate
  network

75
No Caching
Entrust GetAccess Advantages Security

• GetAccess does not cache any user information
  whatsoever
• In spite of not using a cache, GetAccess can
  deliver the performance needed to support portal
  deployments of multi-million users
• Real-world feedback When other vendors flush
  the cache, the system slows to a crawl, to the
  point of being unusable

76
Other Products With Caching
Entrust GetAccess Advantages Security
Policy Server
Web Agent
Repository
End User
User IDPrivileges
User authentication
77
GetAccess Delivers Security No Caching
Entrust GetAccess Advantages Security
Server Components
Web Server with
Repository
User ID PasswordsPrivileges
Privilegesissued as encrypted cookies
End User
User authentication to GetAccess
78
Centralized Session Management
Entrust GetAccess Advantages Security

• What is Centralized Session Management?
• Maintaining a centralized session table that
  shows all users that have logged in and are
  actively using the system at the current time
• Provides a single enforcement point for all
  session management (timeouts, revocation checks,
  etc.) decisions
• Enables support for session specific keys

79
Centralized Session Management
Entrust GetAccess Advantages Security

• Other vendors provide no Centralized Session
  Management
• They have no way of knowing who is using the
  system at any point in time
• No centralized choke point for enforcement of
  security policy
• Lack of this key architectural component forces
  them to use the same key to encrypt credentials
  (cookies) for each user
• If any users cookies are compromised, the hacker
  can then forge credentials for any other user

80
Other Products Without Session Management
Entrust GetAccess Advantages Security
Policy Server
Web Agent
End User
81
Centralized Session Management
Entrust GetAccess Advantages Security

• GetAccess provides this critical security
  capability
• The GetAccess Session Management Service (SMS) is
  the centralized location for all GetAccess
  session control activity
• Delivers idle and session timeout and real-time
  revocation capability
• Since the SMS can serve as a clearing-house for
  session-specific keys, GetAccess can encrypt each
  users credentials with a randomly generated key
  that is unique to each session

82
Centralized Session Management
Entrust GetAccess Advantages Security
Web Server with
Web Server with
End User
83
True Multi-Domain Support
Entrust GetAccess Advantages Security

• Multi-Domain Support
• Most Global 2000 companies have multiple Internet
  domains (e.g. Entrust.com and Entrust.net) for
  which they need to provide secure access
• At the very least, companies need to deliver SSO
  across these domains
• In order to provide true business value,
  companies need to be able to provide the full
  range of security services (SSO, Entitlements,
  Centralized Session Management, Delegated
  Administration, etc.) for multiple Internet
  domains

84
True Multi-Domain Support
Entrust GetAccess Advantages Security

• Other vendors provide only rudimentary
  multi-Domain support
• Users can be identified to the secondary domains
• They cannot be entitled
• Their sessions cannot be managed
• They cannot be revoked
• This does not deliver much value

85
Other Products Multi-Domain without Session
Management
Entrust GetAccess Advantages Security
Policy Store
Web Agent
End User
Domain1.com
86
True Multi-Domain Support
Entrust GetAccess Advantages Security

• GetAccess delivers true multi-Domain support
• Resources in secondary domains are protected and
  managed just as securely and effectively as those
  in the primary domain
• All the benefits of Centralized Session
  Management are leveraged across all Internet
  domains
• Only GetAccess provides single sign off across
  all domains

87
True Multi-Domain Support
Entrust GetAccess Advantages Security
Web Server with
Server Components
End User
Domain1.com
88
Entrust GetAccess 4.6 Feature Additions
Entrust GetAccess Advantages New Features

• Performance
• Performance Improvements- Configurable Login
  Monitoring- LDAP performance parity
• Ease of Administration
• Enhanced monitoring tools - Resource access
  logging

• Flexibility
• Expanded platform (W2K)
• Expanded directory support (eDirectory)
• Firewall Friendly No UDP between front and
  back-end components
• Proxy Server for web server independence

89
Entrust GetAccess The Road Ahead
Entrust GetAccess Advantages Roadmap
Under NDA Only
90
Entrust TruePass 6.0
91
Whats New In Entrust TruePass 6.0
Entrust TruePass Advantages Whats New

• Multiple authentication methods
• Entrust Roaming Profiles
• Entrust Desktop Profiles
• Digital IDs stored on the desktop in the Windows
  digital ID store
• Digital IDs stored on smart cards
• Multi-domain SSO
• Server-side password policy enforcement
• Client side key generation
• Easier deployment with J2EE support

