2.11User Box Function ........................................................................................................................ 2-46
2.11.1Setting the User Box........................................................................................................................ 2-46
2.11.2Changing the user/account attributes and box password .............................................................. 2-51
2.18.1Setting the IP Address ..................................................................................................................... 2-93
2.18.2Registering the DNS Server...............................................................................................
This User's Guide contains the operating procedures and precautions to be used when using the security
functions offered by the bizhub 958/808/758/bizhub PRO 958 machine. To ensure the best possible performance and effective use of the machine, read this manual thoroughly before using the security functions. The
administrator of the machine should keep this manual for ready reference. The manual should be of great
help in finding solutions to operating problems and questions.
This User's Guide (version 1.01) covers the following.
Model namebizhub 958/bizhub PRO 958/bizhub 808/bizhub 758/ineo 958/ineo 758
VersionG00-14
Administrators
<Administrator of the machine>
There are two types of administrators; one who is implemented on the machine in advance, and the other
who is registered by the implemented administrator. The former is called the built-in administrator and the
latter is called a user administrator. Below, the administrator of the machine means the build-in administrator.
<User administrator>
The user administrator is a user who is given the authority to operate the machine as an administrator. The
administrator of the machine or the user administrator can register the user administrator. Be sure that "Precautions for Operation Control" applies to the user administrator. For details, see page 1-9.
The differences from the administrator of the machine are as follows:
-The same procedure as a user applies to the user administrator when he or she changes the password
or fails authentication.
-To change password, log on to the User Mode.
<Note>
Below, the administrator collectively means both the administrator of the machine and the user administrator.
1
Compliance with the ISO15408 Standard
When the Enhanced Security Mode on this machine is set to [ON], more enhanced security functions are
available.
This machine offers the security functions that comply with the ISO/IEC15408 (level: EAL2) and U.S. Government Approved Protection Profile - U.S. Government Protection Profile for Hardcopy Devices Version 1.0
(IEEE Std 2600.2
TM
-2009).
Operating Precautions
The machine gives an alarm message or an alarm sound (peep) when a wrong operation is performed or a
wrong entry is made during operation of the machine. (No "peep" alarm sound is issued if a specific sound
setting in Sound Setting of Accessibility Setting is set to [OFF].) If the alarm message or alarm sound is given,
perform the correct operation or make the correct entry according to the instructions given by the message
or other means.
The administrator must not leave the machine with each setting screen left displayed before, during, and after
access to each mode. If he or she has to leave the machine, make sure that he or she logs out and returns
the screen to the authentication screen.
The administrator must make sure that each individual general user logs out and returns the screen to the
authentication screen if he or she leaves the machine with each mode screen left displayed before, during,
and after access to each mode.
bizhub 958/808/758/bizhub PRO 9581-2
1.1Introduction
If an error message appears during operation of the machine, perform steps as instructed by the message.
For details of the error messages, refer to the User’s Guide furnished with the machine. If the error cannot be
remedied, contact your service representative.
The Web Connection functions can be used only if the setting is made to accept "Cookie."
For any query, request, or opinion concerning the machine, please contact your dealer from which you purchased your machine or Service Representative.
Any notice concerning this machine will be given in writing by the dealer from which you purchased your machine or Service Representative.
1
bizhub 958/808/758/bizhub PRO 9581-3
1.1Introduction
INSTALLATION CHECKLIST
This Installation Checklist contains items that are to be check by the Service Engineer installing this machine.
The Service Engineer should check the following items, then explain each checked item to the administrator
of the machine.
To Service Engineer
Make sure that each of these items is properly carried out by checking the box on the right of each item.
1.Perform the following steps before installing this machine.
1
Check with the administrator of the machine to determine if the security functions of this
machine should be enhanced. If the functions should be enhanced, check the following.
If the security functions are not to be enhanced, quit the operation without checking the
following.
Before installing the machine, check with the administrator of the machine to determine if
the following is confirmed.
• Whether the Service Engineer has been informed that the unpacking procedure is to
be performed by the Service Engineer in the presence of the administrator.
• Whether the machine has been under the control of the administrator of the machine
with a check made to ensure that evidently the machine has not been unpacked or
used.
The Service Engineer should obtain the administrator's consent to the performance of this
item.
If the machine has been unpacked, check with the administrator that it was the administrator who unpacked the machine and nobody but the administrator has gain access to the
machine after the unpacking. Then, obtain the administrator's consent to the performance
of the installation procedure for the unpacked machine before attempting to start the procedure. If the administrator's consent cannot be obtained, call the dealer.
I swear that I would never disclose information as it relates to the settings of this machine
to anybody, or perform malicious or intentional act during setup and service procedures
for the machine.
When giving a copy of the User's Guide, explain the following to the administrator:
• A digital signature is assigned to the data certified by ISO15408. To ensure integrity of
the file, have the administrator of the machine confirm the digital signature using the
property of the provided data file in the user's PC environment.
Confirm the digital signature as follows.
Right click the provided exe file to display the property screen.
Select [Digital Signatures] - [Details] - [General], and check that Konica Minolta, Inc. is
displayed in the Name of signer field.
Select [View Certificate] - [General]. Then, check that the signing time is within the validated date of the certificate and that the certificate has been issued by a reliable certification authority.
Write down the serial number shown in [View Certificate] - [Details]. Access to the URL
for CRL Distribution Points and confirm that the serial number is not shown in
[Revocation List]. For confirmation, the Internet environment is required.
