Johnson & Johnson’s Public Key Infrastructure Bob Stahl

Slides:

Advertisements

Similar presentations

HCQ P MEDICARES HEALTH CARE QUALITY IMPROVEMENT PROGRAM QualityNet Exchange Dennis Stricker Director, Information Systems Group Office of Clinical Standards.

Advertisements

What is. Digital Certificate It is an identity.

© 2006 IBM Corporation Tivoli Identity Manager Express Tivoli Access Manager for Enterprise Single Sign-On (Product Demonstrations) Tivoli Live! – 15 June.

© 2013 IBM Corporation IBM Security Systems 1 © 2013 IBM Corporation Identity Management And Session Recording A Partnership with IBM and ObserveIT.

SAFE BioPharma Association CONFIDENTIAL1 SAFE Public Key Infrastructure (PKI) 2005 EDUCAUSE/Dartmouth PKI Deployment Summit.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Report on Attribute Certificates By Ganesh Godavari.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 23: Internet Authentication Applications.

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

1 Johnson & Johnson: Use of Public Key Technology Rich Guida Director, Information Security Rajesh Shah Sr. Consultant, Information Security.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Johnson & Johnson Use of Public Key Technology Brian G. Walsh Senior Analyst, WWIS.

UNCLASS DoD Public Key Infrastructure LCDR Tom Winnenberg DISA API1 Chief Engineer 25 April 2002.

HEBCA – Higher Education Bridge Certification Authority Presented by Scott Rea and Mark Franklin, Fed/Ed Meeting, 12/14/2005.

CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

#CONVERGE2014 Session 1304 Managing Telecom Directories in a Distributed or Multi-Vendor Environment David Raanan Starfish Associates.

14 May 2002© TrueTrust Ltd1 Privilege Management in X.509(2000) David W Chadwick BSc PhD.

© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Automates Infrastructure Outsourcing.

Microsoft Identity and Access Solutions Market Trends and Futures

SAFE is a member-governed, not-for-profit enterprise that: Manages and promotes the SAFE standard Provides a legal and contractual framework Provides technical.

The 4BF The Four Bridges Forum The SAFE-BioPharma Digital Identity and Signature Standard.

Web Application Authentication with PKI & Other Functions Bill Weems & Mark B. Jones Academic Technology University of Texas Health Science Center at Houston.

Virginia Tech Overview of Tech Secure Enterprise Technology Initiatives e-Provisioning Group Frank Galligan Fed/Ed.

Cognizance Identity and Access Management Identity Management ● Authentication ● Authorization ● Administration The next generation security solution

Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.

Digital Certificates With Chuck Easttom. Digital Signatures  Digital Signature is usually the encryption of a message or message digest with the sender's.

RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.

Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam

Internet Trust Defined. Delivered. Electronic Business the Way It Was Meant to Be.

1 PKI Update September 2002 CSG Meeting Jim Jokl

Security Directions - Release 6 and beyond SearchDomino.com Webcast Patricia Booth Security and Directory Product Management 9/25/02.

ECE454/599 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2012.

Deploying PKI Inside Microsoft The experience of Microsoft in deploying its own corporate PKI Published: December 2003.

1. About Us ComPrompt Solutions is in the business of providing end to end information security solutions since a decade now. Till date we have successfully.

Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian.

Lecture 5.3: Key Distribution: Public Key Setting CS 436/636/736 Spring 2012 Nitesh Saxena.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.

Security Overview  System protection requirements areas  Types of information protection  Information Architecture dimensions  Public Key Infrastructure.

Module 9: Designing Public Key Infrastructure in Windows Server 2008.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

One Platform, One Solution: eToken TMS 5.1 Customer Presentation November 2009.

Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Identity Management Working Group 2006 Member Meeting Tempe, AZ Barry Ribbeck Rice University.

Profile for Portal-based Credential Services (POCS) Yoshio Tanaka International Grid Trust Federation APGrid PMA AIST.

Who’s watching your network The Certificate Authority In a Public Key Infrastructure, the CA component is responsible for issuing certificates. A certificate.

Protocols for public-key management. Key management –two problems Distribution of public keys (for public- key cryptography) Distribution of secret keys.

