Lexmark CAC Common Access Card Reader 14T0370 14T0380
14T0370 39V3540 (New)
The Lexmark CAC solution has a rich set of customization capabilities allowing only an authorized user access to specific workflows. Global restrictions may be set such that all users may print jobs, copy and fax normally without CAC authentication, and only require authentication for scanning and other network functions. Users may also be placed into Active Directory (AD) groups allowing function access only to those who are authorized.
User desktops may be set up with the Lexmark Confidential Print feature so that all print jobs are held at the MFP until the user authenticates with their CAC. For improved workflow efficiency this solution may be integrated with Lexmark’s Document Solutions Suite and the Lexmark Print Release solution allowing the user to retrieve the print job at the most convenient CAC enabled Lexmark MFP.
Integrated architecture blends hardware and software into a secure network access solution
The Lexmark Common Access Card authentication solution is comprised of three core components:
Lexmark Network Multifunction Printers (MFPs)
Lexmark monochrome and color MFPs are an on-ramp for capturing paper-based data and documents electronically, enabling digital sending, information sharing, and workflow processes – efficiently, reliably and cost effectively. Authorized users may walk up to the MFP and perform any function with no special training—the interactive e-Task touch screen interface is designed for easy, efficient, and flexible access to office functions.
Lexmark Authentication Software
This Lexmark software validates the CAC credentials and PIN to obtain the certificate chain and authorizes access to the network and use of the MFP functions. User preferences, network folders and application permissions are also retrieved and implemented after authorization.
Common Access Card Reader
The reader is compliant with the NIST standards for CAC and HSPD-12 PIV cards. This device reads the CAC data to initiate the authentication process and secures the card in the device while the MFP tasks are performed.
Lexmark Common Access Card (CAC) authentication solution. The reader provides authentication capability to limit access to MFP functions to authorized users.
Included are the following items.
- Smart card reader
- Special firmware
- Embedded application to be run on the MFP
- Require user authentication for access to all functions or allow copy or fax without authentication, only restricting network functions
- Authorization limits for access to functions restricted by AD user groups
- Allow users without a CAC access to the machine with limited functionality
- Scan to e-mail
- Scan to file
The following updates have been added to the Lexmark Common Access Card solution.
More advanced securing options when the “scan to e-mail” function is used.
Secure/Multipurpose Internet Mail Extension (S/MIME) that allows users to encrypt and digitally sign e-mail messages sent from MFPs
A Simple Mail Transfer Protocol (SMTP) login option that validates users before e-mails are sent from MFPs
User group authentication that gives administrators the ability to control user access to specific functions based on Active Directly group membership
Installation of the Common Access Card (CAC) reader requires in-depth knowledge of your particular network environment. Contact your system support person or help desk for installation support.
Installation support information and software for the CAC reader are available for 90 days after purchase through one of the following methods.
The Common Access Card Reader attaches to the MFP via a USB cable.
Physical dimensions of the Lexmark Common Access
Length 2.95 in. (75 mm)
Width 2.95 in. (75 mm)
Height 1.18 in. (30 mm)
Weight. 25 lb. (.11 kg)
Authentication and Workflow
Lexmark’s CAC solution for MFPs follows the same protocol as current laptop and PC CAC authentication processes. The CAC reader and eTask MFP touch screen make authentication simple and secure.
The user inserts his CAC into the MFP’s card reader and is prompted to enter his PIN.
The MFP validates the PIN against the CAC then extracts the PKI certificates from the CAC and sends them to the Windows domain controller for validation. The domain controller response may be validated at the MFP or against an OCSP Responder / /Repeater.
When validation is successful, the MFP home screen appears and user preferences and other system parameters are implemented. The user can then perform MFP functions such as scan to e-mail (digitally signed and encrypted), scan to home (or other) network folder, scan to document management system, etc.
As long as the CAC remains in the reader, no additional login is required to perform additional MFP functions. The user will remain logged in as long as the CAC is in the reader. Removing the CAC will return the MFP to its locked, secure state.