Ricoh Aficio MP C3502 Security Target - Page 24
Remote Service Function, Audit Function, Identification and Authentication Function, Document Access
View all Ricoh Aficio MP C3502 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 24 highlights
Page 23 of 93 @Remote Service Function The @Remote Service Function is for the TOE to communicate with RC Gate via networks for @Remote Service. In this function, [Proh. Some Services] is selected for @Remote setting information. The scope of evaluation covers the operation with a restriction of access to the protected assets and software of the TOE. 1.4.4.2. Security Functions The Security Functions are described as follows: Audit Function The Audit Function is to generate the audit log of TOE use and security-relevant events (hereafter, "audit events"). Also, this function provides the recorded audit log in a legible fashion for users to audit. This function can be used only by the MFP administrator to view and delete the recorded audit log. To view and delete the audit log, the Web Function will be used. Identification and Authentication Function The Identification and Authentication Function is to verify persons before they use the TOE. The persons are allowed to use the TOE only when confirmed as the authorised user. Users can use the TOE from the Operation Panel or via the network. By the network, users can use the TOE from a Web browser, printer/fax driver, and RC Gate. A person who attempts to use the TOE from the Operation Panel or a Web browser will be required to enter his or her login user name and login password so that he or she can be verified as a normal user, MFP administrator, or supervisor. A person who attempts to use the Printer or Fax Function from the printer or fax driver will be required to enter his or her login user name and login password received from the printer or fax drivers, so that he or she can be verified as a normal user. A person who attempts to use the @Remote Service Function from the RC Gate communication interface will be verified whether the communication request is sent from RC Gate. Methods to verify normal users are Basic Authentication and external server authentication. The users will be verified by the MFP administrator-specified procedure, whereas the MFP administrator and supervisor can be verified only by the Basic Authentication. This function includes protection functions for the authentication feedback area, where dummy characters are displayed if a login password is entered using the Operation Panel. In addition to this and for the Basic Authentication only, this function can be used to register passwords that fulfil the requirements of the Minimum Character No. (i.e. minimum password length) and obligatory character types the MFP administrator specifies, so that the lockout function can be enabled and login password quality can be protected. Document Access Control Function The Document Access Control Function is to authorise the operations for documents and user jobs by the authorised TOE users who are authenticated by Identification and Authentication Function. It allows user's Copyright (c) 2012 RICOH COMPANY, LTD. All rights reserved.