Specifications

ManualsBrandsMinolta ManualsPrinterDi3510

Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target

1/78

Di3510 Series/Di3510f Series

Multi-Function Peripheral Security Kit

Security Target

Version: 1.18

Issued on: June 4, 2004

Created by: KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.

This document is a translation of the security target written in Japanese

which has been evaluated and certified. The Japan Certification Body

has reviewed and checked it.

Summary of content (78 pages)

PAGE 1
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target Di3510 Series/Di3510f Series Multi-Function Peripheral Security Kit Security Target This document is a translation of the security target written in Japanese which has been evaluated and certified. The Japan Certification Body has reviewed and checked it. Version: 1.18 Issued on: June 4, 2004 Created by: KONICA MINOLTA BUSINESS TECHNOLOGIES, INC. Copyright © 2004 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.
PAGE 2
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target Date Ver. 1.00 1.01 1.02 1.03 1.04 1.05 1.06 1.07 Approved by Ishida Ishida Ishida Ishida Ishida Ishida Ishida Ishida Checked by Hashimoto Hashimoto Hashimoto Hashimoto Hashimoto Hashimoto Hashimoto Hashimoto Created by Nakayama Nakayama Nakayama Nakayama Nakayama Nakayama Nakayama Nakayama 07/31/2003 08/28/2003 09/02/2003 09/05/2003 09/12/2003 10/06/2003 11/12/2003 11/28/2003 12/12/2003 1.
PAGE 3
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target ---- (Table of Contents) ----------------------------------------------------------------1. ST Introduction................................................................................................................... 6 1.1. ST Identification .......................................................................................................... 6 1.2. TOE Identification..............................................
PAGE 4
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target 5.2.1.2. Identification and Authentication ................................................................ 43 5.2.1.3. Security management................................................................................... 43 5.2.2. Security assurance requirements for the IT environment................................... 43 6. TOE Summary Specification........................................................................
PAGE 5
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target ---- (Figure List) ------------------------------------------------------------------------Figure 1 An example of the expected environment for usage of the MFP ........................... 10 Figure 2 Hardware structure of the MFP .............................................................................. 12 Figure 3 Structure of the MFP control software components ...............................................
PAGE 6
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target 1. ST Introduction 1.1. ST Identification • ST Title • Version • CC version • Created on • Created by : Di3510 Series/Di3510f Series1, Multi-Function Peripheral Security Kit, Security Target : 1.18 : 2.1 : June 4, 2004 : KONICA MINOLTA BUSINESS TECHNOLOGIES, INC. 1.2.
PAGE 7
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target • References - Common Criteria for Information Technology Security Evaluation Part 1: Introduction and general model version 2.1 August 1999 CIMB-99-031 - Common Criteria for Information Technology Security Evaluation Part 2: Security functional requirements Version 2.1 August 1999 CCIMB-99-032 - Common Criteria for Information Technology Security Evaluation Part 3: Security assurance requirements Version 2.
PAGE 8
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target 1.5. Terminologies In this section, terminologies that have a particular meaning in the present ST will be described. Job Operational unit for a series of functions in the MFP, such as the copying function, scanning function, printing function, faxing function, etc. Secure Print A form of printing when printing from a client PC.
PAGE 9
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target Access Check Function A function for which the operation setting is controlled by the administrator.
PAGE 10
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target 2. TOE Description 2.1. TOE Type The Di3510 Series/Di3510f Series Multi-Function Peripheral Security Kit that is the TOE is a software product that comprises a portion of the MFP control software that is loaded on the MFP.
PAGE 11
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target to block access requests to the MFP from the external network is carried out. In addition, the intraoffice LAN provides a network environment where the communication data between the MFP and the client PC cannot be intercepted, by using a switching hub and office operation.
PAGE 12
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target 2.4. Operational environment of the TOE 2.4.1.
PAGE 13
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target MFP control software Operation Panel Controller Modular Input Output SCANNER Driver PRINTER Driver G3 FAX EP-NET Network Module User Interface Application Macro System Controller System Manager VxWorks （OS ）： TOE Figure 3 Structure of the MFP control software components • VxWorks (OS) Basic software component required for the MFP control software to operate. An operating system.
