Lexmark International, Inc.
3
About Hard Disk Technology on Lexmark Printers and MFPs
Hard disks on Lexmark devices are designed for device-specific functionality and are not
designed, nor can be used, as long-term storage for items unrelated to print and scan.
The basic architecture of these devices disallows the capability for users to extract
information, create folders, share the hard disk, create a network file share, or FTP
information to the device’s hard disk directly from a client device.
The device hard disk is primarily designed to store print/image data, font data, forms
data, macros, and in some cases, job data. In addition, Lexmark uses hard disks for
temporarily buffering scan, fax, and copy data. In general, print-related data is processed
in Random Access Memory (RAM) unless the job exceeds the amount of RAM on the
device, or if the end user selects the confidential print and/or print and hold feature
enabled through the print driver.
Hard Disk Encryption
Why is Hard Disk Encryption needed?
A common concern for print devices is that residual job data from the print, copy, fax,
and scan processes will not be properly cleared prior to the device being removed from
a secure area and/or decommissioned at the end of life. This concern has led many
customers for look to additional hard disk protection mechanisms outside of disk wiping
to secure information. Hard disk encryption adds an additional layer of security to a
device's hard disk by encrypting all data that may be actively used by the device, sitting
idle on a device, and/or used by the device in a previous job. Disk encryption provides
the comfort that the hard disk can never be used in a device other than the one from
which it was originally encrypted.
How does Hard Disk Encryption work?
Lexmark devices have the ability to encrypt all data on their hard disks to protect it from
malicious access at all times. When this feature is enabled, all data written to the hard
disk is encrypted. This protects not only residual data left over after jobs, but also
protects data actively being used. This prohibits someone from maliciously powering off
the device in the middle of a job and making use of data abruptly left on the hard disk. If
an encrypted hard disk is removed and placed in another Lexmark device with hard disk
encryption enabled, the hard disk will verify its encryption key with the device's
encryption key. If the verified encryption key on the hard disk is different from the
device's encryption key, the device will reformat the hard disk with a new encryption key,
destroying the existing encrypted data on the hard disk.
When hard disk encryption is activated, the encryption key used (128-bit AES symmetric
encryption) is pseudo-randomly generated and stored in a proprietary fashion on the
device. Note that the key is not stored on the hard disk itself, so if the hard disk were
stolen from the device, the contents of the hard disk would remain indecipherable.
When the encryption function is activated, the hard disk is formatted and all data
contained on the hard disk is lost. Encryption is then applied to all data placed on the
hard disk, at all times.
