Security Target
Page 5
... by E-mail from TOE 75 7.1.7.4 Delivering to Folders from TOE 75 7.1.8 SF.FAX_LINE Protection Function for Intrusion via Telephone Line 75 7.1.9 SF.GENUINE MFP Control Software Verification Function 76 8 Appendix 77 8.1 Definitions of Terminology 77 8.2 References 81 Copyright (c) 2010...
... by E-mail from TOE 75 7.1.7.4 Delivering to Folders from TOE 75 7.1.8 SF.FAX_LINE Protection Function for Intrusion via Telephone Line 75 7.1.9 SF.GENUINE MFP Control Software Verification Function 76 8 Appendix 77 8.1 Definitions of Terminology 77 8.2 References 81 Copyright (c) 2010...
Security Target
Page 7
MFP Name : Ricoh Aficio MP 2851, Ricoh Aficio MP 3351 Savin 9228, Savin 9233 Lanier LD528, Lanier LD533 Lanier MP 2851, Lanier MP 3351 Gestetner MP 2851, Gestetner MP 3351 nashuatec MP 2851, nashuatec MP 3351 Rex-Rotary MP 2851, Rex-Rotary MP 3351 infotec MP 2851, infotec MP 3351 MFP Software /Hardware Version : Software System/Copy Network Support Scanner Printer Fax Web Support Web Uapl Network Doc Box 1.00 7.29.3 01.12 1.01 01...
MFP Name : Ricoh Aficio MP 2851, Ricoh Aficio MP 3351 Savin 9228, Savin 9233 Lanier LD528, Lanier LD533 Lanier MP 2851, Lanier MP 3351 Gestetner MP 2851, Gestetner MP 3351 nashuatec MP 2851, nashuatec MP 3351 Rex-Rotary MP 2851, Rex-Rotary MP 3351 infotec MP 2851, infotec MP 3351 MFP Software /Hardware Version : Software System/Copy Network Support Scanner Printer Fax Web Support Web Uapl Network Doc Box 1.00 7.29.3 01.12 1.01 01...
Security Target
Page 8
... from the Operation Panel. The following are input by receiving them . 1.3.2 TOE Usage andMajor Security Features of the assumed TOE environment. Copyright (c) 2010 RICOH COMPANY, LTD. MFP Control Software Verification Function For the Security Functions listed above, each function is described in a general office. These functions are for digitising paper documents and...
... from the Operation Panel. The following are input by receiving them . 1.3.2 TOE Usage andMajor Security Features of the assumed TOE environment. Copyright (c) 2010 RICOH COMPANY, LTD. MFP Control Software Verification Function For the Security Functions listed above, each function is described in a general office. These functions are for digitising paper documents and...
Security Target
Page 11
...Engine according to instructions from the MFP Control Software. The Scanner Engine is installed in the Engine Control Board. The Engine Control Software is an input device to read the paper... LCD touch screen to the MFP Control Software, or in response to direct instructions from the MFP Control Software. The Operation Panel Control Software is an output device for use by ... Unit contains a Scanner Engine, Printer Engine, and the Engine Control Board. The Engine Control Software sends information about the status of paper documents. It features key switches, LED indicators, an ...
...Engine according to instructions from the MFP Control Software. The Scanner Engine is installed in the Engine Control Board. The Engine Control Software is an input device to read the paper... LCD touch screen to the MFP Control Software, or in response to direct instructions from the MFP Control Software. The Operation Panel Control Software is an output device for use by ... Unit contains a Scanner Engine, Printer Engine, and the Engine Control Board. The Engine Control Software sends information about the status of paper documents. It features key switches, LED indicators, an ...
Security Target
Page 12
...the side of the MFP operation. [FlashROM] A memory medium in which the MFP Control Software is installed. [RAM] A volatile memory medium used to connect a client computer to the TOE, print or fax... from the MFP Control Software. All Rights Reserved. The Fax Unit has an interface to be read from the HDD. It is used ...: [Processor] A semiconductor chip that encrypts information to the MFP Control Software. When a CE performs Copyright (c) 2010 RICOH COMPANY, LTD. The following are stored.
...the side of the MFP operation. [FlashROM] A memory medium in which the MFP Control Software is installed. [RAM] A volatile memory medium used to connect a client computer to the TOE, print or fax... from the MFP Control Software. All Rights Reserved. The Fax Unit has an interface to be read from the HDD. It is used ...: [Processor] A semiconductor chip that encrypts information to the MFP Control Software. When a CE performs Copyright (c) 2010 RICOH COMPANY, LTD. The following are stored.
