1.3Data to be Protected ............................................................................................................................ 1-6
1.4Precautions for Operation Control...................................................................................................... 1-7
Roles and Requirements of the Administrator..........................................................................................1-7
Types of Data Cleared by Overwrite All Data Function ..........................................................................1-11
2Administrator Operations
2.1Accessing the Administrator Settings ................................................................................................ 2-2
2.1.1Accessing the Administrator Settings ......................................................................................................2-2
<From the Control Panel> ........................................................................................................................2-3
2.1.2Accessing the User Mode ........................................................................................................................2-5
<From the Control Panel> ........................................................................................................................2-5
<From PageScope Web Connection>......................................................................................................2-7
2.2Enhancing the Security Function ........................................................................................................ 2-9
2.2.1Items cleared by HDD Format................................................................................................................2-10
2.2.2Setting the Enhanced Security Mode.....................................................................................................2-11
<Setting can be made only from the control panel>..............................................................................2-11
2.5Setting the Authentication Method................................................................................................... 2-19
2.5.1Setting the Authentication Method.........................................................................................................2-19
2.5.2Setting the External Server.....................................................................................................................2-22
2.6ID & Print Setting Function ................................................................................................................ 2-24
2.6.1Setting ID & Print ....................................................................................................................................2-24
2.7System Auto Reset Function ............................................................................................................. 2-26
2.7.1Setting the System Auto Reset function.................................................................................................2-26
<Setting can be made only from the control panel>..............................................................................2-15
<Setting can be made only from the control panel>..............................................................................2-17
<Setting can be made only from the control panel>..............................................................................2-19
<Setting can be made only from the control panel>..............................................................................2-22
<Setting can be made only from the control panel>..............................................................................2-24
<Setting can be made only from the control panel>..............................................................................2-26
2.8.1Making user setting ................................................................................................................................2-29
<From the Control Panel> ......................................................................................................................2-29
<From PageScope Web Connection>....................................................................................................2-34
2.10User Box Function .............................................................................................................................. 2-42
2.10.1Setting the User Box ..............................................................................................................................2-42
2.10.2Changing the user attributes and account attributes .............................................................................2-48
2.11Changing the Administrator Password ............................................................................................ 2-55
2.11.1Changing the Administrator Password...................................................................................................2-55
2.12Protecting Data in the HDD ............................................................................................................... 2-58
2.12.1Setting the HDD Lock Password............................................................................................................2-58
2.12.2Changing the HDD Lock Password........................................................................................................2-61
2.12.3Setting the Image Data Encryption Passphrase.....................................................................................2-64
2.12.4Changing and releasing the Image Data Encryption Passphrase ..........................................................2-69
2.13Protecting Data Stored in the Flash Memory................................................................................... 2-74
2.13.1Setting the Flash Memory Lock Password.............................................................................................2-74
2.13.2Changing the Flash Memory Lock Password.........................................................................................2-77
2.14Overwrite All Data Function............................................................................................................... 2-80
2.14.1Setting the Overwrite All Data function ..................................................................................................2-80
2.15.1Setting the SSL.......................................................................................................................................2-83
2.15.2Changing the Encryption Strength Setting .............................................................................................2-86
2.15.3Changing the Mode Using SSL ..............................................................................................................2-87
2.15.4Removing a Certificate ...........................................................................................................................2-88
2.16S/MIME Communication Setting Function....................................................................................... 2-89
2.16.1Setting the S/MIME Communication......................................................................................................2-89
2.16.2Registering the certificate.......................................................................................................................2-94
2.17SNMP Setting Function ...................................................................................................................... 2-96
2.17.1Changing the auth-password and priv-password ..................................................................................2-96
2.17.2SNMP access authentication function .................................................................................................2-102
2.19.1Setting the IP Address..........................................................................................................................2-108
2.19.2Registering the DNS Server..................................................................................................................2-109
2.25Setting TSI distribution..................................................................................................................... 2-115
2.25.1Setting TSI distribution .........................................................................................................................2-115
2.25.2Setting TSI distribution and register TSI distribution............................................................................2-115
2.25.3Setting TSI distribution and register TSI distribution............................................................................2-116
<From the Control Panel> ....................................................................................................................2-108
<From PageScope Web Connection>..................................................................................................2-108
<From the Control Panel> ....................................................................................................................2-109
<From PageScope Web Connection>..................................................................................................2-109
<From the Control Panel> ....................................................................................................................2-110
<From PageScope Web Connection>..................................................................................................2-110
<From the Control Panel> ....................................................................................................................2-111
<From PageScope Web Connection>..................................................................................................2-111
<From the Control Panel> ....................................................................................................................2-112
<From PageScope Web Connection>..................................................................................................2-112
<From the Control Panel> ....................................................................................................................2-113
<From PageScope Web Connection>..................................................................................................2-113
<From the Control Panel> ....................................................................................................................2-114
<From the Control Panel> ....................................................................................................................2-115
<From the Control Panel> ....................................................................................................................2-115
<From the Control Panel> .......................................................................................................
