Identrus and SAFE-Biopharma Join E-Signature Technologies

February 17, 2005
Pharmaceutical Technology

SAFE Electronic Identity Standard for Drug Industry

(New York, NY,, a digital-signaturecompany focused on financial industries, and SAFE-BioPharma, LLC(, a pharmaceutical industry consortiumdeveloping electronic signature standards, have formally agreed to linktheir technologies.

Identrus and SAFE will "collaborate to assure interoperability ofdigital credentials issued by SAFE Members and by Identrus Participantsaccredited by SAFE, and Identrus will exclusively marketimplementations of the SAFE Standard outside the biopharmaceuticalindustry," according to a joint Feb. 8 statement.

SAFE (which stands for "Secure Access for Everyone") was founded in2003 as a consortium of pharmaceutical companies and tradeorganizations, and is supported by the Pharmaceutical Research andManufacturers Association (PhRMA).

SAFE and Identrus will now cross-license some of their technology,including "business and technical specifications related to electronicidentity and digital signatures." Identrus will also gain rights tomarket SAFE technology in industries outside of healthcare.

The joint announcement quoted SAFE chairman Gary Secrest (directorof World Wide Information Security at Johnson & Johnson) saying,"The Identrus partnership allows Identrus to extend the SAFE concept,model, and standards across multiple industries beyondbiopharmaceuticals. As other industries begin to use the SAFE standardapproach we anticipate an increased supply of commercially ready,SAFE-enabled applications; making digital credentials more ubiquitousand cost efficient for our sponsors, and for other user communities."

If widely accepted in healthcare, SAFE would provide a convenient,validated, and relatively economical solution for the recurringquestions about what constitutes a valid electronic signature under 21CFR 11 and corresponding regulations outside the United States.

Highlights of the SAFE plan include:

A standard format for digital signatures, encryption keys, physical tokens, and credential-issuance protocols.

An industry-sponsored corporation to oversee credential-granting.

A mechanism for allowing credentials granted by one participant to be accepted by other participants. This critical feature would allow individuals in the industry to have just a single digital identity that could be recognized in multiple contexts. A clinical investigator, for example, could use the same digital signature for multiple projects, even projects sponsored by different organizations.

A required physical token—a smart card, USB token, or other dongle containing the user's private key—in conjunction with a password and username to activate the digital certificate.

—Douglas McCormick