Security Target
Page 5
Page 5 of 80 7.1.2.3 Password Feedback Area Protection 67 7.1.2.4 Password Registration...67 7.1.3 SF.DOC_ACC Document Data Access Control Function 68 7.1.3.1 General User Operations on Document Data 68 7.1.3.2 File Administrator Operations on Document Data 69 7.1.4 SF.... for Intrusion via Telephone Line 74 7.1.9 SF.GENUINE MFP Control Software Verification Function 74 8 Appendix ...76 8.1 Definitions of Terminology 76 8.2 References ...80 Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.
Page 5 of 80 7.1.2.3 Password Feedback Area Protection 67 7.1.2.4 Password Registration...67 7.1.3 SF.DOC_ACC Document Data Access Control Function 68 7.1.3.1 General User Operations on Document Data 68 7.1.3.2 File Administrator Operations on Document Data 69 7.1.4 SF.... for Intrusion via Telephone Line 74 7.1.9 SF.GENUINE MFP Control Software Verification Function 74 8 Appendix ...76 8.1 Definitions of Terminology 76 8.2 References ...80 Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.
Security Target
Page 15
...administrator roles, and administrator roles can be a supervisor by the responsible manager change the supervisor ID and password of administrator roles Administrator role User administration Machine administration Network administration File administration Explanation about duties involved Managing ...A default supervisor is a person who is registered and assigned all four administrator roles as an administrator. Copyright (c) 2009,2010 RICOH COMPANY, LTD. One default administrator is registered on the document data. Table 1: List of the default supervisor. 1.4.3.4 General...
...administrator roles, and administrator roles can be a supervisor by the responsible manager change the supervisor ID and password of administrator roles Administrator role User administration Machine administration Network administration File administration Explanation about duties involved Managing ...A default supervisor is a person who is registered and assigned all four administrator roles as an administrator. Copyright (c) 2009,2010 RICOH COMPANY, LTD. One default administrator is registered on the document data. Table 1: List of the default supervisor. 1.4.3.4 General...
Security Target
Page 19
...enters their user IDs and authentication details for those listed above. Authentication Feedback Area Protection: When a user enters their password, this function masks the password with the received user ID and authentication information. Each of security breaches. Deleting documentdata: Delete document data stored in...permissions to perform only operations that satisfy both the Operation Panel and the Web Service Function. Copyright (c) 2009,2010 RICOH COMPANY, LTD. The TOE then attempts to identify and authenticate the user with protection charactersas it appears in the ...
...enters their user IDs and authentication details for those listed above. Authentication Feedback Area Protection: When a user enters their password, this function masks the password with the received user ID and authentication information. Each of security breaches. Deleting documentdata: Delete document data stored in...permissions to perform only operations that satisfy both the Operation Panel and the Web Service Function. Copyright (c) 2009,2010 RICOH COMPANY, LTD. The TOE then attempts to identify and authenticate the user with protection charactersas it appears in the ...
Security Target
Page 21
... roles, their roles must be automatically deleted. 3. If administrators delete all of machine control data Each administrator is : - User administrators can change administrator passwords. Telephone Line Intrusion Protection Function This function is set to the TOE, so thatthe TOE receives only permitted data. It restricts communication over a telephone line... Function set to a new administrator when they register another administrator, provided that at least one administrator role, one other operations. Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.
... roles, their roles must be automatically deleted. 3. If administrators delete all of machine control data Each administrator is : - User administrators can change administrator passwords. Telephone Line Intrusion Protection Function This function is set to the TOE, so thatthe TOE receives only permitted data. It restricts communication over a telephone line... Function set to a new administrator when they register another administrator, provided that at least one administrator role, one other operations. Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.
Security Target
Page 43
... Level 1 or Level 2 for one letter of authentication. FIA_UAU.2 User authentication before allowing any action Hierarchical to: FIA_UAU.1 Timing of passwords on authentication feedback] to the user while the Copyright (c) 2009,2010 RICOH COMPANY, LTD. FIA_UAU.7 Protected authentication feedback Hierarchical to : No other components. Dependencies: FIA_UID.1 Timing of secrets Hierarchical to : No...
... Level 1 or Level 2 for one letter of authentication. FIA_UAU.2 User authentication before allowing any action Hierarchical to: FIA_UAU.1 Timing of passwords on authentication feedback] to the user while the Copyright (c) 2009,2010 RICOH COMPANY, LTD. FIA_UAU.7 Protected authentication feedback Hierarchical to : No other components. Dependencies: FIA_UID.1 Timing of secrets Hierarchical to : No...
Security Target
Page 47
... S/MIME user information General users User administrator, General users FMT_SMF.1 Specification of Management Functions described in Table19 Copyright (c) 2009,2010 RICOH COMPANY, LTD. second) TSF data Operations Que ry Minimum Password Length Password Complexity Setting HDD cryptographic key Audit logs Service mode lock setting Query, modify Query, modify Query, newly create Query, delete...
