Konica Minolta bizhub C364 User Manual

Name: Konica Minolta bizhub C364
Brand: Konica Minolta
SKU: 1581354
Rating: 4 (1 reviews)

4 (1)

User’s Guide

Security Operations

2013. 4 Ver. 1.03

1	Security
	1.1	Introduction .....................................................................................................................................	1-2
		Compliance with the ISO15408 Standard .........................................................................................	1-2
		Operating Precautions .......................................................................................................................	1-2
		INSTALLATION CHECKLIST..............................................................................................................	1-3
	1.2	Security Functions ..........................................................................................................................	1-4
		Check Count Clear Conditions ..........................................................................................................	1-4
	1.3	Data to be Protected ......................................................................................................................	1-5
	1.4	Precautions for Operation Control ................................................................................................	1-6
		Roles and Requirements of the Administrator...................................................................................	1-6
		Password Usage Requirements ........................................................................................................	1-6
		Network Connection Requirements for the Machine.........................................................................	1-7
		User information control server control requirements .......................................................................	1-7
		Security function operation setting operating requirements..............................................................	1-7
		Operation and control of the machine ...............................................................................................	1-7
		Machine Maintenance Control...........................................................................................................	1-8
	1.5	Miscellaneous..................................................................................................................................	1-9
		Password Rules .................................................................................................................................	1-9
		Precautions for Use of Various Types of Applications.......................................................................	1-9
		Encrypting communications ............................................................................................................	1-10
		IPP printing ......................................................................................................................................	1-11
		Items of Data Cleared by Overwrite All Data Function ....................................................................	1-12
		Fax functions....................................................................................................................................	1-12
		Bluetooth communication................................................................................................................	1-12

2	Administrator Operations
	2.1	Accessing the Administrator Settings ..........................................................................................	2-2
	2.1.1	Accessing the Administrator Settings................................................................................................	2-2
	2.1.2	Accessing the User Mode..................................................................................................................	2-4
	2.2	Enhancing the Security Function...................................................................................................	2-8
	2.2.1	Items cleared by HDD Format .........................................................................................................	2-10
	2.2.2	Setting the Password Rules.............................................................................................................	2-11
	2.2.3	Setting the Enhanced Security Mode ..............................................................................................	2-13
	2.3	Preventing Unauthorized Access ................................................................................................	2-16
		Setting Prohibited Functions When Authentication Error ................................................................	2-16
	2.4	Canceling the Operation Prohibited State..................................................................................	2-18
		Performing Release Setting .............................................................................................................	2-18
	2.5	Setting the Authentication Method .............................................................................................	2-20
	2.5.1	Setting the Authentication Method ..................................................................................................	2-20
	2.5.2	Setting the External Server ..............................................................................................................	2-23
	2.6	ID & Print Setting Function...........................................................................................................	2-26
		Setting ID & Print..............................................................................................................................	2-26
	2.7	System Auto Reset Function .......................................................................................................	2-28
		Setting the System Auto Reset function..........................................................................................	2-28
	2.8	User Setting Function...................................................................................................................	2-30
		Making user setting..........................................................................................................................	2-30
	2.9	Account Track Setting Function..................................................................................................	2-36
		Making account setting....................................................................................................................	2-36
	2.10	User Box Function ........................................................................................................................	2-41
	2.10.1	Setting the User Box........................................................................................................................	2-41
	2.10.2	Changing the user/account attributes and box password ..............................................................	2-47
	2.11	Changing the Administrator Password.......................................................................................	2-52
		Changing the Administrator Password ............................................................................................	2-52

bizhub C554/C454/C364/C284/C224

Contents-1



2.12	..........................................................................................................Protecting Data in the HDD	2-55
2.12.1	Setting the Encryption Key (encryption word) .................................................................................	2-55
2.12.2	Changing the Encryption Key ..........................................................................................................	2-59
2.12.3	Setting the Overwrite HDD Data ......................................................................................................	2-61

	2.13	Overwrite All Data Function .........................................................................................................	2-63
		Setting the Overwrite All Data function............................................................................................	2-63
	2.14	Obtaining Job Log.........................................................................................................................	2-65
	2.14.1	Obtaining and deleting a Job Log....................................................................................................	2-65
	2.14.2	Downloading the Job Log data........................................................................................................	2-67
		Job Log data....................................................................................................................................	2-69
	2.15	Setting time/date in machine.......................................................................................................	2-73
	2.15.1	Setting time/date..............................................................................................................................	2-73
	2.15.2	Setting daylight saving time.............................................................................................................	2-76
	2.16	SSL Setting Function ....................................................................................................................	2-78
	2.16.1	Device Certificate Setting ................................................................................................................	2-78
	2.16.2	SSL Setting ......................................................................................................................................	2-80
	2.16.3	Removing a Certificate.....................................................................................................................	2-81
	2.17	S/MIME Communication Setting Function .................................................................................	2-82
	2.17.1	Setting the S/MIME Communication ...............................................................................................	2-82
	2.17.2	Registering the certificate ................................................................................................................	2-85
	2.18	SNMP Setting Function ................................................................................................................	2-87
	2.18.1	Changing the auth-password and priv-password ...........................................................................	2-87
	2.18.2	SNMP access authentication function.............................................................................................	2-93
	2.18.3	SNMP v3 setting function ................................................................................................................	2-93
	2.18.4	SNMP network setting function .......................................................................................................	2-94
	2.19	PC-Fax RX Setting Function ........................................................................................................	2-95
		PC-Fax RX Setting ...........................................................................................................................	2-95
	2.20	TSI User Box Setting Function.....................................................................................................	2-98
		TSI User Box Setting........................................................................................................................	2-98
	2.21	TCP/IP Setting Function.............................................................................................................	2-102
	2.21.1	Setting the IP Address ...................................................................................................................	2-102
	2.21.2	Registering the DNS Server ...........................................................................................................	2-103
	2.22	NetWare Setting Function ..........................................................................................................	2-104
		Making the NetWare Setting..........................................................................................................	2-104
	2.23	SMB Setting Function.................................................................................................................	2-105
		Setting the NetBIOS Name ............................................................................................................	2-105
	2.24	AppleTalk Setting Function........................................................................................................	2-106
		Making the AppleTalk Setting ........................................................................................................	2-106
	2.25	E-Mail Setting Function ..............................................................................................................	2-107
		Setting the SMTP Server (E-Mail Server) .......................................................................................	2-107
3	User Operations
	3.1	User Authentication Function ........................................................................................................	3-2
	3.1.1	Performing user authentication..........................................................................................................	3-2
	3.1.2	Accessing the ID & Print Document...................................................................................................	3-8
	3.2	Change Password Function.........................................................................................................	3-10
		Performing Change Password .........................................................................................................	3-10
	3.3	Secure Print Function ...................................................................................................................	3-13
		Accessing the Secure Print Document ............................................................................................	3-13
	3.4	User Box Function ........................................................................................................................	3-17
	3.4.1	Setting the User Box........................................................................................................................	3-17
	3.4.2	Changing the user/account attributes and box password ..............................................................	3-23
	3.4.3	Accessing the User Box and User Box file ......................................................................................	3-30
	3.4.4	Sending S/MIME box files................................................................................................................	3-34

