Security Target
Page 9
... 1.00 01.01 1.02 1.00 1.12 1.03m 01.00.01 1.01:08 1.01 1.01 1.01 Hardware 01020714 01 Keywords : Digital MFP, Documents, Copy, Print, Scanner, Network, Office, Fax Page 8 of 91 1.3 TOE Overview This section defines TOE Type, TOE Usage and Major Security Features of TOE. 1.3.1 TOE Type This TOE is an... The operational environment of the TOE is illustrated below and the usage of the TOE is outlined in this section. All rights reserved. Copyright (c) 2011 RICOH COMPANY, LTD.
... 1.00 01.01 1.02 1.00 1.12 1.03m 01.00.01 1.01:08 1.01 1.01 1.01 Hardware 01020714 01 Keywords : Digital MFP, Documents, Copy, Print, Scanner, Network, Office, Fax Page 8 of 91 1.3 TOE Overview This section defines TOE Type, TOE Usage and Major Security Features of TOE. 1.3.1 TOE Type This TOE is an... The operational environment of the TOE is illustrated below and the usage of the TOE is outlined in this section. All rights reserved. Copyright (c) 2011 RICOH COMPANY, LTD.
Security Target
Page 10
MFP A machinery that is defined as shown in the TOE environment. Copy, fax, storage, and network transmission of the stored documents. Also, the TOE receives information via telephone lines and can operate the TOE from the Operation Panel ... lines, as the TOE. Various settings for the MFP, which is the TOE itself, and hardware and software other than the TOE. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. Print, fax, network transmission, and deletion of paper documents, - Page 9 of 91 Figure 1 : Example of TOE Environment The TOE is used in Figure 1.
MFP A machinery that is defined as shown in the TOE environment. Copy, fax, storage, and network transmission of the stored documents. Also, the TOE receives information via telephone lines and can operate the TOE from the Operation Panel ... lines, as the TOE. Various settings for the MFP, which is the TOE itself, and hardware and software other than the TOE. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. Print, fax, network transmission, and deletion of paper documents, - Page 9 of 91 Figure 1 : Example of TOE Environment The TOE is used in Figure 1.
Security Target
Page 11
...and authenticates the TOE user with Windows authentication (Kerberos authentication method). Storage and printing of the TOE if it is connected to the LAN, and users can ...folder transmission of documents using a Web browser installed on the client computer, - Copyright (c) 2011 RICOH COMPANY, LTD. Operation of the stored documents in the TOE to its folders. Telephone line A...is applied. A transfer path to relay communications between the MFP and maintenance centre. Storage and faxing of the stored documents in the TOE to its folders. External Authentication Server A server that...
...and authenticates the TOE user with Windows authentication (Kerberos authentication method). Storage and printing of the TOE if it is connected to the LAN, and users can ...folder transmission of documents using a Web browser installed on the client computer, - Copyright (c) 2011 RICOH COMPANY, LTD. Operation of the stored documents in the TOE to its folders. Telephone line A...is applied. A transfer path to relay communications between the MFP and maintenance centre. Storage and faxing of the stored documents in the TOE to its folders. External Authentication Server A server that...
Security Target
Page 14
...a telephone line. The Fax Controller Unit sends and receives control information about the Scanner Engine and Printer Engine to the Controller Board, and operates the Scanner Engine or Printer Engine according to the key switches, LED indicators, and LCD touch screen. Copyright (c) 2011 RICOH COMPANY, LTD. OpePanel,... passwords of 91 and digital signature. HDD The HDD is a hard disk drive that is a unit that is an input device to print and eject paper documents, and Engine Control Board. FlashROM A non-volatile memory medium in the Engine Control Board. The Engine Control Software...
...a telephone line. The Fax Controller Unit sends and receives control information about the Scanner Engine and Printer Engine to the Controller Board, and operates the Scanner Engine or Printer Engine according to the key switches, LED indicators, and LCD touch screen. Copyright (c) 2011 RICOH COMPANY, LTD. OpePanel,... passwords of 91 and digital signature. HDD The HDD is a hard disk drive that is a unit that is an input device to print and eject paper documents, and Engine Control Board. FlashROM A non-volatile memory medium in the Engine Control Board. The Engine Control Software...
Security Target
Page 22
... function can be stored in the TOE by operating the fax driver installed on the client computer. - Copyright (c) 2011 RICOH COMPANY, LTD. The documents received by fax can be printed, deleted, and sent to receive documents from external faxes (Fax Reception Function). Fax documents are sent by fax using the Operation Panel, while they also can be scanned...
