Canon Technology/Security Whitepaper Version 2.0 Canon U.S.A., Inc., All rights reserved.
IMPORTANT NOTICE This document was created based on the latest technical information available at the time of its publishing. This information is subject to change without notice. imageWARE Remote – Technology Whitepaper Canon U.S.A., Inc., All rights reserved.
Table of Contents: 1. Overview................................. 4 About this Whitepaper .................................................................................................................. 4 About imageWARE Remote ......................................................................................................... 4 Supported Devices ......................................................................................................................... 5 2. Embedded RDS Overview ........
1. Overview About this This document is intended for IT administrators who would like to study the Whitepaper security features, system architecture and network impact of Canon U.S.A.’s imageWARE Remote service. This document is NOT confidential. About imageWARE Remote is a service developed by Canon Inc. that is being made imageWARE available to Canon U.S.A.’s dealers and service providers, enabling them to Remote provide better service to their customers.
Supported RDS Plug-in Devices The majority of devices with a standard management information base (“MIB”) are supported. Please refer to the list of support models on Canon’s eSupport website. Third party devices are supported through the standard MIB. eRDS All Canon imageRUNNER devices, from the 70 Series and later, are supported. This includes the entire imageRUNNER ADVANCE line. The embedded RDS technology is already available on these devices and needs to be activated in service mode to start working.
customer, before consumable and durable parts reach the end of their expected life cycle. In addition, information about toner usage allows the service provider to make suggestions about re-ordering or stock quantities. eRDS Architecture Email Internet Internet Canon Server SSL Web Portal Dealer This simplified figure shows the architecture of the eRDS system.
3. RDS Plug-in Overview What is RDS RDS Plug-in is an alternative solution to eRDS for users that need to support Plug-in? legacy devices as well as third party, non-Canon, devices. However, the use of RDS Plug-in requires the deployment of a server to host the imageWARE Enterprise Management Console (iWEMC). RDS Plug-in communicates with user selected devices from the iWEMC device list to collect counter, jam, error, and alarm data.
RDS Plug-in Architecture Canon device Third party device SNMP Canon proprietary communication protocol Email iWEMC Server + RDS Plug-in Internet Internet SSL Web Portal Canon Server Dealer This simplified figure shows the architecture of the RDS Plug-in system. The RDS Plug-in pulls data from Canon devices via a Canon specific proprietary protocol, as described later in the communication protocol chart.
• • process). Error/jam/alarm notifications can be sent directly to the service provider by e-mail upon occurrence (push process). The service provider can also log onto UGW to obtain information on any error/jam/alarm notification (pull process). 4. eRDS Network Security LAN Communication Target and Protocol The eRDS communicates only with the UGW and is unable to communicate with other devices that are connected to a customer’s Local Area Network.
Jam data Includes the jam code, date of occurrence, total counter at occurrence, paper feeding slot, and paper size. When a jam occurs 4 KB Alarm data Includes the alarm level, alarm code, alarm subcode, date of occurrence, and total counter at occurrence. When an alarm occurs 4 KB Status data The data when a status change occurs. When status change occurs 4 KB Billing counter data The counter data typically used for billing, such as Total, Copy, Print, B/W, and Color. Every 16 hours Approx.
image formation. All Display values which are measured values related to image formation. When specific alarms or errors occur. Approx. 50 KB UGW3.0 or later. Service Browser Information Status of Service Browser and Option Browser. When clicking the button to enable the browser in the service mode menu. Approx. 3 KB Settings information inquiry Inquiry for the settings information Once every 12 hours flag status of the device configured for a remote update by the Contents Delivery System. Approx.
From eRDS to the UGW server, data is encrypted at the transport layer Data though a SSL connection, which is typically used to secure connections over Encryption the Internet. Therefore the data does not need to be encrypted at the application layer. The key length used in the HTTPS communications are as follows: Public Key length : 1024bit Symmetric Key length : 128bit eRDS is integrated in the main unit firmware of the imageRUNNER device.