• Interoperability with non-Entrust CA
• Expanded platform support
• Sun Solaris 8, Microsoft Windows 2000 Advanced
  Server , BEA WebLogic Server 6.1 SP2, IBM
  WebSphere Advanced and Single Server Advanced
  Editions 4.0.1, Macromedia JRun 3.1 Professional,
  Active Directory
• Improved documentation
• Reverse proxy support
• Latin 1 characters are now supported in usernames
  and passwords

92
TruePass Roadmap
6.0 (April 02)
Code Name Shogun Release

• Client side key generation
• Client-side key storage
• Smart card support
• Multi-domain single signon
• FIPS 140-1 validation
• Hierarchical CA support
• Solaris 8 (2.8), W2K Advanced Server
• BEA WebLogic 6.1, IBM WebSphere 4.0, JRun Pro 3.1
• Enhanced documentation
• Web Proxy Support

• File sign and upload
• Enhanced client-side application integration
• Separate signing/identification keys
• Easier server-side integration
• Enhanced integration with Entrust GetAccess
• 3 Key pair model for separate signing and
  authentication keys

Under NDA Only
Date release features subject to change
93
Entrust TruePass Advantages
Entrust TruePass Advantages Comprehensive
Enhanced Security
Comprehensive Enhanced Security

• Enhanced Identification
• Identify users with certainty using strong forms
  of authentication
• Flexible strong authentication
• Privacy
• Protect information while in transit and in
  storage through end-to-end encryption
• Verification
• Provide a permanent record of the transaction
  through digital signatures

94
Multi-Factor Identification Choice
Entrust TruePass Advantages Comprehensive
Enhanced Security
Firewall
Firewall
Application ServerPortal ManagementContent
Management
End User
Web Servers
Roaming Server
Roaming
Roaming External Authorization
Local Storage
Smart Cards Tokens
95
Multiple Methods of Strong Identification
Entrust TruePass Advantages Comprehensive
Enhanced Security
Roaming Server

• Supports multiple methods of strong
  identification
• Roaming
• Roaming with SMS messaging or Voice
• Local PC storage
• Smart cards and tokens
• Benefits
• Flexibility to balance strength of identification
  with cost and deployment complexity
• Deliver strong identification from any computer
  from anywhere

End User
Roaming
Roaming External Authorization
Local Storage
Smart Cards Tokens
96
Users Demand Mobility
Entrust TruePass Advantages Comprehensive
Enhanced Security

• Mobile single sign-on using digital certificates
• Any computer, anywhere!
• broad platform support
• Extensible authentication features ensure
  security
• Secure storage and download of digital ID

97
2nd Factor Authentication
Entrust TruePass Advantages Comprehensive
Enhanced Security

• 2-factor with phones/pagers
• SMS messages
• Voice messages
• One-time password issued out-of-band

98
Flexible Authentication
Entrust TruePass Advantages Comprehensive
Enhanced Security

• Prompt for additional dynamically-verified
  information (1 or more fields)

99
Enhanced Identification
Entrust TruePass Advantages Comprehensive
Enhanced Security

• Multiple methods of strong authentication
• Password policies enforced at registration time
• Password policies can be customized
• Password never stored at the server
• Password never passed over the network
• Protected from brute force attacks through the
  Roaming Server
• Option for client-side key generation

100
Verifiable Transactions
Entrust TruePass Advantages Comprehensive
Enhanced Security

• Signature covers data and formatting
• Entrust TruePass ensures confirmation is not
  altered before signature
• Signature can be kept for dispute resolution
• Digital receipt can be provided through built in
  signature verification service or via partners

101
End-to-End Encryption
Entrust TruePass Advantages Comprehensive
Enhanced Security

• Persistent encryption of forms
• Protect data past the web server
• Only the target server can decrypt!

102
End-to-End Encryption
Entrust TruePass Advantages Comprehensive
Enhanced Security
103
Entrust TruePass Advantages
Entrust TruePass Advantages Automated Security
Management
Automated Security Management

• Automated security management of users, policies
  and digital IDs
• Reduces administration costs
• Minimizes help desk calls
• Transparent user security
• Ease of use

104
Security Management
Entrust TruePass Advantages Automated Security
Management

• Enhanced Security Management
• Entrust TruePass certificates renew automatically
  without user or administrative involvement
• Users simply continue to operate in the same way
  they always have (no confusing dialogs!)
• User Self-enrollment
• Provides scalability, ease of use, and low-cost
  ongoing management

105
Transparent User Security
Entrust TruePass Advantages Automated Security
Management

• No user software installation
• No dialog boxes for roaming
• Security is transparent
• Integrated into sites existing look and feel
• User self-enrollment
• User password resets

