Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Johnson & Johnson: Use of Public Key Technology Rich Guida Director, Information Security Rajesh Shah Sr. Consultant, Information Security.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Johnson & Johnson: Use of Public Key Technology Rich Guida Director, Information Security Rajesh Shah Sr. Consultant, Information Security."— Presentation transcript:

1 1 Johnson & Johnson: Use of Public Key Technology Rich Guida Director, Information Security Rajesh Shah Sr. Consultant, Information Security

2 2 Johnson & Johnson The world’s largest and most comprehensive manufacturer of health care products Founded in 1886 Headquartered in New Brunswick, NJ Sales of $36.3 billion in 2002 Over 198 operating companies in 54 countries Over 110,000 employees worldwide Customers in over 175 countries

3 3 Statistics 400+ UNIX servers; 1900+ WinNT/2000 servers 96,000+ desktops/laptops (Win2K) 60,000+ remote users –Employ two-factor authentication (currently SecurID, migrating to PKI) 50M+ e-mails/month; 50+ TB of storage 530+ internet and intranet servers, 3.3M+ website hits/day

4 4 Information Security Objectives Improve enterprise security posture Reduce costs and complexity of business processes Interoperate with partners, customers Comply efficiently with regulatory requirements Common thread to meet goals: Johnson & Johnson Enterprise Directory and PKI

5 5 Business Benefits Digital Signatures Creates digital original E-forms – greatly reduce paper Legal signature Guaranteed integrity Encryption Privacy Documents and files Protection on the Internet Digital identity Single identity Strong access control E-business enabler Remote access via internet Robust Directory Automated entries and admin. Enables process automation Single identity master for enterprise

6 6 Enterprise Directory Uses Active Directory forest –Separate from Win2K OS AD but some contents replicated Populated by authoritative sources only Uses World Wide Identifiers (WWIDs) as index Supports entire security framework –Source of all information put into certificates 250K+ entries (employees, partners, retirees, former) LDAP accessible

7 7 J&J PKI Directory centric – certificate subscriber must be in Enterprise Directory Certificates issued with supervisor ID proofing or through “group” registration process Simple hierarchy – root CA and subordinate online CA; FDA validated Standard form factor: hardware tokens (USB) Production deployment began mid-2003 –Total of over 12,000 certificates issued to date –Expect to issue > 100K certificates in 2003 Most important initial applications: –Remote authentication –Secure e-mail –Some enterprise applications

8 8 PKI-Enablement - Three Levels Authentication only (usually with transmission encryption) –Example is SSLv3 Persistent digital signature –Usually through digitally signed hash of document or file, or portion thereof Persistent encryption –Usually in conjunction with symmetric encryption –Public key used to encrypt symmetric key

9 9 PKI-Enablement Windows applications PKI-ready –Outlook 2000 “out of the box” under any version of Windows; MS Office XP; Internet Explorer Internal (home-grown) applications –Do it ourselves but with expert contractor help –Use FIPS validated libraries – MSCAPI and RSA BSafe preferred External software and service suppliers - e.g., Oracle, SAP, JDEdwards, Siebel, Documentum –Initial focus is authentication using SSLv3 (also get transmission encryption) –Successfully done with SAP already (digital signature work continuing) and with Oracle –Siebel/JDEdwards/Documentum also underway

10 10Observations Get identity infrastructure in place first – and ensure it is well-defined Prefer to have supervisors act as “local registration authorities” for subordinates Hard to do ROI calculation – just like e- mail Many enterprise applications are PKI- aware – and more are coming Good CP/CPS critical to success and discipline

11 11Challenges Getting people familiar with the token form factor (“plug it in”) Recovery from lost/locked token USB port congestion/power PDAs (CSP/PKCS11 support) Any problem becomes “PKI did it” Engineers being asked for legal advice (“when to dig sig e-mail”) Interoperability

12 12 Oracle Advanced Security Option Certificate based authentication

13 13 Business Drivers Secure communication with database from the middle tier Eliminate embedded passwords Reduce & simplify maintenance

14 14 Architecture

15 15 Test Environment Backend –HP-UX 11.0 –Oracle 8.1.7 Middle tier –MS W2K –MS IIS Client –MS IE 5.5

16 16 Next Steps/Enhancements Certificate Revocation List (CRL) checking Support within the Oracle tools allowing for Smartcard based logon (ex: SQLPlus connection using Smartcard) Ability to import externally generated certificates Ability to use of multiple wallets co-currently PKI based authentication within the E- Business suite Performance benchmarks Integration w/OS Certificate store instead of Oracle wallet manager

17 17 Thank you Questions…

Download ppt "1 Johnson & Johnson: Use of Public Key Technology Rich Guida Director, Information Security Rajesh Shah Sr. Consultant, Information Security."

Similar presentations

HCQ P MEDICARES HEALTH CARE QUALITY IMPROVEMENT PROGRAM QualityNet Exchange Dennis Stricker Director, Information Systems Group Office of Clinical Standards.

HCQ P MEDICARES HEALTH CARE QUALITY IMPROVEMENT PROGRAM QualityNet Exchange Dennis Stricker Director, Information Systems Group Office of Clinical Standards.
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Installation & User Guide

Installation & User Guide
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
EToken PRO Anywhere. Agenda  eToken PRO Anywhere Overview  Market background and target markets  Identifying the opportunity  Implementation and Pricing.

EToken PRO Anywhere. Agenda  eToken PRO Anywhere Overview  Market background and target markets  Identifying the opportunity  Implementation and Pricing.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.

ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
PETs and ID Management Privacy & Security Workshop JC Cannon Privacy Strategist Corporate Privacy Group Microsoft Corporation.

PETs and ID Management Privacy & Security Workshop JC Cannon Privacy Strategist Corporate Privacy Group Microsoft Corporation.
6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC513-01 Instructor:Professor Anvari Student ID:106845 Name:Xin Wen Date:11/25/00.

6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
Mobile Credentials Ennio J. Carboni Product Manager, Keon PKI

Mobile Credentials Ennio J. Carboni Product Manager, Keon PKI
Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.

Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.
Sentry: A Scalable Solution Margie Cashwell Senior Sales Engineer Sept 2000 Margie Cashwell Senior Sales Engineer

Sentry: A Scalable Solution Margie Cashwell Senior Sales Engineer Sept 2000 Margie Cashwell Senior Sales Engineer
Adoption of PKI Where are we, where should we be, what’s holding us back, and where do we want to go? And: what about authentication vs. authorization?

Adoption of PKI Where are we, where should we be, what’s holding us back, and where do we want to go? And: what about authentication vs. authorization?
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
E-Procurement: Digital Signatures and Role of Certifying Authorities Jagdeep S. Kochar CEO, (n)Code Solutions.

E-Procurement: Digital Signatures and Role of Certifying Authorities Jagdeep S. Kochar CEO, (n)Code Solutions.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Similar presentations

Ads by Google