eln eln authentication: navigating a sea of options aug 2010 eln authentication m... · scientifi...

Scientifi cComputing.com 16 August 2011

I n an increasingly electronic R&D world, data must be stored securely for privacy, intellectual property protection,

quality, regulatory, and for competi-tive reasons. As organizations move from controlled paper notebooks to an open and collaborative ELN work environment, there are record man-agement risks that must be addressed. Valuable intellectual property can be

ELN

ELN Authentication:Navigating a Sea of Options

Michael H. Elliott

subject to theft, and databases are susceptible to data-altering malware and hackers. An organization must have consistent, audited and proven record management practices that are enforced across the entire spectrum of their R&D operations.

The effective management and control of e-records assists in their admission into a U.S. court proceeding, either for civil suits or patent interfer-ences. Records must pass criteria to be admissible under the “business records exception” of the Federal Rules of Evidence to avoid being classifi ed as hearsay in situations where the person who created the records is not available to testify. The U.S. Federal Judicial Center’s Manual for Complex Litigation 1 notes that a judge should “consider the accuracy of computer-ized evidence” and a “proponent of computerized evidence has the burden of laying a proper foundation by establishing its accuracy.” In the case

In Re Vee Vinhnee,2 the appellate court affi rmed the lower court’s denial of electronic records admission, noting that the “focus is not on the circum-stances of the creation of the record, but rather on the circumstances of the preservation of the record during the time it is in the fi le so as to assure that the document being proffered is the same as the document that was origi-nally created.” In Lorraine v. Markel,3 Judge Paul Grimm wrote, “If it is criti-cal to the success of your case to admit into evidence computer stored records, it would be prudent to plan to authen-ticate the record by the most rigorous standard that may be applied. If less is required, then luck was with you.”

AUTHENTICATION TECHNOLOGYFortunately, to avoid being lucky,

there are a number of technologies used with ELN products to establish the authenticity of both users and records. There are electronic signa-

tures, hash digests, checksums and so forth. What technologies are used is dependent on the needs of the par-ticular user, the environment and the philosophy of the supplier.

Most all ELN records are elec-tronically signed at some juncture for approvals and/or IP witnessing. Elec-tronic signatures can be a confusing topic, since many terms are frequently improperly applied. “Electronic signature” is a broad defi nition that includes many forms of signatures, such as an electronic reproduction of a person’s handwritten signature, bio-metric stamping, username/passwords, e-mail headers or digital signature. “Digital signature” is often mistak-enly used as the comprehensive term. Digital signatures are based on cryp-tography and adhere to the principle of “non-repudiation,” which means it cannot be denied that someone cre-ated or signed a record. The simpler forms of electronic signature can be

SC17_ELN_.indd 16SC17_ELN_.indd 16 8/11/2011 8:45:47 AM8/11/2011 8:45:47 AM

Scientifi cComputing.com

easily repudiated, e.g., hacking a user’s password. The International Standards Organization (ISO) defi nes digital signatures as “data appended to, or a cryp-tographic transformation of a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery, e.g. by the recipient.4” In essence, a mathematical function is applied, and the outcome of the function is attached to the record to ensure authenticity.

The concept of a “hash” function needs to be described, as this process is used natively in ELN products and in combination with the digital signature process. Cryptographic hash functions create an identifi er based on an algorithmic diges-tion of a record. Since this “hash value” is based on the contents of the record processed, it is unique. Therefore, it is also known as a “digital fi ngerprint.” If the record content changes, re-hashing the record will result in a new fi ngerprint value; the system or user will know that this fi le has altered during transmission or storage. Some systems retain the hash value in the database, using it for detec-tion of a new version of a record or for monitoring unauthorized changes.

There are many hash algorithms developed over the years, such as MD5, RIPEMD, and SHA-1 (Secure Hash Algorithm) and SHA-2. Several of the older algorithms, like the 160-bit SHA-1, have been proven to be vulnerable to hack-ing. The U.S. National Institute of Standards and Technology (NIST) now sug-gests the SHA-2 algorithm, which uses 256-, 384- or 512-bit digests. The SHA-3 standard, said to be even more sophisticated, is under development and is due to be released next year.

