manualshive.com logo in svg

Fuji Xerox DocuCentre-V C2263, Руководство пользователя

Поделиться
Скачать
Fuji Xerox DocuCentre-V C2263 Скачать руководство пользователя страница 118

Fuji Xerox C2265/C2263 

Security Target 

 

 

- 113 -        

   Copyright

 

2016 by Fuji Xerox Co., Ltd

 

u

ser ID and password are verified against the data registered in the TOE setting data. The ID 

and password are also verified for user identification/authentication upon saving data for the 

private print function.

 

This identification (FIA_UID.1) and the authentication (FIA_UAU.1) are simultaneously 

performed, and the operation is allowed only when both of the identification and authentication 

succeed. 

When receiving fax data by the public telephone line, the TOE receives the fax data and 

stores them in Mailbox without user identification and authentication. 

 

(6)

 

FIA_UAU.7    Protected authentication feedback 

The TOE offers the function to display the same number of asterisks (`*`) as the 

entered-password characters on the control panel or Web browser in order to hide the 

password at the time of user authentication. 

 

(7)

 

FIA_USB.1  User-subject binding 

With the authenticated ID, TOE associates the roles of key operator, SA, and general user 

with the subjects. 

 

(8)

 

FMT_MSA.1(a), FMT_MSA.1(b), FMT_MSA.1(c), FMT_MSA.1(d), FMT_MSA.1(e), 

FMT_MSA.1(f), FMT_MSA.1(g), FMT_MSA.1(h)    Management of security attributes 

As shown in Table 44, the TOE restricts the handling of security attributes to the user whose 

identity is authenticated by the user authentication function.   

Table 44 Management of security attributes 

Security Attribute 

Operation 

Roles 

Key operator identifier 

Change 

Key 

operator, 

SA identifier 

Query, Change, delete, 

create 

Key 

operator, SA 

General user identifier 

Query, Change, delete, 

create 

Key 

operator, SA 

User identifier for each function   

Query, Change 

Key 

operator, SA 

Owner identifier of D.DOC (own document data 

in Personal Mailbox)   

Query, delete, create 

Key 

operator, SA, 

General user

Owner identifier of D.DOC (own document data 

in Shared Mailbox) 

Query, delete, create 

Key 

operator, SA, 

General user

Owner identifier of D.DOC (all document data in 

Mailbox) 

Query, delete   

Key operator

Содержание DocuCentre-V C2263

Страница 1: ...uji Xerox DocuCentre V C2265 C2263 models with Hard Disk Data Security Scan and Fax Security Target Version 1 1 7 This document is a translation of the evaluated and certified security target written...

Страница 2: ...ackage Claim 20 2 2 1 PP Claim 20 2 2 2 Package Claim 20 2 2 3 Conformance Rationale 21 3 SECURITY PROBLEM DEFINITION 23 3 1 Threats 23 3 1 1 Assets Protected by TOE 23 3 1 2 Threats agents 26 3 1 3 T...

Страница 3: ...ctional Requirements 102 6 3 3 Security Assurance Requirements Rationale 107 7 TOE SUMMARY SPECIFICATION 108 7 1 Security Functions 108 7 1 1 Hard Disk Data Overwrite TSF_IOW 110 7 1 2 Hard Disk Data...

Страница 4: ...curity Objectives 30 Table 13 Security Objectives Rationale for Security Problem 30 Table 14 Security functional Requirements 40 Table 15 Auditable Events of TOE and Individually Defined Auditable Eve...

Страница 5: ...nts 93 Table 40 Security Functional Requirements and the Corresponding Security Objectives 94 Table 41 Security Objectives to SFR Rationale 96 Table 42 Dependencies of Functional Security Requirements...

Страница 6: ...cuCentre V C2263 The TOE name is integrated as below TOE Identification Fuji Xerox DocuCentre V C2265 C2263 models with Hard Disk Data Security Scan and Fax Version Controller ROM Ver 1 0 13 FAX ROM V...

Страница 7: ...data Mailbox the security audit log data and the document data on the internal network between the TOE and the remote The TOE also prevents the document data and the used document data in the internal...

Страница 8: ...the behavior of the TOE is the same for both authentication types There are two types of remote authentication LDAP authentication and Kerberos authentication To set SA system administrator privilege...