bizhub C554/C454/C364/C284/C224

Contents-2



4	Application Software
	4.1	PageScope Data Administrator .....................................................................................................	4-2
	4.1.1	Accessing from PageScope Data Administrator ...............................................................................	4-2
	4.1.2	Setting the user authentication method.............................................................................................	4-5
	4.1.3	Changing the authentication mode....................................................................................................	4-7
	4.1.4	Making the user settings..................................................................................................................	4-10
	4.1.5	Making the account settings............................................................................................................	4-11
	4.1.6	Registering the certificate ................................................................................................................	4-12
	4.1.7	SNMP Setting Function ...................................................................................................................	4-14
	4.1.8	DNS Server Setting Function ...........................................................................................................	4-16
	4.1.9	NetWare Setting Function................................................................................................................	4-17
	4.1.10	SMB Setting Function......................................................................................................................	4-18
	4.1.11	AppleTalk Setting Function..............................................................................................................	4-19
	4.1.12	E-Mail Setting Function....................................................................................................................	4-20
	4.2	PageScope Box Operator.............................................................................................................	4-21
	4.2.1	Accessing the User Box...................................................................................................................	4-21
	4.2.2	Creating a User Box.........................................................................................................................	4-23
	4.2.3	Changing the User Box properties (user attributes, account attributes) .........................................	4-24
	4.2.4	Accessing the User Box file .............................................................................................................	4-26
	4.3	HDD TWAIN driver.........................................................................................................................	4-27
		Accessing from the HDD TWAIN driver ...........................................................................................	4-27
	4.4	PageScope Direct Print ................................................................................................................	4-29
		Printing through PageScope Direct Print.........................................................................................	4-29
	4.5	HDD Backup Utility .......................................................................................................................	4-31
	4.5.1	Backup.............................................................................................................................................	4-31
	4.5.2	Restore.............................................................................................................................................	4-34

bizhub C554/C454/C364/C284/C224

Contents-3

Security

1.1

Introduction

1 Security

1.1Introduction

Thank you for purchasing our product.

This User's Guide contains the operating procedures and precautions to be used when using the security functions offered by the bizhub C554/C454/C364/C284/C224 machine. To ensure the best possible performance and effective use of the machine, read this manual thoroughly before using the security functions. The administrator of the machine should keep this manual for ready reference. The manual should be of great help in finding solutions to operating problems and questions.

This User's Guide (Ver. 1.03) describes bizhub C554/bizhub C454/bizhub C364/bizhub C284/bizhub C224/bizhub C7828/bizhub C7822/ineo+ 554/ineo+ 454/ineo+ 364/ineo+ 284/ineo+ 224/D410/D411/D412/ D415/D416/D417/D710/D711/D715/D716 Multi Function Peripheral Control Software (MFP Controller: A2XK0Y0-0100-G00-56).

Compliance with the ISO15408 Standard

When the Enhanced Security Mode on this machine is set to [ON], more enhanced security functions are available.

The security functions offered by the bizhub C554/C454/C364/C284/C224 machine comply with ISO/IEC15408 (level: EAL3).

Operating Precautions

The machine gives an alarm message or an alarm sound (peep) when a wrong operation is performed or a wrong entry is made during operation of the machine. (No "peep" alarm sound is issued if a specific sound setting in Sound Setting of Accessibility Setting is set to [OFF].) If the alarm message or alarm sound is given, perform the correct operation or make the correct entry according to the instructions given by the message or other means.

The administrator of the machine should exit from the current mode to return to the basic screen whenever the access to that mode is completed or if he or she leaves the machine with the mode screen left displayed.

The administrator of the machine should make sure that each individual general user exits from the current mode to return to the basic screen whenever the access to that mode is completed or if the user leaves the machine with the mode screen left displayed.

If an error message appears during operation of the machine, perform steps as instructed by the message. For details of the error messages, refer to the User’s Guide furnished with the machine. If the error cannot be remedied, contact your service representative.

The PageScope Web Connection functions can be used only if the setting is made to accept "Cookie."

bizhub C554/C454/C364/C284/C224

1-2

1.1	Introduction	1

INSTALLATION CHECKLIST

This Installation Checklist contains items that are to be check by the Service Engineer installing this machine. The Service Engineer should check the following items, then explain each checked item to the administrator of the machine.

To Service Engineer

Make sure that each of these items is properly carried out by checking the box on the right of each item.

1. Perform the following steps before installing this machine.	Com-
	pleted

Check with the administrator to determine if the security functions of this machine should
be enhanced. If the functions should be enhanced, check the following.
If the security functions are not to be enhanced, quit the operation without checking the

following.

I swear that I would never disclose information as it relates to the settings of this machine
to anybody, or perform malicious or intentional act during setup and service procedures for

the machine.

When giving the User’s Guide Security Operations to the administrator of the machine,
check that the User’s Guide is the security-compatible version and explain to the adminis-

trator that it is security-compatible.

2.After this machine is installed, refer to the Service Manual and perform the following steps.

Check that the Firmware version (MFP Controller, CheckSum) indicated in the Service Manual matches the values shown in the Firmware Version screen.

