Presentation is loading. Please wait.

Presentation is loading. Please wait.

Don Wright Director of Standards Lexmark International

Published byとき やまがた Modified over 5 years ago

Similar presentations

Presentation on theme: "Don Wright Director of Standards Lexmark International"— Presentation transcript:

1 Don Wright Director of Standards Lexmark International don@lexmark.com
P2600 Hardcopy Device and System Security April 2009 Working Group Meeting Don Wright Director of Standards Lexmark International 4/10/2019

2 Opening Agenda Items Self Introductions Approval of the Agenda
4/10/2019

3 Agenda Items Thursday/Friday, April 30 – May 1 Welcome & Introductions
Update and Approve Agenda Review and approve March Minutes IEEE Patent Policy Review 2009 Meeting Schedule Update on PWG-IDS/TCG (Nevo) Update on INCITS CS1 Working Group (Thrasher) Update of CC Vendor's Forum (Smithson) Review of Action Items from March Meeting Protection Profiles Status 4/10/2019

4 Agenda Items Thursday/Friday, April 30 – May 1
PP Evaluation Financial Issues (Nevo) Evaluation Status (Smithson/atsec) Other issues raised on Guide to P2600 PPs ad hoc status (Sukert) Draft Comments Status of the Guide (Farrell) Production Printing Profile (Sukert) Schedule Review Other items Posting and Comment deadlines for the July Meeting Next meeting details 4/10/2019

5 Minutes from March Meeting
Minutes were published shortly after the meeting. They are available at: Any additions, deletions or corrections to these minutes? 4/10/2019

6 Instructions for the WG Chair
The IEEE-SA strongly recommends that at each WG meeting the chair or a designee: Show slides #1 through #4 of this presentation Advise the WG attendees that: The IEEE’s patent policy is consistent with the ANSI patent policy and is described in Clause 6 of the IEEE-SA Standards Board Bylaws; Early identification of patent claims which may be essential for the use of standards under development is strongly encouraged; There may be Essential Patent Claims of which the IEEE is not aware. Additionally, neither the IEEE, the WG, nor the WG chair can ensure the accuracy or completeness of any assurance or whether any such assurance is, in fact, of a Patent Claim that is essential for the use of the standard under development. Instruct the WG Secretary to record in the minutes of the relevant WG meeting: That the foregoing information was provided and that slides 1 through 4 (and this slide 0, if applicable) were shown; That the chair or designee provided an opportunity for participants to identify patent claim(s)/patent application claim(s) and/or the holder of patent claim(s)/patent application claim(s) of which the participant is personally aware and that may be essential for the use of that standard Any responses that were given, specifically the patent claim(s)/patent application claim(s) and/or the holder of the patent claim(s)/patent application claim(s) that were identified (if any) and by whom. The WG Chair shall ensure that a request is made to any identified holders of potential essential patent claim(s) to complete and submit a Letter of Assurance. It is recommended that the WG chair review the guidance in IEEE-SA Standards Board Operations Manual and in FAQs 12 and 12a on inclusion of potential Essential Patent Claims by incorporation or by reference. Note: WG includes Working Groups, Task Groups, and other standards-developing committees with a PAR approved by the IEEE-SA Standards Board. 4/10/2019 (Optional to be shown)

7 Participants, Patents, and Duty to Inform
All participants in this meeting have certain obligations under the IEEE-SA Patent Policy. Participants: “Shall inform the IEEE (or cause the IEEE to be informed)” of the identity of each “holder of any potential Essential Patent Claims of which they are personally aware” if the claims are owned or controlled by the participant or the entity the participant is from, employed by, or otherwise represents “Personal awareness” means that the participant “is personally aware that the holder may have a potential Essential Patent Claim,” even if the participant is not personally aware of the specific patents or patent claims “Should inform the IEEE (or cause the IEEE to be informed)” of the identity of “any other holders of such potential Essential Patent Claims” (that is, third parties that are not affiliated with the participant, with the participant’s employer, or with anyone else that the participant is from or otherwise represents) The above does not apply if the patent claim is already the subject of an Accepted Letter of Assurance that applies to the proposed standard(s) under consideration by this group (Quoted text excerpted from IEEE-SA Standards Board Bylaws subclause 6.2) Early identification of holders of potential Essential Patent Claims is strongly encouraged No duty to perform a patent search 4/10/2019 Slide #1

