Ricoh Aficio MP C4501 Security Target

Ricoh Aficio MP C4501 Manual

Get Ricoh Aficio MP C4501 PDF manuals and user guides View all Ricoh Aficio MP C4501 manuals
Add to My Manuals
Save this manual to your list of manuals

Ricoh Aficio MP C4501 manual content summary:

  • Ricoh Aficio MP C4501 | Security Target - Page 1
    Aficio MP C4501/C5501 series Security Target Author : RICOH COMPANY, LTD. Date : 2011-07-18 Version : 1.00 Portions of Aficio MP C4501/C5501 series Security Target are reprinted with written permission from IEEE, 445 Hoes Lane, Piscataway, New Jersey 08855, from IEEE 2600.1, Protection Profile for
  • Ricoh Aficio MP C4501 | Security Target - Page 2
    Page 1 of 93 Version 1.00 Date 2011-07-18 Revision History Author RICOH COMPANY, LTD. Detail Publication version. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Ricoh Aficio MP C4501 | Security Target - Page 3
    10 1.4 TOE Description...11 1.4.1 Physical Boundary of TOE 11 1.4.2 Guidance Documents 14 1.4.3 Definition of Users ...18 1.4.3.1. Direct User ...18 1.4.3.2. Indirect User Assets ...26 1.4.5.1. User Data ...26 1.4.5.2. TSF Consistency Claim with Security Problems and Security Objectives in
  • Ricoh Aficio MP C4501 | Security Target - Page 4
    6.1.2 Class FCS: Cryptographic support 52 6.1.3 Class FDP: User data protection 53 6.1.4 Class FIA: Identification and authentication 58 6.1.5 Class FMT: 7.1 Audit Function ...80 7.2 Identification and Authentication Function 82 Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Ricoh Aficio MP C4501 | Security Target - Page 5
    86 7.5 Network Protection Function 87 7.6 Residual Data Overwrite Function 87 7.7 Stored Data Protection Function 88 7.8 Security Management Function 88 7.9 Software Verification Function 93 7.10 Fax Line Separation Function 93 Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Ricoh Aficio MP C4501 | Security Target - Page 6
    59 Table 25 : Rules for Initial Association of Attributes 61 Table 26 : User Roles for Security Attributes (a 62 Table 27 : User Roles for Security Attributes (b 63 Table 28 : Authorised Identified Roles Allowed to Override Default Values 64 Table 29 : List of TSF Data ...65 Table 30 : List of
  • Ricoh Aficio MP C4501 | Security Target - Page 7
    Role 83 Table 37 : Stored Documents Access Control Rules for Normal Users 85 Table 38 : Encrypted Communications Provided by the TOE 87 Table 39 : List of Static Initialisation for Security Attributes of Document Access Control SFP 92 Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Ricoh Aficio MP C4501 | Security Target - Page 8
    -Rotary MP C4501, Rex-Rotary MP C5501, MFPs Versions Software System/Copy Network Support Scanner Printer Fax RemoteFax Web Support Web Uapl NetworkDocBox animation PCL OptionPCLFont Engine 2.02 10.54 01.11.1 1.01 02.01.00 01.00.00 1.06 1.01 1.01 1.00 1.02 1.02 1.03:04 Copyright (c) 2011 RICOH
  • Ricoh Aficio MP C4501 | Security Target - Page 9
    MP C4501, infotec MP C5501, Savin C9145, Savin C9155, Savin C9145G, Savin C9155G FCU name Names Options Fax 03.00.00 Keywords : Digital MFP, Documents, Copy, Print, Scanner, Network, Office, Fax 1.3 TOE Overview This section defines TOE Type, TOE Usage and RICOH COMPANY, LTD. All rights reserved.
