Design Guide
Page 2
... 12 1-3 Data Security ...14 1-3-1 External I/F ...14 1-3-2 Protection of Program Data from Illegal Access via an External Device 14 1-4 Protection of MFP/LP Firmware 17 1-4-1 Firmware Installation/Update 17 1-4-2 Verification of Firmware/Program Validity 20 1-5 Authentication, Access Control 21 1-5-1 Authentication ...21 1-5-2 IC Card Authentication 24 1-5-3 Access Control...25 1-6 Administrator Settings 26 1-7 Data Protection ...27...
... 12 1-3 Data Security ...14 1-3-1 External I/F ...14 1-3-2 Protection of Program Data from Illegal Access via an External Device 14 1-4 Protection of MFP/LP Firmware 17 1-4-1 Firmware Installation/Update 17 1-4-2 Verification of Firmware/Program Validity 20 1-5 Authentication, Access Control 21 1-5-1 Authentication ...21 1-5-2 IC Card Authentication 24 1-5-3 Access Control...25 1-6 Administrator Settings 26 1-7 Data Protection ...27...
Design Guide
Page 7
... Processing Scanning Image Processing Printing FCU FAX comm. Internal System Configuration 1-1 Hardware Configuration 1-1-1 MFP Controller Processing and Control Unit ・CPU ・RAM RAM - Mgmt. Firmware Encryption Processor HDD - Settings - control TPM NVRAM - Image data - Print Controller Design Guide for Information Security 1. Page memory -
... Processing Scanning Image Processing Printing FCU FAX comm. Internal System Configuration 1-1 Hardware Configuration 1-1-1 MFP Controller Processing and Control Unit ・CPU ・RAM RAM - Mgmt. Firmware Encryption Processor HDD - Settings - control TPM NVRAM - Image data - Print Controller Design Guide for Information Security 1. Page memory -
Design Guide
Page 8
Page 8 of the software installed on the hardware platform, which includes checking for firmware storage media. • RAM, HDD: Image data stored in the RAM and HDD memory undergoes compression, decompression and other image processing. • HDD storage: Data ... file format of image files. • RC Gate: Intermediary device connected to the MFP/LP via an Ethernet connection for performing remote diagnostic operations including firmware updates and settings changes. • SD card I/F: Used for performing service maintenance and as an interface for any illegal alterations.
Page 8 of the software installed on the hardware platform, which includes checking for firmware storage media. • RAM, HDD: Image data stored in the RAM and HDD memory undergoes compression, decompression and other image processing. • HDD storage: Data ... file format of image files. • RC Gate: Intermediary device connected to the MFP/LP via an Ethernet connection for performing remote diagnostic operations including firmware updates and settings changes. • SD card I/F: Used for performing service maintenance and as an interface for any illegal alterations.
Design Guide
Page 9
Mgmt. Print Controller Design Guide for Information Security 1-1-2 LP RAM - Settings - Image data - Counters Controller Processing and Control Unit ・CPU ・RAM System Control USB TypeA USB TypeB Ethernet Host I/F Optional I/F: Parallel Gigabit Ethernet Wireless LAN Bluetooth IC Card Reader Pict Bridge Compatible Device RC Gate Internet SD Card I/F Page 9 of 86 data Flash ROM Operation Panel Engine Image Processing Printing TPM NVRAM - Page memory - Firmware Encryption Processor HDD -
Mgmt. Print Controller Design Guide for Information Security 1-1-2 LP RAM - Settings - Image data - Counters Controller Processing and Control Unit ・CPU ・RAM System Control USB TypeA USB TypeB Ethernet Host I/F Optional I/F: Parallel Gigabit Ethernet Wireless LAN Bluetooth IC Card Reader Pict Bridge Compatible Device RC Gate Internet SD Card I/F Page 9 of 86 data Flash ROM Operation Panel Engine Image Processing Printing TPM NVRAM - Page memory - Firmware Encryption Processor HDD -
Design Guide
Page 10
... Gate: Intermediary device connected to the LP via an Ethernet connection for performing remote diagnostic operations including firmware updates and settings changes. • SD card I/F: Used for performing service maintenance and as an interface for firmware storage media. • RAM, HDD: Image data stored in the RAM and HDD memory undergoes compression...
... Gate: Intermediary device connected to the LP via an Ethernet connection for performing remote diagnostic operations including firmware updates and settings changes. • SD card I/F: Used for performing service maintenance and as an interface for firmware storage media. • RAM, HDD: Image data stored in the RAM and HDD memory undergoes compression...
Design Guide
Page 12
... creation process. Controls the sending of machine configuration settings by the system as a whole, and controls the switching of 86 Mediates communication between SP settings and machine operations. diagnostics, firmware update, settings changes). Scanning can be printed out from the printing engine. Activates the scanning engine, which reads the original and then...
