Page 68 of 82
Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved.
Following are the explanations of each functional item in "SF.I&A User Identification and
Authentication Function" and their corresponding security functional requirements.
7.1.2.1 User Identification and Authentication
The TOE displays a login window when users attempt to use the TOE Security Functions from the
Operation Panel or the Web Service Function. This window requires the user to enter their ID and password,
and then identifies and authenticates the user based on the entered user IDs and passwords.
The TOE also identifies and authenticates the user based on the user ID and password sent from the client
computer when the TOE receives a request from the client computer for printing or transmitting faxes.
The TOE binds successfully authenticated users to the processes available to them (general user processes,
administrator processes, or supervisor processes) according to their user roles (general users, administrators,
or a supervisor), associates each process with the security attributes of that role, and maintains those
bindings and associations. If the user is a general user, the TOE binds the general user to general user
processes, associates general user processes with a general user ID and the document data default ACL, and
maintains those bindings and associations. If the user is an administrator, the TOE binds the administrator
to administrator processes, associates administrator processes with the administrator ID and the
administrator roles, and maintains those bindings and associations. If the user is a supervisor, the TOE
binds the supervisor to supervisor processes, associates supervisor processes with the supervisor ID, and
maintains those bindings and associations.
Authentication methods vary according to the user's role. Table 27 shows the authentication methods for
each user role.
Table 27: User roles and authentication methods
User roles Authentication methods
General users
Check if the general user ID and password entered by the user match a general
user ID and corresponding password registered in the Address Book.
Administrators
Check if the administrator ID and password entered by the user match an
administrator ID and corresponding password registered to the TOE.
Supervisor
Check if the supervisor ID and password entered by the user match a supervisor
ID and corresponding password registered to the TOE.
By the above, FIA_ATD.1 (User attribute definition), FIA_UAU.2 (User authentication before any action),
FIA_UID.2 (User identification before any action), FIA_USB.1 (User-subject binding), FMT_SMF.1
(Specification of Management Functions), and FMT_SMR.1 (Security Roles) are satisfied.
7.1.2.2 Actions in Event of Identification and Authentication Failure
The TOE counts the number of failed identification and authentication attempts made under each ID, as
described in "7.1.2.1 User Identification and Authentication". When the number of failed consecutive
attempts reaches the machine administrator-specified Number of Attempts before Lockout, the TOE locks
out the user, and sets the Lockout Flag for that user to "Active". The machine administrator can specify 1 to
5 as the Number of Attempts before Lockout.
When a user authenticates successfully, as described in "7.1.2.1 User Identification and Authentication", the
To Next Page
Loading...
Need help?
General