3.1.1Performing user authentication ................................................................................................................3-2
3.1.2Accessing the ID & Print Document .......................................................................................................3-11
3.3.1Accessing the Secure Print Document...................................................................................................3-17
3.4User Box Function .............................................................................................................................. 3-21
3.4.1Setting the User Box ..............................................................................................................................3-21
501/421/361x-3
<From the Control Panel> ........................................................................................................................3-4
<From PageScope Web Connection>......................................................................................................3-9
<Setting can be made only from the control panel>..............................................................................3-11
<From the Control Panel> ......................................................................................................................3-13
<From PageScope Web Connection>....................................................................................................3-16
<Setting can be made only from the control panel>..............................................................................3-18
<From the Control Panel> ......................................................................................................................3-21
<From PageScope Web Connection>....................................................................................................3-25
Contents
3.4.2Changing the User Box Password and user attributes and account attributes .....................................3-27
<From the Control Panel> ......................................................................................................................3-27
<From PageScope Web Connection>....................................................................................................3-32
3.4.3Accessing the User Box and User Box file.............................................................................................3-36
<From the Control Panel> ......................................................................................................................3-37
<From PageScope Web Connection>....................................................................................................3-39
4.1PageScope Data Administrator........................................................................................................... 4-2
4.1.1Gaining access from PageScope Data Administrator ..............................................................................4-2
<From the PC> .........................................................................................................................................4-2
4.1.2Setting the user authentication method ...................................................................................................4-5
4.1.3Changing the authentication mode ..........................................................................................................4-7
4.1.4Making the user settings ........................................................................................................................4-10
4.1.5Making the account settings ..................................................................................................................4-11
4.1.6Registering the certificate.......................................................................................................................4-12
4.1.7SNMP Setting Function ..........................................................................................................................4-14
4.1.8DNS Server Setting Function..................................................................................................................4-16
4.1.9NetWare Setting Function ......................................................................................................................4-17
4.1.11AppleTalk Setting Function ....................................................................................................................4-19
4.1.12E-Mail Setting Function ..........................................................................................................................4-20
4.2.1Accessing User Box ...............................................................................................................................4-21
4.2.2Creating a User Box ...............................................................................................................................4-23
4.2.3Changing User Box properties (user attributes, account attributes) ......................................................4-25
4.2.4Accessing the User Box file....................................................................................................................4-27
<From the PC> .........................................................................................................................................4-5
<From the PC> .........................................................................................................................................4-7
<From the PC> .......................................................................................................................................4-10
<From the PC> .......................................................................................................................................4-11
<From the PC> .......................................................................................................................................4-12
<Changing the auth-password and priv-password>..............................................................................4-14
<Registering the DNS Server> ...............................................................................................................4-16
<Making the NetWare Setting> ..............................................................................................................4-17
<Setting the NetBIOS Name> ................................................................................................................4-18
<Making the AppleTalk Setting> ............................................................................................................4-19
<Setting the SMTP Server (E-Mail Server)> ...........................................................................................4-20
<From the PC> .......................................................................................................................................4-21
<From the PC> .......................................................................................................................................4-23
<From the PC> .......................................................................................................................................4-25
<From the PC> .......................................................................................................................................4-27
<From the PC> .......................................................................................................................................4-28
<From the PC> .......................................................................................................................................4-30
................... 4-32
<From the PC> .......................................................................................................................................4-32
<From the PC> .......................................................................................................................................4-36
501/421/361x-5
1
Security
Security
1Security
1.1Introduction
Thank you for purchasing our product.
This User’s Guide contains the operating procedures and precautions to be used when using the security
functions offered by the bizhub 501/421/361 machine. To ensure the best possible performance and effective
use of the machine, read this manual thoroughly before using the security functions. The Administrator of the
machine should keep this manual for ready reference. The manual should be of great help in finding solutions
to operating problems and questions.
This User’s Guide (Ver. 1.03) describes bizhub 501/421/361/ineo 501/421/361/VarioLink 3622/4222/5022
Multi Function Peripheral Control Software (A0R50Y0-0100-G00-20, BIOS control controller: A0R50Y01D00-G00-11).
Compliance with the ISO15408 Standard
When the Enhanced Security Mode on this machine is set to [ON], more enhanced security functions are
available.
The security functions offered by the bizhub 501/421/361 machine comply with ISO/IEC15408 (level: EAL3).
Operating Precautions
1
The machine gives an alarm message or an alarm sound (peep) when a wrong operation is performed or a
wrong entry is made during operation of the machine. (No "peep" alarm sound is issued if a specific sound
setting in Sound Setting of Accessibility Setting is set to [OFF].) If the alarm message or alarm sound is given,
perform the correct operation or make the correct entry according to the instructions given by the message
or other means.
The Administrator of the machine should make sure that each individual general user exits from the current
mode to return to the basic screen whenever the access to that mode is completed or if the user leaves the
machine with the mode screen left displayed.
The Administrator of the machine should exit from the current mode to return to the basic screen whenever
the access to that mode is completed or if he or she leaves the machine with the mode screen left displayed.
The PageScope Web Connection functions can be used only if the setting is made to accept "Cookie."
501/421/3611-2
Security
1
INSTALLATION CHECKLIST
This Installation Checklist contains items that are to be check by the Service Engineer installing this machine.
The Service Engineer should check the following items, then explain each checked item to the Administrator
of the machine.
To Service Engineer
Make sure that each of these items is properly carried out by checking the box on the right of each item.
1.Perform the following steps before installing this machine.Completed
Check with the Administrator to determine if the security functions of this machine should be en-
hanced. If the functions should be enhanced, check the following.
If the security functions are not to be enhanced, quit the operation without checking the following.
I swear that I would never disclose information as it relates to the settings of this machine to anybody, or perform malicious or intentional act during setup and service procedures for the machine.
When giving the User’s Guide Security Operations to the Administrator of the machine, check that
the User’s Guide is the security-compatible version and explain to the Administrator that it is security-compatible.
2.After this machine is installed, refer to the Service Manual and perform the following steps.
Check that the Firmware version (MFP controller and its Checksum, BIOS and its checksum) in-
dicated in the Service Manual matches the values shown in the Firmware Version screen.
If there is a mismatch in the Firmware version number, explain to the Administrator of the machine
that upgrade of the MFP controller Firmware is necessary and perform the Firmware upgrade.
Explain to the Administrator of the machine that upgrade of the BIOS Firmware is necessary and
perform the Firmware upgrade.
Set CE Authentication to [ON] and set the CE Password.
Check that CS Remote Care is set to RAM Clear Set, Management Function Choice to Unset,
HDD to Installed, and operation Ban release time to 5 min. or more.