In the event that a user changes the URL to something outside of the UGW DNS domain, the imageRUNNER will not transmit any data. Client Authentication This section describes the client authentication used by the UGW. 1) Client authentication by SSL (OSI Layer 4 to 5) Client authentication by SSL is not performed. 2) Client authentication by application (OSI Layer 7) The UGW will receive information only from devices whose serial numbers have been registered on the UGW by the service provider.
as in the device has service mode switch activated for CDS? Or device has to be CDS capable? Or is there something to activate on the CDS server?****) on the Content Delivery System. Using the UGW firmware distribution command function, set an update settings information flag to devices (eRDS) to be updated. eRDS regularly checks with UGW for the update settings information flag. Finding the update settings information flag, eRDS notifies the CDS Updater of the device that there is an update command.
5. RDS Plug-in Network Security RDS Plug-in Overview The RDS Plug-in(imageWARE Enterprise Management Console + RDS Plug-in) communication functions can be divided into two major components: 1) Retrieval of data from the device 2) Send the retrieved device data to the UGW server UGW Canon Server RDS Plug-in (iWEMC + RDS Plug-in) Device Device Device Device imageWARE Remote – Technology Whitepaper Device Canon U.S.A., Inc., All rights reserved.
Destination identification When retrieving device data, the RDS Plug-in will only communicate with the registered device. The RDS Plug-in will not communicate with any other device on the LAN. When sending the retrieved device data, the RDS Plug-in communicates only with the UGW server registered in the RDS Plug-in configuration settings. The IT administrator for iWEMC can regulate access to the configuration settings through user privileges.
Timing and data size chart for data retrieval from device to RDS Plug-in The table below lists the timing and the size of the data retrieved from a device by the RDS Plug-in. [Table 3] Retrieval of the device data Polling packets Frequency: once every 5 minutes Amount of data: 0.2 KB/device Counter-related data Frequency: once per hour or less often Amount of data: 5 KB/device Quality-related data Frequency: Every time an event occurs, as determined by polling packets (see above) Amount of data: 0.
creates an alarm log by setting its level to 3 and sends a false alarm. Status data Device status change event When status change occurs. Approx. 4 KB Billing counter data The counter data used for billing that includes the detailed counter data such as the total counter for each paper size. The data is sent once every 12 hours. Approx. 34 KB (Measured on iR C3200) Parts counter data The counter data indicating the amount of usage by part. The number of parts varies by model.
Data encryption Between the RDS Plug-in and UGW server, data is encrypted at the transport layer though a SSL connection, which is typically used to secure connections over the Internet. Therefore the data need not be encrypted at the application layer. The key length used in the HTTPS communications are as follows: Public Key length : 1024bit Symmetric Key length : 128bit In the connection between the device and RDS Plug-in, data is not encrypted.
RDS Plug-in In the event that there is a physical failure on the server hosting iWEMC RDS failure recovery Plug-in, the settings for the RDS Plug-in can be restored with the XML measures configuration file. Therefore it is important for the server administrator to maintain a backup of the configuration file. However, the jam log and alarm log kept by the RDS Plug-in are not included in this configuration file and may be lost.
6. General Considerations Customer Requirements Network Connection In order for the eRDS and/or the RDS Plug-in to work effectively, a continuous network connection is necessary. If the network connection is lost temporarily or permanently, the functions of imageWARE Remote (Meter Reading and Service Monitor) will not be available, resulting in the delayed reporting of meter reads.
Data Storage Time UGW Meter data will be stored in the Universal Gateway database for 12 months, however only the most recent meter data is accessible for download from the Web Portal by the service provider. Service information/statistics are currently stored for 6 months. This storage time may be modified in the future. RDS Plug-in The RDS Plug-in does not retain any data other than what is necessary for the next scheduled data transmission to UGW. imageWARE Remote – Technology Whitepaper Canon U.S.A.