Страница 9: ...ox The Internet Fax Send function and Control Panel function are to send and receive fax data via the Internet not public telephone line The TOE provides the following security features 1 Hard Disk Da...

Страница 10: ...ication protocols are supported SSL TLS IPSec and S MIME 8 Information Flow Security This function restricts the unpermitted communication between external interfaces and internal network 9 Self Test...

Страница 11: ...n request the MFD to print and retrieve the document data The user can also request the MFD to retrieve the scanned document data via Web browser by using scan function of the MFD Additionally the gen...

Страница 12: ...a mail protocol 4 FTP server The hardware OS is a general purpose PC or server The MFD sends document data to FTP server via FTP 5 LDAP server The hardware OS is a general purpose PC or server The MFD...

Страница 13: ...licy TSP Administrators may possess special privileges that provide capabilities to override portions of the TSP System administrator key operator and SA A user who is authorized to manage the device...

Страница 14: ...y Print Scan Network Scan Fax Internet Fax Send Hard Disk Data Overwrite Hard Disk Data Encryption User Authentication System Administrator s Security Management Customer Engineer Operation Restrictio...

Страница 15: ...e print data are sent by either being decomposed to the data in PDL via printer driver or the document file being designated directly from web browser of CWIS The print function is of two types the no...

Страница 16: ...nal HDD the data are overwritten with new data after each job copy print scan network scan fax or internet fax send is completed Without this function the used document data remain and only the manage...

Страница 17: ...t as security functions The following are the security functions which prevent the unauthorized reading of document data in the internal HDD by an attacker who is impersonating an authorized user The...

Страница 18: ...control panel and needs to be authenticated to use scan function When the user is authenticated the document data can be scanned from IIT and stored into the internal HDD according to the user s inst...

Страница 19: ...CWIS Set the ID and the password of key operator only a key operator is privileged Refer to and set the ID of SA general user and set the password with local authentication only Refer to and set the a...

Страница 20: ...n external interfaces and internal network Fax board of TOE device option is connected to a controller board via USB interface but the unauthorized access from a public telephone line to the inside TO...

Страница 21: ...to Enabled User Authentication Set to Login to Local Authentication or Remote Authentication Store Print Set to Save as Private Charge Print Auto Clear Set to Enabled Security Audit Log Set to Enable...

Страница 22: ...lient Mail Server FTP Server LDAP Server Kerberos Server Fax Board SEEPROM DRAM Controller ROM Copy Hard Disk Data Overwrite Hard Disk Data Encryptio n Security Audit Log Print Control decompos e Fax...

Страница 23: ...ut Terminal is a device to scan an original and send its data to the controller board for copy scan and Fax functions The ADF Auto Document Feeder is a device to automatically transfer original docume...

Страница 24: ...ministrator Guide ME7480E2 1 SHA1 hash value 4616727b449dc0072caf1744e70338c635172870 DocuCentre V C2265 C2263 User Guide ME7479E2 1 SHA1 hash value fb0c53b456e425c76f6926fd41f26e6c69fdc6b7 DocuCentre...

Страница 25: ...t Approved Protection Profile U S Government Protection Profile for Hardcopy Devices Version 1 0 IEEE Std 2600 2 TM 2009 This PP conforms to IEEE Standard Protection Profile for Hardcopy Devices in IE...

Страница 26: ...written covering the PP P CIPHER is added for OSP for the TOE in addition to Threats OSP Assumptions required in PP P CIPHER is the data encryption of the internal HDD and is independent from other P...

Страница 27: ...ive than that of PP In this ST the content quoted from the SFR of PP is written in italics describing the content required by PP Also the assigned part is similarly written in italics including the pa...

Страница 28: ...copy output Document data stored for job processing When a user uses MFD functions of copy print fax and scan the document data are temporarily stored in the internal HDD for image processing transmis...

Страница 29: ...onal security of the TOE Data on General user Password Data on Security Audit Log Table 15 Data on Hard Disk Data Encryption Data on Internal Network Data Protection The system administrator can set s...

Страница 30: ...emory and SEEPROM Those setting data however are not assumed as assets to be protected because they do not engage in TOE security functions Security Audit Log data are temporarily stored in NVRAM but...

