Adding a Digital Signature to Scanned Data

Adding a digital signature to scanned data when sending it as a PDF or XPS file can guarantee the author of the file and prove that the document has not been tampered with.
To add a digital signature to scanned data, you must generate and register a key and certificate according to the digital signature type in advance.
Digital Signature Types
Generating and Registering a Device Signature Key and Certificate
Registering a User Signature Key and Certificate
NOTE
Adding a Digital Signature When Actually Scanning
For details about how to add a digital signature when actually scanning, see the following:
Adding a Digital Signature to Scanned Data
Verifying a Digital Signature on the Viewer Side
For details about verifying a certificate and registering it to a trusted certificate list, see the manual of the applications to be used to view scanned data.

Digital Signature Types

You can select from a device signature or user signature when having the machine add a digital signature to a file.
* A user signature cannot be added when forwarding a received I-Fax from the machine.

Device Signature

Adds a signature using a key and certificate to prove to the viewer the device that was used to create the scanned data. The viewer can confirm whether the document has been tampered with.
To add a device signature, you must generate and register a key and certificate (device certificate) to use for the device signature in advance on the machine. Generating and Registering a Device Signature Key and Certificate

User Signature

Adds a signature after performing user authentication to prove to the viewer the person who created the scanned data. In the same way as a device signature, a user signature enables the viewer to also confirm whether the document was tampered with after being signed.
To add a user signature, you must generate a key and certificate (user certificate) issued in advance and register them to the machine.
The user certificate has an expiration date. If a user signature was added before the expiration date and the viewer tries to verify the signature after the certificate has expired, the user signature is no longer valid. It is recommended to have a new user certificate issued while considering when signature verification will be performed.
NOTE
Displaying a Digital Signature (Visible Signatures) (PDF Files Only)
By setting a visible signature when adding a digital signature, you can display the signature information on the first page so that it is easy to see that a digital signature has been added to the PDF file. Adding a Digital Signature to Scanned Data
When Adding Multiple Signatures
A device signature and user signature are added in that order.
Only the signature added last is valid for verification. All other signatures are treated as having been modified when another signature is added.

Generating and Registering a Device Signature Key and Certificate

You can generate and register to the machine the key and certificate (device certificate) to be used for a device signature. After you register a device certificate, you can add the machine name as a signature to a scanned document.
* You can register only one key and certificate for device signature.
 
This section describes how to generate and register a certificate using Remote UI from a computer.
On the control panel, select [ Settings/Registration] in the [Home] screen or other screen, and then select [Management Settings] to generate and register a certificate. [Certificate Settings]
Administrator privileges are required.
1
Log in to Remote UI as an administrator. Starting Remote UI
2
On the Portal page of Remote UI, click [Settings/Registration]. Remote UI Portal Page
3
Click [Device Management] [Key and Certificate Settings].
The [Key and Certificate Settings] screen is displayed.
4
Click [Generate Key]  [Device Signature].
The [Device Signature] screen is displayed.
5
Click [Generate/Update] [OK].
The generated key and certificate are registered with the name "Device Signature Key" to the list of keys and certificates on the [Key and Certificate Settings] screen.
6
Log out from Remote UI.
NOTE
When the Device Signature Key Icon Is Displayed as []
The key is corrupted or invalid. Repeat the procedure above to update the key and certificate.
Confirming and Verifying a Generated Certificate
Click the key name (or certificate icon) in the list of keys and certificates on the [Key and Certificate Settings] screen to display the certificate details.
* You can use [Certificate Thumbprint] on the certificate details screen to confirm sender information that the viewer of the file can use to confirm the reliability of the certificate by matching it with the SHA-1 message digest number.
You can click [Verify Certificate] on the certificate details screen to verify the validity of the certificate.
Always Adding a Device Signature When Sending
You can configure the settings to always add a device signature when scanned data is sent as a PDF or XPS file, regardless of the settings used when scanning. In addition, by setting restrictions to allow only PDF or XPS files to be sent, you can ensure that files without a device signature cannot be sent. [Always Add Device Signature to Send]

Registering a User Signature Key and Certificate

You can register to the machine the key and certificate (user certificate) to use for the user signature, and send the public key certificate to the viewer. After you register the key and certificate, you can add the login user name as a signature to a scanned document.
 
Register a certificate using Remote UI from a computer. You cannot use the control panel to register a certificate.
Required Preparations
Check the conditions of the key and certificate that can be used with the machine. Security and Management Function Specifications
Prepare the key and certificate file for the user signature.
When you want to add a digital signature that can only be used for proof within a limited scope (such as within a company), you can generate the key and certificate for the user signature by installing the Internet Information Services (IIS) module of a Windows Server on the computer.
* This digital signature cannot be used for proof to a viewer outside the scope.
Check the password of the private key set in the key and certificate file.
1
Log in to Remote UI. Starting Remote UI
2
On the Portal page of Remote UI, click [Settings/Registration]. Remote UI Portal Page
3
Click [Device Management] [User Key and Certificate Settings].
The [User Key and Certificate Settings] screen is displayed.
4
Click [Install].
The [Install User Key and Certificate] screen is displayed.
5
Click [Choose File], and specify the file to be installed.
6
Enter the private key password, and click [Start Installation].
The installed key and certificate is registered to the list of keys and certificates on the [User Key and Certificate Settings] screen.
7
Log out from Remote UI.
8
Send a public key certificate to the viewer.
A public key certificate that can be used to verify a user signature added to scanned data can be sent to the viewer in advance.
NOTE
Viewing and Verifying Detailed Information of a Registered Certificate
You can check the details of a certificate by clicking the login name (or certificate icon) in the list of keys and certificates on the [User Key and Certificate Settings] screen.
* When the user is logged in as an administrator, all keys and certificates for user signatures registered in the machine are displayed. When the user is not logged in as an administrator, only the keys and certificates for the login user are displayed.
On the certificate details screen, you can click [Verify Certificate] to verify whether the certificate is valid.
A08C-1SU