Design Guide
Page 2
... 12 1-3 Data Security ...14 1-3-1 External I/F ...14 1-3-2 Protection of Program Data from Illegal Access via an External Device 14 1-4 Protection of MFP/LP Firmware 17 1-4-1 Firmware Installation/Update 17 1-4-2 Verification of Firmware/Program Validity 20 1-5 Authentication, Access Control 21 1-5-1 Authentication ...21 1-5-2 IC Card Authentication 24 1-5-3 Access Control...25 1-6 Administrator Settings 26 1-7 Data Protection ...27...
... 12 1-3 Data Security ...14 1-3-1 External I/F ...14 1-3-2 Protection of Program Data from Illegal Access via an External Device 14 1-4 Protection of MFP/LP Firmware 17 1-4-1 Firmware Installation/Update 17 1-4-2 Verification of Firmware/Program Validity 20 1-5 Authentication, Access Control 21 1-5-1 Authentication ...21 1-5-2 IC Card Authentication 24 1-5-3 Access Control...25 1-6 Administrator Settings 26 1-7 Data Protection ...27...
Design Guide
Page 7
Page memory - Firmware Encryption Processor HDD - control TPM NVRAM - Internal System Configuration 1-1 Hardware Configuration 1-1-1 MFP Controller Processing and Control Unit ・CPU ・RAM RAM - Image data - Settings - ...
Page memory - Firmware Encryption Processor HDD - control TPM NVRAM - Internal System Configuration 1-1 Hardware Configuration 1-1-1 MFP Controller Processing and Control Unit ・CPU ・RAM RAM - Image data - Settings - ...
Design Guide
Page 8
...: Intermediary device connected to the MFP/LP via an Ethernet connection for performing remote diagnostic operations including firmware updates and settings changes. • SD card I/F: Used for performing service maintenance and as an interface for firmware storage media. • RAM, HDD: Image data stored in the RAM and HDD memory undergoes compression...
...: Intermediary device connected to the MFP/LP via an Ethernet connection for performing remote diagnostic operations including firmware updates and settings changes. • SD card I/F: Used for performing service maintenance and as an interface for firmware storage media. • RAM, HDD: Image data stored in the RAM and HDD memory undergoes compression...
Design Guide
Page 9
Page memory - Firmware Encryption Processor HDD - Mgmt. Settings - Image data - Counters Controller Processing and Control Unit ・CPU ・RAM System Control USB TypeA USB TypeB Ethernet Host I/F Optional I/F: Parallel Gigabit Ethernet Wireless LAN Bluetooth IC Card Reader Pict Bridge Compatible Device RC Gate Internet SD Card I/F Page 9 of 86 data Flash ROM Operation Panel Engine Image Processing Printing TPM NVRAM - Print Controller Design Guide for Information Security 1-1-2 LP RAM -
Page memory - Firmware Encryption Processor HDD - Mgmt. Settings - Image data - Counters Controller Processing and Control Unit ・CPU ・RAM System Control USB TypeA USB TypeB Ethernet Host I/F Optional I/F: Parallel Gigabit Ethernet Wireless LAN Bluetooth IC Card Reader Pict Bridge Compatible Device RC Gate Internet SD Card I/F Page 9 of 86 data Flash ROM Operation Panel Engine Image Processing Printing TPM NVRAM - Print Controller Design Guide for Information Security 1-1-2 LP RAM -
Design Guide
Page 10
Page 10 of the software installed on the hardware platform, which includes checking for firmware storage media. • RAM, HDD: Image data stored in the RAM and HDD memory undergoes compression, decompression and other image processing. • HDD storage: ... Design Guide for Information Security • RC Gate: Intermediary device connected to the LP via an Ethernet connection for performing remote diagnostic operations including firmware updates and settings changes. • SD card I/F: Used for performing service maintenance and as an interface for any illegal alterations.
Page 10 of the software installed on the hardware platform, which includes checking for firmware storage media. • RAM, HDD: Image data stored in the RAM and HDD memory undergoes compression, decompression and other image processing. • HDD storage: ... Design Guide for Information Security • RC Gate: Intermediary device connected to the LP via an Ethernet connection for performing remote diagnostic operations including firmware updates and settings changes. • SD card I/F: Used for performing service maintenance and as an interface for any illegal alterations.
Design Guide
Page 12
Also contains a printer language processing subsystem (e.g. Secondary data is then printed out from the printing engine. diagnostics, firmware update, settings changes). Activates the scanning engine, which reads the original and then sends the data to the controller. Page ... the image creation process. Controls the MFP/LP's access logs (e.g. Scanning can be printed out from the operation panel. Mediates communication between SP settings and machine operations. Also receives FAX data and prints it out from a PC via the connection protocols between the driver UI and...