... function can be stored in the TOE by operating the fax driver installed on the client computer. - Copyright (c) 2011 RICOH COMPANY, LTD. The documents received by fax can be printed, deleted, and sent to receive documents from external faxes (Fax Reception Function). Fax documents are sent by fax using the Operation Panel, while they also can be scanned...
Security Target
Page 23
...or by the MFP administrator to view and delete the recorded audit log. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. This function can print and delete fax documents. Security Functions The Security Functions are allowed to customer engineers only. To view and ...the Operation panel or a Web browser. From the Operation Panel, users can print and delete Document Server documents, fax, print, download, and delete fax documents. From a Web browser, users can store, print and delete Document Server documents. Maintenance Function The Maintenance Function is to perform...
...or by the MFP administrator to view and delete the recorded audit log. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. This function can print and delete fax documents. Security Functions The Security Functions are allowed to customer engineers only. To view and ...the Operation panel or a Web browser. From the Operation Panel, users can print and delete Document Server documents, fax, print, download, and delete fax documents. From a Web browser, users can store, print and delete Document Server documents. Maintenance Function The Maintenance Function is to perform...
Security Target
Page 27
... symbols. There are Level 1 and Level 2 Password Complexity Settings. External Authentication implemented in the TOE by locked print, hold print, and sample print using Kerberos Authentication method. Attributes of the document data attributes. This auto logout time is used in the TOE..... An abbreviation of each TOE function (Copy Function, Document Server Function, Scanner Function, Printer Function and Fax Function) from the MFP. Copyright (c) 2011 RICOH COMPANY, LTD. Page 26 of registrable password digits. The minimum number of 91 Terms Lockout Auto logout Minimum...
... symbols. There are Level 1 and Level 2 Password Complexity Settings. External Authentication implemented in the TOE by locked print, hold print, and sample print using Kerberos Authentication method. Attributes of the document data attributes. This auto logout time is used in the TOE..... An abbreviation of each TOE function (Copy Function, Document Server Function, Scanner Function, Printer Function and Fax Function) from the MFP. Copyright (c) 2011 RICOH COMPANY, LTD. Page 26 of registrable password digits. The minimum number of 91 Terms Lockout Auto logout Minimum...
Security Target
Page 28
... Operation Panel is authorised, and it can be used by users to access. Copyright (c) 2011 RICOH COMPANY, LTD. Documents copied by using Copy Function, Scanner Function, Document Server Function, and Fax Data Storage Function. One of the stored document types. One of the stored document types. Documents... and Printer Function. A list of the login user names of MFP administrators whose access to documents is used with Document Server printing or stored print from the telephone line. This list does not include the login user names of the normal users whose "users cannot be set ...
... Operation Panel is authorised, and it can be used by users to access. Copyright (c) 2011 RICOH COMPANY, LTD. Documents copied by using Copy Function, Scanner Function, Document Server Function, and Fax Data Storage Function. One of the stored document types. One of the stored document types. Documents... and Printer Function. A list of the login user names of MFP administrators whose access to documents is used with Document Server printing or stored print from the telephone line. This list does not include the login user names of the normal users whose "users cannot be set ...
Security Target
Page 31
The HCDs consist of the scanner device and print device, and have , and equips the functions that they are translated from the PP. The MFP is the type of this TOE type is consistent ... takes place in the PP and security objectives of which are not operated from the requirements of Copy Function, Scanner Function, Printer Function or Fax Function. Copyright (c) 2011 RICOH COMPANY, LTD. The Document Server Function is neither increased nor decreased. The MFP has the devices the HCDs have the interface to the...
The HCDs consist of the scanner device and print device, and have , and equips the functions that they are translated from the PP. The MFP is the type of this TOE type is consistent ... takes place in the PP and security objectives of which are not operated from the requirements of Copy Function, Scanner Function, Printer Function or Fax Function. Copyright (c) 2011 RICOH COMPANY, LTD. The Document Server Function is neither increased nor decreased. The MFP has the devices the HCDs have the interface to the...
Security Target
Page 49
... All requests to perform an operation on an object covered by the PP. Start and end operation of login operation Copyright (c) 2011 RICOH COMPANY, LTD. Start and end operation of delivering document data to perform an operation on an object covered by the SFP. b) ... in making an access check. b) Basic: All use of the authentication mechanism; Start and end operation of printing document data. - Those described above, "storing, printing, downloading, faxing, sending by e-mail, delivering to folder, and deleting", are the job types of additional information that are required...
