Specifications
Print Controller Design Guide for Information Security:
Page 88 of 92
24. Data Security Considerations
Preventing the Installation of Illegal Applications
• The following are used to prevent the installation of illegal SDK applications or altering of
authorized SDK applications already installed in the MFP/LP:
Product ID (comprised of a vendor code, country code and code representing the application
type)
SDK Authentication (Types 1 and 2)
Digital Authentication (Type 2)
• When the Vendor begins developing an SDK application for installation on the MFP/LP, a contract
is created between the Vendor and Ricoh. In addition to the necessity for strict confidentiality of
information, this contract also specifies the scope of responsibilities regarding product quality, as
well as all the details of sales-related agreements made between both sides.
• Having agreed to the terms of the contract, the Vendor requests Ricoh to assign and provide a
product ID for the proposed application. In addition to being a completely unique number by which
the Vendor can be identified should the need arise, the product ID is also used by the Vendor to
create an installation directory for the SDK application and by Ricoh to authenticate the application
through SDK Authentication. As explained below, without the correct product ID, there is no way to
install the SDK application on the MFP/LP.
• The MFP/LP is designed so that each SDK application, once authenticated, is installed in its own
unique directory. This ensures that the objects, data files and other contents of one SDK application
can never be overwritten or accessed by another.
Authentication of SDK Applications at Installation
The following two processes are performed in order to authenticate SDK applications, which ensures that
only authorized applications can be installed in the MFP/LP, as well as to control the range of operations
and access of the applications once installed.