Title: P2600 Hardcopy Device and System Security June 2006 Working Group Meeting
1P2600Hardcopy Device and System SecurityJune
2006 Working Group Meeting
- Don Wright
- Director of Standards
- Lexmark International
- don_at_lexmark.com
2Agenda Items
- Monday/Tuesday, June 19-20
- Welcome Introductions
- Update and Approve Agenda
- Review and approve May Minutes
- IEEE Patent Policy Review
- 2006 Meeting Schedule
- Update on TCG
- Update on INCITS CS1 Working Group
- Review of Action Items from May Meeting
- Topics from e-mail
3Agenda Items
- Monday/Tuesday, June 19-20
- Merged Document Review page turner
- Document Review of PPs
- A (High) PP
- B (Enterprise) PP
- C (Public) PP
- D (SoHo) PP
- Other items
- Benefits of providing funding for the evals
- Next meeting details
- Summarize and record action items
4Minutes from May Meeting
- Minutes were published shortly after the meeting.
- They are available athttp//grouper.ieee.org/gr
oups/2600/minutes/P2600-minutes-May2006.pdf - Any corrections or changes?
5Instructions for the WG Chair
- At Each Meeting, the Working Group Chair shall
- Show slides 1 and 2 of this presentation
- Advise the WG membership that
- The IEEEs patent policy is consistent with the
ANSI patent policy and is described in Clause 6
of the IEEE-SA Standards Board Bylaws - Early disclosure of patents which may be
essential for the use of standards under
development is encouraged - Disclosures made of such patents may not be
exhaustive of all patents that may be essential
for the use of standards under development, and
that neither the IEEE, the WG, nor the WG
Chairman ensure the accuracy or completeness of
any disclosure or whether any disclosure is of a
patent that, in fact, may be essential for the
use of standards under development. - Instruct the WG Secretary to record in the
minutes of the relevant WG meeting - That the foregoing advice was provided and the
two slides were shown - That an opportunity was provided for WG members
to identify or disclose patents that the WG
member believes may be essential for the use of
that standard - Any responses that were given, specifically the
patents and patent applications that were
identified (if any) and by whom.
(Not necessary to be shown)
Approved by IEEE-SA Standards Board March 2003
(Revised March 2005)
6IEEE-SA Standards Board Bylaws on Patents in
Standards
- 6. Patents
- IEEE standards may include the known use of
essential patents and patent applications
provided the IEEE receives assurance from the
patent holder or applicant with respect to
patents whose infringement is, or in the case of
patent applications, potential future
infringement the applicant asserts will be,
unavoidable in a compliant implementation of
either mandatory or optional portions of the
standard essential patents. This assurance
shall be provided without coercion. The patent
holder or applicant should provide this assurance
as soon as reasonably feasible in the standards
development process. This assurance shall be
provided no later than the approval of the
standard (or reaffirmation when a patent or
patent application becomes known after initial
approval of the standard). This assurance shall
be either - a) A general disclaimer to the effect that the
patentee will not enforce any of its present or
future patent(s) whose use would be required to
implement either mandatory or optional portions
of the proposed IEEE standard against any person
or entity complying with the standard or - b) A statement that a license for such
implementation will be made available without
compensation or under reasonable rates, with
reasonable terms and conditions that are
demonstrably free of any unfair discrimination. - This assurance is irrevocable once submitted and
accepted and shall apply, at a minimum, from the
date of the standard's approval to the date of
the standard's withdrawal.
Slide 1
Approved by IEEE-SA Standards Board March 2003
(Revised February 2006)
7Inappropriate Topics for IEEE WG Meetings
- Dont discuss the validity/essentiality of
patents/patent claims - Dont discuss the cost of specific patent use
- Dont discuss licensing terms or conditions
- Dont discuss product pricing, territorial
restrictions, or market share - Dont discuss ongoing litigation or threatened
litigation - Dont be silent if inappropriate topics are
discussed do formally object.If you have
questions, contact the IEEE-SA Standards Board
Patent Committee Administrator at patcom_at_ieee.org
or visit http//standards.ieee.org/board/pat/index
.htmlThis slide set is available at
http//standards.ieee.org/board/pat/pat-slideset.
ppt
Slide 2
Approved by IEEE-SA Standards Board March 2003
(Revised March 2005)
8Officers
- Chair Don Wright, Lexmark
- Vice Chair Lee Farrell, Canon
- Secretary Brian Smithson, Ricoh
- Editors
- Non-PP clauses Jerry Thrasher, Lexmark
- PP clauses Brian Smithson, Ricoh
92006 Meeting Schedule
- July 26-27, Rochester, NY _at_ Xerox
- September 6-7, Boulder, CO _at_ IBM
- October 23-24, Lexington KY _at_ Lexmark
- December 11-12, Orange County _at_ Canon
10Schedule
- Schedule
- Clauses 1-9, Informative Annex
- Ready for merging
- May June meeting reviews
- Protection Profiles
- Waiting for July draft of CCV3
- into the PPs by Sept?