If there is a mismatch in the Firmware version number, explain to the administrator of the machine that upgrading of the Firmware is necessary and perform upgrading of the Firmware.

Set CE Authentication to [ON] and set the CE Password.

Make the service settings necessary for the Enhanced Security Mode.

Check that the SSD mounted on the machine is the type for the exclusive use for this machine.

Check that the Fax Kit has been mounted and set up properly, if fax functions are to be used.

3.After this machine is installed, refer to this User’s Guide and perform the following steps.

Check that the Administrator Password has been set by the administrator of the machine.

Check that data has been backed up by the administrator of the machine using the HDD

Backup Utility if necessary.

Check that the Encryption Key has been set by the administrator of the machine.

Check that the Overwrite HDD Data has been set by the administrator of the machine.

Check that User Authentication has been set to [ON (MFP)] or [External Server Authentication] (Active Directory only) by the administrator of the machine.

Check that the self-signed certificate for SSL communications has been registered by the administrator of the machine.

Check that data has been restored by the administrator of the machine using the HDD

Backup Utility if necessary.

Check that the Job Log Settings (Audit Log) has been set by the administrator of the machine.

Check that the date and time have been correctly set in the machine by the administrator of the machine.

Let the administrator of the machine set Enhanced Security Mode to [ON].

The languages, in which the contents of the User’s Guide Security Operations have been evaluated, are Japanese and English.

Explain the way how to get the manual in the language, in which it is evaluated.

Explain to the administrator that the settings for the security functions for this machine have been specified.

When the above steps have been properly carried out, the Service Engineer should make a copy of this page and give the original of this page to the administrator of the machine. The copy should be kept at the corresponding Service Representative for filing.

Product Name	Company Name	User Division Name	Person in charge

Customer (administrator of machine)

Service Representative		-

bizhub C554/C454/C364/C284/C224

1-3

1.2	Security Functions	1

1.2Security Functions

Setting the Enhanced Security Mode to [ON] will validate the security function of this machine. For details of the settings of different security functions to be changed by turning [ON] the Enhanced Security Mode, see page 2-8.

Setting the Enhanced Security Mode to [ON] will enhance the authentication function. Access control is then provided through password authentication for any access to the Administrator Settings, User Authentication mode, Account Track mode, User Box, a User Box data file, and a Secure Print document. Access is thereby granted only to the authenticated user.

A password that can be set must meet the Password Rules. The machine does not accept setting of an easily decipherable password. For details of the Password Rules, see page 1-9.

If a wrong password is entered, during password authentication, a predetermined number of times (once to three times) or more set by the administrator of the machine, the machine determines that it is unauthorized access through Prohibited Functions When Authentication Error, prohibiting any further entry of the password. By prohibiting the password entry operation, the machine prevents unauthorized use or removal of data, thereby ensuring secured used of the machine.

To cancel the password entry operation prohibited condition, the administrator must perform the Release Setting. When the administrator performs the Release Setting for the operation prohibited condition, a sound operation control in utmost security is achieved under the control of the administrator.

By setting the Encryption Key, the data stored in the HDD is encrypted, thereby protecting the data in the HDD. Note, however, that the Encryption Key does not prevent the HDD from being physically removed. Make sure of a good operation control.

When the machine is to be discarded or use of a leased machine is terminated at the end of the leasing contract, setting of the Overwrite HDD Data function while the machine was in use allows residual unnecessary data to be deleted, because the machine overwrites a specific overwrite value over the unnecessary data.

This prevents data leakage. (Passwords, addresses, and other data set while the machine was in use should, however, be deleted manually.) For details of the Overwrite HDD Data function, see page 2-61.

To delete data including the passwords, addresses, and other data all at once, the Overwrite All Data function overwrites and erases all data stored in all spaces of the HDD. The function also resets all passwords saved in the memory area on the MFP board and the SSD board to factory settings, preventing data from leaking. For details of the Overwrite All Data function, see page 2-63. For details of items to be cleared by Overwrite All Data function, see page 1-12.

Check Count Clear Conditions

The following are the conditions for clearing or resetting the check count of the number of wrong entries at the time of authentication by the Enhanced Security Mode.

-Authentication of Administrator Settings is successful.

-User Authentication mode is successful.

-Release of Prohibited Functions When Authentication Error is executed.

-Account Track mode is successful.

-Release of Prohibited Functions When Authentication Error is executed.

-Authentication of Secure Print is successful.

-Release of Prohibited Functions When Authentication Error is executed.

<Box>

-Authentication of User Box is successful.

-Authentication for execution of change of User Box Name and User Box Password is successful.

-Release of Prohibited Functions When Authentication Error is executed.

-Authentication of SNMP is successful.

-Release of Prohibited Functions When Authentication Error is executed.

bizhub C554/C454/C364/C284/C224

1-4

1.3	Data to be Protected	1

1.3Data to be Protected

The underlying concept of this machine toward security is "to protect data that can be disclosed against the intention of users."

The following types of image files that have been saved in the machine and made available for use by its users are protected while the machine is being used.

-Image files saved by Secure Print

-Image files saved as ID & Print document when print data is to be saved using the ID & Print Setting function

-Image files saved in Personal User Box, Public User Box and Group User Box

The following types of data saved in the HDD are protected when use of a leased machine is terminated at the end of the leasing contract, the machine is to be discarded, or when the HDD is stolen.

-Image files saved by Secure Print

-Image files saved as ID & Print document when print data is to be saved using the ID & Print Setting function

-Image files saved in Personal User Box, Public User Box and Group User Box

-Image files other than Secure Print document, ID & Print document and User Box file

-Data files left in the HDD data space, used as image files and not deleted through the general deletion operation

-Temporary data files generated during print image file processing

This machine offers specific functions as data protection methods: the SSL function that ensures confidentiality of images transmitted and received over the network and the S/MIME function that is used for encrypting image files.

When transmitting and receiving highly confidential image data among different pieces of IT equipment within an office LAN, the machine carries out communications with the correct destination via encrypted and reliable paths, assuming an office environment that responds to most stringent security requirements.

"Secure print" represents the settings for the secure print document in the printer driver interface.

bizhub C554/C454/C364/C284/C224

1-5

1.4	Precautions for Operation Control	1

1.4Precautions for Operation Control

This machine and the data handled by this machine should be used in an office environment that meets the following conditions. The machine must be controlled for its operation under the following conditions to protect the data that should be protected.