PAGE 14
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target • Network Module (abbr. NM) A software component that is a target of evaluation in this ST. By responding to operation requests from the client PC, it receives the data that the “Modular Input Output” received from the network with a designated protocol (HTTP, IPP, MIB), and processes and control the data.
PAGE 15
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target Modular Input Output Operation Panel Controller Network Module User Interface General User functions General User functions Macro System Controller >User box function >Other miscellaneous setting functions Administrator function (PC) System Manager >Copying function >Printing function >Scanning function >Faxing function >Internet fax function >Other miscellaneous setting functions Administrator functions (panel) Vx
PAGE 16
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target (2) Printing function When print data is transmitted to the MFP using the printer driver of the client PC, the MFP prints the received print data. The printing function includes the following printing method. 1) Normal print A print function that prints the received print data via the MFP memory as is.
PAGE 17
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target (5) Internet fax function A function that receives and prints Internet faxes (e-mail with a standard attached image format). Also, it is a function that converts the scanned image data in the MFP to an attachment in an Internet Fax standard image compression format and sends an e-mail.
PAGE 18
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target (2) Administrator functions (PC) • Deletion of user box data • Deletion of user box • Change in settings for a user box (name change, password change) • A variety of setting functions for the administrator (setting of the storage period for user box data, a variety of settings for a network, settings for limiting the number of copies, settings for date and time, etc.) 2.5.3.
PAGE 19
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target ¾ Identification and authentication that allows access by a general user to a secure print job A function that identifies and authenticates that a general user is a valid user for secure print job information data when the secure print job information data is printed. After failing three times at authentication it locks the authentication function for the concerned secure print job information data and access is denied.
PAGE 20
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target 2.6.2. Security functions for the administrator functions There are management functions that involve assets to be protected from among the administrator functions. The access to this administrator function including the management function is limited to those authenticated by the administrator mode password, by using a password that could only be known by the administrator.
PAGE 21
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target 3. TOE Security Environment This chapter will describe the assumptions, threats, and organisational security policies. 3.1. Assumptions The present section identifies and describes the assumptions for the environment for using the TOE. A.ACCESS-CHECK (Operation setting conditions for the access check function) The user of the MFP uses the MFP under the condition of a setting in which the access check function always runs.
PAGE 22
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target 3.2. Threats In this section, threats that are expected during the use of the TOE and the environment for using the TOE are identified and described. T.
PAGE 23
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target 4. Security Objectives In this chapter, in relation to the assumption, the threat and the organisational security policy identified in Chapter 3, the required security objectives policy for the TOE and the environment for the usage of the TOE is described by being divided into the categories of the security objectives of the TOE and the security objectives for the environment, as follows. 4.1.
PAGE 24
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target 4.2.2. Non-IT environment security objective OE-N.ACCESS-CHECK (operation of the access check function) The administrator shall always use the TOE with the access check function turned on. OE-N.ADMIN (reliable administrator) The person in charge in the organization who uses the MFP shall assign a person who can faithfully execute the given role during the operation of the MFP with the TOE as an administrator. OE-N.
PAGE 25
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target OE-N.SERVICE (reliable service engineer) The person in charge of the organization that carries out the maintenance management of the MFP shall assign a person who will faithfully carry out the given role for the installation of the TOE and the maintenance of the MFP with the TOE as a service engineer. OE-N.
PAGE 26
