SMart esolutions Information Security

Size: px

Start display at page:

Download "SMart esolutions Information Security"

Arleen Chandler
6 years ago
Views:

1 Information Security

2 Agenda What are SMart esolutions? What is Information Security? Definitions SMart esolutions Security Features Frequently Asked Questions 12/6/2004 2

3 What are SMart esolutions? SMart esolutions provide value to customers by implementing services that require Xerox devices to establish communications back to Xerox. These services enhance the support that Xerox provides to its customers, and reduce the cost of ownership for the customer. Examples: Automatic Meter Reads Automatic Supplies Replenishment SMart esolutions technology provides a single secure infrastructure for implementing these services. This includes SMart esolutions Clients that connect directly to the Xerox Communication Server, and those that use a Proxy Host to connect to the Xerox Communication Server. 12/6/2004 3

4 Architecture Device Proxies Xerox IM Infrastructure Smart esolutions Device-Direct Xerox Communication Server 12/6/2004 4

5 What is Information Security? Information is an asset which, like other important business assets, has value to an organization and consequently needs to be suitably protected. Information security protects information from a wide variety of threats in order to ensure business continuity, minimize business damage and maximize return on investments and business opportunities. Information security is characterized as the preservation of: confidentiality: ensuring that information is accessible only to those authorized to have access; integrity: safeguarding the accuracy and completeness of information and processing methods; availability: ensuring that authorized users have access to information and associated assets when required. (Source: ISO Code of Practice for Information Security Management) 12/6/2004 5

6 Definitions Trust - Assured reliance on the character, ability, strength, or truth of someone or something; one in which confidence is placed. (Merriam-Webster s Collegiate Dictionary) Authentication - The process of verifying an identity claimed by or for a system entity. (RFC 2828) Server-Side Certificate An X.509 certificate from a trusted Certification Authority used to authenticate the identity of a server. Cryptography - A coding method in which data is encrypted (translated into an unreadable format) and then decrypted (translated back into a readable format by someone with a secret key) using an algorithm. Cryptography is used to send or store information securely. ( Non-repudiation - An authentication that with high assurance can be asserted to be genuine, and that can not subsequently be refuted. (W. Caelli, D. Longley, and M. Shain, Information Security Handbook. London: Macmillan) 12/6/2004 6

7 Transactions Secure Web Services Protocols Uses HTTPS (Hyper Text Transport Protocol secured with SSL) SOAP (Simple Object Access Protocol) based XML transactions Client Initiated All transactions are initiated by the client Communications must be authorized by the client Secure Communications The Xerox Communication Server and the SMart esolutions Clients mutually authenticate themselves Encrypted communications channel Fully auditable and observable communications Integrity ensured for all information (data or code) downloaded by the SMart esolutions Client 12/6/2004 7

8 Identification & Authentication Identification Device identity derived from Device Serial Number SMart esolutions Proxy identity is the proxy s MAC address Authentication SMart esolutions Clients use the proprietary Xerox Communication Server algorithm to generate a password All transactions to the Xerox Communication Server require the client to both identify and authenticate itself The Xerox Communication Server identity is authenticated by a server-side X.509 digital certificate from the VeriSign Certification Authority (CA) 12/6/2004 8

authenticated identity to authorize access to web

9 Authorization Client Authorization Client must initiate the communications Server uses the authenticated identity to authorize access to web services available from the Xerox Communication Server 12/6/2004 9

10 Data Confidentiality Confidentiality through 128 bit SSL Encryption Cryptography uses a mathematical algorithm and a 128 bit encryption key to transform the input data (plaintext) into ciphertext that can only be decrypted by those that possess the encryption key This process is called encryption Encryption is the most effective way of delivering confidentiality 12/6/

11 Non-Repudiation Auditable - An audit log is kept by both the client and the server Observable -The XML content of all transactions with the Xerox Communication Server can be viewed by an authorized client Non-repudiation through SSL signing 12/6/

12 Frequently Asked Questions 1. Will enabling a SMart esolutions Client make my network more susceptible to viruses or hacker attacks? No. Customers make no changes to their own security infrastructure and no additional ports need to be opened in their firewall. SMart esolutions only communicate to a specific secure server at Xerox and services are designed specifically to prevent unauthorized data transfers. The secure server at Xerox is regularly scanned for viruses using the latest tools. 2. How do I know that Xerox is not accessing my company s private data off the machine disk? You may examine the data sent back to Xerox by using the device User Interface to view the transaction details. SMart esolutions features only access machine related data, and not customer images or other customer data. 12/6/

13 Frequently Asked Questions 3. How can I be sure that the device data is going to Xerox only? The secure transmittal process uses HTTPS and VeriSign signed certificates to ensure and verify that the device is sending to Xerox. Also, Xerox routinely authenticates your machine against its SMart esolutions database and uses a proprietary security algorithm to verify that it only accepts communications from Xerox devices. In addition, all transmission data is sent over a Secure Socket Layer (SSL) connection using 128-bit encryption which only Xerox has the key to decipher. 4. Will my machine interact with or receive information from non-xerox systems? No. The device always initiates the SMart esolutions transfer activity and sets up a Xerox-only, non-intrusive communication path. Also, it always checks the authentication of who it is communicating with by validating the Verisign Certificate. 12/6/

printeract, Xerox Remote Services A step in the right direction

printeract, Xerox Remote Services A step in the right direction Diagnose Problems Assess Machine Data Troubleshooting Customer Security Assured 701P42950 PrInteract, Xerox Remote Services Overview About