• Two versions are available, the HTML version and User's Guide Security Operations
(this User's Guide).
• This User's Guide must first be read and the conditions described in this User's Guide
take precedence over the HTML version.
• If the security functions of the machine are to be enhanced, the machine and its surrounding environment should be set up and operated according to this User's Guide.
Refer to the Service Manual and perform the required installation and setup steps.
During the installation and setup procedure, make sure that no unnecessary parts are
mounted on the machine and have the administrator of the machine confirm that no unnecessary parts are mounted on the machine.
• Explain to the administrator making him/her check the cover of the Service Manual to
be referred that it is for bizhub 958/bizhub PRO 958/bizhub 808/bizhub 758/ineo
958/ineo 758 (Version: G00-14). Explain to the administrator that the following settings
must be performed referring to the manuals above.
• The Service Engineer must have the administrator confirm that the digital signature is
assigned to the firmware and the version of the firmware to be updated is the one that
is written on the Service Manual.
bizhub 958/808/758/bizhub PRO 9581-4
1.1Introduction
2.After this machine is installed, refer to the Service Manual and perform the following steps.
3.After this machine is installed, refer to this User’s Guide and perform the following steps.
1
Check that the Fax Kit has been mounted and set up properly, if fax functions are to be
used.
After the installation, conduct transmission and reception tests to make sure that the Fax
Kit has been mounted and set up properly.
Let the machine read the Custom Function Pattern Selection setting file
XXX_v1.0_ISO15408.cpd.
Get the administrator of the machine to confirm that [ISO15408] is selected for [Send/Save]
of [Custom Function Pattern Selection] in the Administrator Settings and obtain his or her
consent not to change the setting.
Check that the model name and the Firmware version (card version) checked with the Service Manual agree with the value shown on the Firmware version display screen.
Check also that the MFP model name and the part numbers of the MFP board and the
eMMC board agree with those described in the Service Manual.
If there is a mismatch in the Firmware version number, explain to the administrator of the
machine that upgrading of the Firmware is necessary and perform upgrading of the Firmware.
Set CE Authentication to [ON] and set the CE Password.
Make the service settings necessary for the Enhanced Security Mode.
Check that the Administrator Password has been set by the administrator of the machine.
Select [Restrict] when the confirmation screen of machine usage information is displayed.
Check that the Encryption Key has been set by the administrator of the machine.
Check that the Overwrite HDD Data has been set by the administrator of the machine.
Check that User Authentication has been set to [ON (MFP)], [External Server Authentication] (Active Directory only), or [Main + External Server] (Active Directory only) by the administrator of the machine.
Check that the date and time have been correctly set in the machine by the administrator
of the machine.
Check that the Job Log Settings (Audit Log) has been set to [Yes] by the administrator of
the machine.
Check that the certificate for SSL communications has been registered by the administrator of the machine.
In accordance with the security policies of the organization, register the certificate that is
issued by a reliable authentication authority.
Check that the ID & Print Settings has been set to [ON] by the administrator of the machine.
Check that the Memory RX Setting has been set to [Yes] by the administrator of the machine.
Check that IPsec has been set by the administrator of the machine for communications
between the machine and the external authentication server.
Check that IPsec has been set by the administrator of the machine for communications
between the machine and the DNS server.
Check that IPsec has been set by the administrator of the machine for communications
between the machine and the SMTP server.
Check that IPsec has been set by the administrator of the machine for communications
between the machine and a client PC.
Let the administrator of the machine set Enhanced Security Mode to [ON].
Check that the FW Update (USB) Password has been set by the administrator of the machine.
Check that the various functions to be disabled manually have been properly disabled by
the administrator of the machine.
bizhub 958/808/758/bizhub PRO 9581-5
1.1Introduction
After completing the checks, keep a copy of this list in the Service Representative and give the original of this
list to the administrator of the machine.
Please direct your any queries about using the machine to the Service Representative shown below.
1
The languages, in which the contents of the User’s Guide Security Operations have been
evaluated, are Japanese and English.
The following lists the manuals compatible with bizhub 958/bizhub PRO 958/bizhub
808/bizhub 758/ineo 958/ineo 758 (Version: G00-14).
• bizhub 958/808/758/bizhub PRO 958 User’s Guide v1.00 A795-9990BA-00
Explain to the administrator of the machine that the settings for the security functions for
this machine have been specified.
Product NameCompany NameUser Division Name,
Contact
Customer (administrator of the
machine)
Service Representative
Person in charge
bizhub 958/808/758/bizhub PRO 9581-6
1.2Security Functions
1.2Security Functions
Setting the Enhanced Security Mode to [ON] will validate the security function of this machine. For details of
the settings of different security functions to be changed by turning [ON] the Enhanced Security Mode, see
page 2-12.
The following the major security functions when the Enhanced Security Mode is set to [ON].
FunctionDescription
Identification and authentication function
User limiting functionSpecific functions to be used by each user/account may be limited. For de-
HDD encryption functionBy setting the Encryption Key, the data stored in the HDD is encrypted, there-
Auditing functionInformation including operations performed on the machine and a job history
Residual information deleting function
Network communication
protecting function
1
Access control is then provided through password authentication for any access to the Administrator Mode, User Authentication mode, User Box, a User
Box data file, and a Secure Print document. Access is thereby granted only
to the authenticated user. A password that can be set must meet the Password Rules. The machine does not accept setting of an easily decipherable
password. For details of the Password Rules, see page 1-13.
