Upload
gerald-aguero-porras
View
228
Download
0
Embed Size (px)
Citation preview
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 1/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
1 / 112
bizhubbizhubbizhubbizhub 652 652 652 652 / bizhub/ bizhub/ bizhub/ bizhub 602 602 602 602 / bizhub/ bizhub/ bizhub/ bizhub 552 552 552 552 / bizhub/ bizhub/ bizhub/ bizhub 502 502 502 502 ////ineoineoineoineo 652 652 652 652 / ineo/ ineo/ ineo/ ineo 602 602 602 602 / ineo/ ineo/ ineo/ ineo 552 552 552 552 / ineo/ ineo/ ineo/ ineo 502 502 502 502
Control Control Control Control Software Software Software Software
A AA A2W 2W 2W 2WU0Y0 U0Y0 U0Y0 U0Y0- -- -0100 0100 0100 0100- -- -GM0 GM0 GM0 GM0- -- -00 00 00 00
Securit Securit Securit Securit !ar"et !ar"et !ar"et !ar"et
This document is a translation of the evaluated and certified security target
written in Japanese
4erion 10
)ue3 on March 17. 2011
Create3 b &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 2/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
2 / 112
8eiion itor9
:ate 4er :iiion A##roe3 Chec;e3 Create3 eiion
2010/7/0 100 'ffice Software
:eelo#<ent :i 1
irota Yo;obori Yohi3a )nitial 4erion
2010/11/= 101 'ffice Software
:eelo#<ent :i 1
irota !a3a Yohi3a :eal with t#o
2010/12/1 102 'ffice Software
:eelo#<ent :i 1
irota !a3a Yohi3a :eal with t#o
2011//17 10 'ffice Software
:eelo#<ent :i1
irota !a3a Yohi3a :eal with t#o
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 3/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
3 / 112
---- [ Contents ] ---------------------------------------------------------------------------------
1. ST Introduction ......................................................................................................................6
1.1. ST Reference................................................................................................................................... 6
1.2. TOE Reference................................................................................................................................ 6
1.3. TOE Overview ................................................................................................................................. 6 1.3.1. TOE Type.................................................... ............................................................ .......................................... 6
1.3.2. Usage of TOE and Main Security Functions................................................. .................................................... 6
1.4. TOE Description .............................................................................................................................. 7
1.4.1. Roles of TOE Users ........................................................ ........................................................... ....................... 7
1.4.2. Physical Scope of TOE............ ........................................................... ........................................................... ... 8
1.4.3. Logical Scope of TOE.............. ........................................................... ........................................................... . 11
2. Conformance Claims ........................................................................................................... 18
2.1. CC Conformance Claim ................................................................................................................ 18
2.2. PP Claim........................................................................................................................................ 18
2.3. Package Claim .............................................................................................................................. 18
2.4. Reference ...................................................................................................................................... 18
3. Security Problem Definition ................................................................................................19
3.1. Protected Assets............................................................................................................................ 19
3.2. Assumptions .................................................................................................................................. 20
3.3. Threats........................................................................................................................................... 20
3.4. Organizational Security Policies.................................................................................................... 22
4. Security Objectives.............................................................................................................. 23
4.1. Security Objectives for the TOE.................................................................................................... 23
