Keeping documents SAFE in the healthcare, pharmaceutical industries

Security: Identity Management This newsletter is sponsored by Secure Computing Webinar: Network Security Learn how token-based, one-time password authentication systems can help enterprises reduce business risk, better comply with regulations, are easy to manage and most importantly keep networks secure. Tune in to this webinar. Network World's Security: Identity Management Newsletter, 10/29/07 Keeping documents SAFE in the healthcare, pharmaceutical industries By Dave Kearns When you think digital signatures, most of you probably also think public-key infrastructure (PKI). But some of you may think beyond PKI, especially if you’re in the healthcare or pharmaceutical industries. SAFE (Signatures and Authentication for Everyone) is a protocol that builds on PKI, adding in two-factor authentication, to create a standard that includes both business policies and technical specifications – the two facets needed for a successful identity management implementation of any type. Among the key aspects of the SAFE system are: * Legal enforceability - SAFE credentials and the digital signatures they create are the legal equivalent of an ink-based signature. SAFE signatures meet three key legal criteria. With authentication, you are sure of the identity of the person who provided the signature. With integrity, you are sure the document has not been altered since it was signed. With non-repudiation, you are sure that the sender cannot say he didn't sign the document. Webcast: Get the latest on NAC Learn the latest on Network Access Control in Network Worlds Perspectives Editorial Webcast. Discover how IT professionals can leverage this hot security technology in their networks, while also learning about key management areas that have not yet been perfected. To learn more click here. * Regulatory compliance - The SAFE standard meets or exceeds regulatory guidelines for 21 CFR Part 11 (U.S. Food and Drug Administration) and HIPAA. But SAFE is also designed to meet similar international guidelines. * Strong security - With two-factor authentication, users need both their SAFE credential and their passcode to digitally sign a document. This is similar to automatic teller machines, which require people to provide both their ATM card and their PIN. The standard uses PKI to apply digital signatures to documents and to assure the integrity of their content. This is not, however, a “public” standard. Only members of the SAFE-BioPharma Association can use it, and membership isn't cheap, ranging from $6,000 to $120,000 per year. That’s worth it to those in the pharmaceutical industries, though, as it can save millions in paperwork that is the only alternative when presenting to the FDA. Authentication vendor TriCipher recently joined the SAFE-BioPharma Association Vendor Partner Program, announcing that SAFE-approved credentials will seamlessly operate on TriCipher Armored Credential System (TACS), the company’s strong authentication platform leveraging a variety of multi-factor credentials. At about the same time, Arcot Systems announced that its SignFort now allows electronic documents to be signed with SAFE digital signatures from any location without tokens, smart cards or software stored on desktops. Further, the SignFort application provides strong authentication of the user before allowing access to the SAFE credential. Other authentication vendors should look to SAFE, while other industries needing strong signature technology should be investigating the use of SAFE. Upcoming events from the IdM Journal calendar: * Nov. 15-16: Web 2.0 Expo, Tokyo, Japan * Nov. 15-17 CARTES, Paris, France * Nov. 20-21: The Digital Identity Forum, London  Editor's note: Starting Monday, Nov, 12, this newsletter will be renamed "Security: Identity Management Alert." Subscribers to the HTML version of this newsletter will notice some enhancements that will provide you with access to more resources relevant to identity management. You will still receive Dave Kearns' analysis of this market, which you will be able to read in its entirety online at NetworkWorld.com, along with links to relevant news headlines of the day. We hope you enjoy the enhancements and we thank you for reading Network World newsletters.   What do you think? Post a comment on this newsletter

MOST-READ STORIES: 1. Networking's 50 greatest arguments 2. Unlimited gall to cost Verizon $1 million 3. Storm worm strikes back at security pros 4. Senate passes Internet tax moratorium 5. Vonage settles Verizon patent dispute 6. Cisco certifications: All you need to know 7. 10 reasons ITIL spooks IT managers 8. RealPlayer exploit, hijacked ad server mystery 9. Top 20 Firefox extensions 10. Hackers use Cisco VoIP to access network FEATURED BUYER'S GUDIE: Tape Library, your one-stop shop

Contact the author: Dave Kearns is the editor of IdM, the Journal of Identity Management as well as a consultant to both vendors and users of IdM technologies. He's written a number of books including the (sadly) now out of print "Complete Guide to eDirectory." His other musings can be found at the Virtual Quill, an Internet publisher which provides content services to network vendors: books, manuals, white papers, lectures and seminars, marketing, technical marketing and support documents. Virtual Quill provides "words to sell by..." Find out more by e-mail. Comments to this newsletter can be e-mailed to Dave here.  This newsletter is sponsored by Secure Computing Webinar: Network Security Learn how token-based, one-time password authentication systems can help enterprises reduce business risk, better comply with regulations, are easy to manage and most importantly keep networks secure. Tune in to this webinar. ARCHIVE Archive of the Security: Identity Management Newsletter. BONUS FEATURE 90% of IT Managers are leaving their company at risk for a DNS ATTACK. Get the tools and resources you need to keep your DNS healthy and secure. Run a DNSreport on your domain today - 56 critical tests run in 8 seconds. Visit www.dnsreport.com to learn more. (apply coupon NWW2007NLA for a 25% membership discount) PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007