HP Color LaserJet CM2320 HP LaserJet MFP Products - Smartcard Authentication S - Page 2

HP Common Access Card Solution March 2007 1 Introduction The Common Access Card (CAC) is a United States Department of Defense (DoD) smartcard issued as standard identification for military personnel and contractor personnel. The CAC is used as a general identification card as well as for authentication to enable access to DoD computers and networks. The HP Common Access Card Solution extends the CAC to the HP MFP devices. Users are able to authenticate at the MFP by inserting their CAC into an attached card reader and entering their PIN. After their card is accepted, the user can send E-mail or Scan documents to folders. The user ends their session by removing their CAC card from the device's card reader. Figure 1 - Example DoD Common Access Card 2 Methodology The CAC session begins when the user inserts their CAC card into the HP MFP card reader. § The card is validated against the PIN entered by the user. § The certificate stored on the card is checked for a valid expiration date, then against the Certificate Authority server that it has not been revoked. § The CAC certificate is used for Private Key-Public key authentication to establish and decrypt a Kerberos session key. § The session key is used to obtain a client/server ticket to access Active Directory using LDAP to obtain the user's e-mail attributes and folder permissions. The session ends when the user removes the CAC from the card reader. Page 2