Страница 31: ...ns who unintentionally cause a software malfunction that may expose the TOE to unanticipated threats 3 1 3 Threats Table 7 identifies the threats addressed by the TOE Unauthorized persons are assumed...

Страница 32: ...interfaces of the TOE operation of the interfaces will be controlled by the TOE and its IT environment P CIPHER To prevent unauthorized reading out the document data and used document data in the int...

Страница 33: ...unauthorized disclosure O CONF NO_ALT The TOE shall protect TSF Confidential Data from unauthorized alteration O USER AUTHORIZED The TOE shall require identification and authentication of Users and s...

Страница 34: ...RAINED The TOE Owner shall ensure that TOE Administrators are aware of the security policies and procedures of their organization have the training competence and time to follow the manufacturer s gui...

Страница 35: ...ANAGED O INTERFACE MANAGED OE PHYISCAL MANAGED OE ADMIN TRAINED OE ADMIN TRUSTED OE USER TRAINED O CIPHER T DOC DIS T DOC ALT T FUNC ALT T PROT ALT T CONF DIS T CONF ALT P USER AUTHORIZATIO N P SOFTWA...

Страница 36: ...thentication as the basis for authorization OE USER AUTHORIZED establishes responsibility of the TOE Owner to appropriately grant authorization T PROT ALT TSF Protected Data may be altered by unauthor...

Страница 37: ...tains a log of TOE use and security relevant events and prevents unauthorized disclosure or alteration OE AUDIT REVIEWED establishes responsibility of the TOE Owner to ensure that audit logs are appro...

Страница 38: ...IN TRAINED establishes responsibility of the TOE Owner to provide appropriate Administrator training A ADMIN TRUST Administrators do not use their privileged access rights for malicious purposes OE AD...

Страница 39: ...herefore direct forwarding of unprocessed data between different external interfaces is forbidden unless explicitly allowed by an authorized administrative role The family FPT_FDI_EXP has been defined...

Страница 40: ...Protection Profile the authors needed to express the control of both user data and TSF data flow using administrative control instead of attribute based control It was found that using FDP_IFF and FD...

Страница 41: ...eded Object Term phrase Definition Mailbox This term covers Personal Mailbox and Shared Mailbox Personal Mailbox Mailbox to be used individually by general user U NORMAL or SA Shared Mailbox Mailbox t...

Страница 42: ...ty attributes Term phrase Definition General User role Indicates the authority required for general user to use the TOE SA role Indicates the authority required for SA to use the TOE Key Operator role...

Страница 43: ...l panel does not accept any operation except power on and power off and the web browser does not accept authentication operation until the MFD main unit is powered off on Data on use of password enter...

Страница 44: ...luded in the TOE setting data Data on Internal Network Data Protection The data on whether to enable disable the general encryption communication protocols to protect the communication data on the int...

Страница 45: ...es Auditable Event is described and added in detail for each TOE FAU_GEN 2 User identity association Yes No change from PP FAU_SAR 1 Audit review No The function of retrieving audit log data are provi...

Страница 46: ...rations and Access Control rule and also the operations of Delete and Modify are detailed and added for each TOE FDP_ACF 1 b FDP_ACF 1 c PRT SFR Package FDP_ACF 1 d SCN SFR Package FDP_ACF 1 e CPY SFR...

Страница 47: ...icted to system administrator only by the addition of this SFR FMT_MSA 1 a FMT_MSA 1 b Management of security attributes Yes Management role of security attributes is described in accordance with TOE...

Страница 48: ...enerate an audit record of the following auditable events Start up and shutdown of the audit functions All auditable events for the selection choose one of minimum basic detailed not specified level o...

Страница 49: ...the type of cryptographic operation b Basic Any applicable cryptographic mode s of operation subject attributes and object attributes FDP_ACC 1 There are no auditable events foreseen FDP_ACF 1 a dele...

Страница 50: ...and the actions e g disabling of a terminal taken and the subsequent if appropriate restoration to the normal state e g re enabling of a terminal FIA_ATD 1 There are no auditable events foreseen FIA_...

Страница 51: ...reation of a subject b Basic Success and failure of binding of user security attributes to a subject e g success or failure to create a subject FMT_MOF 1 Changes in security function configuration Bas...

Страница 52: ...of system administrator Minimal None required a Minimal modifications to the group of users that are part of a role b Detailed every use of the rights of a role FPT_STM 1 Changes in time setting Mini...

