User Manual

Data

Encryption

From eRDS to the UGW server, data is encrypted at the transport layer

though a SSL connection, which is typically used to secure connections over

the Internet. Therefore the data does not need to be encrypted at the

application layer.

The key length used in the HTTPS communications are as follows:

Public Key length : 1024bit

Symmetric Key length : 128bit

eRDS activation

eRDS is integrated in the main unit firmware of the imageRUNNER device.

In order to enable eRDS, the setting must be activated from service mode,

therefore a user cannot accidentally activate the option.

Authentication

Procedures

Server Authentication

The UGW uses SSL Authentication together with application authentication.

The eRDS function will not transmit information to servers other than the

UGW using these methods.

1) SSL Authentication

SSL Authentication is performed according to the following procedures.

Please note the following steps describe the SSL protocol and are not specific

to Canon’s eRDS technology.

• “Root Certificates” published by Verisign are installed in an

imageRUNNER when it ships from the factory.

• When the eRDS enabled imageRUNNER starts communicating, eRDS

will receive the “Server Certificate” published by Verisign from the

UGW by HTTPS.

• The eRDS device compares the “Server Certificates” with the “Root

Certificates”.

• If these certificates match, the eRDS device successfully authenticates

the other communicating party as the UGW server.

• The encryption method is negotiated using HTTPS, afterwards,

HTTPS communications begin and the data is encrypted

2) Application level authentication

Application-level authentication further secures the eRDS communication

between the imageRUNNER and the UGW.

The URL of the UGW Server is pre-populated into the firmware of the

imageRUNNER.

Service personnel can change this URL. However, the firmware will only

attempt a transmission if the domain name of the URL is in the UGW's DNS

domain.