4.2. Security Objectives for the Operational Environment................................................................... 25 4.3. Security Objectives Rationale ....................................................................................................... 27
4.3.1. Necessity .................................................... ............................................................ ........................................ 27
4.3.2. Sufficiency of Assumptions ....................................................... ........................................................... ........... 28
4.3.3. Sufficiency of Threats ..................................................... ........................................................... ..................... 28
4.3.4. Sufficiency of Organizational Security Policies...................................................... ......................................... 32
5. Extended Components Definition....................................................................................... 33
5.1. Extended Function Component..................................................................................................... 33
5.1.1. FAD_RIP.1 Definition ...................................................... ........................................................... ..................... 33
5.1.2. FIT_CAP.1 Definition ...................................................... ........................................................... ..................... 34
6. IT Security Requirements....................................................................................................36 6.1. TOE Security Requirements.......................................................................................................... 36
6.1.1. TOE Security Functional Requirements.................................... ........................................................... ........... 36
6.1.2. TOE Security Assurance Requirements ....................................................... .................................................. 65
6.2. IT Security Requirements Rationale ............................................................................................. 66
6.2.1. Rationale for IT Security Functional Requirements .......................................................... .............................. 66
6.2.2. Rationale for IT Security Assurance Requirements .......................................................... .............................. 85
7. TOE Summary Specification ...............................................................................................86
7.1. F.ADMIN (Administrator Function) ................................................................................................ 86
7.1.1. Administrator Identification Authentication Function......................................................... .............................. 86
7.1.2. Auto Logoff Function of Administrator Mode............................. ........................................................... ........... 87 7.1.3. Function Supported in Administrator Mode................................................................................ ..................... 87
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 4/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
4 / 112
7.2. F.ADMIN-SNMP (SNMP Administrator Function) ......................................................................... 96
7.2.1. Identification and Authentication Function by SNMP Password .......................................................... ........... 96
7.2.2. Management Function using SNMP................................................... ........................................................... . 96
7.3. F.SERVICE (Service Mode Function) ........................................................................................... 97
7.3.1. Service Engineer Identification Authentication Function..................... ........................................................... . 97
7.3.2. Function Supported in Service Mode.............................. ........................................................... ..................... 98 7.4. F.USER (User Function)................................................................................................................ 99
7.4.1. User Authentication Function...................... ............................................................ ........................................ 99
7.4.2. Auto Logoff Function in User Identification and Authentication Domain ....................................................... 101
7.4.3. Modification Function of User Password ...................................................... ................................................ 101
