15
White Paper: Canon imageRUNNER ADVANCE Security
Digital Signature PDF (Device and User Signature)
Within Scan and Send, users can add digital signatures that verify the source and authenticity
of a PDF or XPS document. When recipients open a PDF or XPS file that has been saved with a
digital signature, they can view the document’s properties to review the signature’s contents
including the Certificate Authority, system product name, serial number and the Time/Date
stamp of when it was created. If the signature is a device signature it will also contain the
name of the device that created the document, while a user signature verifies the identity of
the authenticated user that sent or saved the document.
The Device Signature PDF and the Device Signature XPS mode use the device signature
certificate and key pair inside the machine to add a digital signature to the document, which
enables the recipient to verify the device that scanned it. If the optional Digital User Signature
PDF kit is activated, users can install a digital signature that embeds their name and e-mail
address to confirm their identity as the source of the document and provides notification if
changes have been made. In order to use Digital User Signature Mode, SSO authentication
must be enabled and a valid certificate installed on the device.
Canon imageRUNNER ADVANCE systems also support a feature called PDF Visible Digital
Signature, which forces the display of the digital signature on the first page of the PDF file
rather than recipients having to open the document’s properties. Users can select the visible
signature from the Scan and Send screen and choose its position and orientation on the page.
This not only makes the digital signature more prominent, but also ensures that the digital
signature appears on any printed versions of the document.
Copy Set Numbering
All imageRUNNER ADVANCE systems support the ability to add copy set numbers to copied and
printed output in a user-defined region on the page. Copy set numbering offers a means to
track documents by the set number that a recipient receives.
Adobe LiveCycle Rights Management ES*
In general, once a PDF is created it can be openly exchanged if it is unencrypted and/or not
secured by a password. Organizations that require more precise control over their information
can integrate an imageRUNNER ADVANCE system with an Adobe LiveCycle
®
Rights
Management ES server. The Adobe LiveCycle Rights Management ES application makes it
possible to enforce dynamic document policies for choosing the authenticated users that
are authorized to view its contents, define expiration dates, track distribution and define
watermarks. Once the document’s privileges have been set, it will contact the Adobe
LiveCycle
®
Rights Management server over the Internet to enforce the latest policy.
Document Scan Lock & Trace
The optional Document Scan Lock & Tracking feature of imageRUNNER ADVANCE systems
enables documents to include embedded tracking information such as usernames, date
stamps, and device name within the background. The embedded information is not readable
by users, and can only be accessed by system administrators. The tracking information can
also contain policy information that determines whether the document can be copied or
scanned on another imageRUNNER ADVANCE systems with Document Scan Lock enabled.
Please refer to Section 6 — Logging & Auditing on page 30 for a more detailed description on
the Document Scan Lock & Trace feature.
* The PDF/A-1b and Encrypted PDF file formats are not compatible with Adobe LiveCycle
®
Rights Management ES.
Section 3 – Information Security
