The Data Security Kit (DSK) is a factory- or field-installed firmware enhancement in the form of a ROM upgrade for the Sharp AR-287/337/407/507 family of digital image processing copiers. (Data Security Kit, AR-FR1 is for AR-287/337 copiers, AR-FR2 is for the AR-407 copier, and AR-FR3 is for the AR-507 copier). These copiers buffer document data on a hard disk drive (HDD). The DSK features the hard disk drive (HDD)-erase function. With automatic HDD-erase enabled, after the completion of any multi-functional copier operation, random data is written over the hard disk areas used to temporarily store document data. Invoking HDD-erase mitigates the risk that the HDD will retain readable document data when a job is completed and ensures that data from one task will not become appended to another. The DSK also allows a Key Operator to manually clear the entire HDD on occasions, such as loss of power to the copier or when removal of the HDD is necessary. In the event of a power failure, any data currently on the HDD remains. After a successful power up, manually invoking the HDD-erase function ensures that all residual data (prior to loss of power) is overwritten.
\r\nThe HDD-erase function of the DSK provides the following security features:
\r\nUser Data Protection: To mitigate the risk of data leakage, the DSK provides the HDD-erase function that can be configured to automatically overwrite data on the HDD after the completion of each job. The HDD-erase function can be programmed to perform at the end of a print/scan/copy job, at the end of job cancel, when memory is full, or by manually pressing the "CLEAR ALL HDD-DATA" button.
\r\nThe manual HDD-erase function overwrites the entire HDD, while the automatic function overwrites only the area of the HDD that was used to buffer the data from the last job processed. Random binary patterns are used in the overwrite process.
\r\nProtection of Security Function: The architecture of the copier maintains a security domain for HDD-erase execution that is protected from interference and tampering. The copier is a dedicated machine that provides copy/print/scan functionality as defined by the firmware contained in the copier. The HDD-erase function is firmware confined to a circuit board that can only be accessed by disassembling the machine. All firmware, when executed, are considered to be trusted subjects. The copier does not have the capability to execute other software/firmware.
\r\nThe DSK ICU ROM chip adds functionality to the copier to determine HDD-erase configuration status. This check and functionality is integrated into the printing system firmware and is always performed at the conclusion of any print/scan/copy job and can not be bypassed. While clearing data, the copier does not accept any other job. When the copier is not processing a current job, the Key Operator can direct the TOE to manually erase the HDD.
","evaluation_configuration":null,"security_evaluation_summary":"The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that the HDD-erase function of the Data Security Kit meets the security requirements contained in the Security Target. The criteria against which the Sharp Data Security Kit (AR-FR1/AR-FR2/AR-FR3) for the Sharp Imager Family (AR-287, AR-337, AR-407, and AR-507) was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.1. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 1.0. Computer Sciences Corporation determined that the evaluation assurance level (EAL) for the product is EAL 2. The product, configured as factory- or field-installed, satisfies all of the security functional requirements stated in the Security Target. Two validators on behalf of the CCEVS Validation Body monitored the evaluation carried out by Computer Sciences Corporation. The evaluation was completed in April 2001. Results of the evaluation can be found in the Evaluation Technical Report Sharp Corporation Data Security Kit (DSK) for the Sharp Corporation Imager Family, (AR-287, AR-337, AR-407, and AR-507) prepared by Computer Sciences Corporation.
","environmental_strengths":"The Data Security Kit is a factory- or field-installed option for the Sharp models AR-287, AR-337, AR-407, and AR-507 family of digital image processing copiers. Copiers that buffer data to a hard disk drive had no means of ensuring that the data from a preceding job could not or would not be appended to a superceding job. The possibility also existed that data could be easily retrieved from a hard disk drive that had been physically removed from the copier. Because the DSK overwrites the HDD, retrieval of data cannot be accomplished simply by reading the HDD; previously-written data is obscured, and laboratory techniques and specialized equipment are required to retrieve it.
\r\nThe automatic HDD-erase feature ensures that the overwrite function is performed without operator intervention.
\r\nInvoking the manual HDD-erase function overwrites the entire HDD. This feature is used prior to removing/exchanging a HDD, after lost power is restored, or any time it may be necessary to ensure the integrity of the data.
\r\nThe architecture of the copier, the placement of the DSK firmware and HDD within the copier, and the requirement of an authenticated Key Operator makes tampering with this security feature unlikely.
","features":[]}