8 Patent Related Links All participants should be familiar with their obligations under the IEEE-SA Policies & Procedures for standards development. Patent Policy is stated in these sources: IEEE-SA Standards Boards Bylaws IEEE-SA Standards Board Operations Manual Material about the patent policy is available at If you have questions, contact the IEEE-SA Standards Board Patent Committee Administrator at or visit This slide set is available at 4/10/2019 Slide #2

9 Call for Potentially Essential Patents
If anyone in this meeting is personally aware of the holder of any patent claims that are potentially essential to implementation of the proposed standard(s) under consideration by this group and that are not already the subject of an Accepted Letter of Assurance: Either speak up now or Provide the chair of this group with the identity of the holder(s) of any and all such claims as soon as possible or Cause an LOA to be submitted 4/10/2019 Slide #3

10 Other Guidelines for IEEE WG Meetings
All IEEE-SA standards meetings shall be conducted in compliance with all applicable laws, including antitrust and competition laws. Don’t discuss the interpretation, validity, or essentiality of patents/patent claims. Don’t discuss specific license rates, terms, or conditions. Relative costs, including licensing costs of essential patent claims, of different technical approaches may be discussed in standards development meetings. Technical considerations remain primary focus Don’t discuss or engage in the fixing of product prices, allocation of customers, or division of sales markets. Don’t discuss the status or substance of ongoing or threatened litigation. Don’t be silent if inappropriate topics are discussed … do formally object. See IEEE-SA Standards Board Operations Manual, clause and “Promoting Competition and Innovation: What You Need to Know about the IEEE Standards Association's Antitrust and Competition Policy” for more details. 4/10/2019 Slide #4

11 2009 Meeting Schedule July 10, 2009 (tentative, if needed)
Potentially at Ricoh in Cupertino 4/10/2019

12 PWG-IDS/Trusted Computing Group
Update 4/10/2019

13 PWG Plenary Status Report IDS Working Group
April, 2009 Mount Laurel , NJ PWG F2F Meeting Ron Nevo(Sharp), Dave Whitehead, (Lexmark) Copyright © 2009, Printer Working Group. All rights reserved. Copyright © 2007, Printer Working Group. All rights reserved. 13

14 Purpose of the effort The industry is moving beyond basic authentication for access to corporate networks to a fairly detailed assessment of the device that is connecting before being allowed to access the network. Examples of what’s being measured for PC Clients: OS Type, Version, Patch Level Anti-virus Type, Version, Definition Level, Is Active Hardcopy Devices attach to networks, but there’s no standard set of metrics that is used to assess an HCD. Our Goal is to provide these metrics!!! Copyright © 2008 Printer Working Group. All rights reserved. 14

15 Purpose of the effort The IDS working group is chartered to enable Hardcopy Device support in the Network Assessment Protocols that measure and assess the health of client computers and other devices that are attached to enterprise class networks. The group will define a set of common assessment attributes for Hardcopy Devices and will liaison with the specific Network Assessment Protocol efforts to include Hardcopy Device support in these protocols where necessary. In the future, the IDS WG charter may be revised to allow the working group to deal with other types of Imaging Devices (Network Projectors, Displays, etc.) in the Network Assessment Protocols or other security related work items. Copyright © 2008 Printer Working Group. All rights reserved. 15

16 Work Items for the WG What We’re Doing What We’re NOT Doing
Defining a standard set of metrics that might be measured or assessed in Hardcopy Devices to gauge if they should be given access to a network. Target for now are NAP and NEA. Defining example “bindings” for how these metrics are used in the individual network assessment protocols. What We’re NOT Doing We are NOT defining any new assessment protocols or assessment extensions to existing authentication protocols. We are NOT endorsing any of the competing network assessment protocols (TNC, NAC, NAP), but plan to enable Hardcopy Devices to participate in any/all of them. Copyright © 2008, Printer Working Group. All rights reserved. 16

