P2600 Hardcopy Device and System Security October 2004 Working Group Meeting

1
P2600Hardcopy Device and System SecurityOctober
2004 Working Group Meeting

• Don Wright
• Director, Alliances Standards
• Lexmark International
• don_at_lexmark.com

2
Agenda Items

• Thursday/Friday, October 7-8
• Welcome Introductions
• Update and Approve Agenda
• IEEE Patent Policy Review
• Working Group Secretary
• Update on 2005 Meeting Plan and Schedule
• Update on TCG
• Review of Action Items from August Meeting

3
Agenda Items

• Thursday/Friday, October 7-8 (cont.)
• Document Development Section 1 - Don Wright
• Review structure of the Draft
• Identify additional terms and definitions to
  include.
• Review Security Environment Description
• Document Development Section 2 - Tom Haapanen
• Review Draft
• Mapping of Threats to Security Environments
• Consider Hierarchy Proposals reach consensus
  answer
• Ohta
• Nevo
• Document Development Section 3 - Jerry Thrasher
• Review Draft
• Document Development Section 4 - Ron Nevo
• Review Draft
• Summarize and record action items

4
Instructions for the WG Chair

• At Each Meeting, the Working Group Chair shall
• Show slides 1 and 2 of this presentation
• Advise the WG membership that
• The IEEEs Patent Policy is consistent with the
  ANSI patent policy and is described in Clause 6
  of the IEEE SA Standards Board Bylaws
• Early disclosure of patents which may be
  essential for the use of standards under
  development is encouraged
• Disclosures made of such patents may not be
  exhaustive of all patents that may be essential
  for the use of standards under development, and
  that neither the IEEE, the WG nor the WG Chairman
  ensure the accuracy or completeness of any
  disclosure or whether any disclosure is of a
  patent that in fact may be essential for the use
  of standards under development.
• Instruct the WG Secretary to record in the
  minutes of the relevant WG meeting
• that the foregoing advice was provided and the
  two slides were shown
• that an opportunity was provided for WG members
  to identify or disclose patents that the WG
  member believes may be essential for the use of
  that standard
• any responses that were given, specifically the
  patents and patent applications that were
  identified (if any) and by whom.

Approved by IEEE-SA Standards Board March 2003
(Revised Feb 2004)
(Not necessary to be shown)
5
IEEE-SA Standards Board Bylaws on Patents in
Standards

• 6. Patents
• IEEE standards may include the known use of
  essential patents and patent applications
  provided the IEEE receives assurance from the
  patent holder or applicant with respect to
  patents whose infringement is, or in the case of
  patent applications, potential future
  infringement the applicant asserts will be,
  unavoidable in a compliant implementation of
  either mandatory or optional portions of the
  standard essential patents. This assurance
  shall be provided without coercion and prior to
  approval of the standard (or reaffirmation when a
  patent or patent application becomes known after
  initial approval of the standard). This assurance
  shall be a letter that is in the form of either
• a) A general disclaimer to the effect that the
  patentee will not enforce any of its present or
  future patent(s) whose use would be required to
  implement either mandatory or optional potions of
  the proposed IEEE standard against any person or
  entity complying with the standard or
• b) A statement that a license for such
  implementation will be made available without
  compensation or under reasonable rates, with
  reasonable terms and conditions that are
  demonstrably free of any unfair discrimination.
• This assurance shall apply, at a minimum, from
  the date of the standard's approval to the date
  of the standard's withdrawal and is irrevocable
  during that period.

Slide 1
Approved by IEEE-SA Standards Board March 2003
(Revised February 2004)
6
Inappropriate Topics for IEEE WG Meetings

• Dont discuss licensing terms or conditions
• Dont discuss product pricing, territorial
  restrictions or market share
• Dont discuss ongoing litigation or threatened
  litigation
• Dont be silent if inappropriate topics are
  discussed do formally object.
• If you have questions, contact the IEEE-SA
  Standards Board Patent Committee Administrator at
  patcom_at_ieee.org or visit http//standards.ieee.org
  /board/pat/index.html

Slide 2
Approved by IEEE-SA Standards Board March 2003
(Revised February 2004)
7
Officers

• Chair Don Wright, Lexmark
• Vice Chair Lee Farrell, Canon
• Secretary Stefaan Deschrijver, Print4Sight
• Editors
• Brian Volkoff
• Jerry Thrasher
• Ron Bergman
• Stefaan DeSchrijver

8
Officers - Secretary Resignation

• Due to a variety of conflicts, Mr. Deschrijver
  has resigned as Secretary.
• Therefore, the Chair will entertain a motion to
  accept the resignation of Mr. Deschrijver as
  Secretary of the P2600 Working Group.
• If the above motion is made and passed then the
  Chair will seek nominations for the position of
  Secretary and an election will be held.

