- Product Name :
- RICOH Remote Communication Gate A2
- Version of TOE :
- Product Type :
- Appliance for remote service
- Certification No. :
- Date :
- Version of Common Criteria:
- 3.1 Release4
- Conformance Claim :
- EAL2 Augmented with ALC_FLR.2
- PP Identifier :
- Vendor :
- RICOH COMPANY, LTD.
- POC :
- Hiroshi Hozumi
- Division :
- IW Development Division
- Phone :
- E-mail :
- Evaluation Facility :
- ECSEC Laboratory Inc.
Description of TOE
This TOE is a communication device that enables digital MFPs and printers (hereafter "devices") to be connected to the communication server (hereafter "CS") in the maintenance center. Information that the TOE obtains from the device and sends to the CS is also sent to the designated email address.
Functions this TOE can provide include notification of device troubles (service call function), automatic counter checking of prints of each devices (machine counter notice function), automatic counter checking of prints by each user (counter per user retrieval function), automatic ordering of supplies such as toner (supply call function), and device firmware updating. It also provides Web-based user interface functions for TOE operations.
TOE security functionality
The major security functions this TOE can provide are as follows:
|-||Communication data protection function between the TOE and the device for the service
This function is used for communication between the TOE and devices for the service if the service call function, the machine counter notice function, the counter per user retrieval function, and the supply call function are enabled. The communication data between the TOE and the Ricoh device will be secured, and the data tampering will be detected by using a TLS protocol.
|-||Communication data protection function between the TOE and the CS
The TOE specifies only the genuine CS as the communication destination via Internet. The communication data between the TOE and the CS will be secured, and the data tampering will be detected by using a TLS protocol.
|-||Communication data protection function between the TOE and computers
This function is applied to data communication between the TOE and computers if Web-based functions are enabled. The communication data will be secured and the data tampering will be detected by using a TLS protocol.
|-||Email protection function
This function is applied to make mail sent from the TOE. The contents of the mail will be secured and the data tampering will be detected by using S/MIME.
|-||User identification and authentication function
The TOE identifies and authenticates users who access Web-based user interface functions.
|-||RC Gate firmware verification function
This function enables the TOE to check that the firmware (applications, shared parts of firmware, platforms, and the operating system) is genuine.
|-||Security management function
This function provides TOE management methods for the Administrator only.
|-||Audit logging function
This function enables the TOE to record the information related to security relevant events and allows only the administrator to review the audit logging.
Security functional requirements
This TOE implements the following security functional requirements.
|Security audit||Non-repudiation of origin/receipt||Cryptographic functionality||Access control|
|Data authentication||Export data protection||Information flow control||Import data protection|
|Internal transfer data protection||Residual information protection||Rollback||Stored data integrity|
|Transfer data confidentiality||Transfer data integrity||Identification and authentication||Security management|
|Privacy Control||Security functionality protection||Resource utilisation management||TOE access control|