- PPs reviewed and iterate 1 or 2 times
- Complex changes who knows?
- Complete draft out of December meeting
11Schedule
- Schedule
- January 2007
- Form IEEE ballot body
- Engage with CC Eval Labs
- February
- Start Balloting
- Start Evaluation of PPs
- March
- April -- (Will need group meeting)
- Reconcile comments from IEEE and Eval Labs
- May June - July
- Recirculations
- September
- RevCom / Standards Board Approval
12Trusted Computing Group
13INCITS CS1 Cyber-Security
14Group General Action Items from May
- Update web site with July meeting details done
- Convert PP-A to CIM Medium _at_ EAL 3 (due in
July) - Harmonize Subject/Object implementation
(waiting for CCV3, part 2) - Company funding of Evaluations
- DAPS 10 20K
- Lexmark 5K (possibly more)
- Ricoh, HP not immediately rejected
- Canon, Sharp, Oki, Océ, Toshiba wants to better
understand the benefits of paying versus not
paying
15Action Items from Previous Meetings
- Any update on CCV3 plans from NIAP?
- Discussion on Standard versus Recommended
Practice - Presentation from the PP team on mandating of
encryption in PP-A and PP-B. (AI 198) - Review entries in P2600-action-items excel
spreadsheet
16Issues raised on e-mail
- T.UD.PHY.OUTPUT objectives (Smithson)
- Tentative decisions
- O.Access also needed for PP-A PP-B
- O.IA also needed for PP-A
- OE.Location OE.Train are also needed (except
OE.Location for PP-C?) - Secure Fax (Sameer)
- Wont attempt to protect user data across fax
lines - Will address issue of accessing the network via
connecting through fax port (T.EA.FAX_BRIDGE?) - PP Clause 1.2 compliance with NIAP Policy Letter
13 (Sukert) - The Target of Evaluation (TOE) of this
Protection Profile is the entire Hardcopy Device
(HCD) as available to end customers, i.e., the
compliant configuration.
17Issues raised on e-mail
- Elevation of DOS threats in PPs (Smithson)
- Update tables 61 and 63 as per Smithsons note
- PP-A/PP-B proposals (Smithson)
- Concerns expressed about removing .UD.SALVAGE
from DAPS. Others expressed a concern about
.UD.SNIFF.NET. - Everyone should review this proposal in detail
and be prepared to make a decision in July.
Position papers from everyone are encouraged. - No great concern about removing .AUD.ACCESS
- Look at new clause 3.1 in PP-A (Smithson)
- Other PPs should take basic robustness text
(unmodified) from CIM instruction 3 and insert
as clause 3.1.
18Document Section Status
- Editors Assigned
- Clauses 1-9 non-PP Annexes Jerry Thrasher
- Protection Profiles Brian Smithson
- PP-A -- Ron Nevo
- PP-B -- Brian Smithson
- PP-C -- Nancy Chen, Alan Sukert
- PP-D -- Carmen Aubry
19Document Review
- Drafts needing most review
- Merged Draft
- Result of meeting posted as version 20b
- Others?
20Document Review PP-A
- Review Draft number 20a
- Now Protection Profile A, EAL 3
Not Reviewed - Insufficient Time
21Document Review PP-B
- Review Draft number 20a
- Now Protection Profile B, EAL 2
Not Reviewed - Insufficient Time
22Document Review PP-C
- Review Draft number 20a
- Now Protection Profile C, EAL 2
Not Reviewed - Insufficient Time
23Document Review PP-D
- Review Draft number ??
- Now Protection Profile D, EAL1
Not Reviewed - Insufficient Time
24Next Meeting Details
- July 26-27
- Xerox Building 855855 Publishers
ParkwayWebster NY 14580 - Map http//maps.google.com/maps?fqhlenq855P
ublishersParkwayWebsterNY14580ieUTF8om1
25Next Meeting Details
26Next Meeting Details
27Backup Slides
28Mailing List and Web Site
- Web Site http//grouper.ieee.org/groups/2600
- Mailing list
- Listserv run by the IEEE
- An archive is available on the web site
- Subscribe via a note to listserv_at_listserv.ieee.
org containing the line subscribe stds-2600 - Only subscribers may send e-mail to the mailing
list.
No Change