  • Ricoh Aficio MP C4501 | Security Target - Page 10
    The MFP is connected to the office LAN, and users can perform the following operations from fax, network transmission, and deletion of the stored documents. Also, the TOE receives information via telephone lines and can store it as a document. LAN Network used in the TOE environment. Copyright (c) 2011 RICOH
  • Ricoh Aficio MP C4501 | Security Target - Page 11
    the client computer, - Operation of documents using a Web browser installed on the client computer, - Storage and printing of documents using the printer driver installed on the client computer, - Storage and faxing of documents using the fax driver installed on the client computer. Telephone line
  • Ricoh Aficio MP C4501 | Security Target - Page 12
    boundary of the TOE is the MFP, which consists of the following hardware components (shown in Figure 2): Operation Panel Unit, Engine Unit, Fax Unit, Controller Board, HDD, Ic Ctlr, Network Unit, USB Port, SD Card Slot, and SD Card. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Ricoh Aficio MP C4501 | Security Target - Page 13
    TSF data for configuring MFP operations is stored. - Ic Key A security chip that has the functions of random number generation, cryptographic key generation Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Ricoh Aficio MP C4501 | Security Target - Page 14
    , Scanner, Printer, Fax, RemoteFax, Web Support, Web Uapl, NetworkDocBox, animation, PCL, OptionPCLFont, LANG0, and LANG1. These are part of the TOE and are included in the MFP Control Software. Operation Panel Unit (hereafter "Operation Panel") The Operation Panel is a user interface installed
  • Ricoh Aficio MP C4501 | Security Target - Page 15
    functions for HDD encryption realisation. user Aficio MP C3001/C3501/C4501/C4501A/C5501/C5501A Aficio MP C3001G/C3501G/C4501G/C4501AG/C5501G/C5501AG Operating Instructions Aficio MP C3001/C3501/C4501/C4501A/C5501/C5501A Aficio MP C3001G/C3501G/C4501G/C4501AG/C5501G/C5501AG Copyright (c) 2011 RICOH
  • Ricoh Aficio MP C4501 | Security Target - Page 16
    Printer Guide D088-7805 - Quick Reference Scanner Guide D088-7886 - App2Me Start Guide D085-7906B - Notes for Users D088-7608 - Notes for Users D088-7759A - Notes for Users D572-7010 - Manuals for Users Aficio MP C3001/MP C3001G/MP C3501/MP C3501G/MP C4501/MP C4501G/MP C4501A/MP
  • Ricoh Aficio MP C4501 | Security Target - Page 17
    Troubleshooting D088-7657 - Quick Reference Copy Guide D088-7529 - Quick Reference Printer Guide D086-7800 - Quick Reference Scanner Guide D088-7889 - App2Me Start Guide D085-7905B - Notes for Users D572-7010 - Manuals for Users Aficio MP C3001/MP C3001G/MP C3501/MP C3501G/MP C4501/MP
  • Ricoh Aficio MP C4501 | Security Target - Page 18
    Printer Guide D088-7804 - Quick Reference Scanner Guide D088-7885 - App2Me Start Guide D085-7904B - Manuals for This Machine D081-7602 - Notes for Users D088-7430 - Notes for Users D088-7420 - To Users of This Machine D029-7904 - Manuals for Users Aficio MP C3001/MP C3501/MP C4501/MP
  • Ricoh Aficio MP C4501 | Security Target - Page 19
    Troubleshooting D088-7655A - Quick Reference Copy Guide D088-7527 - Quick Reference Printer Guide D088-7805 - Quick Reference Scanner Guide D088-7887 - Notes for Users D088-7608 - Notes for Users D088-7759A - App2Me Start Guide D085-7906B - Manuals for Users Aficio MP C3001/MP C3501/MP
  • Ricoh Aficio MP C4501 | Security Target - Page 20
    management operations, which include issuing login names to normal users. An IT device connected to networks. RC Gate performs the @Remote Service Function of the TOE via RC Gate communication interface. Copy Function, Fax Function, Scanner Function, Printer Function, Document Server Function, and
  • Ricoh Aficio MP C4501 | Security Target - Page 21
    who belongs to the organisation which maintains TOE operation. The customer engineer is in charge of installation, setup, and maintenance of the TOE. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Ricoh Aficio MP C4501 | Security Target - Page 22
    image data from the Operation Panel. Magnification and other editorial jobs can be applied to the copy image. It can also be stored on the HDD as a Document Server document. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Ricoh Aficio MP C4501 | Security Target - Page 23
    sample print, the received documents will be stored on the HDD as printer documents. A dedicated password, which is used for locked print, is not subject to users first install the specified printer driver on their own client computers, and then use this function. Scanner Function The Scanner
  • Ricoh Aficio MP C4501 | Security Target - Page 24
    fax from the fax driver installed on the client computer. Fax documents are sent by fax from the Operation Panel or a Web browser. Documents can be sent by fax , deleted and downloaded from a Web browser. According to the guidance document, users first install the specified fax driver on their own
  • Ricoh Aficio MP C4501 | Security Target - Page 25
    Document Server documents. Also, users can print and delete fax documents. From a Web browser, users can print and delete Document Server documents, fax, print, download, and delete fax documents. Also, users can send scanner documents to folders or by e-mail, download and delete them. Management
  • Ricoh Aficio MP C4501 | Security Target - Page 26
