Specifications
Print Controller Design Guide for Information Security:
Page 15 of 92
Remote Firmware Installation
• In addition to using an SD card, it is also possible to update the firmware by transmitting the firmware
files to the MFP/LP via a remote connection. Since these files are transmitted over public Internet
communication paths in some cases, routed through multiple servers before reaching their destination,
it is necessary to use the authentication process described above for remote update as well. The
process for remote updates is virtually the same as that for the SD card-based update described above,
with the following differences:
• Remote headers are attached to the digital signature before sending the files to the MFP/LP. If the
update is interrupted for some reason, e.g. a power cut before the update is completed, it is possible to
retry the update by resending the file.
• There are three main scenarios in which a remote firmware update is performed, the process for which
is the same (see illustrations below). In addition, all of the security features described above are used
in each case.
The update is performed by a customer engineer (CE) in the field via a PC
The update is performed using the @Remote function, normally by an individual with access rights
to the @Remote Center GUI
The update is performed via Web SmartDeviceMonitor for Admin for Admin, usually by the end user
Digital
signature
Program
5. Generate MD1
using SHA-1
MD1
MD2
Public key
6. Decryption
7. Compare
MD and MD2
If MD1 ≠ MD2
Update process is cancelled and
new firmware is not installed
If MD1 = MD2
3. Verification of firmware version
8. Firmware is overwritten
with new files
2. Verification of model and target
machine functions (Copier, Printer, etc.)
Ricoh license server
Digital signature
2. Generate
digital signature
Program
1. Generate MD
using SHA-1
MD
Private key
3. Download
1. Check remote headers to confirm that a
remote update is being requested
Ricoh distribution server
Client PC
4. Files are sent
Program + digital
signature
Digital
signature
Remote Firmware Installation Performed by a CE
(from a client PC)