HP MFP Digital Sending Software (DSS) 5.0 - Security Features

One good reference is a whitepaper created by the HP Jetdirect team. Jetdirect is the name of the

network interface in HP printers and MFPs. The whitepaper gives a nice overview of SSL /TLS in general

and a lot of specific information about configuring HP printers for use with SSL / TLS. The paper is titled

“HP Jetdirect and SSL/TLS” and can be found here:

http://h20628.www2.hp.com/km-ext/kmcsdirect/emr_na-c01361514-2.pdf

The SSL / TLS protocols, when utilized, encrypt all the information being communicated between two

endpoints on a communication channel. The encryption is done using a combination of symmetric and

asymmetric cryptography. Asymmetric cryptography, which is more secure but much slower than

symmetric cryptography, is used to generate symmetric cryptographic keys in a very secure fashion. The

symmetric keys are then used for most of the communication channel encryption. In asymmetric key

encryption the keys are distributed via certificates. The certificates are created by certificate authorities

and an important part of the protocols involve trust in the authority that has created the certificates to

be used in the communication.

Client and Server definitions

Whenever two entities, or endpoints, communicate using the SSL / TLS protocols one of the entities is

the client and the other is the server. The client initiates the communication in order to communicate

with the server. The communication will involve information flowing both ways between the client and

server, but for any specific SSL / TLS session the client is the one that initiated the communication. When

understanding what must be done at each endpoint to enable the SSL / TLS based communication it is

important to know which endpoint is the client and which is the server.

DSS can be the SSL / TLS client or server depending on exactly what feature is being used. SSL / TLS

sessions do not necessarily map 1:1 to larger tasks such as, for example, a FutureSmart device sending a

job to the DSS server for processing. Large tasks like job processing can sometimes involve many SSL /

TLS sessions. During some of these SSL/ TLS sessions the DSS server will be the SSL / TLS client and in

others the DSS server can be the SSL /TLS server.

Asymmetric Cryptography

Asymmetric Cryptography uses key pairs that are mathematically linked. When data is encrypted using

one of the keys of the pair it can only be decrypted using the other key in the pair. Using this

mathematical concept to build a security structure involves an entity creating a key pair and making one

of the keys of the pair publicly available to other entities while the second key of the pair is kept private.

These are referred to as the public and private keys.

In the SSL / TLS protocols the server gives its public key to the client. The client uses this key to encrypt

an encryption secret and sends the encrypted secret to the server. The server decrypts the secret with

its private key. Using the secret the client and server can derive a symmetric encryption key and then

encrypt data with the faster symmetric cryptography, but feel secure since the secret was shared using

asymmetric cryptography.

Certificates and Certificate Authorities

For asymmetric cryptography public keys must be made available to clients. The keys are made available

in certificates. Certificates contain the public key, information about the entity that holds the

corresponding private key, and also information about the entity that created the certificate.