Security Target
Page 17
... a user administrator. These functions are outlined in FlashROM) MFP Control Software Verification Function Security Function * The performed events are operated from the Operation Panel, and the Web Copyright (c) 2010 RICOH COMPANY, LTD. CE General user Administrator Supervisor TOE Web browser Network... Data Telephone Line Intrusion Access Control Function Basic Function Protection Function Fax Stored Data Protection Function HDD (To MFP Control Software in Figure 3. Functions for CEs Figure 3: Logical boundaries of the TOE comprise the functions provided by the TOE. ...
... a user administrator. These functions are outlined in FlashROM) MFP Control Software Verification Function Security Function * The performed events are operated from the Operation Panel, and the Web Copyright (c) 2010 RICOH COMPANY, LTD. CE General user Administrator Supervisor TOE Web browser Network... Data Telephone Line Intrusion Access Control Function Basic Function Protection Function Fax Stored Data Protection Function HDD (To MFP Control Software in Figure 3. Functions for CEs Figure 3: Logical boundaries of the TOE comprise the functions provided by the TOE. ...
Security Target
Page 20
... both the Operation Panel and the Web Service Function. All Rights Reserved. The machine administrator can read -only Copyright (c) 2010 RICOH COMPANY, LTD. Account Lockout: If the number of consecutive unsuccessful attempts with the same particular user ID reaches the specified Number of... 81 Function, Security Management Function, Service Mode Lock Function, Telephone Line Intrusion Protection Function, and MFP Control Software Verification Function. General users are allowed to use the TOE from the Operation Panel or a client computer. The TOE then attempts...
... both the Operation Panel and the Web Service Function. All Rights Reserved. The machine administrator can read -only Copyright (c) 2010 RICOH COMPANY, LTD. Account Lockout: If the number of consecutive unsuccessful attempts with the same particular user ID reaches the specified Number of... 81 Function, Security Management Function, Service Mode Lock Function, Telephone Line Intrusion Protection Function, and MFP Control Software Verification Function. General users are allowed to use the TOE from the Operation Panel or a client computer. The TOE then attempts...
Security Target
Page 23
... Lock Function The M aintenance Function is used . Document data stored in the D-BOX. MFP Control Software Verification Function This function verifies the integrity of the MFP Control Software by checking the integrity of an executable code installed in the FlashROM. 1.4.5 Protected Assets This section describes... Outputting Document Data Document data can be either stored in the TOE or output by a client computer. 4. Copyright (c) 2010 RICOH COMPANY, LTD. In this TOE (document data and print Data). 1.4.5.1 Document Data Document data is for devices equipped with a Fax Unit.
... Lock Function The M aintenance Function is used . Document data stored in the D-BOX. MFP Control Software Verification Function This function verifies the integrity of the MFP Control Software by checking the integrity of an executable code installed in the FlashROM. 1.4.5 Protected Assets This section describes... Outputting Document Data Document data can be either stored in the TOE or output by a client computer. 4. Copyright (c) 2010 RICOH COMPANY, LTD. In this TOE (document data and print Data). 1.4.5.1 Document Data Document data is for devices equipped with a Fax Unit.
Security Target
Page 26
...telephone lines. 3.2 Organisational Security Policies The following security policy is assumed for organisations that are provided for them . Copyright (c) 2010 RICOH COMPANY, LTD. The threats defined in this TOE. T.ILLEGAL_USE (Abuse of TOE) Attackers may gain access to the use Security ... to the TOE through the external TOE interfaces (the Operation Panel, network interface, or USB Port) that demand integrity of the software installed in its IT products. Page 26 of 81 3 Security Problem Definitions This section provides details of threats, organisational security policies,...
...telephone lines. 3.2 Organisational Security Policies The following security policy is assumed for organisations that are provided for them . Copyright (c) 2010 RICOH COMPANY, LTD. The threats defined in this TOE. T.ILLEGAL_USE (Abuse of TOE) Attackers may gain access to the use Security ... to the TOE through the external TOE interfaces (the Operation Panel, network interface, or USB Port) that demand integrity of the software installed in its IT products. Page 26 of 81 3 Security Problem Definitions This section provides details of threats, organisational security policies,...
Security Target
Page 27
All Rights Reserved. P.SOFTWARE Page 27 of 81 (Software integrity checking) Measures shall be protected from the external network. Additionally, administrators shall not abuse... an external network such as the Internet, the internal network shall be provided for verifying the integrity of MFP Control Software, which is installed in the FlashROM of this TOE: A.ADMIN (Assumption for administrators) Administrators shall have sufficient knowledge ...3.3 Assumptions Defined and described below are shall not abuse their permissions maliciously. Copyright (c) 2010 RICOH COMPANY, LTD.
