Specifications
Print Controller Design Guide for Information Security:
Page 18 of 92
• Before authentication at the MFP/LP operation panel can be performed, uses must be
pre-registered in the MFP/LP. The communication path can be encrypted using SSL, however for
environments that do not support SSL protocol, the password itself is encrypted using an
encryption key specified by the Administrator. To do this, however, the Printer/Scanner option must
be installed.
• To minimize the impact of brute-force attacks, the MFP/LP will delay sending the authentication
results back to the originator in cases where authentication has failed.
• The information for performing the authentication of administrators is encrypted and then stored in
the MFP/LP in non-volatile memory. Therefore, it is always possible to perform authentication on
administrators even when a failure occurs with the MFP/LP HDD or one or more of the external
authentication servers is down.
• With Windows Authentication, NTLM Authentication is performed with the specified domain
controller, after which an attempt is made to establish an LDAP connection with the active directory.
The email address, FAX number and GUID are then obtained for users who successfully clear the
authentication. The same NTLM Authentication process is performed for LDAP Authentication as
well, after which an LDAP search is performed to obtain the user’s email address, FAX number and
GUID.
Active sessions will expire under the following conditions:
When the “Logout” button is pressed in User Tools
When the “Logout” hard key is pressed (on MFPs/LPs that have this key)
When the MFP/LP enters Low-power Mode or Energy Saver Mode
After a pre-determined amount of time has passed (automatic logout)
LAN
PC
Job + authentication
information
Authentication
or LDAP server
Windows Server
Active Directory
Authentication information
(input from operation panel)
Windows Authentication, LDAP Authentication