ScanFront 400 CAC/PIV Version 1.
This page is intentionally left blank. 2 ScanFront 400 CAC/PIV V1.
Contents Preface....................................................................................................... 5 How to Use This Manual .............................................................................................. 5 Symbols Used in This Manual ................................................................................... 5 Buttons Used in This Manual ..................................................................................... 6 Displays Used in This Manual ...........
This page is intentionally left blank. 4 ScanFront 400 CAC/PIV V1.
Preface Thank you for purchasing the ScanFront 400 CAC/PIV network scanner. Please read this manual thoroughly before operating the ScanFront 400 CAC/PIV device’s features. After reading this manual, store it in a safe place for future reference. How to Use This Manual This manual requires that the System Administrator has a good understanding and advance knowledge of their company’s authentication servers, users, network, smart cards, and the ScanFront 400 machine.
Buttons Used in This Manual Buttons for using the ScanFront 400 CAC/PIV device’s UI (User Interface) functions are located on the main screen. To use any of the functions, you must first log on to the device, and then press the button for the desired function. The following key and button names are a few examples of how keys and buttons to be pressed and clicked are represented in this manual: Touch Panel Display Keys: Examples: 6 [Key Name] [E-mail] [Logout] ScanFront 400 CAC/PIV V1.
Displays Used in This Manual Screen shots of the touch panel display and computer operation screens used in this manual are those taken when the ScanFront 400 CAC/PIV device is being configured by a System Administrator, and when the device is being used by a logged on user. The buttons that you should press or click are marked with a circle, as shown below. When multiple buttons can be pressed or clicked on the touch panel display and computer operation screens, all buttons are marked. Example: 1.
Legal Notices Trademarks Canon and the Canon logo are registered trademarks, of Canon Inc. in the United States and may also be trademarks or registered trademarks in other countries. imageFORMULA is a trademark of Canon Electronics Inc. Microsoft, Windows, Windows Server, and Exchange Server are registered trademarks of Microsoft Corporation in the United States and are trademarks or registered trademarks of Microsoft Corporation in other countries.
Third Party Software Legal Notices Lua Copyright © 1994–2011 Lua.org, PUC-Rio.
ZLib Copyright (c) 2012 Canon U.S.A., Inc. This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages arising from the use of this software. Permission is granted to anyone to use this software for any purpose, including commercial applications, and to alter it and redistribute it freely, subject to the following restrictions: 1.
Canon grants you the personal, non-exclusive right to use this software only on a single computer. You may physically transfer this software from one computer to another provided that this software is used on only one computer at any time.
This page is intentionally left blank. 12 ScanFront 400 CAC/PIV V1.
Chapter 1 Introduction This chapter describes the overview of the ScanFront 400 CAC/PIV solution, the system requirements for configuring and operating the software. 1.1 Overview The ScanFront 400 CAC/PIV customized solution provides a log in service, and requires a user to authenticate to the ScanFront device using a CAC or PIV card. In addition, the ScanFront 400 CAC/PIV device enables the authenticated user to scan and send a document via secure e-mail (S/MIME).
1.2 Product Functions ScanFront 400 CAC/PIV is designed to provide enhanced user functions in addition to the device’s standard functions. The additional user functions, provided by the ScanFront 400 CAC/PIV solution, are outlined below. For more information, see the ScanFront 400 CAC/PIV V1.0 Configuration Guide. User Functions • Authenticate to a Windows domain using a PIV or CAC card at the machine. • Retrieve a Digital Certificate.
Chapter 2 Using ScanFront 400 CAC/PIV This chapter describes how to use the Login function and how to specify the Secure E-Mail functions on the ScanFront 400 CAC/PIV device. 2.1 Logging On to the Device Using a Smart Card This section describes how to log on to the ScanFront 400 CAC/PIV device with a smart card. IMPORTANT Pressing [Power off] or [Logout] on the ScanFront 400 CAC/PIV device’s UI, or removing your smart card from the card reader, automatically logs you off the machine. 1.
