KPAX Data Collector Security Note

Security Overview

KPAX is committed to providing software solutions that are safe and can be used in all network environments. The KPAX solution collects only the information that is useful and necessary for the management of the fleet of print systems.

The agent is not able to collect this information until it is available in the device's memory. No information on print jobs is collected. No user data is collected.

This section discusses the network aspect and component security :

KPAX Agent (KPAX collector available for Microsoft Windows)
KPAX Liberty (Hardware Liberty box)
The collection technologies used
A simulation of the network footprint generated by our agents

Technical architecture diagram

Printing device

Prerequisites
- SNMP V1, V2 (or V3; available only for Windows agents) active on print devices
- Equipment accesible from the device on which the agent is installed

Communication between agent and device

KPAX Agent Software Collection Agent

Prerequisites
- Windows Server 2012, Windows 7 or higher environment
- .Net framework 4.6.2 and .Net Core 6 installed (will be installed automatically if needed)
- Administrator account required at installation
- Connected to the network

KPAX Server

Microsoft Azure Cloud Hosting

Access to the KPAX portal

KPAX is a web application compatible with the majority of web browsers.

KPAX Liberty box

It must be plugged into an ethernet socket connected to the network, and powered by the mains adapter.

- Port 443 | AES 256bits encryption | Communication to KPAX Liberty servers liberty.kpax-manage.com and rescue.kpax-manage.com

Note
- Powered with adapter (POE Optional)
- Connected to the Ethernet network

Liberty Server

Bluemega Cloud Hosting

Secure communication

Port 443 | HTTPS*

The certificates used by our KPAX cloud servers use 4096-bit RSA keys. These certificates have a maximum lifespan of 90 days and are renewed every 60 days.

The nature of the information collected

KPAX Agent collects the following information :

Data collected :

Identification of equipment

Manufacturer
Model
Serial number
IP address
Mac address
Network name

Hardware feature

Typology (MFP, printer, ...)
Technology (laser, inkjet, ...)
Colour support
Duplex support
Installation date
Firmware
Location (information provided from equipment)

Use of hardware

Main counters (machine counter, color, mono)
Advanced counters (printing, copying, scanning, fax, A3, A4, Duplex)
Manufacturer counters
Supplies and service parts
Technical status (LCD panel and additional information)

KPAX Agent (software)

KPAX Agent is software that is installed in a Windows environment (preferably server or user workstation) capable of reaching printing systems. KPAX Agent runs as a Windows® service allowing it to operate 24 hours a day, 7 days a week, even without user login. At a regular and defined frequency, the Windows service discovers the print estate (defined by IP address ranges, fixed IP or host names) and collects general information, counters, ink levels, wear parts as well as alerts / LCD panel messages.

KPAX Liberty (hardware unit)

The KPAX Liberty agent is a piece of hardware entirely designed by KPAX's engineering teams, and is manufactured in France. It frees you from the installation of a software agent. It does not have an operating system (Linux, MacOs, Windows or Unix) but has a firmware which makes it much more secure than a computer or a Raspberry Pi. In addition, all the data it collects is secure by AES 256 bit symmetrical private key.

Information collection and transmission methods

KPAX Agent and KPAX Liberty collect information from printing systems using SNMP, ICMP, HTTP and HTTPS protocols. The data collected by these agents is transmitted to the reference KPAX server via HTTPS (port 443). KPAX Liberty transmits its collection data via port 443 using AES 256bit encryption.

Optional remote update (for KPAX Agent)

KPAX Agent has an optional automatic update feature. The automatic update will periodically check if a new version of the software is available. The update also provides the latest version of the collection intelligence. For KPAX Liberty, updates are made automatically and completely securely using 256-bit AES. This allows the Liberty box to be constantly up to date.

Network traffic

Network traffic generated by the KPAX Agent (or KPAX Liberty) is minimal. It varies depending on the number of IP addresses that are analyzed on the network. The table below shows the approximate network load associated with the collector compared to the approximate network load associated with loading a single web page.

Event	Size (approximate value)
Loading a simple standard web page (google.com)	About 35ko
Scan discovered, no IP address	About 1ko
Full scan - 8 devices	About 4ko
Scan of counters - 8 devices	About 3ko
Scan of supplies - 8 devices	About 1ko
Scan of maintenance parts - 8 devices	Between 2ko and 4ko
Scan alerts - 8 devices	About 2ko