Application communication
By default SafeQ uses SSL based, authenticated encryption for all application level data transfers (server-terminal, inter-server) based on built-in RSA keys and X509 certificates. Keys and certificates can be replaced by customer certificates and are stored on the file system in encrypted file (using built-in, non-trivial password).
Print Data Encryption Options
Option | Description | Pros & Cons |
No Encryption | Data are transferred over network in plain form | 
This is default configuration
Network data transfers are not secured by any means other than network security
|
IPsec | Encrypted Print Data from Workstation to SafeQ (Print) Server and from Server to Printer |
Doesn't need any software at the workstation or special configuration of SafeQ application
Requires IPsec support on all Workstations, Printers and Print Servers
Data on the print server are not encrypted and requires Security setup at the Server |
Application based SSL encryption (Server-Printer) | Encrypted Print Data From SafeQ (Print) Server (shared printer) and from Server to Printer |
Doesn't need support on infrastructure/network level
Data on the print server are not encrypted and requires Security setup at the Server 
Key management: SafeQ server retrieves Printer Certificate at first connection and uses the certificate until administrator removes the certificate via web interface
Printers must support IPP over SSL communication.
|
Application based SSL encryption (Workstation-Printer) | Encrypted Print Data from Workstation to SafeQ (Print) Server and from Server to Printer |
Doesn't need support on infrastructure/network level
Requires print drivers and SafeQ client to be installed on all workstations. SafeQ provides unattended deployment, however it needs to be configured PER LOCATION (SafeQ server address)
Data on the print server are not encrypted and requires Security setup at the Server
Key management: Windows Client uses standard system key store to get server certificates. SafeQ server retrieves Printer Certificate at first connection and uses the certificate until administrator removes the certificate via web interface
Printers must support IPP over SSL communication. |
Application based PKI encryption | Encrypted Print Data from Workstation to Printer |
Print data are encrypted all the way, including data-at-rest on the server.
Requires print drivers and SafeQ client to be installed on all workstations. SafeQ provides unattended deployment, however it needs to be configured PER LOCATION (SafeQ server address)
Requires Smart Card Based PKI and SafeQ Hardware at every Printer
Printers must support IPP over SSL communication. |
By default, SafeQ doesn't use any type of print data encryption. Print data encryption can significantly (5x) slow down the print speed.
Data-at-rest (Print Server) Encryption Options
Option | Description | Pros & Cons |
BitLocker/EFS | System-based encryption of print data at server and data access limited to SafeQ service only |
Doesn't need any software modifications/configuration of SafeQ application
Domain administrator is able to access and copy data from the server |
Application based encryption on server | Encryption of print data at server using hard-coded encryption key |
Requires software modifications/configuration of SafeQ application = currently not supported
It is non-trivial for Domain administrator to access and copy data from the server, however not impossible (via decryption of hard-coded key) |
Application based encryption at workstation | Encryption of print data at server using random key, generated with every print job and stored to SafeQ database, encrypted by hard-coded key |
Requires software modifications/configuration of SafeQ application = currently not supported
Requires print drivers and SafeQ client to be installed on all workstations. SafeQ provides unattended deployment, however it needs to be configured PER LOCATION (SafeQ server address)
It is non-trivial for Domain administrator to access and copy data from the server, however not impossible (via decryption of hard-coded key) |
By default, SafeQ doesn't encrypt the data at the server.
Scan Data Encryption Options
Option | Description | Pros & Cons |
No Encryption | Data are transferred over network in plain form |
This is default configuration, MFPs scan using email, FTP or SMB protocols (authenticated, un-encrypted)
Network data transfers are not secured by any means other than network security |
IPsec | Encrypted Scan Data from MFP to SafeQ (Print) Server |
Requires IPsec support on MFPs and Print Servers
Data on the print server are not encrypted and requires Security setup at the Server
Doesn't have any additional requirements to MFPs, SafeQ Server and Mail/File Servers |
Application based SSL encryption (MFP-Server) | Encrypted Scan Data From MFP to SafeQ (Print) Server |
Doesn't need support on infrastructure/network level
Data on the print server are not encrypted and requires Security setup at the Server
MFP must be able to send data via WebDAV/S - and modification at SafeQ level is required
Key management: SafeQ server retrieves Printer Certificate at first connection and uses the certificate until administrator removes the certificate via web interface |
Application based SSL encryption (MFP-Server-Email) | Encrypted Scan Data From MFP to SafeQ (Print) Server and Mail Server |
Doesn't need support on infrastructure/network level
Data are not stored on the server, but removed immediately after delivery
MFP must be able to send data via WebDAV/S - and modification at SafeQ level is required
SMTP server must support SSL communication - and modification at SafeQ level is required
Key management: SafeQ server retrieves Printer Certificate at first connection and uses the certificate until administrator removes the certificate via web interface |
By default, SafeQ doesn't use any type of print data encryption. Print data encryption can significantly (5x) slow down the print speed.
Printers must support IPP over SSL communication.