... S/MIME user information General users User administrator, General users FMT_SMF.1 Specification of Management Functions described in Table19 Copyright (c) 2009,2010 RICOH COMPANY, LTD. second) TSF data Operations Que ry Minimum Password Length Password Complexity Setting HDD cryptographic key Audit logs Service mode lock setting Query, modify Query, modify Query, newly create Query, delete...
Security Target
Page 48
...are no interfaces to the audit records. b) Management of unlocking administrators and Lockout release operations for unsuccessful authentication attempts. Minimum Password Length - a) Management of the threshold for locked-out users. b) Management of actions to be able to define additional...attributes for users. Security Management Function (management of general user information): management of authentication information of general Copyright (c) 2009,2010 RICOH COMPANY, LTD. None: Attributes (data type) used to make explicit access or denial based decisions. a) Management of the...
...are no interfaces to the audit records. b) Management of unlocking administrators and Lockout release operations for unsuccessful authentication attempts. Minimum Password Length - a) Management of the threshold for locked-out users. b) Management of actions to be able to define additional...attributes for users. Security Management Function (management of general user information): management of authentication information of general Copyright (c) 2009,2010 RICOH COMPANY, LTD. None: Attributes (data type) used to make explicit access or denial based decisions. a) Management of the...
Security Target
Page 56
... authentication Following are not easily guessable. For this , FPT_STM.1 provides a trusted time stamp. FIA_SOS.1 accepts only passwords that are the rationale behind the functional requirements corresponding to O.DOC_ACC inTable 22, and these requirements are included to ...of a document, Copyright (c) 2009,2010 RICOH COMPANY, LTD. FIA_AFL.1 also reduces the possibility of users guessing passwords by the user administrator, and it enables only passwords that satisfy the Minimum Password Length and password character combination specified by locking out users when...
... authentication Following are not easily guessable. For this , FPT_STM.1 provides a trusted time stamp. FIA_SOS.1 accepts only passwords that are the rationale behind the functional requirements corresponding to O.DOC_ACC inTable 22, and these requirements are included to ...of a document, Copyright (c) 2009,2010 RICOH COMPANY, LTD. FIA_AFL.1 also reduces the possibility of users guessing passwords by the user administrator, and it enables only passwords that satisfy the Minimum Password Length and password character combination specified by locking out users when...
Security Target
Page 57
...administrator, document file owners, and general users with full control operation permission for the document data to query and specify the Minimum Password Length, complexity setting, anda Lockout Flag for the document data to change general user IDs; - authorised TOE users to query administrator...MANAGE, the Security Management Functions for each general user ID in the document data for the implemented TSF shall be Copyright (c) 2009,2010 RICOH COMPANY, LTD. the user administrator and applicable general users to perform operations on document data. For this , FMT_MTD.1 allows: - the...
...administrator, document file owners, and general users with full control operation permission for the document data to query and specify the Minimum Password Length, complexity setting, anda Lockout Flag for the document data to change general user IDs; - authorised TOE users to query administrator...MANAGE, the Security Management Functions for each general user ID in the document data for the implemented TSF shall be Copyright (c) 2009,2010 RICOH COMPANY, LTD. the user administrator and applicable general users to perform operations on document data. For this , FMT_MTD.1 allows: - the...
Security Target
Page 64
... Basic audit information - ID of auditable event occurs. Communication IP address - -: No applicable expanded audit information Copyright (c) 2009,2010 RICOH COMPANY, LTD. Types of event (auditable events in the event of new creation/changing/deletion of the user in this table) -... generation Successful storage of document data Successful reading of document data (*3) Successful deletion of document data Receiving fax Changing user password (including new creation and deletion) Deletion of administrator role Addition of administrator role Changing document data ACL Changing date and...
... Basic audit information - ID of auditable event occurs. Communication IP address - -: No applicable expanded audit information Copyright (c) 2009,2010 RICOH COMPANY, LTD. Types of event (auditable events in the event of new creation/changing/deletion of the user in this table) -... generation Successful storage of document data Successful reading of document data (*3) Successful deletion of document data Receiving fax Changing user password (including new creation and deletion) Deletion of administrator role Addition of administrator role Changing document data ACL Changing date and...
Security Target
Page 66
... the following two Lockout release actions, (1) or (2), is performed by the user match a general user ID and corresponding password registered in "7.1.2.1 User Identification and Authentication". When the number of failed consecutive attempts reaches the machine administrator-specified Number of ... authenticates the user based on the entered user IDs and passwords. Copyright (c) 2009,2010 RICOH COMPANY, LTD. Check if the supervisor ID and password entered by the user match an administrator ID and corresponding password registered to "Active". When a user authenticates successfully, as...
... the following two Lockout release actions, (1) or (2), is performed by the user match a general user ID and corresponding password registered in "7.1.2.1 User Identification and Authentication". When the number of failed consecutive attempts reaches the machine administrator-specified Number of ... authenticates the user based on the entered user IDs and passwords. Copyright (c) 2009,2010 RICOH COMPANY, LTD. Check if the supervisor ID and password entered by the user match an administrator ID and corresponding password registered to "Active". When a user authenticates successfully, as...
