Memjet assures secure licensing and manufacturing with nShield
In the past, marketing was based on volume. Marketers created one message and printed high-volumes of that message for a wide audience. This type of marketing required the use of printing presses that could keep pace with the volume, not the message.
Today, as consumers demand more personalized experiences from the companies they work with, this type of mass-communication is being replaced with more personalized messages. The presses that once produced such big volumes of print were not capable of creating small, customized messages that add value.
Enter Memjet. Driven by passion for innovation and a desire to change the printing industry, the company provides digital inkjet technology that enables unmatched simplicity, speed and profitability for its customers. Memjet designs and develops a modular printing technology that includes printheads, inks, data paths, and modules. Providing this complete sub-system results in printhead optimization, which, in turn, enables its OEM partners to easily integrate Memjet technology into their custom-built printing solutions and successfully deliver the type of communications that make brands successful.
Secure Licensing and Manufacturing
Rather than directly manufacture and sell printers, Memjet licenses its technologies and sells system components to original-design- and original-equipment-manufacturing (ODM/OEM) partners. This allows these partners to build their own unique product offerings. As a result, Memjet needs to securely support remote manufacturing models, where new Memjet-powered printers are created. This occurs at manufacturing facilities controlled by Memjet partners and even subcontractors to those partners.
“Our core technology is in our printhead,” says Bill Kavadas, senior director, Information Systems at Memjet. “We use the same printhead in a number of different printers with different attributes and price points. In addition, our OEM partners sell our components as printers at different price points in many different market segments. Consequently, we need to give these printers and components an identity for a particular model, brand or OEM, and we need to securely incorporate licensing information.”
Memjet assures the quality of the end-customer experience by ensuring that authentic and appropriate components and consumables are used with a given model, family, or brand of printer. To do this, Memjet includes an unconfigured quality assurance chip in printer modules and components. During the remote manufacturing process, the chip is configured to give the printer or component its unique identity and attribute set. This component information needs to be generated securely and digitally signed prior to installation at the remote ODM/OEM facilities.
Updating Key Management and Signing
In addition to implementing this always-on manufacturing infrastructure, Memjet wanted to refresh its back-office cryptographic key management and signing infrastructure. The functionality in this area represents an entirely different set of requirements, such as those for security around multi-factor operator authentication with an enforced minimum quorum on intentionally offline/air-gapped key management systems.
Memjet knew hardware security modules (HSMs) could meet this need. HSMs are hardened, tamper-resistant hardware devices that strengthen encryption practices by generating keys, encrypting and decrypting data, and creating and verifying digital signatures. nCipher’s nShield HSMs are certified at various FIPS 140-2 Levels and are frequently used to:
- Achieve higher levels of data security and trust
- Maintain high service levels and business agility
- Meet and exceed established and emerging regulatory standards for cybersecurity
Memjet’s technical group looked at various general-purpose HSMs to determine how each would map onto Memjet’s requirements and how much development effort each would require to integrate into Memjet’s manufacturing system. This required understanding a large amount of detail for each offering and how it might be used.
According to Robert Fairlie-Cuninghame, Memjet’s QAI technical lead/ architect, “nCipher’s nShield sales team provided excellent local and remote support during this evaluation period and was invaluable to the process. The excellent depth, breadth and quality of the product documentation gave us confidence that the solution was well thoughtout and supported. nCipher’s willingness, in short order, to provide a demonstration unit, necessary documentation and excellent support really impressed us and made it much easier to evaluate the nShield technology.”
Because Memjet has multiple facilities and multiple needs it chose to deploy two kinds of nShield HSMs. Fairlie-Cuninghame explains “For the always-on manufacturing infrastructure, the nShield Solo HSMs were the obvious choice for use in rack-mounted servers; however, for the air-gapped systems involving human operators, we deemed the nShield Edge HSMs to be more convenient.”
nCipher’s nShield HSMs differentiated themselves in a number of ways, Fairlie-Cuninghame says. “Support for key management using smartcards with multi-factor authentication and minimum K of N operator enforcement is fully integrated into the core security technology as well as the provided core utilities. This was one of the main clinchers, and meant that with little or no software development, we could natively create and manage keys protected in this manner using just the provided utilities.”
Kavadas adds “The nCipher nShield HSMs are state of the art and have, therefore, enabled us to use a more sophisticated and secure chip in our technology. In addition, using nShield’s Remote Administration, we can remotely access our HSMs and change or modify operations and prevent problems. This is a great advantage; in the past we’ve had to travel to HSMs to reset them. I don’t know that we could do what we do with software and have the kind of security we’re looking for without the nShield HSMs.”
Memjet’s initial deployment includes nShield HSMs in the U.S., Australia and three sites in Asia.
Kavadas says Memjet has seen the following benefits from using the nShield HSMs:
- Increased end-customer quality assurance
- Increased overall security environment
- The ability to securely execute the company’s own software within the security boundary of the HSM, via nCipher’s unique CodeSafe technology.
- The ability to use smart cards for K/N authentication of cryptographic keying operations.
- The ability to remotely manage and rekey HSMs for local and global production systems resulting in reduction of travel costs.
- Futureproofing Memjet’s Intellectual Property
- Assure the quality of the end-customer experience by ensuring authentic and appropriate components and consumables are used with a given model/family/brand of printer across a decentralized worldwide system of licensed ODMs/OEMs
- Secure licensing
- Secure authorization and auditing of manufacturing activities
- Refresh back office cryptographic key management and signing infrastructure
- nShield Solo HSMs for always-on manufacturing
- nCipher CodeSafe for secure on-HSM execution of Memjet licensing information
- nShield Edge HSMs for air-gapped systems with human operators
- nShield Remote Administration
- End-customer quality assurance
- Updated system using more sophisticated security technology
- Increased security
- The ability to implement Memjet’s own software
- The ability to remotely manage HSMs
- The ability to use smart cards
ABOUT NCIPHER SECURITY
nCipher Security, an Entrust Datacard company, is a leader in the general-purpose hardware security module (HSM) market, empowering world-leading organizations by delivering trust, integrity and control to their business critical information and applications. Today’s fast-moving digital environment enhances customer satisfaction, gives competitive advantage and improves operational efficiency – it also multiplies the security risks. Our cryptographic solutions secure emerging technologies such as cloud, IoT, blockchain, and digital payments and help meet new compliance mandates. We do this using our same proven technology that global organizations depend on today to protect against threats to their sensitive data, network communications and enterprise infrastructure. We deliver trust for your business critical applications, ensure the integrity of your data and put you in complete control – today, tomorrow, always. www.ncipher.com