Title: P2600 Hardcopy Device and System Security October 2004 Working Group Meeting
1P2600Hardcopy Device and System SecurityOctober
2004 Working Group Meeting
- Don Wright
- Director, Alliances Standards
- Lexmark International
- don_at_lexmark.com
2Agenda Items
- Thursday/Friday, October 7-8
- Welcome Introductions
- Update and Approve Agenda
- IEEE Patent Policy Review
- Working Group Secretary
- Update on 2005 Meeting Plan and Schedule
- Update on TCG
- Review of Action Items from August Meeting
3Agenda Items
- Thursday/Friday, October 7-8 (cont.)
- Document Development Section 1 - Don Wright
- Review structure of the Draft
- Identify additional terms and definitions to
include. - Review Security Environment Description
- Document Development Section 2 - Tom Haapanen
- Review Draft
- Mapping of Threats to Security Environments
- Consider Hierarchy Proposals reach consensus
answer - Ohta
- Nevo
- Document Development Section 3 - Jerry Thrasher
- Review Draft
- Document Development Section 4 - Ron Nevo
- Review Draft
- Summarize and record action items
4Instructions for the WG Chair
- At Each Meeting, the Working Group Chair shall
- Show slides 1 and 2 of this presentation
- Advise the WG membership that
- The IEEEs Patent Policy is consistent with the
ANSI patent policy and is described in Clause 6
of the IEEE SA Standards Board Bylaws - Early disclosure of patents which may be
essential for the use of standards under
development is encouraged - Disclosures made of such patents may not be
exhaustive of all patents that may be essential
for the use of standards under development, and
that neither the IEEE, the WG nor the WG Chairman
ensure the accuracy or completeness of any
disclosure or whether any disclosure is of a
patent that in fact may be essential for the use
of standards under development. - Instruct the WG Secretary to record in the
minutes of the relevant WG meeting - that the foregoing advice was provided and the
two slides were shown - that an opportunity was provided for WG members
to identify or disclose patents that the WG
member believes may be essential for the use of
that standard - any responses that were given, specifically the
patents and patent applications that were
identified (if any) and by whom.
Approved by IEEE-SA Standards Board March 2003
(Revised Feb 2004)
(Not necessary to be shown)
5IEEE-SA Standards Board Bylaws on Patents in
Standards
- 6. Patents
- IEEE standards may include the known use of
essential patents and patent applications
provided the IEEE receives assurance from the
patent holder or applicant with respect to
patents whose infringement is, or in the case of
patent applications, potential future
infringement the applicant asserts will be,
unavoidable in a compliant implementation of
either mandatory or optional portions of the
standard essential patents. This assurance
shall be provided without coercion and prior to
approval of the standard (or reaffirmation when a
patent or patent application becomes known after
initial approval of the standard). This assurance
shall be a letter that is in the form of either - a) A general disclaimer to the effect that the
patentee will not enforce any of its present or
future patent(s) whose use would be required to
implement either mandatory or optional potions of
the proposed IEEE standard against any person or
entity complying with the standard or - b) A statement that a license for such
implementation will be made available without
compensation or under reasonable rates, with
reasonable terms and conditions that are
demonstrably free of any unfair discrimination. - This assurance shall apply, at a minimum, from
the date of the standard's approval to the date
of the standard's withdrawal and is irrevocable
during that period.
Slide 1
Approved by IEEE-SA Standards Board March 2003
(Revised February 2004)
6Inappropriate Topics for IEEE WG Meetings
- Dont discuss licensing terms or conditions
- Dont discuss product pricing, territorial
restrictions or market share - Dont discuss ongoing litigation or threatened
litigation - Dont be silent if inappropriate topics are
discussed do formally object. - If you have questions, contact the IEEE-SA
Standards Board Patent Committee Administrator at
patcom_at_ieee.org or visit http//standards.ieee.org
/board/pat/index.html
Slide 2
Approved by IEEE-SA Standards Board March 2003
(Revised February 2004)
7Officers
- Chair Don Wright, Lexmark
- Vice Chair Lee Farrell, Canon
- Secretary Stefaan Deschrijver, Print4Sight
- Editors
- Brian Volkoff
- Jerry Thrasher
- Ron Bergman
- Stefaan DeSchrijver
8Officers - Secretary Resignation
- Due to a variety of conflicts, Mr. Deschrijver
has resigned as Secretary. - Therefore, the Chair will entertain a motion to
accept the resignation of Mr. Deschrijver as
Secretary of the P2600 Working Group. - If the above motion is made and passed then the
Chair will seek nominations for the position of
Secretary and an election will be held.