Security Target
Page 67
... administrator (any role) or a supervisor is registered. If it does not, the password is satisfied. 7.1.2.4 Password Registration The TOE provides a function for registering and changing the passwords of general users, administrators, and supervisor from the Operation Panel or the Web browser ...26 letters) Lower-case letters: [a -z] (26 letters) Numbers: [0-9] (10 digits) Symbols: SP (space 33 symbols) Copyright (c) 2009,2010 RICOH COMPANY, LTD. Table 27: Unlocking administrators for each user role, as a special Lockout release operation, restarting the TOE releases Lockout. In this ...
... administrator (any role) or a supervisor is registered. If it does not, the password is satisfied. 7.1.2.4 Password Registration The TOE provides a function for registering and changing the passwords of general users, administrators, and supervisor from the Operation Panel or the Web browser ...26 letters) Lower-case letters: [a -z] (26 letters) Numbers: [0-9] (10 digits) Symbols: SP (space 33 symbols) Copyright (c) 2009,2010 RICOH COMPANY, LTD. Table 27: Unlocking administrators for each user role, as a special Lockout release operation, restarting the TOE releases Lockout. In this ...
Security Target
Page 68
... administrator (8-32 characters) and no more than 32 characters. (3) Rule: Passwords that are composed of a combination of 80 (2) Registerable password length: General users No fewer than the Minimum Password Length specified by the user administrator (8-32 characters) and no more than 128...Function" and their user role. Table 28: Default value for document data ACL Document data default ACL Copyright (c) 2009,2010 RICOH COMPANY, LTD. Table 2 shows the relationship between the operation permissions for document data and operations on their corresponding security functional ...
... administrator (8-32 characters) and no more than 32 characters. (3) Rule: Passwords that are composed of a combination of 80 (2) Registerable password length: General users No fewer than the Minimum Password Length specified by the user administrator (8-32 characters) and no more than 128...Function" and their user role. Table 28: Default value for document data ACL Document data default ACL Copyright (c) 2009,2010 RICOH COMPANY, LTD. Table 2 shows the relationship between the operation permissions for document data and operations on their corresponding security functional ...
Security Target
Page 72
... to specify machine control data Machine control data items Number of Attempts before Lockout Setting for Lockout Release Timer Lockout time Minimum Password Length Password Complexity Setting Date and time of system clock Range of setting value An integer 1-5 (times) Active or Inactive 1-9999 (...to use of machine control data by the TOE. The TOE allows only specified users to Folder function. Copyright (c) 2009,2010 RICOH COMPANY, LTD. Table 32 shows for supervisor Inactive Inactive Inactive Query, modify Query, modify Query, modify Authorised setter Machine administrators...
... to specify machine control data Machine control data items Number of Attempts before Lockout Setting for Lockout Release Timer Lockout time Minimum Password Length Password Complexity Setting Date and time of system clock Range of setting value An integer 1-5 (times) Active or Inactive 1-9999 (...to use of machine control data by the TOE. The TOE allows only specified users to Folder function. Copyright (c) 2009,2010 RICOH COMPANY, LTD. Table 32 shows for supervisor Inactive Inactive Inactive Query, modify Query, modify Query, modify Authorised setter Machine administrators...
Security Target
Page 77
... administrator is a person who is a person with an e-mail address. Copyright (c) 2009,2010 RICOH COMPANY, LTD. One of the authorised TOE users whomanages a password of supervisor information. An item of administrator. An administrator role assigning responsibility for management of the TOE...CE) Fax reception process on Controller Board Supervisor Supervisor ID Supervisor authentication information Network administration Network control data Minim um Password Length Password Complexity Setting Fax process on SD cards. The control software on an SMB or FTP server via a network. A...
... administrator is a person who is a person with an e-mail address. Copyright (c) 2009,2010 RICOH COMPANY, LTD. One of the authorised TOE users whomanages a password of supervisor information. An item of administrator. An administrator role assigning responsibility for management of the TOE...CE) Fax reception process on Controller Board Supervisor Supervisor ID Supervisor authentication information Network administration Network control data Minim um Password Length Password Complexity Setting Fax process on SD cards. The control software on an SMB or FTP server via a network. A...
Security Target
Page 78
...administrator information and an identification code for identification and authentication of an administrator. Indicates the administrator's login name on this TOE. A password for identification and authentication of the administrator. A setting that enables or disables the timed release of the Lockout function based on ... user information and an identification code for a Lockout-released user is given one or more administrator roles. Copyright (c) 2009,2010 RICOH COMPANY, LTD. An item of data that is assigned to each administrator is set to the specific user IDs. When this ...
...administrator information and an identification code for identification and authentication of an administrator. Indicates the administrator's login name on this TOE. A password for identification and authentication of the administrator. A setting that enables or disables the timed release of the Lockout function based on ... user information and an identification code for a Lockout-released user is given one or more administrator roles. Copyright (c) 2009,2010 RICOH COMPANY, LTD. An item of data that is assigned to each administrator is set to the specific user IDs. When this ...