All Rights Reserved. P.SOFTWARE Page 27 of 81 (Software integrity checking) Measures shall be protected from the external network. Additionally, administrators shall not abuse... an external network such as the Internet, the internal network shall be provided for verifying the integrity of MFP Control Software, which is installed in the FlashROM of this TOE: A.ADMIN (Assumption for administrators) Administrators shall have sufficient knowledge ...3.3 Assumptions Defined and described below are shall not abuse their permissions maliciously. Copyright (c) 2010 RICOH COMPANY, LTD.
Security Target
Page 28
... TOE shall only allow the file administrator to delete document data stored in the D-BOX. O.GENUINE (Protection of integrity of MFP Control Software) The TOE shall provide TOE users with a function that is installed in an audit log, and provides the machine administrator with a ... to document data according to their rationale. 4.1 Security Objectives for TOE The following define the security objectives of the TOE. Copyright (c) 2010 RICOH COMPANY, LTD. O.AUDIT (Audit) The TOE shall record Security Function-related events in the FlashROM. All Rights Reserved. O. O. Such users...
... TOE shall only allow the file administrator to delete document data stored in the D-BOX. O.GENUINE (Protection of integrity of MFP Control Software) The TOE shall provide TOE users with a function that is installed in an audit log, and provides the machine administrator with a ... to document data according to their rationale. 4.1 Security Objectives for TOE The following define the security objectives of the TOE. Copyright (c) 2010 RICOH COMPANY, LTD. O.AUDIT (Audit) The TOE shall record Security Function-related events in the FlashROM. All Rights Reserved. O. O. Such users...
Security Target
Page 30
... MFP shall select trusted persons as defined in the administrator guidance for the TOE. Copyright (c) 2010 RICOH COMPANY, LTD. Therefore, A.ADMIN is upheld. A.ADMIN (Assumptions for administrators) As specified by A....Table 3: Relationship between security environment and security objectives TOE security Environment A.ADMIN A.SUPERVISOR A.NETWORK T.ILLEGAL_USE T.UNAUTH_ACCESS T.ABUSE_SEC_MNG T.SALVAGE T.TRANSIT T.FAX_LINE P.SOFTWARE Security objectives O.AUDIT O.I&A O.DOC_ACC O.MANAGE O.MEM.PROTECT O.NET.PROTECT O.GENUINE O.LINE_PROTECT OE.ADMIN OE.SUPERVISOR OE.NETWORK v vv vv v ...
... MFP shall select trusted persons as defined in the administrator guidance for the TOE. Copyright (c) 2010 RICOH COMPANY, LTD. Therefore, A.ADMIN is upheld. A.ADMIN (Assumptions for administrators) As specified by A....Table 3: Relationship between security environment and security objectives TOE security Environment A.ADMIN A.SUPERVISOR A.NETWORK T.ILLEGAL_USE T.UNAUTH_ACCESS T.ABUSE_SEC_MNG T.SALVAGE T.TRANSIT T.FAX_LINE P.SOFTWARE Security objectives O.AUDIT O.I&A O.DOC_ACC O.MANAGE O.MEM.PROTECT O.NET.PROTECT O.GENUINE O.LINE_PROTECT OE.ADMIN OE.SUPERVISOR OE.NETWORK v vv vv v ...
Security Target
Page 32
Therefore, the TOE can enforce P.SOFTWARE. P.SOFTWARE (Checking software integrity) To enforce this organisational security policy, the TOE provides the function to the machine administrator so that the machine administrator verifies afterwards whether or not O.NET.PROTECT was successfully performed. Copyright (c) 2010 RICOH COMPANY, LTD. In addition, the performance of O.LINE_PROTECT is recorded as audit...
Therefore, the TOE can enforce P.SOFTWARE. P.SOFTWARE (Checking software integrity) To enforce this organisational security policy, the TOE provides the function to the machine administrator so that the machine administrator verifies afterwards whether or not O.NET.PROTECT was successfully performed. Copyright (c) 2010 RICOH COMPANY, LTD. In addition, the performance of O.LINE_PROTECT is recorded as audit...
Security Target
Page 60
...this ST for the TOE security functional requirements. For this , FPT_TST.1 tests the integrity of the executable code of the MFP Control Software, which is installed in FlashROM, shall be prevented. O.LINE_PROTECT Protection from the telephone line is fax data. 6.3.3 Dependency Analysis Table 23...the correspondence of dependencies in ST None None None None None FCS_CKM.4 FCS_CKM.4 None None Copyright (c) 2010 RICOH COMPANY, LTD. To fulfill O.GENUINE, the integrity of the MFP Control Software, which is installed in the FlashROM, and verifies its integrity at TOE start-up. For this ,...
