Manualshelf

Reference Guide

ManualsBrandsHP ManualsSolutionsHP ePrint Enterprise
11121314151617181920
3Security
Secure mobile printing includes the following aspects:
Cryptography: art of protecting information by transforming it into an unreadable format
Server security: securing business logic at the back-end, which provides services to mobile devices
Communication security: aims at providing confidentiality of information transmitted over insecure
channels such as wireless links
Content security: mitigates the risk of loss of confidential documents on the server
Printing security: primarily deals with authorized release of print-jobs so that only authorized users can
collect printed hardcopies
Each of these aspects are described in subsequent sections.
3.1 Cryptography
All encryption algorithms used in HP ePrint Enterprise are FIPS (Federal Information Processing Systems)
compliant. Cryptographic keys are generated for each HP ePrint Enterprise installation and stored securely
using Microsoft’s industry-standard key management functions. The keys are available only to the HP ePrint
Enterprise server administrator. HP does not have access to such keys.
3.2 Server security
3.2.1 User identification
HP ePrint Enterprise backend identifies users by a unique email account that must match one of the domains
configured.
3.2.2 Policies
HP ePrint Enterprise backend includes a set of policies to control usage and behavior:
User provisioning: users can be auto-provisioned (enrolled when accessing the backend through a
mobile client), or pre-provisioned to control exactly which users are allowed to consume services from
the backend. Provisioning is performed through the system console. Individual user access can be
allowed or denied at any given time.
Printer access: printers can be set as “out of service” at any given time through the system console.
Remote client configuration: BlackBerry mobile clients in use by provisioned users can be remotely
configured at any time, through the system console. Configurations include address to the backend
server and base transport email account.
Domains serviced: specific domain names to serve can be listed. Users with emails on different
domains will not be served, even if auto-provisioning is allowed.
10 Chapter 3 Security