11 June 2004© 2004 Wimmer Systems, Inc. 1 Cryptography Facilitates Record Security and Integrity Presented By Derek Wimmer President Wimmer Systems, Inc.

Slides:

Advertisements

Similar presentations

Rob Farraher Ken Pickering Lim Vu

Advertisements

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Authentication of the Federal Register Charley Barth Director, Office of the Federal Register United States Government.

Coping with Electronic Records Setting Standards for Private Sector E-records Retention.

Chapter 1 – Introduction

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

Toolbox Mirror -Overview Effective Distributed Learning.

Concepts of Version Control A Technology-Independent View.

Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not.

Applied Cryptography for Network Security

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Session 6: Data Integrity and Inspection of e-Clinical Computerized Systems May 15, 2011 | Beijing, China Kim Nitahara Principal Consultant and CEO META.

E- Business Digital Signature Varna Free University Prof. Teodora Bakardjieva.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/

Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.

National Archives of Australia Digital Preservation Update

Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin.

Security of Electronic Records 29th Meeting of the ICA / SIO Geneva -13 May 2003 Milovan Misic.

Open Source for Government Alexander C. Pitzner Sr. Network Engineer Harrisburg University of Science and Technology

Project co-financed by European Union Project co- financed by Asean European Committee for Standardization Implementing Agency1 GMP Workshop Kuala Lumpur.

Kyle McDuffie, Vice President Beckman User Meeting 2001 Delaware. Orlando. Holland. UK Instrument Integration and Regulatory Compliance.

Dr. Lo’ai Tawalbeh 2007 INCS 741: Cryptography Chapter 1:Introduction Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus

Cryptography and Network Security

Eng. Wafaa Kanakri Second Semester 1435 CRYPTOGRAPHY & NETWORK SECURITY Chapter 1:Introduction Eng. Wafaa Kanakri UMM AL-QURA UNIVERSITY

AL-MAAREFA COLLEGE FOR SCIENCE AND TECHNOLOGY INFO 232: DATABASE SYSTEMS CHAPTER 1 DATABASE SYSTEMS (Cont’d) Instructor Ms. Arwa Binsaleh.

MiniCheck OCR Enhancement CSCI 6838 Capstone Project Team # 3 Fall 2007

Cryptography Encryption/Decryption Franci Tajnik CISA Franci Tajnik.

ECE Lecture 1 Security Services.

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

FDA Part 11 Public Meeting Part 11 Simplification, and a Return to the Original Intent Presented By: Martin Browning, EduQuest, Inc.

1 MD&M East 98 Conference New York June 1998 Presentation by Daniel E. Worden PRACTICAL APPROACHES TO ELECTRONIC SIGNATURES.

You Can’t Get There From Here! Prof. Neil Barrett BCS Oxford – 29 th Nov

CPS ® and CAP ® Examination Review OFFICE ADMINISRATION, Fifth Edition By Schroeder and Graf ©2005 Pearson Education, Inc. Pearson Prentice Hall Upper.

Cryptography and Network Security (CS435) Part One (Introduction)

FDA Public Meeting on Electronic Records and Signatures June 11, 2004 Presentation of the Industry Coalition on 21CFR Part 11 Alan Goldhammer, PhD Chair.

Part 11, Electronic Records; Electronic Signatures

Meganet Corporation VME Sign Meganet Corporation Meganet Corporation is a leading worldwide provider of data security to Governments, Military,

COSC 513 Operating Systems Project Presentation: Internet Security Instructor: Dr. Anvari Student: Ying Zhou Spring 2003.

Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.

1 Topic# 7 – Auditing with Technology Readings, Chapter 10 A – COMPUTERIZED AUDIT TOOLS –Electronic Spreadsheets –Automated Working Papers –Generalized.

DIGITAL SIGNATURE.

Confidential CFR Part 11 Public Meeting The Role of the Technology Provider in the Pharmaceutical Industry Jean Paty, Ph.D. Co-founder.

Deck 10 Accounting Information Systems Romney and Steinbart Linda Batch March 2012.

The world leader in serving science Overview of Thermo 21 CFR Part 11 tools Overview of software used by multiple business units within the Spectroscopy.

FDA Part 11 Public Meeting Washington, DC June 11, 2004 Paul D’Eramo Executive Director Worldwide Policy & Compliance Management Quality & Compliance Services.

Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.

By Marwan Al-Namari & Hafezah Ben Othman Author: William Stallings College of Computer Science at Al-Qunfudah Umm Al-Qura University, KSA, Makkah 1.

Content Introduction History What is Digital Signature Why Digital Signature Basic Requirements How the Technology Works Approaches.

What happens to Your Thesis after Examination? David Howard: Manager Library Collections and Access. October 2010.

@Yuan Xue Case Study (Mid-term question) Bob sells BatLab Software License Alice buys BatLab Credit card information Number of.

