Security Target
Page 5
... by E-mail from TOE 75 7.1.7.4 Delivering to Folders from TOE 75 7.1.8 SF.FAX_LINE Protection Function for Intrusion via Telephone Line 75 7.1.9 SF.GENUINE MFP Control Software Verification Function 76 8 Appendix 77 8.1 Definitions of Terminology 77 8.2 References 81 Copyright (c) 2010...
... by E-mail from TOE 75 7.1.7.4 Delivering to Folders from TOE 75 7.1.8 SF.FAX_LINE Protection Function for Intrusion via Telephone Line 75 7.1.9 SF.GENUINE MFP Control Software Verification Function 76 8 Appendix 77 8.1 Definitions of Terminology 77 8.2 References 81 Copyright (c) 2010...
Security Target
Page 7
..., and the name and version of the FCU. MFP Name : Ricoh Aficio MP 2851, Ricoh Aficio MP 3351 Savin 9228, Savin 9233 Lanier LD528, Lanier LD533 Lanier MP 2851, Lanier MP 3351 Gestetner MP 2851, Gestetner MP 3351 nashuatec MP 2851, nashuatec MP 3351 Rex-Rotary MP 2851, Rex-Rotary MP 3351 infotec MP 2851, infotec MP 3351 MFP Software /Hardware Version : Software System/Copy Network Support Scanner Printer Fax Web Support Web Uapl...
..., and the name and version of the FCU. MFP Name : Ricoh Aficio MP 2851, Ricoh Aficio MP 3351 Savin 9228, Savin 9233 Lanier LD528, Lanier LD533 Lanier MP 2851, Lanier MP 3351 Gestetner MP 2851, Gestetner MP 3351 nashuatec MP 2851, nashuatec MP 3351 Rex-Rotary MP 2851, Rex-Rotary MP 3351 infotec MP 2851, infotec MP 3351 MFP Software /Hardware Version : Software System/Copy Network Support Scanner Printer Fax Web Support Web Uapl...
Security Target
Page 8
...functions remotely. Users can operate the TOE from a client computer via a network, USB connection, or fax. MFP Control Software Verification Function For the Security Functions listed above, each function is described in "1.4.4.2 Security Functions". 1.3.3 Environment for TOE ...located in a general office. Document Data Access Control Function 4. Identification and Authentication Function 3. Audit Function 2. Copyright (c) 2010 RICOH COMPANY, LTD. The following are for digitising paper documents and managing and printing them from the Operation Panel, a client computer ...
...functions remotely. Users can operate the TOE from a client computer via a network, USB connection, or fax. MFP Control Software Verification Function For the Security Functions listed above, each function is described in "1.4.4.2 Security Functions". 1.3.3 Environment for TOE ...located in a general office. Document Data Access Control Function 4. Identification and Authentication Function 3. Audit Function 2. Copyright (c) 2010 RICOH COMPANY, LTD. The following are for digitising paper documents and managing and printing them from the Operation Panel, a client computer ...
Security Target
Page 11
... and outputting of paper documents. The Printer Engine is installed in the Operation Panel Control Board. The Operation Panel Control Software is an output device for use by users. The Scanner Engine is an input device to direct instructions from the MFP Control... instructions from the MFP Control Software. Engine Unit The Engine Unit contains a Scanner Engine, Printer Engine, and the Engine Control Board. It features key switches, LED indicators, an LCD touch screen, and the Operation Panel Control Board. All Rights Reserved. Copyright (c) 2010 RICOH COMPANY, LTD. Page 11 ...
... and outputting of paper documents. The Printer Engine is installed in the Operation Panel Control Board. The Operation Panel Control Software is an output device for use by users. The Scanner Engine is an input device to direct instructions from the MFP Control... instructions from the MFP Control Software. Engine Unit The Engine Unit contains a Scanner Engine, Printer Engine, and the Engine Control Board. It features key switches, LED indicators, an LCD touch screen, and the Operation Panel Control Board. All Rights Reserved. Copyright (c) 2010 RICOH COMPANY, LTD. Page 11 ...
Security Target
Page 12
.... [Ic Key] A security chip that carries out the basic arithmetic processing of the MFP operation. [FlashROM] A memory medium in which the MFP Control Software is installed. [RAM] A volatile memory medium used for image processing. [NVRAM] A non-volatile memory medium in which MFP Control Data for configuring the ...has an interface to be stored on the side of the TOE, and is also connected to the HDD. When a CE performs Copyright (c) 2010 RICOH COMPANY, LTD. Network Unit Network Unit is used to connect a client computer to an Ethernet (100BASE-TX/10BASE-T) network. SD Card S lot The...