3.After this machine is installed, refer to this User’s Guide and perform the following steps.
Check that the Administrator Password has been set by the Administrator of the machine.
Check that data has been backed up by the Administrator of the machine using the HDD Backup
Utility if necessary.
Check that Release Time Settings has been set to 5 min. or more by the Administrator of the ma-
chine.
Check that the HDD Lock Password , has been set by the Administrator of the machine.
Check that the Flash Memory Lock Password has been set by the Administrator of the machine.
Check that User Authentication has been set to [ON (MFP)] or [ON (External Server)] (Active Di-
rectory only) by the Administrator of the machine.
Check that the self-signed certificate for SSL communications has been registered by the Admin-
istrator of the machine.
Check that data has been restored by the Administrator of the machine using the HDD Backup
Utility if necessary.
Let the Administrator of the machine set Enhanced Security Mode to [ON].
The languages, in which the contents of the User’s Guide Security Operations have been evalu-
ated, are Japanese and English.
Explain the way how to get the manual in the language, in which it is evaluated.
Explain to the administrator that the settings for the security functions for this machine have been
specified.
When the above steps have been properly carried out, the Service Engineer should make a copy of this page
and give the original of this page to the Administrator of the machine. The copy should be kept at the
corresponding Service Representative for filing.
Product NameCompany NameUser Division NamePerson in charge
Customer
Service Representative-
501/421/3611-3
Security
1.2Security Functions
Setting the Enhanced Security Mode to [ON] will validate the security function of this machine. For details of
the settings of different security functions to be changed by turning [ON] the Enhanced Security Mode, see
"Enhancing the Security Function" on page 2-9.
Setting the Enhanced Security Mode to [ON] will enhance the authentication function. Access control is then
provided through password authentication for any access to the Administrator Settings, User Authentication
mode, Account Track mode, User Box, a User Box data file, a Secure Print Document file and WebDAV Server. Access is thereby granted only to the authenticated user.
A password that can be set must meet the requirements of the Password Rules. The machine does not accept setting of an easily decipherable password. For details of the Password Rules, see "Password Rules"
on page 1-9.
If a wrong password is entered, during password authentication, a predetermined number of times (once to
three times) set by the Administrator of the machine or more, the machine determines that it is unauthorized
access through Prohibited Functions When Authentication Error, prohibiting any further entry of the password. By prohibiting the password entry operation, the machine prevents unauthorized use or removal of data, thereby ensuring secured used of the machine.
To cancel the password entry operation prohibited condition, the Administrator must perform the Release
Setting. When the Administrator performs the Release Setting for the operation prohibited condition, a sound
operation control in utmost security is achieved under the control of the Administrator.
Setting the HDD Lock Password provides the following security function. That is, even if the HDD is illegally
replaced with another, the HDD authentication function prohibits access to the HDD, when the HDD Lock
Password is yet to be set or there is a mismatch in the passwords. In addition, should the HDD be removed
unawares, the HDD Lock Password locks the HDD protecting data contained in the HDD. Setting the Flash
Memory Lock Password provides the following security function. That is, even if the flash memory is illegally
replaced with another, the flash memory authentication function prohibits access to the flash memory when
the Flash Memory Lock Password is not set or there is a mismatch in the passwords. In addition, should the
flash memory be removed unawares, the Flash Memory Lock Password locks the flash memory protecting
data contained in the flash memory. Furthermore, by mounting the optional Security Kit SC-505 and setting
the Image Data Encryption Passphrase, the image data stored in the HDD is encrypted, thereby protecting
the image data in the HDD. Note, however, that the HDD Lock Password, Flash Memory Lock Password, and
Image Data Encryption Passphrase cannot prevent the HDD and flash memory from being physically removed.
When the machine is to be discarded, or use of a leased machine is terminated at the end of the leasing contract, the Overwrite All Data function overwrites and erases all data stored in all spaces of the HDD. The function also resets all passwords saved in the NVRAM and flash memory to factory settings, preventing leak of
data. For details of items to be cleared by Overwrite All Data function, see "Types of Data Cleared by
Overwrite All Data Function" on page 1-11.
1
1.2.1Check Count Clear Conditions
The following are the conditions for clearing or resetting the check count of the number of wrong entries at
the time of authentication by the Enhanced Security Mode.
<Administrator Settings>
-Authentication of Administrator Settings is successful.
<User Authentication Mode>
-User Authentication mode is successful.
-Release of Prohibited Functions When Authentication Error is executed.
<Account Track Mode>
-Account Track mode is successful.
-Release of Prohibited Functions When Authentication Error is executed.
<Secure Print Document>
-Authentication of Secure Print Document is successful.
-Release of Prohibited Functions When Authentication Error is executed.
<Box>
-Authentication of User Box is successful.
-Authentication for execution of change of User Box Name and User Box Password is successful.
-Release of Prohibited Functions When Authentication Error is executed.
501/421/3611-4
Security
1
<WebDAV authentication>
-Authentication of WebDAV is successful.
-Release of Prohibited Functions When Authentication Error is executed.
<SNMP Password (auth-Password, priv-Password)>
-Authentication of SNMP is successful.
-Release of Prohibited Functions When Authentication Error is executed.
501/421/3611-5
Security
1.3Data to be Protected
The underlying concept of this machine toward security is "to protect data that can be disclosed against the
intention of users."
The following types of image files that have been stored in the machine and made available for use by its
users are protected while the machine is being used.
-Image files stored as ID & Print Document when print data is to be registered using the ID & Print Setting
function
-Image files stored by Secure Print
-Image files stored in Personal User Box, Public User Box and Group User Box
The following types of data stored in the HDD are protected when use of a leased machine is terminated at
the end of the leasing contract, the machine is to be discarded, or when the HDD is stolen.
