1. Manuals
  2. Brands
  3. Lexmark Manuals
  4. Printer Accessories
  5. 10G0149 - PrintCryption Card Encryption...
  6. Manual

Access Control Policy; Key Generation; Key Storage; Key Entry And Output - Lexmark 10G0149 - PrintCryption Card Encryption Module Manual

Fips 140-2 non-proprietary security policy
Hide thumbs Also See for 10G0149 - PrintCryption Card Encryption Module:
Table of Contents

Advertisement

Access Control Policy

User functionalities have read/write access to the AES Session Key and RSA
public key. AES Session key is used to decrypt the data for printing. RSA public
key is used for AES Session key transport. Integrity Check Keys can be read by
Crypto-Officer "Run Self-Test" service.

Key Generation

The module key is generated internally is 1024 bits RSA key pair using key
generation techniques that meet IG A.6 and FIPS Pub 186-3. FIPS-Approved
PRNG X9.31 Appendix A.2.4 is used to seed the RSA key generation mechanism.
AES Session Key is generated outside of the module and imported via RSA key
transport.

Key Storage

The AES Session Key is held in volatile memory only in plaintext. The RSA
public key is stored in flash memory in an X.509 certificate in plaintext, and the
RSA private key is stored flash memory in plaintext.

Key Entry and Output

All keys that are entered into (AES key) or output from (RSA certificate) the
module are electronically entered or output. AES Session Key is entered into the
module transported (encrypted) by RSA public key.

Key Zerorization

AES Session key is an ephemeral key which is zeroized after the connection is
closed or by rebooting the module. The module provides no service to erase or
discard the RSA key pair. The key pair is erased by overwriting the flash image
with a new image.

Self-Tests

The PrintCryption module runs power-up and conditional self-tests to verify that
it is functioning properly. Power-up self-tests are performed during startup of the
module. Module startup occurs every time a new network connection is
established and the dkmd or aessd process starts. Conditional self-tests are
executed whenever specific conditions are met.
© Copyright 2009 Lexmark International Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Firmware Integrity Check: The module employs a firmware integrity
test in the form of HMAC SHA-1.
Cryptographic Algorithm Tests: Known Answer Tests (KATs) are run
at power-up for the following algorithms:
• AES KAT
Page 12 of 20

Advertisement

Table of Contents
loading

Related Manuals for Lexmark 10G0149 - PrintCryption Card Encryption Module

Related Content for Lexmark 10G0149 - PrintCryption Card Encryption Module

This manual is also suitable for:

Printcryption

Table of Contents