Roles and Requirements of the Administrator

The administrator should take full responsibility for controlling the machine, thereby ensuring that no improper operations are performed.

-A person who is capable of taking full responsibility for controlling the machine should be appointed as the administrator to make sure that no improper operations are performed.

-When using an SMTP server (mail server) or an DNS server, each server should be appropriately managed by the administrator and should be periodically checked to confirm that settings have not been changed without permission.

Password Usage Requirements

The administrator must control the Administrator Password, Encryption Key, auth-password, and priv-pass- word appropriately so that they may not be leaked. These passwords should not be ones that can be easily guessed. The user, on the other hand, should control the User Box Password, Secure Print Password, and User Password appropriately so that they may not be leaked. Again, these passwords should not be ones that can be easily guessed. For the Public User Box shared among a number of users, the User Box Password should be appropriately controlled so that it may not be leaked to anyone who is not the user of the Public User Box.

-Make absolutely sure that only the administrator knows the Administrator Password, Encryption Key, auth-password, and priv-password.

-The administrator must change the Administrator Password, Encryption Key, auth-password, and privpassword at regular intervals.

-The administrator should make sure that any number that can easily be guessed from birthdays, employee identification numbers, and the like is not set for the Administrator Password, Account Password, Encryption Key, auth-password, and priv-password.

-If a User Password or User Box Password has been changed, the administrator should have the corresponding user change the password as soon as possible.

-The administrator should change the Account Password set for each account at regular intervals and, should one be changed, he or she should immediately inform users who implement Account Track of the new Account Password.

-If the Administrator Password has been changed by the Service Engineer, the administrator should change the Administrator Password as soon as possible.

-The administrator should have users ensure that the passwords set for the User Authentication, Secure Print, and User Box are known only by the user concerned.

-The administrator should have users who implement Account Authentication ensure that the Account Password set for the account is known by the users implementing Account Authentication only.

-The administrator should make sure that only the users who share a Public User Box and Group User Box know the password set for it.

-The administrator should have users change the passwords set for the User Authentication and User Box at regular intervals.

-The administrator should make sure that any user does not set any number that can easily be guessed from birthdays, employee identification numbers, and the like for the passwords set for the User Authentication, Secure Print, and User Box.

bizhub C554/C454/C364/C284/C224

1-6

1.4	Precautions for Operation Control	1

Network Connection Requirements for the Machine

Packets being transmitted over the LAN installed in the office, in which the machine is installed, should be protected from unauthorized manipulation. If the LAN is to be connected to an outside network, no unauthorized attempt to establish connection from the external network should be permitted.

-If the LAN, in which the machine is installed, is connected to an outside network, install a firewall or similar network device to block any access to the machine from the outside network and make the necessary settings.

-Configure the LAN installed in the office, in which the machine is installed, by using a switching hub and other devices to ensure that the packets are protected from unauthorized manipulation.

-Provide an appropriate network control at all times to make sure that packets are protected from unauthorized manipulation and no other copying machine is connected without prior notice to the office LAN to which this machine is connected.

User information control server control requirements

The server administrator is required to apply patches and control accounts for the user information control server connected to the LAN within the office, in which this machine is installed, to ensure operation control that achieves appropriate access control.

Security function operation setting operating requirements

The administrator of the machine should observe the following operating conditions.

-The administrator should make sure that the machine is operated with the settings described in the installation checklist made properly in advance.

-The administrator should make sure of correct operation control so that the machine is used with the Enhanced Security Mode set to [ON].

-When the Enhanced Security Mode is turned [OFF], the administrator is to make various settings according to the installation checklist and then set the Enhanced Security Mode to [ON] again. For details of settings made by the service engineer, contact your service representative.

-When the machine is to be discarded or use of a leased machine is terminated at the end of the leasing contract, the administrator should use the Overwrite HDD Data function and the Overwrite All Data function to thereby prevent data to be protected from leaking.

Operation and control of the machine

The administrator of the machine should perform the following operation control.

-The administrator of the machine should log off from the Administrator Settings whenever the operation in the Administrator Settings is completed. The administrator of the machine should also make sure that each individual user logs off from the User Authentication mode after the operation in the User Authentication mode is completed, including operation of the Secure Print document, User Box, and User Box file.

-The administrator of the machine should set the Encryption Key according to the environment, in which this machine is used.

-The administrator of the machine should appropriately control the device certificate (SSL certificate) registered in the machine.

-The administrator of the machine should appropriately control the file of Job Log (Audit Log) data downloaded to, for example, a PC and ensure that none other than the administrator handles it.

-The administrator of the machine should check the Job Log (Audit Log) data at appropriate timing, thereby determining whether a security compromise or a faulty condition has occurred during an operating period.

-When generating or deleting Job Log (Audit Log) and Job Log (Audit Log) data, the administrator of the machine should check conditions of using this machine by the user.

bizhub C554/C454/C364/C284/C224

1-7

1.4	Precautions for Operation Control	1

Machine Maintenance Control

The administrator of the machine should perform the following maintenance control activities.

-Provide adequate control over the machine to ensure that only the Service Engineer is able to perform physical service operations on the machine.

-Provide adequate control over the machine to ensure that any physical service operations performed on the machine by the Service Engineer are overseen by the administrator of the machine.

-Some options require that Enhanced Security Mode be turned [OFF] before they can be used on the machine. If you are not sure whether a particular option to be additionally purchased is fully operational with the Enhanced Security Mode turned [ON], contact your Service Representative.

bizhub C554/C454/C364/C284/C224

1-8

1.5	Miscellaneous	1

1.5Miscellaneous

Password Rules

According to certain Password Rules, registration of a password consisting of a string of a single character or change of a password to one consisting of a string of a single character is rejected for the Administrator Password, User Password, Account Password, User Box Password, Secure Print Password, SNMP Password, and Encryption Key. For the Administrator Password, User Password, Account Password, User Box Password, SNMP Password, and Encryption Key, the same password as that currently set is not accepted.

Study the following table for details of the number and types of characters that can be used for each password. For details of the settings of the Password Rules, see page 2-11.

