Devices, such as printers, are increasingly being provided with network interfaces. Though such interfaces may have been conceived initially for the delivery of data, once they are present they can be used for a tremendous and increasing variety of management functions. Allowing devices to be managed and operated remotely has tremendous, and as yet unacknowledged, security implications.
At present, security for remote management and use of network devices is achieved by simple password-based security programs. For example, the Web JetAdmin software by Hewlett Packard, that allows remote management of many of Hewlett Packard's printers, uses a number of passwords to protect administrative functions. However, password-based security systems are easy to defeat, and a password often allows access to every device on the network.
Internet Protocol Security (IPSec) is a developing standard for security at the network or packet processing layer of network communication. Earlier security approaches have inserted security at the application layer of the communications model. IPSec can be used to implement virtual private networks and for remote user access through dial-up connection to private networks. A big advantage of IPSec is that security arrangements can be handled without requiring changes to individual user computers. Cisco has been a leader in proposing IPSec as a standard (or combination of standards and technologies) and has included support for it in its network routers.
IPSec provides two choices of security service: Authentication Header (AH), which essentially allows authentication of the sender of data, and Encapsulating Security Payload (ESP), which supports both authentication of the sender and encryption of data as well. The specific information associated with each of these services is inserted into the packet in a header that follows the IP packet header. Separate key protocols can be selected, such as the ISAKMP/Oakley protocol.
Digital certificates and encryption/decryption keys can be given to devices for security purposes. The IPSec security protocol (Request for Comments (RFC) 2401, 2408) has a concept of certifying the endpoints of IP-based communications (e.g. routers, gateways, and personal computers). Such devices use their certificates in key exchange protocols to allow them to encrypt and authenticate Internet Protocol (IP) packets sent between them. However, other than this narrow application, the devices are treated more or less as passive certificate containers.
The new Internet Printing Protocol (IPP), designed to allow access to printers over the Internet, takes two very basic approaches to security (RFC 2566). First, it suggests the optional use of Secure Sockets Layer (SSL) to connect to an IPP object (printer/print server), and second, it allows the incorporation of a non-human-readable name in the field used to identify the sender of a job. IPP objects which participate in SSL/TLS can use public key cryptography and digital certificates to do so. For example, the IPP objects will use SSL to authenticate the server end of a connection using a digital certificate.
The prior art also refers to the idea of securing software downloads by signing downloadable code with a key trusted by the code receiver. Examples are Microsoft's Authenticode and related work described in U.S. Pat. No. 5,978,484. See also U.S. Pat. No. 5,825,877 assigned to IBM. Such systems have been applied to firmware upgrades. However, this still allows anyone with network access to order the download. What is needed is a process of identifying the administrator ordering the download before allowing the upgrade to proceed.