Fuji Xerox C2265 - Hard Disk Data Encryption (TSF_CIPHER); User Authentication (TSF_USER

To Next Page

To Previous Page

Fuji Xerox C2265/C2263 Security Target

- 111 - Copyright



2016 by Fuji Xerox Co., Ltd

7.1.2. Hard Disk Data Encryption (TSF_CIPHER)

According to Hard Disk Data Encryption setting which is configured by a system administrator

with the system administrator mode, the document data are encrypted before stored into the

internal HDD when operating any function of copy, print, scan, network scan, fax, and internet

fax send or configuring various security function settings.

(1) FCS_CKM.1 Cryptographic key generation

The TOE uses the “hard disk data encryption seed key” configured by a system administrator

and generates a 256-bit encryption key at the time of booting through FXOSENC algorithm,

which is Fuji Xerox’s standard method and a secure algorithm with sufficient complexity.

(When the "hard disk data encryption seed key" is the same, the same cryptographic key is

generated.)

(2) FCS_COP.1 Cryptographic operation

Before storing the document data into the internal HDD, the TOE encrypts the data using

the 256-bit cryptographic key generated at the time of booting (FCS_CKM.1) and the AES

algorithm based on FIPS PUBS 197. When reading out the stored document data, the TOE

decrypts the data also using the 256-bit cryptographic key generated at the time of booting

and the AES algorithm.

7.1.3. User Authentication (TSF_USER_AUTH)

Access to the MFD functions is restricted to the authorized user. A user needs to enter his/her ID

and password from the MFD control panel, or CWIS/Printer Driver of the user client.

User authentication is conducted by using the user information registered in MFD or external

server.

There are the following two types of authentication depending on how user information is

registered.

a) Local Authentication

Authentication is managed by using the user information registered in TOE.

b) Remote Authentication

Authentication is conducted to the remote authentication server. User information is not

registered in TOE.

Remote authentication is conducted using the user information managed by the remote

authentication server (LDAP server and Kerberos server).

Only the authenticated user can use the following functions:

a) Functions controlled by the MFD control panel

Copy, fax (send), internet fax send, scan, network scan, Mailbox operation, and print (This

print function requires the Accounting System preset from printer driver. A user must be

Fuji Xerox C2265 - Hard Disk Data Encryption (TSF_CIPHER); User Authentication (TSF_USER_AUTH)