17 Administration IDS WG Chairs: IDS WG Secretary:
Ron Nevo(Sharp), Dave Whitehead, (Lexmark) IDS WG Secretary: Lee Farrell (Canon) IDS WG Document Editors: Jerry Thrasher (Lexmark), Brian Smithson (Ricoh) Copyright © 2008 Printer Working Group. All rights reserved. 17

18 Current Status HCD Assessments Attributes document was developed and is currently in last call. HCD-NAP Binding Document under development. Complete in Q HCD-NEA Binding Document just starting. Target completion date of Q Discussions with assessment protocol designers (Microsoft/NEA) to finalize and endorse the IDS Binding documents. Copyright © 2008 Printer Working Group. All rights reserved. 18

19 Next Steps Address last call comments on attributes specification.
Progress attributes specification last call process to final, approved version 1.0. Finish NAP binding specification – (Q2 2009) Begin NEA binding specification Seek approval/adoption w.r.t. assessment protocol vendors. Possible interop (?) Address remediation issues. Copyright © 2008 Printer Working Group. All rights reserved. 19

20 Other Information Conference Calls Mailing list: ids@pwg.org
In general, every other Thursday 1:00-2:00 PM Eastern time. Check Google calender (link at Mailing list: IDS documents on ftp site ftp.pwg.org/pub/pwg/ids Current: Attributes document: /wd/wd-idsattributes pdf NAP binding : /wd/wd-ids-napsoh pdf NEA binding : TBD Copyright © 2008 Printer Working Group. All rights reserved. 20

21 INCITS CS1 : Cyber-Security
Update Thrasher 4/10/2019

22 CS1 Projects that might be of interest
SOBISH adhoc Small Organization Baseline Information Security Handbook Currently reviewing relevant documents and having discussions with various other security-minded groups to make sure efforts of the adhoc are not already being duplicated. NIST Policy Machine (potential NWIP) Currently still discussing the general framework of the standard(s) projects Other projects/adhocs Adhoc group on secure commercial global sourcing practices Currently an ISO New Work Item Proposal (NWIP) on Guidelines for the security of outsourcing 4/10/2019

23 Status of Relevant Items
ISO Revision to CC V3.1 ISO is currently in FDIS stage, ISO was published in August 08. ISO was published in August 08. ISO PDTR (PP Guide) Revision ISO TR is currently being published (on agenda for May Plenary) 4/10/2019

24 CC Vendors Forum Update Sukert/Smithson 4/10/2019

25 Action Items from Previous Meetings
Review entries in P2600-action-items excel spreadsheet Pre-meeting Spreadsheet 4/10/2019

26 Protection Profile Status
On RevCom agenda tomorrow P2600.2 Awaiting feedback & BSI before starting recirculation #2 P , .4 Will be edited to include whatever is learned from BSI validation of .2 Recirculation will then be run 4/10/2019

27 Financial Issues / Evaluation Status
PP Evaluation Financial Issues (Nevo) Will use $3300 to expedite PP-A Will use $3300 to pay BSI @tsec will cover any shortfall Evaluation Status (Smithson/atsec) Have copies of the eval report for PP-A went out to the companies who paid? Copies of the eval report for PP-B will go out when available. 4/10/2019