    supervisor. To use the Printer or Fax Function from the printer or fax driver, a user will be required to enter his or her login user name and login password received from the printer or fax drivers, so that the user can be verified as a normal user. To use the @Remote Service Function from the RC
  • Ricoh Aficio MP C4501 | Security Target - Page 27
    of Scanner Function is used, the protection function can be enabled through encrypted communication with communication requirements that are specified for each e-mail address. If the LAN-Fax Transmission Function of Fax Function is used, the protection function can be enabled using the fax driver to
  • Ricoh Aficio MP C4501 | Security Target - Page 28
    in FlashROM and SD Card. The components that identify the TOE include System/Copy, Network Support, Scanner, Printer, Fax, RemoteFax, Web Support, Web Uapl, NetworkDocBox, animation, PCL, OptionPCLFont, LANG0, LANG1 and Data Erase Std. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Ricoh Aficio MP C4501 | Security Target - Page 29
    Kerberos Authentication method. An abbreviation of hard disk drive. In this document, unless otherwise specified, "HDD" indicates the HDD installed on the TOE. A sequence of operations of each TOE function (Copy Function, Document Server Function, Scanner Function, Printer Function and Fax Function
  • Ricoh Aficio MP C4501 | Security Target - Page 30
    does not include the login user names of MFP administrators whose access to the document data is possible for administration. Documents stored in the TOE so that they can be used with Document Server Function, Printer Function, Scanner Function, and Fax Function. Classification of stored documents
  • Ricoh Aficio MP C4501 | Security Target - Page 31
    stores the documents using the fax driver on client computer. Sometimes referred to as "PC FAX". General term for remote diagnosis maintenance services for the TOE. Also called @Remote Service. The facility where the centre server of @Remote is located. A function for users to request a repair to
  • Ricoh Aficio MP C4501 | Security Target - Page 32
    ver.1.0 Final) CCMB-2009-07-003 - Functional requirements: Part 2 extended - Assurance requirements: Part 3 conformance 2.2 PP Claims The PP to which this ST SCN conformant 2600.1-CPY conformant 2600.1-FAX conformant 2600.1-DSR conformant Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Ricoh Aficio MP C4501 | Security Target - Page 33
    connect telephone line. The HCDs combine these devices and equip one or more functions of Copy Function, Scanner Function, Printer Function or Fax Function. The Document Server Function is also available when installing the non-volatile memory medium, such as hard disk drive HDD problems problems
  • Ricoh Aficio MP C4501 | Security Target - Page 34
    problems 2600.1-FAX, 2600 .1-CPY, 2600.1-FAX, 2600.1-DSR, partly augmented and parts Authentication authentication method for RC Gate differs from the identification and authentication methods for normal users authentication method for normal users or administrator and the identification and authentication
  • Ricoh Aficio MP C4501 | Security Target - Page 35
    PP. Additional Rules on FDP_ACF.1.3(b) While FDP_ACF.1.3(b) in the PP allows users with administrator privileges to operate the TOE functions, this ST allows them to operate Fax Reception Function only, which is part of the TOE functions. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Ricoh Aficio MP C4501 | Security Target - Page 36
    The TOE allows the MFP administrator to delete document data and user jobs (document access control SFP, FDP_ACC.1(a) and FDP_ACF.1(a)), and the same time. The fax reception process, which is accessed when receiving from a telephone line, is regarded as a user with administrator privileges. Therefore
  • Ricoh Aficio MP C4501 | Security Target - Page 37
    Security Problem to persons without a login user name, or to persons with a login user name but without altered by persons without a login user name, or by persons with a login user name but without an to persons without a login user name, or to persons with a login user name but without an access
  • Ricoh Aficio MP C4501 | Security Target - Page 38
    Page 37 of 93 P.USER.AUTHORIZATION User identification and authentication Only users with operation permission of the environment. P.STORAGE.ENCRYPTION Encryption of storage devices The data stored on the HDD inside the TOE shall be encrypted. P.RCGATE.COMM.PROTECT Protection of communication
  • Ricoh Aficio MP C4501 | Security Target - Page 39
    are competent to correctly configure and operate the TOE in accordance with the guidance document following those policies and procedures. A.ADMIN.TRUST Trusted administrator The responsible manager of MFP selects administrators who do not use their privileged access rights for malicious purposes
  • Ricoh Aficio MP C4501 | Security Target - Page 40
    login user name, or by persons with a login user user job alteration The TOE shall protect user jobs from unauthorised alteration by persons without a login user name, or by persons with a login user login user name, or by persons with a login user login user name, or by persons with a login user
  • Ricoh Aficio MP C4501 | Security Target - Page 41
    USER.AUTHORIZED User identification and authentication The TOE shall require identification and authentication of users and shall ensure that users data is encrypted first and then stored on the HDD. O.RCGATE.COMM.PROTECT Protection of communication with RC RICOH COMPANY, LTD. All rights reserved.
