George Rathbun, director of IT architecture at Pfizer, is also the CTO for SAFE-BioPharma, the US pharmaceutical industry group coordinating secure sharing of information with physicians as well as others. SAFE members, including Johnson & Johnson, Abbott Labs, Bristol-Myers-Squibb, Proctor & Gamble, and Merck and GlaxoSmithKline, have embarked on a shared authentication approach, based on public-key infrastructure cross-certification. Rathbun recently discussed how this security programme works and what its implications are for users.
How many members does SAFE have, and what has the organisation accomplished since its founding?
SAFE, which stands for Signatures and Authentication for Everyone, was established about one and a half years ago to meet the challenge of global online identification of individuals in the pharmaceutical industry. We now have 30 [corporate and government] members. We initially looked at sharing a single directory, a database of personal information, to have a single authentication source. But, instead, we went with an approach to public-key infrastructure (PKI) and digital certificates based on a bridge.
What is that exactly?
A bridge is a certificate authority dedicated to issuing certificates for bridging multiple certificate technologies. Today, there’s a SAFE bridge certificate authority that issues cross-certificates to anyone that’s part of it. We call it the “trust bridge.” It’s maintained by a vendor, CyberTrust.
So, how does this digital-certificate cross-certification work for SAFE members?
Well, for example, all of the workforce at Johnson & Johnson is already PKI-enabled internally with their own digital certificates. J&J elected to have their corporation certified with the trust bridge. To do that J&J went to a cross-certification ceremony, where agents from J&J made sure the certificate authorities were aligned and there were no discrepancies between policies. It was quite a bit of work. But it creates a trusted network of [certificate authorities] for authentication.
So, how does all this technical effort come to serve business goals?
Doctors in hospitals are often participating in clinical trials. Intellectual property, such as laboratory notebooks and human studies, have to be signed by them or others. Today, documents receive wet signatures on paper, which are scanned. The goal is to do this electronically, with digitally signed documents, all [being] time-stamped. The SAFE authentication model means the doctor doesn’t have to get a digital certificate from each company but just one issued under SAFE.
So, how is that proceeding?
The current strategy is to have members invite doctors into this and pay for their certificates. It also requires a hardware device, too, to hold the certificate — a USB token or smart card. We believe that the Trusted Computing Group’s Trusted Platform Module might also lend itself to this hardware model.
Why does SAFE insist on hardware-based certificates rather than software-based?
It was done from the point of view of the legal framework and policies that govern use of credentials. In the legal analysis, it was an issue of non-repudiation and property protection, so that in a court of law the digitally signed document would still be accepted. With the soft certificates, the question is, would it hold up in court? Someone could ghost my machine or steal my password. But the Food and Drug Administration has said they’d consider soft certificates for submissions.
What’s the biggest challenge in getting SAFE in use today, if it’s not mandatory?
The challenge is the cost, which can range from US$30 to $150. And we can’t make the assumption the doctor alone reviews documents. Today, it’s a preference among SAFE members to use the SAFE token in clinical trials, but we recognise there are still going to be wet-signed documents.