7.5. F.BOX (User Box Function) ......................................................................................................... 102
7.5.1. Personal User Box Function ..................................................... ........................................................... ......... 102
7.5.2. Public User Box Function ......................................................... ........................................................... ......... 103
7.5.3. Group User Box Function ......................................................... ........................................................... ......... 105
7.6. F.PRINT (Secure Print Function, ID & Print Function)................................................................106
7.6.1. Secure Print Function ..................................................... ........................................................... ................... 106
7.6.2. ID & print Function .......................................................... ........................................................... ................... 107
7.7. F.OVERWRITE-ALL (All Area Overwrite Deletion Function) ...................................................... 107
7.8. F.CRYPT (Encryption Key Generation Function)........................................................................ 109
7.9. F.RESET (Authentication Failure Frequency Reset Function) ................................................... 109
7.10. F.TRUSTED-PASS (Trust Channel Function)........................................................................... 109
7.11. F.S/MIME (S/MIME Encryption Processing Function) .............................................................. 109
7.12. F.FAX-CONTROL (FAX Unit Control Function) .........................................................................110
7.13. F.SUPPORT-AUTH (External Server Authentication Operation Support Function)..................110
7.14. F.SUPPORT-CRYPTO (ASIC Support Function).......................................................................110 7.15. F.ADMIN-WebDAV (Administrator Function (Counter Management Function)) .......................111
7.15.1. Identification and Authentication Function by WebDAV Server Password ..................................................111
7.15.2. Management Function Utilizing WebDAV....................................................................................................111
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 5/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
5 / 112
---- [ List of Figures ] ---------------------------------------------------------------------------------Figure 1 An example of MFP’s use environments.............................................................................. 8
Figure 2 Hardware composition relevant to TOE ............................................................................... 9
---- [ List of Tables ] ---------------------------------------------------------------------------------Table 1 Conformity of security objectives to assumptions, threats, and organization security
policies ....................................................................................................................................... 27
Table 2 Cryptographic Key Generation: Relation of Standards-Algorithm-Key sizes ................... 37
Table 3 Cryptographic Operation: Relation of Algorithm-Key sizes-Cryptographic Operation ..... 37
Table 4 User Box Access Control: Operational List....................................................................... 38
Table 5 Secure Print File Access Control: Operational List........................................................... 38
Table 6 Setting Management Access Control: Operational List .................................................... 39
Table 7 ID & Print file Access Control: Operational List ................................................................ 39
Table 8 TOE Security Assurance Requirements .............................................................................. 65
Table 9 Conformity of IT Security Functional Requirements to Security Objectives ....................... 66
Table 10 Dependencies of IT Security Functional Requirements Components .............................. 80
Table 11 Names and Identifiers of TOE Security Function .............................................................. 86
Table 12 Characters and Number of Digits for Password .............................................................. 87
Table 13 Types and Methods of Overwrite Deletion of Overall Area ............................................. 108
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 6/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
6 / 112
1111 S! )ntro3uction
11111111 S! eference
- S! !itle bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 /
