Don Wright Director of Standards Lexmark International don@lexmark.com P2600 Hardcopy Device and System Security February 2005 Working Group Meeting Don Wright Director of Standards Lexmark International don@lexmark.com 11/18/2018

Agenda Items Wednesday/Thursday, February 23-24 Welcome & Introductions Update and Approve Agenda Review and approve January Minutes IEEE Patent Policy Review Update on 2005 Meeting Plan and Schedule Update on TCG Review of Action Items from January Meeting 11/18/2018

Agenda Items Wednesday/Thursday, February 23-24(cont.) Document Review: Section 1 Document Review: Section 2 Document Review: Section 3 Document Review: Section 4 - Ron Nevo/Brian Smithson Plan for other Security Environments Merger of sections into one document (sections 1,2,3 and HiSecurity PP) Summarize and record action items 11/18/2018

Minutes from January Meeting Minutes were published shortly after the meeting They are available at: http://grouper.ieee.org/groups/2600/minutes/P2600-minutes-Jan2005.pdf Any corrections or changes? 11/18/2018

Instructions for the WG Chair At Each Meeting, the Working Group Chair shall: Show slides #1 and #2 of this presentation Advise the WG membership that: The IEEE’s patent policy is consistent with the ANSI patent policy and is described in Clause 6 of the IEEE-SA Standards Board Bylaws; Early disclosure of patents which may be essential for the use of standards under development is encouraged; Disclosures made of such patents may not be exhaustive of all patents that may be essential for the use of standards under development, and that neither the IEEE, the WG, nor the WG Chairman ensure the accuracy or completeness of any disclosure or whether any disclosure is of a patent that, in fact, may be essential for the use of standards under development. Instruct the WG Secretary to record in the minutes of the relevant WG meeting: That the foregoing advice was provided and the two slides were shown; That an opportunity was provided for WG members to identify or disclose patents that the WG member believes may be essential for the use of that standard; Any responses that were given, specifically the patents and patent applications that were identified (if any) and by whom. 11/18/2018 (Not necessary to be shown) Approved by IEEE-SA Standards Board – March 2003 (Revised Dec 2004)

IEEE-SA Standards Board Bylaws on Patents in Standards IEEE standards may include the known use of essential patents and patent applications provided the IEEE receives assurance from the patent holder or applicant with respect to patents whose infringement is, or in the case of patent applications, potential future infringement the applicant asserts will be, unavoidable in a compliant implementation of either mandatory or optional portions of the standard [essential patents]. This assurance shall be provided without coercion and prior to approval of the standard (or reaffirmation when a patent or patent application becomes known after initial approval of the standard). This assurance shall be a letter that is in the form of either: a) A general disclaimer to the effect that the patentee will not enforce any of its present or future patent(s) whose use would be required to implement either mandatory or optional portions of the proposed IEEE standard against any person or entity complying with the standard; or b) A statement that a license for such implementation will be made available without compensation or under reasonable rates, with reasonable terms and conditions that are demonstrably free of any unfair discrimination. This assurance shall apply, at a minimum, from the date of the standard's approval to the date of the standard's withdrawal and is irrevocable during that period. 11/18/2018 Slide #1 Approved by IEEE-SA Standards Board – March 2003 (Revised December 2004)

Inappropriate Topics for IEEE WG Meetings Don’t discuss licensing terms or conditions Don’t discuss product pricing, territorial restrictions, or market share Don’t discuss ongoing litigation or threatened litigation Don’t be silent if inappropriate topics are discussed… do formally object. If you have questions, contact the IEEE-SA Standards Board Patent Committee Administrator at patcom@ieee.org or visit http://standards.ieee.org/board/pat/index.html This slide set is available at http://standards.ieee.org/board/pat/pat-slideset.ppt 11/18/2018 Slide #2 Approved by IEEE-SA Standards Board – March 2003 (Revised December 2004)

Officers Chair: Don Wright, Lexmark Vice Chair: Lee Farrell, Canon Secretary/Lead Editor: Brian Smithson, Ricoh Editors: Jerry Thrasher Ron Bergman Ron Nevo 11/18/2018

