Sie sind auf Seite 1von 11

September 2010

Document Version: 6.1


Imaging and Printing Group
Hewlett-Packard Company

Contents
1
2
3
4
5
6
7
8

Introduction ........................... 2
Secure Erase Technology ........ 2
Data Affected ........................ 2
Default Setting ....................... 3
Specifications ........................ 3
User Interface ........................ 4
Impact to Performance .......... 10
Availability .......................... 11

HP Secure Erase for Imaging


and Printing
Abstract:
To meet the needs for higher levels of print and imaging security, HP has
implemented a storage erase feature which meets the U.S. Department of
Defense 5220-22.M and NIST SP800-88 requirements for clearing
storage media when the administrator selects certain options and uses
supported devices. This paper describes the capabilities of HP Secure
Erase and related information.

Notice:
2010 Hewlett-Packard Company
Microsoft, Windows, and Windows NT are trademarks of Microsoft
Corporation in the U.S. and/or other countries. UNIX is a trademark of The
Open Group in the U.S. and/or other countries. Intel and Itanium are
trademarks or registered trademarks of Intel Corporation or its subsidiaries in the
U.S. and other countries. Oracle is a registered U.S. trademark of Oracle
Corporation, Redwood City, California. All other product names mentioned
herein may be the trademarks of their respective companies.
Neither HP, nor any of its subsidiaries, shall be liable for technical or editorial
errors or omissions contained herein. The information in this publication is
provided "as is" without warranty of any kind and is subject to change without
notice. The warranties for HP products are set forth in the express limited warranty
statements accompanying such products. Nothing herein should be construed as
constituting an additional warranty.

Secure Erase White Paper

September 2010

Introduction
Hewlett-Packards Secure Erase technology for Imaging and Printing provides functionality for
securely removing data written to Hard Disk Drives (HDD) on HP MFPs and printing devices.
When enabled, this functionality ensures data from print, scan, fax, and copy jobs are
securely erased and can not be recovered using forensic analysis. The capability is provided
as a standard feature on supported HP MFPs and printers when used with HPs Web
Jetadmin (available separately).

Secure Erase Technology


Normally when a file is deleted from a HDD, the filename entry is erased from the disks file
allocation table, removing the files presence. The files data still exists in the disks individual
sectors and is overwritten only when that sector is allocated for a different file.
HP Secure Erase technology overwrites a deleted files data from the individual sectors with
random data using either a one pass or three pass overwrite, which conform to U.S.
Department of Defense 5220-22.M and NIST SP 800-88 specifications.
To enable HP Secure Erase, configure the File Erase Mode setting:

Non-secure Fast Erase mode: Marks the print job data as deleted only

Secure Fast Erase mode: Performs a one pass overwrite of job data which is sufficient to
prevent data from diagnostic recovery per NIST SP800-88 guidelines.

Secure Sanitizing Erase mode: Performs a three pass overwrite of job data as
recommended by the US Department of Defense 5220.22M specification.
For an explanation of each erase algorithm, see Section 5, Specifications.

HP Secure Erase technology is applied in two different ways to remove data from HDD storage
devices.

Secure File Erase overwrites files on a continuous basis as soon as they are no longer
needed to perform the required function. This is initiated by setting the File Erase Mode
setting to either Secure Fast Erase or Secure Sanitizing Erase.

Secure Storage Erase removes all non-essential data from storage devices in a manor
consistent with preparation for decommissioning or redeployment. This operation can be
initiated on demand or scheduled for a later date and time.

Data Affected
Secure File Erase
When enabled, all data removed from the system by a delete operation is erased using a
secure erase mode, either Secure Fast Erase or Secure Sanitizing Erase.
This includes
Temporary files created during the print, scan, fax, and copying processes
Stored Faxes (deleted when printed)

Page 2

Secure Erase White Paper

September 2010

User initiated delete operations including the four Job Storage type documents
o Stored Job (manual delete)
o Quick Copy (manual delete)
o Personal Job (deleted when printed or system reset)
o Proof and Hold (deleted when printed or system reset)

Secure Storage Erase


Secure Storage Erase will always use a secure erase mode, either Secure Fast Erase or
Secure Sanitizing Erase, defaulting to Secure Fast Erase if Non-secure Fast is the currently
configured erase mode.
Secure Storage Erase overwrites the entire disk including

Job Storage documents (even though they have not been retrieved)
Stored Faxes (even though they have not been retrieved)
Installed 3rd party solutions
Installed fonts
Secure Storage Erase will not impact
Flash-based non-volatile RAM containing default printer settings, page counts, etc.
Flash-based system boot RAM
Configuration settings for Digital Sending and Authentication when stored on the system
hard disk.
Note: After a Secure Storage Erase completes, the file structure is re-established and the
above disk based configurations are restored.

Default Setting
Prior to the introduction of Secure Erase technology, all HP printing devices used a method
similar to the Non-Secure Fast Erase method for file delete operations. The default erase
mode on supported devices is Non Secure Fast Erase. Change the File Erase Mode setting
from the factory default to benefit from HP Secure Erase Technologys additional security.
Changing the file erase mode from Non-Secure Fast Erase to Secure Fast Erase or Secure
Sanitizing Erase does not overwrite previously stored data on the disk, nor does it
immediately perform a full Secure Storage Erase. Changing the erase mode dictates how the
MFP erases data after the file erase mode has been changed.

Specifications
Secure Fast Erase mode meets the National Institute of Standards and Technology Special
Publication 800-88, Guidelines for Media Sanitization.
For Secure Fast Erase, each deleted files data is overwritten once with:

the hexadecimal character 0x48.