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target 5. IT Security requirements In this chapter, the TOE security requirements and IT environment security requirements are described. 5.1. TOE security requirements 5.1.1. TOE security function requirements The security function requirements required for the TOE are described. Those regulated in CC Part 2 shall be directly used for all the functional requirements components , and the same labels shall be used as well.
PAGE 27
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target FDP_ACF.1 Security attribute based access control FDP_ACF.1.1 The TSF shall enforce the [assignment: access control SFP] to objects based on [assignment: security attributes, named groups of security attributes]. [assignment: security attributes, named groups of security attributes]: User box identifier [assignment: access control SFP]: User box access control FDP_ACF.1.
PAGE 28
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target 5.1.1.2. Identification and authentication FIA_AFL.1[1] Authentication failure handling FIA_AFL.1.1[1] The TSF shall detect when [assignment: number] unsuccessful authentication attempts occur related to [assignment: list of authentication events]. [assignment: list of authentication events]: Authentication of administrator [assignment: number]: 3 FIA_AFL.1.
PAGE 29
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target [assignment: number]: 3 FIA_AFL.1.2[3] When the denied of unsuccessful authentication attempts has been met or surpassed, the TSF shall [assignment: list of actions]. [assignment: list of actions]: Unless the following operation to recover the normal condition is carried out, the authentication function is locked for the general user who is a valid user of the user box.
PAGE 30
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target Exact 8-digit number (0 to 9). Hierarchical to: No other components Dependencies: No dependencies FIA_SOS.1[3] Verification of secrets FIA_SOS.1.1[3] The TSF shall provide a mechanism to verify that the service code meets [assignment: a defined quality metric]. [assignment: a defined quality metric]: Exact 8-digit number (0 to 9) or “*” or “#.” Hierarchical to: No other components Dependencies: No dependencies FIA_UAU.
PAGE 31
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target The TSF shall re-authenticate the user under the conditions [assignment: list of conditions under which re-authentication is required]. [assignment: list of conditions under which re-authentication is required] • Change administrator mode password. • Change service code. Hierarchical to: No other components Dependencies: No dependencies FIA_UAU.7 Protected authentication feedback FIA_UAU.7.
PAGE 32
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target 5.1.1.3. Security management FMT_MOF.1 Management of security functions behaviour FMT_MOF.1.1 The TSF shall restrict the ability to [selection: determine the behaviour of, disable, enable, modify the behaviour of] the functions [assignment: list of functions] to [assignment: the authorised identified roles].
PAGE 33
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target General user who creates the user box Hierarchical to: No other components Dependencies: FMT_MSA.1 (FMT_MSA.1), FMT_SMR.1 (FMT_SMR.1[4]) FMT_MTD.1[1] Management of TSF data FMT_MTD.1.1[1] The TSF shall restrict the ability to [selection: change_default, query, modify, delete, clear, [assignment: other operations]] the [assignment: list of TSF data] to [assignment: the authorised identified roles].
PAGE 34
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target The TSF shall restrict the ability to [selection: change_default, query, modify, delete, clear, [assignment: other operations]] the [assignment: list of TSF data] to [assignment: the authorised identified roles].
PAGE 35
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target Table 2 List of security management functions N/A: Not Applicable Functional requirement components FDP_ACC.1 FDP_ACF.1 Management items listed in CC Part 2 There are no management activities foreseen for this component. The following actions could be considered for the management functions in FMT: a) Managing the attributes used to make explicit access or denial based decisions. FIA_AFL.
PAGE 36
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target Functional requirement components FIA_AFL.1[4] FIA_SOS.1[1] FIA_SOS.1[2] FIA_SOS.1[3] FIA_UAU.2[1] FIA_UAU.2[2] FIA_UAU.2[3] FIA_UAU.
PAGE 37
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target Functional requirement components FIA_UAU.6 FIA_UAU.7 FIA_UID.2[1] FIA_UID.2[2] FIA_UID.2[3] FIA_UID.2[4] FMT_MOF.1 FMT_MSA.1 FMT_MSA.3 MFT_MTD.1[1] FMT_MTD.1[2] Management items listed in CC Part 2 The following actions could be considered for the management functions in FMT. If an authorised administrator could request re-authentication, the management includes a re-authentication request.
PAGE 38
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target Functional requirement components FMT_MTD.1[3] FMT_MTD.1[4] FMT_MTD.1[5] FMT_SMF.1 FMT_SMR.1[1] FMT_SMR.1[2] FMT_SMR.1[3] FMT_SMR.1[4] FPT_RVM.1 FPT_SEP.1 Management items listed in CC Part 2 The following actions could be considered for the management functions in FMT Management: a) Managing the group of roles that can interact with the TSF data.
PAGE 39
