Encentuate Glossary

Below are some industry specific and product related terms.

AccessAgent

The Encentuate AccessAgent is the client software and manages users' Encentuate Wallet, enabling sign-on and sign-off automation and authentication management. Related names: Encentuate AccessAgent for Windows, Encentuate AccessAgent for Linux, and Encentuate AccessAgent for Citrix.

AccessAdmin

Encentuate AccessAdmin is the management console used by individuals with the Administrator Role and/or the Helpdesk Role to administer the Encentuate IMS Server, and to manage users and policies.

AccessAssistant

Encentuate AccessAssistant is the web-based interface used to provide password self-help. Users use AccessAssistant to reset their Encentuate password, or to obtain the latest credentials to logon to their applications.

AccessStudio

Encentuate AccessStudio auto-generates AccessProfiles for single sign-on/sign-off and end-point automation.

Authentication Factor

Authentication factors refer to different devices, biometrics, or secrets required as credentials for validating digital identities. Examples include passwords, Encentuate USB Key, RFID, biometrics, and one-time password tokens.

Conventional Single Sign-On

Conventional single sign-on refers to web-based single sign-on systems and typically requires server-side integration, with a centralized architecture. In contrast, Encentuate provides single sign-on capabilities through its sign-on automation capabilities. Encentuate employs a user-centric, server-managed architecture that is distributed and interfaces with applications through agent technology. Conventional single sign-on, while convenient, presents a security threat since all applications share a common password.

Credentials

Credentials refer to user names, passwords, certificates and any other information that is required for authentication. An authentication factor can serve as a credential.

Credentials are stored and secured in the Encentuate Encentuate Wallet.

Enterprise Directory

The enterprise directory refers to the master reference directory for the enterprise.

Encentuate verifies each user registration against this directory. The user name for the enterprise directory can be used as the user name for Encentuate's system. It should be noted that Encentuate's system may be used without an enterprise directory.

Enterprise Single Sign-On (ESSO)

Enterprise single sign-on allows users to log on to all the applications deployed in the enterprise by entering one user name and password.

Many enterprise single sign-on products use sign-on automation technologies to achieve single sign-on — users log onto the sign-on automation system and the system takes over from there to log users on to all other applications.

IMS Bridge

Encentuate IMS Bridges extend functionalities of 3rd party programs, allowing them to communicate with the IMS.

Examples include IMS Bridges that provide OTP provisioning, such as IMS Bridge for ITIM.

IMS Connector

Encentuate IMS Connectors are add-ons to the Encentuate IMS Server that enable the IMS Server to interface with other applications as a client, extending the capability of the IMS Server. Examples include Encentuate IMS Connector for AD and Encentuate IMS Connector for Novell eDirectory.

IMS Server

The Encentuate IMS (Integrated Management System) Server provides centralized management of user identities, AccessProfiles, and authentication policies. It also provides loss management, certificate management and audit management for the enterprise. The IMS Server interfaces with other applications through IMS Application Connectors and IMS Authentication Bridges. It is the IMS Server that interfaces with other identity management systems.

IMS Service Modules

Encentuate IMS Service Modules are optional add-on modules that extend the basic services (user management, policy management and certificate issuance, etc.) provided by the IMS Server. An example is the Encentuate Mobile ActiveCode Service Module for generating one time passwords.

iTag

Encentuate iTag is a patent-pending technology that converts any photo badge or personal device into a proximity authentication device through the application of a smart label or other identification tags. Examples of stickers include Mifare labels, EM tags, and prox tags.

Mobile ActiveCode

An Encentuate Mobile ActiveCode (MAC) is a one-time password that is randomly generated and event-based. The Mobile ActiveCode is generated on the server and delivered via a secure second channel such as text services (SMS) on mobile phones or via email. It is used for strong authentication.

Physicalization

Physicalization a technique in which a digital identity is attached to a physical device and cannot be replicated without replicating the device.

An Encentuate USB Key supports physicalization as it contains a smart card with on-board cryptographic and Wallet caching capabilities. The smart card ensures that the Encentuate Wallet is protected.

Sign-On and Sign-Off Automation

Sign-on and sign-off automation is a technology that works with user interface-based (UI-based) log on mechanisms of existing applications to automate the sign-on and sign-off process for users. Many enterprise single sign-on (ESSO) products use sign-on and sign-off automation technologies to achieve single sign-on — users log on to the sign-on automation mechnanism and the sign-on automation system takes over from there to log the user on to all other applications.

Single Sign-On (SSO)

Single sign-on is a capability that allows users to enter one user name and password in order to access multiple applications.

Many single sign-on products are also known as simplified sign-on or reduced sign-on products because they do not support all types of application log ons.

Strong Digital Identity

A strong digital identity is an online persona that is very hard to impersonate.

Digital identities secured by certificates and private keys on a smart card are examples of strong digital identities. Strong digital identities typically have to be supported by physicalized authentication factors.

USB Key

The Encentuate USB Key is Encentuate's customized token that combines the utility and capacity of Flash RAM, the security of a smart card, and the universal connectivity of Universal Serial Bus (USB) into one package. Encentuate's USB Key is a portable and personalized device for storing user names, passwords, certificates, encryption keys, and other security credentials.

user-centric, server-managed architecture

A user-centric, server-managed architecture is a distributed, agent-based system that provides the user with the convenience of a user-focused agent, and the organization with consolidated views and controls over the distributed agents. If designed carefully, it can avoid the pitfall of many distributed systems — a single point of failure in the server.

Encentuate has a user-centric, server-managed architecture in which the AccessAgent provides personal identity management functions to the users and is centrally managed through the IMS Server.

Wallet

The Encentuate Wallet stores users' access credentials and related information (including user names, passwords, certificates, encryption keys). A Wallet acts as a user's personal meta-directory and is protected by a choice of authentication factor. Use of the Wallet is governed by a set of Wallet security policies. An Encentuate Wallet is managed by the Encentuate AccessAgent.

The Wallet roams to any enterprise end-point where an AccessAgent is installed.