Ricoh Aficio MP 3350B Security Target - Page 69

General User process with General User ID and Document Data Default ACL, and maintains those

Get Ricoh Aficio MP 3350B PDF manuals and user guides View all Ricoh Aficio MP 3350B manuals
Add to My Manuals
Save this manual to your list of manuals

Page 69 highlights

7.1.2 SF.I&A User Identification and Authentication Function Page 69 of 83 The TOE identifies and authenticates users prior to the use of the TOE security functions to allow the authorised users to operate the TOE according to their roles and authorisation. The following are the explanations of each functional item in "SF.I&A User Identification and Authentication Function" and their corresponding security functional requirements. 7.1.2.1 User Identification and Authentication The TOE displays a login window to users who attempt to use the TOE security functions from the Operation Panel or Web Service Function, requires them to enter their user IDs and passwords, and then identifies and authenticates the users with the entered user IDs and passwords. In addition, when receiving requests for printing or fax transmission, the TOE identifies and authenticates the users with the user IDs and passwords that are sent from the client PC. The TOE binds the successfully authenticated users and their processes (General User process, Administrator process, or Supervisor process) according to their user roles (General Users, Administrators, or a Supervisor), associates each process with the security attributes of that role, and maintains those bindings and associations. When the user is a General User, the TOE binds the General User with General User process, associates General User process with General User ID and Document Data Default ACL, and maintains those bindings and associations. When the user is an Administrator, the TOE binds the Administrator with Administrator process, associates Administrator process with Administrator ID and Administrator Roles, and maintains those bindings and associations. When the user is a Supervisor, the TOE binds the Supervisor with Supervisor process, associates Supervisor process with Supervisor ID, and maintains those bindings and associations. The authentication methods vary by the user role. Table 27 shows the authentication methods for each user role. Table 27: User Roles and Authentication Methods User roles General Users Administrators Supervisor Authentication methods Check if the user IDs and passwords entered into the TOE by users match the General User IDs and their passwords registered for Address Book. Check if the user IDs and passwords entered into the TOE by users match the Administrator IDs and their passwords registered for the TOE. Check if the user IDs and passwords entered into the TOE by users match the Supervisor ID and password registered for the TOE. From the above, FIA_ATD.1 (User attribute definition), FIA_UAU.2 (User authentication before any action), FIA_UID.2 (User identification before any action), FIA_USB.1 (User-subject binding), FMT_SMF.1 (Specification of Management Functions) and FMT_SMR.1 (Security Roles) are accomplished. 7.1.2.2 Action in case of Identification and Authentication Failure The TOE counts the number of times of each user ID's Identification and Authentication failure, described in "7.1.2.1 User Identification and Authentication". When a user ID's consecutive numbers of times of failure Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
Page 69 of 83
7.1.2
SF.I&A
User Identification and Authentication Function
The TOE identifies and authenticates users prior to the use of the TOE security functions to allow the
authorised users to operate the TOE according to their roles and authorisation.
The following are the explanations of each functional item in "SF.I&A
User Identification
and Authentication Function" and their corresponding security functional requirements.
7.1.2.1
User Identification and Authentication
The TOE displays a login window to users who attempt to use the TOE security functions from the
Operation Panel or Web Service Function, requires them to enter their user IDs and passwords, and then
identifies and authenticates the users with the entered user IDs and passwords.
In addition, when receiving requests for printing or fax transmission, the TOE identifies and authenticates the
users with the user IDs and passwords that are sent from the client PC.
The TOE binds the successfully authenticated users and their processes (General User process, Administrator
process, or Supervisor process) according to their user roles (General Users, Administrators, or a Supervisor),
associates each process with the security attributes of that role, and maintains those bindings and associations.
When the user is a General User, the TOE binds the General User with General User process, associates
General User process with General User ID and Document Data Default ACL, and maintains those bindings
and associations. When the user is an Administrator, the TOE binds the Administrator with Administrator
process, associates Administrator process with Administrator ID and Administrator Roles, and maintains
those bindings and associations. When the user is a Supervisor, the TOE binds the Supervisor with
Supervisor process, associates Supervisor process with Supervisor ID, and maintains those bindings and
associations.
The authentication methods vary by the user role. Table 27 shows the authentication methods for each user
role.
Table 27: User Roles and Authentication Methods
User roles
Authentication methods
General Users
Check if the user IDs and passwords entered into the TOE by users match the
General User IDs and their passwords registered for Address Book.
Administrators
Check if the user IDs and passwords entered into the TOE by users match the
Administrator IDs and their passwords registered for the TOE.
Supervisor
Check if the user IDs and passwords entered into the TOE by users match the
Supervisor ID and password registered for the TOE.
From the above, FIA_ATD.1 (User attribute definition), FIA_UAU.2 (User authentication before any action),
FIA_UID.2 (User identification before any action), FIA_USB.1 (User-subject binding), FMT_SMF.1
(Specification of Management Functions) and FMT_SMR.1 (Security Roles) are accomplished.
7.1.2.2
Action in case of Identification and Authentication Failure
The TOE counts the number of times of each user ID's Identification and Authentication failure, described in
"7.1.2.1 User Identification and Authentication". When a user ID's consecutive numbers of times of failure
Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.