-Image files stored as ID & Print Document when print data is to be registered using the ID & Print Setting
function
-Image files stored by Secure Print
-Image files stored in Personal User Box, Public User Box and Group User Box
-Image files of a job in the queue
-Image files other than Secure Print file and User Box file
-Data files left in the data space used as image files
-Temporary data files generated during print image file processing
-Destination recipient data (e-mail address, telephone number)
This machine offers specific functions as data protection methods: the SSL function that ensures confidentiality of images transmitted and received over the network and the S/MIME function that is used for encrypting image files.
When transmitting and receiving highly confidential image data among different pieces of IT equipment within
an office LAN, the machine carries out communications with the correct destination via encrypted and reliable
paths, assuming an office environment that responds to most stringent security requirements.
1
501/421/3611-6
Security
1.4Precautions for Operation Control
This machine and the data handled by this machine should be used in an office environment that meets the
following conditions.
Roles and Requirements of the Administrator
The Administrator should take full responsibility for controlling the machine, thereby ensuring that no improper operations are performed.
<To Achieve Effective Security>
-A person who is capable of taking full responsibility for controlling the machine should be appointed as
the Administrator to make sure that no improper operations are performed.
-When using an SMTP server (mail server) or an DNS server, each server should be appropriately man-
aged by the Administrator and should be periodically checked to confirm that settings have not been
changed without permission.
Password Usage Requirements
The Administrator must control the Administrator Password, HDD Lock Password, Image Data Encryption
Passphrase, Flash Memory Lock Password, auth-Password , priv-Password and WebDAV Server Password
appropriately so that they may not be leaked. These passwords should not be ones that can be easily
guessed. The user, on the other hand, should control the User Box Password, Secure Print Password, and
User Password appropriately so that they may not be leaked. Again, these passwords should not be ones
that can be easily guessed. For the Public User Box shared among a number of users, the User Box Password should be appropriately controlled so that it may not be leaked to anyone who is not the user of the
Public User Box.
<To Achieve Effective Security>
-Make absolutely sure that only the Administrator knows the Administrator Password, HDD Lock Pass-
word, Image Data Encryption Passphrase, Flash Memory Lock Password, auth-Password, priv-Password and WebDAV Server Password.
-The Administrator must change the Administrator Password, HDD Lock Password, Image Data Encryp-
tion Passphrase, Flash Memory Lock Password, auth-Password, priv-Password and WebDAV Server
Password at regular intervals.
-The Administrator should make sure that any number that can easily be guessed from birthdays,
employee identification numbers, and the like is not set for the Administrator Password, Account
Password, HDD Lock Password, Image Data Encryption Passphrase, Flash Memory Lock Password,
auth-Password, priv-Password and WebDAV Server Password. For WebDAV Server Password in
particular, do not set any number that consists of 7 digits or less.
-If a User Password or User Box Password has been changed, the Administrator should have the
corresponding user change the password as soon as possible.
-The Administrator should change the Account Password set for each account at regular intervals and,
should one be changed, he or she should immediately inform users who implement Account Track of
the new Account Password.
-If the Administrator Password has been changed by the Service Engineer, the Administrator should
change the Administrator Password as soon as possible.
-The Administrator should have users ensure that the User Authentication, Secure Print Document, and
User Box are known only by the user concerned.
-The Administrator should have users who implement Account Authentication ensure that the Account
Password set for the account is known by the users implementing Account Authentication only.
-The Administrator should make sure that only the users who share a Public User Box and Group User
Box know the password set for it.
-The Administrator should have users change the passwords set for the User Authentication and User
Box at regular intervals.
-The Administrator should make sure that any user does not set any number that can easily be guessed
from birthdays, employee identification numbers, and the like for the passwords set for the User Authentication, Secure Print Document, and User Box.
1
501/421/3611-7
Security
1
Network Connection Requirements for the Machine
Packets being transmitted over the LAN installed in the office, in which the machine is installed, should be
protected from unauthorized manipulation. If the LAN is to be connected to an outside network, no unauthorized attempt to establish connection from the external network should be permitted.
<To Achieve Effective Security>
-If the LAN, in which the machine is installed, is connected to an outside network, install a firewall or
similar network device to block any access to the machine from the outside network and make the necessary settings.
-Configure the LAN installed in the office, in which the machine is installed, by using a switching hub and
other devices to ensure that the packets are protected from unauthorized manipulation.
-Provide an appropriate network control at all times to make sure that no other copying machine is con-
nected without prior notice to the office LAN to which this machine is connected.
User information control server control requirements
The server administrator is required to apply patches and control accounts for the user information control
server connected to the LAN within the office, in which this machine is installed, to ensure operation control
that achieves appropriate access control.
Security function operation setting operating requirements
The Administrator should make sure of correct operation control so that the machine is used with the Enhanced Security Mode set to [ON].
Operation and control of the machine
The Administrator of the machine should perform the following operation control.
-The Administrator of the machine should log off from the Administrator Settings whenever the operation
in the Administrator Settings is completed. The Administrator of the machine should also make sure
that each individual user logs off from the User Authentication mode after the operation in the User Authentication mode is completed, including operation of the Secure Print Document file, User Box, and
User Box file.
-The Administrator of the machine should set the HDD Lock Password and Flash Memory Lock Pass-
word according to the environment in which this machine is used. If the optional Security Kit SC-505 is
mounted on the machine, the Administrator should also set the Image Data Encryption Passphrase.
Machine Maintenance Control
The Administrator of the machine should perform the following maintenance control activities.
-Provide adequate control over the machine to ensure that only the Service Engineer is able to perform
physical service operations on the machine.
-Provide adequate control over the machine to ensure that any physical service operations performed
on the machine by the Service Engineer are overseen by the Administrator of the machine.
