Security Target
Page 14
... Scanner Engine or Printer Engine according to instructions from the key switches and the LCD touch screen to the Controller Board. 2. Copyright (c) 2011 RICOH COMPANY, LTD. FlashROM A non-volatile memory medium in the Engine Control Board. The Operation Control Board is shipped. - HDD The HDD is...that has a modem function for communication. FCU, which is one of the following : 1. It stores documents, login user names and login passwords of the TOE and are part of normal users. These are included in the MFP Control Software. The Operation Panel Control Software performs the ...
... Scanner Engine or Printer Engine according to instructions from the key switches and the LCD touch screen to the Controller Board. 2. Copyright (c) 2011 RICOH COMPANY, LTD. FlashROM A non-volatile memory medium in the Engine Control Board. The Operation Control Board is shipped. - HDD The HDD is...that has a modem function for communication. FCU, which is one of the following : 1. It stores documents, login user names and login passwords of the TOE and are part of normal users. These are included in the MFP Control Software. The Operation Panel Control Software performs the ...
Security Target
Page 20
...An IT device connected to normal users. Up to four MFP administrators can be used. Authorised to delete and register the login password of the MFP administrator. Definition of Administrator Supervisor MFP administrator Table 7 : List of Administrative Roles Management Privileges Supervisor User management...TOE. This privilege allows configuration of network settings. This privilege allows access management of MFP Copyright (c) 2011 RICOH COMPANY, LTD. Indirect User Responsible manager of stored documents. 1.4.3.2. A user who has all management privileges (Table 7).
...An IT device connected to normal users. Up to four MFP administrators can be used. Authorised to delete and register the login password of the MFP administrator. Definition of Administrator Supervisor MFP administrator Table 7 : List of Administrative Roles Management Privileges Supervisor User management...TOE. This privilege allows configuration of network settings. This privilege allows access management of MFP Copyright (c) 2011 RICOH COMPANY, LTD. Indirect User Responsible manager of stored documents. 1.4.3.2. A user who has all management privileges (Table 7).
Security Target
Page 23
...Operating from the Operation Panel. - The documents stored in the TOE, so that they can be stored on the client computer. Copyright (c) 2011 RICOH COMPANY, LTD. The TOE receives documents from the printer driver installed on the client computer. The documents will be stored in the TOE. The... can print or delete printer documents according to the operations by users from a Web browser The TOE can be ensured. A dedicated password, which secure communication can be printed. Deleting printer documents by the TOE The deletion of TOE is to scan paper documents by using...
...Operating from the Operation Panel. - The documents stored in the TOE, so that they can be stored on the client computer. Copyright (c) 2011 RICOH COMPANY, LTD. The TOE receives documents from the printer driver installed on the client computer. The documents will be stored in the TOE. The... can print or delete printer documents according to the operations by users from a Web browser The TOE can be ensured. A dedicated password, which secure communication can be printed. Deleting printer documents by the TOE The deletion of TOE is to scan paper documents by using...
Security Target
Page 26
...a normal user, MFP administrator, or supervisor. To use of Scanner Function is used , the protection function can be protected. minimum password length) and obligatory character types the MFP administrator specifies, so that the user can be verified whether the communication request is entered using ...Fax Function from the printer or fax driver, a user will be verified as the authorised user. If the e-mail Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. To use the @Remote Service Function from RC Gate. This function includes protection functions for documents ...
...a normal user, MFP administrator, or supervisor. To use of Scanner Function is used , the protection function can be protected. minimum password length) and obligatory character types the MFP administrator specifies, so that the user can be verified whether the communication request is entered using ...Fax Function from the printer or fax driver, a user will be verified as the authorised user. If the e-mail Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. To use the @Remote Service Function from RC Gate. This function includes protection functions for documents ...
Security Target
Page 28
... Attempts before Lockout, settings for Lockout Release Timer, lockout time, date settings (year/month/day), time settings, Minimum Character No., Password Complexity Setting, S/MIME user information, destination folder, stored and received document user, document user list, available function list, and user...use is referred to these data types. All rights reserved. This component is exposed to the public. Copyright (c) 2011 RICOH COMPANY, LTD. Login password, audit log, and HDD cryptographic key. 1.4.5.3. TSF Data The TSF data is referred to This ST Definitions A software ...
