Specifications
CRP-C0036-01
3
Control Software
(software: TOE)
Remote UI Contents
(software: TOE)
Pre-installed MEAP App
(software: TOE)
Optional MEAP App
(software: outside
TOE)
Controller (hardware: outside TOE)
Scan Engine/ADF
(hardware: outside TOE)
Printer Engine
(hardware: outside TOE)
Control Panel
(hardware: outside TOE)
Note: The cross-hatched portion indicates the scope of the TOE.
Figure 1-2: TOE boundary on the multifunction product
The security functions of the TOE are; HDD Data Encryption, HDD Data Complete
Erase, Inbox User Identification and Authentication, Inbox Management, System
Manager Identification and Authentication, System Manager Management, and secure
communication (Remote UI).
The following provides an operational overview of these TOE security functions.
Copy, Send (Universal Send), Fax Reception, Print
When a regular user operates the multifunction product to perform the Copy, Send
(Universal Send), Fax Reception (for receiving faxes/I-faxes) or Print function,
temporary image data is created and encrypted on the HDD of the multifunction
product. Encrypted temporary image data is decrypted when read out by a user
operation, and it is erased from the HDD by being overwritten with meaningless data
at the completion of the operation. Encryption, decryption and overwrite erase of
temporary image data are performed silently in the background, without bothering the
TOE user. (Related security functions:
HDD Data Encryption
,
HDD Data Complete
Erase
)
Mail Box, Fax Reception
When a regular user operates the multifunction product to perform the Mail Box
function (for saving scanned documents or documents printed from the PC) or Fax
Reception function (for “in-memory reception” or forwarding of faxes/I-faxes),
encrypted image data is created in the appropriate inbox on the multifunction product,
and it can be accessed from the Inbox Selection Screen by selecting its containing inbox.
This inbox-stored image data is decrypted when it needs to be read out by a user
operation, and if it is selected for deletion, it is erased from the inbox by being
overwritten with meaningless data at the completion of the operation. Encryption,
decryption and overwrite erase of inbox-stored image data are all done silently in the
background, without bothering the TOE user. (Related security functions:
HDD Data
Encryption
,
HDD Data Complete Erase
)
Inbox Password-based Document Management
A regular user can set a password on any desired inbox by operating the Control Panel
of the multi function product or the Remote UI. When such a password-protected inbox
is selected in the Inbox Selection Screen, the accessing user is required to provide the
password for that inbox. If successfully authorized, the user is granted access and
allowed to use any image data stored in the inbox.
Image data stored in the inbox can be previewed using the Remote UI, and image data
transmissions exchanged between the user’s Web browser and the multifunction
product over the Remote UI communication path are protected by SSL.
(Related security functions:
Inbox Management,
Inbox User Identification and
Authentication, Secure Communication (Remote UI)
)
Inbox Password Management
A regular user who is authenticated as an authorized user of an inbox can modify or