Types of passwords		Number of	Types of characters
		characters
Administrator Password		8 to 64	• Numeric characters: 0 to 9
		characters*	• Alpha characters: upper and lower case letters
User Password		characters*	• Alpha characters: upper and lower case letters
User Password			• Symbols: !, #, $, %, &, ', (, ), *, ,, -, ., /, :, ;, <, =, >,

Account Password			?, @, [, \, ], ^, _, `, {, \|, }, ~, +
			• Special characters (68 characters)
Public User Box Password			• Special characters (68 characters)
Public User Box Password			Selectable from among a total of 161 characters

Secure Print Password		8 to 64	• Numeric characters: 0 to 9
		characters*	• Alpha characters: upper and lower case letters
			• Symbols: !, #, $, %, &, ', (, ), *, ,, -, ., /, :, ;, <, =, >,
			?, @, [, \, ], ^, _, `, {, \|, }, ~, +
			Selectable from among a total of 93 characters

SNMP Password		8 to 32	• Numeric characters: 0 to 9
•	auth-password	characters*	• Alpha characters: upper and lower case letters
•	priv-password		• Symbols: !, $, %, &, (, ), *, ,, -, ., /, :, ;, <, =, >, ?, @,
			[, ], ^, _, `, {, \|, }, ~, +
			Selectable from among a total of 90 characters

Encryption Key		20 characters	• Numeric characters: 0 to 9
			• Alpha characters: upper and lower case letters
			• Symbols: !, #, $, %, &, ', *, +, -, ., /, =, ?, @, ^, _, `,
			{, \|, }, ~
			Selectable from among a total of 83 characters

*: The minimum number of characters set in [Set Minimum Password Length] must be set for the password. The default value is 12.

Precautions for Use of Umlaut

-Setting or entering an umlaut from the control panel may be disabled depending on the setting made in this machine, but not on the client PC side including PageScope Web Connection. If an umlaut is set in a password on the PC side, therefore, the umlaut cannot be entered from the control panel, which means that this particular password is not usable.

Precautions for Use of Various Types of Applications

Comply with the following requirements when using the PageScope Web Connection or an application of various other types

-The password control function of each application stores the password that has been entered in the PC being used. If you want the password not stored, disable the password control function of the application.

Use a web browser or an application of various other types that shows "*" or "-" for the password entered.

-Internet Explorer or other type of web browser, "SSL v3" or "TLS v1" should be used, not "SSL v2," for the SSL setting.

-Set the web browser so that cache files are not saved.

-Expanded functions, which can be used in association with applications by registering the optional License Kit, are available, including collecting and controlling user and account information by means of the WebDAV function. Use of these expanded functions is not covered by certification of ISO15408.

-Optional applications not described in this User’s Guide are not covered by certification of ISO15408.

bizhub C554/C454/C364/C284/C224

1-9

1.5	Miscellaneous	1

Encrypting communications

The following are the cryptographic algorithms of key exchange and communications encryption systems supported in generation of encryption keys.

-TLS_RSA_WITH_3DES_EDE_CBC_SHA

-TLS_RSA_WITH_AES_128_CBC_SHA

-TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA

-TLS_DHE_RSA_WITH_AES_256_CBC_SHA

NOTICE

No algorithms can be selected during generation of encryption keys. SSL v3 is automatically selected for the SSL setting according to the application and browser. Do not therefore change the setting manually to SSL v2. An increased risk results of data to be protected being tampered with or leaked.

The administrator of the machine should make sure that SSL encryption communication is not performed with the SSL set in SSL v2.

Do not use an SSL certificate that is electronically signed by MD5, as an increased risk results of data to be protected being tampered with or leaked.

Use the following browsers to ensure SSL encryption communication with appropriate strength. Use of any of the following browsers achieves SSL encryption communication that ensures confidentiality of the image data transmitted and received.

Windows XP/Vista/7/Server 2003/Server 2008/Server 2008 R2

-Recommended is Microsoft "Internet Explorer 6" or later.

-Recommended is Mozilla Firefox 3.5 or later.

Macintosh MacOS 9.x, MacOS X

-Recommended is Mozilla Firefox 3.5 or later.

Linux

-Recommended is Mozilla Firefox 3.5 or later.

SSL encryption communication with confidentiality properly maintained can be achieved in image data transmitted and received in any of the following applications.

-PageScope Box Operator

-HDD TWAIN

-PageScope Direct Print

-HDD Backup Utility

NOTICE

SSL encryption communication is not applicable to transmission of Secure Print in PageScope Direct Print.

bizhub C554/C454/C364/C284/C224

1-10

1.5	Miscellaneous	1

IPP printing

IPP (Internet Printing Protocol) is a function that allows Secure Print documents and image data stored in boxes to be printed via the Internet by using the HTTP (HyperText Transfer Protocol) of the TCP/IP Protocol. IPPS (IPP over SSL/TLS) is the type of IPP that performs the SSL encryption communication.

To perform IPP printing, the printer driver must be installed. From "Add Printer Wizard," select "Connect to a printer on the Internet or on a home or office network" and type the URL of this machine in the following format in the "URL" field. The printer, for which the settings have been made, can be used in the same manner as the ordinary local printer.

http:// <IP address of this machine> /ipp

E.g.: If the machine IP address is 192.168.1.20

Type http://192.168.1.20/ipp

To set IPPS printing:

Type https:// <IP address of the machine> /ipp.

Windows Vista/7/Server 2008/Server 2008 R2, which offers enhanced security functions, gives a certificate error message if the SSL certificate is one that is not issued by a certification body. In such cases, it becomes necessary to register with Windows Vista/7/Server 2008/Server 2008 R2 the certificate of this machine as that issued by a reliable party for the computer account.

First, register Host Name and IP address of this machine in the DNS server in advance. Then, in TCP/IP Settings of PageScope Web Connection, set the DNS Host Name and DNS Default Domain Name registered with the DNS server.

It should also be noted that, for the certificate to be imported, a certificate for SSL encryption communication should be registered in PageScope Web Connection and exported in advance as the certificate including the public key.

From "Continue to this website," call the PageScope Web Connection window to the screen.

