HP Secure Erase for Imaging and Printing

Abstract

To meet the needs for higher levels of print and imaging security, HP has implemented a storage erase feature which meets the U.S. Department of Defense 5220-22.M requirements for clearing storage media when the administrator selects certain options and uses supported devices. This paper describes the capabilities of HP Secure Erase and related information.

Notice

©2007 Hewlett-Packard Company

Microsoft®, Windows®, and Windows NT® are trademarks of Microsoft Corporation in the U.S. and/or other countries. UNIX® is a trademark of The Open Group in the U.S. and/or other countries. Intel® and Itanium® are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the U.S. and other countries. Oracle® is a registered U.S. trademark of Oracle Corporation, Redwood City, California. All other product names mentioned herein may be the trademarks of their respective companies.

Neither HP, nor any of its subsidiaries, shall be liable for technical or editorial errors or omissions contained herein. The information in this publication is provided "as is" without warranty of any kind and is subject to change without notice. The warranties for HP products are set forth in the express limited warranty statements accompanying such products. Nothing herein should be construed as constituting an additional warranty.

Contents

1. Introduction
2. Data Affected
3. Default Setting
4. Specifications
5. Common Usage Environment
6. User Interface
7. Impact to Performance
8. Availability
9. Questions and Answers
10. Acronyms

1 Introduction

To meet the needs for higher levels of print and imaging security, Hewlett-Packard created HP Secure Erase technology for Imaging and Printing. This capability allows the administrator to select how data is erased from storage devices, including print, scan, fax, and copy jobs.

Several levels of erase security are provided. The capability is provided as a standard feature on supported HP multifunction peripherals (MFPs), digital copiers, and printers when used with HP's Web Jetadmin (available separately).

HP Secure Erase technology provides a choice of three different modes of erase security, each of which can be configured by an administrator and may be protected from unauthorized changes with a password. The three erase security modes are:

• Secure Sanitizing Erase mode: Conforms to the U.S. Department of Defense 5220-22.M specification for deleting magnetically stored data. Secure Sanitizing Erase uses multiple data overwrites to eliminate trace magnetic data and also prevents subsequent analysis of the hard disk drive's physical platters for the retrieval of data. For an explanation of the erase algorithm implemented, see Section 4, Specifications.
• Secure Fast Erase mode: This mode completes the erasure faster than Secure Sanitize mode. Secure Fast Erase mode overwrites the existing data once, and prevents software-based "undelete" operations on the data.
• Non-secure Fast Erase mode: The quickest of the three erasing modes, Non-secure Fast Erase mode marks the print job data as deleted, and allows the MFP's operating system to reclaim and subsequently overwrite the data when needed.

HP Secure Erase technology is applied in two different ways to remove data from storage devices.

• Secure File Erase erases files on a continuous basis as soon as they are no longer needed to perform the requested function.
• Secure Storage Erase removes all nonessential data from storage devices in a manor consistent with preparation for decommissioning or redeployment. This operation can be initiated on demand or scheduled for a later date and time.

2 Data Affected

All data removed from the system by a delete operation is erased using the active erase mode (Secure Sanitizing Erase, Secure Fast Erase, or Non-secure Fast Erase) including temporary files created during the print, scan, fax, and copying processes. User initiated delete operations, including Stored Jobs and Proof and Hold Jobs deleted through the “Retrieve Job” menu, are also removed using the active Secure Erase mode.

In contrast, the Secure Storage Erase operation will erase stored files even though they have not been retrieved.

The HP Secure Erase features will not impact data stored on:

• Flash-based non-volatile RAM that is used to store default printer settings, page counts, etc.
• A system RAM disk (if utilized).
• The flash-based system boot RAM.

3 Default Setting

Prior to the introduction of Secure Erase technology, all HP MFPs used a method similar to the Non Secure Fast Erase method for file delete operations. With the introduction of HP Secure Erase technology, Non Secure Fast Erase becomes the default erase mode on supported devices.

Changing the erase mode (Secure Sanitizing Erase, Secure Fast Erase, or Non-secure Fast Erase), does not overwrite previously stored data on the disk, nor does it immediately perform a full Secure Storage Erase. Changing the erase mode dictates how the MFP erases data after the erase security mode has been changed.

4 Specifications

HP's Secure Sanitizing Erase mode, supported on all the devices described in Section 8, meets the U.S. Department of Defense 5220-22.M overwrite algorithms for overwriting disk files. Using a succession of multiple data overwrites, including the validation of the success of those overwrites, Secure Sanitizing Erase mode can prevent the subsequent physical analysis of the hard disk drive's media for recovery of data. Each byte of file data is overwritten with:

• the fixed character pattern (binary 01001000).
• the compliment of the fixed character pattern (binary 10110111).
• a random character:
  • A 32k byte buffer of random characters is generated for each file delete operation using the device's unique uptime as the seed.
  • Each byte of file data uses a unique random character from the buffer.
  • The random character buffer is reused up to 32 times, and then regenerated using new random data.

