Ricoh Aficio MP C305 Security Target - Page 23

Remote Service Function, Audit Function, Identification and Authentication Function

Page 23 highlights

Page 22 of 91 To use this function, the TOE user needs to install the designated Web browser on the client computer following the guidance documents and connect the client computer to the TOE via the LAN. @Remote Service Function The @Remote Service Function is for the TOE to communicate with RC Gate via networks for @Remote Service. In this function, [Proh. Some Services] is selected for @Remote setting information. The scope of evaluation covers the operation with a restriction of access to the protected assets and software of the TOE. 1.4.4.2. Security Functions The Security Functions are described as follows: Audit Function The Audit Function is to generate the audit log of TOE use and security-relevant events (hereafter, "audit events"). Also, this function provides the recorded audit log in a legible fashion for users to audit. This function can be used only by the MFP administrator to view and delete the recorded audit log. To view and delete the audit log, WIM will be used. Identification and Authentication Function The Identification and Authentication Function is to verify persons before they use the TOE. The persons are allowed to use the TOE only when confirmed as the authorised user. Users can use the TOE from the Operation Panel or via the network. By the network, users can use the TOE from a Web browser, printer/fax driver, and RC Gate. A person who attempts to use the TOE from the Operation Panel or a Web browser will be required to enter his or her login user name and login password so that he or she can be verified as a normal user, MFP administrator, or supervisor. A person who attempts to use the Printer or Fax Function from the printer or fax driver will be required to enter his or her login user name and login password received from the printer or fax drivers, so that he or she can be verified as a normal user. A person who attempts to use the @Remote Service Function from the RC Gate communication interface will be verified whether the communication request is sent from RC Gate. Methods to verify normal users are Basic Authentication and external server authentication. The users will be verified by the MFP administrator-specified procedure, whereas the MFP administrator and supervisor can be verified only by the Basic Authentication. This function includes protection functions for the authentication feedback area, where dummy characters are displayed if a login password is entered using the Operation Panel. In addition to this and for the Basic Authentication only, this function can be used to register passwords that fulfil the requirements of the Minimum Character No. (i.e. minimum password length) and obligatory character types the MFP administrator specifies, so that the lockout function can be enabled and login password quality can be protected. Copyright (c) 2012 RICOH COMPANY, LTD. All rights reserved.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92

Page 22 of
91
Copyright (c) 2012 RICOH COMPANY, LTD. All rights reserved.
To use this function, the TOE user needs to install the designated Web browser on the client computer
following the guidance documents and connect the client computer to the TOE via the LAN.
@Remote Service Function
The @Remote Service Function is for the TOE to communicate with RC Gate via networks for @Remote
Service.
In this function, [Proh. Some Services] is selected for @Remote setting information. The scope of evaluation
covers the operation with a restriction of access to the protected assets and software of the TOE.
1.4.4.2.
Security Functions
The Security Functions are described as follows:
Audit Function
The Audit Function is to generate the audit log of TOE use and security-relevant events (hereafter, "audit
events"). Also, this function provides the recorded audit log in a legible fashion for users to audit. This
function can be used only by the MFP administrator to view and delete the recorded audit log. To view and
delete the audit log, WIM will be used.
Identification and Authentication Function
The Identification and Authentication Function is to verify persons before they use the TOE. The persons are
allowed to use the TOE only when confirmed as the authorised user.
Users can use the TOE from the Operation Panel or via the network. By the network, users can use the TOE
from a Web browser, printer/fax driver, and RC Gate.
A person who attempts to use the TOE from the Operation Panel or a Web browser will be required to enter
his or her login user name and login password so that he or she can be verified as a normal user, MFP
administrator, or supervisor.
A person who attempts to use the Printer or Fax Function from the printer or fax driver will be required to
enter his or her login user name and login password received from the printer or fax drivers, so that he or she
can be verified as a normal user.
A person who attempts to use the @Remote Service Function from the RC Gate communication interface
will be verified whether the communication request is sent from RC Gate.
Methods to verify normal users are Basic Authentication and external server authentication. The users will be
verified by the MFP administrator-specified procedure, whereas the MFP administrator and supervisor can
be verified only by the Basic Authentication.
This function includes protection functions for the authentication feedback area, where dummy characters are
displayed if a login password is entered using the Operation Panel. In addition to this and for the Basic
Authentication only, this function can be used to register passwords that fulfil the requirements of the
Minimum Character No. (i.e. minimum password length) and obligatory character types the MFP
administrator specifies, so that the lockout function can be enabled and login password quality can be
protected.