501/421/3611-8
Security
1.5Miscellaneous
Password Rules
According to certain Password Rules, registration of a password consisting of a string of a single character
or change of a password to one consisting of a string of a single character is rejected for the User Password,
Administrator Password, Account Password, User Box Password, Secure Print Password, HDD Lock Password, Flash Memory Lock Password, and Image Data Encryption Passphrase. For the Administrator Password, HDD Lock Password, Flash Memory Lock Password, and Image Data Encryption Passphrase, the
same password as that currently set is not accepted.
Study the following table for more details of the number of digits and characters that can be used for each
password.
Types of passwordsNo. of digitsCharacters
Administrator Password8 digits•Numeric characters: 0 to 9
HDD Lock Password*20 digits•Numeric characters: 0 to 9
Flash Memory Lock Password
Image Data Encryption Passphrase
User Password8 digits or more•Numeric characters: 0 to 9
Note that use of the characters """, "+", and "space" may be partly limited.
Precautions for Use of Various Types of Applications
When PageScope Web Connection or an application of various other types is used, the password control
function of the application stores the password that has been entered in your PC. If you want the password
not stored, disable the password control function of the application.
When using the PageScope Web Connection or an application of various other types, use one that shows "*"
or "●" for the password entered.
Internet Explorer or other type of web browser, "SSL v3" or "TLS v1" should be used, not "SSL v2," for the
SSL setting.
Expanded functions, which can be used in association with applications by registering the optional License
Kit, are available, including collecting and controlling user and account information by means of the WebDAV
function. Use of these expanded functions is not covered by certification of ISO15408.
Encrypting communications
The following are the cryptographic algorithms of key exchange and communications encryption systems
supported in generation of encryption keys.
-TLS_RSA_WITH_RC4_128_MD5
-TLS_RSA_WITH_3DES_EDE_CBC_SHA
-TLS_RSA_WITH_AES_128_CBC_SHA
-TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
-TLS_DHE_RSA_WITH_AES_256_CBC_SHA
501/421/3611-9
Security
1
2
Note
No algorithms can be selected during generation of encryption keys. SSL v3 is automatically selected
for the SSL setting according to the application and browser. Do not therefore change the setting
manually to SSL v2.
Use the following browsers to ensure SSL encryption communication with appropriate strength. Use of any
of the following browsers achieves SSL encryption communication that ensures confidentiality of the image
data transmitted and received.
Windows 98, Me, NT4.0, 2000, XP, Server2003
-Recommended is Microsoft "Internet Explorer 6" or later.
If "Internet Explorer 5.x" is used, Microsoft XML parser "MSXML 3.x" or later must be installed.
-Recommended is Netscape Navigator 7.02 or later.
-Recommended is Mozilla Firefox 1.0 or later.
Macintosh MacOS 8.x, 9.x, MacOS X
-Recommended is Netscape Navigator 7.02 or later.
-Recommended is Mozilla Firefox 1.0 or later.
Linux
-Recommended is Netscape Navigator 7.02 or later.
-Recommended is Mozilla Firefox 1.0 or later.
SSL encryption communication with confidentiality properly maintained can be achieved in image data
transmitted and received in any of the following applications.
-PageScope Box Operator
-HDD TWAIN
-PageScope Direct Print
-HDD Backup Utility
!
Detail
SSL encryption communication is not applicable to transmission of Secure Print in PageScope Direct
Print.
IPP printing
IPP (Internet Printing Protocol) is a function that allows Secure Print Documents and image data stored in
boxes to be printed via the Internet by using the HTTP (HyperText Transfer Protocol) of the TCP/IP Protocol.
IPPS (IPP over SSL/TLS) is the type of IPP that performs the SSL encryption communication.
<IPP setting on Windows Vista>
Windows Vista, which offers enhanced security functions, gives a certificate error message if the SSL
certificate is one that is not issued by a certification body. In such cases, it becomes necessary to register
with Windows Vista the certificate of this machine as that issued by a reliable party for the computer account.
First, register Host Name and IP address of this machine in the DNS server in advance. Then, in TCP/IP
Settings of PageScope Web Connection, set the DNS Host Name and DNS Default Domain Name registered
with the DNS server.
It should also be noted that, for the certificate to be imported, a certificate for SSL encryption communication
should be registered in PageScope Web Connection and exported in advance as the certificate including the
public key.
1From "Continue to this website," call the PageScope Web Connection window to the screen.
2Click "Certificate Error" to display the certificate. Then, click "Install Certificate" to install the certificate.
3Display the physical stores. Then, deploy the certificate, which has earlier been exported, in "Local
Computer" of "Trusted Root Certification Authorities" to thereby import the certificate.
501/421/3611-10
Security
1
<IPPS printing settings in Windows Vista>
Through additional printer setting, type "https://Host Name.Domain Name/ipp."
For [Host Name] and [Domain Name], specify the names set with the DNS server.
<Installing printer driver>
To perform IPP printing, the printer driver must be installed. From "Add Printer Wizard," select "Connect to
a printer on the Internet or on your intranet" and type the URL of this machine in the following format in the
"URL" field.
http:// <IP address of this machine> /ipp
E.g.: If the machine IP address is 192.168.1.20
Type http://192.168.1.20/ipp
To set IPPS printing:
Type https:// <IP address of the machine> /ipp.
!
Detail
The printer, for which the settings have been made, can be used in the same manner as the ordinary
local printer.
Types of Data Cleared by Overwrite All Data Function
The Overwrite All Data function clears the following types of data.