106
Ease of Use
Entrust TruePass Advantages Automated Security
Management
Trust Dialogs can be confusing- hard to use -
costly to organizations
No trust dialogs with Entrust TruePass
No trust dialogs with Entrust TruePass for
roaming users
107
Ease of Use Summary
Entrust TruePass Advantages Automated Security
Management
108
Entrust TruePass Advantages
Entrust TruePass Advantages Flexible Deployment
Flexible Deployment

• Extensible offering
• Future proof your investment by starting with a
  single capability and grow as needed
• Low cost entry point
• Single entry point needed
• Scale to the largest deployments
• Availability and scalability to match the needs
  of the largest deployments
• Fast to deploy
• Accelerate time to market with rapid deployment
  features

109
Availability
Entrust TruePass Advantages Flexible Deployment

• High availability configuration for mission
  critical applications
• Multiple options for achieving high availability
• Multi-tier architectures
• Horizontal Scaling
• Vertical Scaling
• Fail-over configurations for key components

110
Rapid, Low-Cost Deployment
Entrust TruePass Advantages Flexible Deployment

• No client software to deploy
• No software update issues
• new client software automatically downloaded by
  browsers
• Quickly integrates into existing Web site
• No changes to Web site look and feel

111
Self Service Registration Recovery
Entrust TruePass Advantages Flexible Deployment

• Self-service 24x7 convenience
• Supports automatic migration from existing
  usernames passwords
• Support additional information requirements for
  registration
• Eliminates expensive password resets

112
Ease of Deployment Summary
Entrust TruePass Advantages Flexible Deployment
113
Entrust TruePass Advantages
Entrust TruePass Advantages Proven Security
Proven Security

• Secure product architecture
• Centralized enrollment policy control, cross
  certification, enforced strong password policies,
  and support for multiple authentication methods
  provide a trusted and secure environment
• Proven security from a market leader in Internet
  security
• Entrust pioneered the Internet security
  marketplace in 1994 and Entrust invented the
  technology that is embedded in much of basic
  Internet security worldwide

114
Increased Trust Summary
Entrust TruePass Advantages Proven Security
115
Government Certified
Entrust TruePass Advantages Proven Security

• TruePass is FIPS 140-1 certified (Release 5.2 and
  on)
• First Java applet to be certified
• Overall system certification

116
Platform Support
Entrust TruePass Technical
117
Platform Support
Entrust TruePass Technical
118
Entrust TruePass Architecture
Entrust TruePass Technical
Firewall
Firewall
Web Servers
Application ServerPortal ManagementContent
Management
End User
Roaming Optional EAS
Portal Application Plug-ins
Local Storage
TruePassRuntimes
Smart Cards Tokens
Digital ID
(DMZ)
(Intranet)
(Internet)
119
Entrust Packages Pricing
120
Pilot Package Summary
Entrust Secure Web Portal Service Offering

• Pilot Systems
• Customers seeking a proof of concept - 100 users
• Uses standard deployment architectures that
  support low user volumes
• Package is designed to educate customer in the
  operation, integration and deployment of Entrust
  solutions
• Customer can purchase optional components such
  as
• Roaming
• Self Admin Server

• Pilot Systems
• All packages include
• Architecture review customers infrastructure
  and requirements and ensure a fit to the standard
  pilot configuration
• Systems Integration installation, configuration,
  and testing of implementation
• Knowledge Transfer educating the customer on the
  configuration, basic operation and deployment of
  the solution
• Deployment Consulting guiding the engagement,
  deployment assistance and guiding the customer
  towards future deployment
• Support Silver support and maintenance

121
Production Package Summary
Entrust Secure Web Portal Service Offering

• Production Systems
• All packages include
• Everything in a pilot plus additional services
  and knowledge transfer to support
• Deployment Ready production architectures and
  configurations such as external access
• For Self Admin customers integration with
  directory or database
• Reduced costs on implementing a pilot lab
  environment
• Participation in the Certificate Administrator
  Product Bundling Program

• Production Systems
• Customers looking to deploy to between 1,000 and
  10,000 users
• Uses standard deployment architectures that
  address security requirements for internal vs.
  external access
• Package is designed to educate customer in the
  operation, integration and deployment of Entrust
  solutions
• Customer can purchase optional components such
  as
• Roaming, Self Admin Server, PKI Lab Installation
• Shadow Directory, Policy Consulting

122
Commercial Pricing for Pilot Systems
Entrust Secure Web Portal Service Offering
123
Commercial Pricing for Production Systems
Entrust Secure Web Portal Service Offering