Fuji Xerox DocuCentre-V C2265 User manual
March 2016
Fuji Xerox
DocuCentre-V C2265/C2263models
with Hard Disk, Data Security, Scan,
and Fax
Security Target
Version 1.1.7
This document is a translation of the evaluated
and certified security target written in Japanese.
- i -
- Table of Contents -
1. ST INTRODUCTION ................................................................................................................1
1.1. ST Reference..................................................................................................................................................1
1.2. TOE Reference...............................................................................................................................................1
1.3. TOE Overview ................................................................................................................................................2
1.3.1. TOE Type and Major Security Features ...................................................................................................... 2
1.3.2. Environment Assumptions............................................................................................................................... 5
1.3.3. Required Non-TOE Hardware and Software ............................................................................................ 6
1.4. TOE Description............................................................................................................................................8
1.4.1. User Assumptions................................................................................................................................................ 8
1.4.2. Logical Scope and Boundary .......................................................................................................................... 8
1.4.3. Physical Scope and Boundary ..................................................................................................................... 17
1.4.4. Guidance.............................................................................................................................................................. 18
2. CONFORMANCE CLAIM .....................................................................................................20
2.1. CC Conformance Claim ..........................................................................................................................20
2.2. PP claim, Package Claim ........................................................................................................................20
2.2.1. PP Claim ............................................................................................................................................................... 20
2.2.2. Package Claim ................................................................................................................................................... 20
2.2.3. Conformance Rationale................................................................................................................................. 21
3. SECURITY PROBLEM DEFINITION ................................................................................23
3.1. Threats..........................................................................................................................................................23
3.1.1. Assets Protected by TOE ................................................................................................................................ 23
3.1.2. Threats agents................................................................................................................................................... 26
3.1.3. Threats.................................................................................................................................................................. 26
3.2. Organizational Security Policies..........................................................................................................27
3.3. Assumptions ...............................................................................................................................................27
4. Security Objectives................................................................................................................28
4.1. Security Objectives for the TOE...........................................................................................................28
4.2. Security Objectives for the Environment .........................................................................................29
4.3. Security Objectives Rationale ..............................................................................................................29
5. EXTENDED COMPONENTS DEFINITION ....................................................................34
5.1. FPT_FDI_EXP Restricted forwarding of data to external interfaces ....................................34
6. SECURITY REQUIREMENTS..............................................................................................36
6.1. Security Functional Requirements .....................................................................................................40
6.1.1. Class FAU: Security Audit .............................................................................................................................. 43
- ii -
6.1.2. Class FCS: Cryptographic Support............................................................................................................. 50
6.1.3. Class FDP: User Data Protection ................................................................................................................ 51
6.1.4. Class FIA: Identification and Authentication....................................................................................... 67
6.1.5. Class FMT: Security Management ............................................................................................................ 70
6.1.6. Class FPT: Protection of the TSF ................................................................................................................ 90
6.1.7. Class FTA: TOE Access..................................................................................................................................... 92
6.1.8. Class FTP: Trusted Path/Channels ............................................................................................................. 92
6.2. Security Assurance Requirements ......................................................................................................93
6.3. Security Requirement Rationale.........................................................................................................94
6.3.1. Security Functional Requirements Rationale........................................................................................ 94
6.3.2. Dependencies of Security Functional Requirements.......................................................................102
6.3.3. Security Assurance Requirements Rationale ......................................................................................107
7. TOE SUMMARY SPECIFICATION ................................................................................. 108
7.1. Security Functions ................................................................................................................................. 108
7.1.1. Hard Disk Data Overwrite (TSF_IOW) ...................................................................................................110
7.1.2. Hard Disk Data Encryption (TSF_CIPHER) ..........................................................................................111
7.1.3. User Authentication (TSF_USER_AUTH) .............................................................................................111
7.1.4. System Administrator’s Security Management (TSF_FMT) ........................................................117
7.1.5. Customer Engineer Operation Restriction (TSF_CE_LIMIT) ........................................................119
7.1.6. Security Audit Log (TSF_FAU)...................................................................................................................120
7.1.7. Internal Network Data Protection (TSF_NET_PROT) .....................................................................122
7.1.8. Information Flow Security (TSF_INF_FLOW).....................................................................................124