Another important concept to consider is “encryption.” Encryption is a cryptographic technique for obscuring a record to make it unreadable without special tools or knowledge to decrypt it. A cipher is used for the encryption and decryption process and, in many cases, a “key” is used to modify the cipher algorithm. Having the correct key will allow the algorithm to function properly. The analogy is a door lockset; the cipher is the lock itself, while the key allows the door to open.

In symmetric encryption, or “secret key” cryptography, the same key is used for encrypting and decrypting the record. In other words, you hand the key over to the person on the other side of the door to unlock it. In asymmetric encryption, or “public key” cryptography, different keys are used. In digital signatures, a “private key” is used to encrypt a fi le, and a public key is used to decrypt it. These keys adhere to non-repudiation; each key cannot undo its own particular function. Once a fi le is

ELN

Electronic Laboratory Notebook On-Demand Webcasts

Missed these live webinars? Register today and watch them at your convenience!

Bringing the Electronic Lab Notebook to Life for Analytical ScientistsThe Pfizer electronic lab notebook (eLN) project was launched in the Pharmaceutical Sciences division in 2006 and the eLN is now used by hundreds of scientists in multiple locations. In this webinar, Pfizer shares their experience in selecting and implementing an eLN for use by analytical chemists in both regulated and non-regulated laboratory environments.

Driving End-to-End Drug Development through an Electronic Lab Notebook

In this webinar, Johnson & Johnson describe how they implemented an ELN in their large and small molecule API, and their drug product and analytical groups, and how these teams are working together more efficiently and productively as a result.

Stan PiperPrincipal Scientist eLN Business Lead Pfizer Global R&D

Joel HansonGlobal Head, Research ITJohnson & Johnson Pharmaceutical R&D

Learn more. Visit accelrys.com/eln

Sponsored by: Hosted by:



Continued on page 20

encrypted, the private key cannot unlock it. In the door analogy, your key to lock the door is different than another’s used on the other side of the door to unlock it.

PUBLIC KEY INFRASTRUCTUREThe Public Key Infrastructure (PKI) X.509 standard uses digital signatures

based on asymmetric encryption. The goals of PKI are to create a trusted rela-tionship between one party and another to authenticate their identities, guaran-tee the integrity of a data transmission, and to ensure privacy.

PKI utilizes the concept of digital certifi cates, which are a type of passport describing certain characteristics of the signer. These certifi cates act as a form of guarantee to prove the signer’s authenticity. A user’s identity is matched to a public key, and the details about the encryption algorithm are contained in the certifi cate. These are issued by what is known as a Certifi cate Authority (CA), which verifi es the identity of the user. Just like a passport, these certifi cates have a specifi ed period of validity and can be revoked.

In ELN, one of the most common uses of PKI is signing PDF renditions of note-book records. Usually created after the completion of an experiment, the PDF fi les are signed by an author and witness, attesting the record. The signatures are embed-ded into the document and the signer’s identity can be verifi ed against the certifi cate authority. Any alteration of the record will invalidate the signatures. Many larger companies post these signed PDFs to another repository, often a document manage-ment system and/or an outside third-party records management service.

The bifurcation of IP storage from ELN is for several reasons. Many of the larger biopharmaceutical companies use multiple ELN products, and they want

a common signature and storage process across all of them. Also, not all IP is generated from ELN, so there is a need for a comprehensive archiving solution. There also is fear that the life of the records will outlive the business existence of the ELN supplier, so it is better to store records in an industry-standard format rather than rely on a supplier’s proprietary structure.

Though very robust and well-established in the market, the use of PKI is not without its challenges. The exact implementation of PKI is a bit unique to the specifi c provider of the technology, and there are many fl avors on the market. The infrastructure to support it can be quite daunting for small- or medium-size organizations; not only do the costs of the technology have to be considered, but the policies, procedures and administration have to be taken into account for the total cost of ownership. It is a matter of risk analysis and a balance between costs and the potential exposure to your data.