Types of Data ClearedDescription
User registration dataDeletes all user-related data that has been registered
Box registration data/fileDeletes all User Box-related information and files saved in User Box
Secure Print ID/Password/fileDeletes all Secure Print Document-related information and files
Image files•Image files saved other than Secure Print Document files, ID &
Destination recipient data filesDeletes all destination recipient data including e-mail addresses and
HDD Lock PasswordClears the currently set password
Flash Memory Lock PasswordClears the currently set password
Image Data Encryption PassphraseClears the currently set Image Data Encryption Passphrase
Administrator PasswordClears the currently set password, resetting it to the factory setting
SNMP PasswordClears the currently set password, resetting it to the factory setting
WebDAV Server PasswordClears the currently set password, resetting it to the factory setting
Account registration dataDeletes all account track-related data that has been registered
S/MIME certificate dataDeletes the currently set S/MIME certificate
SSL certificateDeletes the currently set SSL certificate
Network SettingClears the currently set network settings (DNS Server setting, IP Ad-
Deletes all data saved in the ID & Print User Box
saved
Print files and User Box files
•Image files of jobs in job queue state
telephone numbers
(MAC address)
(sysadm)
dress setting, SMTP Server setting, NetWare Setting, NetBIOS setting and AppleTalk Printer Name setting), resetting it to the factory
setting
501/421/3611-11
2
Administrator Operations
Administrator Operations
2Administrator Operations
2.1Accessing the Administrator Settings
This machine implements authentication of the user of the Administrator Settings function through the 8-digit
Administrator Password that verifies the identity as the Administrator of the person who accesses the
function. During the authentication procedure, the Administrator Password entered for the authentication
purpose appears as "*" or "●" on the display.
Two different methods are available for accessing Administrator Settings. In Administrator Settings, the
settings for the machine system and network can be registered or changed. In User Mode, the same settings
as the user authority can be made. For box setting operations, however, the same functions can be set as
those of Administrator Settings. User Mode also allows jobs to be checked or deleted, which is not possible
in Administrator Settings.
When the Enhanced Security Mode is set to [ON], the number of times in which authentication fails is
counted.
2.1.1Accessing the Administrator Settings
The machine does not accept access to the Administrator Settings under any of the following conditions.
Wait for some while before attempting to gain access to the Administrator Settings again.
-The Administrator Settings has been logged on to through access made from the PC.
-A remote operation is being performed from an application on the PC.
-There is a job being executed by the machine.
-There is a reserved job (timer TX, fax redial waiting, etc.) in the machine.
-Immediately after the main power switch has been turned ON.
-A malfunction code is displayed on the machine.
2
2
Note
Make sure that none of the general users of the machine will know the Administrator Password.
If the Administrator Password is forgotten, it must be set again by the Service Engineer. Contact your
Service Representative.
Do not leave the machine with the setting screen of Administrator Settings left shown on the display. If
it is absolutely necessary to leave the machine, be sure first to log off from the Administrator Settings.
While you are logging onto the Admin Mode using PageScope Web Connection, any operations from
the machine’s control panel are disabled.
When accessing the Administrator Settings from the control panel, if you have already logged on to the
Administrator Settings using PageScope Web Connection, the machine displays a message that tells
not to turn off the power because of the remote operation being performed and rejects any operation
on the control panel. Wait until the message disappears before attempting to access the Administrator
Settings once again.
When accessing the Administrator Settings from the control panel, if [Export to the device] operation is
being executed using the Data Administrator, the machine displays a message that tells not to turn off
the power because of the remote operation being performed and rejects any operation on the control
panel. Wait until the message disappears before attempting to access the Administrator Settings once
again.
501/421/3612-2
Administrator Operations
<From the Control Panel>
1Press the [Utility/Counter] key.
2Touch [Administrator Settings].
Is it possible to gain access to the Administrator Settings while a job is being executed?
?
% The machine does not accept access to the Administrator Settings while a job is being executed.
Wait until the execution of the job is completed before attempting to access the Administrator Settings again.
2
3Enter the 8-digit Administrator Password from the keyboard and keypad.
–Press the [C] key to clear all characters.
–Touch [Delete] to delete the last character entered.
–Touch [Shift] to show the upper case/symbol screen.
–Touch [Cancel] to go back to the screen shown in step 2.
501/421/3612-3
Administrator Operations
4Touch [OK].
What happens if a wrong Administrator Password is entered?
?
% If a wrong Administrator Password is entered, a message appears saying that there is a mismatch
in the Administrator Passwords and entry of the Administrator Password will be prohibited for five
sec. Wait for some while before entering the correct Administrator Password.
% If the Enhanced Security Mode is set to [ON], entry of a wrong password is counted as unauthorized
access. If a wrong Administrator Password is entered a predetermined number of times (once to
three times) set by the Administrator of the machine or more, a message appears saying that the
machine accepts no more Administrator Passwords because of unauthorized access for any subsequent entry of the Administrator Password. The machine is then set into an access lock state. To
cancel the access lock state, settings must be made by the Service Engineer; or, turn off, and then
turn on, the main power switch of the machine. If the main power switch is turned off and on, the
access lock state is canceled after the lapse of time set for [Release Time Settings]. When the main
power switch is turned off, then on again, wait at least 10 seconds to turn it on after turning it off. If
there is no wait period between turning the main power switch off, then on again, the machine may
not function properly.
Here is the sequence, through which the main power switch and sub power switch are turned on
and off:
Turn off the sub power switch → Turn off the main power switch → Turn on the main power switch →
Turn on the sub power switch
5Press the [Utility/Counter] key to log off from the Administrator Settings.
2
501/421/3612-4
Administrator Operations
2.1.2Accessing the User Mode
2
Note
The Administrator must first make User Authentication settings before he or she can access User Mode.
For details of the User Authentication, see "Setting the Authentication Method" on page 2-19.
Make sure that none of the general users of the machine will know the Administrator Password.
If the Administrator Password is forgotten, it must be set again by the Service Engineer. Contact your
Service Representative.
Do not leave the machine with the User Mode setting screen left shown on the display. If it is absolutely
necessary to leave the machine, be sure first to log off from the User Mode.
<From the Control Panel>
1Touch [User Name].
2
2Type "admin" in User Name.
–Press the [C] key or touch [Undo] to clear the value entered last.
–Touch [Delete] to delete the last character entered.
