1. P2600 Hardcopy Device and System Security March 2004 Working Group Meeting
Don Wright
Director, Alliances & Standards
Lexmark International
4/25/2019

2. Agenda
March 10, :00 - 9:15   Opening, Intros, Attendance, Approval of Minutes 9:15 - 9:40   IEEE Patent Policy, Mailing List/Web, Action Items 9: :00 Election of Vice Chair & Secretary 10:00 - Noon Requirements: Roles/Vulnerabilities/Exploitations Work Noon - 1:00   Lunch 1:00 - 5:00   Requirements: Roles/Vulnerabilities/Exploitations Work 5:00 Wrap up
March 11, :00 - 9:15   Opening. etc. 9:15 – 9:45 Future Meeting Plans 9: :30 Presentation on the CC Process – Peter Cybuck (Sharp) 10:45 - Noon  Content Outline Noon - 1:00   Lunch 1:00 - 2:30   Content Outline (Cont.) 2:30 - 3:00   Assign Sections to Authors/Editors 3:00 Wrap up
4/25/2019

3. Instructions for the WG Chair
At Each Meeting, the Working Group Chair shall:
Show slides #1 and #2 of this presentation
Advise the WG membership that:
The IEEE’s Patent Policy is consistent with the ANSI patent policy and is described in Clause 6 of the IEEE SA Standards Board Bylaws;
Early disclosure of patents which may be essential for the use of standards under development is encouraged;
Disclosures made of such patents may not be exhaustive of all patents that may be essential for the use of standards under development, and that neither the IEEE, the WG nor the WG Chairman ensure the accuracy or completeness of any disclosure or whether any disclosure is of a patent that in fact may be essential for the use of standards under development.
Instruct the WG Secretary to record in the minutes of the relevant WG meeting:
that the foregoing advice was provided and the two slides were shown;
that an opportunity was provided for WG members to identify or disclose patents that the WG member believes may be essential for the use of that standard;
any responses that were given, specifically the patents and patent applications that were identified (if any) and by whom.
4/25/2019
(Not necessary to be shown)
Approved by IEEE-SA Standards Board – March 2003 (Revised Feb 2004)

4. IEEE-SA Standards Board Bylaws on Patents in Standards
IEEE standards may include the known use of essential patents and patent applications provided the IEEE receives assurance from the patent holder or applicant with respect to patents whose infringement is, or in the case of patent applications, potential future infringement the applicant asserts will be, unavoidable in a compliant implementation of either mandatory or optional portions of the standard [essential patents]. This assurance shall be provided without coercion and prior to approval of the standard (or reaffirmation when a patent or patent application becomes known after initial approval of the standard). This assurance shall be a letter that is in the form of either:
a) A general disclaimer to the effect that the patentee will not enforce any of its present or future patent(s) whose use would be required to implement either mandatory or optional potions of the proposed IEEE standard against any person or entity complying with the standard; or
b) A statement that a license for such implementation will be made available without compensation or under reasonable rates, with reasonable terms and conditions that are demonstrably free of any unfair discrimination.
This assurance shall apply, at a minimum, from the date of the standard's approval to the date of the standard's withdrawal and is irrevocable during that period.
4/25/2019
Slide #1
Approved by IEEE-SA Standards Board – March 2003 (Revised February 2004)

5. Inappropriate Topics for IEEE WG Meetings
Don’t discuss licensing terms or conditions
Don’t discuss product pricing, territorial restrictions or market share
Don’t discuss ongoing litigation or threatened litigation
Don’t be silent if inappropriate topics are discussed… do formally object.
If you have questions, contact the IEEE-SA Standards Board Patent Committee Administrator at or visit
4/25/2019
Slide #2
Approved by IEEE-SA Standards Board – March 2003 (Revised February 2004)

6. Mailing List and Web Site
Majordomo run by the IEEE
An archive is available via the web site
Subscribe via a note to containing the line: subscribe stds-2600
Only subscribers may send to the mailing list.
4/25/2019

7. Action/Information Items
NIST finally responded to my request for participation but has no funding to participate.
Microsoft has agreed to participate beginning with the May meeting.
Article appeared in February 2004 issue of the Hardcopy Observer which contained several erroneous assumptions about our work.
4/25/2019

8. Election of Officers Chair: Don Wright, elected Feb 2004 Vice Chair
2 year term, eligible for re-election without limit
Fulfills responsibilities of the chair in his/her absence.
Secretary
Records and publishes minutes
Maintains voting membership list
4/25/2019