7.1.9. Self Test (TSF_S_TEST) ................................................................................................................................125
8. ACRONYMS AND TERMINOLOGY ............................................................................... 126
8.1. Acronyms .................................................................................................................................................. 126
8.2. Terminology............................................................................................................................................. 127
9. REFERENCES ........................................................................................................................ 131
- iii -
- List of Figures and Tables -
Figure 1 General Operational Environment...........................................................................................................6
Figure 2 MFD Units and TOE Logical Scope..........................................................................................................9
Figure 3 Authentication Flow for Private Print and Mailbox........................................................................12
Figure 4 MFD Units and TOE Physical Scope.....................................................................................................17
Figure 5 Assets under and not under Protection..............................................................................................25
Table 1 Function Types and Functions provided by the TOE ..........................................................................2
Table 2 User Role Assumptions ..................................................................................................................................8
Table 3 TOE Basic Functions.....................................................................................................................................10
Table 4 Assets for User Data ....................................................................................................................................23
Table 5 Assets for TSF Data......................................................................................................................................24
Table 6 Other Assets....................................................................................................................................................24
Table 7 Threats to User Data and TSF Data......................................................................................................26
Table 8 Organizational Security Policies ..............................................................................................................27
Table 9 Assumptions....................................................................................................................................................27
Table 10 Security Objectives for the TOE ............................................................................................................28
Table 11 Security objectives for the environment ...........................................................................................29
Table 12 Assumptions / Threats / Organizational Security policies and the Corresponding
Security Objectives ..............................................................................................................................................30
Table 13 Security Objectives Rationale for Security Problem......................................................................30
Table 14 Security functional Requirements........................................................................................................40
Table 15 Auditable Events of TOE and Individually Defined Auditable Events ...................................43
Table 16 Common Access Control SFP .................................................................................................................51
Table 17 SFR Package attributes ............................................................................................................................52
Table 18 Function Access Control SFP ..................................................................................................................53
Table 19 PRT Access Control SFP............................................................................................................................54
Table 20 SCN Access Control SFP...........................................................................................................................55
Table 21 CPY Access Control SFP............................................................................................................................55
Table 22 FAX Access Control SFP............................................................................................................................56
Table 23 DSR Access Control SFP ...........................................................................................................................56
Table 24 D.FUNC Operation List.............................................................................................................................57
Table 25 List of Security Functions ........................................................................................................................71
Table 26 Security Attributes and Authorized Roles.........................................................................................72
Table 27 Security Attributes and Authorized Roles (Function Access).....................................................73
Table 28 Security Attributes and Authorized Roles(PRT) ..............................................................................74
Table 29 Security Attributes and Authorized Roles (SCN)............................................................................75
Table 30 Security Attributes and Authorized Roles (FAX) .............................................................................77
Table 31 Security Attributes and Authorized Roles (DSR) ............................................................................78
Table 32 Security Attributes and Authorized Roles (D.FUNC) ....................................................................79
- iv -
Table 33 Initialization property ..............................................................................................................................79
Table 34 Initialization property ..............................................................................................................................81
Table 35 Initialization property ..............................................................................................................................84
Table 36 Operation of TSF Data.............................................................................................................................84
Table 37 Operation of TSF Data.............................................................................................................................86
Table 38 Security Management Functions Provided by TSF .......................................................................86
Table 39 Security Assurance Requirements........................................................................................................93
Table 40 Security Functional Requirements and the Corresponding Security Objectives................94
Table 41 Security Objectives to SFR Rationale..................................................................................................96
Table 42 Dependencies of Functional Security Requirements................................................................. 103
Table 43 Security Functional Requirements and the Corresponding TOE Security Functions..... 108
Table 44 Management of security attributes................................................................................................. 113
Table 45 Access Control for Basic Functions ................................................................................................... 115
Table 46 Access Control for User Data.............................................................................................................. 115
Table 47 Details of Security Audit Log .............................................................................................................. 120
Fuji Xerox C2265/C2263 Security Target
- 1 - Copyright
2016 by Fuji Xerox Co., Ltd
1. ST INTRODUCTION
This chapter describes Security Target (ST) Reference, TOE Reference, TOE Overview,
and TOE Description.