92005 Meeting Schedule
- Jan 13-14 -- Tampa, Florida with the PWG
- Feb 24-25 -- Camas, WA (near Portland OR) at
Sharp Labs - April 12-13 -- Tokyo with PWG (call for host)
- May 19-20 -- Toronto, Canada (sponsored by
Equitrac) - July 14-15 -- SFO/San Jose with PWG
- Sept 15-16 --Madison, WI with PWG
- Oct 27-28 -- New Orleans
- Dec 12-13 -- San Diego with PWG
- Based on this weeks PWG meeting, Harry Lewis has
some suggested changes.
10Trusted Computing Group
- Update
- Promoter Contributor Members of TCG with
hardcopy products - Fujitsu, Hitachi, HP, IBM, Lexmark, Samsung
11Trusted Computing Group
- On September 16, a conference call was held to
discuss more specifics about the TCG. Brian
Volkoff led that call. - At that time, several members were considering
joining the TCG. - A request was made by Don Wright to the TCG on
Tuesday of this week to establish a liaison
between the P2600 WG and the TCG Hardcopy WG. - The first official conference call of the TCG
Hardcopy WG is expected to be in the next few
weeks. - Next TCG Member Meeting is November 9-11, 2004 in
Phoenix, AZ.
12Action Items from August Meeting
- TCG
- Distribute information Volkoff COMPLETE
- Investigate TCG liaison program Volkoff
COMPLETE - OTHER
- Next meeting in Lexington, Don Wright to provide
details. COMPLETE
13Action Items from August Meeting
- DOCUMENT
- Section 1
- Align security environments with 800-70 draft
COMPLETE - Update terms and definitions to include PP items,
etc COMPLETE - Section 2
- Review all threats and make sure they are threats
COMPLETE - Identify categories and categorize threats and
consequences - Have a short description and a long description
IN PROGRESS - Try to map to security environments (as a trial)
IN PROGRESS - Section 3
- Gather existing specs/standards/directives for
inclusion IN PROGRESS - Begin writing and organizing various best
practices techniques to match section 2 - Divide into manufacturers section and users
section (subserveant to threats) - Section 4
- Clean up PP1,2,3,4 IN PROGRESS
- Align with security environment description
- Which environments?
- Start with hi sec first Nevo
14Content of Standard - from June/Aug
- Introductory Material
- Vulnerabilities/Threats/Exploits
- Meat on the bones of the Vulnerability Charts
- Directives / Best Practices on
- Physical Security
- Encryption
- System Consideration
- Auditing
- Device Protection Profiles / Security Target
Templates - AAA
- AA
- General
- Public
Align with NIST Security Checklist Document
15Section 1 Intro Material
- Review structure of the Draft
- Identify additional terms and definitions to
include. - Review Security Environment Description
- Identify additional documents to include in
Bibliography - Identify individual who can create our own
figures. - Do we need to keep section 1.3.7?
16Section 2
17Section 3
- Review Draft
- Right content?
- Right order?
- Reconcile Threats with Section 2
- References move to Bibliography -- all?
- What do we need to do with the IETF and ITU
documents?
18Section 4 Protection Profiles
- Review Draft
- Section 1
- Section 2
- Section 3
- Section 4
19Action Items for November Meeting
- Section 1 Updates as marked up.
- Section 2 New hierarchy
- Section 2 Threats applicable to each security
environment (E/H/P) - Section 3 Divide and assign work
- Section 4 Updates as marked up
- Section 4 Align with section 2 threats
- Section 4 Work on clauses 5 and beyond in light
of agreed to threats and hierarchy - Availability of Sharp for January meeting instead
of February. - Who can host in Tokyo?
- Send to Sharp (Peter) sketches of Section 1
figures. - gt TCG Conf. Call October 18th.
20Mailing List and Web Site
- Web Site http//grouper.ieee.org/groups/2600
- Mailing list
- Listserv run by the IEEE
- An archive is available on the web site
- Subscribe via a note to listserv_at_listserv.ieee.
org containing the line subscribe stds-2600 - Only subscribers may send e-mail to the mailing
list.
21Schedule
- The PAR included estimates of the end-points of
the schedule - Sponsor Ballot June 2005
- Submission to RevCom Feb 2006
- 2004 Future Meetings
- November 18-19, with PWG, San Antonio
- 2005 Meeting
- Jan 13-14 -- Tampa, Florida with the PWG ??
22Next Meeting Details
- November 18-19, San Antonio TX
- The Clarion Hotel Riverwalk
- 110 Lexington AvenueSan Antonio, TX 78205
- Phone 210-223-9461, Fax 210-223-4520
- www.clarionhotel.com
- Rate 85 per night (plus 65 per meeting
day)Ask for IEEE Printer Working Group
rateDeadline October 29 - Registration Page coming soon
- https//www.ieee-isto.org/pwg/registration.asp