Lexmark 10G0149 Security Guide

Lexmark 10G0149 - PrintCryption Card Encryption Module Manual

Get Lexmark 10G0149 - PrintCryption Card Encryption Module PDF manuals and user guides
UPC - 734646142786
View all Lexmark 10G0149 manuals
Add to My Manuals
Save this manual to your list of manuals

Lexmark 10G0149 manual content summary:

  • Lexmark 10G0149 | Security Guide - Page 1
    Lexmark PrintCryptionTM (Firmware Versions 1.3.2a and 1.3.2i) FIPS 140-2 Non-Proprietary Security Policy Level 1 Validation Version 1.15 May, 2010 © Copyright 2009 Lexmark International Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
  • Lexmark 10G0149 | Security Guide - Page 2
    Table of Contents INTRODUCTION...3 PURPOSE...3 REFERENCES...3 DOCUMENT ORGANIZATION ...3 LEXMARK PRINTCRYPTIONTM 4 OVERVIEW...4 MODULE SPECIFICATION ...4 MODULE INTERFACES...7 ROLES AND SERVICES...9 Crypto Officer Role ...9 User Role...10 PHYSICAL SECURITY ...10 OPERATIONAL ENVIRONMENT ...10
  • Lexmark 10G0149 | Security Guide - Page 3
    CMVP) website at http://csrc.nist.gov/cryptval/. The Lexmark PrintCryptionTM is referred to in this document as PrintCryption, PrintCryption Package contains: Vendor Evidence document Finite State Machine Other supporting documentation as additional references With the exception of this Non
  • Lexmark 10G0149 | Security Guide - Page 4
    of two binaries (aessd & dkmd) on the ARM9 processor platform. The module is enabled in Lexmark printers using a Downloaded Emulator Card (DLE), a PCI interface PCB board that plugs into the printer which contains an activation code. The DLE card is shown in Figure 1. Figure 1 - Optional Firmware
  • Lexmark 10G0149 | Security Guide - Page 5
    MS00301 P/N MS00321 P/N 19Z0100 P/N 19Z0101 P/N 19Z0102 Table 1 - Printers that Maintain the PrintCryption FIPS 140-2 Validation (Option P/N 30G0829): X651 with PrintCryption 1.3.2i Page 5 of 20 © Copyright 2009 Lexmark International Inc. This document may be freely reproduced and distributed whole
  • Lexmark 10G0149 | Security Guide - Page 6
    Logical Cryptographic Boundary The PrintCryption module is evaluated for running on number of Lexmark printers including mono-color printers (E460, T650, T652, T654 and W850), Color printers (C734 and C736), mono-color MFP printers (X463, X464, X466, X651, X652, X654, X656, X658, X860, X862 and X864
  • Lexmark 10G0149 | Security Guide - Page 7
    • Volatile memory consisting of RAM • A custom ASIC which contains support circuitry including: RAM controller, PCI buss interface, IO port interfaces the physical ports provided by the hardware platforms listed above. These printer ports include the network port, optional parallel port, USB port,
  • Lexmark 10G0149 | Security Guide - Page 8
    API calls, which provide the only means of accessing the module's services. Data inputs are service requests on the TCP ports. Control inputs are also data at the following table. Page 8 of 20 © Copyright 2009 Lexmark International Inc. This document may be freely reproduced and distributed whole and
  • Lexmark 10G0149 | Security Guide - Page 9
    140-2 Logical Interfaces Roles and Services The module supports two roles, a Crypto Officer services Service Description Input Output CSP Activate Deactivate Run SelfTest Show Status Assemble the printer and insert the DLE card to activate the PrintCryption module; Install printer driver
  • Lexmark 10G0149 | Security Guide - Page 10
    key RNG seed AES session key RSA private key Table 5 - User Services, Descriptions, Inputs and Outputs Type of Access to CSP Read/Write Read cryptographic module. The module runs on Lexmark printers listed in Module Specification section. The printers are made of all production-grade components
  • Lexmark 10G0149 | Security Guide - Page 11
    a 1024bit key length providing 80-bits of security. The module supports the following critical security parameters: Key or CSP AES Session Key and Critical Security Parameters Page 11 of 20 © Copyright 2009 Lexmark International Inc. This document may be freely reproduced and distributed whole
  • Lexmark 10G0149 | Security Guide - Page 12
    after the connection is closed or by rebooting the module. The module provides no service to erase or discard the RSA key pair. The key pair is erased by • AES KAT Page 12 of 20 © Copyright 2009 Lexmark International Inc. This document may be freely reproduced and distributed whole and intact
  • Lexmark 10G0149 | Security Guide - Page 13
    /Verify Test • Conditional RSA Key Generation Encrypt/Decrypt Test Where is one of DKMD, AESSD, or CRYPTLIB. Page 13 of 20 © Copyright 2009 Lexmark International Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
  • Lexmark 10G0149 | Security Guide - Page 14
    , and logging. Mitigation of Other Attacks The PrintCryption module does not employ security mechanisms to mitigate specific attacks. Page 14 of 20 © Copyright 2009 Lexmark International Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
  • Lexmark 10G0149 | Security Guide - Page 15
    be factory installed or user-installed. Lexmark provides an Installation sheet, a driver CD with publications, and license agreement printer and install the card. Please refer to the printer's documentation for further instructions on installing the card. 3. Turn the printer on. a. If the printer
  • Lexmark 10G0149 | Security Guide - Page 16
    instructions on installing the software. The setup executable, once launched, will: a. Ask for confirmation of the End-User License Agreement. b. Present a small README, which explains that after installation, the Crypto Officer can add a new port to their printer driver that will support Lexmark
  • Lexmark 10G0149 | Security Guide - Page 17
    desired printer and select Properties. 2. Navigate to Port tab and press the Configure Port button to proceed. 3. Configure Secure Port dialog box will appear which enables Users to choose their options. Figure 6 - Configuring a Secure Port Page 17 of 20 © Copyright 2009 Lexmark International Inc
  • Lexmark 10G0149 | Security Guide - Page 18
    decode an encrypted packet. Users also can view the communication to the printer via PrintCryption Log Viewer, installed during the installation session, which can be started by START → Programs → Lexmark → PrintCryption → PrintCryption Log Viewer Figure 7 - PrintCryption Log Viewer Page 18 of 20
  • Lexmark 10G0149 | Security Guide - Page 19
    Users can see the key size, block length, and mode been used for encryption from the Log Viewer program. Page 19 of 20 © Copyright 2009 Lexmark International Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
  • Lexmark 10G0149 | Security Guide - Page 20
    Internet Protocol Known Answer Test Light Emitting Diode Line Printer Control Message Authentication Code Multisite Library System National Control Protocol Visual Source Safe Page 20 of 20 © Copyright 2009 Lexmark International Inc. This document may be freely reproduced and distributed whole
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
© Copyright 2009 Lexmark International Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Lexmark PrintCryption
TM
(Firmware Versions 1.3.2a
and 1.3.2i)
FIPS 140-2 Non-Proprietary
Security Policy
Level 1 Validation
Version 1.15
May, 2010