Ricoh Aficio MP C3001 Security Target - Page 84

Page 83 of 93 When the sent login user name and login password are identified and authenticated, the user is allowed to use the TOE according to the identified user role. FIA_USB.1, FIA_ATD.1, and FMT_SMR.1 If a user is identified and authenticated as a result of checking FIA_UAU.1(a), FIA_UID.1(a), FIA_UAU.1(b), and FIA_UID.1(b), the use of the TOE by the user is allowed as the identified user role (normal user, MFP administrator, or supervisor). The user role assigned to the user at login will be maintained until the user logs out. If user identification and authentication fails, use of the TOE is denied. FTA_SSL.3 The automatic logout function the TOE provides is activated if the auto logout time (60 - 999 seconds) specified by the MFP administrator elapses after the final operation from the Operation Panel by the user who logs on to the TOE from the Operation Panel. The automatic logout function the TOE provides is activated if the fixed auto logout time (30 minutes by default) elapses after the final operation from a Web browser by the user who logs on to the TOE from a Web browser. The TOE logs out immediately after receiving the print data from the printer driver. The TOE logs out immediately after receiving the transmission information from the fax driver. The TOE terminates a session with RC Gate immediately after the communication with RC Gate is complete. FIA_UAU.7 Regarding login passwords entered by a person who intends to use the TOE from the Operation Panel or a Web browser, the TOE does not display the entered login password but it displays a sequence of dummy characters whose length is the same as that of the entered password. FIA_AFL.1 When Basic Authentication is applied, the TOE counts the number of identification and authentication attempts that consecutively result in failure using the login user name of a normal user, MFP administrator, or supervisor. When External Authentication is applied, the TOE counts the number of identification and authentication attempts that consecutively result in failure using the login user name of an MFP administrator or supervisor. The TOE locks out the login user name if the number of consecutive login failures exceeds the number of attempts before lockout. If a user name is locked out, the user with that user name is not allowed to log in unless the lockout time set in advance elapses or an "unlocking administrator" shown in Table 36 and specified for each user role releases the lockout. Table 36 : Unlocking Administrators for Each User Role User Roles (Locked out Users) Normal user Unlocking Administrators MFP administrator Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.