Samsung X4220 User manual

This is proprietary information of SAMSUNG ELECTRONICS Co., Ltd. No part of the information contained in

this document may be reproduced without the prior consent of SAMSUNG ELECTRONICS Co., Ltd

Samsung Multifunction MultiXpress X4220, X4250, X4300,

X401, K4250, K4300, K4350, K401 Series

Security Target

Version 1.2

SAMSUNG ELECTRONICS Co., Ltd.

Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series

Document History

VERSION

DATE

DESCRIPTION OF CHANGE

SECTIONS

AFFECTED

REVISED BY

1.0

2014-04-27

Initial version

ALL

Kwangwoo Lee

1.1

2014-09-30

KSEL-CC-2014-EOR-03-V1.00

ALL

Kwangwoo Lee

1.2

2014-10-14

Error Correction

ALL

Kwangwoo Lee

Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series

CONTENTS

1Introduction ...................................................................................................................................7

1.1 SECURITY TARGET REFERENCES .....................................................................................7

1.2 TOE REFERENCES............................................................................................................7

1.3 TOE OVERVIEW...............................................................................................................7

1.3.1 TOE Type, Usage and Security features........................................................................................7

1.4 TOE DESCRIPTION...........................................................................................................9

1.4.1 TOE Operational Environment .....................................................................................................9

1.4.2 Non-TOE Hardware/Software required by the TOE...................................................................11

1.4.3 Physical Scope.............................................................................................................................12

1.4.4 Logical Scope..............................................................................................................................15

1.5 CONVENTIONS................................................................................................................19

1.6 TERMS AND DEFINITIONS...............................................................................................21

1.7 ACRONYMS ....................................................................................................................23

1.8 ORGANIZATION..............................................................................................................24

2Conformance Claims...................................................................................................................25

2.1 CONFORMANCE TO COMMON CRITERIA........................................................................25

2.2 CONFORMANCE TO PROTECTION PROFILES...................................................................25

2.3 CONFORMANCE TO PACKAGES ......................................................................................25

2.4 CONFORMANCE CLAIM RATIONALE ..............................................................................26

2.4.1 Security Problem Definition Related Conformance Claim Rationale.........................................26

2.4.2 Security Objectives Related Conformance Claim Rationale .......................................................27

2.4.3 Security Functional Requirements related Conformance Claim Rationale.................................28

2.4.4 Security Assurance Requirements related Conformance Claim Rationale .................................30

2.4.5 TOE type related Conformance Claim Rationale........................................................................31

3Security Problem Definition .......................................................................................................32

3.1 THREATS AGENTS...........................................................................................................32

3.1.1 Threats to TOE Assets.................................................................................................................32

3.2 ORGANIZATIONAL SECURITY POLICIES.........................................................................33

3.3 ASSUMPTIONS ................................................................................................................33

3.3.1 Assumptions for the TOE.............................................................................................................33

4Security Objectives......................................................................................................................35

4.1 SECURITY OBJECTIVES FOR THE TOE............................................................................35

4.1.1 Security Objectives for the TOE..................................................................................................35

4.1.2 Security Objectives for the TOE (Additional)..............................................................................36

4.2 SECURITY OBJECTIVES FOR OPERATIONAL ENVIRONMENT..........................................36

4.2.1 Security Objectives for Operational Environment ......................................................................36

4.3 SECURITY OBJECTIVES RATIONALE ..............................................................................38

5Extended Component Definition................................................................................................41

5.1 FPT_FDI_EXP RESTRICTED FORWARDING OF DATA TO EXTERNAL INTERFACES........41

6Security Requirements................................................................................................................43

6.1 SECURITY FUNCTIONAL REQUIREMENTS ......................................................................47

6.1.1 Class FAU: Security Audit ..........................................................................................................48

6.1.2 Class FCS: Cryptographic support.............................................................................................51

6.1.3 Class FDP: User data protection................................................................................................52

6.1.4 Class FIA: Identification and authentication..............................................................................57

Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series

6.1.5 Class FMT: Security management ..............................................................................................59

6.1.6 Class FPT: Protection of the TSF ...............................................................................................64