ineo 652 / ineo 602 / ineo 552 / ineo 502 Control Software
A2WU0Y0-0100-GM0-00 Securit !ar"et
- S! 4erion 10
- Create3 on March 17. 2011
- Create3 b &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C
,iichi Yohi3a
12121212 !', eference
- !', (a<e >a#anee (a<e
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 /
ineo 652 / ineo 602 / ineo 552 / ineo 502
?entai Sei"o Software
,n"lih (a<e
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 /
ineo 652 / ineo 602 / ineo 552 / ineo 502
Control Software
- !', 4erion A2WU0Y0-0100-GM0-00
- !', !#e Software
- Create3 b &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C
1111 !', 'eriew
!hi #ara"ra#h e@#lain the ua"e. <ain ecurit function. an3 o#erational eniron<ent of
!',
11111111 !', !#e
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502control oftware. which i the !',. i an e<be33e3 oftware #ro3uct intalle3 in the SS: on the
MB controller to control the o#eration of the whole MB
12121212 Ua"e of !', an3 Main Securit unction
bizhub 652. bizhub 602. bizhub 552. bizhub 502. ineo 652. ineo 602. ineo 552 an3 ineo 502 are
3i"ital <ulti-function #ro3uct #roi3e3 b &onica Minolta +uine !echnolo"ie. )nc.
co<#oe3 b electin" an3 co<binin" co#. #rint. can an3 A function $ereinafter all the
#ro3uct are referre3 to a DMBD% !', i the Econtrol oftware for bizhub 652 / bizhub 602 /
bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502D that control the entireo#eration of MB. inclu3in" the o#eration control #rocein" an3 the i<a"e 3ata <ana"e<ent
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 7/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
7 / 112
tri""ere3 b the #anel of the <ain bo3 of MB or throu"h the networ;
!', u##ort the #rotection fro< e@#oure of the hi"hl confi3ential 3ocu<ent tore3 in
MB Moreoer. for the 3an"er of ille"all brin"in" out ::. which tore i<a"e 3ata in MB.
!', can encr#t all the 3ata written in :: inclu3in" i<a"e 3ata uin" AS)C $A##lication
S#ecific )nte"rate3 Circuit% +ei3e. !', ha the function that 3elete all the 3ata of ::
co<#letel b 3eletion <etho3 co<#liant with ariou oerwrite 3eletion tan3ar3 at the ti<e
of aban3on<ent or the leae return an3 the function that control the acce fro< the #ublic
line a"aint the 3an"er uin" a@ function a a te##in"tone to acce internal networ; So it
contribute to the #reention of infor<ation lea;a"e of the or"anization that ue MB
1F1F1F1F !', :ecri#tion
1F11F11F11F1 ole of !', Uer
!he role of the #eronnel relate3 to the ue of MB with !', are 3efine3 a follow
Uer
An MB uer who i re"itere3 into MB $)n "eneral. the e<#loee in the office i au<e3%
A3<initrator
An MB uer who <ana"e the o#eration of MB Mana"e MB <echanical o#eration
an3 uer $)n "eneral. it i au<e3 that the #eron electe3 fro< the e<#loee in the office
#la thi role%
Serice en"ineer
A uer who <ana"e the <aintenance of MB Berfor< the re#air an3 a3Hut<ent of MB $)n
"eneral. the #eron-in-char"e of the ale co<#anie that #erfor< the <aintenance erice of
MB in coo#eration with &onica Minolta +uine !echnolo"ie. )nc i au<e3%
e#onible #eron of the or"anization that ue MB
A re#onible #eron of the or"anization that <ana"e the office where the MB i intalle3
Ai"n an a3<initrator who <ana"e the o#eration of MB
e#onible #eron of the or"anization that <ana"e the <aintenance of MB
A re#onible #eron of the or"anization that <ana"e the <aintenance of MB Ai"nerice en"ineer who <ana"e the <aintenance of MB
+ei3e thi. thou"h not a uer of !',. thoe who "o in an3 out the office are au<e3 a
acceible #eron to !',
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 8/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
8 / 112
1F21F21F21F2 Bhical Sco#e of !',
1F211F211F211F21 Ue ,niron<ent
i"ure 1 how a "eneral eniron<ent in which the ua"e of MB eIui##e3 with !', i
e@#ecte3 Moreoer. the <atter e@#ecte3 to occur in the ue eniron<ent are lite3 below
i"urei"urei"urei"ure 1111 An An An An eeee@a<#le@a<#le@a<#le@a<#le of of of of MBMBMBMB ue eniron<ent ue eniron<ent ue eniron<ent ue eniron<ent
An intra-office *A( e@it a a networ; in the office
MB i connecte3 to the client BC ia the intra-office *A(. an3 ha <utual 3ata
co<<unication
When a SM!B. !B. or Web:A4 erer i connecte3 to the intra-office *A(. MB can carr
out 3ata co<<unication with thee erer. too $!he :(S erice will be necear when
ettin" a 3o<ain na<e of the SM!B/!B/Web:A4 erer%
)t i alo au<e3 to unif <ana"e<ent of uer ):/#awor3 in a erer )n thi cae. !',
can control acce to the MB b uin" the uer re"itration infor<ation in the uer
infor<ation <ana"e<ent erer
When the intra-office *A( connect to an e@ternal networ;. <eaure uch a connectin" iaa firewall are ta;en. an3 an a##ro#riate etu# to bloc; acce reIuet to the MB fro< the
e@ternal networ; i a##lie3
!he intra-office *A( #roi3e a networ; eniron<ent that cannot be interce#te3 b office