1.1. ST Reference
This section provides information needed to identify this ST.
ST Title:
Fuji Xerox DocuCentre-V C2265/C2263 models
with Hard Disk, Data Security, Scan, and Fax
Security Target
ST Version: V 1.1.7
Publication Date: March 18, 2016
Author: Fuji Xerox Co., Ltd.
1.2. TOE Reference
This section provides information needed to identify this TOE.
The TOE is DocuCentre-V C2265 and DocuCentre-V C2263.
The TOE name is integrated as below.
TOE Identification: Fuji Xerox DocuCentre-V C2265/C2263 models
with Hard Disk, Data Security, Scan, and Fax
Version: ・Controller ROM Ver. 1.0.13
・FAX ROM Ver. 2.0.8
Developer: Fuji Xerox Co., Ltd.
NOTE: When Fuji Xerox DocuCentre-V C2265/C2263 is not equipped with one or more of the
following: Hard Disk, Data Security, Scan, and Fax functions, the corresponding kits described
below shall be installed.
・Function Extension Kit (Hard Disk): EC103136 (For Japan and for overseas)
・Fax Kit: QC100164 (For Japan), EC103127 (For overseas)
・Data Security Kit: EC103105 (For Japan)
・Scan Kit: EC103096 (For Japan), EC103123 (For overseas)
The followings are the target products.
(1) For Japan and for overseas
DocuCentre-V C2263: Controller ROM Ver. 1.0.13
FAX ROM Ver. 2.0.8
Fuji Xerox C2265/C2263 Security Target
- 2 - Copyright
2016 by Fuji Xerox Co., Ltd
(2) For overseas
DocuCentre-V C2265: Controller ROM Ver. 1.0.13
FAX ROM Ver. 2.0.8
1.3. TOE Overview
1.3.1. TOE Type and Major Security Features
1.3.1.1. TOE Type
This TOE, categorized as an IT product, is the Fuji Xerox DocuCentre-V C2265/C2263
(hereinafter referred to as “MFD”) which has the copy, print, scan, and fax functions.
The TOE is the product which controls the whole MFD and protects the data that are
transmitted over the encryption communication protocols.
These protocols protect the security of the TOE setting data, Mailbox, the security audit log
data and the document data on the internal network between the TOE and the remote.
The TOE also prevents the document data and the used document data in the internal HDD
from being disclosed by unauthorized person.
1.3.1.2. Function Types
Table 1 shows the Function types and functions provided by the TOE.
Table 1 Function Types and Functions provided by the TOE
Function types Functions provided by the TOE
Basic Function
- Control Panel
- Copy
- Print
- Scan
- Network Scan
- Fax
- Internet Fax Send
- CWIS
Security Function
- Hard Disk Data Overwrite
- Hard Disk Data Encryption System
- User Authentication
- Administrator’s Security Management
- Customer Engineer Operation Restriction
- Security Audit Log
- Internal Network Data Protection
- Information Flow Security
- Self Test
Fuji Xerox C2265/C2263 Security Target
- 3 - Copyright
2016 by Fuji Xerox Co., Ltd
・ As the TOE uses the Hard Disk Data Overwrite and Hard Disk Data Encryption functions, a
model to be used as the TOE shall be equipped with the internal HDD. Therefore, when the
model to be used is not equipped with the internal HDD, the internal HDD shall be
purchased and installed.
・ When a model to be used as the TOE does not have the Data Security function, the Data
Security Kit shall be purchased and installed. (The target products intended for Japan do
not have the Data Security function.)
・ As the TOE uses the following functions: fax, the Internet fax send, scan, and network scan,
when a model to be used as the TOE does not have one or more of the said functions, the
Fax Kit and/or Scan Kit shall be purchased and installed.
・ To use print function, the printer driver shall be installed to the external client for general
user and that for system administrator.
・ There are two types of user authentication, local authentication and remote
authentication, and the TOE behaves with either one of the authentication types
depending on the setting.
In this ST, the difference of the TOE behavior is described if the TOE behaves differently
depending on the type of authentication being used. Unless specified, the behavior of the
TOE is the same for both authentication types.