9
2005 Meeting Schedule

• Jan 13-14 -- Tampa, Florida with the PWG
• Feb 24-25 -- Camas, WA (near Portland OR) at
  Sharp Labs
• April 12-13 -- Tokyo with PWG (call for host)
• May 19-20 -- Toronto, Canada (sponsored by
  Equitrac)
• July 14-15 -- SFO/San Jose with PWG
• Sept 15-16 --Madison, WI with PWG
• Oct 27-28 -- New Orleans
• Dec 12-13 -- San Diego with PWG
• Based on this weeks PWG meeting, Harry Lewis has
  some suggested changes.

10
Trusted Computing Group

• Update
• Promoter Contributor Members of TCG with
  hardcopy products
• Fujitsu, Hitachi, HP, IBM, Lexmark, Samsung

11
Trusted Computing Group

• On September 16, a conference call was held to
  discuss more specifics about the TCG. Brian
  Volkoff led that call.
• At that time, several members were considering
  joining the TCG.
• A request was made by Don Wright to the TCG on
  Tuesday of this week to establish a liaison
  between the P2600 WG and the TCG Hardcopy WG.
• The first official conference call of the TCG
  Hardcopy WG is expected to be in the next few
  weeks.
• Next TCG Member Meeting is November 9-11, 2004 in
  Phoenix, AZ.

12
Action Items from August Meeting

• TCG
• Distribute information Volkoff COMPLETE
• Investigate TCG liaison program Volkoff
  COMPLETE
• OTHER
• Next meeting in Lexington, Don Wright to provide
  details. COMPLETE

13
Action Items from August Meeting

• DOCUMENT
• Section 1
• Align security environments with 800-70 draft
  COMPLETE
• Update terms and definitions to include PP items,
  etc COMPLETE
• Section 2
• Review all threats and make sure they are threats
  COMPLETE
• Identify categories and categorize threats and
  consequences
• Have a short description and a long description
  IN PROGRESS
• Try to map to security environments (as a trial)
  IN PROGRESS
• Section 3
• Gather existing specs/standards/directives for
  inclusion IN PROGRESS
• Begin writing and organizing various best
  practices techniques to match section 2
• Divide into manufacturers section and users
  section (subserveant to threats)
• Section 4
• Clean up PP1,2,3,4 IN PROGRESS
• Align with security environment description
• Which environments?
• Start with hi sec first Nevo

14
Content of Standard - from June/Aug

• Introductory Material
• Vulnerabilities/Threats/Exploits
• Meat on the bones of the Vulnerability Charts
• Directives / Best Practices on
• Physical Security
• Encryption
• System Consideration
• Auditing
• Device Protection Profiles / Security Target
  Templates
• AAA
• AA
• General
• Public

Align with NIST Security Checklist Document
15
Section 1 Intro Material

• Review structure of the Draft
• Identify additional terms and definitions to
  include.
• Review Security Environment Description
• Identify additional documents to include in
  Bibliography
• Identify individual who can create our own
  figures.
• Do we need to keep section 1.3.7?

16
Section 2

• Review Draft

17
Section 3

• Review Draft
• Right content?
• Right order?
• Reconcile Threats with Section 2
• References move to Bibliography -- all?
• What do we need to do with the IETF and ITU
  documents?

18
Section 4 Protection Profiles

• Review Draft
• Section 1
• Section 2
• Section 3
• Section 4

19
Action Items for November Meeting

• Section 1 Updates as marked up.
• Section 2 New hierarchy
• Section 2 Threats applicable to each security
  environment (E/H/P)
• Section 3 Divide and assign work
• Section 4 Updates as marked up
• Section 4 Align with section 2 threats
• Section 4 Work on clauses 5 and beyond in light
  of agreed to threats and hierarchy
• Availability of Sharp for January meeting instead
  of February.
• Who can host in Tokyo?
• Send to Sharp (Peter) sketches of Section 1
  figures.
• gt TCG Conf. Call October 18th.

20
Mailing List and Web Site

• Web Site http//grouper.ieee.org/groups/2600
• Mailing list
• Listserv run by the IEEE
• An archive is available on the web site
• Subscribe via a note to listserv_at_listserv.ieee.
  org containing the line subscribe stds-2600
• Only subscribers may send e-mail to the mailing
  list.

21
Schedule

• The PAR included estimates of the end-points of
  the schedule
• Sponsor Ballot June 2005
• Submission to RevCom Feb 2006
• 2004 Future Meetings
• November 18-19, with PWG, San Antonio
• 2005 Meeting
• Jan 13-14 -- Tampa, Florida with the PWG ??

22
Next Meeting Details

• November 18-19, San Antonio TX
• The Clarion Hotel Riverwalk
• 110 Lexington AvenueSan Antonio, TX 78205
• Phone 210-223-9461, Fax 210-223-4520
• www.clarionhotel.com
• Rate 85 per night (plus 65 per meeting
  day)Ask for IEEE Printer Working Group
  rateDeadline October 29
• Registration Page coming soon
• https//www.ieee-isto.org/pwg/registration.asp