Print Controller Design Guide for Information Security Copyright 2010 RICOH Americas Corporation. All rights reserved. Page 1 of 92 Visit ou
Print Controller Design Guide for Information Security: Page 10 of 92 Principal Machine Functions Copier Activates the scanning engine, which read
Print Controller Design Guide for Information Security: Page 11 of 92 3. Data Security External I/F The MFP/LP is equipped with the following inter
Print Controller Design Guide for Information Security: Page 12 of 92 4. Communication between the MFP/LP and its peripherals is conducted via the
Print Controller Design Guide for Information Security: Page 13 of 92 9. The USB I/F (Type A) only allows connection with devices that support eith
Print Controller Design Guide for Information Security: Page 14 of 92 • This use of a public key to decrypt the digital signature allows the MFP/LP
Print Controller Design Guide for Information Security: Page 15 of 92 Remote Firmware Installation • In addition to using an SD card, it is also pos
Print Controller Design Guide for Information Security: Page 16 of 92 RC-GateInstallationvia RC-GateRicoh Licenese ServerDownloadDigital signaturePr
Print Controller Design Guide for Information Security: Page 17 of 92 5. Authentication, Access Control Authentication • When enabled, User Auth
Print Controller Design Guide for Information Security: Page 18 of 92 • Before authentication at the MFP/LP operation panel can be perform
Print Controller Design Guide for Information Security: Page 19 of 92 LAN PCWindows ServerJob + Auth. Info.Integration ServerAuthenticationLDAP Serve
Print Controller Design Guide for Information Security: Page 2 of 92 Notice: THIS DOCUMENT MAY NOT BE REPRODUCED OR DISTRIBUTED IN WHOLE OR IN PART,
Print Controller Design Guide for Information Security: Page 20 of 92 • IC Authentication using the serial number/IDm (Felica cards or those contai
Print Controller Design Guide for Information Security: Page 21 of 92 • On MFP/LPs with email transmission applications, to prevent the impersonati
Print Controller Design Guide for Information Security: Page 22 of 92 6. Administrator Settings In order to spread the risk of malicious operations
Print Controller Design Guide for Information Security: Page 23 of 92 7. Data Erase/Overwrite Overview • A wide variety of data is stored in MFP/LP
Print Controller Design Guide for Information Security: Page 24 of 92 Auto Erase Memory • The main purpose of this feature is to automatically overw
Print Controller Design Guide for Information Security: Page 25 of 92 8. Data Protection Protection of Address Book Data • The tables below show t
Print Controller Design Guide for Information Security: Page 26 of 92 View Make Changes Delete Entries Change ACL Settings R View Yes RW
Print Controller Design Guide for Information Security: Page 27 of 92 General Users Document Owner (User) Document Administrator Document No
Print Controller Design Guide for Information Security: Page 28 of 92 9. Additional Methods for Increased Security In addition to the above, adminis
Print Controller Design Guide for Information Security: Page 29 of 92 10. Job/Access Logs • Job logs and access logs for the principal machine fun
Print Controller Design Guide for Information Security: Page 3 of 92 TABLE OF CONTENTS 1. Overview ...
Print Controller Design Guide for Information Security: Page 30 of 92 • The MFP/LP does not allow any changes to be made to the log data itself, i.