28 Issues raised on e-mail
Carmen’s of 4/29/2009 I was reviewing P PP and thinking on possible implementations when I realized some disturbing facts. I have always thought that, for a P compliant product, we can avoid implementing a trusted path for the entire communication for print job submission and scan to remote destination. Unfortunately, due to trusted path requirement for D.PROT and D.CONF, I’m afraid that whenever D.CONF or D.PROT data are present in scan or print jobs, it will not be possible to avoid using a trusted path for the entire communication. Let me explain my concerns with some use cases. Scan to remote scan destination: Defining the remote scan destination In the table with D.PROT we suggested that the “remote scan destination” is an example of D.PROT. Given the trusted path requirement for this data (assured identification of its end points and protection of the communicated data from modification or disclosure) we can no longer do scan to a remote file server outside a trusted path (IPSec or HTTPs). In my opinion, without changing the PP, the only way to overcome the problem is to not define the remote scan destination as D.PROT in our STs. a) Do you think that we may run into problems with the CC lab or CC scheme given the fact that this has explicitly been provided as an example of D.PROT in the PP? b) Do you see other solutions than providing a trusted path for the entire channel or saying it is not D.PROT? 2. Defining the password for the remote scan destination In the table with D.CONF we suggested that the password for remote scan destination is an example of D.CONF. Given the trusted path requirement for this data (assured identification of its end points and protection of the communicated data from modification or disclosure) we can no longer do a scan to a remote file server outside a trusted path (IPSec or HTTPs). I know that, for instance, in case of scan by SMB the password is not transferred in clear text on the line (NTLM or Kerberos) but I don’t think that we provide: “assured identification of its end points" => How is the HCD assured of the identification of the remote file server? (the remote server is assured of user identification because he provides a password). Which are our options to deal with this problem? a) Are we forced to exclude user password for the remote destination from D.CONF in our ST? b) Do you see other solutions than providing a trusted path for the entire channel or saying it is not D.CONF? Printing Submit a print job that contains a pin code that can be used to release the job The pin code will be D.CONF. This pin code is encrypted (protection for disclosure). The problems arrive with the other requirements associated to the trusted path: i) assured identification of its end points: The HCD is assured of user’s identity (because it checked the credentials) but the user is not assured of printer identity (without using HTTPs or IPSec) ii) I’m not sure that we can say that we satisfy the requirement for protection against modification by performing encryption only Which are our options to deal with this problem? a)Are we forced to exclude the pin code that is used to release the job from D.CONF in our ST? b) Do you see other solutions than providing a trusted path for the entire channel or saying it is not D.CONF? Can you please give me your opinion on this issues? Raise issue with Helmut and, if necessary, add explanatory material to the Guide 4/10/2019

29 PP Guide Ad Hoc Team Guide to P2600 PPs status (Sukert) Version 43a
Comments What is the “status” / authority of the Guide? (Farrell) An informative document written by the authors of the PPs Likely not endorsed by either NIAP or BSI Could be processed as an IEEE Guide 4/10/2019

30 Production Printing Protection Profile
Production Printing Profile (Sukert) Version Comments Discussion on the need and plan for doing a PP-E People previously expressing a potential interest Lewis (InfoPrint) Aubry (Oce) Sukert (Xerox) Nevo (Sharp) Del Re (Canon) The definition of the Production Printing TOE continues to be a stumbling block. By April: Model Leadership Harry will arrange 1 or 2 calls before April meeting 4/10/2019

31 Project Schedule 4/10/2019

32 Other Items None 4/10/2019

33 July 10th Meeting Deadlines
Documents are under change control All comments must be in the tool The editor may not make changes EXCEPT based on submitted and accepted comments. PP-A, B, C & D are closed for commenting!!! Posting of Documents: June 26, 2009 Posting of Comments: July 3, 2009 4/10/2019

34 Next Meeting Details July 10 Details are TBD 4/10/2019

35 Thanks! See (or hear) you in Cupertino!! 4/10/2019

Download ppt "Don Wright Director of Standards Lexmark International"

Similar presentations

25 March 2008 (updated January 2012) The IEEE-SA strongly recommends that at each WG meeting the chair or a designee: l Show slides #1 through #4 of this.

25 March 2008 (updated January 2012) The IEEE-SA strongly recommends that at each WG meeting the chair or a designee: l Show slides #1 through #4 of this.
Doc.: IEEE 802.11-15/0698r1 Submission May 2015 Xiaoming Peng (I2R)Slide 1 Date: 2015-05-19 Authors: IEEE 802.11aj Task Group May 2015 Report.

Doc.: IEEE /0698r1 Submission May 2015 Xiaoming Peng (I2R)Slide 1 Date: Authors: IEEE aj Task Group May 2015 Report.
Doc.: IEEE 802.11-11/0021r0 Submission January 2011 Stephen McCann, RIMSlide 1 TGu Agenda Date: 2011-01-20 Authors:

Doc.: IEEE /0021r0 Submission January 2011 Stephen McCann, RIMSlide 1 TGu Agenda Date: Authors:
Doc.: IEEE 802.11-15/0481r1 Submission May 2015 Yongho Seok (NEWRACOM)Slide 1 IEEE 802.11ah Sub 1 GHz license-exempt operation Agenda for May 2015 Date:

Doc.: IEEE /0481r1 Submission May 2015 Yongho Seok (NEWRACOM)Slide 1 IEEE ah Sub 1 GHz license-exempt operation Agenda for May 2015 Date:
Doc.: IEEE 802.11-15/0698r0 Submission May 2015 Xiaoming Peng (I2R)Slide 1 Date: 2015-05-19 Authors: IEEE 802.11aj Task Group March 2015 Report.

