.png)
Data Protection and Encryption
MyQ X implements comprehensive data protection and encryption throughout the entire document lifecycle, ensuring confidentiality and integrity from initial print submission through final output and archival.
End-to-End Encryption Implementation
MyQ X provides end-to-end encryption across all communication channels and data storage points:
Encrypted Communication Channels: All network traffic utilizes mandatory TLS encryption with minimum version 1.2 by default. HTTPS is enforced for all web interfaces, server-to-server communication, and client connections.
Certificate-Based Security: Multiple certificate management modes support organizational requirements, from built-in Certificate Authority to corporate PKI integration and public CA certificates. Private keys are protected by randomly generated passwords stored in encrypted form within the Firebird database.
Protocol Security: TLS encryption is enforced across SMTP, LDAP, RADIUS, and SNMP protocols, ensuring no sensitive data is transmitted in clear text.
Data at Rest Encryption
MyQ X protects stored data through multiple encryption layers:
Database Encryption: The Firebird 4.0 database supports encryption using custom certificates with "Encrypting File System" Enhanced Key Usage (EKU). Certificates must be located in designated computer certificate stores, with the Personal store being preferred.
File System Protection: Print and scan job files stored on the MyQ X Print Server can be encrypted using custom certificates provided by administrators, adding an additional layer of protection beyond file system permissions.
Full Disk Encryption: MyQ X supports integration with full disk encryption technologies like Microsoft BitLocker to protect all data at rest on the print server, including the database, certificates, and temporary files.
Data in Transit Protection (TLS Encryption)
MyQ X enforces strict TLS encryption standards for all network communication:
Minimum TLS 1.2: Default configuration requires TLS 1.2 minimum, with optional upgrade to TLS 1.3 for enhanced security and performance. Legacy protocols including SSL and older TLS versions are blocked.
Cipher Suite Management: The system implements strong cipher suites and disables vulnerable algorithms to prevent cryptographic attacks. SNMPv3 communications use SHA1 and AES encryption.
Certificate Validation: All TLS connections require proper certificate validation using fully qualified domain names (FQDN) to prevent man-in-the-middle attacks. START TLS is avoided due to MITM vulnerabilities.
Print Job Encryption and Secure Storage
MyQ X provides multiple mechanisms to protect print jobs throughout their lifecycle:
Secure Print Release: Print jobs are stored securely on the MyQ Server until users authenticate at the device, preventing unauthorized access to documents sitting in printer output trays.
Job File Encryption: Administrators can enable job encryption by providing custom certificates, ensuring print job files remain encrypted while stored on the server awaiting release.
Private Queues: For highly confidential documents, private queues automatically delete print jobs immediately after release, eliminating the risk of prolonged unauthorized access.
Privacy Mode: When enabled, privacy mode masks document names from all users except the document owner, preventing information disclosure through job names. Even administrators cannot view job names from other users.
Database Encryption Enhancements
The Firebird 4.0 database implementation provides advanced encryption capabilities:
Custom Certificate Encryption: Database files are encrypted using certificates with EFS Extended Key Usage, providing strong protection against unauthorized database access.
Password Protection: Database passwords are obfuscated in log files, preventing credential exposure during troubleshooting and monitoring activities.
Permission Hardening: The MyQ data folder, containing the user database and TLS certificate private keys, is restricted to Administrators, SYSTEM, and the MyQ service account only, removing default read access for all users.
Backup Encryption and Secure Storage
MyQ X ensures backups maintain the same security level as production data:
Encrypted Backups: Database backups are protected by secure, randomly generated passwords that prevent unauthorized restoration or access to backup files.
Secure Backup Storage: Backup files should be stored in secured locations with appropriate access controls and encryption at rest to maintain data confidentiality during the backup lifecycle.
Key Management and Rotation Policies
MyQ X implements secure key management practices:
Certificate Rotation: Certificates can be regularly rotated according to organizational security policies, with support for automated deployment via Group Policy or Mobile Device Management.
Private Key Protection: All private keys for certificates and CA operations are protected by randomly generated passwords stored in encrypted form within the database.
API Secret Rotation: REST API client secrets should undergo periodic rotation to maintain security. The system supports secret rollover without service interruption.
Data Minimization and Privacy by Design
MyQ X implements GDPR-compliant privacy by design principles:
Limited Data Collection: The system collects only essential metadata required for operational functionality, avoiding unnecessary personal data processing that could increase privacy risks.
Automatic Deletion: Administrators can configure automatic deletion periods for print and scan job files, ensuring data is retained only as long as necessary for business purposes.
User Data Rights: Complete implementation of GDPR user rights including data access, anonymization, and the right to be forgotten, with customizable privacy notices on user interfaces.
Session Management: Automatic logout functionality ensures user sessions are properly terminated, preventing unauthorized access through abandoned sessions.
This comprehensive data protection and encryption framework ensures MyQ X maintains the highest standards of data confidentiality and integrity while supporting regulatory compliance requirements across diverse organizational environments.