If a wrong password is entered, during password authentication, a predetermined number of times (once to three times.) or more set by the administrator, the machine determines that it is unauthorized access through Prohibited
Functions When Authentication Error, prohibiting any further entry of the
password. By prohibiting the password entry operation, the machine prevents unauthorized use or removal of data. The administrator is responsible
for resetting the prohibition of the password entry operation. For details, see
page 2-23.
tails, see page 2-35.
by protecting the data in the HDD. For details, see page 2-62.
can be stored in the HDD. Setting the Job Log (Audit Log) allows an illegal
act or inadequate operation performed on the machine to be traced. The obtained Job Log can be downloaded and viewed from the Web Connection.
For details, see page 2-73.
When the machine is to be discarded or use of a leased machine is terminated at the end of the leasing contract, setting of the Overwrite HDD Data function while the machine was in use allows residual unnecessary data to be
deleted, because the machine overwrites a specific overwrite value over the
unnecessary data. This prevents data leakage. (Passwords, addresses, and
other data set while the machine was in use should, however, be deleted
manually.) For details, see page 2-68.
To delete data including the passwords, addresses, and other data all at
once, the Overwrite All Data function overwrites and erases all data stored in
all spaces of the HDD. The function also resets all passwords saved in the
flash memory and eMMC to factory settings, preventing data from leaking.
For details, see page 2-70. For details of items to be cleared by Overwrite All
Data function, see page 1-15.
Communication data transmitted to or from the machine and client PC can
be encrypted using the IPsec, which prevents information leakage through
sniffing over the network. For details, see page 2-89.
Check Count Clear Conditions
In the Enhanced Security Mode, the number of wrong entries at the time of authentication is checked. The
following is the conditions for clearing or resetting the number.
<Administrator Authentication>
-Authentication of Administrator of the machine is successful.
<User Authentication Mode>
-Authentication of User Administrator is successful.
-User Authentication mode is successful.
-Release of Prohibited Functions When Authentication Error is executed.
<Account Track Mode>
-Account Track mode is successful.
-Release of Prohibited Functions When Authentication Error is executed.
bizhub 958/808/758/bizhub PRO 9581-7
1.2Security Functions
<Secure Print>
-Authentication of Secure Print is successful.
-Release of Prohibited Functions When Authentication Error is executed.
<Box>
-Authentication of User Box is successful.
-Authentication for execution of change of User Box Name and User Box Password is successful.
-Release of Prohibited Functions When Authentication Error is executed.
1
bizhub 958/808/758/bizhub PRO 9581-8
1.3Precautions for Operation Control
1.3Precautions for Operation Control
This machine and the data handled by this machine should be used in an office environment that meets the
following conditions. The machine must be controlled for its operation under the following conditions to protect the data that should be protected.
Roles of the Owner of the Machine
The owner (an individual or an organization) of the machine should take full responsibility for controlling the
machine, thereby ensuring that no improper operations are performed.
-The owner of the machine should have the administrator recognize the organizational security policy
and procedure, educate him or her to comply with the guidance and documents prepared by the manufacturer, and allow time for him or her to acquire required ability. The owner of the machine should
also operate and manage the machine so that the administrator can configure and operate the machine
appropriately according to the policy and procedure.
-The owner of the machine should have users of the machine recognize the organizational security policy
and procedure, educate them to follow the policy and procedure, and operate and manage the machine
so that the users acquire the required ability.
-The owner of the machine should vest the user with authority to use the machine according to the organizational security policy and procedure.
-The owner of the machine should operate and manage the machine so that the administrator checks
the Job Log (Audit Log) data at appropriate timing to thereby determine whether a security compromise
or a faulty condition has occurred during an operating period.
-If the Job Log (Audit Log) data is to be exported to another product, the owner of the machine should
ensure that only the administrator performs the task. The owner of the machine should also operate and
manage the machine so that the Job Log (Audit Log) data is not illegally accessed, deleted, or altered.
1
Roles and Requirements of the Administrator
The administrator should take full responsibility for controlling the machine, thereby ensuring that no improper operations are performed.
-A person who is capable of taking full responsibility for controlling the machine should be appointed as
the administrator to make sure that no improper operations are performed.
-When using an external authentication server, an SMTP server (mail server), or a DNS server, each server should be appropriately managed by the administrator and should be periodically checked to confirm
that settings have not been changed without permission.
Password Usage Requirements
The administrator must control the Administrator Password, Encryption Key, FW Update (USB) Password,
and User Box Password appropriately so that they may not be leaked. These passwords should not be ones
that can be easily guessed. The user, on the other hand, should control the Secure Print Password and User
Password appropriately so that they may not be leaked. Again, these passwords should not be ones that can
be easily guessed.
<To Achieve Effective Security>
-Make absolutely sure that only the administrator of the machine knows the Administrator Password.
-Make absolutely sure that only the administrator knows the Encryption Key, FW Update (USB) Pass-
word, and User Box Password.
-Make sure that the administrator of the machine changes the Administrator Password regularly.
-The administrator must change the Encryption Key, FW Update (USB) Password, and User Box Pass-
word at regular intervals.
-The administrator of the machine should make sure that any number that can easily be guessed from
birthdays, employee identification numbers, and the like is not set for the Administrator Password.
-The administrator should make sure that any number that can easily be guessed from birthdays, employee identification numbers, and the like is not set for the Account Password, Encryption Key, FW
Update (USB) Password, and User Box Password.
-If a User Password has been changed, the administrator should have the corresponding user change
the password as soon as possible.
