End-to-End Encryption with HP Printers

Why End-to-End-Encryption?

Encrypting communication that takes place via the internet is now considered standard. This applies not only to online banking, but also to normal corporate websites or chat in social networks like WhatsApp. This trend increased in pace in the summer of 2013 with Edward Snowden’s revelations and even further with the Safe Harbor ruling by the European Court of Justice in October 2015.

On the other hand, print jobs are still sent to network printers mostly unencrypted. This is mainly due to the fact that print data doesn’t usually leave the company network. But here too, awareness of data security is increasing. From the point of view of data protection, personal data should never be sent in an unencrypted way over a network, because network analysis tools make it very easy to read the data traffic, and that includes print data. So the best choice is end-to-end-encryption.

Scenarios

In corporate networks, sensitive data shouldn’t be stored on workstations because the data can easily be stolen together with the hardware. In addition, the programs that handle such data shouldn’t run directly on a workstation, but rather on a terminal server or on virtual desktops. This means that the data is always stored in the data center and can be centrally protected against unauthorized access.

However, when printing sensitive data, it must leave the data center. Data must be sent to the printer via the corporate network. In order to ensure the necessary levels of protection, encryption of print data is also a sensible approach. The data is encrypted on the terminal server or on a print server, sent to the printer, and then decrypted in the printer (see scenarios below).

 Printing from a terminal server

End-to-end encrypted printing from a terminal server

 

printing from a print server

End-to-end encrypted printing from a print server

 

Putting It Into Practice with ThinPrint

In order to profit from End-to-End Encryption, you will need a server to install the ThinPrint Engine, the ThinPrint License Server, and certificates for encryption, as well as an HP printer with the FutureSmart option (see below), where you install the ThinPrint Client and a certificate for encryption.

To install the ThinPrint Client on the HP printer, open its web interface, log in as an administrator, and select Solution Installer (see screenshot below). Here you can upload the software and then start the installation by clicking Install.

 

 Installation of ThinPrint Client

Screenshot 1: Install the ThinPrint Client on an HP printer

 

certificate management für end-to-end encryption

Screenshot 2: Upload the certificate in the security section

Then you can activate the end-to-end-encryption with Use SSL in the ThinPrint Client and select the uploaded certificate (Screenshot 3). Click on Save to complete the configuration.

Use SSL

Screenshot 3: Enable end-to-end encrypted printing in the ThinPrint Client

 

Which HP Printers are Suitable?

The HP FutureSmart option is required for installing the ThinPrint Client on an HP printer. This is integrated in all more recent multifunction printers, in all printers with an enterprise model name (such as HP OfficeJet Enterprise Color X555) and in a number of other printers, such as: HP Color LaserJet 500 M551
HP Color LaserJet 500 M575 MFP
HP Color LaserJet 700 M775 MFP
HP Color LaserJet CM4540 MFP
HP Color LaserJet CP5520 Series
HP Color LaserJet Enterprise Flow M680 MFP
HP Color LaserJet Enterprise Flow M880 MFP
HP Color LaserJet Enterprise M651
HP Color LaserJet Enterprise M855
HP Color LaserJet M552
HP Color LaserJet M553
HP Color LaserJet M577 MFP
HP LaserJet 500 M525 MFP
HP LaserJet 600 M601
HP LaserJet 600 M602
HP LaserJet 600 M603
HP LaserJet 700 Printer M712
HP LaserJet Color M750
HP LaserJet Flow MFP M630
HP LaserJet M4555 MFP
HP LaserJet M506
HP LaserJet M527 MFP
HP LaserJet M604
HP LaserJet M605
HP LaserJet M606

Is End-To-End Encryption Available for Printers from Other Manufacturers?

Yes – the ThinPrint Clients that support encryption are also available for printers from the following manufacturers:
Brother (integrated ThinPrint Client)
Fuji Xerox (integrated ThinPrint Client)
Konica Minolta (integrated ThinPrint Client)
Kyocera (integrated ThinPrint Client)
Ricoh (ThinPrint Client for installation on Java 2.x or 4.x)
Samsung (integrated ThinPrint Client)
Triumph-Adler (TA)/UTAX (integrated ThinPrint Client)
Citizen (ThinPrint Client on PS112 network card from SEH)
Epson (ThinPrint Client on PS107 network card from SEH)

An external gateway appliance with integrated ThinPrint Client can be used for all other types of printers, which is simply connected to the printer via USB (which means that the decrypted data cannot be accessed from the network). The ThinPrint Hub and the SEH PS03a are suitable for this purpose.

Further information about end-to-end encryption and other ThinPrint features can be found in the manual.

Herbert Hemke Avatar
Herbert Hemke