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target Hierarchical to: No other components Dependencies: FIA_UID.1 (FIA_UID.1[2]) FMT_SMR.1[2] Security roles FMT_SMR.1.1[2] The TSF shall maintain the roles [assignment: the authorised identified roles]. [assignment: the authorised identified roles]: Administrator FMT_SMR.1.2[2] The TSF shall be able to associate users with roles. Hierarchical to: No other components Dependencies: FIA_UID.1 (FIA_UID.2[3]) FMT_SMR.
PAGE 40
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target The TSF shall maintain a security domain for its own execution that protects it from interference and tampering by untrusted subject. FPT_SEP.1.2 The TSF shall enforce separation between the security domains of subjects in the TSC. Hierarchical to: No other components Dependencies: No dependencies 5.1.2. Minimum Security Strength of Function The minimum strength of function level of the TOE is SOF-Basic.
PAGE 41
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target 5.2. Security requirements for the IT environment The security function requirements required for the IT environment are described. Those regulated in CC Part 2 shall be directly used for all the functional requirements components, and the same labels shall be used as well. In the following description, when items are indicated in “italic” and “bold” it means that they are assigned or selected.
PAGE 42
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target FDP_ACF.1[E] Security attribute based on access control FDP_ACF.1.1[E] System Manager shall enforce the [assignment: access control SFP] to objects based on [assignment: security attributes, named groups of security attributes]. [assignment: security attributes, named groups of security attributes]: Job ID [assignment: access control SFP]: Secure print job access control FDP_ACF.1.
PAGE 43
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target 5.2.1.2. Identification and Authentication FIA_SOS.1[E] Verification of secrets FIA_SOS.1.1[E] Printer driver of the client PC shall provide a mechanism to verify that the secure print password meets [assignment: defined quality metric]. [assignment: defined quality metric]: 4-digit number (0 to 9) Hierarchical to: No other components Dependencies: No dependencies 5.2.1.3. Security management FMT_MSA.
PAGE 44
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target 6. TOE Summary Specification 6.1. TOE Security Functions The security functions of the TOE satisfy, as shown in Tables 5 and 6 below, all the TOE security function requirements described in the previous chapter. Table 5 Security function name and identifier for TOE Identifier F.ADMIN F.SECURE-PRINT F.SERVICE F.
PAGE 45
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target F.USER-BOX F.SERVICE F.SECURE-PRINT TOE Security functional requirement FIA_UID.2[3] FIA_UID.2[4] FMT_MOF.1 FMT_MSA.1 FMT_MSA.3 FMT_MTD.1[1] FMT_MTD.1[2] FMT_MTD.1[3] FMT_MTD.1[4] FMT_MTD.1[5] FMT_SMF.1 FMT_SMR.1[1] FMT_SMR.1[2] FMT_SMR.1[3] FMT_SMR.1[4] FPT_RVM.1 FPT_SEP.1 F.ADMIN TOE Security Function • • • • • • • • • • • • • • • • • • • • • • • • • • • 6.1.1. F.
PAGE 46
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target • For changing a user box password, when an entry of a newly set user box password, and a reentry to prevent an entry error are received, and when both match, the password is replaced for the user box password of the concerned user box. • Checks that the user box password is 4 to 64 digits and ASCII codes 0x20 to 0x7E (a total of 95 types of English one-byte characters and one byte symbols).
PAGE 47
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target • Returns “*” for each character as feedback for the entry of the secure print password. • When the authentication fails three times, it determines that an unauthorized access is being carried out and it locks the authentication function for accessing the secure print job information data. This locked status is released by executing the penalty reset function for the secure print job provided by F.ADMIN.
PAGE 48
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target 6.1.4. F.USER-BOX (User box security function) F.USER-BOX is a security function that identifies and authenticates that a general user’s access to a user box from a client PC is a valid use of the user box data, controls the access to the user box, creates a user box, and manages the setting of the user box. • A user box creation function is provided to general users.
PAGE 49
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target 6.3. Assurance measures The following table shows the assurance measures to meet the component of the TOE security assurance requirements for EAL3 that are stipulated in Table 7.
PAGE 50
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target 7. PP Claims There is no conformance to a PP in this ST. Copyright © 2004 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.
PAGE 51
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target 8. Rationale The justification of the contents regulated in this ST is described. 8.1. Security objectives rationale 8.1.1. Necessity The correspondence between the assumptions, threats and security objectives are shown in the following table. It shows that the security objectives corresponds to at least one assumption or threat. Table 8 Conformity of security objectives to the assumptions and threats T.
PAGE 52
