The full Entrust product suite offers primary security services for Web-based transactions, including authentication, authorization, privacy, nonrepudiation and encryption. TruePass lets a user digitally sign a Web transaction to bind the user to the transaction for nonrepudiation and dispute resolution.
TruePass can be applied to B2B and B2C scenarios. A company with an extranet capable of processing purchases could use TruePass. For example, TruePass could be used by health care organizations to authenticate doctors and patients submitting highly sensitive medical information over Internet connections where strong encryption and nonrepudiation are essential.
Entrust TruePass is not a standalone product. TruePass requires Entrust Authority Security Manager (formerly known as Entrust Authority) to provide CA (certificate authority) services at a minimum. Entrust Authority Security Manager also requires a directory server. It can use Sun iPlanet, Siemens DirX, Microsoft Active Directory and Critical Path. Critical Path was bundled with TruePass for this review.
Entrust Truepass System Architecture
Click here to enlarge
TruePass uses the following servlet engines on the back end: Macromedia JRun, IBM WebSphere or BEA Systems WebLogic. You can run Entrust SAS (Self Administration Server) on the same engine to provide automatic enrollment and recovery, or you can let users revoke their certificates.