manualshive.com logo in svg

Lexmark 10G0149 - PrintCryption Card Encryption Module, Manual

Enhance the security of your Lexmark printer with the Lexmark 10G0149 PrintCryption Card Encryption Module. Safeguard sensitive documents and data with advanced encryption technology. For step-by-step instructions, download the user manual for free from manualshive.com. Keep your information protected with this essential accessory.

Share
Download
background image

 

Page 10 of 17 

© Copyright 2006 Lexmark International Inc. 

This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

  

 

RSA Private Key 

1024 bit RSA 
private key 
(80-bits of 
security) 

Internally generated using PKCS#1 
key generation mechanism 

Stored on flash in 
plaintext. Zerorized 
by overwriting the 
flash image. 

Key transport  

Integrity Check Keys 

HMAC keys 

Externally generated, hard coded in 
the module 

Stored on flash in 
plaintext. Zerorized 
by overwriting the 
flash image. 

Firmware Integrity 
test 

X9.31 PRNG  

2-key TDES 
keys, 8 bytes 
of seed value 

Internally generated  

Held in volatile 
memory only in 
plaintext. Zerorized 
on reboot. 

RNG 

Table 5 – Listing of Key and Critical Security Parameters 

Access Control Policy 

User functionalities have read/write access to the AES Session Key and RSA 
public key. AES Session key is used to decrypt the data for printing. RSA public 
key is used for AES Session key transport. Integrity Check Keys can be read by 
Crypto-Officer “Run Self-Test” service.  

Key Generation 

The module key is generated internally is 1024 bits RSA key pair using PKCS#1-
compliant key generation techniques. FIPS-approved PRNG X9.31 Appendix 
A.2.4 is used to seed the RSA key generation mechanism. AES Session Key is 
generated outside of the module and imported via RSA key transport.  

Key Storage 

The AES Session Key is held in volatile memory only in plaintext. The RSA 
public key is stored in flash memory in an X.509 certificate in plaintext, and the 
RSA private key is stored flash memory in plaintext.  

Key Entry and Output 

All keys that are entered into (AES key) or output from (RSA certificate) the 
module are electronically entered or output. AES Session Key is enters into the 
module transported (encrypted) by RSA public key. 

Key Zerorization 

AES Session key is an ephemeral key which is zerorized after the connection is 
closed or by rebooting the module. The module provides no service to erase or 
discard the RSA key pair. The key pair is erased by overwriting the flash image 
with a new image. 

Self-Tests 

The PrintCryption module runs power-up and conditional self-tests to verify that 
it is functioning properly. Power-up self-tests are performed during startup of the 
module, and conditional self-tests are executed whenever specific conditions are 
met. 

Summary of Contents for 10G0149 - PrintCryption Card Encryption Module

Page 1: ...nc This document may be freely reproduced and distributed whole and intact including this Copyright Notice Lexmark PrintCryptionTM Firmware Version 1 3 1 FIPS 140 2 Non Proprietary Security Policy Lev...

Page 2: ...NTM 4 OVERVIEW 4 MODULE SPECIFICATION 4 MODULE INTERFACES 6 ROLES AND SERVICES 7 Crypto Officer Role 7 User Role 8 PHYSICAL SECURITY 8 OPERATIONAL ENVIRONMENT 9 CRYPTOGRAPHIC KEY MANAGEMENT 9 Access C...

Page 3: ...exmark PrintCryptionTM is referred to in this document as PrintCryption PrintCryption module cryptographic module firmware module or module References This document deals only with operations and capa...

Page 4: ...the confidential document to be printed This new level of printing security is ideal for industries that commonly handle sensitive or personal information such as financial institutions government ag...

Page 5: ...1 4 Finite State Model 1 5 Physical Security 1 6 Operational Environment N A 7 Cryptographic Key Management 1 8 EMI EMC 1 9 Self tests 1 10 Design Assurance 1 11 Mitigation of Other Attacks N A Table...

Page 6: ...e network port parallel port USB port paper exit port multipurpose feeder LED and LCD display Since all of the module s services are server processes the logical interfaces of the module are network p...

Page 7: ...Log File LED LCD Display Network Ethernet 10 100 Port USB Port Parallel Port Status Output Interface Not Applicable Power Plug Power Connector Power Interface Table 2 FIPS 140 2 Logical Interfaces Rol...