Belgian EID Card 15/12/2004 Derette Willy eID program manager.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Pkiuniversity.com. Alice Bob Honest Abe’s CA Simple PKI hierarchy.

Building a Fully Trusted Authentication Environment

Hajar Sabuur Johnson & Johnson Worldwide Information Security June 16, 2005

Using Public Key Cryptography Key management and public key infrastructures.

Digital Signatures and Digital Certificates Monil Adhikari.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

1 Public Key Infrastructure Dr. Rocky K. C. Chang 25 February, 2002.

1 Public Key Infrastructure Rocky K. C. Chang 6 March 2007.

Pertemuan #8 Key Management Kuliah Pengaman Jaringan.

Identity and Access Management

Secure Enterprise Technology Initiatives e-Provisioning Group

Contact Center Security Strategies

E-Lock ProSigner ProSigner means “Professional Signer” signifying the software that can apply legally enforceable Advanced electronic signatures to electronic.

Install AD Certificate Services

RSA Digital Certificate Solutions RSA Solutions for PKI David Mateju RSA Sales Consultant

Presentation transcript:

Johnson & Johnson’s Public Key Infrastructure Bob Stahl

Nov Johnson & Johnson The world’s largest and most comprehensive manufacturer of health care products Founded in 1886 Headquartered in New Brunswick, New Jersey Sales of $42 billion in operating companies in 50+ countries 109,000+ employees worldwide Customers in over 175 countries

Nov Baseline PKI Architecture JJEDS Enterprise Directory JJEDS Offline Root CA (ORCA) JJEDS Principal Online CA (POLCA) JJEDS CRL Distribution Website PKI and Directory Enabled Applications Authoritative Feeds - Employees, Partners, Servers, addresses, Windows IDs

Nov JJEDS PKI Principles Based on open standards Directory-driven  Directory is the global identity master Web-based, self service model Strong identity proofing Build and operate it ourselves Separate signing and encryption keys Hardware tokens preferred Support operation in FDA-validated environments

Nov Standards Based LDAP Directory X.509v3 Certificates and CRLs  RFC 2459, Internet X.509 Public Key Infrastructure Certificate and CRL Profile RFC 2527 Certificate Policy and Certificate Practice Statement  Rewrite underway based on RFC 3647

Nov Self-Service Registration 1. New employee, Alice, is entered into HR Database 2. Overnight, Alice has an entry in the Enterprise Directory 3. When Alice is ready to get her Digital Identity, she visits the JJEDS web site IVC 4. One-time codes are generated and ed to Alice and her supervisor Enterprise Directory CAC 4. Alice’s supervisor delivers her IVC to her person-to-person 5. Alice returns to JJEDS and authenticates with her IVC and CAC 6. Alice’s certificates are generated on her client, and provide only her ID, not her access privileges 8. Alice’s signature key is never duplicated -- her decryption key is escrowed for contingencies If Alice ever need to recover an old encryption key, she can do it herself 9. When Alice’s cert is about to expire or if her Name or changed, then she can revoke her old certificate and get a new one by herself. 7. Alice’s certificates are published to the Enterprise Directory and from there to the directory

Nov Security Vision Legal & Regulatory Compliance Directory- Centric Corporation (Global Identity Master) Eliminate Passwords Secure Electronic Transactions JJEDS Digital Identities Authoritative Sources Unique identities for people (and machines)

Nov Applications Directory took off on its own – 150,000+ active entries  WWID-based login  Workflow routing  Phonebook replacement  Online organization charts  Compliance tracking / training  lookups for applications

Nov PKI Applications Remote Access – 60,000+ users Secure  Research collaboration  Legal department  Marketing  Personnel discussions Adverse event reporting Skincare marketing intelligence web site SOX compliance reporting Ethics certification Coming Soon – Enterprise Apps  e.g., SAP, Oracle, Windows Login

Nov Next Leap - SAFE SAFE – Secure Access for Everyone What is it?  Biopharma industry consortium aimed at facilitating e-transactions through SAFE-wide digital credentials  Participants include J&J, Pfizer, Merck, GSK, Aventis, Lilly, PG, Novartis, others  Technology selected for use: PKI PKI perspective:  Additional emphasis on Digital Signatures

Nov SAFE Value Potential