-If the Administrator Password has been changed by the Service Engineer, the administrator of the machine should change the Administrator Password as soon as possible.
bizhub 958/808/758/bizhub PRO 9581-9
1.3Precautions for Operation Control
-The administrator should have users ensure that the passwords set for the User Authentication, Secure
Print, and the box that can be used by the user are known only by the user concerned.
-The administrator should have users change the passwords set for the User Authentication at regular
intervals.
-The administrator of the machine should have the user administrator log on to the User Mode and
change his or her password in [Utility] - [User Settings] - [Change Password] if he or she changes the
password.
-The administrator should make sure that any user does not set any number that can easily be guessed
from birthdays, employee identification numbers, and the like for the passwords set for the User Authentication and Secure Print.
-The administrator should disclose the Account Password to the user in accordance with the operating
environment of the machine and the security policies of the organization on his or her own responsibility.
External authentication server control requirements
The administrator and the server administrator are required to apply patches to, or perform account control
for, this machine and the external authentication server connected to the office LAN in which the machine is
installed to ensure operation control that achieves appropriate access control.
This machine can be used only after the user who uses this machine has been registered in the external authentication server. The server administrator should also check registered users at regular intervals to thereby
ensure that any unnecessary users are left registered.
1
Security function operation setting operating requirements
The administrator should observe the following operating conditions.
-The administrator should make sure that the machine is operated with the settings described in the installation checklist made properly in advance.
-The administrator should make sure of correct operation control so that the machine is used with the
Enhanced Security Mode set to [ON].
-The administrator should make sure of correct operation control so that the appropriate FW Update
(USB) Password is used with [FW Update (USB) Permission Setting] set to [Password Priority].
-When the Enhanced Security Mode is turned [OFF], the administrator is to make various settings according to the installation checklist and then set the Enhanced Security Mode to [ON] again. For details
of settings made by the service engineer, contact your service representative.
-When the machine is to be discarded or use of a leased machine is terminated at the end of the leasing
contract, the administrator should use the Overwrite HDD Data function and the Overwrite All Data
function to thereby prevent data to be protected from leaking.
Operation and control of the machine
The administrator should perform the following operation control.
-The administrator should log off from the Administrator Mode whenever the operation in the Administrator Mode is completed. The administrator of the machine should also make sure that each individual
user logs off from the User Authentication mode after the operation in the User Authentication mode is
completed, including operation of the Secure Print document, User Box, and User Box file.
-During user registration and box registration, the administrator should make sure that the correct settings are made for the correct users, including functional restrictions and box attributes.
-The administrator should set the Encryption Key and FW Update (USB) Password according to the environment, in which this machine is used.
-The administrator should appropriately control the device certificate (SSL certificate) registered in the
machine.
-The administrator should ensure that no illegal connection or access is attempted when the machine is
to be connected to an external interface.
-The administrator should appropriately control the file of Job Log (Audit Log) data downloaded to, for
example, a PC and ensure that none other than the administrator of the machine handle it.
-The administrator should check the Job Log (Audit Log) data at appropriate timing, thereby determining
whether a security compromise or a faulty condition has occurred during an operating period.
-When generating or deleting Job Log (Audit Log) and Job Log (Audit Log) data, the administrator should
check conditions of using this machine by the user.
bizhub 958/808/758/bizhub PRO 9581-10
1.3Precautions for Operation Control
-The administrator should make sure that each individual user updates the OS of the user's terminal and
applications installed in it to eliminate any vulnerabilities.
-The administrator should set the account track and make sure that the machine is operated through
operative association with the account track.
-The administrator should delete cache following the procedure specified for each browser when seeing
previews on a web browser because the contents can be cached on PCs and make sure that users
perform the same procedure.
-The administrator must not select a modem method when setting CS Remote Care.
The administrator disables the following functions and operates and manages the machine under a condition
in which those functions are disabled.
Function NameSetting Procedure
IP Address Fax Function *Using [Administrator Settings] - [Network Settings] - [Network Fax Set-
Internet Fax Function *Using [Administrator Settings] - [Network Settings] - [Network Fax Set-
Bonjour SettingUsing [Administrator Settings] - [Network Settings], set [Bonjour Setting]
Personal Data Security Settings
1
tings], set [WebDAV Client Settings] to [OFF].
• Using [Administrator Settings] - [Network Settings] - [WebDAV Settings], set [WebDAV Server Settings] to [OFF].
• Using [Administrator Settings] - [Network Settings] - [DPWS Settings],
set [Printer Settings] to [OFF].
• Using [Administrator Settings] - [Network Settings] - [DPWS Settings],
set [Scanner Settings] to [OFF].
[LPD Setting] to [Disable].
Setting] to [OFF].
set [LLMNR Setting] to [Disable].
[Print Settings] to [OFF].
to [OFF].
Using [Administrator Settings] - [Security Settings] - [Security Details], set
[Job History] and [Current Job] under [Personal Data Security Settings] to
[Yes].
*: It will not be displayed in case of service mode where the setting is not configured (the function is set to
OFF when it is not displayed).
Machine Maintenance Control
The administrator should perform the following maintenance control activities.
-Provide adequate control over the machine to ensure that only the Service Engineer is able to perform
physical service operations on the machine.
-Provide adequate control over the machine to ensure that any physical service operations performed
on the machine by the Service Engineer are overseen by the administrator.
