GeoTrust Client Certificates: True Credentials®
GeoTrust Client Certificates provide a cost-effective and fully-managed solution to credential users and provide strong authentication for secure network access and communications.
Features and Benefits
- Provides strong authentication for:
- Secure access to VPNs, web portals and other network resource
- Secure messaging / S/MIME
- Secure web services and other online applications
- Simple, web-based certificate lifecycle and management interface
- 99%+ compatibility with all browsers
- Lowest TCO in the industry
- Fast and easy set-up
- Flexible authentication and enrollment services
- Maximum integration with existing databases
Fully-Managed Service for Secure, Cost-Effective Client Credentials
In today’s networked environment, businesses need a cost-effective way to credential users for secure access to network resources and applications and secure messaging. Client certificates provide such a solution by issuing digital identities to employees, business partners and other internal and external clients and communications that need to be “trusted.”
True Credentials® client certificates provide two- factor authentication and the cryptographic functions necessary to encrypt all electronic transmissions so no unauthorized parties can read or understand the transmission. A fully-managed service, it addresses the inherent security risks typically associated with simple password schemes, open email communications and hardware-based authentication solutions without any expensive hardware, infrastructure or set-up costs. True Credentials provides a fast and easy way for enterprises to credential users and to deliver these client credentials electronically.
Deliver Secure Access, Secure Messaging and Secure Web-based Services and Applications
Client credentials can be employed in every enterprise, from finance, insurance and Internet commerce companies to education and government organizations. True Credentials provides strong authentication for secure access, secure messaging and secure web services and applications.
- Secure Access. The driving motivation to provide secure access to mission-critical enterprise applications and resources is to increase the efficiency of the workforce, to create a virtual enterprise that brings suppliers and partners in for trusted transactions, and to provide consumers with the confidence that their confidential information is secure. True Credentials provides secure access to vital network resources and applications, such as VPNs and web portals, without any special hardware and software requirements.
- Secure Messaging / S/MIME. Secure messaging is about making sure only the intended recipients of email messages can read them. Securing email has not been done extensively because of the difficulty in authenticating senders and receivers and in getting them their certificates. But once certificates are correctly installed, all standard email clients support signing and encrypting to keep communication private and confidential. With a True Credentials client certificate installed, email clients and servers continue to work unaltered, but all the intermediate servers, ISPs and networks can store messages without ever being able to read them providing maximum security.
- Secure Web Services and Applications. Pressure to streamline business processes and decrease operational costs are forcing enterprises to reconsider the way they do business online. True Credentials client certificates can provide the critical security that enterprises need for the all of the parties involved in vendor/partner transactions, including supply chain management, paperless transactions, and other applications over the internet that require fast, secure, and reliable methods to be in place.
How It Works
Typical implementations of True Credentials start with GeoTrust cutting a private Intermediate Certificate Authority (ICA) on behalf of the enterprise. This ICA is issued off the GeoTrust Root Certificate Authority (CA) providing the enterprise and their end users with the best of both worlds: wide spread ubiquity and private branding. Since 99% of all browsers and email clients have the GeoTrust certificate authority root keys embedded in them when they are shipped, individual (client) certificates signed by the GeoTrust CA roots will be automatically accepted with no unfriendly warning dialogs.
True Credentials is configured for the proper type of authentication and for the other enterprise-specific options offered depending on whether it is for secure access, secure email or a web-based application/service. The administrator designated by the enterprise is authenticated and provided a digital certificate, and an HTML interface dedicated to the administrator of this enterprise is created. Next, the enterprise-branded user-facing web site for delivery of digital certificates is created; policies and procedures for key recovery (lost user certificate), revocation (terminated employee) and renewal (one-year expiration) are put in place; and then True Credentials is ready to be deployed.
Certificate Delivery
After the individual requiring a digital identity has been authenticated by the enterprise -- be it employee, partner or customer -- the certificate must then be delivered. The client receives an email with an HTML link to a page hosted by GeoTrust. This page can be branded with the look-and-feel of the enterprise's pages for consistency. The certificate is then delivered to the user's browser (the browser is the standard way to get a new certificate into the operating system's certificate store).
Simplified Certificate Lifecycle and Management
True Credentials includes a management interface that provides a secure administrative portal and a clean, simple operational web interface for delivering certificates to users in an automated and “factory-like” operation. It’s standards based, yet offers a great deal of flexibility with optional application components that can be customized to meet individual enterprise applications and requirements.
Since client certificates nominally have a lifetime of one year, they they must be reissued to keep that individual credentialed. True Credentials provides a simple, web-based interface to track all active certificates, expiration dates, allow for email renewal notifications, as well as renew, revoke and replace certificates.
|
