Ricoh Mp 3351 User Guide
Have a look at the manual Ricoh Mp 3351 User Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 127 Ricoh manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
Page 71 of 81 Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved. If the logged-in user is a general user, the TOE allows that user to perform operations only on document data ACLs for which the user has full control authorisation. These operations are changing the document file owners operation permissions for the document data, and newly registering and deleting document file users and changing their operation permissions. However, even if full control authorisation is not set for document file owners, document file owners can still perform operations on the document data ACLs of their own document data. These operations include changing the document file owners operation permissions for the document data, newly registering and deleting document file users, and changing the document file users operation permissions for the document data. By the above, FMT_MSA.1 (Management of security attributes), FMT_MSA.3 (Static attribute initialisation), and FMT_SMF.1 (Specification of management functions) are satisfied. 7.1.4.2 Management of Administrator Information Management of administrator information allows only specified users to perform operations on administrator information from the Operation Panel or Web Service Function. Administrator information includes administrator IDs, administrator authentication information, and administrator roles. Operations on administrator information include creation of new administrators, querying and changing administrator IDs, changing administrator authentication information, and querying, adding and deleting administrator roles. These operations can be performed only by specified users who have been authorised for each operation. Table 30 shows the relationship between the operations on administrator information and the users authorised for operations on administrator information. Table 30: Access to administrator information Operations on administrator information Authorised users Creation of new administrator IDs Administrators Change administrator IDs Administrators themselves Query administrator IDs Administrators themselves, supervisors Change administrator authentication information Administrators themselves, supervisors Add and query administrator roles Administrators already assigned that administrator role Delete administrator roles Administrators already assigned that administrator role (However, no administrator roles can be deleted unless these roles are assigned to another administrator.) If the logged-in user is an administrator or supervisor, the TOE allows that user to perform the operations shown in Table 30, respectively. By the above, FIA_USB.1 (User-subject binding), FMT_MSA.1 (Management of security attributes), FMT_MTD.1 (Management of TSF data), FMT_SMF.1 (Specification of management functions) and FMT_SMR.1 (Security roles) are satisfied.
Page 72 of 81 Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved. 7.1.4.3 Management of Supervisor Information Management of supervisor information allows only supervisors to query and change supervisor IDs, and to change supervisor authentication information from the Operation Panel or Web Service Function. If the logged-in user from the Operation Panel or a client computer is a supervisor, the TOE allows that user to query and change supervisor IDs and to change supervisor authentication information. By the above, FMT_MSA.1 (Management of security attributes), FMT_MTD.1 (Management of TSF data), FMT_SMF.1 (Specification of management functions), and FMT_SMR.1 (Security roles) are satisfied. 7.1.4.4 Management of General User Information Management of general user information allows only specified users to perform all or some of the operations involved in creating, changing, and deleting general user information from the Operation Panel or Web Service Function. General user information includes general user IDs, general user authentication information, document data default ACL, and S/MIME user information. If the logged-in user from the Operation Panel and Web Service Function is a user administrator or general user, the TOE allows that user to perform the operations shown in Table 31. Table 31: Authorised operations on general user information Operations on general user information Authorised user Creation of new general user information to Address Book (general user ID, general user authentication information, and S/MIME user information) User administrators Edit general user information registered to Address Book (authentication information of general users, document data default ACL, S/MIME user information) User administrators General users themselves Query general user information registered to Address Book (general user ID, document data default ACL, S/MIME user information) User administrators General users themselves Query general user information registered to Address Book (general user ID, S/MIME user information) General users Delete general user Information registered to Address Book (general user ID, authentication information of general users, S/MIME user information) User administrators Delete general user information registered to Address Book (S/MIME user information) General users identified as the S/MIME users When new general user information is created, the new general user ID will be set to the value of the document data default ACL as the document file owner, and authorised operations on the document data will be reading document data and modifying the document data ACL.