6.1.7 Class FTA: TOE access...............................................................................................................65

6.1.8 Class FTP: Trusted path/channels..............................................................................................65

6.2 SECURITY ASSURANCE REQUIREMENTS........................................................................66

6.2.1 Class ASE: Security Target evaluation .......................................................................................67

6.2.2 Class ADV: Development............................................................................................................71

6.2.3 Class AGD: Guidance documents...............................................................................................73

6.2.4 Class ALC: Life-cycle support ....................................................................................................74

6.2.5 Class ATE: Tests .........................................................................................................................76

6.2.6 Class AVA: Vulnerability assessment..........................................................................................78

6.3 SECURITY REQUIREMENTS RATIONALE.........................................................................79

6.3.1 Security Functional Requirements’ Rationale.............................................................................79

6.3.2 Security Assurance Requirements Rationale...............................................................................84

6.4 DEPENDENCY RATIONALE .............................................................................................84

6.4.1 SFR Dependencies.......................................................................................................................84

6.4.2 SAR Dependencies.......................................................................................................................86

7TOE Summary Specification......................................................................................................87

7.1 TOE SECURITY FUNCTIONS...........................................................................................87

7.1.1 Identification & Authentication (TSF_FIA) ................................................................................87

7.1.2 Network Access Control (TSF_NAC)..........................................................................................88

7.1.3 Security Management (TSF_FMT)..............................................................................................89

7.1.4 Security Audit (TSF_FAU) ..........................................................................................................91

7.1.5 Image Overwrite (TSF_IOW)......................................................................................................92

7.1.6 HDD Data Encryption (TSF_NVE).............................................................................................92

7.1.7 Fax Data Control (TSF_FLW)....................................................................................................93

7.1.8 Self Testing (TSF_STE) ...............................................................................................................93

7.1.9 Secure Communication (TSF_SCO)............................................................................................93

Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series

LIST OF FIGURES

Figure 1: Operational Environment of the TOE ............................................................................................................9

Figure 2: Logical Scope...............................................................................................................................................15

Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series

LIST OF TABLES

Table 1: General Specification for TOE......................................................................................................................10

Table 2: Non-TOE Hardware ......................................................................................................................................11

Table 3: Non-TOE Software........................................................................................................................................11

Table 4: Notational Prefix Conventions ......................................................................................................................19

Table 5: Acronyms ......................................................................................................................................................23

Table 6: Security Problem Definition Related Conformance Claim Rationale - Threats............................................26

Table 7: Security Problems Definition Related Conformance Claim Rationale - Organizational Security Policies...27

Table 8: Security Problems Definition Related Conformance Claim Rationale - Assumptions..................................27

Table 9: Security Objectives Related Conformance Claim Rationale –Security Objectives for the TOE..................27

Table 10: Security Objectives related Conformance Claim Rationale –Security Objectives for the Operational

Environment.......................................................................................................................................................28

Table 11: Security Functional Requirements related Conformance Claim Rationale .................................................28

Table 12: Security Assurance Requirements related Conformance Claim Rationale..................................................30

Table 13: TOE type related Conformance Claim Rationale........................................................................................31

Table 14: Threats to User Data for the TOE................................................................................................................32

Table 15: Threats to TSF Data for the TOE ................................................................................................................32

Table 16: Organizational Security Policies..................................................................................................................33

Table 17: Assumptions for the TOE............................................................................................................................33

Table 18: Security Objectives for the TOE .................................................................................................................35

Table 19: Security Objectives for the TOE (Additional).............................................................................................36

Table 20: Security Objectives for Operational Environment.......................................................................................36

Table 21: Completeness of Security Objectives..........................................................................................................38

Table 22: Sufficiency of Security Objectives..............................................................................................................39

Table 23: Users............................................................................................................................................................43

Table 24: User Data.....................................................................................................................................................43

Table 25: TSF Data......................................................................................................................................................44

Table 26: TSF Data......................................................................................................................................................44

Table 27: Functions .....................................................................................................................................................45

Table 28: Attributes.....................................................................................................................................................46

