PDF User Manual

  1. Home
  2. Manuals
  3. Lexmark 10G0149 - PrintCryption Card Encryption Module Manual

Lexmark 10G0149 - PrintCryption Card Encryption Module Manual

Made by: Lexmark
Type: Manual
Category: Network Hardware
Pages: 17
Size: 0.47 MB

 

Download PDF User Manual



Full Text Searchable PDF User Manual



background image

 

© Copyright 2006 Lexmark International Inc. 

This document may be freely reproduced and distributed whole and intact including this Copyright Notice. 

 

 
 

 
 
 
 

Lexmark PrintCryption

TM

 

(Firmware Version 1.3.1)

 

 
 
 

 

 
 
 

FIPS 140-2 Non-Proprietary  

Security Policy 

 
 
 

Level 1 Validation 

Version 0.95 

 
 
 

April 2007 

 

 

 


background image

 

Page 2 of 17 

© Copyright 2006 Lexmark International Inc. 

This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

  

 

Table of Contents 

 

INTRODUCTION......................................................................................................................... 3

 

P

URPOSE

....................................................................................................................................... 3 

R

EFERENCES

................................................................................................................................. 3 

D

OCUMENT 

O

RGANIZATION

......................................................................................................... 3 

LEXMARK PRINTCRYPTION

TM

............................................................................................. 4

 

O

VERVIEW

.................................................................................................................................... 4 

M

ODULE 

S

PECIFICATION

.............................................................................................................. 4 

M

ODULE 

I

NTERFACES

................................................................................................................... 6 

R

OLES AND 

S

ERVICES

................................................................................................................... 7 

Crypto Officer Role .................................................................................................................. 7

 

User Role.................................................................................................................................. 8

 

P

HYSICAL 

S

ECURITY

.................................................................................................................... 8 

O

PERATIONAL 

E

NVIRONMENT

...................................................................................................... 9 

C

RYPTOGRAPHIC 

K

EY 

M

ANAGEMENT

.......................................................................................... 9 

Access Control Policy ............................................................................................................ 10

 

Key Generation ...................................................................................................................... 10

 

Key Storage ............................................................................................................................ 10

 

Key Entry and Output............................................................................................................. 10

 

Key Zerorization..................................................................................................................... 10

 

S

ELF

-T

ESTS

................................................................................................................................ 10 

D

ESIGN 

A

SSURANCE

................................................................................................................... 11 

M

ITIGATION OF 

O

THER 

A

TTACKS

............................................................................................... 11 

OPERATION IN FIPS MODE.................................................................................................. 12

 

I

NITIAL 

S

ETUP

............................................................................................................................ 12 

C

RYPTO 

O

FFICER 

G

UIDANCE

...................................................................................................... 13 

U

SER 

G

UIDANCE

......................................................................................................................... 14 

ACRONYMS............................................................................................................................... 17

 

 

 

 
 
 
 
 
 
 
 

 
 

 

 


background image

 

Page 3 of 17 

© Copyright 2006 Lexmark International Inc. 

This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

  

 

Introduction 

Purpose 

This is a non-proprietary Cryptographic Module Security Policy for the Lexmark 
PrintCryption

TM

 

from Lexmark International Inc.  This Security Policy describes 

how the Lexmark PrintCryption

TM

 

meets the security requirements of FIPS 140-2 

and how to run the module in a secure FIPS 140-2 mode.  This policy was 
prepared as part of the Level 1 FIPS 140-2 validation of the module.   

FIPS 140-2 (Federal Information Processing Standards Publication 140-2 — 

Security Requirements for Cryptographic Modules

) details the U.S. Government 

requirements for cryptographic modules.  More information about the FIPS 140-2 
standard and validation program is available on the National Institute of Standards 
and Technology (NIST) Cryptographic Module Validation Program (CMVP) 
website at 

http://csrc.nist.gov/cryptval/

The Lexmark PrintCryption

TM

 

is referred to in this document as PrintCryption, 

PrintCryption module, cryptographic module, firmware module, or module. 

