Introduction Purpose This is a non-proprietary Cryptographic Module Security Policy for the Lexmark PrintCryption from Lexmark International Inc. This Security Policy describes how the Lexmark PrintCryption meets the security requirements of FIPS 140-2 and how to run the module in a secure FIPS 140-2 mode. This policy was prepared as part of the Level 1 FIPS 140-2 validation of the module.
The PrintCryption module (firmware version 1.3.1) is a firmware module composed of three binaries, and it is installed in Lexmark printers using a Downloaded Emulator Card (DLE), a serial interface PCB board that plugs into the printer. The DLE card is shown in Figure 1.
Page 5
Table 1 – Security Level per FIPS 140-2 Section Logically, the cryptographic boundary is composed of three binaries and is evaluated for use on Lexmark printers that are running Linux operating system. Once the PrintCryption firmware is installed in the printer, the printer must use this firmware.
The PrintCryption module is evaluated for running on number of Lexmark printers including mono-color printers (T630, T632, T634, W820, T640, T642, T644, W840), Color printers (C534, C760, C762, C912, C920, C772, C782, C935) and MFP printers (X644e, X646e, X646dte, X850e, X852e, X854e, X945e).
Physical Security In FIPS terminology, the firmware module is defined as a multi-chip standalone cryptographic module. The module runs on Lexmark printers listed in Module Specification section. The printers are made of all production-grade components and are enclosed in a strong plastic and steel case, which surrounds all of the module’s internal components, including all hardware and firmware.
The PrintCryption module runs on the Linux OS, and configured for single-user mode by default. The operating system is used as an embedded OS within the Lexmark printers, and there is no direct access to the OS provided.
Initial Setup The DLE card containing PrintCryption module may be factory installed or user- installed. Lexmark provides an Installation sheet, a driver CD with publications, and license agreement for the module in the option kit. Installation procedure of the module is as follows.
6. Print a menu settings page. Compare these settings to those on the page printed in step 1. 7. Place the Option Added label on the printer next to the printer model and serial number label. Lexmark provides the Option Added label with the Installation guide. Crypto Officer Guidance The Crypto Officer is responsible for installing, uninstalling and monitoring the module.
Page 16
• Cipher Mode: ECB (Electronic Code Book, or CBC (Cipher Block Mode)). Setup.exe also installs the Lexmark PrintCryption Utility (LPCU) program as part of the install session. The program can be invoked by - START → Programs → Lexmark → PrintCryption → PrintCryption Test Utility The LPCU utility program can help Users to determine: •...