Table 29: External Entities ..........................................................................................................................................46

Table 30: Security Functional Requirements...............................................................................................................47

Table 31: Audit data ....................................................................................................................................................49

Table 32: Common Access Control SFP .....................................................................................................................53

Table 33: TOE Function Access Control SFP .............................................................................................................54

Table 34: Service (PRT, SCN, CPY, FAX) Access Control SFP................................................................................55

Table 35: Management of Security Attributes.............................................................................................................60

Table 36: Management of TSF data ............................................................................................................................62

Table 37: Management Functions ...............................................................................................................................63

Table 38: Security Assurance Requirements (EAL2 augmented by ALC_FLR.2) .....................................................66

Table 39: Completeness of Security Objectives..........................................................................................................80

Table 40: Security Requirements Rationale ................................................................................................................81

Table 41: Dependencies on the TOE Security Functional Components......................................................................84

Table 42 : Management of Security Attributes............................................................................................................89

Table 43: Management of TSF data ............................................................................................................................90

Table 44: Management Functions ...............................................................................................................................90

Table 45: Security Audit Event ...................................................................................................................................91

Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series

1Introduction

This document describes Security Target of Samsung Multifunction MultiXpress X4220, X4250,

X4300, X401, K4250, K4300, K4350, K401 Series.

1.1 Security Target References

Security Target Title

Samsung Multifunction MultiXpress X4220, X4250, X4300,

X401, K4250, K4300, K4350, K401 Series Security Target

Security Target Version

V1.2

Publication Date

October 14, 2014

Authors

SAMSUNG ELECTRONICS Co., Ltd.

Certification body

IT Security Certification Center (ITSCC)

CC Identification

Common Criteria for Information Technology Security

(CC Version 3.1 Revision 4)

Keywords

Samsung Electronics, Multifunction, Security, IEEE Std 2600.2TM-2009

1.2 TOE References

Developer SAMSUNG ELECTRONICS Co., Ltd.

Name Samsung Multifunction MultiXpress X4220, X4250, X4300,

X401, K4250, K4300, K4350, K401 Series

Version B6.09

Hardware (MFP Model) X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series

1.3 TOE Overview

1.3.1 TOE Type, Usage and Security features

This TOE is MFPs (Multi-Function Peripherals) as an IT product. It controls the operation of the

entire MFP, including copy, print, scan, and fax functions on the MFP controller.

This TOE can be used in a wide variety of environments such as home use by consumers, home or

office use by small businesses, office use by medium or large organizations, self-service use by the

public in retail copy shops, libraries, business centers, or educational institutions, and production use

by commercial service providers. This TOE may contain or process valuable or sensitive assets that

need to be protected from unauthorized disclosure and alteration. The utility of the device itself may

be considered a valuable asset which also needs to be protected. There is also a need to ensure that the

TOE cannot be misused in such a way that it causes harm to devices with which it shares network

connections. This TOE is intended to conform the requirements of IEEE Std 2600.2TM-2009. IEEE

Std 2600.2TM-2009 has defined Operational Environment B. Operational Environment B is generally

characterized as a commercial information processing environment in which a moderate level of

document security, network security, and security assurance are required. Typically, this environment

will handle the day-to-day proprietary and nonproprietary information needed to operate an enterprise.

The TOE provides the following security features:

Identification & Authentication

The TOE receives U.USER’s information (e.g. ID, password, domain, etc.) through either the

LUI or the RUI, and performs identification & authentication functions using the acquired

information. The TOE provides two types of user identification and authentication methods.

If U.ADMINISTRATOR configures the local authentication, the MFP will authenticate the

Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series

U.USER against an internal database. If U.ADMINISTRATOR selects the external

authentication as an authentication method, then MFP will authenticate the U.USER using an

external authentication server. The TOE authorizes U.USER according to the identification &

authentication result.

Network Access Control

The TOE provides a network access control function to control ports and protocols used in

network protocol services provided by the MFP. Through this function,

U.ADMINISTRATOR can control access from network by enabling/disabling or altering

port numbers of various protocols. The TOE also provides IP filtering /MAC filtering

functions to control access from network.