Страница 53: ...ents included in the PP ST assignment other audit relevant information assignment other audit relevant information for each Relevant SFR listed in Table15 1 information as defined by its Audit Level i...

Страница 54: ...stored audit records in the audit trail from unauthorized deletion FAU_STG 1 2 The TSF shall be able to selection choose one of prevent detect unauthorized modifications to the stored audit records i...

Страница 55: ...yptographic key sizes that meet the following assignment list of standards assignment list of standards none assignment cryptographic key generation algorithm the Fuji Xerox s standard method FXOSENC...

Страница 56: ...nied except for his her own documents R1 R2 Delete Delete the document data except for Mailbox and Private Print U USER Denied Register the document data to the Mailbox U USER R3 D FUNC attributes fro...

Страница 57: ...cates data that is associated with an outbound sent fax job User identifier Owner identifier of D DOC Owner identifier of D FUNC DSR Indicates data that are associated with a document storage and retr...

Страница 58: ...to use the functions as operations in Table 18 Table 18 Function Access Control SFP Object Attribute s Operation Subject Access control rule Copy F CPY F SCN F DSR User identifier User identifier for...

Страница 59: ...ccess Control SFP in Table19 Table 19 PRT Access Control SFP Object Attribute s Operation Subject Access control rule D DOC PRT Read Print the document data in Private Print U USER Denied except for h...

Страница 60: ...objects covered by the SFP the list of subjects objects and operations among subjects and objects covered by the CPY Access Control SFP in Table 21 Table 21 CPY Access Control SFP Object Attribute s...

Страница 61: ...l enforce the assignment access control SFP on assignment list of subjects objects and operations among subjects and objects covered by the SFP assignment access control SFP DSR Access Control SFP in...

Страница 62: ...lbox U USER When the owner identifier of D FUNC matches the user identifier operation to register the Mailbox is permitted FDP_ACF 1 a Security attribute based access control Hierarchical to No other...

Страница 63: ...orize access of subjects to objects assignment rules based on security attributes that explicitly authorise access of subjects to objects In the U ADMINISTRATOR process operation to delete the documen...

Страница 64: ...d objects selection the user is explicitly authorized by U ADMINISTRATOR to use a function a user that is authorized to use the TOE is automatically authorized to use the functions assignment list of...

Страница 65: ...s of SFP relevant security attributes the list of subjects and objects controlled under the PRT Access Control SFP in Table 19 and for each the indicated security attributes in Table 19 FDP_ACF 1 2 c...

Страница 66: ...ty attributes or named groups of SFP relevant security attributes assignment access control SFP SCN Access Control SFP in Table 20 assignment list of subjects and objects controlled under the indicate...

Страница 67: ...DP_ACC 1 Subset access control FMT_MSA 3 Static attribute initialization FDP_ACF 1 1 e The TSF shall enforce the assignment access control SFP to objects based on the following assignment list of subj...

Страница 68: ...based on security attributes that explicitly deny access of subjects to objects assignment rules based on security attributes that explicitly deny access of subjects to objects none FDP_ACF 1 f Secur...

Страница 69: ...tributes that explicitly authorize access of subjects to objects assignment rules based on security attributes that explicitly authorise access of subjects to objects none FDP_ACF 1 4 f The TSF shall...

Страница 70: ...e 23 governing access among Users and controlled objects using controlled operations on controlled objects FDP_ACF 1 3 g The TSF shall explicitly authorize access of subjects to objects based on the f...

Страница 71: ...trolled operations on controlled objects assignment rules governing access among controlled subjects and controlled objects using controlled operations on controlled objects rules specified in the D F...

Страница 72: ...detect when selection assignment positive integer number an administrator configurable positive integer within assignment range of acceptable values unsuccessful authentication attempts occur related...

Страница 73: ...positive integer within assignment range of acceptable values assignment positive integer number 5 FIA_AFL 1 2 b When the defined number of unsuccessful authentication attempts has been selection met...

Страница 74: ...icated assignment list of TSF mediated actions storing the fax data received from public telephone line FIA_UAU 1 2 The TSF shall require each user to be successfully authenticated before allowing any...

Страница 75: ...owing rules on the initial association of user security attributes with the subjects acting on behalf of users assignment rules for the initial association of attributes assignment rules for the initi...