... Attempts before Lockout, settings for Lockout Release Timer, lockout time, date settings (year/month/day), time settings, Minimum Character No., Password Complexity Setting, S/MIME user information, destination folder, stored and received document user, document user list, available function list, and user...use is referred to these data types. All rights reserved. This component is exposed to the public. Copyright (c) 2011 RICOH COMPANY, LTD. Login password, audit log, and HDD cryptographic key. 1.4.5.3. TSF Data The TSF data is referred to This ST Definitions A software ...
Security Target
Page 29
... three or more types of the characters and symbols that can be suspended or cancelled by users). Copyright (c) 2011 RICOH COMPANY, LTD. A function for the Operation Panel: Time specified by locked print, hold print, and sample print using Kerberos Authentication... in the TOE includes Windows Authentication, LDAP Authentication, and Integration Server Authentication. There are Level 1 and Level 2 Password Complexity Settings. Password Complexity Setting Basic Authentication External Authentication HDD User job Documents Document data attributes +PRT Definitions An identifier assigned to end....
... three or more types of the characters and symbols that can be suspended or cancelled by users). Copyright (c) 2011 RICOH COMPANY, LTD. A function for the Operation Panel: Time specified by locked print, hold print, and sample print using Kerberos Authentication... in the TOE includes Windows Authentication, LDAP Authentication, and Integration Server Authentication. There are Level 1 and Level 2 Password Complexity Settings. Password Complexity Setting Basic Authentication External Authentication HDD User job Documents Document data attributes +PRT Definitions An identifier assigned to end....
Security Target
Page 60
...No fewer than the minimum character number specified by MFP administrator (8-32 characters) and no more than 32 characters. (3) Rule: Passwords that secrets (refinement: secrets used in Basic Authentication) meet [assignment: the following quality metrics]. (1) Usable character and types: ... (refinement: authentication with Basic Authentication). Login user name of secrets Hierarchical to: No other components. Copyright (c) 2011 RICOH COMPANY, LTD. User role FIA_SOS.1 Verification of normal user - Dependencies: FIA_UID.1 Timing of identification FIA_UAU.1.1(a) The TSF...
...No fewer than the minimum character number specified by MFP administrator (8-32 characters) and no more than 32 characters. (3) Rule: Passwords that secrets (refinement: secrets used in Basic Authentication) meet [assignment: the following quality metrics]. (1) Usable character and types: ... (refinement: authentication with Basic Authentication). Login user name of secrets Hierarchical to: No other components. Copyright (c) 2011 RICOH COMPANY, LTD. User role FIA_SOS.1 Verification of normal user - Dependencies: FIA_UID.1 Timing of identification FIA_UAU.1.1(a) The TSF...
Security Target
Page 66
... administrator MFP administrator MFP administrator Normal user MFP administrator Normal user Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. Table 29 : List of TSF Data TSF Data Login password of normal user for Basic Authentication Login password of supervisor Login password of MFP administrator Number of Attempts before Lockout for Basic Authentication Setting for...
... administrator MFP administrator MFP administrator Normal user MFP administrator Normal user Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. Table 29 : List of TSF Data TSF Data Login password of normal user for Basic Authentication Login password of supervisor Login password of MFP administrator Number of Attempts before Lockout for Basic Authentication Setting for...
Security Target
Page 67
... MFP administrator Query of minimum character number by MFP administrator when the Basic Authentication is used Query of Password Complexity by MFP administrator when the Basic Authentication is used Query of Number of Attempts before Lockout by MFP administrator when the Basic... MFP administrator when the Basic Authentication is used Query of lockout time by MFP administrator when the Basic Authentication is used Copyright (c) 2011 RICOH COMPANY, LTD. FMT_SMF.1.1 The TSF shall be capable of performing the following management functions: [assignment: management functions shown in Table 30].