Page 73 of 81 Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved. By the above, FMT_MSA.1 (Management of security attributes), FMT_MTD.1 (Management of TSF data), FMT_SMF.1 (Specification of management functions), and FMT_SMR.1 (Security roles) are satisfied. 7.1.4.5 Management of Machine Control Data Management of machine control data allows setting of machine control data by specified users only. The TOE allows only specified users to use the functions that set the machine control data from specified operation interfaces. Table 32 shows for each item of machine control data, the range of values that can be set, the operations available, the authorised setter, and the operation interfaces allowed by the TOE. The TOE also allows the user administrator and general users to query the destination information when using the Deliver to Folder function. Table 32: Administrators authorised to specify machine control data Machine control data items Range of setting value Operations Authorised setter Operation interfaces Number of Attempts before Lockout An integer 1-5 (times) Query, modify Machine administrators Web Service Function Setting for Lockout Release Timer Active or Inactive Query, modify Machine administrators Web Service Function Lockout time 1-9999 (minutes) Query, modify Machine administrators Web Service Function Minimum Password Length An integer 8-32 (digits) Query, modify User administrators Operation Panel Password Complexity Setting Level 1 or Level 2 Query, modify User administrators Operation Panel Query, modify Machine administrators Date and time of system clock Date, time (hour, minute, second) Query General users, user administrators, network administrators, file administrators, supervisors Operation Panel, Web Service Function Lockout Flag for general users Inactive Query, modify User administrators Web Service Function Lockout Flag for administrators Inactive Query, modify Supervisors Web Service Function Lockout Flag for supervisors Inactive Query, modify Machine administrators Web Service Function By the above, FIA_AFL.1 (Authentication failure handling), FMT_MTD.1 (Management of TSF data), FMT_SMF.1 (Specification of management function), and FMT_SMR.1 (Security roles) are satisfied.
Page 74 of 81 Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved. 7.1.5 SF.CE_OPE_LOCK Service Mode Lock Function The Service Mode Lock Function restricts use of the Maintenance Functions to CEs only, based on the Service Mode Lock Function setting specified by the machine administrator. The TOE allows the machine administrator to set the Service Mode Lock Function from the Operation Panel, and allows all authorised users to view the value of the setting. If the Service Mode Lock Function is set to Off, the TOE allows only the CE to use the Maintenance Functions. If it is set to On, the TOE does not allow the CE to use the Maintenance Functions. By the above, FMT_MTD.1 (Management of TSF data) is satisfied. 7.1.6 SF.CIPHER Encryption Function The TOE encrypts the document data to be stored on the HDD. Following are explanations of each functional item in SF.CIPHER Encryption Function and their corresponding security functional requirements. 7.1.6.1 Encryption of Document Data The TOE encrypts data with the Ic Hdd before writing it to the HDD. The TOE decrypts data with the Ic Hdd after reading it from the HDD. This process is performed for all data written to and read from the HDD. Document data is encrypted and decrypted by the TOE in a similar way. The HDD encryption keys are generated by the machine administrator. If the logged-in user is the machine administrator, the TOE displays a screen on the Operation Panel that the administrator can use to generate the HDD encryption keys. When the machine administrator uses the Operation Panel to instruct the TOE to generate an HDD encryption key, the TOE generates a 256-bit HDD encryption key using the TRNG encryption key generation algorithm (compliant with the BSI-AIS31 standard). When the TOE writes to or reads from the HDD, it performs the encryption operations shown in Table 33. Table 33: List of encryption operations on data stored on the HDD Encryption-triggering operation Encryption operations Standard Encryption algorithm Key size Writing data to HDD Encrypt Reading data from HDD Decrypt FIPS197 AES 256 bits The HDD encryption keys can also be printed. If the logged-in user is the machine administrator, the TOE displays a screen on the Operation Panel that the administrator can use to print the HDD encryption keys. The printed encryption keys are used to restore the encryption keys in the event of the encryption keys in the TOE becoming unavailable. In addition, the TOE verifies that the encryption function of the Ic Hdd operates normally at start-up and verifies the integrity of the HDD encryption keys. If the TOE is not able to verify the integrity of the HDD encryption keys, it will show that the HDD encryption keys have changed.
