Specifications
CRP-C0036-01
7
1.5.4 Security Functions
Security functions of the TOE are as follow.
HDD Data Encryption
The TOE generates 168-bit Triple DES cryptographic keys using the Canon iR
cryptographic key generation algorithm. Whenever writing image data to the HDD, the
TOE uses a FIPS PUB 46-3-compliant 168-bit Triple DES algorithm for encryption of
the image data. Whenever reading out image data from the HDD, the TOE uses a FIPS
PUB 46-3-compliant 168-bit Triple DES algorithm for decryption of the image data.
The TOE destroys cryptographic keys using the Canon iR cryptographic key
destruction method.
HDD Data Complete Erase
When a document is deleted from an inbox, the TOE clears the corresponding image
data from the HDD. When the Copy, Print, Fax Reception or Universal Send function is
executed, the TOE creates temporary image data on the HDD and clears it at the
completion of the function. When performing a complete image data erase, the TOE
overwrites the corresponding disk space with meaningless data so as to clear the image
data. The TOE clears any residual temporary image data left on the HDD at the
request of the System Manager or at startup time (i.e. when the multifunction product
is powered on). This is accomplished by overwriting the corresponding disk space with
meaningless data.
Inbox User Identification and Authentication
The TOE requires any user attempting to access a password-protected inbox to provide
the password for the inbox before allowing access (unless the user is trying to add
image data there). If the inbox is not protected with a password, then the TOE does not
require input of a password. The TOE identifies and authenticates the user as an
authorized user of the inbox and displays the Inbox Operation Screen, only after
verifying that the user-given password is the correct inbox password. Once authorized,
the user, if accessing from the Control Panel, is maintained by the TOE as an
authorized inbox user until the user returns to the Inbox Selection Screen from the
Inbox Operation Screen. In contrast, if the user is accessing from the Remote UI, the
TOE maintains the user as an authorized inbox user until some operation is attempted
on a different inbox or the Web browser is closed. If an incorrect inbox password is
entered through the Control Panel or the Remote UI, the TOE imposes a 1-second wait
time before redisplaying the Password Entry Screen.
Inbox Management
The TOE restricts the right to modify and clear (remove) an inbox password only to
authorized inbox users and the System Manager. The TOE gives the System Manager
the ability to modify and clear any inbox’s password using the Control Panel. The TOE
gives authorized inbox users the ability to modify and clear their inbox passwords
using the Control Panel or the Remote UI. The TOE limits the inbox password to a
7-digit number. If a password-protected inbox is re-registered with no password
defined, the TOE removes the current password from the inbox.
System Manager Identification and Authentication
The TOE requires any user attempting to perform System Manager actions using the
TOE to provide the correct System Manager ID and System Password in order to be
identified and authenticated as the System Manager. At this time, if the Department
ID Management function is active on the multifunction product, the System Manager
Identification and Authentication function is invoked before allowing the user to
operate the multifunction product via the Control Panel or the Remote UI. If the