References 

This document deals only with operations and capabilities of the module in the 
technical terms of a FIPS 140-2 cryptographic module security policy.  More 
information is available on the module from the following sources: 

 

The Lexmark International website (

http://www.lexmark.com

) contains 

information on the full line of products from Lexmark International. 

 

 

The CMVP website (

http://csrc.nist.gov/cryptval/

) contains contact 

information for answers to technical or sales-related questions for the module. 

Document Organization 

The Security Policy document is one document in a FIPS 140-2 Submission 
Package. In addition to this document, the Submission Package contains:  

ƒ

 

Vendor Evidence document 

ƒ

 

Finite State Machine 

ƒ

 

Other supporting documentation as additional references 

With the exception of this Non-Proprietary Security Policy, the FIPS 140-2 
Validation Documentation is proprietary to Lexmark and is releasable only under 
appropriate non-disclosure agreements.  For access to these documents, please 
contact Lexmark International.  

 


background image

 

Page 4 of 17 

© Copyright 2006 Lexmark International Inc. 

This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

  

 

L

EXMARK 

P

RINT

C

RYPTION

TM

 

Overview 

The Lexmark PrintCryption

TM

 is an option for the Lexmark printers that enable 

the transfer and printing of encrypted print jobs. This new Lexmark technology 
offers a level of security that is the first of its kind in the printing industry. With 
the PrintCryption module installed, the printer is capable of decrypting print jobs 
encrypted with the AES (FIPS 197) algorithm. The Lexmark PrintCryption

TM

 

analyses the encrypted data stream, determines if the correct key was used to 
encrypt the data, decrypts the data and allows the confidential document to be 
printed. This new level of printing security is ideal for industries that commonly 
handle sensitive or personal information, such as financial institutions, 
government agencies, and healthcare organizations. 

 

Module Specification 

The PrintCryption

TM

 module (firmware version 1.3.1) is a firmware module 

composed of three binaries, and it is installed in Lexmark printers using a 
Downloaded Emulator Card (DLE), a serial interface PCB board that plugs into 
the printer. The DLE card is shown in Figure 1.   

 

 

Figure 1 - Optional Firmware Card 

Per FIPS PUB 140-2, the cryptographic module is classified as multi-chip 
standalone cryptographic module. The module meets overall level 1 FIPS 140-2 
requirements, as detailed in Table 1.  

Tested DLE Configurations (Option P/N15A1962): 

T630, T632, T634:   P/N 10G0149  
C760, C762:    

P/N 16N3204  

W820: 

 

  P/N 

19E0123 

C912: 

 

  P/N 

12N1253 

T640, T642, T644:   P/N 20G0740 
W840: 

 

  P/N 

25A0034 

 


background image

 

Page 5 of 17 

© Copyright 2006 Lexmark International Inc. 

This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

  

 

C920: 

 

  P/N 

13N1343 

C534: 

 

  P/N 

36B0147 

X644e, X646e, X646dte: P/N 22G0352 
X850e, X852e, X854e: P/N 15R0093 
C772: P/N 20B3204 

C782: 

 

  P/N 

10Z0403 

C935: 

 

  P/N 

21Z0366 

X945e:  

 

P/N 21Z0370 

Operating System: Lexmark proprietary ver. 2.4 based on Linux 

Section 

Section Title 

Level  

1 Cryptographic 

Module 

Specification  1 

2 Cryptographic 

Module 

Ports and Interfaces 

Roles, Services, and Authentication 

Finite State Model 

5 Physical 

Security 

6 Operational 

Environment 

N/A 

7 Cryptographic 

Key 

Management 

8 EMI/EMC 

9 Self-tests 

10 Design 

Assurance 

11 

Mitigation of Other Attacks 

N/A 

Table 1 – Security Level per FIPS 140-2 Section 

 

Logically, the cryptographic boundary is composed of three binaries and is 
evaluated for use on Lexmark printers that are running Linux operating system.  
Once the PrintCryption firmware is installed in the printer, the printer must use 
this firmware.  The cryptographic module cannot be bypassed.  Functionality is 
then controlled by the PrintCryption firmware. 