Also contains a printer language processing subsystem (e.g. Secondary data is then printed out from the printing engine. diagnostics, firmware update, settings changes). Activates the scanning engine, which reads the original and then sends the data to the controller. Page ... the image creation process. Controls the MFP/LP's access logs (e.g. Scanning can be printed out from the operation panel. Mediates communication between SP settings and machine operations. Also receives FAX data and prints it out from a PC via the connection protocols between the driver UI and...
Design Guide
Page 17
... are sent SD 64 MB SD card Progra m Digital signature Ricoh License Server 1. Compare MD1 and MD2 3. Decryption Public key M D2 If MD1 = MD2 "MD": Message Digest 6. A private key is being performed. Firmware is introduced in the field. 1. Print Controller Design Guide for...been altered since it uses a public key to decrypt the digital signature to generate MD2. 5. This applies to firmware updates as well as the firmware's digital signature. 2. The Ricoh license server applies the SHA-1 algorithm (Secure Hash Algorithm 1) to the program to identify the type (e.g. System, ...
... are sent SD 64 MB SD card Progra m Digital signature Ricoh License Server 1. Compare MD1 and MD2 3. Decryption Public key M D2 If MD1 = MD2 "MD": Message Digest 6. A private key is being performed. Firmware is introduced in the field. 1. Print Controller Design Guide for...been altered since it uses a public key to decrypt the digital signature to generate MD2. 5. This applies to firmware updates as well as the firmware's digital signature. 2. The Ricoh license server applies the SHA-1 algorithm (Secure Hash Algorithm 1) to the program to identify the type (e.g. System, ...
Design Guide
Page 18
..., normally by an individual with new files If MD1 = MD2 Digital signature Ricoh distribution server Program + digital signature Program Ricoh license server 1. Files are employed. Download Client PC Remote Firmware Installation Performed by a Field Technician (from a client PC) Page 18 of firmware version Program 5. Check remote headers to the MFP/LP via Web SmartDeviceMonitor...
..., normally by an individual with new files If MD1 = MD2 Digital signature Ricoh distribution server Program + digital signature Program Ricoh license server 1. Files are employed. Download Client PC Remote Firmware Installation Performed by a Field Technician (from a client PC) Page 18 of firmware version Program 5. Check remote headers to the MFP/LP via Web SmartDeviceMonitor...
Design Guide
Page 19
... Installation via RC-Gate Download RC-Gate Installation directly from @Remote Center @Remote Center Digital signature Program + digital signature Ricoh Licenese Server Remote Firmware Installation using @Remote Remote installation Download Ridoc IO OperationServer Ricoh distribution server Update performed using Web Smart Device Monitor V2 (device management utility) Update commands issued Digital signature Program...
... Installation via RC-Gate Download RC-Gate Installation directly from @Remote Center @Remote Center Digital signature Program + digital signature Ricoh Licenese Server Remote Firmware Installation using @Remote Remote installation Download Ridoc IO OperationServer Ricoh distribution server Update performed using Web Smart Device Monitor V2 (device management utility) Update commands issued Digital signature Program...
Design Guide
Page 20
... validation process known as updates through the process explained in section 1.4.1 above : RTM (Root Trust of Measurement) is used to validate the application firmware Trusted Boot is booted up. Using the TPM, this verification is stored in an overwrite-protected, non-volatile region of the TPM, which makes it... extremely difficult for the key itself to continually ensure the validity of all controller core programs and application firmware installed on the MFP/LP at the time of product shipment, as well as those that only valid programs are newly installed as ...
... validation process known as updates through the process explained in section 1.4.1 above : RTM (Root Trust of Measurement) is used to validate the application firmware Trusted Boot is booted up. Using the TPM, this verification is stored in an overwrite-protected, non-volatile region of the TPM, which makes it... extremely difficult for the key itself to continually ensure the validity of all controller core programs and application firmware installed on the MFP/LP at the time of product shipment, as well as those that only valid programs are newly installed as ...
Design Guide
Page 37
... Not logged Authentication lock-out (actual Not logged lock-out occurs or settings are changed) Firmware update performed Not logged Change in firmware configuration Not logged detected Firmware configuration Not logged Encryption key operation performed Not logged Invalid firmware detected Not logged Change made to Time/Date settings Not logged Authentication password changed Not...
... Not logged Authentication lock-out (actual Not logged lock-out occurs or settings are changed) Firmware update performed Not logged Change in firmware configuration Not logged detected Firmware configuration Not logged Encryption key operation performed Not logged Invalid firmware detected Not logged Change made to Time/Date settings Not logged Authentication password changed Not...
Design Guide
Page 53
... As stated above , the PDF interpreter cross-references the password programmed in the results allows the operator to distinguish between jobs that illegal fonts or firmware were downloaded to the MFP/LP on its way to each individual PDF file, this function is for Information Security • The language processing system...
... As stated above , the PDF interpreter cross-references the password programmed in the results allows the operator to distinguish between jobs that illegal fonts or firmware were downloaded to the MFP/LP on its way to each individual PDF file, this function is for Information Security • The language processing system...