... MFP administrator Query of minimum character number by MFP administrator when the Basic Authentication is used Query of Password Complexity by MFP administrator when the Basic Authentication is used Query of Number of Attempts before Lockout by MFP administrator when the Basic... MFP administrator when the Basic Authentication is used Query of lockout time by MFP administrator when the Basic Authentication is used Copyright (c) 2011 RICOH COMPANY, LTD. FMT_SMF.1.1 The TSF shall be capable of performing the following management functions: [assignment: management functions shown in Table 30].
Security Target
Page 74
...supervisor is required to operate the audit log and HDD cryptographic key. (2) Specification of the TSF protected data. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. Page 73 of 93 (3) Management of the roles. The TSF protected data sent and received... countermeasures. (1) Management of the Management Function. FMT_SMF.1 performs the required Management Functions for the login user name to operate the login password of user jobs (object) when the user jobs are protected by FTP_ITC.1. The MFP administrator is allowed to implement the following countermeasures....
...supervisor is required to operate the audit log and HDD cryptographic key. (2) Specification of the TSF protected data. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved. Page 73 of 93 (3) Management of the roles. The TSF protected data sent and received... countermeasures. (1) Management of the Management Function. FMT_SMF.1 performs the required Management Functions for the login user name to operate the login password of user jobs (object) when the user jobs are protected by FTP_ITC.1. The MFP administrator is allowed to implement the following countermeasures....
Security Target
Page 75
... the MFP administrator or supervisor, and if the person is the normal user, the External Authentication is used for authentication using passwords when the TOE is accessed from the client computer. To fulfil this security objective, it is allowed to operate the audit ... TOE. By satisfying FMT_MTD.1, FMT_SMF.1, FMT_SMR.1 and FTP_ITC.1, which are defined in accordance with the access procedures. Copyright (c) 2011 RICOH COMPANY, LTD. The authentication failure handling and verification of the roles. FMT_MTD.1 allows the MFP administrator and applicable normal user to operate...
... the MFP administrator or supervisor, and if the person is the normal user, the External Authentication is used for authentication using passwords when the TOE is accessed from the client computer. To fulfil this security objective, it is allowed to operate the audit ... TOE. By satisfying FMT_MTD.1, FMT_SMF.1, FMT_SMR.1 and FTP_ITC.1, which are defined in accordance with the access procedures. Copyright (c) 2011 RICOH COMPANY, LTD. The authentication failure handling and verification of the roles. FMT_MTD.1 allows the MFP administrator and applicable normal user to operate...
Security Target
Page 76
... selected SFR Package from the PP, is used in conjunction with the access control by FDP_ACC.1(b) and FDP_ACF.1(b). Copyright (c) 2011 RICOH COMPANY, LTD. FTA_SSL.3 automatically logs out of the Operation Panel or a Web browser after the completion of external interface according ... and FIA_UAU.2 authenticates the persons. (2) Automatically terminate the connection to operate the function type. O.INTERFACE.MANAGED Management of login password. FMT_MSA.3(b) sets the permissive default value to the available function list, and sets the restrictive default value to use the TOE...
... selected SFR Package from the PP, is used in conjunction with the access control by FDP_ACC.1(b) and FDP_ACF.1(b). Copyright (c) 2011 RICOH COMPANY, LTD. FTA_SSL.3 automatically logs out of the Operation Panel or a Web browser after the completion of external interface according ... and FIA_UAU.2 authenticates the persons. (2) Automatically terminate the connection to operate the function type. O.INTERFACE.MANAGED Management of login password. FMT_MSA.3(b) sets the permissive default value to the available function list, and sets the restrictive default value to use the TOE...
Security Target
Page 83
... required for a user to use the TOE. Copyright (c) 2011 RICOH COMPANY, LTD. FIA_UAU.1(a) and FIA_UID.1(a): Application of External Authentication The TOE identifies and authenticates a user by checking the login user name and login password entered by the user. FIA_UAU.1(b) and FIA_UID.1(b): Application of Basic...the TOE is used from the users, so that only persons who intend to enter his or her login user name and login password is displayed, and this screen will be selected when the TOE is complete. E-mail transmission e-mail transmission 7.2 Identification and Authentication...
