Ricoh Pro 1107 Guide

Print Controller Design Guide for Information Security



Visit our Knowledgebase at: http://www ricoh-usa com/support/knowledgebase asp

04/23/2010

Print Controller Design Guide for

Information Security:

Product

Code GESTETNER LANIER RICOH SAVIN

G188

G189

C8140ND

C8150ND

LP540C

LP550C

SP C820DN

SP C821DN

CLP340D

CLP350D

D059

D060

D061

Pro 907EX

Pro 1107EX

Pro 1357EX

Pro 907EX

Pro 1107EX

Pro 1357EX

Pro 907EX

Pro 1107EX

Pro 1357EX

Pro 907EX

Pro 1107EX

Pro 1357EX

M002

M003

M004

Pro 907

Pro 1107

Pro 1357

Pro 907

Pro 1107

Pro 1357

Pro 907

Pro 1107

Pro 1357

Pro 907

Pro 1107

Pro 1357

D062

D063

D065

D066

MP6001

MP6001 SP

MP 7001

MP 7001SP

MP 8001

MP 8001SP

MP 9001

MP 9001SP

LD360

LD360sp

LD370

LD370sp

LD380

LD380sp

LD390

LD390sp

AFICIO MP 6001

MP 6001 SP

MP 7001

MP 7001 SP

MP 8001

MP 8001 SP

MP 9001

MP 9001 SP

9060

9060sp

9070

9070sp

9080

9080sp

9090

9090sp

M001 SP 4210N LP37N AFICIO SP4210N MLP37N

Print Controller Design Guide for Information Security

Page 2 of 8

TABLE OF CONTENTS

1 Internal System Configuration 7

1-1 Hardware Configuration 7

1-1-1 MFP 7

1-1-2 LP 9

1-2 Software Configuration 11

1-2-1 Shared Service Layers 11

1-2-2 Principal Machine Functions 12

1-3 Data Security 14

1-3-1 External I/F 14

1-3-2 Protection of Program Data from Illegal Access via an External Device 14

1-4 Protection of MFP/LP Firmware 17

1-4-1 Firmware Installation/Update 17

1-4-2 Verification of Firmware/Program Validity 20

1-5 Authentication, Access Control 21

1-5-1 Authentication 21

1-5-2 IC Card Authentication 24

1-5-3 Access Control 25

1-6 Administrator Settings 26

1-7 Data Protection 27

1-7-1 Data Erase/Overwrite 27

1-7-2 Encryption of Stored Data 29

1-7-3 Protection of Address Book Data 32

1-7-4 Document Server Documents (MFP models only) 33

1-8 Job/Access Logs 35

1-9 Capture (MFP Models Only) 39

1-9-1 Overview of Capture Operations 39

1-9-2 Operations that Generate Captured Images 39

Print Controller Design Guide for Information Security

Page 3 of 8

1-9-3 Capture Settings 41

1-9-4 Security Considerations 42

1-9-5 Captured Documents and Log Data 42

1-10 Additional Methods for Increased Security 42

2 Principal Machine Functions 43

2-1 Copier (MFP Models Only) 43

2-1-1 Overview of Copier Operations 43

2-1-2 Data Security Considerations 43

2-1-3 Protection of Copy Jobs in Progress 43

2-1-4 Protection of Document Server Documents 43

2-1-5 Protection of Copier/Document Server Features 45

2-1-6 Restricting the Available Functions for Each Individual User 45

2-1-7 Job/Access Log Data Collection 45

2-1-8 Print Backup 45

2-2 Printer 47

2-2-1 Overview of Printer Operations 47

2-2-2 Data Flow 47

2-2-3 Data Security Considerations 51

2-3 Scanner (MFP Models Only) 54

2-3-1 Overview of Scanner Operations 54

2-3-2 Data Flow Security Considerations 54

2-3-3 Protection of Data when Performing Scanning and Sending Operations 55

2-3-4 Protection of Document Server Documents 56

2-3-5 Protection of Sending Results and Status Information 57

2-3-6 Protection of the Scanner Features Settings 57

2-3-7 Data Stored in the Job Log 58

2-3-8 Terminology 58

2-4 FAX (MFP Models Only) 59

2-4-1 Overview of FAX operations 59

Print Controller Design Guide for Information Security

Page 4 of 8

2-4-2 Data Security Considerations 60

2-4-3 Protection of the Journal and Documents in Document Server Storage 61

2-4-4 Protection of FAX Transmission Operations 61

2-4-5 Protection of FAX Features Settings 62

2-4-6 The “Extended Security” Feature 62

2-4-7 Job Log 62

2-4-8 Protection of Internet FAX Transmissions using S/MIME 62

2-4-9 Preventing FAX Transmission to Unintended Destination(s) 63

2-5 NetFile (GWWS) 64

2-5-1 Overview of NetFile Operations 64

2-5-2 Data Flow 65

2-5-3 Supplementary 65

