Turning mobile devices into enterprise credentials

Entrust is extending its Entrust IdentityGuard strong authentication platform to offer smart credentials on mobile devices for enterprise-grade security.

Taking advantage of near-field communication (NFC) and Bluetooth standards, Entrust embeds biometrics and digital certificates on smartphones to create trusted identity credentials for stronger and convenient enterprise authentication.

Now available via the software-based Entrust IdentityGuard authentication platform, organizations are able to use biometrics and digital certificates to leverage mobile devices as smart credentials for logical access to corporate and wireless networks, web authentication, and physical access to buildings and other facilities. For even greater convenience, NFC (physical and logical) and Bluetooth (logical) may be used to streamline mobile-based authentication.

Authenticated desktop logins are as simple as having a mobile device in proximity of a workstation, but is more secure than most of today’s standard security offerings. In fact, on compatible devices, Bluetooth capabilities may bring additional features to smartphones, such as proximity-based auto-lockout of desktops and laptops.

By delivering updated credentials to mobile devices – anytime and anywhere – via secure online channels, organizations can more effectively eliminate the risk of physical smartcards being intercepted or lost in the mail, and also remove expensive and time-consuming shipping obstacles.

Compatible on today’s most popular mobile platforms, including Apple iOS, RIM BlackBerry and Google Android, Entrust leverages industry-standard technologies, including Personal Identity Verification (PIV), for higher security and interoperability than proprietary systems.

Entrust IdentityGuard also introduces new API architecture designed to allow for tight integration with today’s leading mobile device management (MDM), identity and access management (IAM), and public key infrastructure (PKI) vendors. This provides welcomed interoperability, via standards-based interfaces, with new and existing enterprise security implementations. This approach may even leverage in-house or managed service-based digital certificates.

The enhanced Entrust IdentityGuard solution will also include certificate-onboarding to mobile devices for certificate-based authentication and S/MIME-based decryption and signing of email. Advanced secure email capabilities include synchronization, key history and encryption across enterprise desktops and mobile platforms.

To help reduce costs and enable greater efficiency, the enterprise credentials may even be managed by the end-user via the Entrust IdentityGuard Self-Service Module. This Web-based interface can enable Entrust IdentityGuard users to manage many aspects of their accounts (e.g., device enrollment, obtaining of certificates, provisioning), freeing administrator time without compromising the security of the network.

End-users may even self-activate a new authenticator without the assistance of an administrator. Should a user misplace their authenticator, they can receive a temporary password or order a new authenticator without the need to contact their local help-desk.

Entrust IdentityGuard enables organizations to layer security — according to access requirements or the risk of a given transaction — across diverse users and applications. Entrust’s authentication capabilities include smartcards and USB tokens, soft tokens, grid cards and eGrids, IP-geolocation, questions and answers, out-of-band one-time passcode (delivered via voice, SMS or email), and a range of one-time-passcode tokens. In addition, digital certificates are used on mobile devices, in software and on smartcards and USB tokens.