Print Controller Design Guide for Information Security: Page 31 of 92 Access log Capacity: With HDD: 6000 entries Without HDD: 500 entries Tim
Print Controller Design Guide for Information Security: Page 32 of 92 11. Capture (MFP Models Only) Overview of Capture Operations • When a user ma
Print Controller Design Guide for Information Security: Page 33 of 92 Operations that Generate Captured Images • Images are captured and sent to Sc
Print Controller Design Guide for Information Security: Page 34 of 92 Capture Settings • ScanRouter is used to program all settings for the Capture
Print Controller Design Guide for Information Security: Page 35 of 92 Security Considerations • Three transfer protocols are available for sending
Print Controller Design Guide for Information Security: Page 36 of 92 12. Principal Machine Functions Copier (MFP Models Only) Overview of Copier Op
Print Controller Design Guide for Information Security: Page 37 of 92 Data Security Considerations • Since the page location data is erased at the
Print Controller Design Guide for Information Security: Page 38 of 92 Restricting the Available Functions for Each Individual User • When User Auth
Print Controller Design Guide for Information Security: Page 39 of 92 Print Backup • After a job is performed, it is possible to store a copy of th
Print Controller Design Guide for Information Security: Page 4 of 92 1. Overview This document describes the structural layout and functional opera
Print Controller Design Guide for Information Security: Page 40 of 92 13. Printer Overview of Printer Operations • The Printer function can be div
Print Controller Design Guide for Information Security: Page 41 of 92 • From the printer driver, it is possible to select the following printing me
Print Controller Design Guide for Information Security: Page 42 of 92 • When Normal Print is selected as the print job, the print management data*1
Print Controller Design Guide for Information Security: Page 43 of 92 Printing Encrypted Image Data • With PDF Direct Print, it is possible to prin
Print Controller Design Guide for Information Security: Page 44 of 92 • The password necessary for authentication is encrypted before the printer d
Print Controller Design Guide for Information Security: Page 45 of 92 • It is possible to make a Stored Print or Store and Print document available
Print Controller Design Guide for Information Security: Page 46 of 92 • As stated above, the PDF interpreter cross-references the password programm
Print Controller Design Guide for Information Security: Page 47 of 92 14. Scanner (MFP Models Only) Overview of Scanner Operations • Depending on t
Print Controller Design Guide for Information Security: Page 48 of 92 • When sending an email from the MFP via the SMTP server, the operator can ei
Print Controller Design Guide for Information Security: Page 49 of 92 Protection of Data when Performing Scanning and Sending Operations It is possi
Print Controller Design Guide for Information Security: Page 5 of 92 Note: Some of the hardware (e.g. external I/F) and functions described in this
Print Controller Design Guide for Information Security: Page 50 of 92 • By enabling Basic Authentication, it is possible to protect the destination
Print Controller Design Guide for Information Security: Page 51 of 92 • It is also possible to assign a password to individual documents when scann
Print Controller Design Guide for Information Security: Page 52 of 92 • As explained above, the email forwarding feature sends data from the MFP to
Print Controller Design Guide for Information Security: Page 53 of 92 15. FAX (MFP Models Only) Overview of FAX operations • The FAX function se
Print Controller Design Guide for Information Security: Page 54 of 92 • With FAX reception, the incoming data is received by the FCU, which then se
Print Controller Design Guide for Information Security: Page 55 of 92 Data Security Considerations • The FCU supports only G3 and G4 FAX protocols.
Print Controller Design Guide for Information Security: Page 56 of 92 • When User Authentication is enabled, it is possible to set the authenticate
Print Controller Design Guide for Information Security: Page 57 of 92 Protection of FAX Transmission Operations • By setting restrictions on addres
Print Controller Design Guide for Information Security: Page 58 of 92 Extended Security Feature • It is possible to set Extended Security to prohib
Print Controller Design Guide for Information Security: Page 59 of 92 16. NetFile (GWWS) Overview of NetFile Operations • NetFile operates via comm
Print Controller Design Guide for Information Security: Page 6 of 92 2. Internal System Configuration 2-1 Hardware Configuration MFP Processing an
Print Controller Design Guide for Information Security: Page 60 of 92 Transferring Job Log and Access Log Data to Web SmartDeviceMonitor for Admin •
Print Controller Design Guide for Information Security: Page 61 of 92 Creating Thumbnails (MFP models only) • The MFP creates thumbnail images in J