 

Figure 2 - Logical Cryptographic Boundary 

OS 

Applications 

 
PrintCryption 
Firmware  

Cryptographic Boundary

Plaintext

Ciphertext

Internal Data

 

 


background image

 

Page 6 of 17 

© Copyright 2006 Lexmark International Inc. 

This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

  

 

The PrintCryption module is evaluated for running on number of Lexmark 
printers including mono-color printers (T630, T632, T634, W820, T640, T642, 
T644, W840), Color printers (C534, C760, C762, C912, C920, C772, C782, 
C935) and MFP printers (X644e, X646e, X646dte, X850e, X852e, X854e, 
X945e). The module’s physical cryptographic boundary is the metal and plastic 
enclosure of the printer.  

 

 

Figure 3 - Physical Cryptographic Boundary 

Module Interfaces  

The cryptographic module’s physical ports are composed of the physical ports 
provided by the hardware platforms listed above. These printer ports include the 
network port, parallel port, USB port, paper exit port, multipurpose feeder, LED, 
and LCD display.  

Since all of the module’s services are server processes, the logical interfaces of 
the module are network port and API calls, which provide the only means of 
accessing the module’s services. Data inputs are service requests on the TCP 
ports. Control inputs are also data at TCP/IP port, however they are logically 
distinct from Data input and controls how the function is executed. The data 
output from the module includes X.509 certificate and deciphered data, which exit 
through the network port and an internal API, respectively. The status outputs of 
the module are sent via network and stored in log file.  

All of these physical ports are separated into logical interfaces defined by FIPS 
140-2, as described in the following table. 

CPU 

FLASH 

Volatile 

Memory 

Custom 

ASIC 

I/O Port 

Option Slot 

Print 

Engine 

PCI BUS 

System BUS

Cryptographic Boundary 

 


background image

 

Page 7 of 17 

© Copyright 2006 Lexmark International Inc. 

This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

  

 

 

 

 

 
 

Logical Interface of the Module 

Module Physical Port 

FIPS 140-2 Logical Interface 

Network Port 

Network (Ethernet 10/100) Port  
USB Port  
Parallel Port  

Data Input Interface 

Network Port 
Internal API  

Network (Ethernet 10/100) Port  
Paper Exit Port 

Data Output Interface 

Network Port 

Operator Panel  
Network (Ethernet 10/100) Port  
USB Port  
Parallel Port  
Paper Exit Port 
Multipurpose/envelope Feeder 
Power Switch 
Circuit Breaker Switch 

Control Input Interface 

Network Port  
Log File 

LED  
LCD Display  
Network (Ethernet 10/100) Port  
USB Port  
Parallel Port. 

Status Output Interface 

Not Applicable 

Power Plug 
Power Connector 

Power Interface 

Table 2 – FIPS 140-2 Logical Interfaces 

 

 

Roles and Services 

The module supports two roles, a Crypto Officer role and a User role, and an 
operator on the module must assume one of the roles. Descriptions and 
responsibilities for the two roles are described below.  

Crypto Officer Role 

The Crypto Officer installs and uninstalls the PrintCryption. The Crypto Officer is 
also responsible for monitoring the printer’s configuration and operational status 
via network port.  

Service 

Description 

Input 

Output 

CSP 

Type of Access 
to CSP 

Install Assemble 

the 

printer(s); Install 
PrintCryption

TM

 

firmware card;  Install 
printer driver on host 
PC  

Command Result 

of 

installation 

None -- 

 


background image

 

Page 8 of 17 

© Copyright 2006 Lexmark International Inc. 