  • Ricoh Aficio MP C4501 | Security Target - Page 42
    ensure that users are aware of the security policies and procedures of their organisation and have the competence to follow those policies and procedures. OE.ADMIN.TRAINED Administrator security violations or unusual patterns of activity. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Ricoh Aficio MP C4501 | Security Target - Page 43
    CONF.ALT X X X P.USER.AUTHORIZATION X X P.SOFTWARE.VERIFICATION X P.AUDIT.LOGGING X XXX P.INTERFACE.MANAGEMENT X X P.STORAGE.ENCRYPTION X P.RCGATE.COMM.PROTECT X A.ACCESS.MANAGED X A.ADMIN.TRAINING X A.ADMIN.TRUST X A.USER.TRAINING X Copyright (c) 2011 RICOH COMPANY, LTD. All
  • Ricoh Aficio MP C4501 | Security Target - Page 44
    , the TOE requires identification and authentication of users, and users are authorised in accordance with the security policies before being allowed to use the TOE. By O.FUNC.NO_ALT, the TOE protects the user jobs from unauthorised alteration by persons without a login user name, or by persons with
  • Ricoh Aficio MP C4501 | Security Target - Page 45
    and authentication of users, and users are authorised in accordance with the security policies before being allowed to use the TOE. By O.CONF.NO_DIS, the TOE protects the TSF confidential data from unauthorised disclosure by persons without a login user name, or by persons with a login user name
  • Ricoh Aficio MP C4501 | Security Target - Page 46
    the data to be written on the HDD, and written on the HDD shall be those encrypted data. P.STORAGE. . By OE.PHYSICAL.MANAGED, the TOE is located in a restricted or monitored environment according to A.ADMIN.TRAINING A.ADMIN.TRAINING is upheld by OE.ADMIN.TRAINED. Copyright (c) 2011 RICOH COMPANY,
  • Ricoh Aficio MP C4501 | Security Target - Page 47
    not abuse their privileges in accordance with the guidance documents. A.ADMIN.TRUST is upheld by this objective. A.USER.TRAINING A.USER.TRAINING is upheld by OE.USER.TRAINED. By OE.USER.TRAINED, the responsible manager of MFP instructs the users in accordance with the guidance documents to make them
  • Ricoh Aficio MP C4501 | Security Target - Page 48
    misuse external interfaces to violate the security of the TOE or devices that are connected to the TOE's external interfaces. Therefore, direct forwarding of unprocessed data between to be transferred to another external interface. Examples Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Ricoh Aficio MP C4501 | Security Target - Page 49
    . Therefore, the authors decided to define an extended component to address this functionality. This extended component protects both user data and TSF data, and it could therefore be placed in [assignment: the LAN and telephone line]. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Ricoh Aficio MP C4501 | Security Target - Page 50
    login user names that attempted the user identification for FIA_UID.1, communication direction of Web Function, communication IP address of the communication used for Web Function and folder transmission, recipient's e-mail address : Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Ricoh Aficio MP C4501 | Security Target - Page 51
    performed before authentication of the user. a) Minimal: Unsuccessful use of the - Start and end operation of storing document data. - Start and end operation of printing document data. - Start and end operation of downloading document data. - Start and end operation of faxing document data
  • Ricoh Aficio MP C4501 | Security Target - Page 52
    authentication mechanism. a) Minimal: Unsuccessful use of the user identification mechanism, including the user identity provided; b) Basic: All use of the user identification mechanism, including the user login operation b) Basic: Success and failure of login operation. Also includes the user
  • Ricoh Aficio MP C4501 | Security Target - Page 53
    prohibit all users read access to the audit records, except those users that have been granted explicit read-access. 6.1.2 Class FCS: Cryptographic support FCS_CKM.1 Cryptographic cryptographic key generation algorithm in Table 13] and Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Ricoh Aficio MP C4501 | Security Target - Page 54
    Size 256 bits Cryptographic Operation - Encryption when writing the data on HDD - Decryption when reading the data from HDD 6.1.3 Class FDP: User data protection FDP_ACC , objects, and operations among subjects and objects in Table 15]. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Ricoh Aficio MP C4501 | Security Target - Page 55
    17]. Table 17 : Subjects, Objects and Security Attributes (a) Category Subject Subjects or Objects Normal user process Subject MFP administrator process Security Attributes - Login user name of normal user - User role - User role Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Ricoh Aficio MP C4501 | Security Target - Page 56
