Ricoh Aficio MP 3350B Security Target - Page 70

From the above, FIA_AFL.1 Authentication failure handling and FMT_SMF.1 Specification - service manual

Get Ricoh Aficio MP 3350B PDF manuals and user guides View all Ricoh Aficio MP 3350B manuals
Add to My Manuals
Save this manual to your list of manuals

Page 70 highlights

Page 70 of 83 meets the Number of Attempts before Lockout, the TOE Lockouts the user and the Lockout Flag for that user is set to "Active". The number of times for Number of Attempts before Lockout is set by the Machine Administrator to a value between 1 and 5. In addition, when successfully authenticated with the Identification and Authentication described in "7.1.2.1 User Identification and Authentication", the TOE resets the consecutive number of times of failure for that user to zero and starts counting from 0. When either of the two Lockout release actions, (1) or (2), described below is taken for a user whose Lockout Flags are set to "Active", the TOE sets the Lockout Flags for that user to "Inactive" and releases Lockout. (1) Auto Lockout Release After a user is locked out and Lockout release time elapses, that user's first identification and authentication releases his/her Lockout. The Lockout release time is set between 1 and 9999 minutes (by minutes) by the Machine Administrator. The Machine Administrator can also set the Lockout release time to an indefinite time. If the Lockout release time is set to an indefinite time, Lockout for users can only be released by Manual Lockout Release. (2) Manual Lockout Release The Unlocking Administrators, who are set for each user role shown in Table 28, are allowed to release Lockout using Web Service Function. As a special Lockout release operation, when Administrators (all Administrator Roles) and a Supervisor are locked out, Lockout is released by restarting the TOE. Table 28: Unlocking Administrators for Each User Role User roles (Locked out Users) General Users Administrators (all Administrator Roles) Supervisor Unlocking Administrators User Administrator Supervisor Machine Administrator From the above, FIA_AFL.1 (Authentication failure handling) and FMT_SMF.1 (Specification of Management Functions) are accomplished. 7.1.2.3 Password Feedback Area Protection The TOE displays a protection character (*: asterisk or -: black dot) in place of each password character entered from the Operation Panel or web browser of client PC by General Users, Administrators, and a Supervisor. From the above, FIA_UAU.7 (Protected authentication feedback) is accomplished. 7.1.2.4 Password Registration The TOE provides the function to register and change the passwords of General Users, Administrators and a Supervisor, from the Operation Panel and Web Service Function using the characters described below (1). It checks if the password to be registered or changed meets the condition (2) and (3) described below. If the Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
Page 70 of 83
meets the Number of Attempts before Lockout, the TOE Lockouts the user and the Lockout Flag for that
user is set to "Active". The number of times for Number of Attempts before Lockout is set by the Machine
Administrator to a value between 1 and 5.
In addition, when successfully authenticated with the Identification and Authentication described in "7.1.2.1
User Identification and Authentication", the TOE resets the consecutive number of times of failure for that
user to zero and starts counting from 0.
When either of the two Lockout release actions, (1) or (2), described below is taken for a user whose
Lockout Flags are set to "Active", the TOE sets the Lockout Flags for that user to "Inactive" and releases
Lockout.
(1) Auto Lockout Release
After a user is locked out and Lockout release time elapses, that user's first identification and
authentication releases his/her Lockout. The Lockout release time is set between 1 and 9999 minutes (by
minutes) by the Machine Administrator. The Machine Administrator can also set the Lockout release
time to an indefinite time. If the Lockout release time is set to an indefinite time, Lockout for users can
only be released by Manual Lockout Release.
(2) Manual Lockout Release
The Unlocking Administrators, who are set for each user role shown in Table 28, are allowed to release
Lockout using Web Service Function. As a special Lockout release operation, when Administrators (all
Administrator Roles) and a Supervisor are locked out, Lockout is released by restarting the TOE.
Table 28: Unlocking Administrators for Each User Role
User roles (Locked out Users)
Unlocking Administrators
General Users
User Administrator
Administrators (all Administrator Roles)
Supervisor
Supervisor
Machine Administrator
From the above, FIA_AFL.1 (Authentication failure handling) and FMT_SMF.1 (Specification of
Management Functions) are accomplished.
7.1.2.3
Password Feedback Area Protection
The TOE displays a protection character (*: asterisk or -: black dot) in place of each password character
entered from the Operation Panel or web browser of client PC by General Users, Administrators, and a
Supervisor.
From the above, FIA_UAU.7 (Protected authentication feedback) is accomplished.
7.1.2.4
Password Registration
The TOE provides the function to register and change the passwords of General Users, Administrators and a
Supervisor, from the Operation Panel and Web Service Function using the characters described below (1).
It checks if the password to be registered or changed meets the condition (2) and (3) described below. If the
Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.