This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

  

 

Service 

Description 

Input 

Output 

CSP 

Type of Access 
to CSP 

Uninstall Uninstall 

the 

firmware 

Command  Uninstalled 

module 

None -- 

Monitor 

Configure of the 
module 

Command Module 

setting 

None 

-- 

Run Self-
Test 

Perform the self-test 
on demand 

Command Status 

output 

Integrity 

Check 

Key 

Read 

Show Status 

Call a show status  
from the printer status 
menu (HTTP) which 
has an LPC log page 

Command Status 

output 

None 

-- 

Table 3 – Crypto Officer Services, Descriptions, CSPs 

User Role 

Users utilize the cryptographic functionalities of the PrintCryption, and they 
communicate with the module via network port only.  

Service descriptions and inputs/outputs are listed in the following table: 

 

Service 

Role 

Input 

Output 

CSP 

Type of Access 
to CSP 

Public Key 
request 

Users request for 
printers public key. 
The module generates 
a key pair if needed 

Public Key 
Request (PKR) 
at network port 
9150.  

X.509 
certificate 

RSA public key 

Read/Write 

Secure 
Printing 

AES encrypted 
printing program; 
Decrypts and prints 
the print job data 
using the supplied 
AES Session key 

Encrypted 
print job at 
TCP/IP port 
9152.  

Status output 

AES session key 

Read/Write  

Table 4 – User Services, Descriptions, Inputs and Outputs 

Physical Security 

In FIPS terminology, the firmware module is defined as a multi-chip standalone 
cryptographic module. The module runs on Lexmark printers listed in 

Module

 

Specification

 section. The printers are made of all production-grade components 

and are enclosed in a strong plastic and steel case, which surrounds all of the 
module’s internal components, including all hardware and firmware. 

 

While purely a firmware module, the FIPS 140-2 evaluated platforms must have 
been tested for and meet applicable FCC EMI and EMC requirements for business 
use as defined by 47 Code of Federal Regulations, Part15, Subpart B.

 

 


background image

 

Page 9 of 17 

© Copyright 2006 Lexmark International Inc. 

This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

  

 

Operational Environment 

The operational environment is non-modifiable and thus not applicable for this 
firmware module. The PrintCryption module runs on the Linux OS, and 
configured for single-user mode by default. The operating system is used as an 
embedded OS within the Lexmark printers, and there is no direct access to the OS 
provided. 

Cryptographic Key Management 

The module implements the following FIPS-approved algorithms. 
 

 

AES ECB, CBC mode decryption – FIPS 197 (certificate #273, #274, 
#275, #276, #277, and #452) 

 

 

Deterministic Random Number Generator (RNG)  – Appendix A.2.4 of 
ANSI X9.31 (certificate #100, #101, #102, #103, #104, and #237) 

 

HMAC – FIPS 198 (certificate #89, #90, #91, #92, #93, and #215) 

 

RSA  (sign/verify) – PKCS#1 (certificate #73, #74, #75, #76, #77, and 
#171) 

 

SHS– FIPS 180-2 (certificate #350, #351, #352, #353, #354, and #515) 

 

TDES 2 key ECB mode encryption/decryption – FIPS 46-3 (certificate 
#356, #357, #358, #359, #360, and #470) (Note: The FIPS approved 
X9.31 Appendix A.2.4 PRNG utilizes 2 key TDES algorithm). 

Additionally, the module utilizes the following non-FIPS-approved algorithm 
implementation: 

 

RSA Key Wrapping (PKCS #1): Key establishment method uses a 1024-
bit key length providing 80-bits of security. 

The module supports the following critical security parameters: 

Key or CSP 

Key type 

Generation 

Storage 

Use 

AES Session Key 

128, 192, 256 
bits AES key 

Externally generated. Imported in 
encrypted form (RSA key transport) 

Held in volatile 
memory in plaintext. 
Zerorized after the 
session is closed or 
on reboot. 

Decrypts input data 
for printing 

RSA Public Key 

1024 bit RSA 
public key (80-
bits of 
security) 

Internally generated using PKCS#1 
key generation mechanism 

Stored on flash in 
plaintext. Zerorized 
by overwriting the 
flash image.  

