Xerox® Security Guide for Office Class Products: AltaLink®
VersaLink®
November 2018
Page 7
User Interface
The user interface
detects soft and hard button actuations and provides text and graphical prompts to the
user. The user interface is
sometimes referred to as the Graphical User Interface (GUI) or Local UI (LUI)
to distinguish it from the remote web server interface (WebUI).
The user interface allows users to access product services and functions. Users with administrative
privileges can manage the product configuration settings. User permissions are configurable through
Role Based Access Control (RBAC) policies, described in section
7
Identification, Authentication, and
Authorization
Scanner
The scanner converts documents from hardcopy to electronic data. A document handler moves originals
into a position
to be scanned. The scanner provides enough image processing for signal conditioning and
formatting. The scanner
does not store scanned images
.
Marking Engine
The Marking Engine performs copy/print paper feeding and transport, image marking, fusing, and
document finishing. The marking engine is comprised of paper supply trays and feeders, paper transport,
LED scanner, xerographics, and paper output and finishing. The marking engine is only accessible to the
Controller via inter-chip communication with no other access and does not store user data
.
Controller
The controller manages document processing using proprietary hardware and algorithms to process
documents into high-quality electronic and/or printed reproductions. Documents may be temporarily
buffered in RAM during processing. Some models may be equipped with additional storage options such
as magnetic Hard Disk Drive (HDD), Solid State Disk (SSD), SD Card, or Flash media. For model
specific details please see Appendix A: Product Security Profiles. AltaLink® and VersaLink® products
encrypt user data and include media sanitization (overwrite) options that ensure that erased data cannot
be recovered, described further in section
3
User Data Protection.
In addition to managing document processing the controller manages all network functions and services.
Details can be found in section Network Security.
The controller handles all I/O communications with connected products. The following section provides a
description of each interface. Please note that not all interfaces are supported on all models; details
about each model can be found in Appendix A: Product Security Profiles.
Controller External Interfaces
Front Panel USB (Type A) port(s)
One or more USB ports may be located on the front of the product, near the user interface. Front USB
ports may be enabled or disabled by a system administrator. The front USB port supports the following:
Walk-up users may insert a USB thumb drive to store or retrieve documents for scanning and/or
printing from a FAT formatted USB device. The controller will only allow reading/writing of a
limited set of known document types (such as DOC, PDF, PNG, JPEG, TIFF, etc.). Other file
types including binary executables are not supported.
Note that features that use the front USB ports (such as Scan To USB) can be disabled
independently or restricted using role-based access controls.
Connection of optional equipment such as NFC or CAC readers.
Firmware updates may be submitted through the front USB ports. (Note that the product must be
configured to allow local firmware updates, or the update will not be processed.