Security Management

The TOE provides a management function to manage security functions (e.g. security audit,

image overwrite, etc.) provided by the TOE. Through this function, U.ADMINISTRATOR

can enable/disable security functions, manage TSF data and the security attributes, and

maintain security roles.

Security Audit

The TOE stores and manages internal events occurring in the TOE. Audit logs are stored on

the hard disk drive and can be reviewed or exported by U.ADMINISTRATOR through the

remote user interface.

Image Overwrite

The TOE provides an image overwrite function to securely delete temporary files and job

files (e.g. printing, copying, scanning, and faxing jobs). This function is classified as two

functions: automatic image overwriting and manual image overwriting.

U.ADMINISTRATOR can execute the image overwriting function only through the local

user interface.

Data Encryption

The TOE provides a data encryption function to protect data (e.g. job information,

configuration information, audit logs, etc.) stored on the hard disk drive from unauthorized

access.

Fax Data Control

The TOE provides a fax data control function to examine fax image data formats (MMR, MR,

or MH of T.4 specification) received via the PSTN port and check whether received data is

suitable.

Self-testing

The TOE provides a self-testing function to verify the TSF’s correct operation and the

integrity of TSF data and executable code.

Secure Communication

Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series

The TOE provides a trusted channel between itself and another trusted IT product to protect

user data or TSF data that are transmitted or received over network.

1.4 TOE Description

This section provides detailed information for the TOE evaluator and latent customer about TOE

security functions. It includes descriptions of the physical scope and logical scope of the TOE.

1.4.1 TOE Operational Environment

In general, the TOE can be used in a wide variety of environments, which means each environment

may place a different value on the assets, make different assumptions about security-relevant factors,

face threats of differing approaches, and be subject to different policy requirements.

The TOE is operated in an internal network protected by a firewall. U.USER is connected to the TOE

and may perform jobs that are allowed.

Figure 1: Operational Environment of the TOE

The TOE is intended to operate in a network environment that is protected by a firewall from external

malicious attacks, and with reliable PCs and authenticated servers. U.USER is able to access the TOE

by using local user interface (LUI) or remote user interface (RUI). The LUI is designed to be accessed

by U.USER. The U.USER can operate copy, scan, and fax functions through the LUI. In the case of a

scanning job, U.USER can operate the scanning job using the LUI and transfer the scanned data to a

certain destination by email addresses and servers. U.USER can also use their PCs to print out

documents or to access the TOE through the internal network. U.ADMINISTRATOR can

enable/disable Automatic Image Overwrite; start/stop Manual Image Overwrite, and change a

Password via the LUI. U.ADMINISTRATOR can access TOE through the RUI using a web browser

through IPSec protocol. If IPSec is not configured in the TOE, all of network connection would be

blocked. From there, U.ADMINISTRATOR can add/change/delete user accounts, change the

U.ADMINISTRATOR’s ID and password, review the security audit service, and download the

Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series

security audit report. The U.USER’s account information that requires asking for internal

authentication by TOE can be stored on the hard disk drive of the TOE. All of the information stored

on the hard disk drive is protected by the TOE. In the case of external authentication using Kerberos,

LDAP, SMB server, the external authentication servers will perform the user authentication using

database of authentication server. The authentication server is assumed to be protected from external

environmental space.

Mail server

The SMTP (Simple Mail Transfer Protocol) server is used for e-mail transmission.

File server

The FTP server and SMB server is used for storage devices of received fax and scan data from the

TOE.

Authentication server

There are several external authentication servers: Kerberos, LDAP, and SMB servers. The

authentication server identifies and authenticates the U.NORMAL if external authentication mode is

enabled by U.ADMINISTRATOR.

PC

A computer for U.USER to access TOE if it is connected to the LAN and U.USER can remotely

operate the TOE from the client computer. A web browser allows U.ADMINISTRATOR to connect

to the TOE to use security management functions (e.g., audit log review, network access control, etc.)

and allows U.NORMAL to use basic functions (e.g., print information, etc.). Note that U.USER shall

set the IPSec configuration to connect the TOE. U.USER can install the printer driver to print out the

documents.