Key transport 

 


background image

 

Page 10 of 17 

© Copyright 2006 Lexmark International Inc. 

This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

  

 

RSA Private Key 

1024 bit RSA 
private key 
(80-bits of 
security) 

Internally generated using PKCS#1 
key generation mechanism 

Stored on flash in 
plaintext. Zerorized 
by overwriting the 
flash image. 

Key transport  

Integrity Check Keys 

HMAC keys 

Externally generated, hard coded in 
the module 

Stored on flash in 
plaintext. Zerorized 
by overwriting the 
flash image. 

Firmware Integrity 
test 

X9.31 PRNG  

2-key TDES 
keys, 8 bytes 
of seed value 

Internally generated  

Held in volatile 
memory only in 
plaintext. Zerorized 
on reboot. 

RNG 

Table 5 – Listing of Key and Critical Security Parameters 

Access Control Policy 

User functionalities have read/write access to the AES Session Key and RSA 
public key. AES Session key is used to decrypt the data for printing. RSA public 
key is used for AES Session key transport. Integrity Check Keys can be read by 
Crypto-Officer “Run Self-Test” service.  

Key Generation 

The module key is generated internally is 1024 bits RSA key pair using PKCS#1-
compliant key generation techniques. FIPS-approved PRNG X9.31 Appendix 
A.2.4 is used to seed the RSA key generation mechanism. AES Session Key is 
generated outside of the module and imported via RSA key transport.  

Key Storage 

The AES Session Key is held in volatile memory only in plaintext. The RSA 
public key is stored in flash memory in an X.509 certificate in plaintext, and the 
RSA private key is stored flash memory in plaintext.  

Key Entry and Output 

All keys that are entered into (AES key) or output from (RSA certificate) the 
module are electronically entered or output. AES Session Key is enters into the 
module transported (encrypted) by RSA public key. 

Key Zerorization 

AES Session key is an ephemeral key which is zerorized after the connection is 
closed or by rebooting the module. The module provides no service to erase or 
discard the RSA key pair. The key pair is erased by overwriting the flash image 
with a new image. 

Self-Tests 

The PrintCryption module runs power-up and conditional self-tests to verify that 
it is functioning properly. Power-up self-tests are performed during startup of the 
module, and conditional self-tests are executed whenever specific conditions are 
met. 

 


background image

 

Page 11 of 17 

© Copyright 2006 Lexmark International Inc. 

This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

  

 

Firmware Integrity Check:

 The module employs a firmware integrity 

test in the form of HMAC SHA-1 over the three module binaries. 

Cryptographic Algorithm Tests:

 Known Answer Tests (KATs) are run 

at power-up for the following algorithms: 

 

AES KAT 

 

TDES KAT 

 

RSA Sign/Verify and Encrypt/Decrypt pair-wise consistency 

check 

 

SHA-1 KAT 

 

X9.31 RNG KAT

 

The module implements the following Conditional self-tests: 

 

Continuous RNG Test for X9.31 PRNG 

 

Continuous RNG Test for entropy gathering 

 

RSA Sign/Verify and Encrypt/Decrypt  pair-wise consistency 
check 

If any of these self-tests fail, the module will output an error indicator and enter 
an error state. 

Design Assurance 

Source code and associated documentation files are managed and recorded using 
a MLS/Subversion system. Subversion is a version control system that stores 
multiple revisions of the codeset with a revisionary history and older revisions are 
always accessible.   MLS is a customized user interface for use by developers that 
does not override or bypass the role of the Subversion backend.     

Additionally, Concurrent Versions System (CVS) is used to provide configuration 
management for the firmware module’s FIPS documentation. This software 
provides access control, versioning, and logging. 

Mitigation of Other Attacks 

The PrintCryption module does not employ security mechanisms to mitigate 
specific attacks. 
 