There are two types of remote authentication, LDAP authentication and Kerberos
authentication. To set SA (system administrator privilege) as user role assumption in
Kerberos authentication, LDAP server is also necessary.
Note:
・ For Japanese model does not have Remote Authentication function and S/MIME function.
Each function of Remote Authentication, S/MIME, E-mail, and Internet Fax Send that are
written in the following sections is subject to evaluation of for overseas model only.
・ The TOE’s optional functions to print from USB and store to USB are not included in the
target of evaluation.
Therefore, the [Store to USB] and [Media Print] buttons do not appear on the control panel.
1.3.1.3. Usage and Major Security Features of TOE
The TOE is mainly used to perform the following functions:
・ Copy function and Control Panel function are to read the original data from IIT and print
them out from IOT according to the general user’s instruction from the control panel.
When more than one copy of original data are ordered, the data read from IIT are first
stored into the MFD internal HDD. Then, the stored data are read out from the internal
HDD for the required number of times so that the required number of copies can be made.
・ Print function is to decompose and print out the print data transmitted by a general user
client.
・ CWIS (CentreWare Internet Services) is to retrieve the document data scanned by MFD
from Mailbox.
Fuji Xerox C2265/C2263 Security Target
- 4 - Copyright
2016 by Fuji Xerox Co., Ltd
It also enables a system administrator to refer to and rewrite TOE setting data via Web
browser.
・ Scan function and Control Panel function are to read the original data from IIT and store
them into Mailbox within the MFD internal HDD, according to the general user’s instruction
from the control panel.
The stored document data can be retrieved via standard Web browser by using CWIS.
・ Network Scan function and Control Panel function are to read the original data from IIT
and transmit the document data to FTP server, or Mail server, according to the information
set in the MFD. This function is operated according to the general user’s instruction from
the control panel.
・ Fax function and Control Panel function are to send and receive fax data. According to the
general user’s instruction from the control panel to send a fax, the original data are read
from IIT and then sent to the destination via public telephone line. The document data are
received from the sender’s machine via public telephone line and then stored in Mailbox.
・ The Internet Fax Send function and Control Panel function are to send and receive fax data
via the Internet, not public telephone line.
The TOE provides the following security features:
(1) Hard Disk Data Overwrite
To completely delete the used document data in the internal HDD, the data are overwritten
with new data after any job of copy, print, scan, etc. is completed.
(2) Hard Disk Data Encryption
The document data are encrypted before being stored into the internal HDD when using any
function of copy, print, scan, etc. or configuring various security function settings.
(3) User Authentication
Access to the TOE functions is restricted to the authorized user and this function identifies
and authenticates users. A user needs to enter his/her ID and password from the MFD
control panel, or general user client by using CWIS.
(4) System Administrator’s Security Management
This function allows only the system administrator identified and authorized from the
control panel or system administrator client to refer to and change the TOE security function
settings.
(5) Customer Engineer Operation Restriction
A system administrator can prohibit CE from referring to, and changing the TOE security
function settings.
(6) Security Audit Log
The important events of TOE such as device failure, configuration change, and user
Fuji Xerox C2265/C2263 Security Target
- 5 - Copyright
2016 by Fuji Xerox Co., Ltd
operation are traced and recorded based on when and who used what function.
(7) Internal Network Data Protection
This function protects the communication data on the internal network such as document
data, security audit log data, Mailbox and TOE setting data.
The following general encryption communication- protocols are supported: SSL/TLS, IPSec,
and S/MIME.
(8) Information Flow Security
This function restricts the unpermitted communication between external interfaces and
internal network.
(9) Self Test
This function verifies the integrity of TSF executable code and TSF data.
1.3.2. Environment Assumptions
This TOE is assumed to be used as an IT product at general office and to be connected to public
telephone line, user clients, and the internal network protected from threats on the external
network by firewall etc.
Figure 1 shows the general environment for TOE operation.
Fuji Xerox C2265/C2263 Security Target
- 6 - Copyright
2016 by Fuji Xerox Co., Ltd
Figure 1 General Operational Environment
1.3.3. Required Non-TOE Hardware and Software
In the operational environment shown in Figure 1, the TOE (MFD) and the following non-TOE
hardware/software exist.
