Presentation is loading. Please wait.

Presentation is loading. Please wait.

IPP Document Encryption Topics

Published byPhilipp Beck Modified over 6 years ago

Similar presentations

Presentation on theme: "IPP Document Encryption Topics"— Presentation transcript:

1 IPP Document Encryption Topics
The Printer Working Group IPP Document Encryption Topics February 7, 2018 Copyright © 2018 The Printer Working Group. All rights reserved. The IPP Everywhere and PWG logos are trademarks of the IEEE-ISTO.

2 Overview/History Currently IPP offers very limited support for document encryption: In transit: TLS At rest: Passphrases passed in the Job/Document Creation Request ("document-password"), used to "unlock" an encrypted PDF, OpenXPS, etc. file No support for encryption of documents using credentials that are not passed to the Printer/intermediary handling the Job/Document Creation Request Important for cloud/infrastructure printing use case No support for encryption/protection of saved documents See "IPP Job Save Password" proposal Copyright © 2018 The Printer Working Group. All rights reserved. The IPP Everywhere and PWG logos are trademarks of the IEEE-ISTO.

3 Existing Solutions Various ZIP archive features: OpenPGP Others?
Various ZIP archive features: Password-based encryption (insecure) Public key crypto (not widely implemented, platform interop issues) OpenPGP Multiple interoperable implementations Various extensions for use with , etc. Encrypt whole document or just a symmetric key using the public key Digital signatures and passphrases, too. Others? Copyright © 2018 The Printer Working Group. All rights reserved. The IPP Everywhere and PWG logos are trademarks of the IEEE-ISTO.

4 Use Cases Protection from intermediaries: submit an encrypted Document for printing that is passed through to the final output device without processing/transforms Protection from alteration: submit a digitally signed Document for printing; the attached signature can be validated by the intermediaries and final output device prior to processing/transforms Secure PIN printing: submit an encrypted Document using a passphrase for printing that is not processed/transformed until the User enters the passphrase at the console (Passphrase is used in the encryption of the Document, not just passed in the Job Creation Request) Copyright © 2018 The Printer Working Group. All rights reserved. The IPP Everywhere and PWG logos are trademarks of the IEEE-ISTO.

5 Requirements Printer needs to advertise support
Printer needs to advertise support If PGP, public key and whether passphrases are supported (and what the repetoire is) Should encryption be supported for all other advertised formats, i.e., a Printer supports any format in encrypted form? Or do we want a parallel list of supported encrypted formats? Client needs to use the encryption info/capabilities from the Printer, somehow tell the Printer the actual format Need a MIME media type multipart/encrypted is not suitable for IPP For PGP, application/pgp-encrypted is just a placeholder followed by an application/octet-stream part containing the encrypted message So maybe define an "application/ipp-encrypted-document" media type? Support digital signatures embedded in encrypted document Copyright © 2018 The Printer Working Group. All rights reserved. The IPP Everywhere and PWG logos are trademarks of the IEEE-ISTO.

6 Possible Solution ("IPP Encrypted Jobs and Documents")
Adopt OpenPGP (RFC 4880) New Printer Description attributes: "pgp-document-format-supported (1setOf mimeMediaType)" List of document formats that can be PGP-encrypted "printer-pgp-public-key (1setOf text(MAX))" PGP public key to use when encrypting documents, can be set by Proxy in infrastructure printing "printer-pgp-repertoire-configured (type2 keyword)" "printer-pgp-repertoire-supported (1setOf type2 keyword)" Provided if additional passphrase is supported at console (to release for printing) New MIME Media Type "application/ipp-pgp-encrypted" PGP-encrypted IPP message containing Job/Document ticket followed by Document data Copyright © 2018 The Printer Working Group. All rights reserved. The IPP Everywhere and PWG logos are trademarks of the IEEE-ISTO.

7 Security Considerations
Need to validate embedded digital signatures and refuse to print if the signature has been altered New "job-state-reasons" value Need to validate public key advertised by Printer If a malicious intermediary provides its own public key then it could decrypt the document Copyright © 2018 The Printer Working Group. All rights reserved. The IPP Everywhere and PWG logos are trademarks of the IEEE-ISTO.

Download ppt "IPP Document Encryption Topics"

Similar presentations

1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P1619.3 April 11, 2007 Andrea Doherty.

1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P April 11, 2007 Andrea Doherty.
Universal Printer Description Format, version 1.0 IEEE ISTO PWG Semantic Model Universal Printer Description Format Print Services Interface IPP IPP Fax.

Universal Printer Description Format, version 1.0 IEEE ISTO PWG Semantic Model Universal Printer Description Format Print Services Interface IPP IPP Fax.
IPP Notification Subscriptions Event Notification.

IPP Notification Subscriptions Event Notification.
1 Copyright © 2009, Printer Working Group. All rights reserved. 1 IPP Working Group Session 14 October 2009 Cupertino, CA - PWG F2F Meeting.

1 Copyright © 2009, Printer Working Group. All rights reserved. 1 IPP Working Group Session 14 October 2009 Cupertino, CA - PWG F2F Meeting.
PKI Implementation in the Real World

PKI Implementation in the Real World
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Lecture 12 e-mail Security. Summary  PEM  secure email  PGP  S/MIME.

Lecture 12 Security. Summary  PEM  secure  PGP  S/MIME.
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Z/OS V14 March 2012. Copyright © 2012 PKWARE, Inc. and its licensors. All rights reserved. PKWARE, SecureZIP, and PKZIP are registered trademarks of PKWARE,

Z/OS V14 March Copyright © 2012 PKWARE, Inc. and its licensors. All rights reserved. PKWARE, SecureZIP, and PKZIP are registered trademarks of PKWARE,
SMUCSE 5349/49 Email Security. SMUCSE 5349/7349 Threats Threats to the security of e-mail itself –Loss of confidentiality E-mails are sent in clear over.

SMUCSE 5349/49 Security. SMUCSE 5349/7349 Threats Threats to the security of itself –Loss of confidentiality s are sent in clear over.
Masud Hasan 03-60-475 Secure Email Project 1. Secure Email It uses Digital Certificate combined with S/MIME capable email clients to digitally sign and.

Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.
LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.

LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.
Wireless and Email Security CSCI 5857: Encoding and Encryption.

Wireless and Security CSCI 5857: Encoding and Encryption.
Masud Hasan 03-60-475 SecueEmail VS Hushmail Project 2.

Masud Hasan Secue VS Hushmail Project 2.
Key Management with the Voltage Data Protection Server Luther Martin IEEE P1619.3 May 7, 2007.

Key Management with the Voltage Data Protection Server Luther Martin IEEE P May 7, 2007.
Chapter 6 Electronic Mail Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.

Chapter 6 Electronic Mail Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.
Digital Filing A Simple Way to Digitally Centralize and Distribute Documents.

Digital Filing A Simple Way to Digitally Centralize and Distribute Documents.
Cryptography and Network Security (CS435) Part Twelve (Electronic Mail Security)

Cryptography and Network Security (CS435) Part Twelve (Electronic Mail Security)
Jaws Digital Courier Justin Coombes Product Manager Jaws Product Line / Global Graphics.

Jaws Digital Courier Justin Coombes Product Manager Jaws Product Line / Global Graphics.
1 Information Security Practice I Lab 5. 2 Cryptography and email security Cryptography is the science of using mathematics to encrypt and decrypt data.

1 Information Security Practice I Lab 5. 2 Cryptography and security Cryptography is the science of using mathematics to encrypt and decrypt data.

Similar presentations

Ads by Google