Print Controller Design Guide for Information Security: Page 62 of 92 Downloading Document Server Files to the PC (MFP models only) • From DeskTop
Print Controller Design Guide for Information Security: Page 63 of 92 Forwarding Image Data with Capture • With the Capture feature, the primary ma
Print Controller Design Guide for Information Security: Page 64 of 92 Viewing and Changing User Data Settings Stored in the MFP/LP • From SmartDev
Print Controller Design Guide for Information Security: Page 65 of 92 Transferring the Job Log and Access Log Data • To send log data from the MFP/
Print Controller Design Guide for Information Security: Page 66 of 92 User Authentication Tickets (MFP models only) When using User Authenticatio
Print Controller Design Guide for Information Security: Page 67 of 92 17. Data Security Considerations SOAP Communication Sessions • SOAP communic
Print Controller Design Guide for Information Security: Page 68 of 92 Restoring Files Back to the MFP (MFP models only) • Netfile will reject any da
Print Controller Design Guide for Information Security: Page 69 of 92 Deleting, Pausing or Resuming Print Jobs • To delete the current job or all a
Print Controller Design Guide for Information Security: Page 7 of 92 LP Processing andControl Unit - CPU - RAMNVRAM ・Settings ・CountersI/O Controll
Print Controller Design Guide for Information Security: Page 70 of 92 18. Web Applications Web Server Framework The MFP/LP Web Server was developed
Print Controller Design Guide for Information Security: Page 71 of 92 Protection Against URL Buffer Overflows • URL buffer overflow attacks occur w
Print Controller Design Guide for Information Security: Page 72 of 92 19. WebDocBox (MFP models only) Overview of WebDocBox Operations • WebDocBox
Print Controller Design Guide for Information Security: Page 73 of 92 Sending Stored Image Data to the PC • When the MFP receives a request from
Print Controller Design Guide for Information Security: Page 74 of 92 • It is possible to protect individual Document Server documents with a pass
Print Controller Design Guide for Information Security: Page 75 of 92 20. Optional Features @Remote Overview of @Remote Operations • “@Remote” ref
Print Controller Design Guide for Information Security: Page 76 of 92 The NCS module communicates with RC Gate via the host I/F over an SSL connecti
Print Controller Design Guide for Information Security: Page 77 of 92 The NCS module communicates with the @Remote Center via the host I/F over an S
Print Controller Design Guide for Information Security: Page 78 of 92 • The internal layout of the modules is such that the NRS module must always
Print Controller Design Guide for Information Security: Page 79 of 92 21. CSS (Customer Support System) – MFP Models Only Overview of CSS Operations
Print Controller Design Guide for Information Security: Page 8 of 92 2-2 Software Configuration SIMHNetBSD=-=-=-=-=-=-=-=-=-= Engine I/F =-=-=-=-=-
Print Controller Design Guide for Information Security: Page 80 of 92 22. Copy Data Security Feature Overview of Copy Data Security Operations • Th
Print Controller Design Guide for Information Security: Page 81 of 92 Data Flow Marking: • The data flow for when the Copy Data Security f
Print Controller Design Guide for Information Security: Page 82 of 92 Other Conditions of Use On some MFP models, one or more of the following limit
Print Controller Design Guide for Information Security: Page 83 of 92 23. Device SDK Applications (DSDK) Overview of Operations • DSDK applications
Print Controller Design Guide for Information Security: Page 84 of 92 Installation • DSDK applications are installed via Type 1 or Type 2 SD cards i
Print Controller Design Guide for Information Security: Page 85 of 92 Overview of SDK Application Functions • As mentioned above, Vendors can creat
Print Controller Design Guide for Information Security: Page 86 of 92 Data Flow Scanning Functions: Sending Data over the Network with the Copier and
Print Controller Design Guide for Information Security: Page 87 of 92 Network Functions • As mentioned above, a Type 1 SDK application is able to p
Print Controller Design Guide for Information Security: Page 88 of 92 24. Data Security Considerations Preventing the Installation of Illegal Applic
Print Controller Design Guide for Information Security: Page 89 of 92 SDK Authentication (Types 1 and 2) • Once the development of the SDK applicat
Print Controller Design Guide for Information Security: Page 9 of 92 FCS (FAX Control Service) Exchanges data and commands with the FCU (FAX
Print Controller Design Guide for Information Security: Page 90 of 92 • As a general rule, Ricoh assigns relatively restricted access privileges to
Print Controller Design Guide for Information Security: Page 91 of 92 Protection Against Attacks on Principal MFP/LP Functions, Prevention of Damage
Print Controller Design Guide for Information Security: Page 92 of 92 Certification of the SDK Application • Having completed the development of th
Commentaires sur ces manuels