Washington State Auditor’s Office Third Party Receipting Presented to Washington Public Ports Association June 2016 Peg Bodin, CISA.

Lecture 1 Introduction Dr. nermin hamza 1. Aim of Course Overview Cryptography Symmetric and Asymmetric Key management Researches topics 2.

GT1 - MODELOS, FRAMEWORKS E ARQUITETURAS APRESENTAÇÃO DA NORMA – GT4 ISO TS 21547:2010 “Health informatics — Security requirements for archiving of electronic.

FDA 21 CFR Part 11 Compliance

The Role of the Technology Provider in the Pharmaceutical Industry

Key management issues in PGP

Trust Profiling for Adaptive Trust Negotiation

- A “Portable” Implementation

ESign Aashutosh.

TASHKENT UNIVERSITY OF INFORMATION TECHNOLOGIES NAMED AFTER MUHAMMAD AL-KHWARIZMI THE SMART HOME IS A BASIC OF SMART CITIES: SECURITY AND METHODS OF.

NET 311 Information Security

בקרה תוך שימוש ב 21CFR Part 11 / אילן שעיה סמארט לוג'יק

INFORMATION SYSTEMS SECURITY and CONTROL

FDA 21 CFR Part 11 Overview June 10, 2006.

Meganet Corporation VME Sign 2004

Presentation transcript:

11 June 2004© 2004 Wimmer Systems, Inc. 1 Cryptography Facilitates Record Security and Integrity Presented By Derek Wimmer President Wimmer Systems, Inc. P.O. Box 739 Liberty, Missouri 64069

© 2004 Wimmer Systems, Inc.2 11 June 2004 Presenter Background Derek Wimmer  Microbiologist and Quality Assurance Auditor in the Pharmaceutical Industry  Software vendor specializing in 21 CFR 11 solutions present DaCS™  First commercial Part 11 solution specifically for Microsoft® Excel  In production use since 2001  Used by major pharmaceutical companies worldwide  Utilizes cryptographic methods to help ensure electronic record security and integrity

© 2004 Wimmer Systems, Inc.3 11 June 2004 Topic of Presentation What requirements would preserve record security and integrity and ensure that records are suitable for inspection, review, and copying by the agency?

© 2004 Wimmer Systems, Inc.4 11 June 2004 Preserving Record Security and Integrity Preservation  During use period (within the electronic record system)  During retention period (within archives and outside the system)  During submission period (outside owner’s control) USAGE RETENTIONSUBMISSION

© 2004 Wimmer Systems, Inc.5 11 June 2004 Preserving Record Security and Integrity Security - preventing alteration  Active controls Limiting access to record Limiting ability to alter Relies on physical or computerized controls  Passive controls Ability to detect alteration Threat of repercussions Relies on psychological controls (deterrence)

© 2004 Wimmer Systems, Inc.6 11 June 2004 Integrity - means of ensuring fidelity (detecting alteration)  Reference Compare to “master” copy Master copy must be available  Fingerprinting Compare to mathematical transformation or cryptographic method Method must be available to do so Preserving Record Security and Integrity

© 2004 Wimmer Systems, Inc.7 11 June 2004 DaCS™ Integrity Check Methodology PASSFAIL A0-13-C4-DE B6-09-FF-01A0-13-C4-DE  = 1. Generate secure digital signature of file data. 2. Embed digital signature in file. 3. Later, excise signature and generate new signature of file data. 4. Compare new signature to embedded signature.

© 2004 Wimmer Systems, Inc.8 11 June 2004 Suitable for Inspection, Review, and Copying by the Agency Must be able to remove the record from the system You can’t rely on system’s controls to provide security and integrity May require conversion of the record to different and unknown formats Record is out of the owner’s control

© 2004 Wimmer Systems, Inc.9 11 June 2004 Why Cryptographic Fingerprinting Methods Meet Requirements Preservation  Fingerprint can be archived or transmitted with record  Does not require control system to maintain Security  Deters record alteration by virtue of being able to detect alteration  Secure cryptographic methods are available Integrity  Allows verification of record fidelity Suitability for Inspection Activities  Independent of control system  Allows for portability of records

© 2004 Wimmer Systems, Inc June 2004 Burden of Requirement Technological burden is LOW  Secure algorithms and methods are publicly available ...are already built into commercial operating systems ...can be used for no licensing cost  …have been commonly used in multiple applications  …infrastructure for some applications already built Implementation burden is REASONABLE  Must put resources into applying methods to records  May require implementing new or existing infrastructure Burden is LESS THAN no requirement  Clarifies acceptable methods  Reduces need for resource-intensive controls Burden can be REDUCED by  Application of public/free methodologies  Use of commercial systems  Spreading burden over large number of systems