Secure Sanitizing Erase mode meets the U.S. Department of Defense 5220-22.M
specification using a succession of multiple data overwrites.
For Secure Sanitizing Erase, each deleted file is overwritten with:

the fixed character pattern (binary 01001000).

Page 3

Secure Erase White Paper

September 2010

the compliment of the fixed character pattern (binary 10110111).

a random character:
o
o
o

A 32k byte buffer of random characters is generated for each file delete operation
using the devices unique uptime as the seed.
Each byte of file data uses a unique random character from the buffer.
The random character buffer is reused up to 32 times, and then regenerated using
new random data.

To ensure successful completion of each overwrite operation, each overwritten byte is


verified.
Note: NIST SP-800-88 Guidelines for Media Sanitization (Sept 2006) supersedes the US
DOD 5220-2.M (1997 edition) specification.

User Interface
Storage Erase settings can be configured from within HP Web Jetadmin for all supported
devices. Some devices also support configuration from within the device Embedded Web
Server (EWS). HP MFPs support EWS configuration while HP Printers require HP Web
Jetadmin.

File System Password

The file system password must be set before Secure File Erase or Secure Storage Erase
modes can be configured. The file system can be set from either Web Jetadmin and in most
cases the device EWS.
To configure the File System Password from Web Jetadmin
1. Select device(s)
2. Select Config Tab
3. Expand File System and Select File System Password
4. Enter File System Password
5. Select Apply, and follow the dialog prompts

2
4

3
5

Page 4

Secure Erase White Paper

September 2010

To configure the File System Password from the EWS


1. Select the Settings Tab
2. Select Security Menu
3. Select Configure Security Settings button
4. Enter File System Password
5. Select Apply

4
Figure 2 Secure Storage Erase settings within File system settings page

Page 5

Secure Erase White Paper

September 2010

Secure File Erase

Secure File Erase mode is initiated by setting the File Erase Mode setting to either Secure
Fast Erase or Secure Sanitizing Erase.
To configure the Secure File Erases from Web Jetadmin
1. Select device(s)
2. Select Config Tab
3. Expand File System and Select File System Password
4. Enter File System Password
5. Select Apply, and follow the dialog prompts

2
4

3
5

To configure the Secure File Erases from the EWS


1. Select the Settings Tab
2. Select Security Menu
3. Select Configure Security Settings button

Page 6

Secure Erase White Paper

September 2010

4. Select Secure Fast Erase or Secure Sanitizing Erase


5. Select Apply

Secure Storage Erase

The device will inaccessible during the Secure Storage Erase operation. The device will
reboot, then the control panel will display the progress of the disk overwrite. The device will
reboot again at the completion of the operation.
To configure the Secure Storage Erases from Web Jetadmin
1. Select device(s)
2. Select Storage Tab
3. Highlight the device
4. Select the Secure Storage Erase button

1
4
3
2

Page 7

Secure Erase White Paper

September 2010

5. Select the Checkbox for the Hard Disk to be Erased


6. Select Next

7. Select the desired Erase Mode


8. Optional: Select the Schedule Erase checkbox to schedule for a later time
9. Select Next

8
9

Page 8

Secure Erase White Paper

September 2010

10. Select Start

10

To configure the Secure Storage Erases from the EWS


1. Select the Settings Tab
2. Select Security Menu
3. Select Configure for Hard Drive and Mass Storage Security Settings

Page 9

Secure Erase White Paper

September 2010

4. Select the Checkbox for the Hard Disk to be Erased


5. Select the Perform Secure Storage Erase button
3. Select OK to Continue

Impact to Performance
The HP Secure Erase feature does not affect printing and typical copying including simplex,
duplex, enlargements, reductions, and n-up printing. Some impact will be seen with large jobs
using the Collate feature.
Non-secure Fast Erase is the fastest mode and is the default setting. Secure Fast Erase is slower
than Non-secure Fast Erase because the stored data is overwritten. Secure Sanitizing Erase is the
most secure mode, but requires multiple overwrites of disk data and, therefore, results in the most
impact to performance. Actual performance impacts will vary.

Page 10

Secure Erase White Paper

September 2010

Availability
Devices that support Continuous, On Demand, and Scheduled Secure Erase include:
HP LaserJet 4240/4250
HP LaserJet 4350
HP LaserJet 5200
HP LaserJet 9040/9050
HP LaserJet P3005
HP LaserJet P3015
HP LaserJet P4014/P4015
HP LaserJet P4515
HP LaserJet 4100/4100L MFP
HP LaserJet 4345 MFP
HP LaserJet 9000 /9000L MFP
HP LaserJet 9040/9050 MFP
HP LaserJet M3035/M3027 MFP
HP LaserJet M4345 MFP
HP LaserJet M5035/M5025MFP
HP LaserJet M9040/M9050 MFP
HP Color LaserJet 4700
HP Color LaserJet 9500
HP Color LaserJet CP3505
HP Color LaserJet CP3525
HP Color LaserJet CP4025
HP Color LaserJet CP4525
HP Color LaserJet CP6015
HP Color LaserJet 4730 MFP
HP Color LaserJet 9500 MFP
HP Color LaserJet CM3530 MFP
HP Color LaserJet CM4730 MFP
HP Color LaserJet CM6030/6040 MFP
Devices that support only On Demand or Scheduled (not Continuous) include:
HP CM8050 Color MFP with Edgeline
HP CM8060 Color MFP with Edgeline

Page 11