P2600 Hardcopy Device and System Security June 2006 Working Group Meeting

1
P2600Hardcopy Device and System SecurityJune
2006 Working Group Meeting

• Don Wright
• Director of Standards
• Lexmark International
• don_at_lexmark.com

2
Agenda Items

• Monday/Tuesday, June 19-20
• Welcome Introductions
• Update and Approve Agenda
• Review and approve May Minutes
• IEEE Patent Policy Review
• 2006 Meeting Schedule
• Update on TCG
• Update on INCITS CS1 Working Group
• Review of Action Items from May Meeting
• Topics from e-mail

3
Agenda Items

• Monday/Tuesday, June 19-20
• Merged Document Review page turner
• Document Review of PPs
• A (High) PP
• B (Enterprise) PP
• C (Public) PP
• D (SoHo) PP
• Other items
• Benefits of providing funding for the evals
• Next meeting details
• Summarize and record action items

4
Minutes from May Meeting

• Minutes were published shortly after the meeting.
• They are available athttp//grouper.ieee.org/gr
  oups/2600/minutes/P2600-minutes-May2006.pdf
• Any corrections or changes?

5
Instructions for the WG Chair

• At Each Meeting, the Working Group Chair shall
• Show slides 1 and 2 of this presentation
• Advise the WG membership that
• The IEEEs patent policy is consistent with the
  ANSI patent policy and is described in Clause 6
  of the IEEE-SA Standards Board Bylaws
• Early disclosure of patents which may be
  essential for the use of standards under
  development is encouraged
• Disclosures made of such patents may not be
  exhaustive of all patents that may be essential
  for the use of standards under development, and
  that neither the IEEE, the WG, nor the WG
  Chairman ensure the accuracy or completeness of
  any disclosure or whether any disclosure is of a
  patent that, in fact, may be essential for the
  use of standards under development.
• Instruct the WG Secretary to record in the
  minutes of the relevant WG meeting
• That the foregoing advice was provided and the
  two slides were shown
• That an opportunity was provided for WG members
  to identify or disclose patents that the WG
  member believes may be essential for the use of
  that standard
• Any responses that were given, specifically the
  patents and patent applications that were
  identified (if any) and by whom.

(Not necessary to be shown)
Approved by IEEE-SA Standards Board March 2003
(Revised March 2005)
6
IEEE-SA Standards Board Bylaws on Patents in
Standards

• 6. Patents
• IEEE standards may include the known use of
  essential patents and patent applications
  provided the IEEE receives assurance from the
  patent holder or applicant with respect to
  patents whose infringement is, or in the case of
  patent applications, potential future
  infringement the applicant asserts will be,
  unavoidable in a compliant implementation of
  either mandatory or optional portions of the
  standard essential patents. This assurance
  shall be provided without coercion. The patent
  holder or applicant should provide this assurance
  as soon as reasonably feasible in the standards
  development process. This assurance shall be
  provided no later than the approval of the
  standard (or reaffirmation when a patent or
  patent application becomes known after initial
  approval of the standard). This assurance shall
  be either
• a) A general disclaimer to the effect that the
  patentee will not enforce any of its present or
  future patent(s) whose use would be required to
  implement either mandatory or optional portions
  of the proposed IEEE standard against any person
  or entity complying with the standard or
• b) A statement that a license for such
  implementation will be made available without
  compensation or under reasonable rates, with
  reasonable terms and conditions that are
  demonstrably free of any unfair discrimination.
• This assurance is irrevocable once submitted and
  accepted and shall apply, at a minimum, from the
  date of the standard's approval to the date of
  the standard's withdrawal.

Slide 1
Approved by IEEE-SA Standards Board March 2003
(Revised February 2006)
7
Inappropriate Topics for IEEE WG Meetings

• Dont discuss the validity/essentiality of
  patents/patent claims
• Dont discuss the cost of specific patent use
• Dont discuss licensing terms or conditions
• Dont discuss product pricing, territorial
  restrictions, or market share
• Dont discuss ongoing litigation or threatened
  litigation
• Dont be silent if inappropriate topics are
  discussed do formally object.If you have
  questions, contact the IEEE-SA Standards Board
  Patent Committee Administrator at patcom_at_ieee.org
  or visit http//standards.ieee.org/board/pat/index
  .htmlThis slide set is available at
  http//standards.ieee.org/board/pat/pat-slideset.
  ppt

Slide 2
Approved by IEEE-SA Standards Board March 2003
(Revised March 2005)
8
Officers

• Chair Don Wright, Lexmark
• Vice Chair Lee Farrell, Canon
• Secretary Brian Smithson, Ricoh
• Editors
• Non-PP clauses Jerry Thrasher, Lexmark
• PP clauses Brian Smithson, Ricoh