Страница 76: ...e disable modify the behavior U ADMINISTRATOR Security Audit Log enable disable U ADMINISTRATOR Store Print enable disable modify the behavior U ADMINISTRATOR Internal Network Data Protection enable d...

Страница 77: ...authorized identified roles the roles listed in Table 26 Table 26 Security Attributes and Authorized Roles Security attributes Operation Roles Key operator identifier modify Key Operator SA identifier...

Страница 78: ...nt access control SFP s information flow control SFP s TOE Function Access Control SFP in Table 18 selection change default query modify delete assignment other operations query modify delete assignme...

Страница 79: ...on assignment list of security attributes the security attributes listed in Table 17 assignment the authorized identified roles the roles listed in Table 28 Table 28 Security Attributes and Authorized...

Страница 80: ...ted in Table 29 Table 29 Security Attributes and Authorized Roles SCN Security Attributes Operation Roles Key operator identifier modify Key Operator SA identifier query modify delete creation U ADMIN...

Страница 81: ...of security attributes Hierarchical to No other components Dependencies FDP_ACC 1 Subset access control or FDP_IFC 1 Subset information flow control FMT_SMR 1 Security roles FMT_SMF 1 Specification of...

Страница 82: ...UNC Shared Mailbox query delete creation Key Operator FMT_MSA 1 g Management of security attributes Hierarchical to No other components Dependencies FDP_ACC 1 Subset access control or FDP_IFC 1 Subset...

Страница 83: ...agement of security attributes Hierarchical to No other components Dependencies FDP_ACC 1 Subset access control or FDP_IFC 1 Subset information flow control FMT_SMR 1 Security roles FMT_SMF 1 Specific...

Страница 84: ...T_MSA 1 Management of security attributes FMT_SMR 1 Security roles FMT_MSA 3 1 a The TSF shall enforce the assignment access control SFP information flow control SFP to provide selection choose one of...

Страница 85: ...ive assignment other property assignment other property permissive initialization property for basic functions such as copy print scan and fax as the default of security attribute FMT_MSA 3 2 b The TS...

Страница 86: ...No other components Dependencies FMT_MSA 1 Management of security attributes FMT_SMR 1 Security roles FMT_MSA 3 1 d The TSF shall enforce the assignment access control SFP information flow control SFP...

Страница 87: ...ride the default values when an object or information is created assignment the authorized identified roles none FMT_MSA 3 f Static attribute initialization Hierarchical to No other components Depende...

Страница 88: ...ve permissive assignment other property assignment other property Initialization property in Table 34 FMT_MSA 3 2 g The TSF shall allow the assignment the authorized identified roles to specify altern...

Страница 89: ...No other components Dependencies FMT_SMR 1 Security roles FMT_SMF 1 Specification of Management Functions FMT_MTD 1 1 a The TSF shall restrict the ability to selection change default query modify del...

Страница 90: ...delete U ADMINISTRATOR Data on Customer Engineer Operation Restriction query modify U ADMINISTRATOR Data on Hard Disk Data Encryption query modify U ADMINISTRATOR Data on Hard Disk Data Overwrite que...

Страница 91: ...cal to No other components Dependencies No dependencies FMT_SMF 1 1 The TSF shall be capable of performing the following management functions assignment list of management functions to be provided by...

Страница 92: ...oreseen FDP_ACF 1 a Management of user identifier Management of owner identifier of D DOC Management of owner identifier of D FUNC Management of function and data on Store Print a Managing the attribu...

Страница 93: ...r users FIA_SOS 1 none Reason The metric is fixed and is not managed a the management of the metric used to verify the secrets FIA_UAU 1 Management of data on use of password entered from MFD control...

Страница 94: ...s that can specify initial values b managing the permissive or restrictive setting of default values for a given access control SFP c management of rules by which security attributes inherit specified...

Страница 95: ...Revocation of such an allowance FMT_SMR 1 Security roles Hierarchical to No other components Dependencies FIA_UID 1 Timing of identification FMT_SMR 1 1 The TSF shall maintain the roles assignment the...

Страница 96: ...ection assignment parts of TSF the TSF selection during initial start up periodically during normal operation at the request of the authorised user at the conditions assignment conditions under which...