The closest we have to a standard ELN digital signature methodology is from the SAFE-BioPhama Association (SAFE). The association was formed by a con-sortium of companies and suppliers with a mission to streamline digital authen-tication and rights management, primarily in the biopharmaceutical industry. Faced with a complex matrix of overlapping and potentially confl icting digital signature products across a number of disciplines and partners, member compa-nies wanted a unifi ed authentication methodology.

Recognized by the FDA and the European Medicines Agency (EMA), SAFE is compatible with the PKI X.509 standard. SAFE accredits select CAs which must meet the SAFE standard for credential services. In this manner, CAs can exist be-hind the fi rewall of an organization or be hosted by a third party. Any accredited organization can establish secure data transmittal with another using a SAFE Bridge Certifi cate Authority (SBCA). This allows verifi cation of identities outside the company, such as employees of a contract research organization or partner. SAFE requires the use of a hardware identity device, such as a smart card or USB token for a key linked to a specifi c individual.

Abbott, Bristol-Myers Squibb, GlaxoSmithKline, Pfi zer and Sanofi -Aventis are among the companies that employ SAFE digital signatures in their ELN workfl ow. ELN suppliers Accelrys, Agilent, IDBS and Waters have integrated the standard into their systems (Accelrys, IDBS and Waters are certifi ed members.)

ELN

Figure 1: Hashing creates a unique fingerprint



Continued from page 18

Digital notarization company Surety, used natively by several ELN suppliers, has worked to integrate their cryptographically based record timestamp service with SAFE’s identity management technology.

VENDOR APPROACHESThere is no collective standard, let alone common approach, to record au-

thentication and digital signatures across ELN products. Each vendor has taken a slightly different slant, and opinions vary about the robustness required in a typical installation. This does induce some risk, as your electronic records may outlive your system. Therefore, potential ELN users are advised to determine their risk profi le and the capabilities they require as a component of their prod-uct evaluation. Below are several vendor approaches:� Accelrys – In the company’s recently acquired Contur ELN, there are a number

of options for record authentication and integrity. After publishing experimen-tal content in PDF format, a digital fi ngerprint is produced using the SHA-2 (512 bit) cryptographic hash algorithm and stored with the record. The user has an option to post records to IP.com, leveraging the Web site’s Surety-based digital timestamping service. In Accelrys’ Symyx Notebook, records are stored in a proprietary binary format that must be interpreted by the system’s middle tier. Any backdoor attempt at changes may create an incompatible record. SHA-2 (256 bit) hashes are available, but only through customization via the product’s software development kit (SDK). With either ELN, PDF/A (PDF Archive format, ISO standard ISO 19005-1:2005) records can be created for archiving purposes and signed through SAFE or other digital signature technology. The signed records can be forwarded to a customer’s IP repository. This process can be automated via customization using the SDK.

� Agilent – In OpenLAB ELN, PDFs are created during the signature process, stored in the ELN, and can be electronically signed through a variety of methods. The system comes with the ability to sign, using a server certifi cate, a SHA-1 hash of the PDF. An admin module permits integrity checks on the experiment records to discover any unapproved alteration. Agilent supports SAFE-compliant signatures and also has partnered with Surety to integrate their timestamping notarization technology. Signed PDFs can be exported to

the XMLDsig (XML digital signature standard format) if desired. For long-term retention, signed documents can be archived to their OpenLAB Enter-prise Content Management (ECM) system.

� IDBS – E-Workbook does not natively encrypt the data stored in the database, though the company says they have clients that have done so via third-party tools. They abstract the database via synonyms to view schema objects with-out ownership rights. Signoffs are through digital signatures, and certifi cates can be obtained from a customer’s certifi cate authority or from the E-Work-book server; the user identity may be the user’s login certifi cate. Hashing

ELN

Figure 2: Digital signature, forwarding and verification to prove authenticity



can be either SHA-1 or SHA-2, depending on the preference of the customer. Time-stamping of the signatures can be from the database server or from an external timestamping service. IP archiving is through the generation of PDF/A documents, which can be digitally signed via SAFE or other signature technol-ogy via customization. Signed records can be forwarded to a client’s master IP archive or pushed automatically via customization.