-Some options require that Enhanced Security Mode be turned [OFF] before they can be used on the
machine. If you are not sure whether a particular option to be additionally purchased is fully operational
with the Enhanced Security Mode turned [ON], contact your Service Representative.
-Install the machine at a safe site that can be monitored and operate and manage the machine while
ensuring that the machine is protected from unauthorized physical access.
Precautions for using the printer driver
The following precautions should be used when the printer driver is to be used in this machine:
-When a document is to be transmitted from the PC to the machine, user registration is necessary in
advance.
-With the external server authentication, a user is registered in this machine when he or she has been
successful in identification authentication on the control panel.
-Any document that has been transmitted by a user who is yet to be registered is discarded.
bizhub 958/808/758/bizhub PRO 9581-12
1.4Miscellaneous
1.4Miscellaneous
Password Rules
Study the following table for details of the number and types of characters that can be used for each password. For details of the settings of the Password Rules, see page 2-15.
1
Types of
passwords
Administrator
Password
User Password
Account Password
Public User Box
Password
Annotation User
Box Password
Secure Print
Password
Confidential RX
password
FW Update (USB)
Password
Memory RX User
Box Password
Encrypted PDF
Password
*
: The minimum number of characters set in [Set Minimum Password Length] must be set for the password.
The default value is 12.
Precautions for Use of Umlaut
-Setting or entering an umlaut from the control panel may be disabled depending on the setting made
in this machine, but not on the client PC side including Web Connection. If an umlaut is set in a password on the PC side, therefore, the umlaut cannot be entered from the control panel, which means that
this particular password is not usable.
• Numeric characters: 0 to 9• The password rules are
ting/changes
• A password only consisting of identical characters cannot be registered
or changed.
• The current password
must be entered before a
change can be made in
the setting.
• A new password to be
set should not be the
same as the current one.
• A password only consisting of identical characters cannot be
registered.
• A password only consisting of identical characters cannot be registered
or changed.
• A new password needs
to be re-entered.
not applicable.
not applicable.
• Password that is set
when PDF document is
created.
bizhub 958/808/758/bizhub PRO 9581-13
1.4Miscellaneous
Precautions for Use of Various Types of Applications
Comply with the following requirements when using the Web Connection or an application of various other
types
The administrator should make sure that the user observes the following requirements.
-The password control function of each application stores the password that has been entered in the PC
being used. Disable the password management function of each application and perform an operation
without storing a password.
Use a web browser or an application of various other types that shows "*" or "-" for the password entered.
-Once the password has been entered, do not leave your PC idle without logging on.
-Set the web browser so that cache files are not saved.
-Do not access any other site once you have logged onto the machine with the Web Connection. Ac-
cessing any other site or a link included in e-mail, in particular, can lead to execution of an unintended
type of operation. Whenever access to any other site is necessary, be sure first to log off from the machine through the Web Connection.
-Using the same password a number of times increases the risk of spoofing.
-If a web browser such as Internet Explorer is used on the client PC side, "TLS v1.0" or more should be
used for the SSL setting.
-Optional applications not described in this User’s Guide are not covered by certification of ISO15408.
Encrypting communications
1
This machine guarantees encrypted communication via IPsec.
IPsec setting
This machine offers a choice of two authentication methods of [Pre-Shared Key] and [Digital Signature] for
authenticating the remote machine with which to communicate.
When [Pre-Shared Key] is to be used, control the pre-shared key appropriately to ensure that it is not leaked
to any third party other than the remote machine with which to communicate. For the shared key, set a value
that consists of a combination of eight or more alphanumeric characters and that cannot be easily guessed.
Do not set a value that can be easily guessed from your birthday, employee identification number, and the
like.
[Digital Signature] has a higher security strength than [Pre-Shared Key].
The ISO15408 evaluation for the machine is performed on the basis of the [Pre-Shared Key].
[Main Mode] and [Aggressive Mode] are available in [Negotiation Mode] of [IKE Settings]. The default setting
is [Main Mode]. The administrator should operate the machine with the [Main Mode] setting.
Leaking the pre shared key for IPsec set on the MFP increases the risk of spoofing of the MFP, etc. Therefore,
set machine-specific pre shared keys and manage them safely.
Note that unencrypted communication can be established if the IPsec setting is not made over the whole address range (0 to 255 for IPv4) and an IP address outside the range is assigned to a client PC.
Use the following browsers to ensure safety. Use of any of the following browsers achieves communication
that ensures confidentiality of the image data transmitted and received.
Microsoft Internet Explorer
-9/10/11
Mozilla Firefox
-20 or later
Microsoft Internet Explorer 11 is used for the ISO15408 evaluation for this machine.
Print functions
Only the following procedures are guaranteed for the print functions performed from the client PC.
-Use IPPS printing for the print functions performed using the printer driver.
-Use direct printing from the Web Connection for the print functions not performed via the printer driver.
bizhub 958/808/758/bizhub PRO 9581-14
1.4Miscellaneous
IPP printing
IPP (Internet Printing Protocol) is a function that allows printing via the Internet by using the HTTP (HyperText
Transfer Protocol) of the TCP/IP Protocol. IPPS (IPP over SSL/TLS) is the type of IPP that performs the SSL
encryption communication.
<Installing printer driver>
To perform IPPS printing, the printer driver must be installed. Start the printer addition wizard of the Windows
Vista/7/8/8.1/Server 2008/Server 2008 R2/Server 2012/Server 2012 R2 and type the IP address of this machine in the following format in the "URL" field.
https://[host name].[domain name]/ipp
For [host name] and [domain name], specify the names set with the DNS server.