Страница 97: ...hical to No other components Dependencies No dependencies FTP_ITC 1 1 The TSF shall provide a communication channel between itself and another trusted IT product that is logically distinct from other...

Страница 98: ...design AGD Guidance documents AGD_OPE 1 Operational user guidance AGD_PRE 1 Preparative procedures ALC Life cycle support ALC_CMC 2 Use of a CM system ALC_CMS 2 Parts of the TOE CM coverage ALC_DEL 1...

Страница 99: ...t each security objective is assured by TOE security functional requirements Table 40 Security Functional Requirements and the Corresponding Security Objectives Objectives SFRs O DOC NO_DIS O DOC NO_A...

Страница 100: ...SOFTWARE VERIFIED O AUDIT LOGGED O AUDIT_STORAGE PROTECTED O AUDIT_ACCESS AUTHORIZED O CIPHER FDP_ACF 1 e FDP_ACF 1 f FDP_ACF 1 g FDP_ACF 1 h FDP_RIP 1 FIA_AFL 1 a FIA_AFL 1 b FIA_ATD 1 FIA_SOS 1 FIA...

Страница 101: ...the objective to prevent unauthorized disclosure and alteration by creating and maintaining the event logs related to the TOE usage and security This security objective can be realized by satisfying t...

Страница 102: ...can be realized by satisfying the following security functional requirement In order to prevent attackers from using privileges given to system administrators and accessing protected assets the power...

Страница 103: ...nd FIA_UID 1 user identification and authentication is conducted upon access from CWIS and control panel to identify authorized user and system administrator The user identification authentication is...

Страница 104: ...user By FMT_SMF 1 TOE security management functions are provided for system administrator By FTP_ITC 1 communication data encryption protocol is supported to protect User Document Data on the interna...

Страница 105: ...ated with the key operator SA system administrator and general user By FMT_SMF 1 TOE security management functions are provided for system administrator By FTP_ITC 1 communication data encryption prot...

Страница 106: ...le D CONF by conducting the user identification By FMT_MOF 1 the user who enables disables TOE security functions and makes functional settings is limited to system administrator By FMT_MTD 1 a the pe...

Страница 107: ...administrator can access the audit log Thus the functional requirements related to this objective are surely fulfilled O CIPHER O CIPHER is the objective that encrypts the document data and used docum...

Страница 108: ...FAU_STG 1 FCS_CKM 1 Cryptographic key generation FCS_COP 1 FCS_CKM 4 A cryptographic key is generated when MFD is booted and stored on DRAM volatile memory A cryptographic key does not need to be dest...

Страница 109: ...1 a FMT_MSA 3 a FDP_ACF 1 b Security attribute based access control FDP_ACC 1 b FMT_MSA 3 b FDP_ACF 1 c Security attribute based access control FDP_ACC 1 c FMT_MSA 3 c FDP_ACF 1 d Security attribute b...

Страница 110: ...USB 1 User subject binding FIA_ATD 1 FMT_MOF 1 Management of security functions behavior FMT_SMF 1 FMT_SMR 1 FMT_MSA 1 a Management of security attributes FDP_ACC 1 a FMT_SMF 1 FMT_SMR 1 FMT_MSA 1 b M...

Страница 111: ...MT_MSA 1 b FMT_SMR 1 FMT_MSA 3 c Static attribute initialization FMT_MSA 1 c FMT_SMR 1 FMT_MSA 3 d Static attribute initialization FMT_MSA 1 d FMT_SMR 1 FMT_MSA 3 e Static attribute initialization FMT...

Страница 112: ...ument security operational accountability and information assurance The TOE environment will be exposed to only a low level of risk because it is assumed that the TOE will be located in a restricted o...

Страница 113: ...fy the TOE security functional requirements that are specified in section 6 1 of this ST Table 43 Security Functional Requirements and the Corresponding TOE Security Functions Security Functions Secur...

Страница 114: ...NET_PROT TSF_INF_FLOW TSF_S_TEST FDP_ACF 1 g FDP_ACF 1 h FDP_RIP 1 FIA_AFL 1 a FIA_AFL 1 b FIA_ATD 1 FIA_SOS 1 FIA_UAU 1 FIA_UAU 7 FIA_UID 1 FIA_USB 1 FMT_MOF 1 FMT_MSA 1 a FMT_MSA 1 b FMT_MSA 1 c FMT...

