Design Guide
Page 2
... 12 1-3 Data Security ...14 1-3-1 External I/F ...14 1-3-2 Protection of Program Data from Illegal Access via an External Device 14 1-4 Protection of MFP/LP Firmware 17 1-4-1 Firmware Installation/Update 17 1-4-2 Verification of Firmware/Program Validity 20 1-5 Authentication, Access Control 21 1-5-1 Authentication ...21 1-5-2 IC Card Authentication 24 1-5-3 Access Control...25 1-6 Administrator Settings 26 1-7 Data Protection ...27...
... 12 1-3 Data Security ...14 1-3-1 External I/F ...14 1-3-2 Protection of Program Data from Illegal Access via an External Device 14 1-4 Protection of MFP/LP Firmware 17 1-4-1 Firmware Installation/Update 17 1-4-2 Verification of Firmware/Program Validity 20 1-5 Authentication, Access Control 21 1-5-1 Authentication ...21 1-5-2 IC Card Authentication 24 1-5-3 Access Control...25 1-6 Administrator Settings 26 1-7 Data Protection ...27...
Design Guide
Page 7
... 1394 External Charge Device IC Card Reader Pict Bridge Compatible Device RC Gate Internet External Controller I/F Board File Format Converter SD Card I /F To Public Tel. Firmware Encryption Processor HDD - Print Controller Design Guide for Information Security 1. Page memory - control TPM NVRAM - Mgmt. Settings - Counters System Control SAF Line I /F Page 7 of 86...
... 1394 External Charge Device IC Card Reader Pict Bridge Compatible Device RC Gate Internet External Controller I/F Board File Format Converter SD Card I /F To Public Tel. Firmware Encryption Processor HDD - Print Controller Design Guide for Information Security 1. Page memory - control TPM NVRAM - Mgmt. Settings - Counters System Control SAF Line I /F Page 7 of 86...
Design Guide
Page 8
...: Intermediary device connected to the MFP/LP via an Ethernet connection for performing remote diagnostic operations including firmware updates and settings changes. • SD card I/F: Used for performing service maintenance and as an interface for firmware storage media. • RAM, HDD: Image data stored in the RAM and HDD memory undergoes compression...
...: Intermediary device connected to the MFP/LP via an Ethernet connection for performing remote diagnostic operations including firmware updates and settings changes. • SD card I/F: Used for performing service maintenance and as an interface for firmware storage media. • RAM, HDD: Image data stored in the RAM and HDD memory undergoes compression...
Design Guide
Page 9
Settings - Page memory - data Flash ROM Operation Panel Engine Image Processing Printing TPM NVRAM - Counters Controller Processing and Control Unit ・CPU ・RAM System Control USB TypeA USB TypeB Ethernet Host I/F Optional I/F: Parallel Gigabit Ethernet Wireless LAN Bluetooth IC Card Reader Pict Bridge Compatible Device RC Gate Internet SD Card I/F Page 9 of 86 Mgmt. Image data - Firmware Encryption Processor HDD - Print Controller Design Guide for Information Security 1-1-2 LP RAM -
Settings - Page memory - data Flash ROM Operation Panel Engine Image Processing Printing TPM NVRAM - Counters Controller Processing and Control Unit ・CPU ・RAM System Control USB TypeA USB TypeB Ethernet Host I/F Optional I/F: Parallel Gigabit Ethernet Wireless LAN Bluetooth IC Card Reader Pict Bridge Compatible Device RC Gate Internet SD Card I/F Page 9 of 86 Mgmt. Image data - Firmware Encryption Processor HDD - Print Controller Design Guide for Information Security 1-1-2 LP RAM -
Design Guide
Page 10
... Gate: Intermediary device connected to the LP via an Ethernet connection for performing remote diagnostic operations including firmware updates and settings changes. • SD card I/F: Used for performing service maintenance and as an interface for firmware storage media. • RAM, HDD: Image data stored in the RAM and HDD memory undergoes compression...
... Gate: Intermediary device connected to the LP via an Ethernet connection for performing remote diagnostic operations including firmware updates and settings changes. • SD card I/F: Used for performing service maintenance and as an interface for firmware storage media. • RAM, HDD: Image data stored in the RAM and HDD memory undergoes compression...
Design Guide
Page 12
... mediates control of image data to be initiated from both the operation panel and from the printing engine. Controls remote correspondence with RC Gate (e.g. diagnostics, firmware update, settings changes). Page 12 of machine configuration settings by the system as a whole, and controls the switching of the LCD screen as well as...
... mediates control of image data to be initiated from both the operation panel and from the printing engine. Controls remote correspondence with RC Gate (e.g. diagnostics, firmware update, settings changes). Page 12 of machine configuration settings by the system as a whole, and controls the switching of the LCD screen as well as...