9. Slate of Officers Vice Chair Secretary Stefaan Deschrijver Lee Farrell
4/25/2019

10. Role / Vulnerability / Exploit Assignments
6 Roles were assigned to individuals
Each person expanded list of vulnerabilities and exploits
Could be more than just a bullet especially for more complex vulnerabilities and exploits
All 6 distributed, via mailing list, their completed work last week.
4/25/2019

11. Role / Vulnerability / Exploitations
Review consolidated document
4/25/2019

12. Day 2
March 11, :00 - 9:15   Opening. etc. 9:15 – 9:45 Future Meeting Plans 9: :30 Presentation on the CC Process – Peter Cybuck (Sharp) 10:45 - Noon  Content Outline Noon - 1:00   Lunch (Siemens Room) 1:00 - 2:30   Content Outline (Cont.) 2:30 - 3:00   Assign Sections to Authors/Editors 3:00 Wrap up
4/25/2019

13. Schedule The PAR included estimates of the end-points of the schedule:
Sponsor Ballot: June 2005
Submission to RevCom: Feb 2006
Meetings every 6-8 weeks
Some aligned with other industry/standards meetings.
Proposed Future Meetings
March 10-11, location NY/NJ
April 19-20, in conjunction with PWG in Washington DC
June 2-3, tentatively Xerox, El Segundo, CA
July 22-23, in conjunction with PWG, in Montreal
September 1-2, location w/c August 19-20, with PWG in Montreal
October 6-7, in conjunction with PWG, in Lexington KY
November 18-19, in conjunction with PWG, San Antonio
4/25/2019

14. 2004 PWG Meeting Schedule
April 19-23: Washington, D.C. 19: P : P : Plenary / T.B.D. 22: WBMM 23: TBD
May 24-28: Vancouver, BC 24: T.B.D. 25: WBMM 26: Plenary / T.B.D. 27: 28:
August 16-20: Montreal, Canada 16: T.B.D. 17: WBMM 18: Plenary / T.B.D. 19: P : P2600
October 4-8: Lexington, Ky 4: WBMM 5: Plenary 6: P : P : T.B.D.
November 15-19: San Antonio 15: T.B.D. 16: WBMM 17: Plenary 18: P : P2600
4/25/2019

15. Presentation
Common Criteria Process – Peter Cybuck (Sharp)
4/25/2019

16. Content of Standard Profile based on CC
Rationale supporting the profile is based on work done on Role/Vulnerabilities/Exploits
“Extension” of CC to cover hardcopy unique areas (e.g. output bin locks)
4/25/2019

17. Content of Standard IEEE standards include but are not limited to:
Lists of terms, definitions, or symbols, applicable to any field of science or technology within the scope of the IEEE.
Expositions of scientific methods of measurement or tests of the parameters or performance of any device, apparatus, system, or phenomenon associated with the art, science, or technology of any field within the scope of the IEEE.
Characteristics, performance, and safety requirements associated with devices, equipment, and systems with engineering installations.
Recommendations reflecting current state-of-the-art in the application of engineering principles to any field of technology within the scope of the IEEE.
IEEE standards are classified as:
Standards: documents with mandatory requirements.
Recommended practices: documents in which procedures and positions preferred by the IEEE are presented.
Guides: documents in which alternative approaches to good practice are suggested but no clear-cut recommendations are made.
Trial-Use documents: publications that are effective for not more than two years. They can be any of the categories of standards publications listed above.
4/25/2019

18. Content of Standard
CSPP - Guidance for COTS Security Protection Profiles (
Introduction – D.W.
TOE Description – J.T.
Security Environment (Multiple environments) – P.C.
Security Assumptions
Organizational Policies
Role/Vulnerabilities/Exploitations – S.D.
Security Objectives – B.V.
Functional Security Requirements
Assurance Requirements
Appendix
TOE Functional Requirements Details
TOE Assurance Requirements Details
IT Environment Functional Requirements
Other Security Consideration
Encryption Certification (FIPS in the US)
System Considerations
4/25/2019

19. Content of Standard
Is there one and only one profile or is there a way to divide or segment the profile?
A profile could have objectives that are based on the security environment. Increasing objectives for increasing security risk.
The profiles could then be broken down into categories (network, harddisk, etc.) where the security objectives are conditionally mandatory. (Requires some degree of modularity within the device.)
Try to get people from NIST/NIAP to attend and present at the Washington DC meeting on the viability to this approach to creating a protection profile.
4/25/2019

20. Assignments
Proposals for what to include from Common Criteria – deferred until the draft work is underway.
4/25/2019

21. Document Editor(s) Create drafts Publish on web site
Respond to comments
Maintain change history
Volunteers:
Brian V.
Jerry T.
Ron Bergman
Stefaan DeSchrijver
4/25/2019