� LabWare – LabWare ELN is built from the core of their LabWare LIMS and leverages much of the existing record management functionality. As with other systems, records are time stamped via the server, and audit trail records are pro-duced upon creation and any subsequent activity. Audit records are encrypted in the database. Their auditor function enables an administrator to recreate the ELN records at any given time in their lifecycle. Electronic signatures are pos-sible, along with a checksum (similar to a hash function) to ensure integrity. As the product is installed mainly in areas that are less concerned with intellectual property protection (e.g., late-stage analytical and quality), customers generally maintain the data in the database, rather than post records to an outside archive.

� PerkinElmer Informatics (formerly CambridgeSoft) – Out of the box, E-Notebook supports the XML digital signature standard (XMLDsig) asso-ciating an XML signature fi le with a signed PDF. Users fi rst create a PDF of the notebook record(s), hash the document via SHA-1, and asymmetrically encrypt it using the server as an electronic notary. Some clients also have integrated their own PKI infrastructure (e.g., SAFE) via E-Notebook’s applica-tion program interface. Others digitally sign PDFs external of the application using tools like Adobe LiveCycle. The ELN comes with a module known as “Long Term Archive” (LTA), which is an Oracle database for long-term re-cord retention. The signature workfl ow can automatically post records to LTA after signature, and the module comes with tools for monitoring and verifying signatures. ELN records are not encrypted in the database.

� Rescentris – Every notebook entry in the company’s CERF system is a set of sepa-rate records, each with its own MD5 hash digest. This value is stored with each record to detect content changes. CERF’s workfl ow signs each of the records in the set, uniquely applying the U.S. federal government’s Digital Signature Algorithm (DSA). For archiving, the company says they have an automated solution enabling a signed PDF to be submitted (via a Web service) to a third-party archive like Iron Mountain. A link is created between a global identifi er in the database and

ELN

the record’s location in the archive to enable search and retrieval of historical documents.

� VelQuest – The SmartLAB procedure execution system leverages Oracle’s Transparent Data Encryption (TDE) technol-ogy to protect record privacy. If records are exported, the company applies an Advanced Encryption Standard (AES) which is a symmetric-key encryption. Throughout the application — and dependent on the module — MD5 or SHA-1 hash digests are computed to detect record changes. As with LabWare, the company indicates their analytical and quality customers prefer to leave the data in the database, though there are options for archiving using third-party products.

� Waters – SDMS Vision Publisher creates a SHA-1 digital fi ngerprint for each section, i.e., component, of an ELN document. Upon electronic signature, a digital fi ngerprint is included in the signature record via a hash and subject to another hash, enabling modifi cation detection of both the record and the signature. A PDF rendition of the record is created upon approval and can be digitally signed using the SAFE standard. The PDF with the inserted digital signature can be stored in the SDMS archive or posted to another system.There are a number of standards available to ensure record integrity and

authenticity of signatures. Unfortunately, there is no common application of these tools to ELN. The SAFE-BioPharma standard is about as close as we come for digital signatures. The prospective user should fully investigate the available op-tions and determine a record authentication strategy that is right for them before selecting a system. You might have to produce records for a court case years in the future — this could be long after your ELN supplier went out of business. The burden will be on you prove the legitimacy of your records, not the vendor.

1. Federal Judicial Center, Manual for Complex Litigation Fourth Edition, 2004 Washington D.C.2. In Re Vee Vinhee, 336 B.R. 437, 2005 9th Cir. BAP3. Lorraine et al v. Markel American Insurance Company, 1:2006cv01893, 2006 US District Court

Maryland, www.iso.org/iso/catalogue_detail.htm?csnumber=142564. www.iso.org/iso/catalogue_detail.htm?csnumber=14256

Michael Elliott is CEO of Atrium Research & Consulting. He may be reached at editor@Scientifi cComputing.com.


eln eln authentication: navigating a sea of options aug 2010 eln authentication m... · scientifi...

Documents