Canon Paper Shredder User Manual

6

White Paper: Canon imageRUNNER ADVANCE Security

Section 2 — Device Security

When used in Domain Authentication mode, a user must successfully authenticate using valid credentials
on the system’s control panel, Remote UI utility, or web browser when accessed via a network prior to
gaining access to any of the device functions.

SSO ships standard with MEAP capable imageRUNNER ADVANCE systems and can support up to 200
trusted domains plus the users that belong to the same domain as the device. Canon imageRUNNER
ADVANCE systems also ship with SSO-H, which supports direct authentication against an Active
Directory domain using Kerberos or NTLMv2 as the authentication protocol. SSO-H does not require any
additional software to perform the user authentication as it is able to directly communicate with the Active
Directory domain controllers. In Local Device Authentication mode, SSO-H can support up to 5,000
users. For a combined use of Domain Authentication and Local Device Authentication, an LDAP server
can be configured instead of Domain Authentication.

Card-Based Authentication

uniFLOW Card Authentication

When combined with the optional uniFLOW Output Manager Suite, imageRUNNER ADVANCE
systems are able to securely authenticate users through contactless cards, chip cards, magnetic
cards and PIN codes. uniFLOW supports HID Prox, MIFARE, Legic, Hitag and Magnetic cards
natively using its own reader, as well as others through custom integrations. Certain models of RF
Ideas Card Readers can also be integrated to support authentication using radio-frequency
identification (RFID) cards.

Advanced Authentication—Proximity Card

Using a MEAP application, imageRUNNER ADVANCE systems can be customized to
automatically perform user authentication with contactless cards typically used in corporate

environments. User data can be stored locally in a secure table to eliminate the need for an
external server, or integrated with an existing authentication server through customization.
Support is provided for cards from HID Prox, HID iClass, Casi-Rusco, MIFARE and AWID.
Additionally, Universal Login Manager can now support over 35 card types with a new MI Card +
reader. Customization can also be performed to provide support for other card types.

Advanced Authentication—Common Access Card (CAC)/Personal Identity Verification
(PIV) Card

Federal agencies—both civilian and military (DoD)—require enhanced user authentication, data
security, and information assurance to help comply with the requirements of the Homeland
Security Presidential Directive 12 (HSPD-12). Employees must verify their identity and security
classifications using secure and reliable forms of identification, such as Common Access Card
(CAC) and Personal Identity Verification (PIV). And with networked multifunction printers
(MFPs) being deployed on a greater scale in these locations, Canon developed Advanced
Authentication CAC/PIV—an easy-to-use, two-factor embedded authentication solution to lock
and unlock Canon devices. This serverless solution ensures that all device functions are locked
down until users insert their government-issued Common Access Card/Personal Identity
Verification into the card reader and enter their PIN. Only those authenticated individuals are
granted access to the device.

Authorized Send Common Access Card (CAC)/Personal Identity Verification (PIV) Card

To fulfill the strict security requirements of government agencies as dictated by Homeland
Security Presidential Directive-12 (HSPD-12), imageRUNNER ADVANCE systems support the
use of Common Access Card (CAC) and/or Personal Identity Verification (PIV) card
authentication for the embedded Authorized Send MEAP application. Authorized Send for
CAC/PIV is a server-less application that protects the Scan-to-Email, Scan-to-Network Folder and
Scan-to-Network Fax functions, while allowing general use of walk-up operations like print and
copy.