Page 75 of 81 Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved. By the above, FCS_CKM.1 (Cryptographic key generation), FCS_COP.1 (Cryptographic operation), FMT_MTD.1 (Management of TSF data), and FPT_TST.1 (TSF testing) are satisfied. 7.1.7 SF.NET_PROT Network Communication Data Protection Function This protects document data and print data in transit on internal networks from leakage, and also detects attempts at tampering. Following are explanations of each functional item in SF.NET_PROT Network Communication Data Protection Function and their corresponding security functional requirements. 7.1.7.1 Use of Web Service Function from Client Computer Whenever it receives a request from a client computer for use of the Web Service Function, the TOE communicates with the client computer using the SSL protocol to create a trusted path. By the above, FTP_TRP.1 (Trusted path) is satisfied. 7.1.7.2 Printing and Faxing from Client Computer Whenever it receives a request from a client computer for printing or transmitting faxes, the TOE communicates with the client computer using the SSL protocol to create a trusted path. By the above, FTP_TRP.1 (Trusted path) is satisfied. 7.1.7.3 Sending by E-mail from TOE When sending document data by e-mail to a client computer, the TOE attaches the document data to e-mail and sends the e-mail using S/MIME. The S/MIME destination information is registered as S/MIME user information within general user information. Users can send e-mail referring to the registered destination details only. By the above, FTP_TRP.1 (Trusted path) is satisfied. 7.1.7.4 Delivering to Folders from TOE When sending (delivering) data to folders on an SMB or FTP server, the TOE connects to the server using the IPSec protocol to create a trusted channel. The destination information for the Deliver to Folders function is registered in advance and managed by the TOE as machine control data. Users can send files referring to the registered folder information only. By the above, FTP_ITC.1 (Inter-TSF trusted channel) is satisfied. 7.1.8 SF.FAX_LINE Protection Function for Intrusion via Telephone Line When it receives fax data from the telephone line, the TOE passes the data to the Controller Board. If the received data is not fax data, the TOE discards it. By the above, FDP_IFC.1 (Subset information flow control) and FDP_IFF.1 (Simple security attributes) are satisfied.
Page 76 of 81 Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved. 7.1.9 SF.GENUINE MFP Control Software Verification Function At every TOE start-up, the MFP Control Software Verification Function verifies the integrity of the MFP Control Software that is installed in the FlashROM. The TOE verifies the integrity of the executable code of the MFP Control Software each time the TOE starts up. The TOE becomes available for users only if the integrity of the control software can be verified. If integrity cannot be verified, it indicates that the MFP Control Software is not correct. By the above, FPT_TST.1 (TSF testing) is satisfied.
Page 77 of 81 Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved. 8 Appendix 8.1 Definitions of Terminology For ease of reader understanding, Table 34 provides definitions of the terms used in this ST. Table 34: Specific terms used in this ST Terms Definitions D-BOX A storage area for document data on the HDD. FTP server A server for sending files to a client computer and receiving files from a client computer using File Transfer Protocol. HDD An abbreviation of Hard Disk Drive. Refers to the HDD installed in the TOE. Ic Hdd A hardware device that encrypts data to be written on the HDD and decrypts data to be read from the HDD. Ic Key A chip that contains a microprocessor for encryption processing and EEPROM where a private key for secure communication is held. The Ic Key holds the keys for validity authentication and encryption processing, and a random number generator. IP-Fax A function that sends and receives document files between two faxes that are directly connected to a TCP/IP network. It can also send document files to a fax that is connected to a telephone line. MFP An abbreviation for digital multi function product. In this ST, MFP also refers to the TOE Responsible manager of MFP A person in an organisation in which MFPs are used and who has authority to assign MFP administrators and supervisors. (Or the person who is responsible for the organisation). (Examples: MFP purchaser, MFP owner, manager of a department where MFPs are used, or a person in charge of an IT department.) MFP Control Software Software installed in the TOE that can identify TOE components such as system/copy, network support, scanner, printer, fax, Web support, Web Uapl, and Network Doc Box. Manages the resources for units and devices that comprise the MFP and controls their operation. MFP Control Data A generic term for a set of parameters that controls the operation of an MFP. LAN-Fax Transmission A function that faxes document data from a client computer via the TOE when the client computer is connected to the TOE via a network or USB Ports. S/MIME user information Information about each general user that is required for using S/MIME. Includes e-mail address, user certificates, and a specified value for S/MIME use. SMB server A server for sharing files with a client computer using Server Message Block Protocol.
Page 78 of 81 Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved. Terms Definitions SMTP server A server for sending e-mail using Simple Mail Transfer Protocol. Address Book A database containing general user information for each general user. Back Up/Restore Address Book A function for backing up the Address Book to SD cards and restoring the TOE Address Book from backups made on SD cards.. Internet Fax A function that reads a fax original then converts the scanned image to an e-mail format for sending as data over the Internet to a machine with an e-mail address. Customer engineer (CE) An expert in TOE maintenance who is employed by a manufacturer, support service company, or a sales company. Fax reception process on Controller Board MFP Control Software embedded on the Controller Board. It receives information on the status of fax communications from the Fax Unit, and provides the Fax Unit with instructions for fax communication. Supervisor One of the authorised TOE users who manages a password of administrator. Supervisor ID An item of supervisor information. Also an identification code for identification and authentication of the supervisor. Indicates the supervisors login name on this TOE. Supervisor authentication information A password for identification and authentication of the supervisor. Network administration An administrator role assigning responsibility for management of the TOEs network connections. The network administrator is a person with network management responsibility. Network control data MFP control data for connecting MFP to networks. Minimum Password Length The minimum number of digits that can be registered in passwords. Password Complexity Setting The minimum combination of character types that can be registered in passwords. There are Level 1 and Level 2 Password Complexity Settings. Level 1 requires passwords to include a combination of more than two types of character. Level 2 requires passwords to include a combination of more than three types of character. Fax process on Fax Unit The control software on the Fax Unit. It provides the MFP Control Software on the Controller Board with information on the status of fax communications, and controls fax communications according to instructions from the MFP Control Software on the Controller Board. Deliver to Folder A function that sends document data from the TOE to folders on an SMB or FTP server via a network. Sending by E-mail A function that sends e-mail with attached document data from the TOE. Memory Transmission A function that stores scanned data of an original in memory and then dials and faxes that data at a later time. User administration An administrator role assigning responsibility for management of general users. The user administrator is a person who has the user management role.