<Registering the certificate in Windows Vista or later>
Windows Vista or later, which offers enhanced security functions, gives a certificate error message if the SSL
certificate is one that is not issued by a certification body. In such cases, it becomes necessary to register
the certificate of this machine as that issued by a reliable party for the computer account.
First, register Host Name and IP address of this machine in the DNS server in advance. Then, in TCP/IP Settings of Web Connection, set the DNS Host Name and DNS Default Domain Name registered with the DNS
server.
It should also be noted that, for the certificate to be imported, a certificate for SSL encryption communication
should be registered in Web Connection and exported in advance as the certificate including the public key.
1
1From "Continue to this website," call the Web Connection window to the screen.
2Click "Certificate Error" to display the certificate. Then, click "Install Certificate" to install the certificate.
3Display the physical stores. Then, deploy the certificate, which has earlier been exported, in "Local
Computer" of "Trusted Root Certification Authorities" to thereby import the certificate.
Items of Data Cleared by Overwrite All Data Function
The Overwrite All Data function clears the following items of data.
Items of Data ClearedDescription
Password RulesSets [Disable] and disables [Set Minimum Password Length]
User registration dataDeletes all user-related data that has been registered
Account track registration dataDeletes all account track-related data that has been registered
Box registration data/fileDeletes all User Box-related information and files saved in User Box
Secure Print ID/Password/
document
ID & Print documentDeletes all ID & Print documents saved in ID & Print User Box
Image files• Image files other than Secure Print documents, ID & Print docu-
Destination recipient data filesDeletes all destination recipient data including e-mail addresses and
Encryption KeyClears the currently set Encryption Key
Administrator PasswordClears the currently set password, resetting it to the factory setting
FW Update (USB) PasswordClears the currently set FW Update (USB) Password
Device certificate
(SSL certificate)
Deletes all Secure Print document-related information and files saved
ments, and User Box files
• Data files left in the HDD data space, used as image files and not
deleted through the general deletion operation
• Temporary data files generated during print image file processing
telephone numbers
(1234567812345678)
Deletes the currently set Device certificate (SSL certificate)
bizhub 958/808/758/bizhub PRO 9581-15
1.4Miscellaneous
Items of Data ClearedDescription
SSL encryption strengthDeletes the SSL certificate to thereby clear the SSL encryption
SSL-compliant protocolMakes the protocol not complying with SSL
Network SettingClears the currently set network settings (DNS Server setting, IP Ad-
Daylight Saving TimeSet to [No]
Time Adjustment Setting (NTP)Set to [OFF]
Time/date dataVaries corrected data, if the time-of-day data is corrected due to, for
Fax functions
An optional Fax Kit is required for using fax functions. Contact your Service Representative.
USB keyboard
The USB keyboard is not used for the ISO15408 evaluation for this machine.
Do not use a USB keyboard.
1
strength
dress setting, SMTP Server setting, and AppleTalk Printer Name setting), resetting it to the factory setting
example, the daylight saving time
Different types of boxes
A box may be a user box or a system box. The user can store documents in the User Box. Also, the user can
print a file from the User Box or send a file to another user. The System Box is used by the system to temporarily store files when the user uses the facsimile or print function together with the file storage function of
the box.
The User Box (*) cannot be used under the operation and control of this machine.
TypeDescription
Public User Box *This is the public box in which all users can store documents and use
them. Note that a password is set for the box and the set password
needs to be entered before access can be gained to the box.
Personal User Box *This is a personal box. Only users who have logged in to the system
can store and use documents in the Personal User Box.
Group User Box *This is a group box. Only users belonging to the same department (or
group) can store and use documents in the Group User Box.
Secure Print BoxWhen you print a document from the PC or when you select the Se-
Memory RX BoxWhen a facsimile is received by the Memory RX function, it is stored
ID & Print BoxWhen you print a document from the PC, the files transferred with the
Annotation User BoxWhen a stored file is printed out or sent to another user, its date, time
Password Encrypted PDF BoxWhen a password protected PDF file is printed out or stored in the
cure Print function using the printer driver, this data file is stored in the
Secure Print User Box.
in the Memory RX User Box.
ID & Print function are stored in the ID & Print User Box.
and any annotations are added to this box automatically.
User Box, the file is stored in the Password Encrypted PDF User Box.
bizhub 958/808/758/bizhub PRO 9581-16
1.4Miscellaneous
Hardware and software used in the machine
The following lists the software, hardware, and their versions used for the ISO15408 evaluation for this machine and they are the same as those listed on the security target.
The ISO15408 evaluation assumes that the HDD is mounted in the machine. Any configuration not including
the HDD is not guaranteed by the ISO15408 evaluation.
The user should appropriately manage the hardware and software used with the machine on his or her own
responsibility.
Hardware/softwareVersion, etc.
FAX KitFK-514
Printer DriverPCL: Ver. 4.1.0.0
Data Administrator with Device Set-Up and Utilities
Data AdministratorVer. 4.1.36000
External authentication serverActive directory mounted on Windows Server 2008 R2 Standard Ser-
DNS serverWindows Server 2008 R2 Standard Service Pack1
1
PS: Ver. 4.1.3.0
XPS: Ver. 4.1.3.0
Ver. 1.0.08000
vice Pack 1
Firmware integrity verification function
When the main power switch is turned ON with the Enhanced Security Mode set to [ON], the machine
checks the encryption key and the hash value to thereby determine that its firmware is fully operational.
