XEROX WorkCentre 6400 Information Assurance Disclosure Paper33Ver. 1.00, May 2010 Page 33 of 444.2. Xerox Standard AccountingXerox Standard Accounting (XSA), intended primarily for use as an accounting service, can be used as an internalauthorization service. XSA tracks copy, scan (including filing and email), print and fax usage by individual user1. Thesystem administrator can enable/disable the feature via the LUI or Web UI, add or delete users, and set usage limits byservice for each user. If XSA is enabled, a walk-up user must enter a valid XSA ID before being allowed access to thedevice. The device will confirm that the entered XSA ID matches an authorized user, and that the usage limits for theselected service have not been exceeded. In this sense, XSA acts as an authorization service. The system administratorcan limit access to device services by setting the usage limits on specific services to zero for users that should not haverights to use the feature. After each job is performed, the user’s balance is updated by the number of impressions orscans performed. Services become unavailable to the user when the usage limits are exceeded.When XSA is enabled in the print driver or on the Web UI, before a print job is submitted, an XSA ID must also beentered. The ID is sent to the controller for validation. If the submitted ID is valid, the job will print, and the user’sbalance will be updated by the number of impressions performed. If the submitted ID is invalid, the job is deleted andan error sheet is printed in its place.On demand, the SA will be able to download a report that shows activity for all of the users. The SA can add, modify orremove users and their allocations at any point.An end user will be able to review their balances by entering a User ID at the LUI or web UI.4.3. Automatic Meter ReadsAutomatic Meter Reads (AMR) is a service that allows devices to electronically report meter readings back to Xerox. TheSystems Administrator sets up the attributes for the AMR service via the web UI, including registering the device withthe Xerox AMR server. Once enabled, the device will poll the Xerox AMR server daily over the network. The server willcheck whether it is time in the monthly billing cycle to update the meter readings. If so, the server will request readsfrom the device, and the device will then respond by sending the meter reads back to the server.This communication process means that the device initiates all communication between it and Xerox. Only device IDand meter read information is transferred. The information is sent in clear text.The device can be set to communicate via a proxy server on the customer’s network. The proxy server address is set upusing the WebUI.4.4. Encrypted PartitionsWhen enabled by the customer, the controller disks are encrypted using the AES algorithm with a 128-bit key. 256-bitencryption is available via SPAR – please contact Xerox Customer Support and request SPAR 85669. The key isgenerated dynamically on each boot, and is kept only in volatile memory. Encryption is installed but must be enabledby the customer.1 On color machines XSA can track color copy or color print usage.