...this ST for the TOE security functional requirements. For this , FPT_TST.1 tests the integrity of the executable code of the MFP Control Software, which is installed in FlashROM, shall be prevented. O.LINE_PROTECT Protection from the telephone line is fax data. 6.3.3 Dependency Analysis Table 23...the correspondence of dependencies in ST None None None None None FCS_CKM.4 FCS_CKM.4 None None Copyright (c) 2010 RICOH COMPANY, LTD. To fulfill O.GENUINE, the integrity of the MFP Control Software, which is installed in the FlashROM, and verifies its integrity at TOE start-up. For this ,...
Security Target
Page 63
... FAU_GEN.1 v FAU_SAR.1 v FAU_SAR.2 v FAU_STG.1 v FAU_STG.4 v FCS_CKM.1 v FCS_COP.1 v FDP_ACC.1 v FDP_ACF.1 v Copyright (c) 2010 RICOH COMPANY, LTD. Table 24: Relationship between TOE security functional requirements and TOE security functions SF.AUDIT SF.I &A User Identification and Authentication Function SF... Communication Data Protection Function SF.FAX_LINE Protection Function for Intrusion via Telephone Line SF.GENUINE MFP Control Software Verification Function As Table 24 shows, at least one TOE Security Function satisfies each security functional requirements...
... FAU_GEN.1 v FAU_SAR.1 v FAU_SAR.2 v FAU_STG.1 v FAU_STG.4 v FCS_CKM.1 v FCS_COP.1 v FDP_ACC.1 v FDP_ACF.1 v Copyright (c) 2010 RICOH COMPANY, LTD. Table 24: Relationship between TOE security functional requirements and TOE security functions SF.AUDIT SF.I &A User Identification and Authentication Function SF... Communication Data Protection Function SF.FAX_LINE Protection Function for Intrusion via Telephone Line SF.GENUINE MFP Control Software Verification Function As Table 24 shows, at least one TOE Security Function satisfies each security functional requirements...
Security Target
Page 76
...All Rights Reserved. If integrity cannot be verified. Copyright (c) 2010 RICOH COMPANY, LTD. By the above, FPT_TST.1 (TSF testing) is not correct. The TOE becomes available for users only if the integrity of the control software can be verified, it indicates that is installed in the FlashROM...the executable code of the MFP Control Software each time the TOE starts up , the MFP Cont rol Software Verification Function verifies the integrity of the MFP Control Software that the MFP Control Software is satisfied. 7.1.9 SF.GENUINE MFP Control Software Verification Function Page 76 of 81 At...
...All Rights Reserved. If integrity cannot be verified. Copyright (c) 2010 RICOH COMPANY, LTD. By the above, FPT_TST.1 (TSF testing) is not correct. The TOE becomes available for users only if the integrity of the control software can be verified, it indicates that is installed in the FlashROM...the executable code of the MFP Control Software each time the TOE starts up , the MFP Cont rol Software Verification Function verifies the integrity of the MFP Control Software that the MFP Control Software is satisfied. 7.1.9 SF.GENUINE MFP Control Software Verification Function Page 76 of 81 At...
Security Target
Page 77
... e-mail address, user certificates, and a specified value for validity authentication and encryption processing, and a random number generator. Copyright (c) 2010 RICOH COMPANY, LTD. Refers to a client computer and receiving files from a client computer using File Transfer Protocol. A function that faxes document ...that can also send document files to a fax that encrypts data to a telephone line. An abbreviation of an IT department.) Software installed in the TOE. A chip that comprise the MFP and controls their operation. A server for secure communication is connected ...
... e-mail address, user certificates, and a specified value for validity authentication and encryption processing, and a random number generator. Copyright (c) 2010 RICOH COMPANY, LTD. Refers to a client computer and receiving files from a client computer using File Transfer Protocol. A function that faxes document ...that can also send document files to a fax that encrypts data to a telephone line. An abbreviation of an IT department.) Software installed in the TOE. A chip that comprise the MFP and controls their operation. A server for secure communication is connected ...
Security Target
Page 78
... TOE maintenance who has the user management role. It provides the MFP Cont rol Software on the Controller Board with information on the status of character. Copyright (c) 2010 RICOH COMPANY, LTD. The network administrator is employed by E-mail Memory Transmission User administration ... e-mail format for sending as data over the Internet to a machine with instructions for management of fax communications from theMFP Control Software on the Controller Board. There are Level 1 and Level 2 Password Complexity Settings. Indicates the supervisor's login name on the ...
... TOE maintenance who has the user management role. It provides the MFP Cont rol Software on the Controller Board with information on the status of character. Copyright (c) 2010 RICOH COMPANY, LTD. The network administrator is employed by E-mail Memory Transmission User administration ... e-mail format for sending as data over the Internet to a machine with instructions for management of fax communications from theMFP Control Software on the Controller Board. There are Level 1 and Level 2 Password Complexity Settings. Indicates the supervisor's login name on the ...