If a fault occurs in the firmware, a malfunction screen appears when the machine is started, warning that a
fault has occurred. To reset the fault condition, turn [OFF] the Enhanced Security Mode and restart the machine, or update the firmware. For more details, consult your Service Representative.
CS Remote Care function
CS Remote Care is a system that manages the machine through transmission and reception of various types
of data for managing the machine between the machine and the CS Remote Care center computer via a telephone/fax line, a network, or E-mail. Functions are disabled to access the LAN from the telephone line and
to directly transfer received fax.
When the Enhanced Security Mode is set to [ON], the following functions are no longer usable: instructing to
rewrite the firmware, sending and receiving account counter information, rewriting settings of the machine,
and the Counter Remote Control function.
Terminating a Session and Logging out
The machine allows the operator to automatically log out from or terminate a session, if it is unable to detect
an operation on the control panel or a communication packet on the network. Additionally, if a user changes
the user password on the control panel while the same user accessing the machine via Web Connection,
the session of Web Connection is terminated.
The following shows the setting range and the default setting of each function. Set the time according to the
environment in which the machine is used.
The administrator should explain to the user that the following settings are made. The administrator should
also explain to the user immediately as soon as the setting has been changed.
Data AdministratorDefault setting: [60] minutes (No change can be made in the setting)
Authentication error during external server authentication
If a user is unable to log in successfully during user authentication using the external server authentication,
possible causes include the status of connection to the external server, the condition of the external server
(the server is down), and the status of user registration with the external server such as the number of users
to be controlled by the machine reaching its limit and the user password quality on the external server.
The administrator should check these points and make the appropriate settings.
• Start the Web Connection and, in the Administrator Mode, select
[Security] - [Auto Logout].
The time setting represents consideration for the time-consuming
task, such as downloading the registered information. Be careful
about leaving your seat, because the time setting is rather long.
bizhub 958/808/758/bizhub PRO 9581-18
2
Administrator Operations
2.1Accessing the Administrator Mode
2Administrator Operations
2.1Accessing the Administrator Mode
In Administrator Mode, the settings for the machine system and network can be registered or changed.
This machine implements authentication of the user of the Administrator Mode function through the Administrator Password or User Password that verifies the identity as the administrator of the person who accesses
the function. During the authentication procedure, the Administrator Password entered for the authentication
purpose appears as "*" or "-" on the display.
When the Enhanced Security Mode is set to [ON], the number of times in which authentication fails is counted.
NOTICE
Make sure that none of the general users of the machine will know the Administrator Password.
If the Administrator Password is forgotten, it must be set again by the Service Engineer. Contact your Service
Representative.
The user who is given the administrative right by the administrator can access the Administrator Mode when
logging on as the user administrator.
2
2.1.1Accessing the Administrator Mode
The machine does not accept access to the Administrator Mode under any of the following conditions. Wait
for some while before attempting to gain access to the Administrator Mode again.
-The Administrator Mode has been logged on to through access made from the PC.
-A remote operation is being performed from an application on the PC.
-There is a job being executed by the machine.
-There is a reserved job (timer TX, fax redial waiting, etc.) in the machine.
-Immediately after the main power switch has been turned ON.
-A malfunction code is displayed on the machine.
<From the Control Panel as the Administrator of the Machine>
0If another administrator has already logged on to the Administrator Mode using Web Connection, the
machine displays a message saying that other administrator has logged on and rejects any operation
on the control panel. Wait until the message disappears before attempting to access the Administrator
Mode once again.
0When accessing the Administrator Mode from the control panel, if [Export to the device] operation is
being executed using the Data Administrator, the machine displays a message that tells not to turn
off the power because of the remote operation being performed and rejects any operation on the control panel. Wait until the message disappears before attempting to access the Administrator Mode once
again.
0Do not leave the machine with the setting screen of Administrator Mode left shown on the display. If it
is absolutely necessary to leave the machine, be sure first to log off from the Administrator Mode.
bizhub 958/808/758/bizhub PRO 9582-2
2.1Accessing the Administrator Mode
1Touch [Utility].
2Touch [Administrator Settings].
3Enter the Administrator Password from the keyboard.
2
% Touch [C] to clear all characters.
% Touch [Delete] to delete the last character entered.
% Touch [Shift] to show the upper case/symbol screen.
% Touch [Cancel] to go back to the previous screen.
4Touch [OK].
% If a wrong Administrator Password is entered, a message that tells that the Administrator Password
does not match appears. Enter the correct Administrator Password.
% If the Enhanced Security Mode is set to [ON], entry of a wrong password is counted as unauthorized
access. If a wrong Administrator Password is entered a predetermined number of times (once to
three times) or more set by the administrator, a message appears saying that the machine accepts
no more Administrator Passwords because of unauthorized access for any subsequent entry of the
Administrator Password. The machine is then set into an access lock state.
To cancel the access lock state, settings must be made by the Service Engineer; or, turn off, and
then turn on, the main power switch of the machine. If the main power switch is turned off and
on, the access lock state is canceled after the lapse of time set for [Release Time Settings]. When
the main power switch is turned off, then on again, wait at least 10 seconds to turn it on after turning it off. If there is no wait period between turning the main power switch off, then on again, the
machine may not function properly.
5Press the Reset key to log off from the Administrator Mode.
bizhub 958/808/758/bizhub PRO 9582-3
2.1Accessing the Administrator Mode
<From the Control Panel as the User Administrator>
1Touch [Operation Rights] to select [Administrator].