 


background image

 

Page 12 of 17 

© Copyright 2006 Lexmark International Inc. 

This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

  

 

O

PERATION IN FIPS MODE 

 

The PrintCryption meets Level 1 requirements for FIPS 140-2. The sections 
below describe how to place and keep the module in FIPS-approved mode of 
operation.  

Initial Setup 

The DLE card containing PrintCryption module may be factory installed or user-
installed. Lexmark provides an Installation sheet, a driver CD with publications, 
and license agreement for the module in the option kit.  

Installation procedure of the module is as follows. 

1.

 

Print a menu settings page from an AIO: 

a.

 

Press 

Menu

 and then select Reports.  

b.

 

Press 

Menu

 

Settings Page

 to print the page. 

Note: This Page is needed for later use. 

c.

 

Configure the printer onto the TCP/IP network per installation 
requirements. If the printer is behind a firewall, it must allow IP 
ports 9150 and 9152 to pass through. 

1.

 

Print a menu settings page from a printer: 

a.

 

Press 

Menus

 until 

Utilities

 menu appears, and then press 

Select

.  

b.

 

Press 

Menu

 until Print menu appears, and then press 

Select

 to 

print the page. 

Note: This Page is needed for later use. 

c.

 

Configure the printer onto the TCP/IP network per installation 
requirements. If the printer is behind a firewall, it must allow IP 
ports 9150 and 9152 to pass through. 

 

2.

 

Turn off the printer and install the card. Please refer to the printer’s 
documentation for further instructions on installing the card. 

3.

 

Turn the printer on. 

a.

 

If the printer displays the message 

41 – Unsupported Firmware 

Card

, then the installed card is not compatible for the printer. Turn 

off the printer and remove the card.  

 


background image

 

Page 13 of 17 

© Copyright 2006 Lexmark International Inc. 

This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

  

 

b.

 

If the printer displays the message 

Resetting all of NVRAM

 for 

longer than 45 seconds, turn off the printer and reinstall the card. 

4.

 

Print a menu settings page. If the new card is not listed under 

Printer 

Information

, turn off the printer and repeat steps 2 and 3. 

5.

 

Launch the CD to host PC to install the software application using 

setup.exe

 program. Please refer to the documents on the CD for further 

instructions on installing the software. The setup executable, once 
launched, will: 

a.

 

Ask for confirmation of the End-User License Agreement.  

b.

 

Present a small README, which explains that after installation, 
the Crypto Officer can add a new port to their printer driver that 
will support Lexmark PrintCryption

TM

.  

Note: Please refer to 

Crypto Officer Guidance

 section for more 

information. 

c.

 

Perform the installation, and stop and restart the print spooler.  

6.

 

Print a menu settings page. Compare these settings to those on the page 
printed in step 1. 

7.

 

Place the Option Added label on the printer next to the printer model and 
serial number label. Lexmark provides the 

Option Added

 label with the 

Installation guide.  

Crypto Officer Guidance 

The Crypto Officer is responsible for installing, uninstalling and monitoring the 
module. The card comes in a static sensitive package. Upon receiving the 
PrintCryption card, the Crypto Officer should check for any signs of tampering to 
the package, including a damaged seal or package.  

The Crypto Officer may follow the installation sheet found in the option kit to 
install the PrintCryption module. After the installation is complete, the Crypto 
Officer must print a Menu page and verify that

 Optional Firmware Card

 is 

displayed under the 

Installed Features

 section of the Menu Page.  

The Crypto Officer must configure the printer onto the TCP/IP network per 
installation requirements. While installing the PrintCryption host software 
application on a PC, Crypto Officer must choose 

port 9150

 to communicate with 

the printer. It is recommended that Crypto Officer name the port “FIPS” to clearly 
distinguish the port that provides secured printing service.  

 


background image

 

Page 14 of 17 

© Copyright 2006 Lexmark International Inc. 