o#eration inclu3in" uin" witchin" hub an3 intallin" wireta##in" 3etector
!he #ublic line connecte3 with MB i ue3 for co<<unication b a@ an3 the re<ote
3ia"notic function
)nternet
,@ternal (etwor;
'ffice
!', !', !', !', SM!B Serer !B Serer
Client BC
irewall Bublic line
:(S Serer MB
Uer )nfor<ationMana"e<entSerer
Web:A4 Serer
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 9/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
9 / 112
1F221F221F221F22 '#eration ,niron<ent
i"urei"urei"urei"ure 2222 ar3warear3warear3warear3ware co<#oitionco<#oitionco<#oitionco<#oition releant toreleant toreleant toreleant to !',!',!',!',
i"ure 2 how the tructure of the har3ware eniron<ent in MB that !', nee3 for the
o#eration !he MB controller i intalle3 in the <ain bo3 of MB. an3 !', e@it in SS: on
the MB controller. loa3e3 into the <ain <e<or
!he followin" e@#lain about the uniIue har3ware on the MB controller. the har3ware hain"
interface to the MB controller. an3 the connection uin" interface. hown in i"ure 2
SS:
A tora"e <e3iu< that tore the obHect co3e of the DMB Control Software.D which i the
!', A33itionall. tore the <ea"e 3ata e@#ree3 in each countrJ lan"ua"e to 3i#la
the re#one to acce throu"h the #anel an3 networ;
(4AM
A nonolatile <e<or !hi <e<or <e3iu< tore ariou ettin" that MB nee3 for
#rocein" of !',
AS)C
An inte"rate3 circuit for #ecific a##lication which i<#le<ent an :: encr#tion function
for enci#herin" the 3ata written in ::
::
A har3 3i; 3rie of 250G+ in ca#acit !hi i ue3 not onl for torin" i<a"e 3ata a file
but alo a an area to ae i<a"e 3ata an3 3etination 3ata te<#oraril 3urin" e@tenion
conerion an3 o on
Main/ub #ower u##lBower witche for actiatin" MB
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 10/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
10 / 112
Banel
An e@cluie control 3eice for the o#eration of MB. eIui##e3 with a touch #anel of a liIui3
crtal <onitor. ten-;e. tart ;e. to# ;e. creen witch ;e. etc
Scan unit/auto<atic 3ocu<ent fee3er
A 3eice that can i<a"e an3 #hoto fro< #a#er an3 conert the< into 3i"ital 3ata
Brinter unit
A 3eice to actuall #rint the i<a"e 3ata which were conerte3 for #rintin" when receie a
#rint reIuet fro< the MB controller
,thernet
Su##ort 10+AS,-!. 100+AS,-!. an3 Gi"abit ,thernet
US+
Co#in" i<a"e file to an e@ternal <e<or. co#in" or #rintin" i<a"e file fro< an e@ternal
<e<or. an3 u#3ate of !',. etc can be #erfor<e3 throu"h thi interface !hi i alo uable
a a connection interface of the o#tional #art !here i the 3eice interface ;it which i nee3
for co# or #rint fro< +luetooth 3eice an3 the US+ ;eboar31 to co<#le<ent ;e entr fro<
the #anel )nclu3in" an e@ternal <e<or. it i necear to be able to ue the<
S-22C
Serial connection uin" :-ub =-#in connector i uable !he <aintenance function i uable
throu"h thi interface in the cae of failure )t i alo #oible to ue the re<ote 3ia"notic
function $3ecribe3 later% b connectin" with the #ublic line ia a <o3e<
A unit $K o#tional #art%
A 3eice that ha a #ort of a@ #ublic line an3 i ue3 for co<<unication for A-3ata
tran<iion an3 re<ote 3ia"notic $3ecribe3 later% ia the #ublic line ) not #re-intalle3
in MB a a tan3ar3 function accor3in" to the circu<tance in ale. but ol3 a an o#tional
#art a@ unit i #urchae3 when the or"anization nee3 it. an3 the intallation i not
in3i#enable
1F21F21F21F2 Gui3ance
bizhub 602 / 502 Serice Manual Securit unction $>a#anee%
bizhub 652 / 602 / 552 / 502 S,4)C, MA(UA* S,CU)!Y U(C!)'(
ineo 652 / 602 / 552 / 502 S,4)C, MA(UA* S,CU)!Y U(C!)'(
bizhub 602 / 502 UerJ Gui3e Securit unction $>a#anee%
bizhub 652 / 602 / 552 / 502 UerJ Gui3e LSecurit '#eration
ineo 652 / 552 UerJ Gui3e LSecurit '#eration
ineo 602 / 502 Uer Gui3e LSecurit '#eration
1 )t i uable when the 3i#la lan"ua"e i ,n"lih. rench. )talian. Ger<an or S#anih )t 3oe not affect theo#eration of ecurit function
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 11/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
11 / 112
1F1F1F1F *o"ical Sco#e of !',
Uer ue a ariet of function of !', fro< the #anel an3 a client BC ia the networ;
ereafter. thi ection e@#lain t#ical function uch a the baic function. the uer bo@ function
to <ana"e the i<a"e file tore3. the uer i3entification an3 authentication function. the
a3<initrator function <ani#ulate3 b a3<initrator. the erice en"ineer function
<ani#ulate3 b erice en"ineer. an3 the function o#erate3 in the bac;"roun3 without uerJ
awarene
1F11F11F11F1 +aic unction
)n MB. a erie of function for the office wor; concernin" the i<a"e uch a co#. #rint. can.
an3 fa@ e@it a baic function. an3 !', #erfor< the core control in the o#eration of thee
function )t conert the raw 3ata acIuire3 fro< the e@ternal 3eice of the MB controller into
i<a"e file. an3 tore the< in AM an3 :: $or #rint i<a"e file fro< client BC. <ulti#le
t#e of conerion are a##lie3% !hee i<a"e file are conerte3 into 3ata to be #rinte3 or ent.
