Filter
Top Products
Canon imageRUNNER ADVANCE systems also ship with SSO-H, which supports direct
authentication against an Active Directory domain using Kerberos or NTLMv2 as the
authentication protocol. SSO-H does not require any additional software to perform the
user authentication as it is able to directly communicate with the Active Directory domain
controllers. In Local Device Authentication mode, SSO-H can support up to 5,000 users.
Card-Based Authentication
uniFLOW Card Authentication
When combined with the optional uniFLOW Output Manager Suite, imageRUNNER ADVANCE
systems are able to securely authenticate users through contactless cards, chip cards,
magnetic cards and PIN codes. uniFLOW supports HID Prox, MIFARE, Legic, Hitag and Magnetic
cards natively using its own reader, as well as others through custom integrations. Certain
models of RF Ideas Card Readers can also be integrated to support authentication using
radio-frequency identification (RFID) cards.
Advanced Authentication—Proximity Card
Using a MEAP application, imageRUNNER ADVANCE systems can be customized to
automatically perform user authentication with contactless cards typically used in corporate
environments. User data can be stored locally in a secure table to eliminate the need for an
external server, or integrated with an existing authentication server through customization.
Support is provided for cards from HID Prox, HID iClass, Casi-Rusco, MIFARE and AWID.
Customization can also be performed to provide support for other card types.
Authorized Send for CAC/PIV
To fulfill the strict security requirements of government agencies as dictated by Homeland
Security Presidential Directive-12 (HSPD-12), imageRUNNER ADVANCE systems support the use
of Common Access Card (CAC) and/or Personal Identity Verification (PIV) card authentication
for the embedded Authorized Send MEAP application. Authorized Send for CAC/PIV is a
server-less application that protects the Scan-to-Email, Scan-to-Network Folder and
Scan-to-Network Fax functions, while allowing general use of walk-up operations like print
and copy.
Authorized Send for CAC/PIV supports two-factor authentication by prompting users to insert
their card into the device’s card reader and requiring them to enter their PIN. ASEND for
CAC/PIV supports the Online Certificate Status Protocol (OCSP) to check the revocation status
of the user’s card, and then authenticates the user against the Public Key Infrastructure (PKI)
and Active Directory. Once authenticated, users can access the document distribution features
of Authorized Send.
Authorized Send for CAC/PIV supports enhanced e-mail security features such as
non-repudiation, digital signing of e-mail, and encryption of e-mail and file attachments.
The cryptographic engine used by Authorized Send for CAC/PIV is based on the industry
leading RSA BSAFE security software and has undergone the stringent testing and validation
requirements of the FIPS 140 standard.
Control Cards/Card Reader System
Canon imageRUNNER ADVANCE systems offer support for an optional Control Card/Card Reader
system for device access and to manage usage. The Control Card/Card Reader system option
requires the use of intelligent cards that must be inserted in the system before granting access
to functions, which automates the process of Department ID authentication. The optional
Control Card/Card Reader system manages populations of up to 300 departments or users.
6
White Paper: Canon imageRUNNER ADVANCE Security
Section 2 — Device Security