Click "Certificate Error" to display the certificate. Then, click "Install Certificate" to install the certificate.

3 Display the physical stores. Then, deploy the certificate, which has earlier been exported, in "Local Computer" of "Trusted Root Certification Authorities" to thereby import the certificate.

Through additional printer setting, type "https://Host Name.Domain Name/ipp." For [Host Name] and [Domain Name], specify the names set with the DNS server.

bizhub C554/C454/C364/C284/C224

1-11

1.5	Miscellaneous	1

Items of Data Cleared by Overwrite All Data Function

The Overwrite All Data function clears the following items of data.

Items of Data Cleared	Description
Password Rules	Sets [Invalid] and disables [Set Minimum Password Length]

User registration data	Deletes all user-related data that has been registered

Account registration data	Deletes all account track-related data that has been registered

Box registration data/file	Deletes all User Box-related information and files saved in User Box

Secure Print ID/Password/	Deletes all Secure Print document-related information and files saved
document

ID & Print document	Deletes all ID & Print documents saved in ID & Print User Box

Image files	• Image files other than Secure Print documents, ID & Print docu-
	ments, and User Box files
	• Data files left in the HDD data space, used as image files and not
	deleted through the general deletion operation
	• Temporary data files generated during print image file processing

Destination recipient data files	Deletes all destination recipient data including e-mail addresses and
	telephone numbers

Encryption Key	Clears the currently set Encryption Key

Administrator Password	Clears the currently set password, resetting it to the factory setting
	(1234567812345678)

SNMP Password	Clears the currently set password, resetting it to the factory setting
	(MAC address)

S/MIME certificate	Deletes the currently set S/MIME certificate

Device certificate	Deletes the currently set Device certificate (SSL certificate)
(SSL certificate)

Network Setting	Clears the currently set network settings (DNS Server setting, IP Ad-
	dress setting, SMTP Server setting, NetWare Setting, NetBIOS setting
	and AppleTalk Printer Name setting), resetting it to the factory setting

Daylight Saving Time	Set to [No]

Time Adjustment Setting (NTP)	Set to [OFF]

Time/date data	Varies corrected data, if the time-of-day data is corrected due to, for
	example, the daylight saving time

Fax functions

An optional Fax Kit is required for using fax functions. Contact your Service Representative.

Bluetooth communication

An optional Local Interface Kit is required for Bluetooth communication. Contact your Service Representative.

bizhub C554/C454/C364/C284/C224

1-12

2 Administrator Operations

2.1

Accessing the Administrator Settings

2 Administrator Operations

2.1Accessing the Administrator Settings

In Administrator Settings, the settings for the machine system and network can be registered or changed.

This machine implements authentication of the user of the Administrator Settings function through the Administrator Password that verifies the identity as the administrator of the person who accesses the function. During the authentication procedure, the Administrator Password entered for the authentication purpose appears as "*" or "-" on the display.

When the Enhanced Security Mode is set to [ON], the number of times in which authentication fails is counted.

NOTICE

Make sure that none of the general users of the machine will know the Administrator Password.

If the Administrator Password is forgotten, it must be set again by the Service Engineer. Contact your Service Representative.

2.1.1Accessing the Administrator Settings

The machine does not accept access to the Administrator Settings under any of the following conditions. Wait for some while before attempting to gain access to the Administrator Settings again.

-The Administrator Settings has been logged on to through access made from the PC.

-A remote operation is being performed from an application on the PC.

-There is a job being executed by the machine.

-There is a reserved job (timer TX, fax redial waiting, etc.) in the machine.

-Immediately after the main power switch has been turned ON.

-A malfunction code is displayed on the machine.

0When accessing the Administrator Settings from the control panel, if you have already logged on to the Administrator Settings using PageScope Web Connection, the machine displays a message that tells not to turn off the power because of the remote operation being performed and rejects any operation on the control panel. Wait until the message disappears before attempting to access the Administrator Settings once again.

0When accessing the Administrator Settings from the control panel, if [Export to the device] operation is being executed using the PageScope Data Administrator, the machine displays a message that tells not to turn off the power because of the remote operation being performed and rejects any operation on the control panel. Wait until the message disappears before attempting to access the Administrator Settings once again.

0Do not leave the machine with the setting screen of Administrator Settings left shown on the display. If it is absolutely necessary to leave the machine, be sure first to log off from the Administrator Settings.

1Press the [Menu] key, and touch [Utility].

2Touch [Administrator Settings].

bizhub C554/C454/C364/C284/C224

2-2

2.1	Accessing the Administrator Settings	2

Enter the Administrator Password from the keyboard or keypad.

%Press the [C] key to clear all characters.

%Touch [Delete] to delete the last character entered.

%Touch [Shift] to show the upper case/symbol screen.

%Touch [Cancel] to go back to the previous screen.

Touch [OK].

%If a wrong Administrator Password is entered, a message that tells that the Administrator Password does not match appears. Enter the correct Administrator Password.

%If the Enhanced Security Mode is set to [ON], entry of a wrong password is counted as unauthorized access. If a wrong Administrator Password is entered a predetermined number of times (once to three times) or more set by the administrator of the machine, a message appears saying that the machine accepts no more Administrator Passwords because of unauthorized access for any subsequent entry of the Administrator Password. The machine is then set into an access lock state. To cancel the access lock state, settings must be made by the Service Engineer; or, turn off, and then turn on, the main power switch of the machine. If the main power switch is turned off and on, the access lock state is canceled after the lapse of time set for [Release Time Settings]. When the main power switch is turned off, then on again, wait at least 10 seconds to turn it on after turning it off. If there is no wait period between turning the main power switch off, then on again, the machine may not function properly.

Here is the sequence, through which the main power switch and sub power key are turned on and off:

Turn off the sub power key ö Turn off the main power switch ö Turn on the main power switch ö Turn on the sub power key

Press the [Reset] key to log off from the Administrator Settings.

bizhub C554/C454/C364/C284/C224

2-3

2.1	Accessing the Administrator Settings	2

2.1.2Accessing the User Mode

You can log on to the User Mode as an administrator. In the User Mode, you can check or delete a job, which is disabled in Administrator Settings.

Reference

- The authority relating to box settings is the same as that of Administrator Settings.

