Professional Documents
Culture Documents
Bob Stahl
rstahl@corus.jnj.com
Johnson & Johnson
• The world’s largest and most comprehensive
manufacturer of health care products
• Founded in 1886
• Headquartered in New Brunswick, New Jersey
• Sales of $42 billion in 2003
• 200+ operating companies in 50+ countries
• 109,000+ employees worldwide
• Customers in over 175 countries
Nov-2004 - 2
Baseline PKI Architecture
JJEDS JJEDS
Authoritative Offline Root CA CRL
Feeds -
Employees, JJEDS (ORCA) Distribution
Partners,
Enterprise JJEDS Principal Website
Servers,
Email addresses, Directory Online CA
Windows IDs (POLCA)
Nov-2004 - 3
JJEDS PKI Principles
• Based on open standards
• Directory-driven
Directory is the global identity master
• Web-based, self service model
• Strong identity proofing
• Build and operate it ourselves
• Separate signing and encryption keys
• Hardware tokens preferred
• Support operation in FDA-validated environments
Nov-2004 - 4
Standards Based
• LDAP Directory
• X.509v3 Certificates and CRLs
RFC 2459, Internet X.509 Public Key
Infrastructure Certificate and CRL Profile
• RFC 2527 Certificate Policy and
Certificate Practice Statement
Rewrite underway based on RFC 3647
Nov-2004 - 5
Self-Service Registration
1. New employee, 2. Overnight, Alice has
Alice, is entered an entry in the
Enterprise
into HR Database Enterprise Directory
Directory
4. One-time codes are generated
3. When Alice is ready to get and emailed to Alice and her
her Digital Identity, she visits supervisor
the JJEDS web site
CAC IVC
Nov-2004 - 6
Security Vision
Directory- Unique Legal &
Centric identities Regulatory
Corporation for people Compliance
(Global (and
Identity machines)
Eliminate Master) Secure
Passwords Electronic
Transactions
JJEDS
Digital Identities
Authoritative Sources
Nov-2004 - 7
Applications
• Directory took off on its own –
150,000+ active entries
WWID-based login
Workflow routing
Phonebook replacement
Online organization charts
Compliance tracking / training
Email lookups for applications
Nov-2004 - 8
PKI Applications
• Remote Access – 60,000+ users
• Secure Email
Research collaboration
Legal department
Marketing
Personnel discussions
• Adverse event reporting
• Skincare marketing intelligence web site
• SOX compliance reporting
• Ethics certification
• Coming Soon – Enterprise Apps
e.g., SAP, Oracle, Windows Login
Nov-2004 - 9
Next Leap - SAFE
• SAFE – Secure Access for Everyone
• What is it?
Biopharma industry consortium aimed at facilitating
e-transactions through SAFE-wide digital credentials
Participants include J&J, Pfizer, Merck, GSK,
Aventis, Lilly, PG, Novartis, others
Technology selected for use: PKI
• PKI perspective:
Additional emphasis on Digital Signatures
Nov-2004 - 10
SAFE Value Potential
Nov-2004 - 11