2Enter the user name and the password, then touch [OK].
3Touch [Login] or press the Access key to log in to this machine.
2
4Touch Menu - [Utility] - [Administrator Settings].
5The Administrator Mode is displayed. Perform a desired operation.
6Press the Reset key to log off from the Administrator Mode.
bizhub 958/808/758/bizhub PRO 9582-4
2.1Accessing the Administrator Mode
<From the Web Connection as the Administrator of the machine>
0If you have already logged on to the Admin Mode from the control panel or using Web Connection, the
machine displays a message that tells that another administrator has previously logged on and rejects
any attempt to log on to the Admin Mode using the Web Connection. Click [OK] and wait for some
while before attempting to access the Admin Mode once again.
0If [Export to the device] operation is being executed using the Data Administrator, the machine dis-
plays a message that tells you cannot log on to the mode because of the remote operation being performed and rejects any attempts to the Admin Mode via the Web Connection. Click [OK] and wait for
some while before attempting to access the Admin Mode once again.
0Do not leave the machine with the Admin Mode setting screen left shown on the display. If it is abso-
lutely necessary to leave the machine, be sure first to log off from the Admin Mode.
0If you have logged on to the Admin Mode using the Web Connection and if you close the web browser
without clicking [Logout], the control panel remains locked for 70 sec.
0Different initial screens appear after you have logged on to the Admin Mode depending on the Custom-
ize setting. The descriptions herein given are concerned with the display screen set in [Meter Counter]
of Maintenance.
1Start the Web browser.
2Enter the IP address of the machine in the address bar.
3Press the [Enter] key to start Web Connection.
2
4Click the Administrator radio button and [Login].
5Select the "Administrator (Admin Mode)" in the Administrator, and enter the Administrator Password in
the "Password" box.
bizhub 958/808/758/bizhub PRO 9582-5
2.1Accessing the Administrator Mode
% If "Administrator (Admin Mode)" is selected, the settings for the machine system and network can
be registered or changed.
% When accessing the Admin Mode using the Web Connection, enter the same Administrator Pass-
word as that for the machine.
6Click [OK].
% If a wrong Administrator Password is entered, a message that tells that the authentication has failed
appears. Enter the correct Administrator Password.
% If the Enhanced Security Mode is set to [ON], entry of a wrong password is counted as unauthorized
access. If a wrong Administrator Password is entered a predetermined number of times (once to
three times) or more set by the administrator, a message appears saying that the machine accepts
no more Administrator Passwords because of unauthorized access for any subsequent entry of the
Administrator Password. The machine is then set into an access lock state.
To cancel the access lock state, settings must be made by the Service Engineer; or, turn off, and
then turn on, the main power switch of the machine. If the main power switch is turned off and
on, the access lock state is canceled after the lapse of time set for [Release Time Settings]. When
the main power switch is turned off, then on again, wait at least 10 seconds to turn it on after turning it off. If there is no wait period between turning the main power switch off, then on again, the
machine may not function properly.
7Click [Logout].
8Click [OK].
This allows you to log off from the Admin Mode.
2
bizhub 958/808/758/bizhub PRO 9582-6
2.1Accessing the Administrator Mode
<From the Web Connection as the User Administrator>
1Start the Web browser.
2Enter the IP address of the machine in the address bar.
3Press the [Enter] key to start Web Connection.
4Click the Administrator radio button and [Login].
5Select "Administrator (Admin Mode)" in the Registered User and enter the user name in the "User
Name" box and the user password in the "Password" box.
2
% If "Administrator (Admin Mode)" is selected, the settings for the machine system and network can
be registered or changed.
% When accessing the Admin Mode using the Web Connection, enter the same User Password as
that for the machine.
6Click [OK].
% If a user administrator enters a wrong User Password, a message that tells that the authentication
has failed appears. Enter the correct User Password.
% If the Enhanced Security Mode is set to [ON], the entry of a wrong User Password is counted as
unauthorized access. If a wrong User Password is entered a predetermined number of times (once
to three times) or more set by the administrator, a message appears saying that the machine accepts no more User Passwords because of unauthorized access for any subsequent entry of the
User Password. The machine is then set into an access lock state. To cancel the access lock state,
the administrator must perform the Release Setting. Contact the administrator.
7Click [Logout].
8Click [OK].
This allows you to log off from the User Administrator Mode.
bizhub 958/808/758/bizhub PRO 9582-7
2.1Accessing the Administrator Mode
Tips
2.1.2Accessing the User Mode
You can log on to the User Mode as an administrator. In the User Mode, you can check or delete a job, which
is disabled in Administrator Mode.
The authority relating to box settings is the same as that of Administrator Mode.
<From the Control Panel>
0The administrator must first make User Authentication settings before he or she can access User Mode.
For details of the User Authentication, see page 2-25.
0Do not leave the machine with the User Mode setting screen left shown on the display. If it is absolutely
necessary to leave the machine, be sure first to log off from the User Mode.
1Touch the keyboard icon in the [User Name] field.
2
2Enter "admin" in [User Name]. Enter the password set for this machine in [Password].
% Touch [C] to clear all characters.
% Touch [Delete] to delete the last character entered.
% Touch [Shift] to show the upper case/symbol screen.
% Touch [Cancel] to go back to the previous screen.
3Touch [OK].
bizhub 958/808/758/bizhub PRO 9582-8
Loading...
+ 129 hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.