0The administrator must first make User Authentication settings before he or she can access User Mode. For details of the User Authentication, see page 2-20.

0Do not leave the machine with the User Mode setting screen left shown on the display. If it is absolutely necessary to leave the machine, be sure first to log off from the User Mode.

1Touch the keyboard icon in the [User Name] field.

2 Enter "admin" in [User Name]. Enter the password set for this machine in [Password].

%Press the [C] key or touch [C] to clear all characters.

%Touch [Delete] to delete the last character entered.

%Touch [Shift] to show the upper case/symbol screen.

%Touch [Cancel] to go back to the previous screen.

3 Touch [OK].

bizhub C554/C454/C364/C284/C224

2-4

2.1	Accessing the Administrator Settings	2

Press the [Access] key or touch [Login].

%If a wrong Administrator Password is entered, a message that tells that the authentication has failed appears. Enter the correct Administrator Password.

Here is the sequence, through which the main power switch and sub power key are turned on and off:

Turn off the sub power key ö Turn off the main power switch ö Turn on the main power switch ö Turn on the sub power key

Press the [Access] key or touch [Close] to log off from the User Mode.

bizhub C554/C454/C364/C284/C224

2-5

2.1	Accessing the Administrator Settings	2

0While you are logging onto the Admin Mode using PageScope Web Connection, any operations from the machine's control panel are disabled.

0If you have already logged on to the Admin Mode from the control panel or using PageScope Web Connection, the machine displays a message that tells that another administrator has previously logged on and rejects any attempt to log on to the Admin Mode using the PageScope Web Connection. Click [OK] and wait for some while before attempting to access the Admin Mode once again.

0If [Export to the device] operation is being executed using the PageScope Data Administrator, the machine displays a message that tells you cannot log on to the mode because of the remote operation being performed and rejects any attempts to the Admin Mode via the PageScope Web Connection. Click [OK] and wait for some while before attempting to access the Admin Mode once again.

0If an attempt is made to log on to the Admin Mode while a job is being executed, the machine gives a message that tells that it is now impossible to log on to the Admin Mode. Click [OK] and try logging on to the Admin Mode after the execution of the job is completed.

0Do not leave the machine with the Admin Mode setting screen left shown on the display. If it is absolutely necessary to leave the machine, be sure first to log off from the Admin Mode.

0If you have logged on to the Admin Mode using the PageScope Web Connection and if you close the web browser without clicking [Logout], the touch panel of the machine remains locked for 70 sec.

0Different initial screens appear after you have logged on to the Admin Mode depending on the Customize setting. The descriptions herein given are concerned with the display screen set in [Meter Counter] of Maintenance.

1Start the Web browser.

2Enter the IP address of the machine in the address bar.

3Press the [Enter] key to start PageScope Web Connection.

4Click the Administrator radio button and [Login].

bizhub C554/C454/C364/C284/C224

2-6

2.1	Accessing the Administrator Settings	2

5 Select "Administrator (Admin Mode)" or "Administrator (User Mode)" and enter the Administrator Password in the "Password" box.

%If "Administrator (Admin Mode)" is selected, the settings for the machine system and network can be registered or changed.

%If "Administrator (User Mode)" is selected, you can log on to the User Mode as an Administrator. In the User Mode, you can check or delete a job, which is disabled in Administrator Settings. Note, however, that the authority relating to box settings is the same as that of Administrator Settings.

%When accessing the Admin Mode using the PageScope Web Connection, enter the same Administrator Password as that for the machine.

6 Click [OK].

%If a wrong Administrator Password is entered, a message that tells that the authentication has failed appears. Enter the correct Administrator Password.

Here is the sequence, through which the main power switch and sub power key are turned on and off:

Turn off the sub power key ö Turn off the main power switch ö Turn on the main power switch ö Turn on the sub power key

Click [Logout].

Click [OK].

This allows you to log off from the Admin Mode.

bizhub C554/C454/C364/C284/C224

2-7

2.2	Enhancing the Security Function	2

2.2Enhancing the Security Function

When access to the machine by the administrator of the machine through the Administrator Settings from the control panel is authenticated, the machine enables setting of the Enhanced Security Mode that allows settings for enhancing each of different security functions to be converted all at once.

In the Enhanced Security Mode, the machine allows selection of whether to use the Enhanced Security Mode or not. If the Enhanced Security Mode is set to [ON], a count is taken of the number of unauthorized accesses to the Administrator Settings, User Authentication, Account Track, SNMP authentication, all Secure Print, and all User Boxes. A function is also set that determines whether each password meets predetermined requirements. The security function is thus enhanced in the Enhanced Security Mode.

The following settings must first be made before the Enhanced Security Mode is set to [ON].

NOTICE

First, set the Encryption Key. To set the Encryption Key, HDD Format must first be executed. Execution of the HDD Format clears various setting values. For details of items that are cleared by HDD Format, see page 2-10.

If initialization is executed by the Service Engineer, the Password Rules are set to [Invalid] and the Administrator Password is reset to the factory setting (1234567812345678). To set the Administrator Password and turn [ON] the Enhanced Security Mode again.

Settings to be Made in Advance	Description
Administrator Password	Meet the Password Rules.
	The factory setting is "1234567812345678."

User Authentication	Check that [Authenticate] (the server type is Active Directory only
	for External Server Authentication) is set.

Encryption Key	Set the Encryption Key.

Certificate for SSL	Register the self-signed certificate for SSL communications.

Service settings	Calls for setting made by the Service Engineer. For details, contact
	your Service Representative.

Setting the Enhanced Security Mode to [ON] changes the setting values of the following functions.

NOTICE

If an attempt is made to change a setting that has been changed as a result of setting the Enhanced Security Mode to [ON], a screen may appear indicating that the Enhanced Security Mode is to be canceled. Note that executing this screen will cancel the Enhanced Security Mode.

The description "not to be changed" given in parentheses in the table below indicates that the specific setting cannot be changed with the Enhanced Security Mode set to [ON].

Function Name	Factory Setting	When Enhanced Security Mode is set to [ON]
Password Rules	Invalid	Enable (not to be changed)
		* If [Enable] is set for Password Rules, the types and
		number of characters to be used for each password are
		limited.
		For details of the Password Rules, see page 1-9.

