Ricoh Aficio MP 5001 - SF.CE_OPE_LOCK Service Mode Lock Function; SF.CIPHER Encryption Function; Encryption of Document Data; Table 33: List of Encryption Operations on Data Stored on the HDD

To Next Page

To Previous Page

Page 74 of 81

7.1.5 SF.CE_OPE_LOCK Service Mode Lock Function

The Service Mode Lock Function restricts use of the Maintenance Functions to CEs only, based on the

Service Mode Lock Function setting specified by the machine administrator.

The TOE allows the machine administrator to set the Service Mode Lock Function from the Operation Panel,

and allows all authorised users to view the value of the setting. If the Service Mode Lock Function is set to

"Off", the TOE allows only the CE to use the Maintenance Functions. If it is set to "On", the TOE does not

allow the CE to use the Maintenance Functions.

By the above, FMT_MTD.1 (Management of TSF data) is satisfied.

7.1.6 SF.CIPHER Encryption Function

The TOE encrypts the document data to be stored on the HDD.

Following are the explanations of each functional item in "SF.CIPHER Encryption

Function" and their corresponding security functional requirements.

7.1.6.1 Encryption of Document Data

The TOE encrypts data with the Ic Hdd before writing it to the HDD. The TOE decrypts data with the Ic Hdd

after reading it from the HDD. This process is performed for all data written to and read from the HDD.

Document data is encrypted and decrypted by the TOE in a similar way.

The HDD encryption keys are generated by the machine administrator. If the logged-in user is the machine

administrator, the TOE displays a screen on the Operation Panel that the administrator can use to generate

the HDD encryption keys.

When the machine administrator uses the Operation Panel to instruct the TOE to generate an HDD

encryption key, the TOE generates a 256-bit HDD encryption key using the TRNG encryption key

generation algorithm (compliant with the BSI-AIS31 standard). When the TOE writes to or reads from the

HDD, it performs the encryption operations shown in Table 33.

Table 33: List of encryption operations on data stored on the HDD

Encryption-triggering

operation

Encryption

operations

Standar

Encryption

algorithm

Key size

Writing data to HDD Encrypt

Reading data from HDD Decrypt

FIPS197 AES 256 bits

The HDD encryption keys can also be printed. If the logged-in user is the machine administrator, the TOE

displays a screen on the Operation Panel that the administrator can use to print the HDD encryption keys.

The printed encryption keys are used to restore the encryption keys in the event of the encryption keys in the

TOE becoming unavailable.

In addition, the TOE verifies that the encryption function of the Ic Hdd operates normally at start-up and

verifies the integrity of the HDD encryption keys. If the TOE is not able to verify the integrity of the HDD

encryption keys, it will show that the HDD encryption keys have changed.

Main Page

Ricoh Aficio MP 5001 - SF.CE_OPE_LOCK Service Mode Lock Function; SF.CIPHER Encryption Function; Encryption of Document Data; Table 33: List of Encryption Operations on Data Stored on the HDD

Table of Contents

Other manuals for Ricoh Aficio MP 5001

Related product manuals