... required for a user to use the TOE. Copyright (c) 2011 RICOH COMPANY, LTD. FIA_UAU.1(a) and FIA_UID.1(a): Application of External Authentication The TOE identifies and authenticates a user by checking the login user name and login password entered by the user. FIA_UAU.1(b) and FIA_UID.1(b): Application of Basic...the TOE is used from the users, so that only persons who intend to enter his or her login user name and login password is displayed, and this screen will be selected when the TOE is complete. E-mail transmission e-mail transmission 7.2 Identification and Authentication...
Security Target
Page 84
... in Table 36 and specified for Each User Role User Roles (Locked out Users) Normal user Unlocking Administrators MFP administrator Copyright (c) 2011 RICOH COMPANY, LTD. Table 36 : Unlocking Administrators for each user role releases the lockout. The TOE logs out immediately after the final operation... FIA_UAU.1(b), and FIA_UID.1(b), the use the TOE from the Operation Panel or a Web browser, the TOE does not display the entered login password but it displays a sequence of dummy characters whose length is the same as the identified user role (normal user, MFP administrator, or supervisor...
... in Table 36 and specified for Each User Role User Roles (Locked out Users) Normal user Unlocking Administrators MFP administrator Copyright (c) 2011 RICOH COMPANY, LTD. Table 36 : Unlocking Administrators for each user role releases the lockout. The TOE logs out immediately after the final operation... FIA_UAU.1(b), and FIA_UID.1(b), the use the TOE from the Operation Panel or a Web browser, the TOE does not display the entered login password but it displays a sequence of dummy characters whose length is the same as the identified user role (normal user, MFP administrator, or supervisor...
Security Target
Page 85
...[A-Z] (26 letters) Lower-case letters: [a-z] (26 letters) Numbers: [0-9] (ten digits) Symbols: SP (space 33 symbols) (2) Registrable password length: - Only if the certificate sent from the IT device matches the one installed in information identification and authentication. 7.3 Document Access Control Function... No less than 128 characters. - All rights reserved. Copyright (c) 2011 RICOH COMPANY, LTD. Supervisor MFP administrator MFP administrator Supervisor Page 84 of 93 FIA_SOS.1 Login passwords for document data and user jobs in accordance with the provided user role ...
...[A-Z] (26 letters) Lower-case letters: [a-z] (26 letters) Numbers: [0-9] (ten digits) Symbols: SP (space 33 symbols) (2) Registrable password length: - Only if the certificate sent from the IT device matches the one installed in information identification and authentication. 7.3 Document Access Control Function... No less than 128 characters. - All rights reserved. Copyright (c) 2011 RICOH COMPANY, LTD. Supervisor MFP administrator MFP administrator Supervisor Page 84 of 93 FIA_SOS.1 Login passwords for document data and user jobs in accordance with the provided user role ...
Security Target
Page 91
... MFP administrator MFP administrator MFP administrator Copyright (c) 2011 RICOH COMPANY, LTD. Function types User roles Login passwords of normal users when Basic Authentication is applied Login password of supervisor Login password of MFP administrator No operation interfaces available No operation ...Web browser Query Query Query Query, modify Query Time Operation Panel, Web browser Minimum character number of password for Basic Authentication Password complexity setting for Basic Authentication Audit log HDD cryptographic key Operation panel Operation panel Web browser Operation panel ...
... MFP administrator MFP administrator MFP administrator Copyright (c) 2011 RICOH COMPANY, LTD. Function types User roles Login passwords of normal users when Basic Authentication is applied Login password of supervisor Login password of MFP administrator No operation interfaces available No operation ...Web browser Query Query Query Query, modify Query Time Operation Panel, Web browser Minimum character number of password for Basic Authentication Password complexity setting for Basic Authentication Audit log HDD cryptographic key Operation panel Operation panel Web browser Operation panel ...