DOD secures document scanning with smart cards
01 December, 2008
category: Government, Library
Using smart cards to secure computer login, emails, encrypt files and access networks is becoming commonplace. But a serious hole exists in the network security if output such as scanning and printing is not secured as well.
“It’s the weakest link in terms of security,” says Enrique Barkey, worldwide director of the public sector at Hewlett-Packard Development Company, Palo Alto, Calif.
This fact, coupled with the U.S. Department of Defense wanting a way to better secure its multi-function printers, led the printing giant and Fremont, Calif.-based ActivIdentity Inc. to come up with a solution that enabled the Common Access Card to be used to authenticate individuals before they could scan documents. Eventually the products also may be used to authenticate individuals before they print documents as well.
Barkey says the DOD approached HP to come up with a solution to the problem. HP then approached ActivIdentity to provide the middleware. ActivIdentity has provided middleware for the Common Access Card from the start of the program.
Now when a CAC cardholder wants to scan a document to either email or have as a file they must be authenticated first, says Simon Wakely, vice president of business development at ActivIdentity. The employee places the document on the device and hits the scan button. The multi-function printer would then ask for the employees’ CAC and PIN.
The digital certificate stored on the card is checked and verified and if the certificate is good he can proceed with the scan, Wakely says. The scanned document can either be emailed to someone or saved in a folder on a server to be accessed later.
The DOD is considering the addition of secure printing in the future, Wakely says. Before an individual would be allowed to print a document he would have to authenticate with the credential as well.
Private sector implications too
While this application was born out of the public sector, HP and ActivIdentity say it has implications for the private sector as well. “We’re seeing many large global entities deploy smart cards,” Wakely says.
Printers and scanners are often the most overlooked devices when it comes to security, says HP’s Barkey. “HP has invested a lot of money and resources around this, not just around the authorization, but other capabilities as well,” he says
HP has come up with the “four As” for multi-function devices: authentication, authorization, accounting and auditing. HP’s system is also able to say how much individuals are printing and who’s printing and scanning what documents.
HP has come up with solutions for all four of these with an added bonus: being green. “By having a secure environment you can also control how much is being printed,” Barkey says.
Smart cards also aren’t the only form factor that can be used for securing the multi-function printers, Barkey says. HP has seen applications that use biometrics or proximity cards as well.
Whichever technology is being used, it has multiple functions. “It’s a lot more efficient to have one card that opens the door and accesses the network,” Barkey says.