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target 8.1.2. Sufficiency for the assumptions The security objectives for the assumptions are described as follows. • A.ACCESS-CHECK (Operation setting conditions for access check function) This condition assumes that the access check function always operates. OE-N.
PAGE 53
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target • A.NETWORK (network connection conditions for the MFP) This condition assumes that there are no wiretapping activities for the intra-office LAN and no access by an unspecified person from an external network, because of a variety of conditions on the network environment connected to the MFP. OE-N.
PAGE 54
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target 8.1.3. Sufficiency for the threats The security objectives against threats are described as follows. • T.ACCESS-SECURE-PRINT (Unauthorized operation of the secure print job information data) This threat assumes the possibility that secure print job information data is accessed from the operations panel of the MFP body, and the secure print job information data is unlawfully printed.
PAGE 55
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target the download operation of the user box data from the user box, which is the target of access, to only be by the identified and authenticated general user who is a valid user.
PAGE 56
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target 8.2. IT security requirements rationale 8.2.1. Rationale for IT security functional requirements 8.2.1.1. Necessity The correspondence between the security objectives and the IT security functional requirements are shown in the following table. It shows that the IT security functions correspond to at least one security objective. Table 9 Conformity of IT security functional requirements to the security objectives OE.
PAGE 57
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target Security Functional Requirement • FMT_MSA.3 FMT_MTD.1[1] FMT_MTD.1[2] FMT_MTD.1[3] FMT_MTD.1[4] FMT_MTD.1[5] FMT_SMF.1 FMT_SMR.1[1] FMT_SMR.1[2] FMT_SMR.1[3] FMT_SMR.1[4] FPT_RVM.1* FPT_SEP.1* FDP_ACC.1[E] FDP_ACF.1[E] FIA_SOS.1[E] FMT_MSA.3[E] OE.SECURE-PRINT-QUALITY OE.ACCESS-SECURE-PRINT O.I&A-USER O.I&A-SERVICE O.I&A-ADMIN O.ACCESS-SERVICE O.ACCESS-USER-BOX O.
PAGE 58
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target therefore, FIA_UAU.6 re-authenticates that it is an administrator upon use. At this time, FIA_UAU.7 returns “*” for each character as feedback for the entered administrator mode password. In addition, the number of unsuccessful attempts at this reauthentication is also counted by FIA_AFL.
PAGE 59
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target FMT_MSA.1 and FMT_SMF.1 allow general users who are valid users of the user box to change the user box identifier. The role is given by FMT_SMR.1[1] to the general users who are valid users of the user box so that they are allowed to operate the above-described security management function.
PAGE 60
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target By combining this multiplicity of functional requirements, this security objective is realized. • O.I&A-SERVICE (identification and authentication of the service engineer) This security objective regulates the authentication of whether the person who is accessing the service mode is definitely the service engineer, and appropriate conditions upon authentication are required.
PAGE 61
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target If any authentication fails 3 times, FIA_AFL.1[3] determines that it is an unauthorized access and the authentication function for the general user who is the valid user of the user box is locked from thereon. The lock can be released by FMT_MTD.1[5] that is related to O.ACCESS-ADMIN. FMT_MSA.
PAGE 62
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target For this, in accordance with FIA_SOS.1[E], the printer driver of the client PC verifies whether the set secure print password is a 4-digit number. Therefore when the secure print is spooled to the MFP, a 4-digit password is always assigned. This security objective is realized by this functional requirement. 8.2.1.3.
PAGE 63
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target IT Security Functiona; Requirement FMT_MSA.3[E] Functional requirements component that operates other security functional requirements validly (1) Bypass (2) Interference/destruction (3) Deactivation (4) Disabling Prevention prevention prevention detection N/A N/A N/A N/A 1) Bypass prevention TSP execution functions are as follows. 1.
PAGE 64
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target FMT_MOF.1 limits the management of the detection/lock during the detection of an unsuccessful authentication (FIA_AFL.1[1], FIA_AFL.1[2], FIA_AFL.1[3]) and operation of the authentication for accessing a user box (FIA_UAU.2[2]) to the administrator only and FMT_MOF.1 provides a protection against an attack that attempts to deactivate these operations.
PAGE 65
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target Functional requirements Component for this ST FIA_UAU.2[1] Dependencies on CC Part 2 FIA_UID.1 FIA_UAU.2[2] FIA_UID.1 FIA_UAU.2[3] FIA_UID.1 FIA_UAU.2[4] FIA_UID.1 FIA_UAU.6 FIA_UAU.7 None FIA_UAU.1 FIA_UID.2[1] FIA_UID.2[2] FIA_UID.2[3] FIA_UID.2[4] FMT_MOF.1 None None None None FMT_SMF.1 FMT_SMR.1 FDP_ACC.1 or FDP_IFC.1 FMT_SMF.1 FMT_SMR.1 FMT_MSA.1 FMT_SMR.1 FMT_SMF.1 FMT_SMR.1 FMT_SMF.1 FMT_SMR.1 FMT_SMF.