.... [Ic Key] A security chip that carries out the basic arithmetic processing of the MFP operation. [FlashROM] A memory medium in which the MFP Control Software is installed. [RAM] A volatile memory medium used for image processing. [NVRAM] A non-volatile memory medium in which MFP Control Data for configuring the ...has an interface to be stored on the side of the TOE, and is also connected to the HDD. When a CE performs Copyright (c) 2010 RICOH COMPANY, LTD. Network Unit Network Unit is used to connect a client computer to an Ethernet (100BASE-TX/10BASE-T) network. SD Card S lot The...
Security Target
Page 17
... counter threats to Audit Function by each Security Function. These functions are operated from the Operation Panel, and the Web Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved. Page 17 of 81 1.4.3.4 General User A "general user" is an authorised TOE user who is...Intrusion Access Control Function Basic Function Protection Function Fax Stored Data Protection Function HDD (To MFP Control Software in maintenance of the TOE and is an expert in FlashROM) MFP Control Software Verification Function Security Function * The performed events are notified to the TOE.
... counter threats to Audit Function by each Security Function. These functions are operated from the Operation Panel, and the Web Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved. Page 17 of 81 1.4.3.4 General User A "general user" is an authorised TOE user who is...Intrusion Access Control Function Basic Function Protection Function Fax Stored Data Protection Function HDD (To MFP Control Software in maintenance of the TOE and is an expert in FlashROM) MFP Control Software Verification Function Security Function * The performed events are notified to the TOE.
Security Target
Page 20
... IDs and authentication details for the detection of 81 Function, Security Management Function, Service Mode Lock Function, Telephone Line Intrusion Protection Function, and MFP Control Software Verification Function. Authentication Feedback Area Protection: When a user enters their user ID and authentication details from this function temporarily prevents further login attempts from printer...register passwords that are authorised by others. - For editing permission, the same operation on document data stored in document data include read -only Copyright (c) 2010 RICOH COMPANY, LTD.
... IDs and authentication details for the detection of 81 Function, Security Management Function, Service Mode Lock Function, Telephone Line Intrusion Protection Function, and MFP Control Software Verification Function. Authentication Feedback Area Protection: When a user enters their user ID and authentication details from this function temporarily prevents further login attempts from printer...register passwords that are authorised by others. - For editing permission, the same operation on document data stored in document data include read -only Copyright (c) 2010 RICOH COMPANY, LTD.
Security Target
Page 23
...data received through the network or the USB Port that is then converted to a format that is imported to the TOE. 2. Copyright (c) 2010 RICOH COMPANY, LTD. The Service Mode Lock Function prevents the M aintenance Function being used by e-mail to a client computer (to the TOE, ... The D-BOX protects the document data from outside the TOE by the following two methods: 1. MFP Control Software Verification Function This function verifies the integrity of the MFP Control Software by a client computer. 4. Downloaded by checking the integrity of an executable code installed in the TOE can...
...data received through the network or the USB Port that is then converted to a format that is imported to the TOE. 2. Copyright (c) 2010 RICOH COMPANY, LTD. The Service Mode Lock Function prevents the M aintenance Function being used by e-mail to a client computer (to the TOE, ... The D-BOX protects the document data from outside the TOE by the following two methods: 1. MFP Control Software Verification Function This function verifies the integrity of the MFP Control Software by a client computer. 4. Downloaded by checking the integrity of an executable code installed in the TOE can...
Security Target
Page 26
... access document data through the device's interfaces (the Operation Panel, network interface, USB Port, or SD card interface). Copyright (c) 2010 RICOH COMPANY, LTD. T.FAX_LINE (Intrusion from the TOE and disclose document data. T.UNAUTH_ACCESS (Access violation to protected assets stored in TOE) ...access to the TOE through the external TOE interfaces (the Operation Panel, network interface, or USB Port) that demand integrity of the software installed in this TOE. T.SALVAGE (Salvaging memory) Attackers may remove the HDD from te lephone line) Attackers may illegally obtain, ...
... access document data through the device's interfaces (the Operation Panel, network interface, USB Port, or SD card interface). Copyright (c) 2010 RICOH COMPANY, LTD. T.FAX_LINE (Intrusion from the TOE and disclose document data. T.UNAUTH_ACCESS (Access violation to protected assets stored in TOE) ...access to the TOE through the external TOE interfaces (the Operation Panel, network interface, or USB Port) that demand integrity of the software installed in this TOE. T.SALVAGE (Salvaging memory) Attackers may remove the HDD from te lephone line) Attackers may illegally obtain, ...
Security Target
Page 27
Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved. A.NETWORK (Assumption for network connections) When the network ... in the roles assigned to them and will instruct general users to operate the TOE securely also. P.SOFTWARE Page 27 of 81 (Software integrity checking) Measures shall be provided for verifying the integrity of this TOE: A.ADMIN (Assumption for ... them , and are the assumptions related to the use and environment of MFP Control Software, which is connected to an external network such as the Internet, the internal network shall be protected from the ...
Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved. A.NETWORK (Assumption for network connections) When the network ... in the roles assigned to them and will instruct general users to operate the TOE securely also. P.SOFTWARE Page 27 of 81 (Software integrity checking) Measures shall be provided for verifying the integrity of this TOE: A.ADMIN (Assumption for ... them , and are the assumptions related to the use and environment of MFP Control Software, which is connected to an external network such as the Internet, the internal network shall be protected from the ...
Security Target
Page 28
O. Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved. O. NET.PROTECT (Protection of the document data stored on the HDD into a format that verifies the integrity of the MFP Control Software, which they have access to document data according to their permissions to process document data. O.I&A (...to use the functions for TOE The following define the security objectives of the TOE. O.GENUINE (Protection of integrity of MFP Control Software) The TOE shall provide TOE users with a function for reading the audit logs, allowing the machine administrator to detect whether or...
O. Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved. O. NET.PROTECT (Protection of the document data stored on the HDD into a format that verifies the integrity of the MFP Control Software, which they have access to document data according to their permissions to process document data. O.I&A (...to use the functions for TOE The following define the security objectives of the TOE. O.GENUINE (Protection of integrity of MFP Control Software) The TOE shall provide TOE users with a function for reading the audit logs, allowing the machine administrator to detect whether or...
Security Target
Page 30
... Table 3: Relationship between security environment and security objectives TOE security Environment A.ADMIN A.SUPERVISOR A.NETWORK T.ILLEGAL_USE T.UNAUTH_ACCESS T.ABUSE_SEC_MNG T.SALVAGE T.TRANSIT T.FAX_LINE P.SOFTWARE Security objectives O.AUDIT O.I&A O.DOC_ACC O.MANAGE O.MEM.PROTECT O.NET.PROTECT O.GENUINE O.LINE_PROTECT OE.ADMIN OE.SUPERVISOR OE.NETWORK v vv vv v vv... trusted persons as defined in the roles assigned to them on their permissions. Copyright (c) 2010 RICOH COMPANY, LTD. As specified by A.ADMIN, administrators shall have sufficient knowledge to operate the TOE...
... Table 3: Relationship between security environment and security objectives TOE security Environment A.ADMIN A.SUPERVISOR A.NETWORK T.ILLEGAL_USE T.UNAUTH_ACCESS T.ABUSE_SEC_MNG T.SALVAGE T.TRANSIT T.FAX_LINE P.SOFTWARE Security objectives O.AUDIT O.I&A O.DOC_ACC O.MANAGE O.MEM.PROTECT O.NET.PROTECT O.GENUINE O.LINE_PROTECT OE.ADMIN OE.SUPERVISOR OE.NETWORK v vv vv v vv... trusted persons as defined in the roles assigned to them on their permissions. Copyright (c) 2010 RICOH COMPANY, LTD. As specified by A.ADMIN, administrators shall have sufficient knowledge to operate the TOE...
Security Target
Page 32
...to verify the integrity of 81 T.TRANSIT (Data interception and tampering with the TOE users by O.LINE_PROTECT. P.SOFTWARE (Checking software integrity) To enforce this organisational security policy, the TOE provides the function to the machine administrator so that the... machine administrator detects afterwards whether or not O.LINE_PROTECT was performed. Copyright (c) 2010 RICOH COMPANY, LTD. Therefore, the TOE can enforce P.SOFTWARE. Therefore, the TOE can counter T.FAX_LINE. Therefore, the TOE can counter T.TRANSIT. T.FAX_LINE (Intrusion...
...to verify the integrity of 81 T.TRANSIT (Data interception and tampering with the TOE users by O.LINE_PROTECT. P.SOFTWARE (Checking software integrity) To enforce this organisational security policy, the TOE provides the function to the machine administrator so that the... machine administrator detects afterwards whether or not O.LINE_PROTECT was performed. Copyright (c) 2010 RICOH COMPANY, LTD. Therefore, the TOE can enforce P.SOFTWARE. Therefore, the TOE can counter T.FAX_LINE. Therefore, the TOE can counter T.TRANSIT. T.FAX_LINE (Intrusion...
Security Target
Page 60
...None None None None FCS_CKM.4 FCS_CKM.4 None None Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved. For this, FPT_TST.1 tests the integrity of the executable code of the MFP Control Software, which is installed in Table 22, and these requirements are included...to O.LINE.PROTECT inTable 22, and these requirements are included to fulfill the O.GENUINE sp ecification. a) Check the integrity of the MFP Control Software. To fulfill O.LINE_PROTECT , unauthorised access by CC FPT_STM.1 FAU_GEN.1 FAU_SAR.1 FAU_GEN.1 FAU_STG.1 [FCS_CKM.2 or FCS_COP.1] FCS_CKM.4 [FDP_ITC.1 or FDP_ITC...
