• Français
  • English
  • Português
  • Español
  • Italiano
  • English South Africa
  • Português Brazil
  • 日本語
KPAX Data Collection Officer Security Note

Overview of security

KPAX is committed to providing software solutions that are safe and can be used in all network environments. The KPAX solution collects only the information that is useful and necessary for the management of the fleet from print systems.

The agent is not able to collect this information until it is available in the equipment's memory. No information on printing work is collected. No user data is collected.
This section discusses the network aspect and the security of the component :
  • KPAX Agent (KPAX collector available for MS Windows)
  • KPAX Liberty (physical collection box)
  • The collection technologies used
  • A simulation of the network footprint generated by our agents

Technical architecture scheme

1
Printing device

Prerequisite
- SNMP V1, V2 (or V3; available only for Windows agents) active on print devices
- Networked equipment from the station on which the agent is installed

A
Communication between agent and device
- Port 161 , 162 | SNMP | UDP | Data collection
- Port 80 | HTTP | TCP | Questioning equipment web pages if the SNMP is not enough
- Port 443 | HTTPS | TCP | Questioning equipment web pages if the SNMP is not enough
- Port 47545 SNMP | UDP | additional questioning for the Canon
- Between the 40000 port and the 60000 | UDP | For responses to queries on the port 47545
2
KPAX Agent Software Collection Agent

Prerequisite
- Environment Windows Server (2012, 2016, 2019, 2022, 2025) or Windows 10 from version 10 1607 (E), Windows 11 (we recommend keeping operating systems up to date)
- .Net framework 4.6.2 and .Net 8 installed (will be installed automatically if needed)
- Administrator account required at installation
- Connected to the network

3
KPAX Server

Microsoft Azure Cloud Hosting

4
Access to the KPAX portal

KPAX is a web application compatible with the majority of web browsers on the market.

5
KPAX Liberty collection box

It must be plugged into an ethernet jack connected to the network and powered by the power adapter.

- Port 443 | AES 256bits encryption | Communication to KPAX Liberty servers liberty.kpax-manage.com and rescue.kpax-manage.com

Note
- Powered with adapter (optional POE)
- Connected to the Ethernet network

6
Liberty Server
Bluemega Cloud Accommodation
B
C
Secure communication
D
E
Port 443 | HTTPS*

The certificates used by our KPAX cloud servers use 4096-bit RSA keys. These certificates have a maximum lifespan of 90 days and are renewed every 60 days.

The nature of the information collected

KPAX Agent collects families with the following information :
Data collected :
Identification of equipment
  • Manufacturer
  • Model
  • Serial number
  • IP address
  • MAC address
  • Network name
Hardware feature
  • Typology (MFP, printer, ...)
  • Technology (laser, inkjet, ...)
  • Color support
  • duplex support
  • Installation date
  • Firmware
  • Location (information on equipment)
Use of hardware
  • Main counters (machine counter, color, mono)
  • Advanced counters (printing, copying, scanning, fax, A3, A4, Recto/Recto Verso)
  • Builder owner counters
  • Supplies and wear parts
  • Technical statuses (LCD panel and additional information)
KPAX Agent (software)

KPAX Agent is software that is installed in a Windows environment (preferably server or user post) capable of reaching printing systems. KPAX Agent runs as a Windows service® allowing it to operate 24/7, closed session. At a regular and defined frequency, the Windows service discovers the park (defined by IP address ranges, fixed IP or host names) and collects general information, counters, ink levels, wear parts as well as alerts/messages from the LCD panel.

KPAX Liberty (physical case)
The KPAX Liberty agent is a hardware case entirely designed by KPAX's engineering teams and is manufactured in France. It frees you from the installation of a software agent. It does not have an operating system (Linux, MacOs, Windows or Unix) but has a firmware which makes it much more secure than a computer or a Raspberry Pi. In addition, all the data it collects is secure in AES 256 bit symmetrical private key.
Gathering information and methods of transmission
KPAX Agent and KPAX Liberty collect information from printing systems using SNMP, ICMP, HTTP and HTTPS protocols. The data collected by these agents is transmitted to the reference KPAX server in HTTPS (port 443). KPAX Liberty transmits its collection data via port 443 using AES 256bit encryption.
Optional remote update (only on KPAX Agent)
KPAX Agent has an optional automatic update feature. The automatic update will periodically check if a new version of the software is available. The update also provides the latest version of the collection intelligence. For KPAX Liberty, updates are made automatically and completely securely in 256-bit AES. This allows the Liberty case to be constantly up to date.
Network traffic
Network traffic generated by the KPAX Agent (KPAX Liberty) is minimal. It varies depending on the number of IP addresses that are analyzed on the network. The table below shows the approximate network load associated with the collector compared to the approximate network load associated with loading a single web page.
Event Size (approximate value)
Loading a simple standard web page (google.com) About 35ko
Scan discovered, no IP address About 1ko
Full scan - 8 devices About 4ko
Scan of counters - 8 devices About 3ko
Scan of supplies - 8 devices About 1ko
Scan of maintenance parts - 8 devices Between 2ko and 4ko
Scan alerts - 8 devices About 2ko
Processing in progress

Processing in progress

Processing in progress

Processing in progress

Processing in progress

Processing in progress