1 Johnson & Johnson: Use of Public Key Technology Rich Guida Director, Information Security Rajesh Shah Sr. Consultant, Information Security.

Slides:



Advertisements
Similar presentations
HCQ P MEDICARES HEALTH CARE QUALITY IMPROVEMENT PROGRAM QualityNet Exchange Dennis Stricker Director, Information Systems Group Office of Clinical Standards.
Advertisements

Digital Certificate Installation & User Guide For Class-2 Certificates.
Installation & User Guide
Digital Certificate Installation & User Guide For Class-2 Certificates.
Digital Certificate Installation & User Guide For Class-2 Certificates.
EToken PRO Anywhere. Agenda  eToken PRO Anywhere Overview  Market background and target markets  Identifying the opportunity  Implementation and Pricing.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
PETs and ID Management Privacy & Security Workshop JC Cannon Privacy Strategist Corporate Privacy Group Microsoft Corporation.
6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
Mobile Credentials Ennio J. Carboni Product Manager, Keon PKI
Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.
Sentry: A Scalable Solution Margie Cashwell Senior Sales Engineer Sept 2000 Margie Cashwell Senior Sales Engineer
Adoption of PKI Where are we, where should we be, what’s holding us back, and where do we want to go? And: what about authentication vs. authorization?
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
E-Procurement: Digital Signatures and Role of Certifying Authorities Jagdeep S. Kochar CEO, (n)Code Solutions.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.
Johnson & Johnson Use of Public Key Technology Brian G. Walsh Senior Analyst, WWIS.
Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston.
TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
PKI-Enabled Applications That work! Linda Pruss Office of Campus Information Security
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Public Key Infrastructure from the Most Trusted Name in e-Security.
© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Automates Infrastructure Outsourcing.
Virginia Tech Overview of Tech Secure Enterprise Technology Initiatives e-Provisioning Group Frank Galligan Fed/Ed.
Cognizance Identity and Access Management Identity Management ● Authentication ● Authorization ● Administration The next generation security solution
Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.
Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.
RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.
Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam
Olivier Amiot Director, Enterprise Marketing Sierra Wireless mHealth.
Active Directory ® Certificate Services Infrastructure Planning and Design Published: June 2010 Updated: November 2011.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
Technology Overview. Agenda What’s New and Better in Windows Server 2003? Why Upgrade to Windows Server 2003 ?  From Windows NT 4.0  From Windows 2000.
Deploying PKI Inside Microsoft The experience of Microsoft in deploying its own corporate PKI Published: December 2003.
Johnson & Johnson’s Public Key Infrastructure Bob Stahl
MIS3300_Team8 Service Aron Allen Angela Chong Cameron Sutherland Edment Thai Nakyung Kim.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian.
Configuring Directory Certificate Services Lesson 13.
Simplify and Strengthen Security with Oracle Application Server Allan L Haensgen Senior Principal Instructor Oracle Corporation Session id:
06 APPLYING CRYPTOGRAPHY
Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.
1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.
Introduction to Public Key Infrastructure January 2004 CSG Meeting Jim Jokl.
Building Security into Your System Bill Major Gregory Ponto.
® Gradient Technologies, Inc. Inter-Cell Interworking Access Control Across the Boundary Open Group Members Meeting Sand Diego, CA USA April 1998 Brian.
Module 9: Designing Public Key Infrastructure in Windows Server 2008.
One Platform, One Solution: eToken TMS 5.1 Customer Presentation November 2009.
Windows 2000 Certificate Authority By Saunders Roesser.
Lieberman Software Random Password Manager & Two-Factor Authentication.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Security fundamentals Topic 5 Using a Public Key Infrastructure.
The Hierarchical Trust Model. PGP Certificate Server details Fast, efficient key repository –LDAP, HTTP interfaces Secure remote administration –“Pending”
VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.
Digital Disruption, Alfresco, and Digital Signatures Brian LaPointe VP Sales, Americas CoSign by ARX.
Product Manager, Keon PKI
Installation & User Guide
Secure Enterprise Technology Initiatives e-Provisioning Group
Public Key Infrastructure from the Most Trusted Name in e-Security
Installation & User Guide
E-Lock ProSigner ProSigner means “Professional Signer” signifying the software that can apply legally enforceable Advanced electronic signatures to electronic.
RSA Digital Certificate Solutions RSA Solutions for PKI David Mateju RSA Sales Consultant
National Trust Platform
Presentation transcript:

1 Johnson & Johnson: Use of Public Key Technology Rich Guida Director, Information Security Rajesh Shah Sr. Consultant, Information Security

2 Johnson & Johnson The world’s largest and most comprehensive manufacturer of health care products Founded in 1886 Headquartered in New Brunswick, NJ Sales of $36.3 billion in 2002 Over 198 operating companies in 54 countries Over 110,000 employees worldwide Customers in over 175 countries

3 Statistics 400+ UNIX servers; WinNT/2000 servers 96,000+ desktops/laptops (Win2K) 60,000+ remote users –Employ two-factor authentication (currently SecurID, migrating to PKI) 50M+ s/month; 50+ TB of storage 530+ internet and intranet servers, 3.3M+ website hits/day

4 Information Security Objectives Improve enterprise security posture Reduce costs and complexity of business processes Interoperate with partners, customers Comply efficiently with regulatory requirements Common thread to meet goals: Johnson & Johnson Enterprise Directory and PKI

5 Business Benefits Digital Signatures Creates digital original E-forms – greatly reduce paper Legal signature Guaranteed integrity Encryption Privacy Documents and files Protection on the Internet Digital identity Single identity Strong access control E-business enabler Remote access via internet Robust Directory Automated entries and admin. Enables process automation Single identity master for enterprise

6 Enterprise Directory Uses Active Directory forest –Separate from Win2K OS AD but some contents replicated Populated by authoritative sources only Uses World Wide Identifiers (WWIDs) as index Supports entire security framework –Source of all information put into certificates 250K+ entries (employees, partners, retirees, former) LDAP accessible

7 J&J PKI Directory centric – certificate subscriber must be in Enterprise Directory Certificates issued with supervisor ID proofing or through “group” registration process Simple hierarchy – root CA and subordinate online CA; FDA validated Standard form factor: hardware tokens (USB) Production deployment began mid-2003 –Total of over 12,000 certificates issued to date –Expect to issue > 100K certificates in 2003 Most important initial applications: –Remote authentication –Secure –Some enterprise applications

8 PKI-Enablement - Three Levels Authentication only (usually with transmission encryption) –Example is SSLv3 Persistent digital signature –Usually through digitally signed hash of document or file, or portion thereof Persistent encryption –Usually in conjunction with symmetric encryption –Public key used to encrypt symmetric key

9 PKI-Enablement Windows applications PKI-ready –Outlook 2000 “out of the box” under any version of Windows; MS Office XP; Internet Explorer Internal (home-grown) applications –Do it ourselves but with expert contractor help –Use FIPS validated libraries – MSCAPI and RSA BSafe preferred External software and service suppliers - e.g., Oracle, SAP, JDEdwards, Siebel, Documentum –Initial focus is authentication using SSLv3 (also get transmission encryption) –Successfully done with SAP already (digital signature work continuing) and with Oracle –Siebel/JDEdwards/Documentum also underway

10Observations Get identity infrastructure in place first – and ensure it is well-defined Prefer to have supervisors act as “local registration authorities” for subordinates Hard to do ROI calculation – just like e- mail Many enterprise applications are PKI- aware – and more are coming Good CP/CPS critical to success and discipline

11Challenges Getting people familiar with the token form factor (“plug it in”) Recovery from lost/locked token USB port congestion/power PDAs (CSP/PKCS11 support) Any problem becomes “PKI did it” Engineers being asked for legal advice (“when to dig sig ”) Interoperability

12 Oracle Advanced Security Option Certificate based authentication

13 Business Drivers Secure communication with database from the middle tier Eliminate embedded passwords Reduce & simplify maintenance

14 Architecture

15 Test Environment Backend –HP-UX 11.0 –Oracle Middle tier –MS W2K –MS IIS Client –MS IE 5.5

16 Next Steps/Enhancements Certificate Revocation List (CRL) checking Support within the Oracle tools allowing for Smartcard based logon (ex: SQLPlus connection using Smartcard) Ability to import externally generated certificates Ability to use of multiple wallets co-currently PKI based authentication within the E- Business suite Performance benchmarks Integration w/OS Certificate store instead of Oracle wallet manager

17 Thank you Questions…

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.