    Not allowed. However, it is allowed for normal user process with login user name of normal user registered on document user list for document data. Not allowed. However, it is allowed for normal user process that created the document data. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Ricoh Aficio MP C4501 | Security Target - Page 57
    . However, it is allowed for normal user process with login user name of normal user registered on document user list for document data. Not allowed. However, it is allowed for normal user process with login user name of normal user registered on document user list for document data. Not allowed
  • Ricoh Aficio MP C4501 | Security Target - Page 58
    Security Attributes - Login user name of normal user - Available function list - User role - User role - User role - Function type user process. FDP_ACF.1.3(b) The TSF shall explicitly authorise access of subjects to objects based on the following additional rules: [assignment: rules that the Fax
  • Ricoh Aficio MP C4501 | Security Target - Page 59
    Events of Basic Authentication FIA_AFL.1.2 Authentication Events User authentication using the Operation Panel User authentication using the TOE from client computer Web browser User authentication when printing from the client computer User authentication when using LAN Fax from client computer
  • Ricoh Aficio MP C4501 | Security Target - Page 60
    from a Web browser, system status, counter and information of inquiries, execution of fax reception, and repair request notification] on behalf of the user to be performed before the user is authenticated (refinement: authentication with Basic Authentication). Copyright (c) 2011 RICOH COMPANY, LTD
  • Ricoh Aficio MP C4501 | Security Target - Page 61
    the list of user jobs, Web Image Monitor Help from a Web browser, system status, counter and information of inquiries, execution of fax reception, and repair request notification] on behalf of the user to be performed before the user is authenticated (refinement: authentication of MFP administrator
  • Ricoh Aficio MP C4501 | Security Target - Page 62
    61 of 93 of fax reception, and repair request notification] on behalf of the user to be performed before the user is identified (refinement: authentication of MFP administrator and supervisor with Basic Authentication, and identification of normal user with external authentication server). FIA_UID
  • Ricoh Aficio MP C4501 | Security Target - Page 63
    permission in Table 26]. Table 26 : User Roles for Security Attributes (a) Security Attributes Login user name of normal user for Basic Authentication Login user name of normal user for External Authentication Login user name of supervisor Login user name of MFP administrator Document data
  • Ricoh Aficio MP C4501 | Security Target - Page 64
    User Roles for Security Attributes (b) Security Attributes Login user name of normal user for Basic Authentication Login user name of normal user for External Authentication Available function list Function type User to provide [selection: restrictive] default values for security attributes that are
  • Ricoh Aficio MP C4501 | Security Target - Page 65
    Default Values Objects Document data Document data [when document data attribute is (+DSR)] Document data [when document data attributes are (+PRT), (+SCN), (+CPY), (+FAXIN), and (+FAXOUT)] User job Security Attributes Document data attribute Document user list Document user list Login user
  • Ricoh Aficio MP C4501 | Security Target - Page 66
    the user roles in Table 29]. Table 29 : List of TSF Data TSF Data Login password of normal user for Basic Authentication Login password of supervisor Login password Basic Authentication Password complexity setting for Basic Authentication Audit logs HDD cryptographic key S/MIME user information
  • Ricoh Aficio MP C4501 | Security Target - Page 67
    by supervisor New creation and modification of login password of normal user by MFP administrator when the Basic Authentication is used Modification of own login password by normal user when the Basic Authentication is used Modification of login password of supervisor by supervisor Modification of
  • Ricoh Aficio MP C4501 | Security Target - Page 68
    Query of date and time by normal user Query and deletion of audit logs by MFP administrator New creation of HDD encryption key by MFP administrator New creation, normal user Query and modification of users for stored and received documents by MFP administrator Query of user authentication method
  • Ricoh Aficio MP C4501 | Security Target - Page 69
    completion of document data reception from the printer driver, completion of document data reception from the fax driver, and termination of communication with RC Gate the assurance components of the TOE. ALC_FLR.2 was added to the set of components defined in evaluation assurance level 3 (EAL3).