–Touch [Shift] to show the upper case/symbol screen.
3Touch [OK].
501/421/3612-5
Administrator Operations
4Touch [Password].
5Enter the 8-digit Administrator Password from the keyboard and keypad.
2
–Press the [C] key to clear all characters.
–Touch [Delete] to delete the last character entered.
–Touch [Shift] to show the upper case/symbol screen.
–Touch [Cancel] to go back to the screen shown in step 4.
6Touch [OK].
7Press [Access] or touch [Login].
What happens if a wrong Administrator Password is entered?
?
% If a wrong Administrator Password has been entered, the machine gives a message that tells that
authentication has not been successful. Enter the correct Administrator Password.
% If the Enhanced Security Mode is set to [ON], entry of a wrong password is counted as unauthorized
access. If a wrong Administrator Password is entered a predetermined number of times (once to
three times) set by the Administrator of the machine or more, a message appears saying that the
machine accepts no more Administrator Passwords because of unauthorized access for any subsequent entry of the Administrator Password. The machine is then set into an access lock state. To
cancel the access lock state, settings must be made by the Service Engineer; or, turn off, and then
turn on, the main power switch of the machine. If the main power switch is turned off and on, the
access lock state is canceled after the lapse of time set for [Release Time Settings]. When the main
power switch is turned off, then on again, wait at least 10 seconds to turn it on after turning it off. If
there is no wait period between turning the main power switch off, then on again, the machine may
not function properly.
Here is the sequence, through which the main power switch and sub power switch are turned on
and off:
Turn off the sub power switch → Turn off the main power switch → Turn on the main power switch →
Turn on the sub power switch
8Press the [Access] key to log off from the User Mode.
501/421/3612-6
Administrator Operations
<From PageScope Web Connection>
1Start the Web browser.
2Enter the IP address of the machine in the address bar.
3Press the [Enter] key to start PageScope Web Connection.
4Click the Administrator radio button and [Login].
2
5Select "Administrator (Admin Mode)" or "Administrator (User Mode)" and enter the 8-digit Administrator
Password in the "Password" box.
–Administrator (Admin Mode) is a mode, in which settings of the machine can be registered or
changed. In this mode, system and network settings can be made.
–Administrator (User Mode) is a mode, in which the same settings as the user authority can be made.
For box setting operations, however, the same functions can be set as those of Admin Mode. User
Mode also allows jobs to be checked or deleted, which is not possible in Admin Mode.
What is the Administrator Password used for accessing the Admin Mode via the PageScope Web
?
Connection?
% When accessing the Admin Mode using the PageScope Web Connection, enter the same Adminis-
trator Password as that for the machine.
501/421/3612-7
Administrator Operations
6Click the [OK].
What happens if a wrong Administrator Password is entered?
?
% If a wrong Administrator Password has been entered, the machine gives a message that tells that
authentication has not been successful. In this case, click [OK] and enter the correct Administrator
Password in the "Password" box.
% If the Enhanced Security Mode is set to [ON], entry of a wrong password is counted as unauthorized
access. If a wrong Administrator Password is entered a predetermined number of times (once to
three times) set by the Administrator of the machine or more, a message appears saying that the
machine accepts no more Administrator Passwords because of unauthorized access for any subsequent entry of the Administrator Password. The machine is then set into an access lock state. To
cancel the access lock state, settings must be made by the Service Engineer; or, turn off, and then
turn on, the main power switch of the machine. If the main power switch is turned off and on, the
access lock state is canceled after the lapse of time set for [Release Time Settings]. When the main
power switch is turned off, then on again, wait at least 10 seconds to turn it on after turning it off. If
there is no wait period between turning the main power switch off, then on again, the machine may
not function properly.
Here is the sequence, through which the main power switch and sub power switch are turned on
and off:
Turn off the sub power switch → Turn off the main power switch → Turn on the main power switch →
Turn on the sub power switch
What if you fail to log on to the Admin Mode?
?
% If you have already logged on to the Admin Mode from the control panel or using PageScope Web
Connection, the machine displays a message that tells that another administrator has previously
logged on and rejects any attempt to log on to the Admin Mode using the PageScope Web
Connection. Click [OK] and wait for some while before attempting to access the Admin Mode once
again.
% If [Export to the device] operation is being executed using the Data Administrator, the machine
displays a message that tells you cannot log on to the mode because of the remote operation being
performed and rejects any attempts to the Admin Mode via the PageScope Web Connection. Click
[OK] and wait for some while before attempting to access the Admin Mode once again.
Is it possible to gain access to the Admin Mode while a job is being executed?
?
% If an attempt is made to log on to the Admin Mode while a job is being executed, the machine gives
a message that tells that it is now impossible to log on to the Admin Mode. Click [OK] and try logging
on to the Admin Mode after the execution of the job is completed.
2
7Click the [Logout].
8Click the [OK].
This allows you to log off from the Admin Mode.
2
Note
If you have logged on to the Admin Mode using the PageScope Web Connection and if you close the
web browser without clicking [Logout], the touch panel of the machine remains locked for 70 sec.
501/421/3612-8
Administrator Operations
2.2Enhancing the Security Function
When access to the Administrator of the machine by the Administrator Settings via the control panel is authenticated, the machine enables setting of the Enhanced Security Mode that allows settings for enhancing
each of different security functions to be converted all at once.
In the Enhanced Security Mode, the machine allows selection of whether to use the Enhanced Security Mode
or not. If the Enhanced Security Mode is set to [ON], a count is taken of the number of unauthorized accesses
to the Administrator Settings, User Authentication, Account Track, SNMP authentication, WebDAV authentication, all Secure Print Documents, and all User Boxes. A function is also set that determines whether each
password meets predetermined requirements. The security function is thus enhanced in the Enhanced Security Mode.
