Canon Paper Shredder specifications Card-Based Authentication, UniFLOW Card Authentication

Page 6

Section 2 — Device Security

Canon imageRUNNER ADVANCE systems also ship with SSO-H, which supports direct authentication against an Active Directory domain using Kerberos or NTLMv2 as the authentication protocol. SSO-H does not require any additional software to perform the user authentication as it is able to directly communicate with the Active Directory domain controllers. In Local Device Authentication mode, SSO-H can support up to 5,000 users.

Card-Based Authentication

uniFLOW Card Authentication

When combined with the optional uniFLOW Output Manager Suite, imageRUNNER ADVANCE systems are able to securely authenticate users through contactless cards, chip cards, magnetic cards and PIN codes. uniFLOW supports HID Prox, MIFARE, Legic, Hitag and Magnetic cards natively using its own reader, as well as others through custom integrations. Certain models of RF Ideas Card Readers can also be integrated to support authentication using radio-frequency identification (RFID) cards.

Advanced Authentication—Proximity Card

Using a MEAP application, imageRUNNER ADVANCE systems can be customized to automatically perform user authentication with contactless cards typically used in corporate environments. User data can be stored locally in a secure table to eliminate the need for an external server, or integrated with an existing authentication server through customization. Support is provided for cards from HID Prox, HID iClass, Casi-Rusco, MIFARE and AWID. Customization can also be performed to provide support for other card types.

Authorized Send for CAC/PIV

To fulfill the strict security requirements of government agencies as dictated by Homeland Security Presidential Directive-12 (HSPD-12), imageRUNNER ADVANCE systems support the use of Common Access Card (CAC) and/or Personal Identity Verification (PIV) card authentication for the embedded Authorized Send MEAP application. Authorized Send for CAC/PIV is a server-less application that protects the Scan-to-Email, Scan-to-Network Folder and Scan-to-Network Fax functions, while allowing general use of walk-up operations like print and copy.

Authorized Send for CAC/PIV supports two-factor authentication by prompting users to insert their card into the device’s card reader and requiring them to enter their PIN. ASEND for CAC/PIV supports the Online Certificate Status Protocol (OCSP) to check the revocation status of the user’s card, and then authenticates the user against the Public Key Infrastructure (PKI) and Active Directory. Once authenticated, users can access the document distribution features of Authorized Send.

Authorized Send for CAC/PIV supports enhanced e-mail security features such as non-repudiation, digital signing of e-mail, and encryption of e-mail and file attachments. The cryptographic engine used by Authorized Send for CAC/PIV is based on the industry leading RSA BSAFE security software and has undergone the stringent testing and validation requirements of the FIPS 140 standard.

Control Cards/Card Reader System

Canon imageRUNNER ADVANCE systems offer support for an optional Control Card/Card Reader system for device access and to manage usage. The Control Card/Card Reader system option requires the use of intelligent cards that must be inserted in the system before granting access to functions, which automates the process of Department ID authentication. The optional Control Card/Card Reader system manages populations of up to 300 departments or users.

6

White Paper: Canon imageRUNNER ADVANCE Security

 

 

Page 5 Page 7
Image 6
Page 5 Page 7
Contents White Paper Canon imageRUNNER Advance Security Table of Contents Introduction Security Market Overview Imaging & Printing Security OverviewKey Security Concentration Areas Device Security AuthenticationDevice-Based Authentication ImageRUNNER Advance Controller SecurityAdvanced Authentication-Proximity Card Card-Based AuthenticationUniFLOW Card Authentication Authorized Send for CAC/PIVAccess Control Password-Protected System SettingsAccess Management System Privileges by Access Level Function Level Authentication Address Book PasswordScan and Send Security Access Code for Address Book Destination Restriction FunctionUSB Block Print Driver Security FeaturesThird Party Meap Application and Development Print Job AccountingSecure Printing Information SecurityDocument Security Secured Print / Encrypted Secured PrintDocument Storage Space Protection Mail Box SecurityAdvanced Box Security Other Document Security Capabilities Watermark / Secure WatermarkCopy Set Numbering Data Security Data at RestHDD and RAM Data Protection Standard HDD Format HDD Data Encryption KitHDD Data Erase Kit Timing of OverwriteInformation Security Performance Impact Using the HDD Data Erase Kit Removable HDD KitJob Log Conceal Function Data in Transit Essentials Workflow ComposerEncrypted Secured Print Other Fax Features Fax SecuritySuper G3 Fax Board and Multi Line Fax Board Fax Destination Confirmation Fax Storage SpaceAdvanced Box Fax Forwarding & Fax Received Notification Fax Mail Box and Advanced Box Fax SecurityNetwork Security Network and Print Security Canon Network Printer Kit OnlyEnabling/Disabling Protocols/Applications SSL Encryption Media Access Control MAC FilteringIP Address Filtering IPv6 SupportWireless LAN Authentication and Encryption MethodKey Exchange Protocol Ieee Snmp Community StringScan and Send Virus Concerns for E-mail Reception Smtp Authentication POP Authentication Before SmtpMail Server Security Security Monitoring & Management Tools Restricting Device Setup ScreensAccess Management System ImageWARE Enterprise Management ConsoleLogging & Auditing Document Scan Lock & TraceCanon imageWARE Accounting Manager Canon imageRUNNER Advance TrackerImageWARE Secure Audit Manager Canon Solutions & Regulatory Requirements Common CriteriaCommon Criteria Certification Authorized Send for CAC/PIV Conclusion Addendum Canon Security Recommendations Quick ReferenceCanon imageRUNNER Advance HDD Security FunctionsCanon U.S.A., Inc One Canon Plaza Lake Success, NY
Top Page Image Contents