Last Updated 2013-05-08
- Product Name :
- MX-FR13
- Version of TOE :
- C.10
- Product Type :
- data protection function in Multi Function Device
- Certification No. :
- C0238
- Date :
- 2009-10-23
- Version of Common Criteria:
- 3.1
- Conformance Claim :
- EAL3
- PP Identifier :
- None
- Vendor :
- Sharp Corporation
-
- POC :
- Kohji Yakushiji
- Division :
- Product Planning Department, Document Systems Division
- Phone :
- +81-743-53-5521
- E-mail :
- Evaluation Facility :
- Information Technology Security Center
Evaluation Department
- Certification/Validation
Report :
(309 KB)(2011-09-08) - CC
Certificate Image :
(533 KB)(2009-11-30) - Security Target :
(317 KB)(2011-09-08)
PRODUCT DESCRIPTION
Description of TOE
The TOE is an IT product, composed of 2 parts, to protect data in a Multi Function Device (hereafter referred to as an "MFD").
One part is a hardware part in an MFD and provided in the form of an MFD. The other part is a firmware product and provided as an upgrade kit for the firmware of the MFD.
An MFD is an office machine that has imaging functions such as copy, printer, image scanning and fax.
TOE security functionality
The TOE counters unauthorized disclosure of image data by:
| - | the encryption function, which encrypts data, such as image data that the MFD handles, before storing the data to the HDD or the Flash memory in the MFD, |
| - | the erasure function, which overwrites random or constant numbers onto storage areas that store encrypted data, |
| - | the confidential file function, which protects image data that a user files with a password so as not to be abused by others, |
| - | the network protection function, which counters malicious attempts (of unauthorized network-accesses, communication data wiretaps, and network settings falsifications), and |
| - | the fax flow control function, which counters attempts to access to the internal network via the MFD network interface from public telephone networks on the MFD fax interface. |
Security functional requirements
This TOE implements the following security functional requirements.
| Security audit | Non-repudiation of origin/receipt | Cryptographic functionality | Access control |
| Data authentication | Export data protection | Information flow control | Import data protection |
| Internal transfer data protection | Residual information protection | Rollback | Stored data integrity |
| Transfer data confidentiality | Transfer data integrity | Identification and authentication | Security management |
| Privacy Control | Security functionality protection | Resource utilisation management | TOE access control |
| Trusted path/channels |