... All requests to perform an operation on an object covered by the PP. Start and end operation of login operation Copyright (c) 2011 RICOH COMPANY, LTD. Start and end operation of delivering document data to perform an operation on an object covered by the SFP. b) ... in making an access check. b) Basic: All use of the authentication mechanism; Start and end operation of printing document data. - Those described above, "storing, printing, downloading, faxing, sending by e-mail, delivering to folder, and deleting", are the job types of additional information that are required...
Security Target
Page 57
... by the lockout time set by the MFP administrator, release operation by a supervisor or the TOE's restart. Copyright (c) 2011 RICOH COMPANY, LTD. Dependencies: No dependencies. The lockout for the MFP administrator is made unavailable upon the [selection: deallocation of the...authentication using the Operation Panel User authentication using the TOE from client computer Web browser User authentication when printing from the client computer User authentication when using LAN Fax from ] the following additional rules: [assignment: deny an operation on the following objects: [assignment: ...
... by the lockout time set by the MFP administrator, release operation by a supervisor or the TOE's restart. Copyright (c) 2011 RICOH COMPANY, LTD. Dependencies: No dependencies. The lockout for the MFP administrator is made unavailable upon the [selection: deallocation of the...authentication using the Operation Panel User authentication using the TOE from client computer Web browser User authentication when printing from the client computer User authentication when using LAN Fax from ] the following additional rules: [assignment: deny an operation on the following objects: [assignment: ...
Security Target
Page 73
... MFP administrator are defined in accordance with the access procedures. The TSF confidential data sent and received by FTP_ITC.1. Copyright (c) 2011 RICOH COMPANY, LTD. FIA_ATD.1 and FIA_USB.1 manage the access procedures to the protected assets of the users who are allowed to operate the...A supervisor is fulfilled. FMT_SMR.1 maintains the users who can use . By satisfying FMT_MTD.1, FMT_SMF.1, FMT_SMR.1 and FTP_ITC.1, which are printed by LAN fax from the Operation Panel or a Web browser of secrets are protected by the TOE via the LAN are the security policies for sending...
... MFP administrator are defined in accordance with the access procedures. The TSF confidential data sent and received by FTP_ITC.1. Copyright (c) 2011 RICOH COMPANY, LTD. FIA_ATD.1 and FIA_USB.1 manage the access procedures to the protected assets of the users who are allowed to operate the...A supervisor is fulfilled. FMT_SMR.1 maintains the users who can use . By satisfying FMT_MTD.1, FMT_SMF.1, FMT_SMR.1 and FTP_ITC.1, which are printed by LAN fax from the Operation Panel or a Web browser of secrets are protected by the TOE via the LAN are the security policies for sending...
Security Target
Page 80
...shown in Table 35 - E-mail transmission Copyright (c) 2011 RICOH COMPANY, LTD. Communication with RC Gate - Folder transmission - Printing via networks - Communication with RC Gate - Web Function communication - LAN Fax via networks - All rights reserved. Expanded Log Items ... event caused by auto logout Web Function communication Folder transmission E-mail transmission Printing via networks LAN Fax via networks Storing document data Reading document data (print, download, fax transmission, e-mail transmission, and folder transmission) Deleting document data Success and...
...shown in Table 35 - E-mail transmission Copyright (c) 2011 RICOH COMPANY, LTD. Communication with RC Gate - Folder transmission - Printing via networks - Communication with RC Gate - Web Function communication - LAN Fax via networks - All rights reserved. Expanded Log Items ... event caused by auto logout Web Function communication Folder transmission E-mail transmission Printing via networks LAN Fax via networks Storing document data Reading document data (print, download, fax transmission, e-mail transmission, and folder transmission) Deleting document data Success and...
Security Target
Page 82
.... FIA_AFL.1 When Basic Authentication is not allowed to the TOE from a Web browser. The TOE logs out immediately after receiving the print data from the fax driver. The user role assigned to use the TOE from a Web browser by a person who logs on to log in unless ... Each User Role User Roles (Locked out Users) Normal user Supervisor MFP administrator Unlocking Administrators MFP administrator MFP administrator Supervisor Copyright (c) 2011 RICOH COMPANY, LTD. The TOE locks out the login user name if the number of consecutive login failures exceeds the number of the TOE ...