(1) General user client:
The hardware is a general-purpose PC. When a client is connected to the MFD via the
internal network and when the printer driver is installed to the client, the general user can
request the MFD to print, and retrieve the document data.
The user can also request the MFD to retrieve the scanned document data via Web browser
by using scan function of the MFD. Additionally, the general user can change the settings
which he/she registered to the MFD: Mailbox name, password, access control, and automatic
deletion of document.
Public
Tel e pho ne
Line CE S
y
stem
Administrator
General User
General User Client
-Printer Driver
External
Network
Firewall
Internal
Network
S
y
stem
Administrator
S
y
stem Administrator
Client
-Web Browser
General User Client
-Printer Driver
-Web Browser
General User
USB
Mail Server
FTP Server
LDAP Server
Kerberos Server
TOE
General User
Fuji Xerox C2265/C2263 Security Target
- 7 - Copyright
2016 by Fuji Xerox Co., Ltd
When the client is connected to the MFD directly via USB and printer driver is installed to the
client, the user can request the MFD to print the document data.
(2) System administrator client:
The hardware is a general-purpose PC. A system administrator can refer to and change TOE
setting data via Web browser.
(3) Mail server:
The hardware/OS is a general-purpose PC or server. The MFD sends/receives document data
to/from Mail server via mail protocol.
(4) FTP server:
The hardware/OS is a general-purpose PC or server. The MFD sends document data to FTP
server via FTP.
(5) LDAP server:
The hardware/OS is a general-purpose PC or server. The MFD acquires identification and
authentication information from LDAP server via LDAP. In addition, it acquires SA
information of user role assumptions.
(6) Kerberos server:
The hardware/OS is a general-purpose PC or server. The MFD acquires identification and
authentication information from Kerberos server via Kerberos.
The OS of (1) general user client and (2) system administrator client are assumed to be
Windows Vista, and Windows 7.
The (5) LDAP server and (6) Kerberos server are assumed to be Windows Active Directory.
Fuji Xerox C2265/C2263 Security Target
- 8 - Copyright
2016 by Fuji Xerox Co., Ltd
1.4. TOE Description
This section describes user assumptions and logical/physical scope of this TOE.
1.4.1. User Assumptions
Table 2 specifies the roles of TOE users assumed in this ST.
Table 2 User Role Assumptions
Designation PP Definition Description
U.USER Any authorized User. User:
U.NORMAL A User who is authorized to
perform User Document Data
processing functions of the TOE.
General user:
A user of TOE functions such
as copy, print, and fax.
U.ADMINISTRATOR A User who has been specifically
granted the authority to manage
some portion or all of the TOE and
whose actions may affect the TOE
security policy (TSP).
Administrators may possess special
privileges that provide capabilities
to override portions of the TSP.
System administrator (key
operator and SA):
A user who is authorized to
manage the device using the
system administrator mode. A
system administrator can refer
to and change the TOE setting
for device operation and that
for security functions via TOE
control panel and Web
browser.
TOE Owner A person or organizational entity
responsible for protecting TOE
assets and establishing related
security policies.
Administrator of the
organization:
An administrator or
responsible official of the
organization which owns and
uses TOE.
Customer Engineer - A user who can configure the
TOE operational settings using
the interface for CE.
1.4.2. Logical Scope and Boundary
The logical scope of this TOE is each function of the programs.
Figure 2 shows the logical architecture of the MFD.
Fuji Xerox C2265/C2263 Security Target
- 9 - Copyright
2016 by Fuji Xerox Co., Ltd
Figure 2 MFD Units and TOE Logical Scope
There are the following 4 types for Channel.
a) Private Medium Interface
Control panel and local interface that cannot be accessed by multiple simultaneous
Users.
b) Shared Medium Interface
Mechanisms for exchanging information that can be simultaneously accessed by
multiple Users; such as network interface.