  • Ricoh Aficio MP C4501 | Security Target - Page 70
    : Development AGD: Guidance documents ALC: Life-cycle support ASE: Security Target evaluation ATE: Tests AVA: Vulnerability design Operational user guidance Preparative Derived security requirements Security problem definition TOE summary specification (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Ricoh Aficio MP C4501 | Security Target - Page 71
    O.FUNC.NO_ALT O.PROT.NO_ALT O.CONF.NO_DI S O.CONF.NO_ALT O.USER.AUTHORIZED O.INTERFACE.MANAGED O.SOFTWARE.VERIFIED O.AUDIT.LOGGED O.STORAGE.ENCRYPTED O. .1(b) FMT_MSA.3(a) X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Ricoh Aficio MP C4501 | Security Target - Page 72
    of the security attributes. FMT_MSA.1(a) specifies the available operations (newly create, query, modify and delete) on the login user name, and available operations (query and modify) on the document user list, and a specified user Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Ricoh Aficio MP C4501 | Security Target - Page 73
    login user name, or by persons with a login user user jobs. Deletion is the only modification operation on this TOE's user jobs. (2) Use trusted channels for sending or receiving user jobs. The user jobs sent and received by the TOE via the LAN are protected by FTP_ITC.1. Copyright (c) 2011 RICOH
  • Ricoh Aficio MP C4501 | Security Target - Page 74
    the login password of normal user. A supervisor is allowed to operate the login password of supervisor. The supervisor and applicable MFP administrator are allowed to operate the login password of administrator. The MFP administrator is only allowed to operate the audit log and HDD cryptographic
  • Ricoh Aficio MP C4501 | Security Target - Page 75
    and verification of secrets are the security policies for authentication using passwords when the TOE is accessed from the Operation Panel or a Web browser of client computer, documents are printed by using the client computer, and faxed by LAN fax from the client computer. To fulfil this security
  • Ricoh Aficio MP C4501 | Security Target - Page 76
    completion of document data reception from the printer driver or fax driver. The TOE terminates the session with RC Gate after completing the communication with RC Gate. (5) Management of the security attributes. According to FMT_MSA.1(b), the login user name and available function list of normal
  • Ricoh Aficio MP C4501 | Security Target - Page 77
    , O.AUDIT.LOGGED is fulfilled. O.STORAGE.ENCRYPTED Encryption of storage devices O.STORAGE.ENCRYPTED is the security objective to ensure the data to be written into the HDD is encrypted. To fulfil this security objective, it is required to implement the following countermeasures. Copyright (c) 2011
  • Ricoh Aficio MP C4501 | Security Target - Page 78
    from the HDD. (3) Manage the TSF data. FMT_MTD.1 allows the MFP administrator to manage the cryptographic keys. (4) Specification of Management Function. FMT_SMF.1 performs the required Management Functions for Security Function. (5) Specification of the roles. FMT_SMR.1 maintains the users who have
  • Ricoh Aficio MP C4501 | Security Target - Page 79
    .4 None None None None None None None None None None None None None None None None None None None None None None None Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
  • Ricoh Aficio MP C4501 | Security Target - Page 80
    cryptographic key that is used for the HDD encryption of this TOE at the start of TOE the cryptographic key will be continuously used for the HDD and will not be deleted. Therefore, cryptographic key (ALC_FLR.2). Based on the terms and costs of the evaluation, the evaluation assurance level of
  • Ricoh Aficio MP C4501 | Security Target - Page 81
    in a legible fashion for users to audit (audit log in Table 35, on the HDD in the TOE when audit Web browser screen only when it is accessed by the MFP administrator. The TOE provides the audit logs in a text format when the MFP administrator instructs login operations (*2) Success and failure of login
  • Ricoh Aficio MP C4501 | Security Target - Page 82
    81 of 93 Termination of session by auto logout Web Function communication Folder transmission E-mail transmission Printing via networks LAN Fax via networks Storing document data Reading document data (print, download, fax transmission, e-mail transmission, and folder transmission) Deleting document
  • Ricoh Aficio MP C4501 | Security Target - Page 83