.... FIA_AFL.1 When Basic Authentication is not allowed to the TOE from a Web browser. The TOE logs out immediately after receiving the print data from the fax driver. The user role assigned to use the TOE from a Web browser by a person who logs on to log in unless ... Each User Role User Roles (Locked out Users) Normal user Supervisor MFP administrator Unlocking Administrators MFP administrator MFP administrator Supervisor Copyright (c) 2011 RICOH COMPANY, LTD. The TOE locks out the login user name if the number of consecutive login failures exceeds the number of the TOE ...
Security Target
Page 84
... Operation Panel Operation Panel Operation Panel Operation Panel Available Functions for the authorised operations (printing, downloading to the client computers, fax transmission, e-mail transmission, sending to folders, and deleted. Table 38 : Stored ... documents Fax transmission documents Printer documents Scanner documents Fax transmission documents Fax reception documents Operations displayed on the Menu Print Delete Print Delete Print Delete E-mail transmission Folder transmission Delete Fax transmission Folder transmission Print Delete Print Delete Copyright (c) 2011 RICOH COMPANY...
... Operation Panel Operation Panel Operation Panel Operation Panel Available Functions for the authorised operations (printing, downloading to the client computers, fax transmission, e-mail transmission, sending to folders, and deleted. Table 38 : Stored ... documents Fax transmission documents Printer documents Scanner documents Fax transmission documents Fax reception documents Operations displayed on the Menu Print Delete Print Delete Print Delete E-mail transmission Folder transmission Delete Fax transmission Folder transmission Print Delete Print Delete Copyright (c) 2011 RICOH COMPANY...
Security Target
Page 85
Copyright (c) 2011 RICOH COMPANY, LTD. Web browser Document Server Function Web browser Document Server Function Web browser Document Server Function Web browser Printer Function Web browser Fax Function Page 84 of a user job is attempted by the cancelled job will not be deleted. Other ...the roles of the identified and authenticated TOE users and user privileges set for normal users who are privileged to use Fax Function) Print Delete Print Download Delete (Operations above are authorised only if normal users are privileged to use Document Server Function) (2) Access control...
Copyright (c) 2011 RICOH COMPANY, LTD. Web browser Document Server Function Web browser Document Server Function Web browser Document Server Function Web browser Printer Function Web browser Fax Function Page 84 of a user job is attempted by the cancelled job will not be deleted. Other ...the roles of the identified and authenticated TOE users and user privileges set for normal users who are privileged to use Fax Function) Print Delete Print Download Delete (Operations above are authorised only if normal users are privileged to use Document Server Function) (2) Access control...
Security Target
Page 88
...administrator Document data attributes Document user list Stored document types are Document Server document, scanner document, fax document and printer document (with stored print) Document user list Stored document type is unavailable for TSF data according to the rules described in...browser Operation Panel, Web browser Operation Panel, Web browser Query, modify MFP administrator Query, modify Query, modify Query (Query is fax received document(*2) Default values of 91 FMT_MSA.1(a), FMT_MSA.1(b), FMT_MSA.3(a), FMT_MTD.1, FMT_SMF.1 and FMT_SMR.1 The TOE allows operations for External ...
...administrator Document data attributes Document user list Stored document types are Document Server document, scanner document, fax document and printer document (with stored print) Document user list Stored document type is unavailable for TSF data according to the rules described in...browser Operation Panel, Web browser Operation Panel, Web browser Query, modify MFP administrator Query, modify Query, modify Query (Query is fax received document(*2) Default values of 91 FMT_MSA.1(a), FMT_MSA.1(b), FMT_MSA.3(a), FMT_MTD.1, FMT_SMF.1 and FMT_SMR.1 The TOE allows operations for External ...
Security Target
Page 91
... Function type Default values +PRT: Documents printed from the client computer with direct print, locked print, hold print, and sample print. +SCN: Documents sent by e-mail or to folders from the MFP. +CPY: Documents copied using Copy Function, Scanner Function, Document Server Function and Fax Data Storage Function. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. Default...
... Function type Default values +PRT: Documents printed from the client computer with direct print, locked print, hold print, and sample print. +SCN: Documents sent by e-mail or to folders from the MFP. +CPY: Documents copied using Copy Function, Scanner Function, Document Server Function and Fax Data Storage Function. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. Default...