...None None None None FCS_CKM.4 FCS_CKM.4 None None Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved. For this, FPT_TST.1 tests the integrity of the executable code of the MFP Control Software, which is installed in Table 22, and these requirements are included...to O.LINE.PROTECT inTable 22, and these requirements are included to fulfill the O.GENUINE sp ecification. a) Check the integrity of the MFP Control Software. To fulfill O.LINE_PROTECT , unauthorised access by CC FPT_STM.1 FAU_GEN.1 FAU_SAR.1 FAU_GEN.1 FAU_STG.1 [FCS_CKM.2 or FCS_COP.1] FCS_CKM.4 [FDP_ITC.1 or FDP_ITC...
Security Target
Page 63
...Network Communication Data Protection Function SF.FAX_LINE Protection Function for Intrusion via Telephone Line SF.GENUINE MFP Control Software Verification Function As Table 24 shows, at least one TOE Security Function satisfies each security functional requirements ...SF.GENUINE FAU_GEN.1 v FAU_SAR.1 v FAU_SAR.2 v FAU_STG.1 v FAU_STG.4 v FCS_CKM.1 v FCS_COP.1 v FDP_ACC.1 v FDP_ACF.1 v Copyright (c) 2010 RICOH COMPANY, LTD. 7 TOE Summary Specification This section provides a specification summary of the Security Functions of 81 7.1 TOE Security Function The TOE provides the...
...Network Communication Data Protection Function SF.FAX_LINE Protection Function for Intrusion via Telephone Line SF.GENUINE MFP Control Software Verification Function As Table 24 shows, at least one TOE Security Function satisfies each security functional requirements ...SF.GENUINE FAU_GEN.1 v FAU_SAR.1 v FAU_SAR.2 v FAU_STG.1 v FAU_STG.4 v FCS_CKM.1 v FCS_COP.1 v FDP_ACC.1 v FDP_ACF.1 v Copyright (c) 2010 RICOH COMPANY, LTD. 7 TOE Summary Specification This section provides a specification summary of the Security Functions of 81 7.1 TOE Security Function The TOE provides the...
Security Target
Page 76
... of 81 At every TOE start -up . The TOE becomes available for users only if the integrity of the MFP Control Software that the MFP Control Software is not correct. Copyright (c) 2010 RICOH COMPANY, LTD. If integrity cannot be verified. All Rights Reserved. The TOE verifies the integrity of the executable code of...
... of 81 At every TOE start -up . The TOE becomes available for users only if the integrity of the MFP Control Software that the MFP Control Software is not correct. Copyright (c) 2010 RICOH COMPANY, LTD. If integrity cannot be verified. All Rights Reserved. The TOE verifies the integrity of the executable code of...
Security Target
Page 77
...). (Examples: MFP purchaser, MFP owner, manager of a department where MFPs are used, or a person in charge of an IT department.) Software installed in the TOE that encrypts data to be read from a client computer using File Transfer Protocol. A server for sharing files with a ...controls the operation of an MFP. Includes e-mail address, user certificates, and a specified value for digital "multi function product". Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved. 8 Appendix Page 77 of 81 8.1 Definitions of Terminology For ease of reader understanding, Table 34 provides ...
...). (Examples: MFP purchaser, MFP owner, manager of a department where MFPs are used, or a person in charge of an IT department.) Software installed in the TOE that encrypts data to be read from a client computer using File Transfer Protocol. A server for sharing files with a ...controls the operation of an MFP. Includes e-mail address, user certificates, and a specified value for digital "multi function product". Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved. 8 Appendix Page 77 of 81 8.1 Definitions of Terminology For ease of reader understanding, Table 34 provides ...
Security Target
Page 78
... of more than two types of fax communications, and controls fax communications according to instructions from theMFP Control Software on the Controller Board. A function that can be registered in passwords. The user administrator is a person...e-mail address. An administrator role assigning responsibility for identification and authentication of supervisor information. MFP Control Software embedded on the Fax Unit. It receives information on the status of character. Also an identification ...Level 2 requires passwords to networks. Copyright (c) 2010 RICOH COMPANY, LTD.
... of more than two types of fax communications, and controls fax communications according to instructions from theMFP Control Software on the Controller Board. A function that can be registered in passwords. The user administrator is a person...e-mail address. An administrator role assigning responsibility for identification and authentication of supervisor information. MFP Control Software embedded on the Fax Unit. It receives information on the status of character. Also an identification ...Level 2 requires passwords to networks. Copyright (c) 2010 RICOH COMPANY, LTD.