2-5-4 Data Security Considerations 67

2-6 Web Applications 69

2-6-1 Web Server Framework 69

2-6-2 WebDocBox (MFP models only) 70

3 Optional Features 73

3-1 @Remote 73

3-1-1 Overview of @Remote Operations 73

3-1-2 Data Security Considerations 73

3-2 The “Copy Data Security” Feature 74

3-2-1 Overview of Copy Data Security Operations 74

3-2-2 Data Flow 75

4 Device SDK Applications (DSDK) 77

4-1 Overview of Operations 77

4-1-1 Installation 78

4-1-2 Overview of SDK Application Functions 79

4-2 Data Flow 80

4-2-1 Scanning Functions: Sending Data Over the Network with the Copier and Scanner

Print Controller Design Guide for Information Security

Page 5 of 8

(MFP models only) 80

4-2-2 FAX Functions (MFP models only) 80

4-2-3 Network Functions 81

4-2-4 Printer Functions 81

4-2-5 Machine Administrative Functions (MFP models only) 81

4-2-6 Authentication Functions 81

4-3 Data Security Considerations 83

4-3-1 Preventing the Installation of Illegal Applications 83

4-3-2 Authentication of SDK Applications at Installation 83

4-3-3 Prevention of Access to Address Book Data and Machine Management Data 85

4-3-4 Protection Against Attacks on Principal MFP/LP Functions, Prevention of Damage to

the System 85

4-3-5 Protection Against Attacks from External Sources 85

4-3-6 Certification of the SDK Application 86

Print Controller Design Guide for Information Security

Page of 8

Overview

This document describes the structural layout and functional operations of the hardware and software for

the multi-functional products and laser printers listed below (herein referred to as the “MFP” and “LP”,

respectively), which were designed and developed by Ricoh Co Ltd (herein referred to as Ricoh), as well

as the information security of image data and other information handled internally by Ricoh MFP/LPs

The explanations will primarily focus on the following, with particular attention to demonstrating how

unauthorized access is not possible to local network environments via FAX telecommunications lines, nor

to any of the data stored in the MFP/LP

• Operational summaries

• Data flow

• Data security considerations

Products to Which This Document Applies

This document applies to the following MFPs/LPs designed and developed by Ricoh:

Product

Code GESTETNER LANIER RICOH SAVIN

G188

G189

C8140ND

C8150ND

LP540C

LP550C

SP C820DN

SP C821DN

CLP340D

CLP350D

D059

D060

D061

Pro 907EX

Pro 1107EX

Pro 1357EX

Pro 907EX

Pro 1107EX

Pro 1357EX

Pro 907EX

Pro 1107EX

Pro 1357EX

Pro 907EX

Pro 1107EX

Pro 1357EX

M002

M003

M004

Pro 907

Pro 1107

Pro 1357

Pro 907

Pro 1107

Pro 1357

Pro 907

Pro 1107

Pro 1357

Pro 907

Pro 1107

Pro 1357

D062

D063

D065

D066

MP6001

MP6001 SP

MP 7001

MP 7001SP

MP 8001

MP 8001SP

MP 9001

MP 9001SP

LD360

LD360sp

LD370

LD370sp

LD380

LD380sp

LD390

LD390sp

AFICIO MP 6001

MP 6001 SP

MP 7001

MP 7001 SP

MP 8001

MP 8001 SP

MP 9001

MP 9001 SP

9060

9060sp

9070

9070sp

9080

9080sp

9090

9090sp

M001 SP 4210N LP37N AFICIO SP4210N MLP37N

Note: Some of the hardware (e g external I/F) and functions described in this document may not be

supported by the end user’s machine For these details, please refer to the Operating Instructions

for the specific machine in question

Print Controller Design Guide for Information Security

Page 7 of 8

1. Internal System Configuration

1-1 Hardware Configuration

1-1-1 MFP

Internet

System

Control

Flash ROM

Controller

Engine

Processing and

Control Unit

NVRAM

- Settings

- Counters

SD Card I/F

Ethernet

Type

TypeA

Parallel

Gigabit

Ethernet

Wireless

LAN

luetooth

IC Card Reader

Pict ridge

Compatible

Device

RC Gate

TPM

Operation

Panel

IEEE 1394

External Charge

Device I/F

External Charge

Device

File Format

Converter

External

Controller I/F

oard

FCU

To Public

Tel. Line

FAX comm.