c) Original Document Handler
・Control Panel
・CWIS
・Copy
・Print
・Scan / Network Scan
・Fax
・Internet Fax Send
・Hard Disk Data Overwrite
・Hard Disk Data Encryption
・User Authentication
・System Administrator’s Security Management
・Customer Engineer Operation Restriction
・Security Audit Log
・Internal Network Data Protection
・Information Flow Security
・Self Test
Logical Scope
TOE
User Data
User
Document
Data
User
Function
Data
TSF Data
TSF
Confident
ial Data
Internal HDD / NVRAM / SEEPROM
Input
Channel(s)
Output
Channel(s)
・General User Client (Web Browser, Printer Driver)
・System Administrator Client (Web Browser)
・Servers (FTP Server, Mail Server, LDAP Server, Kerberos Server)
・Public Telephone Line(Fax)
・General User, System Administrator
TSF
Protected
Data
Fuji Xerox C2265/C2263 Security Target
- 10 - Copyright
2016 by Fuji Xerox Co., Ltd
Mechanisms for transferring User Document Data into the TOE in hardcopy form.
d) HardCopy Output Handler
Mechanisms for transferring User Document Data out of the TOE in hardcopy form.
1.4.2.1. Basic Functions
The TOE provides the functions of control panel, copy, print, scan, network scan, fax, internet fax
send, and CWIS to general user.
Table 3 TOE Basic Functions
Function Description
Copy Function Copy function is to read the original data from IIT and print them out
from IOT according to the general user’s instruction from the control
panel
When more than one copy of an original is ordered, the data read from IIT
are first stored into the MFD internal HDD. Then, the stored data are read
out from the internal HDD for the required number of times so that the
required number of copies can be made.
Print Function Print function is to print out the data according to the instruction from a
general user client. The print data created via printer driver are sent to the
MFD to be analyzed, decomposed, and printed out from IOT.
The print data are sent by either being decomposed to the data in PDL via
printer driver or the document file being designated directly from web
browser of CWIS.
The print function is of two types: the normal print in which the data are
printed out from IOT directly after decomposed and the Store Print in
which the bitmap data are temporarily stored in the internal HDD and
then printed out from IOT according to the general user’s instruction from
the control panel.
Scan Function,
Network Scan
Function
Scan function is to read the original data from IIT and then store them
into the internal HDD according to the general user’s instruction from the
control panel.
A general user can retrieve the stored document data from a general user
client via CWIS.
Network scan function is to read the original data from IIT and
automatically transmit them to a general user client, FTP server, or Mail
server according to the information set in the MFD. A general user can
request this function from the control panel.
Fax Function Fax function is to send and receive fax data. According to the general
user’s instruction from the control panel to send a fax, the original data
are read from IIT and sent to the destination via public telephone line.
The document data are received from the sender’s machine via public
Fuji Xerox C2265/C2263 Security Target
- 11 - Copyright
2016 by Fuji Xerox Co., Ltd
telephone line.
Internet Fax Send
Function
Internet Fax Send function is to send and receive fax data as in the normal
Fax function. According to the general user’s instruction from the control
panel to send a fax, the original data are read from IIT and sent to the
destination via the Internet.
Control Panel
Function
Control panel function is a user interface function for general user, CE, and
system administrator to operate MFD functions.
CWIS Function CWIS function is to operate from Web browser of a general user client for
general users.
CWIS also enables System Administrator’s Security Management by
which a system administrator can access and rewrite TOE setting data. For
this, a system administrator must be authenticated by his/her ID and
password entered from Web browser of a system administrator client.
1.4.2.2. Security Functions
The security functions provided by the TOE are the following.
(1) Hard Disk Data Overwrite
To completely delete the used document data in the internal HDD, the data are overwritten
with new data after each job (copy, print, scan, network scan, fax, or internet fax send) is
completed. Without this function, the used document data remain and only the
management data are deleted.
(2) Hard Disk Data Encryption
Some data such as the document data in Mailbox remain in the internal HDD even if the
machine is powered off. To solve this problem, the document data are encrypted before
being stored into the internal HDD when operating any function of copy, print, scan, network
scan, fax, and internet fax send or configuring various security function settings.
(3) User Authentication
Access to the MFD functions is restricted to the authorized user. To be identified and
authenticated, a user needs to enter his/her ID and password from MFD control panel, or the
CWIS/Printer Driver of the user client.