2005 Meeting Schedule April 12-13 -- Tokyo with PWG (Hosted by Epson in Shinjuku) May 19-20 -- Toronto, Canada (sponsored by Equitrac) (Change for AIIM) July 11-12 -- SFO/San Jose (Apple) with PWG (Change for Don) Sept 15-16 -- IEEE in NJ/Ricoh West Caldwell (Change for Print 2005) Oct 24-25 -- New Orleans with PWG Dec 13-14 -- San Diego 11/18/2018

Trusted Computing Group Update Next TCG Meeting is March 29 – April 1, 2005 in San Diego Promoter & Contributor Members of TCG with hardcopy products: Fujitsu, Hitachi, HP, IBM, Lexmark, Samsung 11/18/2018

Action Items from Previous Meeting Post details of Florida meeting - Complete Section 1 updates (Don W) New drawings – Complete Actions tied to merger of sections: (All below are open) Update Bibliography Add terms from section 2 (Proficient, Bespoke, etc.) Reference mitigation techniques in sect 3 rather than use the ones from the NIST document. Define Assets (from section 3) Add acronyms from section 2 & 4 Add explanatory text talking about choosing a target security environment based on asset value rather than just the name of the environment. E.g. A SoHo environment may have high value assets and should use enterprise PP instead. Section 2 updates (Tom H) Cross check section 2 with original vulnerabilities list – Partially Complete Section 4 team to verify which security environment’s PP are applicable to each threat (Section 4 team plus Tom H) -- Tentative Enhance and complete descriptive text -- Complete Decide if we want to include the security environment columns in final std -- Open 11/18/2018

Action Items from Previous Meeting Section 3 Complete missing sections – Partial Move asset section to section 1 – Open How much detail on legislation is appropriate? We should stay rather general because the laws are different country to country and can change over time. – Complete – stay general Use references to encryption rather than including it in this document. – Complete Clean up as per walk through – Complete Re-phrase some of the practices eliminating “should” – Complete Continue to work on actual recommendations for each threat. Align this section with section 2 threats. – Ongoing Section 4 Updates as per walk through – Complete Start drafting other Protection Profiles – Enterprise started 11/18/2018

Section 1: Intro Material Review Draft See existing open action items Update drawings as per meeting 11/18/2018

Section 2: Threats Review Draft Updates per the meeting Explain the “Vector” components 11/18/2018

Section 3: Best Practices Review Draft ? 11/18/2018

Section 4: Protection Profiles Review Draft ? 11/18/2018

Other PPs and Merger of sections What is schedule to create: SoHo PP: Jean Claude Enterprise PP – first draft available - Public PP: Jean Claude How do we merge the sections into one document? Brian S. will merge 1, 2 & 3 (except mitigation) now and make each PP a normative annex. Action items from section 1, 2 & 3 which are related to reorganizing content from those sections will be done now. 11/18/2018

Action Items for and before April Meeting Update web site with this meetings contents Slides Minutes Etc. Update web site with Tokyo meeting details - done Update web site with preliminary May 19-20 Toronto meeting details Update web site with meeting date changes - done All editing actions from FLL meeting and still open items from Camas. 11/18/2018

Project Schedule The PAR included estimates of the end-points of the schedule: Sponsor Ballot: June 2005 Sept 2005 Submission to RevCom: Feb 2006 11/18/2018

Next Meeting Details April 12 - 13 – Tokyo Japan Epson Shinjuku NS Building, 11F Shinjuku-ku, Tokyo Hotels The Keio Plaza, Epson's special rate single room at 20,000 yen (approx $190) / night deluxe single room at 24,000 yen (approx $229) / night Century Hyatt Park Hyatt Shinjuku Washington Tokyo Hilton 11/18/2018

Next Meeting Details 11/18/2018

Mailing List and Web Site Listserv run by the IEEE An archive is available on the web site Subscribe via a note to: listserv@listserv.ieee.org containing the line: subscribe stds-2600 Only subscribers may send e-mail to the mailing list. 11/18/2018