Page 79 of 81 Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved. Terms Definitions Number of Attempts before Lockout The number of consecutive failed authentication attempts that can be made using the same user ID before the user is locked out. Lockout A function that prohibits access to the TOE to the specific user IDs. Lockout Flag An item of data that is assigned to each authorised user. The Lockout Flag for a locked-out user is set to Active, and the Lockout Flag for a Lockout-released user is set to Inactive. Administrators and supervisors who are allowed to operate the Lockout Flag can release a Locked-out user by switching the Lockout Flag for the Locked-out user to Inactive. Setting for Lockout Release Timer A setting that enables or disables the timed release of the Lockout function based on a time specified in advance by an administrator. When this setting is inactive, Lockout can be released only by a direct operation by an administrator. General user One of the authorised TOE users who uses the Basic Functions of the TOE. General user ID An item of general user information and an identification code for identification and authentication of general users. Indicates the general users login name on this TOE. General user information A database containing information about general users as data items that include the general user ID, general user authentication information, document data default ACL, and S/MIME user information General user authentication information A password for identification and authentication of a general user. Print data The document files in a client computer that are sent to the TOE from a client computer to be printed or faxed. Drivers must be installed in the client computer in advance: a printer driver for printing and a fax driver for faxing. Print data is received by the TOE through the Network Unit or USB Port. Print Settings Print Settings for printed output, including paper size, printing magnification, and custom information (such as duplex or layout settings). Print Settings for stored document data can be updated by the user who prints the document data. External networks Networks that are not managed by the organisation that manages the MFP. Generally indicates the Internet. Administrator One of the authorised TOE users who manages the TOE. Administrators are given administrator roles and perform administrative operations accordingly. Up to four administrators can be registered, and each administrator is given one or more administrator roles. Administrator ID An item of administrator information and an identification code for identification and authentication of the administrator. Indicates the administrators login name on this TOE. Administrator authentication information A password for identification and authentication of an administrator.
Page 80 of 81 Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved. Terms Definitions Administrator role Management Functions given to administrators. There are four types of administrator role: user administration, machine administration, network administration, and file administration. Each administrator role is assigned to a registered administrator. Machine administration An administrator role that assigns responsibility for machine management and performing audits. The machine administrator is a person who has the machine management role. Machine Control Data MFP Control Data related to Security Functions and security behaviour. Operation Panel A display-input device that consists of a touch screen LCD, key switches, and LED indicators, and is used for MFP operation by users. Also known as an Operation Panel Unit. Stored Data Protection Function A function that protects document data stored on the HDD from leakage. Store and Print Function A function that converts print data received by the TOE into document data and stores it in the D-BOX. The document data stored in D-BOX can be printed at a later time. Stored Documents Fax Transmission A function that faxes document data stored earlier in the D-BOX. Direct Print Function A function that prints print data received by the TOE. Immediate Transmission A function that dials first then faxes data while scanning the original. Internal networks Networks managed by an organisation that has an MFP. Normally refers to an office LAN environment established as an intranet. Document file owner General users who are registered in the document data ACL as owners of the document data. Document data Electronic data sent to the MFP by authorised MFP users who perform either of the following operations. 1. Scanning from paper and digitising. 2. Received as print data and then converted by the MFP into a format that can be processed by the MFP. Document data default ACL An item of general user information. The default value that is set for the document data ACL of a new document data to be stored. Document data ACL An access control list of general users that is set for each document data. File administration An administrator role assigning responsibility for management of the D-BOX, where document data is stored on the TOE, and management of the document data ACL, which is the list that controls access to the document data. The file administrator is a person who has the role of file administration. Document file user General users who are registered in the document data ACL but are not owners of the document data.