Design Guide
Page 17
...as the update is interrupted by the license server. Compare MD1 and MD2 3. Firmware Installation/Update Using an SD Card Since SD cards themselves are sent SD 64 MB SD card Progra m Digital signature Ricoh License Server 1. The MFP/LP then applies SHA-1 to the program to generate... machine functions (Copier, Printer, etc .) 2. This applies to encrypt this storage media. The Ricoh license server applies the SHA-1 algorithm (Secure Hash Algorithm 1) to the program to identify the type (e.g. The firmware in the SD card is introduced into the MFP/LP in the case of all...
...as the update is interrupted by the license server. Compare MD1 and MD2 3. Firmware Installation/Update Using an SD Card Since SD cards themselves are sent SD 64 MB SD card Progra m Digital signature Ricoh License Server 1. The MFP/LP then applies SHA-1 to the program to generate... machine functions (Copier, Printer, etc .) 2. This applies to encrypt this storage media. The Ricoh license server applies the SHA-1 algorithm (Secure Hash Algorithm 1) to the program to identify the type (e.g. The firmware in the SD card is introduced into the MFP/LP in the case of all...
Design Guide
Page 18
...new files If MD1 = MD2 Digital signature Ricoh distribution server Program + digital signature Program Ricoh license server 1. Generate digital signature Private key 3. Verification of 86 Decryption Public key MD2 8. Download Client PC Remote Firmware Installation Performed by resending the file. Since... features described above for which is necessary to retry the update by a Field Technician (from a client PC) Page 18 of firmware version Program 5. There are sent 2. In each scenario, all of model and target machine functions (Copier, Printer, etc.) 3....
...new files If MD1 = MD2 Digital signature Ricoh distribution server Program + digital signature Program Ricoh license server 1. Generate digital signature Private key 3. Verification of 86 Decryption Public key MD2 8. Download Client PC Remote Firmware Installation Performed by resending the file. Since... features described above for which is necessary to retry the update by a Field Technician (from a client PC) Page 18 of firmware version Program 5. There are sent 2. In each scenario, all of model and target machine functions (Copier, Printer, etc.) 3....
Design Guide
Page 19
... Installation via RC-Gate Download RC-Gate Installation directly from @Remote Center @Remote Center Digital signature Program + digital signature Ricoh Licenese Server Remote Firmware Installation using @Remote Remote installation Download Ridoc IO OperationServer Ricoh distribution server Update performed using Web Smart Device Monitor V2 (device management utility) Update commands issued Digital signature Program...
... Installation via RC-Gate Download RC-Gate Installation directly from @Remote Center @Remote Center Digital signature Program + digital signature Ricoh Licenese Server Remote Firmware Installation using @Remote Remote installation Download Ridoc IO OperationServer Ricoh distribution server Update performed using Web Smart Device Monitor V2 (device management utility) Update commands issued Digital signature Program...
Design Guide
Page 20
..., TPM-based security. Trusted Boot employs two methods to verify the validity of the programs/firmware mentioned above: RTM (Root Trust of Measurement) is used to validate the application firmware Trusted Boot is integrated with the protection of the user's encryption keys (see section 1.8 for... signature-based verification process explained in section 1.4.1 is booted up. The MFP/LP uses the unique digital signature assigned to each program/firmware in any alterations made to these keys. Using the TPM, this verification is a product of the ST19WP18 family, which makes it ...
..., TPM-based security. Trusted Boot employs two methods to verify the validity of the programs/firmware mentioned above: RTM (Root Trust of Measurement) is used to validate the application firmware Trusted Boot is integrated with the protection of the user's encryption keys (see section 1.8 for... signature-based verification process explained in section 1.4.1 is booted up. The MFP/LP uses the unique digital signature assigned to each program/firmware in any alterations made to these keys. Using the TPM, this verification is a product of the ST19WP18 family, which makes it ...
Design Guide
Page 37
... Not logged Authentication lock-out (actual Not logged lock-out occurs or settings are changed) Firmware update performed Not logged Change in firmware configuration Not logged detected Firmware configuration Not logged Encryption key operation performed Not logged Invalid firmware detected Not logged Change made to Time/Date settings Not logged Authentication password changed Not...
... Not logged Authentication lock-out (actual Not logged lock-out occurs or settings are changed) Firmware update performed Not logged Change in firmware configuration Not logged detected Firmware configuration Not logged Encryption key operation performed Not logged Invalid firmware detected Not logged Change made to Time/Date settings Not logged Authentication password changed Not...
Design Guide
Page 53
... it is encrypted using the group password already programmed in DeskTopBinder. In addition, the password itself . Therefore, even in the case that illegal fonts or firmware were downloaded to then safely send the printing data over the communication path. As stated above , PDF Direct Print handles the sending of encrypted PDF...
... it is encrypted using the group password already programmed in DeskTopBinder. In addition, the password itself . Therefore, even in the case that illegal fonts or firmware were downloaded to then safely send the printing data over the communication path. As stated above , PDF Direct Print handles the sending of encrypted PDF...