Authlete Partners with Seiko Epson to Enhance Epson Connect API Security

Introduction

Authlete, a prominent provider of authentication solutions, has joined forces with Seiko Epson, a renowned player in the printing industry, to enhance the security and functionality of the Epson Connect API. This collaboration centers on the implementation of OAuth and OpenID Connect (OIDC) standards through Authlete’s back-end services, paving the way for a new era of secure online printing and scanning solutions.

Background to the Partnership

Since its launch in 2011, Epson Connect has progressively added features, significantly expanding its user base. With the increasing demand for remote printing and data storage solutions, Seiko Epson announced a major overhaul of its architecture set to take place between 2024 and 2025. This upgrade intends to accommodate high-volume printing while enhancing the security aspects of its services. Consequently, a new version of the Epson Connect API, Version 2.0, is being introduced, which necessitates a robust authentication and authorization framework, hence the decision to utilize Authlete’s expertise.

Requirements and Challenges

The new Epson Connect API aimed to fulfill two primary requirements for its authentication and authorization system:

1. Integration with Existing Authentication Systems: The solution had to leverage the existing “Epson Global ID” common account framework used for multiple web services within the Seiko Epson group.

2. Device-Specific Access Control: An access token must be issued that restricts users to operating only specific devices like printers, based on user permissions.

Initially, Seiko Epson considered developing an in-house OAuth server from scratch to meet these requirements. However, the estimated time and resources necessary for such a project raised concerns regarding the feasibility of maintaining ongoing security updates and addressing potential vulnerabilities post-launch.

Following this, an exploration of managed service options like Auth0 and other Identity as a Service (IDaaS) systems was conducted. Although IDaaS solutions offered relief from certain development and operational challenges, there were doubts regarding their capacity to handle the specific requirements of device-level access control.

Why Authlete?

Ultimately, Seiko Epson opted for Authlete as it provides specialized capabilities essential for their needs. The integration plan involved externalizing user authentication to Epson Global ID while implementing the authorization logic needed for issuing access tokens at the device level. This hybrid approach allowed the organization to utilize Authlete's API for OAuth protocol processing and token lifecycle management while focusing on their unique business logic.

The adopted structure means that when users log in using their Epson Global ID, they can select specific devices, with their actions limited solely to those options. This ensures compliance with the intended authorization workflow.

Benefits of Adopting Authlete

By implementing Authlete, Seiko Epson has realized several advantages:

1. Leveraging Internal Authentication: Since Authlete is a headless API specifically designed for OAuth/OIDC implementations, it integrates seamlessly with Epson’s existing authentication systems. As a result, the authorization server was built within the defined project timelines.

2. Implementation of Unique Authorization Logic: Epson was able to incorporate its specific authorization logic linked to issuing device-associated tokens. Authlete's design, focused on protocol processing and token management, enabled the company to meet its unique service requirements effortlessly.

3. Minimized Update Burden: Authlete ensures that security updates and the latest OAuth/OIDC specifications are supported continuously. This provision allows Seiko Epson to concentrate on implementing their business logic without needing in-house OAuth experts.

4. Smooth Migration from Legacy Systems: Post-release of the API v2, it was crucial for Seiko Epson to maintain compatibility with the old API v1 temporarily. This necessity for a smooth transition was met by leveraging Authlete’s functionalities, such as client ID aliasing, facilitating user and client information migration to the new system effectively.

Statement from Seiko Epson

Mr. Takumi Yoshida from Seiko Epson's Home Solutions Division stated, "Authlete's services were optimal for building our authorization server by combining them with our unique authentication framework. A full-scratch development was impractical, and without Authlete, meeting our deadline for refreshing the authorization framework would have been incredibly challenging. The automatic updates for security and following the latest specifications allow us to concentrate on advancing our business logic, which is extremely beneficial to our operations."

About Authlete

Authlete offers robust web APIs that streamline and simplify the implementation of OAuth and OpenID Connect (OIDC) within authorization systems. Developed by experts involved in creating international standards, Authlete has gained OpenID certification and supports advanced security specifications like FAPI, CIBA, and OpenID for Verifiable Credentials Issuance. Its solutions are embraced across diverse industries, encompassing finance, media, retail, technology, and consulting, and are utilized by startups, mid-sized companies, and large enterprises worldwide.