PrintMe Security Overview
The PrintMe network uses 128-bit SSL encryption for all data traffic to and from the server over the Internet. Documents are encrypted when created on the web at www.PrintMe.com, by the Universal Printer driver, stored on the server, and transmitted over an encrypted data path when they are sent to the PrintMe station for printing. Every PrintMe station needs to be registered on the PrintMe network. The registration serves two purposes 1) it collects installation specific printer information and 2) the registration process verifies the PrintMe station has the correct signature key. During PrintMe station registration process, an activation code is used to associate the PrintMe station's serial number with a valid signature key. PrintMe Networks has a signed 128-bit SSL certificate from VeriSign. Used in conjunction with SSL encrypted communications this ensures that the client (PrintMe station, Guest Printing Web Interface, Universal Printer Driver, and partner system) knows it is talking to the PrintMe network. It also guarantees the server and client is using a private connection. The print request, signature verification, and data transmission sequence are contained within a single SSL session. This guarantees there is "no man in the middle" intercepting the transaction.
PrintMe Server Security Technology Summary
Public Network Traffic Encryption
The main standard for secure transmission over public networks of user data upload, download, and printing, as well as account website access is SSL-3.0 (RSA-1024 bit, RC4-128 bit).
PrintMe Server Identity Certification
The PrintMe server certifies its identity to the user's browser, as well as the other PrintMe client components (PrintMe station, Guest Printing Web Interface, PrintMe Universal Printer Driver) using a 128-bit "Global ID" certificate issued by VeriSign.
PrintMe Station Identity Authentication
The PrintMe station at each printer authenticates itself to the PrintMe server using a DSA (Digital Signature Algorithm) signature on job requests within an SSL session. Each PrintMe station has its own private key to authenticate job requests comprised of one PrintMe station so it does not yield any keys that would assist in interception of traffic to any other PrintMe station.
Tamper Resistant Hardware for the PrintMe Station
The secret key within the PrintMe station hardware is protected by tamper detection circuitry that erases the keys if the PrintMe station is disassembled.
PrintMe Server Firewall / Load Balancing
The PrintMe server is front-ended by a firewall load balancing router. The router is configured to only proxy very specific types of traffic to the specific computers and ports within the PrintMe server (Web server ports and PrintMe client server ports). The actual web serving, print processing, and accounting is performed within the PrintMe server behind this firewall by a bank of a variety of systems running Linux, Windows NT/2000, and other operating systems.
Client Site Network Firewall Proxy Support
The PrintMe stations, PrintMe Universal Printer Driver, and agent are compatible with user firewall proxy servers using:
- HTTP-Proxy
- Socks-4
- Socks-5