... creation process. Controls the sending of machine configuration settings by the system as a whole, and controls the switching of 86 Mediates communication between SP settings and machine operations. diagnostics, firmware update, settings changes). Scanning can be printed out from the printing engine. Activates the scanning engine, which reads the original and then...
Design Guide
Page 17
... 64 MB SD card Progra m Digital signature Ricoh License Server 1. It then verifies that the model name is the same as the update is initiated, the MFP/LP checks to verify the validity of all firmware introduced into the MFP/LP via this value,...Files are widely available for Information Security 1-4 Protection of MFP/LP options. The Ricoh license server applies the SHA-1 algorithm (Secure Hash Algorithm 1) to the program to identify the type (e.g. If MD1 = MD2, the firmware update process begins. After recovery is being performed. Briefly stated, a license ...
... 64 MB SD card Progra m Digital signature Ricoh License Server 1. It then verifies that the model name is the same as the update is initiated, the MFP/LP checks to verify the validity of all firmware introduced into the MFP/LP via this value,...Files are widely available for Information Security 1-4 Protection of MFP/LP options. The Ricoh license server applies the SHA-1 algorithm (Secure Hash Algorithm 1) to the program to identify the type (e.g. If MD1 = MD2, the firmware update process begins. After recovery is being performed. Briefly stated, a license ...
Design Guide
Page 18
... above, with new files If MD1 = MD2 Digital signature Ricoh distribution server Program + digital signature Program Ricoh license server 1. Check remote headers to the MFP/LP. Print Controller Design Guide for Information Security Remote Firmware Update In addition to using an SD card, it is...: Remote headers are attached to the digital signature before reaching their destination, it is also possible to update the firmware by transmitting the firmware files to the MFP/LP via Web SmartDeviceMonitor Professional IS, usually by resending the file. Since these files are ...
... above, with new files If MD1 = MD2 Digital signature Ricoh distribution server Program + digital signature Program Ricoh license server 1. Check remote headers to the MFP/LP. Print Controller Design Guide for Information Security Remote Firmware Update In addition to using an SD card, it is...: Remote headers are attached to the digital signature before reaching their destination, it is also possible to update the firmware by transmitting the firmware files to the MFP/LP via Web SmartDeviceMonitor Professional IS, usually by resending the file. Since these files are ...
Design Guide
Page 19
... Installation via RC-Gate Download RC-Gate Installation directly from @Remote Center @Remote Center Digital signature Program + digital signature Ricoh Licenese Server Remote Firmware Installation using @Remote Remote installation Download Ridoc IO OperationServer Ricoh distribution server Update performed using Web Smart Device Monitor V2 (device management utility) Update commands issued Digital signature Program...
... Installation via RC-Gate Download RC-Gate Installation directly from @Remote Center @Remote Center Digital signature Program + digital signature Ricoh Licenese Server Remote Firmware Installation using @Remote Remote installation Download Ridoc IO OperationServer Ricoh distribution server Update performed using Web Smart Device Monitor V2 (device management utility) Update commands issued Digital signature Program...
Design Guide
Page 20
... RTM (Root Trust of Measurement) is used for this method is capable of detecting any way, providing additional protection of the programs/firmware. Page 20 of software from boot programs to end-point functions and applications, the Trusted Boot validation process provides comprehensive, TPM-based ...security. The MFP/LP uses the unique digital signature assigned to each program/firmware in any alterations made to these keys. The public key used to validate the controller core programs, which include the MFP/...
... RTM (Root Trust of Measurement) is used for this method is capable of detecting any way, providing additional protection of the programs/firmware. Page 20 of software from boot programs to end-point functions and applications, the Trusted Boot validation process provides comprehensive, TPM-based ...security. The MFP/LP uses the unique digital signature assigned to each program/firmware in any alterations made to these keys. The public key used to validate the controller core programs, which include the MFP/...
Design Guide
Page 37
... Not logged Authentication lock-out (actual Not logged lock-out occurs or settings are changed) Firmware update performed Not logged Change in firmware configuration Not logged detected Firmware configuration Not logged Encryption key operation performed Not logged Invalid firmware detected Not logged Change made to Time/Date settings Not logged Authentication password changed Not...
... Not logged Authentication lock-out (actual Not logged lock-out occurs or settings are changed) Firmware update performed Not logged Change in firmware configuration Not logged detected Firmware configuration Not logged Encryption key operation performed Not logged Invalid firmware detected Not logged Change made to Time/Date settings Not logged Authentication password changed Not...
Design Guide
Page 53
... when these passwords do not match. In addition, the incoming data is also destroyed if accompanying information alerts the MFP/LP that illegal fonts or firmware were downloaded to the MFP/LP on-board memory, such data could not be processed by any MFP/LP modules. Logs At the conclusion or...
... when these passwords do not match. In addition, the incoming data is also destroyed if accompanying information alerts the MFP/LP that illegal fonts or firmware were downloaded to the MFP/LP on-board memory, such data could not be processed by any MFP/LP modules. Logs At the conclusion or...