Page 8: ...o CSP Public Key request Users request for printers public key The module generates a key pair if needed Public Key Request PKR at network port 9150 X 509 certificate RSA public key Read Write Secure...

Page 9: ...15 RSA sign verify PKCS 1 certificate 73 74 75 76 77 and 171 SHS FIPS 180 2 certificate 350 351 352 353 354 and 515 TDES 2 key ECB mode encryption decryption FIPS 46 3 certificate 356 357 358 359 360...

Page 10: ...ey is generated internally is 1024 bits RSA key pair using PKCS 1 compliant key generation techniques FIPS approved PRNG X9 31 Appendix A 2 4 is used to seed the RSA key generation mechanism AES Sessi...

Page 11: ...ncrypt Decrypt pair wise consistency check If any of these self tests fail the module will output an error indicator and enter an error state Design Assurance Source code and associated documentation...

Page 12: ...he page Note This Page is needed for later use c Configure the printer onto the TCP IP network per installation requirements If the printer is behind a firewall it must allow IP ports 9150 and 9152 to...

Page 13: ...a menu settings page Compare these settings to those on the page printed in step 1 7 Place the Option Added label on the printer next to the printer model and serial number label Lexmark provides the...

Page 14: ...though outside the boundary of the module the User should be careful to use secured printing services as needed Uses can select the AES encryption key length block length and mode using the printer pr...

Page 15: ...distributed whole and intact including this Copyright Notice Figure 4 Configuring a Secure Port Users must choose the key size and block size approved in FIPS PUB 197 standard FIPS approved key and bl...

Page 16: ...rs to determine The Lexmark PrintCryption Card is installed The network path exists even through a firewall and when ping command does not work The proper IP ports 9150 and 9152 are open The printer i...

Page 17: ...EMI Electromagnetic Interference FCC Federal Communication Commission FIPS Federal Information Processing Standard HMAC Keyed Hash MAC HTTP Hypertext Transfer Protocol IP Internet Protocol KAT Known...

Reviews:

No comments

Related manuals for 10G0149 - PrintCryption Card Encryption Module

Manfrotto 625 Instructions preview
625
Brand: Manfrotto Pages: 2
Happy Orange USB-C Quick Start Manual preview
USB-C
Brand: Happy Orange Pages: 2
Xerox 7142 Service Manual preview
7142
Brand: Xerox Pages: 341
YOKOGAWA FD30 Instruction Manual preview
FD30
Brand: YOKOGAWA Pages: 12
IBM RS/6000 44P Series 270 User Manual preview
RS/6000 44P Series 270
Brand: IBM Pages: 216
Lanaform Heating Overblanket Instructions For Use Manual preview
Heating Overblanket
Brand: Lanaform Pages: 84
Lanaform Aroma Globe Instruction Manual preview
Aroma Globe
Brand: Lanaform Pages: 84
Lanaform Aroma Design Manual preview
Aroma Design
Brand: Lanaform Pages: 72
Lanaform Aroma Decor Instruction Manual preview
Aroma Decor
Brand: Lanaform Pages: 80
Oki OKIPAGE 8z Technical Features preview
OKIPAGE 8z
Brand: Oki Pages: 2
Oki OKIPAGE 8c Plus User Manual preview
OKIPAGE 8c Plus
Brand: Oki Pages: 48
Oki OKIPAGE 6e Maintenance Manual preview
OKIPAGE 6e
Brand: Oki Pages: 257
Oki OKIPAGE 14i Technical Reference preview
OKIPAGE 14i
Brand: Oki Pages: 113
Oki OKIPAGE 14e Setup Manual preview
OKIPAGE 14e
Brand: Oki Pages: 26
Oki OKIPAGE 14e Service Manual preview
OKIPAGE 14e
Brand: Oki Pages: 183
Oki MPS730b Material Safety Data Sheet preview
MPS730b
Brand: Oki Pages: 36
Oki MPS730b User Manual preview
MPS730b
Brand: Oki Pages: 136
Oki MPS710c Handy Reference preview
MPS710c
Brand: Oki Pages: 66

Brands by name

Popular brands

Load more brands