an3 tran<itte3 to the 3eice outi3e of the MB controller concerne3
'#eration of co#. #rint. can. an3 A are <ana"e3 b the unit of Hob. o that o#eration
#riorit can be chan"e3. finihin" of #rint Hob can be chan"e3. an3 uch o#eration can be
aborte3. b "iin" 3irection fro< the #anel
!he followin" i the function relate3 to the ecurit in the baic function
Secure Brint unction
When a Secure Brint #awor3 i receie3 to"ether with #rintin" 3ata. the i<a"e file i
tore3 a tan3b tatu !hen. #rintin" i #erfor<e3 b a #rint 3irection an3 #awor3 entr
fro< the #anel
When #rintin" i reIuete3 b a client BC. thi function eli<inate the #oibilit that other
uer tole a "lance at the #rintin" of hi"hl confi3ential 3ata. or uch 3ata i li##e3 into the
other #rintin"
): N Brint unction
When thi function i et u#. uual #rint 3ata are ae3 in the #rint waitin" tate. an3
#rinte3 b the uer authentication #rocein" fro< the #anel ,en when thi function i notet u#. if it i #ecifie3 on the #rint 3ata to actiate thi function. the te< will o#erate in
the a<e <anner a thi function i et u# b a uer
1F21F21F21F2 Uer +o@ unction
A 3irector calle3 a Duer bo@D can be create3 a an area to tore i<a"e file in :: !hree
t#e of uer bo@ are uableO the firt i the #eronal uer bo@ which a uer #oee. the econ3
i the #ublic uer bo@ which i hare3 b re"itere3 uer who <a3e a certain nu<ber of "rou#.
an3 the thir3 i the "rou# bo@ which i hare3 b the uer belon"in" to a<e account A for the
#eronal uer bo@. the o#eration i li<ite3 onl for the uer who own it. the #ublic uer bo@#erfor< acce control b harin" a #awor3 et to the uer bo@ a<on" uer An3 the "rou#
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 12/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
12 / 112
bo@ li<it o#eration onl for the uer of the account that are #er<itte3 to ue it
!', #rocee the followin" o#eration reIuet to a uer bo@ or i<a"e file in the uer bo@ that
i tran<itte3 fro< the #anel or the networ; unit throu"h a networ; fro< a client BC
Brint. tran<it. an3 3ownloa3 fro< a client BC. of i<a"e file in a uer bo@
!he encr#tion of uer bo@ file i #oible in the ,-<ail that i one of the tran<iion
<etho3
:elete an i<a"e file in a uer bo@. <oe/co# it to other uer bo@e an3 co# it to e@ternal
<e<or
Set a torin" #erio3 of i<a"e file in a uer bo@ $3elete auto<aticall after the #erio3 #ae%
Chan"e the na<e an3 #awor3 of a uer bo@. or 3elete a uer bo@
Set attribute of a uer bo@ $chan"e the t#e of a #eronal uer bo@. #ublic uer bo@. or "rou#
uer bo@%
1F1F1F1F Uer Authentication unction
!', can li<it the uer who ue MB or acce throu"h the #anel or the networ;. !',
i3entifie an3 authenticate that the uer i #er<itte3 to ue the MB b a##lin" the uer
#awor3 an3 uer ): When the i3entification an3 authentication uccee3. !', #er<it the
uer the ue of the baic function an3 the uer bo@ function. etc
Seeral t#e of uer authentication li;e below are u##orte3
$1% Machine authentication2
A <etho3 to authenticate uer at MB b re"iterin" a uer ): an3 a uer #awor3 into
:: on the MB controller
$2% ,@ternal erer authentication
A <etho3 to authenticate uer at MB b uin" the uer ): an3 the uer #awor3 that are
re"itere3 on the uer infor<ation <ana"e<ent erer which i connecte3 with the
intra-office *A( without <ana"in" the uer ): an3 uer #awor3 on the MB i3e
!hou"h <ulti#le <etho3 calle3 Actie :irector. (!*MF. an3 (:S are u##orte3. the
<etho3 of the e@ternal erer authentication au<e3 in thi S! i a##lie3 onl to the cae
of uin" Actie :irector
1FF1FF1FF1FF Account Authentication unction5
!', can <ana"e the MB uer b "rou#in" the< into Account unit !he <etho3 of Account
Authentication are a follow
$1% Metho3 nchronize3 with Uer Authentication
Set an Account ): on a uer beforehan3. an3 aociate the uer with the account ): of the
