HP Color LaserJet CM2320 HP LaserJet MFP Products - Smartcard Authentication S - Page 4

HP Common Access Card Solution March 2007 4 Session Sequence The following represents the sequence of events for a user's CAC session: • User selects feature using "DoD CAC" Authentication Agent at the HP MFP • User is prompted to insert CAC • User inserts CAC into attached card reader • CAC is validated - accomplished by the following steps - User is prompted to enter PIN - PIN is validated - Certificate is read from CAC - Verify that certificate is not revoked by checking CRL/OCSP • Call Kerberos Pkinit with certificate • Kerberos Pkinit returns encrypted tickets • Kerberos Pkinit decrypts tickets with private key from CAC • Kerberos Session Ticket used to call LDAP Active Directory lookup • Active Directory user information returned • User selects Send to e-mail or Scan to network folder • Active Directory user information applied to Send to e-mail or Scan to network folder • User takes CAC out of reader, ending the session • Certificate temporarily stored on device is securely erased Page 4