2. From the Authentication Server drop-down list, select the authentication server in which your login credentials are stored. 3. Press the [User pin] field to focus the cursor ➞ enter your smart card’s PIN using the keys on the virtual keyboard that appears or a USB keyboard (if attached). You can enter a maximum of 32 characters for the PIN. 16 ScanFront 400 CAC/PIV V1.
4. Press [Login]. If you are authenticated successfully, the ScanFront 400 CAC/PIV device’s Home screen is displayed. ScanFront 400 CAC/PIV V1.
2.2 Specifying the Secure E-Mail Settings This section describes how to specify the Secure E-Mail Settings. IMPORTANT Pressing [Power off] or [Logout] on the ScanFront 400 CAC/PIV device’s UI, or removing your smart card from the card reader, automatically logs you off the machine. 1. From the ScanFront 400 CAC/PIV device’s main screen, press [E-mail]. The Address selection screen is displayed. 18 ScanFront 400 CAC/PIV V1.
2. From the Address Book type drop-down list, select the address book type. IMPORTANT To send encrypted e-mail messages, the recipient’s public certificate must exist in Active Directory. ScanFront 400 CAC/PIV V1.
3. Select [E-mail] from the Address type drop-down list. 20 ScanFront 400 CAC/PIV V1.
4. Select the desired user to whom you want to send a secure e-mail message ➞ press [Next]. The Scan/Delivery Options screen is displayed. NOTE E-mail messages that are not secure, have a maximum file size limit of 10 MB. ScanFront 400 CAC/PIV V1.
5. From the [Secure Email] drop-down list, select the desired secure e-mail setting. NOTE • Depending on how the system administrator configured the S/MIME Settings, all or a subset of the Secure Email Settings may be available. • If you enter the Scan/Delivery Options screen from a Job Button, the Secure Email Setting specified in the Job Button is the displayed default setting. 22 [No email security]: The e-mail message is sent without any security.
6. Insert the document that you want to scan and send into the ScanFront 400 CAC/PIV device ➞ press [Start]. Scanning starts. The scanned document is sent with the specified Secure E-Mail Settings, and the Scan/Delivery Options screen is displayed. If the secure e-mail message has valid and invalid e-mail recipients, an invalid recipients list is displayed. Press [Continue] to send your e-mail message to only the valid recipients.
This page is intentionally left blank. 24 ScanFront 400 CAC/PIV V1.
Chapter 3 Appendix This chapter explains the various issues and a list of messages that may appear when using the ScanFront 400 CAC/PIV solution and the USB Card Reader, along with their possible causes and remedies. It also includes a sample of what a received secure e-mail looks like. 3.1 Troubleshooting This section explains the various issues that may arise when using the ScanFront 400 CAC/PIV solution, along with their possible causes and remedies.
3.2 List of Error Messages This section explains the various messages that may appear on the ScanFront 400 CAC/PIV device’s UI when logging on and sending secure e-mail messages. Underlying error codes are represented by , and underlying error messages are represented by . The actual error code or error message is shown on the screen. 3.2.
ScanFront Device Login Error Messages Table Continued Message Cause Remedy User email address or identifier too long. The user’s e-mail address or UPN is too long for the device to handle. Shorten the user’s e-mail address in the signing certificate or authentication certificate on the card. Authentication failed with Kerberos error: AP_ERR_SKEW. Check device time, time zone, and daylight saving time settings.
ScanFront Device Login Error Messages Table Continued Message 28 Cause Remedy The card is missing a required certificate. Authentication failed. The authentication certificate for the card is missing. Use a card with a valid authentication certificate. Out of memory. Authentication failed. The card or device does not have enough memory available to process the card verification. Use a valid card, or try to reboot the device to clear the device’s memory.
3.2.2 Scan/Delivery Options Screen Error Messages This section explains the error messages that may appear on the ScanFront 400 CAC/PIV device’s Scan/Delivery Options screen when performing Secure E-Mail operations, along with their possible causes and remedies. Message Cause The device has been configured to require message signatures when sending secure e-mail. The current smart card does not contain a signing certificate, so secure e-mail cannot be sent. E-mail destinations will be ignored.
This page is intentionally left blank. 30 ScanFront 400 CAC/PIV V1.