Johnson & Johnson’sJohnson & Johnson’sPublic Key InfrastructurePublic Key Infrastructure

Bob Stahlrstahl@corus.jnj.com

Nov-2004 - 2

Johnson & JohnsonJohnson & Johnson

•The world’s largest and most comprehensive manufacturer of health care products

•Founded in 1886•Headquartered in New Brunswick, New

Jersey•Sales of $42 billion in 2003•200+ operating companies in 50+ countries•109,000+ employees worldwide•Customers in over 175 countries

Nov-2004 - 3

Baseline PKI ArchitectureBaseline PKI Architecture

JJEDSEnterpriseDirectory

JJEDSOffline Root CA

(ORCA)

JJEDS PrincipalOnline CA(POLCA)

JJEDSCRL

DistributionWebsite

PKI and Directory EnabledApplications

AuthoritativeFeeds -

Employees,Partners,Servers,

Email addresses,Windows IDs

Nov-2004 - 4

JJEDS PKI PrinciplesJJEDS PKI Principles

•Based on open standards•Directory-driven

Directory is the global identity master

•Web-based, self service model •Strong identity proofing•Build and operate it ourselves•Separate signing and encryption keys•Hardware tokens preferred•Support operation in FDA-validated

environments

Nov-2004 - 5

Standards BasedStandards Based

•LDAP Directory•X.509v3 Certificates and CRLs

RFC 2459, Internet X.509 Public Key Infrastructure Certificate and CRL Profile

•RFC 2527 Certificate Policy and Certificate Practice Statement Rewrite underway based on RFC 3647

Nov-2004 - 6

Self-Service RegistrationSelf-Service Registration1. New employee, Alice, is entered into HR Database

2. Overnight, Alice has an entry in the Enterprise Directory

3. When Alice is ready to get her Digital Identity, she visits the JJEDS web site

IVC

4. One-time codes are generated and emailed to Alice and her supervisor

EnterpriseDirectory

CAC

4. Alice’s supervisor delivers her IVC to her person-to-person5. Alice returns to JJEDS and

authenticates with her IVC and CAC

6. Alice’s certificates are generated on her client, and provide only her ID, not her access privileges

8. Alice’s signature key is never duplicated -- her decryption key is escrowed for contingencies

If Alice ever need to recover an old encryption key, she can do it herself

9. When Alice’s cert is about to expire or if her Name or Email changed, then she can revoke her old certificate and get a new one by herself.

7. Alice’s certificates are published to the Enterprise Directory and from there to the Email directory

Nov-2004 - 7

Security VisionSecurity Vision

Legal & RegulatoryComplianc

e

Directory-Centric

Corporation (Global

Identity Master)Eliminate

PasswordsSecure

ElectronicTransactions

JJEDSDigital Identities

Authoritative Sources

Unique identities for people

(and machines)

Nov-2004 - 8

ApplicationsApplications

•Directory took off on its own – 150,000+ active entries WWID-based login Workflow routing Phonebook replacement Online organization charts Compliance tracking / training Email lookups for applications

Nov-2004 - 9

PKI ApplicationsPKI Applications

• Remote Access – 60,000+ users• Secure Email

Research collaboration Legal department Marketing Personnel discussions

• Adverse event reporting• Skincare marketing intelligence web site• SOX compliance reporting• Ethics certification• Coming Soon – Enterprise Apps

e.g., SAP, Oracle, Windows Login

Nov-2004 - 10

Next Leap - SAFENext Leap - SAFE

•SAFE – Secure Access for Everyone•What is it?

Biopharma industry consortium aimed at facilitating e-transactions through SAFE-wide digital credentials

Participants include J&J, Pfizer, Merck, GSK, Aventis, Lilly, PG, Novartis, others

Technology selected for use: PKI

•PKI perspective: Additional emphasis on Digital Signatures

Nov-2004 - 11

SAFE Value PotentialSAFE Value Potential