To ensure successful completion of the write operation, each overwritten byte is verified.

5 Common Usage Environment

The most common scenario under which administrators will use HP Secure Erase for Imaging and Printing is when devices are being used in a highly secure environment. If the administrator configures the MFP for Secure Sanitizing Erase mode or for Secure Fast Erase mode, then data is overwritten on an ongoing basis when a job is completed.

6 User Interface

Secure Storage Erase settings within HP Web Jetadmin 8.1 can be accessed for supported devices in one of two modes: single device or multiple devices. To configure the Secure Storage Erase settings for a single device, select Configuration from the device drop-down menu, then select Filesystem from the Configuration Categories menu (Figure 1).

The Set File System Password fields allows for typing the file system password. A file system password must be present on the device in order to change Secure Storage Erase settings. If a password is not present on the device, a message stating "Error: password values must be specified," is displayed when changes are attempted.

Configure the following additional settings:

• Select Storage Device to Erase - either Hard Disk or Other Media must be selected.
• Secure File Erase Mode (for Secure Storage Erase Mode) options include Non-secure Fast Erase, Secure Fast Erase, and Secure Sanitizing Erase. Default is Non-secure Fast Erase.

To minimize the time it takes to perform configurations, HP Web Jetadmin also allows for setting Secure Storage Erase features on many devices simultaneously. Merely highlight the desired devices from the All Devices list or a group of devices, select Configuration from the drop-down menu, then select Filesystem from the Configuration Categories menu. Configure the settings as you would for a single device. (Figure 3).

Secure File Erase and Secure Storage Erase settings can be accessed within an MFP's Embedded Web Server (EWS) for supported devices. To configure the Secure Storage Erase settings for a single device, select the Settings Tab, then select Security from the left menu (Figure 4).

The Secure File Erase Mode and File System Password settings are accessed by selecting the Configure Security Settings menu button (Figure 4).

In the Configure Security Settings menu, the Set File System Password fields and File Erase Mode settings are accessible (Figure 5).

7 Impact to Performance

The HP Secure Erase feature does not affect printing and typical copying including simplex, duplex, enlargements, reductions, and n-up printing. Non-secure Fast Erase is the fastest mode and is the default setting. Secure Fast Erase is slower than Non-secure Fast Erase because the stored data is overwritten. Secure Sanitizing Erase is the most secure mode, but requires multiple overwrites of disk data and, therefore, results in the most impact to performance. Actual performance impacts will vary.

8 Availability

Devices that support Continuous, On Demand, and Scheduled Secure Erase include:

• HP LaserJet M3035 MFP
• HP LaserJet M4345 MFP
• HP LaserJet M5035 MFP
• HP Color LaserJet 4730
• HP Color LaserJet 5550
• HP Color LaserJet 9500 MFP
• HP LaserJet 4345 MFP
• HP LaserJet 4250/4350
• HP LaserJet 9040 mfp/9050/9050 MFP

Devices that support only Continuous Secure Erase (not On Demand or Scheduled) include:

• HP LaserJet 2400 series
• HP LaserJet 4100 MFP/9000 MFP/9000L MFP (with firmware revision 03.779.0 or greater)
• HP LaserJet 9055 mfp/9065 MFP (with firmware 07.001.0 or greater)

Firmware versions can be upgraded remotely using HP Web Jetadmin. The latest versions of the firmware files are available at the following locations:

• HP LaserJet 9000 MFP: www.hp.com/go/lj9000mfp_firmware
• HP LaserJet 9000L MFP: www.hp.com/go/lj9000Lmfp_firmware
• HP LaserJet 4100 mfp: www.hp.com/go/lj4100mfp_firmware
• HP LaserJet 9055 mfp: www.hp.com/go/lj9055mfp_firmware
• HP LaserJet 9065 mfp: www.hp.com/go/lj9065mfp_firmware

9 Questions and Answers

1. Question: Can HP Secure Erase be accessed through the Embedded Web Server or via the MFP control panel?
2. Answer: Access to HP Secure Erase is controlled through HP Web JetAdmin 8.1 which is available separately (see Question 3 for more details).
3. Question: Where can HP Web Jetadmin be downloaded?
4. Answer: HP Web Jetadmin can be downloaded free from: www.hp.com/go/webjetadmin

10 Acronyms

• MFP: Multifunction peripheral.
• RAM: Random access memory.