In advance, HD-509, provided as option, must be loaded and the following settings must first be made before
the Enhanced Security Mode is set to [ON].
2
Note
When a service engineer initializes network, make the settings of the network functions including SSL
certificate re-registration and set the Enhanced Security Mode to [ON] again.
Settings to be Made in AdvanceDescription
Administrator PasswordAn 8-digit password that meets the Password Rules.
User AuthenticationSet to either [ON (MFP)] or [ON (External Server)] (Active Directory).
HDD Lock PasswordSet the 20-digit HDD Lock Password.
Flash Memory Lock PasswordSet the 20-digit Flash Memory Lock Password.
Release Time SettingsSet the release time to 5 min. or more.
Certificate for SSLRegister the self-signed certificate for SSL communications.
Management Function ChoiceCalls for setting made by the Service Engineer. For details, ask your Service
CE Password
CE Authentication
CS Remote Care
HDD
Operation Ban Release Time
The factory setting is "12345678."
Representative.
2
Setting the Enhanced Security Mode to [ON] changes the setting values of the following functions.
Function NameFactory SettingWhen Enhanced Security Mode is set to [ON]
Password RulesInvalidEnable (not to be changed)
Prohibited Functions When
Authentication Error
Security Print AccessMode 1Mode 2 (not to be changed)
Public User AccessRestrictRestrict (not to be changed)
User ListOFFOFF (not to be changed)
Print Without AuthenticationRestrictRestrict (not to be changed)
User Box Admin. SettingRestrictRestrict (not to be changed)
SSLOFFON (not to be changed)
FTP ServerONOFF (not to be changed)
SNMPv1/v2cRead/Write enabledOnly Read is enabled (not to be changed)
Mode 1Mode 2 (not to be changed) : Three times is set.
* The number of times can be changed to once, twice, or
three times (twice, four times, or six times for the WebDAV
Server Password).
* In association with Prohibit Functions When Authentication Error the method is changed from authentication using
Secure Print ID and password (Mode 1) to that using the
password with the secure document first narrowed down
by Secure Print ID (Mode 2).
501/421/3612-9
Administrator Operations
Function NameFactory SettingWhen Enhanced Security Mode is set to [ON]
SNMP v3 Security Level and
auth/priv-password
Print Data CaptureAllowRestrict (not to be changed)
Network Setting ClearEnabledRestrict
Administrator Password
Change Via Network
Release Time settings5 min.The setting value should be 5 min. or more (no value less
Change by the user of destination data previously registered (Address Book and
Program)
System auto reset1 min.1 to 9 min
2
Reminder
When Password Rules is set to [ON], the characters and the number of digits used for each password
are restricted. For details of the Password Rules, see "Password Rules" on page 1-9.
2
auth/priv-passwordThe security level can be selected from among [auth-pass-
word] and [auth/priv-password].
An 8-digit-or-more auth-password and priv-password can
both be set.
EnabledRestrict (not to be changed)
than 5 can be set)
AllowRestrict (not to be changed)
Changing in to [ NO use] is not allowed
2.2.1Items cleared by HDD Format
Following are the items that are cleared by HDD Format.
Whenever HDD Format is executed, be sure to set the Enhanced Security Mode to [ON] again.
Types of Data ClearedDescription
Enhanced Security ModeSet to [OFF]
User AuthenticationSet to [OFF]
Account Track AuthenticationSet to [OFF]
Public User AccessSet to [Restrict]
User ListSet to [OFF]
Print Without AuthenticationSet to [Restrict]
User registration dataDeletes all user-related data that has been registered
Account Track registration
data
Box registration data/fileDeletes all User Box-related information and files saved in User Box
Secure Print ID/Password/fileDeletes all Secure Print Document-related information and files saved
Destination recipient data
files
Deletes all account track-related data that has been registered
Deletes all data saved in the ID & Print User Box
Deletes all destination recipient data including e-mail addresses and telephone numbers
501/421/3612-10
Administrator Operations
2.2.2Setting the Enhanced Security Mode
2
Note
When the main power switch is turned off, then on again, wait at least 10 seconds to turn it on after
turning it off. if there is no wait period between turning the main power switch off, then on again, the
machine may not function properly.
Here is the sequence, through which the main power switch and sub power switch are turned on and
off:
Turn off the sub power switch → Turn off the main power switch → Turn on the main power switch → Turn
on the sub power switch
Do not leave the machine with the setting screen of Administrator Settings left shown on the display. If
it is absolutely necessary to leave the machine, be sure first to log off from the Administrator Settings.
<Setting can be made only from the control panel>
0For the procedure to call the Administrator Settings to the display, see "Accessing the Administrator
Settings" on page 2-2.
1Call the Administrator Settings to the screen from the control panel.
2Touch [Security Settings].
2
3Touch [Enhanced Security Mode].
501/421/3612-11
Administrator Operations
4Select [ON] to enable the Enhanced Security Mode and touch [OK].
–The following screen appears if the previously required settings are yet to be made by the
Administrator of the machine. Make the necessary settings according to the corresponding set
procedure.
2
–The following screen appears if the previously required settings are yet to be made by the Service
Engineer. Consult the Service Representative.
What is the factory setting for the Enhanced Security Mode?
?
% The Enhanced Security Mode is factory-set to [OFF]. Be sure to turn [ON] the Enhanced Security
Mode so as to enable the security function of the machine.
5Touch [OK].
501/421/3612-12
Administrator Operations
6Make sure that a message appears prompting you to turn OFF and then ON the main power switch.
Now, turn OFF and then turn ON the main power switch.
If the Enhanced Security Mode is properly set to [ON], the following icon appears at the center of the
User Authentication screen, indicating that the machine is in the Enhanced Security Mode.Icon doesn't
appear when debug function with serial port is ON at Service mode. If Icon is not displayed, contact to
a service counter.
2
501/421/3612-13
Loading...
+ 187 hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.