PAGE 66
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target Functional requirements Component for this ST FMT_SMR.1[1] Dependencies on CC Part 2 FIA_UID.1 FMT_SMR.1[2] FIA_UID.1 FMT_SMR.1[3] FIA_UID.1 FMT_SMR.1[4] FIA_UID.1 FPT_RVM.1 FPT_SEP.1 FDP_ACC.1[E] FDP_ACF.1[E] None None FDP_ACF.1 FDP_ACC.1 FMT_MSA.3 None FMT_MSA.1 FMT_SMR.1 FIA_SOS.1[E] FMT_MSA.3[E] Dependencies in this ST FIA_UID.2[2] FIA_UID.2 is hierarchical component to FIA_UID.
PAGE 67
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target 8.2.2. Rationale for Minimum Strength of Function The MFP that is loaded with this TOE is installed in a general office environment where an entry to the office is controlled, and is connected to an intra-office LAN with appropriately controlled connections with external networks. Therefore, there is no possibility that it is directly attacked by unspecified people via the Internet.
PAGE 68
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target 8.3. Rationale for TOE Summary Specifications 8.3.1. Rationale for the TOE security functions 8.3.1.1. Necessity The conformity of the TOE security functions and the TOE security functional requirements are shown in the following table. It shows that the TOE security functions correspond to at least one TOE security functional requirement.
PAGE 69
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target F.USER-BOX F.SERVICE F.SECURE-PRINT TOE Security Functional Requirement FMT_MTD.1[3] FMT_MTD.1[4] FMT_MTD.1[5] FMT_SMF.1 FMT_SMR.1[1] FMT_SMR.1[2] FMT_SMR.1[3] FMT_SMR.1[4] FPT_RVM.1 FPT_SEP.1 F.ADMIN TOE Security function • • • • • • • • • • • • • • • • • • 8.3.1.2. Sufficiency The TOE security functions for the TOE security functional requirements are described. • FDP_ACC.1 FDP_ACC.
PAGE 70
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target ¾ The process that operates the user box having the entered “user box identifier” executes the denied control of the operation of creating a user box having an entered “user box identifier” as an object attributes, when there is a user box having a “user box identifier” that is identical to the above. Therefore, this functional requirement is satisfied. • FIA_AFL.1[1] FIA_AFL.
PAGE 71
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target • FIA_SOS.1[1] FIA_SOS.1[1] regulates the quality metric of the user box password, which is a minimum of 4 digits and a maximum of 64 digits of one-byte English characters or one-byte symbols. F.USER-BOX checks whether 4- to 64-digit ASCII code 0x20 to 0x7E (one-byte English characters or one-byte symbols, 95 types) is set as the quality metric of the user box password for the function to change the user box password. F.
PAGE 72
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target Therefore, this functional requirement is satisfied. • FIA_UAU.2[4] FIA_UAU.2[4] regulates the authentication of the service engineer before using the service engineer functions. F.SERVICE authenticates the service engineer during the accessing of service mode, and permits the execution of the operations available only to the service engineer in service mode.
PAGE 73
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target • FIA_UID.2[2] FIA_UID.2[2] regulates the identification of a valid user of a user box during the access to the user box by a general user. F.USER-BOX identifies a general user who is a valid user of the user box through the selection of the user box that is set, during the accessing of the user box. Therefore, this functional requirement is satisfied. • FIA_UID.2[3] FIA_UID.
PAGE 74
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target • FMT_MTD.1[1] FMT_MTD.1[1] regulates the role of changing the administrator mode password, which is TSF data. F.ADMIN provides a function to change the administrator mode password operated by the administrator in administrator mode. Therefore, this functional requirement is satisfied. • FMT_MTD.1[2] FMT_MTD.1[2] regulates the role of changing the user box password, which is TSF data. F.
PAGE 75
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target F.ADMIN provides the following security management functions operated by the administrator in administrator mode.
PAGE 76
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target printing, before a secure print job information data is allowed to print. This identification and authentication function is a TSP enforcement function that is operated before permission for the print operation by the operation of the secure print job access control function, and it has a system so that it is always executed. F.
PAGE 77
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target 8.3.2. Rationale for TOE security strength of function The TOE security functions having a probabilistic/permutational mechanism are (1) the administrator mode password authentication mechanism by F. ADMIN, (2) the secure print password authentication mechanism by F.SECURE-PRINT, (3) the service code authentication mechanism provided by F.SERVICE and (4) the user box password authentication mechanism by F.USER-BOX.
PAGE 78
Di3510 Series/Di3510f Series Multi Function Peripheral Security Kit, Security Target 8.4. PP claims rationale There is no PP that is referenced by this ST. ~ LAST PAGE ~ Copyright © 2004 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.