    Web browser, the screen for a user to enter his or her login user name and login password is displayed, and this screen will be displayed until the entry of the login user name and login password is complete. When the TOE is used from the printer driver or fax driver, the TOE receives the login user
  • Ricoh Aficio MP C4501 | Security Target - Page 84
    by default) elapses after the final operation from a Web browser by the user who logs on to the TOE from a Web browser. The TOE logs out immediately after receiving the print data from the printer driver. The TOE logs out immediately after receiving the transmission information from the fax driver
  • Ricoh Aficio MP C4501 | Security Target - Page 85
    Page 84 of 93 FIA_SOS.1 Login passwords for users can be registered only if these passwords meet the following conditions: (1) FIA_UAU.2, FIA_UID.2, and FIA_USB.1 A certificate is a set of identification and authentication information of RC Gate. When the TOE receives a certificate from an IT
  • Ricoh Aficio MP C4501 | Security Target - Page 86
    list are shown in "7.8 Security Management Function". Also, the TOE allows only the user job owner to view and delete the document data handled as a user job while Copy Function, Printer Function, Scanner Function, Fax Function, or Document Server Function is being used. While no interface to change
  • Ricoh Aficio MP C4501 | Security Target - Page 87
    Function is to authorise TOE users to use Copy Function, Printer Function, Scanner Function, Document Server Function and Fax Function in accordance with the roles of the identified and authenticated TOE users and user privileges set for each user. Copyright (c) 2011 RICOH COMPANY, LTD. All rights
  • Ricoh Aficio MP C4501 | Security Target - Page 88
    user who attempts to start operating Copy Function, Printer Function, Scanner Function, Document Server Function, and Fax Function. If the role is that of normal user, the user authentication on the HDD and disable user deletes document data, the TOE Copyright (c) 2011 RICOH COMPANY, LTD. All
  • Ricoh Aficio MP C4501 | Security Target - Page 89
    AES Key Size 256 bits Following operations by the MFP administrator, the TOE generates a cryptographic key. If a login user is the MFP administrator, the screen to generate an HDD cryptographic key is provided from the Operation Panel. If the MFP administrator gives instructions to generate an
  • Ricoh Aficio MP C4501 | Security Target - Page 90
    applied Login user names of normal users when External Authentication is applied (*1) Login user name of supervisor Login user name of MFP administrator Document data attributes Document user list Stored document types are Document Server document, scanner document, fax document and printer document
  • Ricoh Aficio MP C4501 | Security Target - Page 91
    Function types User roles Login passwords of normal users when Basic Authentication is applied Login password of supervisor Login password of MFP administrator No operation interfaces available No operation interfaces available Operation Panel, Web browser No operations allowed No operations
  • Ricoh Aficio MP C4501 | Security Target - Page 92
    fax document, the list will be modified to the values of the stored and received document users. FMT_MSA.3(a) and FMT_MSA.3(b) The TOE sets default values for objects and subjects according to the rules described in Table 41 when those objects and subjects are generated. Copyright (c) 2011 RICOH
  • Ricoh Aficio MP C4501 | Security Target - Page 93
    user list. Login user name of normal user Available function lists Login user name of a normal user who newly creates a user job. Values to indicate whether or not Copy Function, Printer Function, Scanner Function, Document Server Function, or Fax Function is available. For Basic Authentication
  • Ricoh Aficio MP C4501 | Security Target - Page 94
    Printer Function, values to identify Printer Function. For Scanner Function, values to identify Scanner Function. For Fax Function, values to identify Fax TOE displays the error message and becomes unavailable 10 Fax Line Separation Function The Fax Line Separation Function is to receive only faxes
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
Aficio MP C4501/C5501 series
Security Target
Author : RICOH COMPANY, LTD.
Date
: 2011-07-18
Version : 1.00
Portions of Aficio MP C4501/C5501 series Security Target are reprinted with
written permission from IEEE, 445 Hoes Lane, Piscataway, New Jersey
08855, from IEEE 2600.1, Protection Profile for Hardcopy Devices,
Operational Environment A, Copyright © 2009 IEEE. All rights reserved.
This document is a translation of the evaluated and certified security target
written in Japanese.