9
2006 Meeting Schedule

• July 26-27, Rochester, NY _at_ Xerox
• September 6-7, Boulder, CO _at_ IBM
• October 23-24, Lexington KY _at_ Lexmark
• December 11-12, Orange County _at_ Canon

10
Schedule

• Schedule
• Clauses 1-9, Informative Annex
• Ready for merging
• May June meeting reviews
• Protection Profiles
• Waiting for July draft of CCV3
• into the PPs by Sept?
• PPs reviewed and iterate 1 or 2 times
• Complex changes who knows?
• Complete draft out of December meeting

11
Schedule

• Schedule
• January 2007
• Form IEEE ballot body
• Engage with CC Eval Labs
• February
• Start Balloting
• Start Evaluation of PPs
• March
• April -- (Will need group meeting)
• Reconcile comments from IEEE and Eval Labs
• May June - July
• Recirculations
• September
• RevCom / Standards Board Approval

12
Trusted Computing Group

• Update

13
INCITS CS1 Cyber-Security

• Update

14
Group General Action Items from May

• Update web site with July meeting details done
• Convert PP-A to CIM Medium _at_ EAL 3 (due in
  July)
• Harmonize Subject/Object implementation
  (waiting for CCV3, part 2)
• Company funding of Evaluations
• DAPS 10 20K
• Lexmark 5K (possibly more)
• Ricoh, HP not immediately rejected
• Canon, Sharp, Oki, Océ, Toshiba wants to better
  understand the benefits of paying versus not
  paying

15
Action Items from Previous Meetings

• Any update on CCV3 plans from NIAP?
• Discussion on Standard versus Recommended
  Practice
• Presentation from the PP team on mandating of
  encryption in PP-A and PP-B. (AI 198)
• Review entries in P2600-action-items excel
  spreadsheet

16
Issues raised on e-mail

• T.UD.PHY.OUTPUT objectives (Smithson)
• Tentative decisions
• O.Access also needed for PP-A PP-B
• O.IA also needed for PP-A
• OE.Location OE.Train are also needed (except
  OE.Location for PP-C?)
• Secure Fax (Sameer)
• Wont attempt to protect user data across fax
  lines
• Will address issue of accessing the network via
  connecting through fax port (T.EA.FAX_BRIDGE?)
• PP Clause 1.2 compliance with NIAP Policy Letter
  13 (Sukert)
• The Target of Evaluation (TOE) of this
  Protection Profile is the entire Hardcopy Device
  (HCD) as available to end customers, i.e., the
  compliant configuration.

17
Issues raised on e-mail

• Elevation of DOS threats in PPs (Smithson)
• Update tables 61 and 63 as per Smithsons note
• PP-A/PP-B proposals (Smithson)
• Concerns expressed about removing .UD.SALVAGE
  from DAPS. Others expressed a concern about
  .UD.SNIFF.NET.
• Everyone should review this proposal in detail
  and be prepared to make a decision in July.
  Position papers from everyone are encouraged.
• No great concern about removing .AUD.ACCESS
• Look at new clause 3.1 in PP-A (Smithson)
• Other PPs should take basic robustness text
  (unmodified) from CIM instruction 3 and insert
  as clause 3.1.

18
Document Section Status

• Editors Assigned
• Clauses 1-9 non-PP Annexes Jerry Thrasher
• Protection Profiles Brian Smithson
• PP-A -- Ron Nevo
• PP-B -- Brian Smithson
• PP-C -- Nancy Chen, Alan Sukert
• PP-D -- Carmen Aubry

19
Document Review

• Drafts needing most review
• Merged Draft
• Result of meeting posted as version 20b
• Others?

20
Document Review PP-A

• Review Draft number 20a
• Now Protection Profile A, EAL 3

Not Reviewed - Insufficient Time
21
Document Review PP-B

• Review Draft number 20a
• Now Protection Profile B, EAL 2

Not Reviewed - Insufficient Time
22
Document Review PP-C

• Review Draft number 20a
• Now Protection Profile C, EAL 2

Not Reviewed - Insufficient Time
23
Document Review PP-D

• Review Draft number ??
• Now Protection Profile D, EAL1

Not Reviewed - Insufficient Time
24
Next Meeting Details

• July 26-27
• Xerox Building 855855 Publishers
  ParkwayWebster NY 14580
• Map http//maps.google.com/maps?fqhlenq855P
  ublishersParkwayWebsterNY14580ieUTF8om1
  

25
Next Meeting Details
26
Next Meeting Details
27
Backup Slides
28
Mailing List and Web Site

• Web Site http//grouper.ieee.org/groups/2600
• Mailing list
• Listserv run by the IEEE
• An archive is available on the web site
• Subscribe via a note to listserv_at_listserv.ieee.
  org containing the line subscribe stds-2600
• Only subscribers may send e-mail to the mailing
  list.

No Change