control

Line

I/F

SAF

Scanning

Image

Processing

Image

Processing

・CPU

・

RAM

- Page memory

- Firmware

Encryption

Processor

HDD

- Image data

- Mgmt. data

Host I/F

Optional I/F:

Printing

Print Controller Design Guide for Information Security

Page 8 of 8

• Serial communication between the external charge device I/F and external coin/card-operated

devices

• External controller I/F board: Acts as the interface between the MFP and external controller

• File Format Converter: Converts the file format of image files

• RC Gate: Intermediary device connected to the MFP/LP via an Ethernet connection for performing

remote diagnostic operations including firmware updates and settings changes

• SD card I/F: Used for performing service maintenance and as an interface for firmware storage media

• RAM, HDD: Image data stored in the RAM and HDD memory undergoes compression, decompression

and other image processing

• HDD storage: Data stored on the HDD is encrypted

• TPM (Trusted Platform Module): When the MFP/LP main power is turned on, this security module

(chip) performs a verification on the validity of the software installed on the hardware platform, which

includes checking for any illegal alterations

Print Controller Design Guide for Information Security

Page 9 of 8

1-1-2 LP

Internet

System

Control

Flash ROM

Controller

Engine

Processing and

Control Unit

NVRAM

- Settings

- Counters

SD Card I/F

Ethernet

Type

TypeA

Parallel

Gigabit

Ethernet

Wireless

LAN

luetooth

IC Card Reader

Pict ridge

Compatible

Device

RC Gate

TPM

Operation

Panel

Printing

Image

Processing

・CPU

・

RAM

- Page memory

- Firmware

Encryption

Processor

HDD

- Image data

- Mgmt. data

Host I/F

Optional I/F:

Print Controller Design Guide for Information Security

Page 10 of 8

• RC Gate: Intermediary device connected to the LP via an Ethernet connection for performing remote

diagnostic operations including firmware updates and settings changes

• SD card I/F: Used for performing service maintenance and as an interface for firmware storage media

• RAM, HDD: Image data stored in the RAM and HDD memory undergoes compression, decompression

and other image processing

• HDD storage: Data stored on the HDD is encrypted

• TPM (Trusted Platform Module): When the MFP/LP main power is turned on, this security module

(chip) performs a verification on the validity of the software installed on the hardware platform, which

includes checking for any illegal alterations

Other manuals for Pro 1107

This manual suits for next models

Other Ricoh Controllers manuals

Ricoh

Ricoh 700 Series User manual

Ricoh

Ricoh Fiery E-820 User manual

Ricoh

Ricoh Prinect DFE Quick start guide

Ricoh

Ricoh AFICIO 1055 User manual

Ricoh

Ricoh E-7000 User manual

Ricoh

Ricoh Interactive Whiteboard Controller Type 2 User manual

Ricoh

Ricoh Interactive Whiteboard Controller Type 1 Manual

Ricoh

Ricoh Interactive Whiteboard Controller Type 1 User manual

Ricoh

Ricoh E-7100 Guide

Ricoh

Ricoh Stinger-C1 B305 User manual

Ricoh

Ricoh RV5VH Instructions for use

Ricoh

Ricoh Pro C5100S Reference manual

Ricoh

Ricoh Y406 Quick start guide

Popular Controllers manuals by other brands

Digiplex

Digiplex DGP-848 Programming guide

YASKAWA

YASKAWA SGM series user manual

Sinope

Sinope Calypso RM3500ZB installation guide

Isimet

Isimet DLA Series Style 2 Installation, Operations, Start-up and Maintenance Instructions

LSIS

LSIS sv-ip5a user manual

Rockwell Automation

Rockwell Automation 1769-L31 installation instructions

Airflow

Airflow Uno hab Installation and operating instructions

ABB

ABB ACS580-01 drives Hardware manual

Panasonic

Panasonic GM1 Series Reference manual

Emerson

Emerson SW93 owner's manual

AutoAqua

AutoAqua Smart ATO micro SATO-120P manual

Panasonic

Panasonic FP? Positioning Unit RTEX Technical manual

Samson

Samson Type 5824 Mounting and operating instructions

Alpha IP

Alpha IP MIOB 21001 manual

Siemens

Siemens OpenAir GMA 1 Series Mounting instructions

Surecom

Surecom SR-629 user manual

Fishman

Fishman TriplePlay installation guide

Regulus

Regulus SRS1 T Installation and operation manual