Страница 115: ...k scan fax or internet fax send is completed This is because whether to prioritize efficiency or security depends on the usage environment of the MFD When efficiency is prioritized one pass overwrite...

Страница 116: ...S algorithm based on FIPS PUBS 197 When reading out the stored document data the TOE decrypts the data also using the 256 bit cryptographic key generated at the time of booting and the AES algorithm 7...

Страница 117: ...ed before accessing the system administrator mode When the number of unsuccessful authentication attempts with key operator ID reaches 5 times the control panel does not accept any operation except po...

Страница 118: ...f user authentication 7 FIA_USB 1 User subject binding With the authenticated ID TOE associates the roles of key operator SA and general user with the subjects 8 FMT_MSA 1 a FMT_MSA 1 b FMT_MSA 1 c FM...

Страница 119: ...general user when it is his her own 10 FMT_SMR 1 Security roles The TOE maintains the roles of key operator SA system administrator and general user and associates these roles to the authorized users...

Страница 120: ...l to remote fax is permitted Storage of the print data from user client to Private Print printing of the document data in the print data and retrieval of the document data in Mailbox As shown in Table...

Страница 121: ...d General user SA Document Data in Private Print When the owner identifier of D DOC all document data in Private Print and the entered user identifier are matched printing and deletion of all document...

Страница 122: ...esponding Mailbox Also all the received fax data can be distributed and stored in Mailbox according to over which line the data are transmitted To refer to retrieve print or delete the stored data in...

Страница 123: ...Data Protection enable disable it and configure the details Refer to the setting of User Authentication and select disable Local Authentication Remote Authentication and configure the details Refer to...

Страница 124: ...DOC and D FUNC Also the TOE sets the owner identifier of Mailbox that receives the fax data public telephone line data as the default of security attribute for D DOC fax receive 3 FMT_SMR 1 Security r...

Страница 125: ...r operation Local Start End Self Test Successful Failed User Authentication Login Logout Login Successful Failed Invalid UserID Failed Invalid Password Failed Logout Locked System Administrator Authen...

Страница 126: ...ommunication Failed Protocol and communication destination stored 2 FAU_GEN 2 User identity association TOE records the defined auditable event in the audit log file by associating it with the identit...

Страница 127: ...rovided by the following four protocols which are configured by a system administrator using the system administrator mode 1 FTP_ITC 1 Inter TSF trusted channel The document data and Mailbox user func...

Страница 128: ...y a system administrator b IPSec According to the IPSec communication which is configured by a system administrator using the system administrator mode IPSec ensuring secure data transmission is suppo...

Страница 129: ...tocol for mail encryption Cryptographic Method and Size of Secret Key 3Key Triple DES 168 bits AES 128 bits AES 192 bits AES 256 bits Hash method generated as S MIME protocol for digital signature has...

Страница 130: ...n and authentication are required to use functions from the control panel In addition there is no function to transfer the data input from the control panel to other interfaces without any instruction...

Страница 131: ...PUB Federal Information Processing Standard publication IIT Image Input Terminal IOT Image Output Terminal IT Information Technology IP Internet Protocol MFD Multi Function Device NVRAM Non Volatile...

Страница 132: ...ents toward the TOE via the Web browser of the user client CWIS can be used with the Windows standard Web browser User Authentication A function to limit the accessible TOE functions by identifying th...

Страница 133: ...to be converted into bitmap data by the TOE decompose function Control Data The data that are transmitted by command and response interactions This is one type of the data transmitted between MFD hard...

Страница 134: ...ons of Hard Disk Data Overwrite Hard Disk Data Encryption System Administrator s Security Management Customer Engineer Operation Restriction Use of password entered from MFD control panel in user auth...

Страница 135: ...ji Xerox Co Ltd Term Definition Line Data Fax data Certificate Defined in the X 509 which is recommended by ITU T The data for user authentication name identification name organization where he she be...

Страница 136: ...n Version 3 1 Part 2 Security functional components dated September 2012 CCMB 2012 09 002 Japanese version 1 0 dated November 2012 translated by Information Technology Promotion Agency Japan CC Part 3...

Отзывы:

Нет отзывов

Бренды по названию

Популярные бренды

Загрузить еще бренды