HP Inc.
HP LaserJet Enterprise MFP M527 Series,
Color LaserJet Enterprise MFP M577 Series, and
PageWide Enterprise Color MFP 586 Series
Firmware with Jetdirect Inside Security Target
Version: 2.0 Copyright © 2008-2016 by atsec information security corporation and HP Inc. Page 84 of 98
Last update: 2016-06-07 or its wholly owned subsidiaries
Job Encryption Passwords 7.1.4.3
The TOE can store and decrypt encrypted stored print jobs received from a client computer. A stored print
job is first encrypted by the client computer using a user-specified Job Encryption Password and AES-256
in CBC mode. The job is then sent encrypted to the TOE and stored encrypted by the TOE. To decrypt
the job, a Control Panel user must enter the correct Job Encryption Password used to encrypt the job.
The decryption algorithm is included in the TOE. Only one Job Encryption Password is permitted per job.
A Job Encryption Password can only be assigned to a job at job creation time. A user assigns a Job
Encryption Password to a print job via the client computer. Once a Job Encryption Password is set on a
job, it cannot be changed or removed. In addition, a job with a Job Encryption Password cannot be
assigned a Job PIN.
This section maps to the following SFRs:
FCS_COP.1-job
Common access control 7.1.4.4
The TOE protects each non-fax job in Job Storage from non-administrative users through the use of a
user identifier and a Job PIN or through the use of a Job Encryption Password. The user identifier for a
stored print job received from a client computer is either assigned by that client computer or assigned by
the user sending the print job from the client computer. For all other types of jobs, the user identifier is
assigned by the TOE. Every non-fax job in Job Storage is assigned either a Job PIN or a Job Encryption
Password by the user at job creation time. If the TOE receives a print job from a client computer without
either a Job PIN or a Job Encryption Password, the TOE cancels the job.
The User Role, as defined by the user's Permission Set, defines each user's access. The default rules for
a non-administrative U.NORMAL User Role for accessing a non-fax job in Job Storage are:
if the job is Job PIN protected:
o the job owner (i.e., the authenticated user who matches the job's user identifier) can
access (read/delete D.DOC) the job without supplying the Job PIN
o any non-owner authenticated user who supplies the correct Job PIN can access
(read/delete D.DOC) the job
if the job is Job Encryption Password protected, any authenticated user who supplies the correct
Job Encryption Password can access (read/delete D.DOC) the job
By default, a Control Panel administrator (U.ADMINISTRATOR) has a permission in their Permission Set
that allows them to delete non-fax Job Storage jobs (D.DOC).
The TOE protects each fax job in Job Storage through the Permission Set mechanism. A user must have
a specific fax permission in their Permission Set to access (read/delete D.DOC) incoming fax jobs stored
in Job Storage. By default, only U.ADMINISTRATOR has this permission enabled. Faxes are
automatically deleted by the TOE once they are printed.
The Fax Polling Receive function of the TOE allows an authorized user (U.NORMAL) to request a fax
from another fax device over the analog fax phone line via the Control Panel. This is called a Fax Polling
Receive job (D.DOC+FAXIN). The user must be authenticated via the Control Panel to perform this
function. In the evaluated configuration, outbound fax polling requests are allowed.
Any faxes received from a polling request are immediately printed by the TOE and deleted. They are not
stored in Job Storage. This implies that the user is the temporary owner of these faxes, the user can read
these faxes, and the user deletes these faxes. The user cannot modify these faxes.
Scan jobs are ephemeral and not stored in Job Storage. Only the user performing the scan can access
the job on the TOE.
This section maps to the following SFRs:
To Next Page
Loading...