280 likes | 290 Views
Get updates on IEEE patent policy, review and approve agenda and minutes, discuss merged document review and document review of PPs, and more.
E N D
P2600Hardcopy Device and System SecurityJune 2006 Working Group Meeting Don Wright Director of Standards Lexmark International don@lexmark.com
Agenda Items • Monday/Tuesday, June 19-20 • Welcome & Introductions • Update and Approve Agenda • Review and approve May Minutes • IEEE Patent Policy Review • 2006 Meeting Schedule • Update on TCG • Update on INCITS CS1 Working Group • Review of Action Items from May Meeting • Topics from e-mail
Agenda Items • Monday/Tuesday, June 19-20 • Merged Document Review – page turner • Document Review of PPs • A (High) PP • B (Enterprise) PP • C (Public) PP • D (SoHo) PP • Other items • Benefits of providing funding for the evals • Next meeting details • Summarize and record action items
Minutes from May Meeting • Minutes were published shortly after the meeting. • They are available at:http://grouper.ieee.org/groups/2600/minutes/P2600-minutes-May2006.pdf • Any corrections or changes?
Instructions for the WG Chair • At Each Meeting, the Working Group Chair shall: • Show slides #1 and #2 of this presentation • Advise the WG membership that: • The IEEE’s patent policy is consistent with the ANSI patent policy and is described in Clause 6 of the IEEE-SA Standards Board Bylaws; • Early disclosure of patents which may be essential for the use of standards under development is encouraged; • Disclosures made of such patents may not be exhaustive of all patents that may be essential for the use of standards under development, and that neither the IEEE, the WG, nor the WG Chairman ensure the accuracy or completeness of any disclosure or whether any disclosure is of a patent that, in fact, may be essential for the use of standards under development. • Instruct the WG Secretary to record in the minutes of the relevant WG meeting: • That the foregoing advice was provided and the two slides were shown; • That an opportunity was provided for WG members to identify or disclose patents that the WG member believes may be essential for the use of that standard; • Any responses that were given, specifically the patents and patent applications that were identified (if any) and by whom. (Not necessary to be shown) Approved by IEEE-SA Standards Board – March 2003 (Revised March 2005)
IEEE-SA Standards Board Bylaws on Patents in Standards 6. Patents IEEE standards may include the known use of essential patents and patent applications provided the IEEE receives assurance from the patent holder or applicant with respect to patents whose infringement is, or in the case of patent applications, potential future infringement the applicant asserts will be, unavoidable in a compliant implementation of either mandatory or optional portions of the standard [essential patents]. This assurance shall be provided without coercion. The patent holder or applicant should provide this assurance as soon as reasonably feasible in the standards development process. This assurance shall be provided no later than the approval of the standard (or reaffirmation when a patent or patent application becomes known after initial approval of the standard). This assurance shall be either: a) A general disclaimer to the effect that the patentee will not enforce any of its present or future patent(s) whose use would be required to implement either mandatory or optional portions of the proposed IEEE standard against any person or entity complying with the standard; or b) A statement that a license for such implementation will be made available without compensation or under reasonable rates, with reasonable terms and conditions that are demonstrably free of any unfair discrimination. This assurance is irrevocable once submitted and accepted and shall apply, at a minimum, from the date of the standard's approval to the date of the standard's withdrawal. Slide #1 Approved by IEEE-SA Standards Board – March 2003 (Revised February 2006)
Inappropriate Topics for IEEE WG Meetings • Don’t discuss the validity/essentiality of patents/patent claims • Don’t discuss the cost of specific patent use • Don’t discuss licensing terms or conditions • Don’t discuss product pricing, territorial restrictions, or market share • Don’t discuss ongoing litigation or threatened litigation • Don’t be silent if inappropriate topics are discussed… do formally object.If you have questions, contact the IEEE-SA Standards Board Patent Committee Administrator at patcom@ieee.org or visit http://standards.ieee.org/board/pat/index.htmlThis slide set is available at http://standards.ieee.org/board/pat/pat-slideset.ppt Slide #2 Approved by IEEE-SA Standards Board – March 2003 (Revised March 2005)