Only the authenticated user can use the following functions:
a) Functions controlled by the MFD control panel:
Copy, fax (send), internet fax send, scan, network scan, Mailbox, and print (This print
function requires the Accounting System preset from printer driver. A user must be
authenticated from the control panel for print job.)
b) Functions controlled by CWIS:
Display of device condition, display of job status and its log, function to retrieve
Fuji Xerox C2265/C2263 Security Target
- 12 - Copyright
2016 by Fuji Xerox Co., Ltd
TOE
document data from Mailbox, and print function by file designation.
c) Functions using printer driver of user client
The data of user client is decomposed to the print data described in PDL readable by
the MFD, and the print data are stored in TOE (Private Print Function).
When a user sends a print request from the printer driver in which the Accounting
System is preset, the MFD decomposes the received data into bitmap data and stores
the data in the internal HDD as private print according to the user ID.
Among the above functions which require user authentication, some particularly act as
security functions. The following are the security functions which prevent the unauthorized
reading of document data in the internal HDD by an attacker who is impersonating an
authorized user:
- The Store Print function (Private Print function) and the Mailbox function, which require
user authentication from the control panel.
- The function to retrieve document data from Mailbox(Mailbox function) which requires
user authentication by using CWIS, and the Store Print function(Private Print function) by file
designation using CWIS.
Figure 3 shows the authentication flow of Private Print Function and Mailbox Function.
Figure 3 Authentication Flow for Private Print and Mailbox
Print
Scanned Data,
Received Fax Data
User Client
Printer Driver
Web Browser
(CWIS)
Print Job Private
Print
Authentication
Mailbox
Authentication Authentication
Authentication from Control Panel
Fuji Xerox C2265/C2263 Security Target
- 13 - Copyright
2016 by Fuji Xerox Co., Ltd
Store Print Function (Private Print Function)
When the MFD is set to “Save as Private Charge Print,” and a user sends a print request from
the printer driver in which the Accounting System is preset, after the user has been
successfully identified and authenticated, the print data are decomposed into bitmap data,
classified according to the user ID, and temporarily stored in the corresponding Private Print
area within the internal HDD.
In the same way, when the user is authenticated by entering his/her ID and password from
CWIS for authentication, and the user sends a print request by designating the files within a
user client, the print data are temporarily stored in Private Print area according to the user
ID.
To refer to the stored print data, a user needs to enter his/her ID and password from the
control panel. When the user is authenticated, the data on the waiting list corresponding to
the user ID are displayed. The user can request printing or deletion of the data on the list.
Mailbox Function
The scanned data and received fax data can be stored into Mailbox from IIT and Fax board
which are not shown in Figure 3.
To store the scanned data into Mailbox, a user needs to enter his/her ID and password from
the control panel, and needs to be authenticated to use scan function.
When the user is authenticated, the document data can be scanned from IIT and stored into
the internal HDD according to the user’s instruction from the control panel.
To store the received fax data into Mailbox, user authentication is not required. Among the
received fax data transmitted over public telephone line, the following data are
automatically classified and stored into each corresponding Mailbox: the received fax data
whose corresponding Mailbox is specified by the sender. Also, all the received fax data can
be distributed and stored into Mailbox according to over which line the data are transmitted.