1.4.1.1 General Specification for TOE

Table 1: General Specification for TOE

Model

X4220

X4250

X4300

X401

K4250

K4350

K401

Color

/Mono

Color

Mono

PPM

22ppm

25ppm

30ppm

29ppm

25ppm

30ppm

29ppm

Processor

Chorus4N (Dual Core : Cortex-A9 1000MHz, ARM9 250MHz)

RAM

DDR3 2,048MB

ROM

NAND 128MB

Interface

High-Speed USB 2.0 Host, High-Speed USB 2.0 Peripheral,

Ethernet 10/100/1000 Base TX

FAX

Option Kit, ITU-T G3, Super G3, 33.6 Kbps, MH/MR/MMR/JBIG

HDD

SATA2 320 GB

Display

10.1”1024 x 600 WSVGA TFT Color Graphic LCD with Touch Screen, 24 bit color

Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series

1.4.2 Non-TOE Hardware/Software required by the TOE

1.4.2.1 Non-TOE Hardware

Table 2: Non-TOE Hardware

Item

Objective

Mail server

The SMTP (Simple Mail Transfer Protocol) server is used for e-mail

transmission. In the TOE, the mail server can be used for the following

services; scan to email, received fax forward and email notification.

File server

The FTP server and SMB server is used for storage devices of received

fax and scan data from the TOE.

Authentication

server

There are several authentication servers: Kerberos, LDAP, and SMB

servers. The authentication server identifies and authenticates

U.NORMAL if external authentication mode is enabled by

U.ADMINISTRATOR.

A computer for U.USER to access TOE if it is connected to the LAN and

U.USER can remotely operate the TOE from the client computer. A web

browser allows U.ADMINISTRATOR to connect to the TOE to use

security management functions (e.g., audit log review, network access

control, etc.) and allows U.NORMAL to use basic functions (e.g., print

information, etc.).

Note that U.USER shall set the IPSec configuration to connect the MFP.

U.USER can install the printer driver to print out the documents.

•System Requirement

- Operating System : Windows®7 32bit/64bit

- CPU :Intel®Pentium®IV 1 GHz 32-bit or 64-bit processor or higher

- RAM : 1 GB

- Free HDD space: 16 GB

1.4.2.2 Non-TOE Software

Table 3: Non-TOE Software

Item

Objective

Web browser

Web browser that serves communication between U.ADMINISTRATOR/U.NORMAL’s

PC and TOE.

- Internet Explorer 7.0

- Internet Explorer 8.0

Printer driver

Printer driver application software for U.USER to install in their PC. U.USER can

configure properties and start printing jobs through this printer driver.

IPSec

IPSec provides secure communication between the TOE and the other trusted IT product

to protect communicated data from modification or disclosure.

- Confidentiality : 3DES(168bit) or AES(128bit)

- Integrity: SHA-1(160bit)

- Key Exchange: DH-Group

MODP 1024/1536/2048/3072/4096/6144/8192

Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series

1.4.3 Physical Scope

This section describes physical scope of the TOE. The physical scope of the TOE is MFP itself. The

TOE is consists of the following components; UI (Operational Panel), DADF Engine, Flatbed Engine,

Fax Modem, Main Control Board, Power Unit, USB Port, Network Unit, Finisher, Optional Tray, and

HDD.

Figure 2: Physical Structure of MFP

UI (Operation Panel)

The UI (Operational Panel) is a user interface installed on the TOE. UI is consists of UI control board,

power button, LED indicators, and a TFT LCD touch screen. The UI control board manages the LUI

(Local User Interface) operation and display. U.USER can operate the MFP through LCD touch

screen and button. LED indicators show the current status of TOE.

DADF Engine

A DADF (Duplexing Automatic Document Feeder) Engine controls the DADF features. It scans both

sides in one pass. The advantage of the DADF is faster speed for two-sided originals.

Flatbed Engine

A Flatbed Engine controls the flatbed scanner components. A flatbed scanner is composed of a glass

platen, fixed mirror, moving optical array in CCD (Cold Cathode Fluorescent) scanning.