Officers • Chair: Don Wright, Lexmark • Vice Chair: Lee Farrell, Canon • Secretary: Brian Smithson, Ricoh • Editors: • Non-PP clauses: Jerry Thrasher, Lexmark • PP clauses: Brian Smithson, Ricoh
2006 Meeting Schedule • July 26-27, Rochester, NY @ Xerox • September 6-7, Boulder, CO @ IBM • October 23-24, Lexington KY @ Lexmark • December 11-12, Orange County @ Canon
Schedule • Schedule • Clauses 1-9, Informative Annex • Ready for merging • May & June meeting reviews • Protection Profiles • Waiting for July draft of CCV3 • into the PPs by Sept? • PPs reviewed and iterate 1 or 2 times • Complex changes: who knows? • Complete draft out of December meeting
Schedule • Schedule • January 2007 • Form IEEE ballot body • Engage with CC Eval Labs • February • Start Balloting • Start Evaluation of PPs • March • April -- (Will need group meeting) • Reconcile comments from IEEE and Eval Labs • May – June - July • Recirculations • September • RevCom / Standards Board Approval
Trusted Computing Group Update
INCITS CS1 : Cyber-Security Update
Group General Action Items from May • Update web site with July meeting details – done • Convert PP-A to CIM Medium @ EAL 3 – (due in July) • Harmonize Subject/Object implementation – (waiting for CCV3, part 2) • Company funding of Evaluations: • DAPS: $10 – 20K • Lexmark: $5K (possibly more) • Ricoh, HP – not immediately rejected • Canon, Sharp, Oki, Océ, Toshiba – wants to better understand the benefits of paying versus not paying
Action Items from Previous Meetings • Any update on CCV3 plans from NIAP? • Discussion on “Standard” versus “Recommended Practice” • Presentation from the PP team on mandating of encryption in PP-A and PP-B. (AI #198) • Review entries in P2600-action-items excel spreadsheet
Issues raised on e-mail • T.UD.PHY.OUTPUT objectives (Smithson) • Tentative decisions: • O.Access also needed for PP-A & PP-B • O.I&A also needed for PP-A • OE.Location & OE.Train are also needed (except OE.Location for PP-C?) • Secure Fax (Sameer) • Won’t attempt to protect user data across fax lines • Will address issue of accessing the network via connecting through fax port (“T.EA.FAX_BRIDGE”?) • PP Clause 1.2 compliance with NIAP Policy Letter #13 (Sukert) • “The Target of Evaluation (TOE) of this Protection Profile is the entire Hardcopy Device (HCD) as available to end customers, i.e., the compliant configuration.”
Issues raised on e-mail • Elevation of DOS threats in PPs (Smithson) • Update tables 61 and 63 as per Smithson’s note • PP-A/PP-B proposals (Smithson) • Concerns expressed about removing .UD.SALVAGE from DAPS. Others expressed a concern about .UD.SNIFF.NET. • Everyone should review this proposal in detail and be prepared to make a decision in July. Position papers from everyone are encouraged. • No great concern about removing .AUD.ACCESS • Look at new clause 3.1 in PP-A (Smithson) • Other PPs should take basic robustness text (unmodified) from CIM instruction #3 and insert as clause 3.1.
Document Section Status Editors Assigned: • Clauses 1-9 & non-PP Annexes: Jerry Thrasher • Protection Profiles: Brian Smithson • PP-A -- Ron Nevo • PP-B -- Brian Smithson • PP-C -- Nancy Chen, Alan Sukert • PP-D -- Carmen Aubry
Document Review • Drafts needing most review • Merged Draft • Result of meeting posted as version 20b • Others?
Document Review: PP-A • Review Draft number 20a • Now Protection Profile A, EAL 3 Not Reviewed - Insufficient Time
Document Review: PP-B • Review Draft number 20a • Now Protection Profile B, EAL 2 Not Reviewed - Insufficient Time
Document Review: PP-C • Review Draft number 20a • Now Protection Profile C, EAL 2 Not Reviewed - Insufficient Time
Document Review: PP-D • Review Draft number ?? • Now Protection Profile D, EAL1 Not Reviewed - Insufficient Time
Next Meeting Details • July 26-27 • Xerox Building 855855 Publishers ParkwayWebster NY 14580 • Map: http://maps.google.com/maps?f=q&hl=en&q=855+Publishers+Parkway+Webster+NY+14580+++&ie=UTF8&om=1
Mailing List and Web Site • Web Site: http://grouper.ieee.org/groups/2600 • Mailing list: • Listserv run by the IEEE • An archive is available on the web site • Subscribe via a note to: listserv@listserv.ieee.orgcontaining the line:subscribe stds-2600 • Only subscribers may send e-mail to the mailing list. No Change