This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

  

 

User Guidance 

The User accesses the module printing functionality as a user over network. 
Although outside the boundary of the module, the User should be careful to use 
secured printing services as needed.  

Uses can select the AES encryption key length, block length and mode using the 
printer property.  

1.

 

Open the printer folder, right click on the desired printer and select 

Properties

.  

2.

 

Navigate to 

Port

 tab and press the 

Configure Port

 button to proceed. 

3.

 

Configure Secure Port

 dialog box will appear which enables Users to 

choose their options. 

 


background image

 

Page 15 of 17 

© Copyright 2006 Lexmark International Inc. 

This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

  

 

 

Figure 4 - Configuring a Secure Port 

 

Users must choose the key size and block size approved in FIPS PUB 197 
standard. FIPS approved key and block sizes, and mode of operation are as 
follows: 

 

Key Length: 128, 192, or 256 bit.  

 

Block Length: 128 bit.  

 


background image

 

Page 16 of 17 

© Copyright 2006 Lexmark International Inc. 

This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

  

 

 

Cipher Mode: ECB (Electronic Code Book, or CBC (Cipher Block 
Mode)). 

Setup.exe also installs the Lexmark PrintCryption Utility (LPCU) program as part 
of the install session. The program can be invoked by -   

START 

 Programs 

 Lexmark 

 PrintCryption 

 PrintCryption Test Utility 

The LPCU utility program can help Users to determine: 

 

The Lexmark PrintCryption Card is installed.  

 

The network path exists, even through a firewall, and when 

ping

 

command does not work.  

 

The proper IP ports (9150 and 9152) are open. 

 

 

The printer is capable of returning an X.509 security certificate. 

 

 

The printer can successfully decode an encrypted packet.

 

Users also can view the communication to the printer via PrintCryption Log 
Viewer, installed during the installation session, which can be started by -    

START 

 Programs 

 Lexmark 

 PrintCryption 

 PrintCryption Log Viewer  

 

Figure 5 - PrintCryption Log Viewer 

Users can see the key size, block length, and mode been used for encryption from 
the Log Viewer program.  

 
 

 

 

 


background image

 

Page 17 of 17 

© Copyright 2006 Lexmark International Inc. 

This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

  

 

A

CRONYMS

 

AESSD   AES 

Session 

Daemon 

ANSI 

   American 

National 

Standards 

Institute 

API 

   Application 

Programming 

Interface 

CMVP 

   Cryptographic 

Module 

Validation 

Program 

CSE 

   Communications 

Security 

Establishment 

 

CSP 

   Critical 

Security 

Parameter 

DKMD   Decryption 

Key 

Management 

Daemon 

DLE 

   Downloaded 

Emulator 

Card 

EMC 

   Electromagnetic 

Compatibility 

 

EMI 

   Electromagnetic 

Interference 

FCC 

   Federal 

Communication 

Commission 

FIPS 

   Federal 

Information 

Processing 

Standard 

HMAC   (Keyed-) 

Hash 

MAC 

HTTP 

   Hypertext 

Transfer 

Protocol 

IP 

   Internet 

Protocol 

KAT 

   Known 

Answer 

Test 

 

LED 

   Light 

Emitting 

Diode 

LPC 

   Line 

Printer 

Control 

MAC 

   Message 

Authentication 

Code 

NIST 

   National 

Institute 

of 

Standards 

and 

Technology 

NVLAP   National 

Voluntary 

Laboratory Accreditation Program  

OS 

   Operating 

System 

PC 

   Personal 

Computer 

RAM 

   Random 

Access 

Memory 

RNG 

   Random 

Number 

Generator 

RSA 

   Rivest 

Shamir 

and 

Adleman 

SHA 

   Secure 

Hash 

Algorithm 

SKH 

   Session 

Key 

Header 

SNMP 

   Simple 

Network 

Management 

Protocol 

SP 

   Secure 

Platform 

TCP 

   Transmission 

Control 

Protocol 

VSS 

   Visual 

Source 

Safe