Doc.: IEEE /0698r0 Submission May 2015 Xiaoming Peng (I2R)Slide 1 Date: Authors: IEEE aj Task Group March 2015 Report.
Doc.: IEEE 802.11-15/ 0404r0 Submission March 2015 Slide 1 TGax PHY Ad Hoc March 2015 Meeting Agenda Date: 2015-03-09 Authors:

Doc.: IEEE / 0404r0 Submission March 2015 Slide 1 TGax PHY Ad Hoc March 2015 Meeting Agenda Date: Authors:
Doc.: IEEE 802.11-11/0075r0 Report Nov 2011 Jon Rosdahl, CSRSlide 1 First Vice Chair Report 2011 Date: 2011-11-07 Authors:

Doc.: IEEE /0075r0 Report Nov 2011 Jon Rosdahl, CSRSlide 1 First Vice Chair Report 2011 Date: Authors:
Doc.: IEEE 802.11-14/0507r0 Submission TGaj CC12 on 10 April 2014 Report Author: Date: 2014-04-10 NameCompanyAddressPhoneEmail Haiming WANGSEU/CWPAN 2.

Doc.: IEEE /0507r0 Submission TGaj CC12 on 10 April 2014 Report Author: Date: NameCompanyAddressPhone Haiming WANGSEU/CWPAN 2.
Doc.: Submission, Slide 1 Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [TG4r Opening and Closing for.

Doc.: Submission, Slide 1 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [TG4r Opening and Closing for.
Doc.: IEEE 802.11-11/0342r2 Submission March 2011 David Halasz, OakTree WirelessSlide 1 IEEE 802.11ah Sub 1 GHz license-exempt operation Agenda for March.

Doc.: IEEE /0342r2 Submission March 2011 David Halasz, OakTree WirelessSlide 1 IEEE ah Sub 1 GHz license-exempt operation Agenda for March.
Doc.: IEEE 802.15-10-0876-00-0sru Submission doc.:IEEE 802.15-11-0248-00-0sru November, 2010 Shoichi Kitazawa, ATRSlide 1 Project: IEEE P802.15 Working.

Doc.: IEEE sru Submission doc.:IEEE sru November, 2010 Shoichi Kitazawa, ATRSlide 1 Project: IEEE P Working.
Omniran-15-0023-02-00TG 1 IEEE 802.1 OmniRAN TG April 16 th, 2015 Conference Call 2015-04-16 Max Riegel, Nokia Networks (TG Chair)

Omniran TG 1 IEEE OmniRAN TG April 16 th, 2015 Conference Call Max Riegel, Nokia Networks (TG Chair)
1 Patents / Intellectual Property Slides. 2 Membership & Affiliation SISO-ADM-002 requires PDG/PSG members to be SISO members Membership obtained through.

1 Patents / Intellectual Property Slides. 2 Membership & Affiliation SISO-ADM-002 requires PDG/PSG members to be SISO members Membership obtained through.
IEEE ah Sub 1 GHz license-exempt operation Agenda for July 2014

IEEE ah Sub 1 GHz license-exempt operation Agenda for July 2014
Month Year doc.: IEEE /0xxxr0 January 2014

Month Year doc.: IEEE /0xxxr0 January 2014
Instructions for the WG Chair

Instructions for the WG Chair
March 2018 Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [4y SECN Agenda March 2018 Plenary] Date Submitted:

March 2018 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [4y SECN Agenda March 2018 Plenary] Date Submitted:
TGmb Teleconferences July 2009 through September 2009

TGmb Teleconferences July 2009 through September 2009
Instructions for the WG Chair

Instructions for the WG Chair
March 2018 Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [4y SECN Agenda March 2018 Plenary] Date Submitted:

March 2018 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [4y SECN Agenda March 2018 Plenary] Date Submitted:

Similar presentations

Ads by Google