Fax Modem

Fax Modem controls the function for connection to a PSTN. It sends and receives the fax data.

Main Control Board

Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series

The Main Control Board consists of processor, RAM, Flash ROM, and NVRAM. It communicates the

information with other part of TOE to control the MFP.

Power Unit

A Power Unit provides the electric energy to operate the Engine Units and Control Boards.

USB Port

The USB port is an external interface to communicate with universal serial bus. U.USER can directly

print/scan the documents using USB port.

Network Unit

The Network Unit is an external interface to an Ethernet.

Finisher

A Finisher performs post-printing actions, such as stapling, hole-punching, folding, or collating.

Optional Tray

The Optional Tray automatically takes paper.

HDD

The HDD is a hard disk drive that is a non-volatile memory. The HDD removal is prevented by the

design of the system.

The physical scope of the TOE is as follows:

1) The physical scope of the TOE consists of all hardware and firmware of the MFP.

MFP

Model

X4220, X4250, X4300LX, X401 Series

K4250, K4300, K4350, K401 Series

TOE

version

B6.09

System

Firmware

V6.B6.09

V5.B6.09

Main

Firmware

V11.01.07.09_10-26-2014

XOA

Framework

V1.29.0_01-07-2014

1.16.6_(20140822222122)

Firmware

V5.18.02.09.00_14102520

Boot Rom

V13.00.00.00.62-10-06-2014

File System

FS_V14.02.00.00.60

2) Instructions

- Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350,

K401 Series User’s Guide V1.4

Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series

- Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350,

K401 Series Installation Guide V1.1

Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series

1.4.4 Logical Scope

Figure 2: Logical Scope

1.4.4.1 MFP Basic Functions

Print Function: producing a hardcopy document from its electronic form

Scan Function: producing an electronic document from its hardcopy form

Copy Function: duplicating a hardcopy document

Fax Function: scanning documents in hardcopy form and transmitting them in electronic form over

telephone lines and receiving documents in electronic form over telephone lines and printing them in

hardcopy form

Shared-medium Interfaces: transmitting or receiving User Data or TSF Data between the MFP and

external devices over communications media which, in conventional practice, is or can be

simultaneously accessed by multiple users

Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series

1.4.4.2 TOE Security Functions

The following security functions are provided by the TOE:

Identification & Authentication (TSF_FIA)

The TOE provides two types of user identification and authentication methods. If

U.ADMINISTRATOR configures the local authentication, the MFP will authenticate the

U.USER against an internal database. If U.ADMINISTRATOR selects the external

authentication as an authentication method, then MFP will authenticate the U.USER using an

external authentication server.

U.USER should be identified and authenticated by entering both ID and Password to access

to the TOE management functions. If U.USER fails to login specific times, the system blocks

the session of the U.USER during predefined duration.

U. ADMINISTRATOR can configure Identification & Authentication Policy by using LUI or

RUI.

U. ADMINISTRATOR can also give specific permission for U.USER to only use certain

feature of the machine.

The TOE provides the Common Access Control & TOE Function Access Control based on

the user role assigned to a user group ID by U.ADMINISTRATOR when U.NORMAL

performs read/delete/modify operations on the data owned by U.NORMAL or when

U.NORMAL accesses print/scan/copy/fax functions offered by the MFP.

The TOE shall terminate an interactive session after predefined time interval of user

inactivity.

Network Access Control (TSF_NAC)

The MFP system has a network interface connected to a network. The MFP system can

send/receive data and MFP configuration information and thus is able to configure MFP

settings.

There are a couple of methods to access and communicate with the MFP from outside of the

TOE through the network, and the TOE manages all incoming packets via a network

interface.

1) Protocol and Port Control:

The TOE can only allow protocols and ports configured by U.ADMINISTRATOR.

U.ADMINISTRATOR can configure this information via the LUI or RUI.

2) IP and MAC address filtering:

U.ADMINISTRATOR can make filtering rules for IP addresses and MAC addresses.

After that, packets are only allowed as per the IP filtering rule registered by

U.ADMINISTRATOR.

Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series

Packets via MAC addresses registered by U.ADMINISTRATOR are not allowed.

Security Management (TSF_FMT)

The TOE accomplishes security management for the security function, TSF data, and security

attribute.

Only U.ADMINISTRATOR can manage the security functions through the LUI (Local User

Interface) and RUI (Remote User Interface): security functions can be start and stop by

U.ADMINISTRATOR. The LUI is touch-screen based management service which is

provided by TOE. RUI is web-based management service using HTTP/HTTPS protocol.

TSF data and their possible operations are specified by U.ADMINISTRATOR.

Security attributes can be operated by U.ADMINISTRATOR.

Security Audit Data (TSF_FAU)

The TOE creates an audit record security audit event including job log, security event log,

and operation log. The audit data consist of the type of event, date and time of the event,

success or failure, log out and access of log data.

Only U.ADMINISTRATOR is authorized to view (or export) the audit data but even

U.ADMINISTRATOR shall not delete log data manually.

The TOE protects Security Audit Data stored on the hard disk drive. It prevents any

unauthorized alteration to the Security Audit Data, and when each log events exceeds the

maximum number, the TOE overwrites the oldest stored audit records and generates an audit

record of overwriting.

Image Overwrite (TSF_IOW)

The TOE provides Image Overwrite functions that delete the stored file from the MFP’s hard

disk drive. The Image Overwrite function consists of Automatic Image Overwrite and

Manual Image Overwrite. The TOE implements an Automatic Image Overwrite to overwrite

temporary files created during the copying, printing, faxing and scanning (scan to e-mail,

scan to FTP, and scan to SMB task processes). The image overwrite security function can

also be invoked manually only by U.ADMINISTRATOR through the LUI. Once invoked, the

Manual Image Overwrite cancels all print and scan jobs, halts the printer interface (network),

overwrites the hard disk according to the procedures set by U. ADMINISTRATOR. If there

are any problems during overwriting, the Manual Image Overwrite job automatically restarts

to overwrite the remaining area.

Data Encryption (TSF_NVE)

Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series

The TOE provides an encryption function during the data storage procedure and a decryption

function in the process of accessing stored data from hard disk drive.

The TOE generates cryptographic keys when the TOE is initialized at the first setout the

secret key (256 bits) is used for encrypting and decrypting user data and TSF data that is

stored on the HDD. Access to this key is not allowed to any U.USER including

U.ADMINISTRATOR.

The TSF shall destroy cryptographic keys in accordance with overwriting a used

cryptographic key with a newly generated cryptographic key. Before storing temporary data,

document data, and system data on the HDD of the MFP, the TOE encrypts the data using

AES 256 algorithm and cryptographic key.

When accessing stored data, the TOE decrypts the data using the same algorithm and key.

Therefore, the TOE protects data from unauthorized reading and falsification even if the

HDD is stolen.

Fax Data Control (TSF_FLW)

If the received fax data includes malicious content, it may threaten the TOE asset. To prevent

this kind of threat, the TOE inspects whether the received fax image is standardized with

MMR, MR, or MH of T.4 specification or not before forwarding the received fax image to e-

mail or SMB/FTP. U. ADMINISTRATOR can restrict this forwarding function. When non-

standardized format data are discovered, the TOE destroys the fax image.

Self Testing (TSF_STE)

During initial start-up, the TOE performs self test. Self testing executes TSF function to

verify the correct operation of the HDD encryption function. Also, the TOE verifies the

integrity of the encryption key data and TSF executable code by the self testing.

Secure Communication (TSF_SCO)

The TOE also provides secure communication between the TOE and the other trusted IT

product to protect communicated data from modification or disclosure by IPSec. The network

which connected without IPSec shall not be allowed to communicate with MFP.

Non-TSF Function

TOE includes the local user interface based on Android platform. Although the Android

platform is used to TOE’s user interface, local user interface does not provide any core

Android system application such as Android system setting, Search, Brower, Contacts,

Gallery, and Music. Therefore, U.USER cannot access any core Android system application

and its related setting interfaces.

Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series

1.5 Conventions

This section describes the conventions used to denote Common Criteria (CC) operations on

security functional components and to distinguish text with special meaning. The notation,

formatting, and conventions used in this ST are largely consistent with those used in the CC.

Four presentation choices are discussed here.

Refinement

The refinement operation is used to add detail to a requirement, and, thus, further restricts

a requirement. Refinement of security requirements is denoted by bold text.

Selection

The selection operation is used to select one or more options provided by the CC in

stating a requirement. Selections are denoted by underlined italicized text.

Assignment

The assignment operation is used to assign a specific value to an unspecified parameter

such as the length of a password. Showing the value in square brackets

[assignment_value(s)] indicates an assignment.

Iteration

Iterated functional components are given unique identifiers by appending to the

component name, short name, and functional element name from the CC an iteration

number inside parenthesis, for example, FIA_AFL.1 (1) and FIA_AFL.1 (2).

The following is notational conventions used by the PP:

ThefollowingprefixesinTable4areusedtoindicatedifferententitytypes:

Table 4: Notational Prefix Conventions

Prefix

TypeofEntity

User

Data

Function

Threat

Policy

Assumption

Objective

OE.

Environmentalobjective

Securityattribute

The following is an additional convention used to denote this Security Target:

ApplicationNote

Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series

Application note clarifies the definition of requirement. It also can be used when an

additional statement except for the four presentations previously mentioned. Application

notes are denoted by underlined text.

This manual suits for next models

Table of contents

Other Samsung Printer manuals

Samsung

Samsung ML-2250 Series Owner's manual

Samsung

Samsung ML-4550 Series User manual

Samsung

Samsung CLP-670ND User manual

Samsung

Samsung ML-3312 Series User manual

Samsung

Samsung SRP-350 Bixolon User manual

Samsung

Samsung ProXpress M4530NX User manual

Samsung

Samsung CLP-775ND User guide

Samsung

Samsung Xpress M2020W User manual

Samsung

Samsung Lazett Combo SCX-4216F User manual

Samsung

Samsung CLP 350N User manual

Samsung

Samsung ML-4550 Series User manual

Samsung

Samsung CLP 300N - Network-ready Color Laser Printer User manual

Samsung

Samsung ProXpress M458x Series User manual

Samsung

Samsung ML-4550 Series User manual

Samsung

Samsung 500N - CLP Color Laser Printer Instruction Manual

Samsung

Samsung SRP-350 Bixolon User manual

Samsung

Samsung ML-3050 Series User manual

Samsung

Samsung ML-3312ND User manual

Samsung

Samsung ML 1630 - B/W Laser Printer User guide

Samsung

Samsung ML-2855ND-TAA - Monochrome Laser Printer Taa User manual

Samsung

Samsung Color & Monochrome Laser Printers & MFPs User manual

Samsung

Samsung ML ML-2510 User manual

Samsung

Samsung CLP-36x Series User manual

Samsung

Samsung CLP-36 Series User manual

Popular Printer manuals by other brands

Sagem

Sagem PHOTO EASY 160 user guide

Toshiba

Toshiba TRST-A15 SERIES owner's manual

CognitiveTPG

CognitiveTPG A776 ColorPOS Specifications

Lexmark

Lexmark C720 SERIES Setup guide

Xprinter

Xprinter R330H Service manual

Tektronix

Tektronix Phaser 780 Color supplementary guide

Datamax-ONeil

Datamax-ONeil RL3 user guide

Printekmobile

Printekmobile I-820 Operator's manual

Canon

Canon MG2900 Series Getting started

MIMAKI

MIMAKI UJF-7151 plus Operation manual

Xerox

Xerox Phaser 7750 Quick reference guide

Canon

Canon BJC-4000 Service manual

Canon

Canon PIXMA MG5350 Getting started

Triumph Adler

Triumph Adler CLP 4630 Instruction handbook

Intermec

Intermec EasyCoder PX6i quick start guide

MF DIGITAL

MF DIGITAL PicoJet 6000 Setup guide

DCA Intertel

DCA Intertel JP 215 Technical manual

Canon

Canon MX490 Series Quick Help Guide