HP OfficeJet Enterprise Color X555 LaserJet Enterprise Printers - Secure Volat - Page 2

Overview, Data Encryption, Customer Data Encrypted

Get HP OfficeJet Enterprise Color X555 PDF manuals and user guides View all HP OfficeJet Enterprise Color X555 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 2 highlights

Overview Solid State Drives (SSD), Solid State Modules (SSM), and enhanced MultiMediaCard (eMMC) technology used in some models of HP printing devices do not support data overwrite or native encryption. Files deleted from these storage devices are not immune from forensic recovery. To protect customer data, HP is implementing firmware encryption to specific areas of the storage device containing job data. The encrypted data is volatile as the encryption keys are not preserved after a system power cycle, effectively performing a cryptographic erase of the customer data. This behavior is similar to a non FutureSmart firmware printer without a HDD, which stores job data in volatile system memory. Customers are assured that job data is not recoverable on printing devices after powered off, allowing for secure redeployment and decommission use cases. Data Encryption File encryption is accomplished using Microsoft's encrypting file system filter. File encryption and decryption use the Microsoft Enhanced Cryptographic API using either AES-128 or AES-256 encryption. The filter encrypts the data for all files written to and read from the customer partitions. Key Management Initially a cryptographically strong key is generated called a MasterKey, which is then encrypted with AES. The MasterKey is then used to create a symmetric session key generated based on the MasterKey, random data and additional entropy. The session key is then used to protect the data. Secure Cryptographic Erase of Customer Job Data Data required to reconstruct the encryption key for the customer data partitions is stored in RAM. Since the encryption key can't be regenerated after a device restart all customer data partitions are cryptographically erased. Note: A "Cryptographic erase" is a method of rendering access to encrypted data impossible by destroying the encryption key needed to decrypt the data. Customer Data Encrypted The following classes of customer data are encrypted using Secure Volatile Storage:  Customer Data Stored print jobs, maser (multiple copies) temporary job files, PJL and PostScript filesystem files including downloaded fonts, extensibility customer data (if stored there by the extensibility solution).  Commit to Buffer data When the imaging system runs low on memory, it will render the current page data and store it in this section of the disk. This allows the system to free memory and continue imaging the page.  Interrupt data Stored page data when a job is interrupted (e.g. interrupted by an inter-cycle calibration job). Note: Customer configuration settings are not stored in these areas. 2 PUBLIC

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
2
PUBLIC
Overview
Solid State Drives (SSD), Solid State Modules (SSM), and enhanced MultiMediaCard (eMMC) technology used in
some models of HP printing devices do not support data overwrite or native encryption. Files deleted from
these storage devices are not immune from forensic recovery. To protect customer data, HP is implementing
firmware encryption to specific areas of the storage device containing job data. The encrypted data is volatile
as the encryption keys are not preserved after a system power cycle, effectively performing a cryptographic
erase of the customer data.
This behavior is similar to a non FutureSmart firmware printer without a HDD, which stores job data in volatile
system memory. Customers are assured that job data is not recoverable on printing devices after powered off,
allowing for secure redeployment and decommission use cases.
Data Encryption
File encryption is accomplished using Microsoft’s encrypting file system filter. File encryption and decryption
use the Microsoft Enhanced Cryptographic API using either AES-128 or AES-256 encryption. The filter encrypts
the data for all files written to and read from the customer partitions.
Key Management
Initially a cryptographically strong key is generated called a MasterKey, which is then encrypted with AES. The
MasterKey is then used to create a symmetric session key generated based on the MasterKey, random data
and additional entropy. The session key is then used to protect the data.
Secure Cryptographic Erase of Customer Job Data
Data required to reconstruct the encryption key for the customer data partitions is stored in RAM. Since the
encryption key can’t be regenerated after a device restart all customer data partitions are cryptographically
erased.
Note:
A “Cryptographic erase” is a method of rendering access to encrypted data impossible by destroying the
encryption key needed to decrypt the data.
Customer Data Encrypted
The following classes of customer data are encrypted using Secure Volatile Storage:
Customer Data
Stored print jobs, maser (multiple copies) temporary job files, PJL and PostScript filesystem files
including downloaded fonts, extensibility customer data (if stored there by the extensibility solution).
Commit to Buffer data
When the imaging system runs low on memory, it will render the current page data and store it in this
section of the disk. This allows the system to free memory and continue imaging the page.
Interrupt data
Stored page data when a job is interrupted (e.g. interrupted by an inter-cycle calibration job).
Note
: Customer configuration settings are not stored in these areas.