Encrypted Partitions; Image Overwrite; User Behavior - Xerox WORKCENTRE 7755 Information Manual

XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper

4.4. Encrypted Partitions

The network controller disk is encrypted using the AES algorithm with a 128-bit key. The key is generated
dynamically on each boot, and is kept only in volatile memory.

4.5. Image Overwrite

The Image Overwrite Security Option provides both Immediate Image Overwrite (IIO) and On-Demand
Image Overwrite (ODIO) functions. Immediately before a job is considered complete, IIO will overwrite any
temporary files associated with copy, print, network scan, internet fax, network fax, or e-mail jobs that had
been created on the Network Controller Hard Disk. The ODIO feature can be executed at any time by the
SA and will overwrite the entire document image partitions of the Network Controller Hard disk. ODIO may
also be scheduled to run at regular times. A standard ODIO will overwrite all image data from memory and
disks except for Jobs and Folders stored in the Reprint Saved Jobs feature; Jobs stored in the Scan to
Mailbox feature (if installed); Fax Dial Directories (if fax card is installed); and Fax Mailbox contents (if fax
card is installed). A full ODIO will overwrite all image data from memory and disks as well as the items
excluded from a standard ODIO.
4.5.1. Algorithm
The overwrite mechanism for both IIO and ODIO conforms to the U.S. Department of Defense Directive
5200.28-M (Section 7, Part 2, paragraph 7-202
for the Image Overwrite feature is:
Step 1: Pattern #1 is written to the sectors containing temporary files (IIO) or to the entire spooling
area of the disks (ODIO). (hex value 0x35 (ASCII "5")).
Step 2: Pattern #2 is written to the sectors containing temporary files (IIO) or to the entire spooling
area of the disks (ODIO). (hex value 0xCA (ASCII compliment of 5)).
Step 3: Pattern #3 is written to the sectors containing temporary files (IIO) or to the entire spooling
area of the disks (ODIO). (hex value 0x97 (ASCII "ú")).
Step 4: 10% of the overwritten area is sampled to ensure Pattern #3 was properly written. The 10%
sampling is accomplished by sampling a random 10% of the overwritten area.

4.5.2. User Behavior

Once enabled, IIO is invoked automatically immediately prior to the completion of a print, network scan,
internet fax, network fax, or e-mail job. If IIO completes successfully, status is displayed in the Job Queue.
However, if IIO fails, a popup will appear on the Local UI recommending that the user run ODIO, and a
failure sheet will be printed.
ODIO may be invoked either from the Local UI in Tools Pathway or from the CentreWare Internet Services
Web UI. Network functions will be delayed until the overwrite is completed. Copying is unavailable while
the overwrite itself is underway, but copies may be made while the Network Controller is booting.
Upon completion and verification of the ODIO process, a confirmation sheet is printed which indicates the
status of the overwrite. The completion status can be successful, failed, cancelled, or timed-out.
3
http://www.dtic.mil/whs/directives/corres/archives/520028m_0173/p520028m.pdf
Ver. 1.01, April 2010
3
, and is common to all WorkCentre models. The algorithm
30
Page 30 of 40