johnson & johnson’s public key infrastructure bob stahl [email protected]
TRANSCRIPT
Johnson & Johnson’sJohnson & Johnson’sPublic Key InfrastructurePublic Key Infrastructure
Nov-2004 - 2
Johnson & JohnsonJohnson & Johnson
•The world’s largest and most comprehensive manufacturer of health care products
•Founded in 1886•Headquartered in New Brunswick, New
Jersey•Sales of $42 billion in 2003•200+ operating companies in 50+ countries•109,000+ employees worldwide•Customers in over 175 countries
Nov-2004 - 3
Baseline PKI ArchitectureBaseline PKI Architecture
JJEDSEnterpriseDirectory
JJEDSOffline Root CA
(ORCA)
JJEDS PrincipalOnline CA(POLCA)
JJEDSCRL
DistributionWebsite
PKI and Directory EnabledApplications
AuthoritativeFeeds -
Employees,Partners,Servers,
Email addresses,Windows IDs
Nov-2004 - 4
JJEDS PKI PrinciplesJJEDS PKI Principles
•Based on open standards•Directory-driven
Directory is the global identity master
•Web-based, self service model •Strong identity proofing•Build and operate it ourselves•Separate signing and encryption keys•Hardware tokens preferred•Support operation in FDA-validated
environments
Nov-2004 - 5
Standards BasedStandards Based
•LDAP Directory•X.509v3 Certificates and CRLs
RFC 2459, Internet X.509 Public Key Infrastructure Certificate and CRL Profile
•RFC 2527 Certificate Policy and Certificate Practice Statement Rewrite underway based on RFC 3647
Nov-2004 - 6
Self-Service RegistrationSelf-Service Registration1. New employee, Alice, is entered into HR Database
2. Overnight, Alice has an entry in the Enterprise Directory
3. When Alice is ready to get her Digital Identity, she visits the JJEDS web site
IVC
4. One-time codes are generated and emailed to Alice and her supervisor
EnterpriseDirectory
CAC
4. Alice’s supervisor delivers her IVC to her person-to-person5. Alice returns to JJEDS and
authenticates with her IVC and CAC
6. Alice’s certificates are generated on her client, and provide only her ID, not her access privileges
8. Alice’s signature key is never duplicated -- her decryption key is escrowed for contingencies
If Alice ever need to recover an old encryption key, she can do it herself
9. When Alice’s cert is about to expire or if her Name or Email changed, then she can revoke her old certificate and get a new one by herself.
7. Alice’s certificates are published to the Enterprise Directory and from there to the Email directory
Nov-2004 - 7
Security VisionSecurity Vision
Legal & RegulatoryComplianc
e
Directory-Centric
Corporation (Global
Identity Master)Eliminate
PasswordsSecure
ElectronicTransactions
JJEDSDigital Identities
Authoritative Sources
Unique identities for people
(and machines)
Nov-2004 - 8
ApplicationsApplications
•Directory took off on its own – 150,000+ active entries WWID-based login Workflow routing Phonebook replacement Online organization charts Compliance tracking / training Email lookups for applications
Nov-2004 - 9
PKI ApplicationsPKI Applications
• Remote Access – 60,000+ users• Secure Email
Research collaboration Legal department Marketing Personnel discussions
• Adverse event reporting• Skincare marketing intelligence web site• SOX compliance reporting• Ethics certification• Coming Soon – Enterprise Apps
e.g., SAP, Oracle, Windows Login
Nov-2004 - 10
Next Leap - SAFENext Leap - SAFE
•SAFE – Secure Access for Everyone•What is it?
Biopharma industry consortium aimed at facilitating e-transactions through SAFE-wide digital credentials
Participants include J&J, Pfizer, Merck, GSK, Aventis, Lilly, PG, Novartis, others
Technology selected for use: PKI
•PKI perspective: Additional emphasis on Digital Signatures
Nov-2004 - 11
SAFE Value PotentialSAFE Value Potential