Prohibited Functions	Mode 1	Mode 2 (not to be changed): Three times is set.
When Authentication Er-		* The number of times can be changed to once, twice,
ror		or three times.

Release Time settings	5 min.	The setting value should be 5 min. or more (no value less
		than 5 can be set)

Confidential Document	Mode 1	Mode 2 (not to be changed)
Access Method		* In association with Prohibit Functions When Authenti-
		cation Error the method is changed from authentication
		using Secure Print ID and password (Mode 1) to that us-
		ing the password with the Secure Print document first
		narrowed down by Secure Print ID (Mode 2).

Secure Print User Box	Thumbnail View,	Only Detail View is enabled before password authenti-
Preview	Detail View, and	cation (Mode 2)
	Document De-
	tails are enabled

Public User Access	Restrict	Restrict (not to be changed)

bizhub C554/C454/C364/C284/C224

2-8

2.2	Enhancing the Security Function				2


		Function Name	Factory Setting	When Enhanced Security Mode is set to [ON]
		User Name List	OFF	OFF (not to be changed)

		Print Without Authentica-	Restrict	Restrict (not to be changed)
		tion

		User Box Admin. Setting	Restrict	Restrict (not to be changed)

		Mode using SSL/TLS	None	Admin. Mode and User Mode (not to be changed)

		SSL Encryption Strength	AES-256,	AES/3DES (not to be changed to one containing
			3DES-168,	strength lower than AES/3DES)
			RC4-128,
			DES-56,
			RC4-40

		Automatically Obtain	No	No (not to be changed)
		Certificates of S/MIME

		S/MIME Encryption	3DES	3DES (not to be changed to DES or RC-2)
		Method

		FTP Server	ON	OFF (not to be changed)

		SNMPv1/v2c Settings	Read setting:	Read setting: Enable, Write setting: Invalid
			Enable	(not to be changed)
			Write setting:
			Enable

		SNMP v3 Settings Secu-	auth-password/	The security level can be selected from among [auth-
		rity Level and auth-pass-	priv-password	password] and [auth-password/priv-password].
		word/priv-password		Auth-password and priv-password can both be set.

		Print Data Capture	Allow	Restrict (not to be changed)

		Network Setting Clear	Enabled	Restrict
		(Pagescope Web Con-
		nection)

		Registering and Chang-	Allow	Restrict (not to be changed)
		ing Address by the user
		(Address Book and Pro-
		gram)

		Initialize (Network Set-	Enabled	Restrict (not to be changed)
		tings)

		Image Log Transfer Set-	OFF	OFF (not to be changed)
		tings

		CS Remote Care	Usable	Remote device setting disabled

		Counter Remote Control	Restrict	Restrict (not to be changed)

		Remote Panel Settings	OFF	OFF (not to be changed)
		(Server Settings/Client
		Settings)

		Print Simple Auth.	Restrict	Restrict (not to be changed)
		(Authentication Setting)

		External Application	Yes	No (not to be changed)
		Connection

bizhub C554/C454/C364/C284/C224

2-9

2.2	Enhancing the Security Function	2

2.2.1Items cleared by HDD Format

Following are the items that are cleared by HDD Format.

Whenever HDD Format is executed, be sure to set the Enhanced Security Mode to [ON] again.

Items of Data Cleared	Description
Enhanced Security Mode	Set to [OFF]

Device certificate	Deletes the device certificate (SSL certificate) registered in the machine.
(SSL certificate)

User Authentication	Set to [OFF]

Account Track Authentica-	Set to [OFF]
tion

Public User Access	Set to [Restrict]

User Name List	Set to [OFF]

Print Simple Auth.	Set to [Restrict]

Print Without Authentica-	Set to [Restrict]
tion

User registration data	Deletes all user-related data that has been registered

Account Track registration	Deletes all account track-related data that has been registered
data

Box registration data/file	Deletes all User Box-related information and files saved in User Box

Secure Print ID/Pass-	Deletes all Secure Print document-related information and files saved
word/document

Destination recipient data	Deletes all destination recipient data including e-mail addresses and tele-
files	phone numbers

bizhub C554/C454/C364/C284/C224

2-10

2.2	Enhancing the Security Function	2

2.2.2Setting the Password Rules

0 For the procedure to call the Administrator Settings on the display, see page 2-2.

NOTICE

Before enabling the Password Rules, change the currently set password so as to meet the Password Rules. For details of the Password Rules, see page 1-9.

Call the Administrator Settings on the display from the control panel.

Touch [Security Settings].

3 Touch [Security Details].

4 Touch [Password Rules].

bizhub C554/C454/C364/C284/C224

2-11

2.2	Enhancing the Security Function	2

5 Select [Enable] and set [Set Minimum Password Length] (8 to 64 characters).

%The following screen appears if the previously required settings are yet to be made by the Service Engineer. Contact your Service Representative.

6 Touch [OK].

bizhub C554/C454/C364/C284/C224

2-12

2.2	Enhancing the Security Function	2

2.2.3Setting the Enhanced Security Mode

0 For the procedure to call the Administrator Settings on the display, see page 2-2.

0The Enhanced Security Mode is factory-set to [OFF]. Be sure to turn [ON] the Enhanced Security Mode so as to enable the security function of the machine.

1Call the Administrator Settings on the display from the control panel.

2Touch [Security Settings].

3 Touch [Enhanced Security Mode].

4 Select [ON] to enable the Enhanced Security Mode and touch [OK].

bizhub C554/C454/C364/C284/C224

2-13

2.2	Enhancing the Security Function	2

%The following screen appears if the previously required settings are yet to be made by the administrator of the machine. Make the necessary settings according to the corresponding set procedure.

%The following screen appears if the previously required settings are yet to be made by the Service Engineer. Contact your Service Representative.

5 Any external applications registered using OpenAPI will be deleted when the Enhanced Security Mode is set to [ON]. A confirmation message appears. Select [Yes] and touch [OK].

6 Make sure that a message appears prompting you to turn OFF and then ON the main power switch. Now, turn OFF and then turn ON the main power switch.

bizhub C554/C454/C364/C284/C224

2-14

+ 165 hidden pages