To retrieve, print, or delete the stored data in the Personal Mailbox corresponding to the each
registered user’s ID, user authentication is required; the MFD compares the user ID and
password preset in the device against those entered by a user from the control panel, or the
CWIS
(4) System Administrator’s Security Management
To grant a privilege to a specific user, this TOE allows only the authenticated system
administrator to access the System Administrator mode which enables him/her to refer to
and set the following security functions from the control panel:
・ Refer to and set the Hard Disk Data Overwrite;
・ Refer to and set the Hard Disk Data Encryption;
・ Set the cryptographic seed key for Hard Disk Data Encryption;
・ Refer to and set the function that use password entered from MFD control panel in user
authentication;
Fuji Xerox C2265/C2263 Security Target
- 14 - Copyright
2016 by Fuji Xerox Co., Ltd
・ Set the ID and the password of key operator (only a key operator is privileged);
・ Refer to and set the ID of SA / general user and set the password(with local authentication
only);
・ Refer to and set the access denial when system administrator’s authentication fails;
・ Refer to and set the limit of user password length (for general user and SA, with local
authentication only);
・ Refer to and set the SSL/TLS communication;
・ Refer to and set the IPSec communication;
・ Refer to and set the S/MIME communication;
・ Refer to and set the User Authentication;
・ Refer to and set the Store Print;
・ Refer to and set the date and time;
・ Refer to and set Auto Clear of Control Panel;
・ Refer to and set the Self Test;
・ Refer to and set the Report print;
Additionally, this TOE allows only the system administrator, who is authenticated from the
system administrator client via Web browser using CWIS, to refer to and set the following
security functions via CWIS:
・ Set the ID and the password of key operator (only a key operator is privileged);
・ Refer to and set the ID of SA / general user and set the password(with local authentication
only);
・ Refer to and set the access denial when system administrator’s authentication fails;
・ Refer to and set the limit of user password length (for general user and SA, with local
authentication only);
・ Refer to and set the Security Audit Log;
・ Refer to and set the SSL/TLS communication;
・ Refer to and set the IPSec communication;
・ Refer to and set the S/MIME communication;
・ Create/upload/download an X.509 certificate;
・ Refer to and set the User Authentication;
・ Refer to and set the Auto Clear of CWIS;
(5) Customer Engineer Operation Restriction
This TOE allows only the authenticated system administrator to refer to or enable/disable
the Customer Engineer Operation Restriction setting from the control panel and CWIS. For
this, CE cannot refer to or change the setting of each function described in (4) System
Administrator’s Security Management.
(6) Security Audit Log
The important events of TOE such as device failure, configuration change, and user
operation are traced and recorded based on when and who operated what function. Only a
Fuji Xerox C2265/C2263 Security Target
- 15 - Copyright
2016 by Fuji Xerox Co., Ltd
system administrator can supervise or analyze the log data by downloading them in the
form of tab-delimited text file via Web browser using CWIS. To download the log data,
SSL/TLS communication needs to be enabled.
(7) Internal Network Data Protection
The communication data on the internal network such as document data, Mailbox, security
audit log data, and TOE setting data are protected by the following general encryption
communication-protocols:
・ SSL/TLS
・ IPSec
・ S/MIME
(8) Information Flow Security
This TOE has the function of restricting the unpermitted communication between external
interfaces and internal network.
Fax board of TOE device option is connected to a controller board via USB interface, but the
unauthorized access from a public telephone line to the inside TOE or internal network via
fax board cannot be made.
(9) Self Test
This TOE can execute the self test function to verify the integrity of TSF executable code and
TSF data.
1.4.2.3. Settings for the Secure Operation
System administrator shall set the following to enable security functions in 1.4.2.2.
Hard Disk Data Overwrite
Set to [1 Overwrite] or [3 Overwrites]
Hard Disk Data Encryption
Set to [Enabled]
Passcode Entry from Control Panel
Set to [Enabled]
Access denial when system administrator’s authentication fails
Default [5] Times
User Passcode Minimum Length (for general user and SA)
Set to [9] characters
SSL/TLS
Set to [Enabled]
IPSec
Set to [Enabled]
S/MIME
Other manuals for DocuCentre-V C2265
1
This manual suits for next models
1
Table of contents
Other Fuji Xerox Copier manuals
Fuji Xerox
Fuji Xerox DocumentCentre C400 Series User manual
Fuji Xerox
Fuji Xerox DC1010S User manual
Fuji Xerox
Fuji Xerox ApeosPort-IV 5070 Use and care manual
Fuji Xerox
Fuji Xerox D125 User manual
Fuji Xerox
Fuji Xerox ApeosPort-IV C7780 User manual
Fuji Xerox
Fuji Xerox Document Centre 706 User manual
Fuji Xerox
Fuji Xerox DocuPrint 3105 User manual
Fuji Xerox
Fuji Xerox DC 236 User manual
Fuji Xerox
Fuji Xerox DocuPrint CM415 AP User manual
Fuji Xerox
Fuji Xerox DocuColor 5065II User manual
