With a server-based system such as miRicoh, it is important that security is an integral part of the system.  With the upcoming version 2, we have greatly changed the internals of miRicoh and amongst the changed features, we have overhauled the security system. 

Our initial release of miRicoh some time ago, was largely concerned with presenting the information on the MFD to connected clients and allowing some of that information to be controlledby clients.  Alongside all the features version 1 had, we now have job control and the ability to extend miRicoh using custom attributes.  With this level of control, it means that miRicoh can be controlled from a connected client in many ways and as such security becomes very important.

We have implemented several layers of security to control access to the functionality of miRicoh.  Firstly, authentication can be enforced.  This ensures that only clients with the correct username and password can connect.  Secondly, all communications can be secured with SSL, including all access of the control panel of miRicoh and all communications with the core system.  These two features bring a level of security comparable to that of most secure websites and servers.  However, with miRicoh, we have introduced a further level: trusted clients.

A trusted client in this context is a client that is able to execute 'secured' commands on miRicoh.  Using either a pre-defined configuration, or by creating an appropriate configuration, certain commands that miRicoh will perform can be marked as being secured.  If a billing system was connected for example, then only the billing system should have permission to set a users balance (an extended miRicoh attribute), as otherwise, other connected clients may be able to manipuate this sensitive piece of information.  In order to achieve this, we have implemented a challenge/response system, accompainied by a digital signature.

miRicoh sends out, to authenticated clients connected via SSL only, a challenge token consisting of a random string.  Within miRicoh, a public key is set, and within the target client a private key is set.  When the client recieves this challenge token, it must sign it, using its private key and then attach this signature to each command it issues.  If a client attempts to execute a secured command on miRicoh, then the presence of this signed challenge token will be checked for, and the validity of the signature checked against the public key stored within miRicoh.  If the signature is valid for the current challenge token then the secured command will be executed.

To recap here then, to be a trusted client that can execute secured commands the following all must be in place:

• The client must be connected over SSL and be authenticated with the correct credentials
• The client must sign the servers challenge token with its private key and return this with commands
• The server will attempt to verify this signature using the public key (ensuring the origin of the command)
• Only when all the above is successful, the command is executed