Identification service

The Identification service is located on the Configure services tab under the Device services section.

Identification services are available on compatible MFP devices that use identification devices such as card fingerprint readers or proximity cards. Identification service allows the user authentication credentials from the identification device to be encrypted and passed to ShareScan. This preserves security and streamlines the logon process by allowing you to avoid entering authentication credentials at the device.

Identification service enables the integration of ID devices with eCopyShareScan by providing a way for the third-party applications to send credentials (username, password, domain, or userID) to ShareScan so that you are not challenged again.

The following settings are available:

Identification and Encryption settings

Setting

Description

Identification

Configured

Allows the device to use the Identification service when selecting the Yes check box or prohibits the device to use the Identification service (this disables all the other fields and properties).

Keep connection alive

Keeps the TCP connection alive to communicate to the ID device:

  • Checked (Yes): Allows pulsing to occur between the ID device and the Identification service; the TCP socket connection stays open and connected until you log out, times out, ends the current session, or the ID device terminates its connection.
  • Unchecked: Drops its connection to the ID device after it receives the data packet.

Port Number

The Port number that the ShareScan Manager listens to for ID device (client) connections. The default value is 9425.

ShareScan Manager and the ID device should be configured for the same port.

Accept UserID only requests from External Services

Allows the device to accept User IDs provided by external services, for example Uniflow, as valid authentication means.

Encryption

Type

Enables encryption for your Identification service, if appropriate:

  • None: Passes credentials to ShareScan without encryption. Not recommended.
  • TripleDES: Enables you to encrypt the information from the application that is supplying the credentials to ShareScan. You can do this by creating an encryption key that you store on the computer where the Manager is running and on the ID device.

Path

Set the path for the encryption type to the eCopyKey.txt file. This file contains the key specified in the Key field. The ID device should have a copy of this file and use the same key if encryption is TripleDES. It specifies a path to the storage destination for the encryption key on the device where the Manager is running.

Key

Generates the encryption key and stores it in the eCopyKey.txt file. You must manually copy this file to the device. If you regenerate the key, you must copy the new key to the device. The TripleDES key is used for encryption. Click the button on the far right side of the Key field value area to generate a key.

If the key value is changed, the ID device should take a new eCopyKey.txt file and use the new value for TripleDES encryption.

All devices that use Identification Services and are managed by the same Manager must use the same encryption key. After generating a key for the first device, when you configure subsequent devices you must select the same path you selected for the first device. ShareScan automatically recognizes the key file that is already in the storage destination.

Enable for all Devices

Enabled

Enables the service for all devices when selecting the Yes check box next to Enabled setting or disables the service for all devices.

eCopy Identification Service Terminal Emulator

eCopy Identification Service Terminal Emulator appears when you click Test in Configuring Service: Identification.

To configure the emulator, launch the dialog by clicking the Config button on the main dialog.

Configuration settings

Setting

Description

Server name

Specifies the name or IP address of the machine running the TCP server. The default value is localhost, which is the machine that the emulator is running on.

Port number

Must match the port number set in ShareScan Administration Console. The default value is 9425, which matches the default for ShareScan.

Timeout (secs)

Value in seconds until the terminal times out if no pulses are received from ShareScan Manager. The default value is 120 seconds.

Device IP

Specifies the IP address of device.

ID device credentials

The following ID device credentials are required:

  • Username: The login name of the user.
  • Password: The user’s password (optional).
  • Domain: The Domain name you are a member of.

XML attributes

The following ID device credentials are required:

  • XML name: Insert name for the attribute of the XML entry.
  • Value: Insert value that is matched with the XML label.

You can add, view, and clear XML attributes:

  • Add XML: Press this button to add the name or value pair to the XML attribute. This is added to the stream on the bottom of the dialog, that is, aaa=111, bbb=222, and so on (additional attributes that have been entered or saved that exist if the text is longer than the dialog box).
  • View XML: Press this button to view the XML file that is sent to server. This includes the username, password, domain, email address and extra attributes added.
  • Clear XML: This button clears all of the additional attributes to be passed to server.

Encryption type

The type of encryption used to encrypt the XML data:

  • None: Passes credentials to ShareScan without encryption.
  • TripleDES: Enables you to encrypt the information sent from the application that is supplying the credentials to ShareScan. You can do this by creating an encryption key that you store on the computer where the Manager is running and on the Identification Service device.

Key path

Browse for the path location of the eCopyKey.txt encryption file. This file contains the Secret key value used for TripleDES encryption.

Save and close

Saves all field data.

Once the emulator has been configured, it is ready for use.

The text at the top of the status window (a default value of Waiting for server messages) gives helpful tips about the state of the emulator.

Terminal Emulator settings

Setting

Description

Status Window

Displays the time-stamped status messages.

Connect

Connects to ShareScan using the server name and port configured in the configuration dialog.

This button is disabled once a connection has been established.

End

Only enabled once a connection has been established as disconnects from the TCP server.

If clicking on the End button in the emulator, the user is not logged out and an error message is displayed. Ensure that you add a SendManagerStartedForIdentificationLogout string type registry key under HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Kofax\ShareScan\ShareScanManager hive with true value.

Clear

Clears all text in the status window.

Keep connection alive

When checked, the TCP connection between the Emulator and Server is kept alive. If not checked, it terminates the TCP connection after the logon packet is sent to server and no timer or pulsing events occurs.

Original XML Format

When checked, the original XML format is used.

Top Most

When checked, the emulator is always displayed on top of any window. When unchecked, the emulator retains its normal order.

Seconds left until lock

Displays a running countdown in seconds until the emulator times out. When the emulator times out, it disconnects from the TCP server. Maximum timeout is 120 seconds.

Config

Enables the configuration dialog.

NetStat

Enables a command prompt window that runs the netstat –a –p TCP command.

Exit

Closes the application.