HP Imaging and Printing Security Center 2.0 - Instant-On Security

back on the network generates a DAA announcement. The HP IPSC server processes this

announcement , reconciles the device identity based on the serial number match and applies

the last policy the device was assessed with. Through this process, the device is immediately

placed back into its secure state.

Use Case 3 – Device Acquires New IP address

Device has moved physical locations and acquires a new IP address. The IP address

change produces a DAA announcement, thus prompting communication with HP IPSC. The

HP IPSC server processes the announcement, matches device identity with the existing

database entry, and applies the last policy the device was assessed with. The device

database entry is reconciled with any device identity attributes that might have changed as a

result of the IP address change.

Security Priority Scheme

Once the HP IPSC server IP address has been acquired, the DAA attempts to open up

communication using the most secure authentication method configured on the device. No

authentication is the default state. Require Mutual Authentication via certificates will

provide the most secure configuration method, since certificates must be installed and trusted

on this device as well as on the HP IPSC server. See Figure 14.

FIGURE 14

When Require Mutual Authentication via certificates is enabled, announcements

are sent using trusted SSL/TLS authentication. If certificate authentication is enabled, but

fails authentication for any reason, Instant-On communication ceases and an announcement

agent failure is posted. If certificates are configured on the device, but Require Mutual

Authentication via certificates is disabled, trusted SSL/TLS authentication is still