uer account when he/he i authenticate3
2 When uer i et EBaueP b a3<initrator function. authentication function for the uer 3oe not wor; A <etho3 of 3irector erice that Win3ow Serer 2000 $or later% u##ort to unifor<l <ana"e uerinfor<ation in the networ; eniron<ent of Win3ow #latfor< F An abbreiation of (! *A( Mana"er An authentication <etho3 ue3 in 3irector erice that Win3ow (!u##ort to unifor<l <ana"e uer infor<ation in networ; eniron<ent of Win3ow #latfor<5 When account i et EBaueP b a3<initrator function. authentication function for the account 3oe not wor;
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 13/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
13 / 112
$2% Metho3 not nchronize3 with Uer Authentication
Aociate a uer with hi/her account ): when the uer i authenticate3 b the account
#awor3 et for each account ):
1F51F51F51F5 A3<initrator unction
!', #roi3e the function uch a the <ana"e<ent of uer bo@e. <ana"e<ent of uer
infor<ation at the ti<e of MB authentication an3 <ana"e<ent of ariou ettin" of the
networ;. i<a"e Iualit. etc in the a3<initrator <o3e that onl authenticate3 a3<initrator can
<ani#ulate
!he followin" how the function relate3 to the ecurit
Uer re"itration <ana"e<ent
e"itration or chan"e of uer ):/#awor3. 3eletion of uer. an3 #aue/reu<e of uer
Chan"e of the aociation between uer an3 account ):
Account re"itration <ana"e<ent
e"itration or chan"e of account ):/#awor3 an3 #aue/reu<e of account
Mana"e<ent of uer bo@ ettin"
e"itration or chan"e of uer bo@ #awor3. an3 <ana"e<ent of uer attribute
'#erational etu# of auto<atic te< reet
Setu# of the function that lo" out auto<aticall when the ettin" ti<e #ae3
Mana"e<ent of networ; ettin"
Connection ettin" of the intra-office *A( $ettin" of :(S erer%
SM!B ettin" $ettin" of the SM!B erer utilize3 b ,-<ail tran<iion%
)B a33ree. (et+)'S na<e. an3 A##le!al; #rinter na<e etc
+ac;u# or retore function of (4AM an3 ::
!hi i #erfor<e3 throu"h the networ; b uin" an a##lication e@cluie ue for the
<ana"e<ent intalle3 in the client BC
All area oerwrite 3eletion function of ::
!here are 3ata 3eletion <etho3 confor<e3 to ariou <ilitar tan3ar3 $e@ Militar
Stan3ar3 of Unite3 State :e#art<ent of :efene%
When thi function i tarte3 u#. in confor<it with a et <etho3. the oerwrite 3eletion i
e@ecute3 for the oerall area of ::
or<at function of ::
A lo"ical for<at i e@ecutable Counter <ana"e<ent function
A function to <ana"e the counter infor<ation uch a the nu<ber of #rinte3 heet for
each uer throu"h the Web:A4 erice or !B erice $eference of uer #awor3 an3
account #awor3 i #oible%
Mana"e<ent of A etu# $K a@ unit i intalle3%
Setu# of !S)6 receiin"
Setu# of A out#ut at BC-A receiin" $Storin" in uer bo@ or co<<on area for all uer
are aailable%
6 An abbreiation of !ran<ittin" Subcriber )3entification !he a<e <eanin" of )3entification of SubcriberJ
!er<inal !S) receiin" i the function that can 3ei"nate the uer bo@ to be tore3 for each ubcriber
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 14/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
14 / 112
!he function below are the o#eration ettin" function relate3 e#eciall to the behaior of the
ecurit function
Metho3 etu# of a uer authentication function
Machine authentication. e@ternal erer authentication. or uer authentication to# i
electe3
Co<bination with Account Authentication i et u# $Metho3 nchronize3 with Uer
Authentication. Metho3 not nchronize3 with Uer Authentication%
Setu# of acce when the uer attribute i #ublic
)t i electe3 whether to #er<it or #rohibit MB utilization of the uer who i not i3entifie3
b uer ):
Setu# of a #awor3 #olic function
)t i electe3 whether to enable or 3iable the function to chec; the eeral con3ition of
the #awor3. uch a the nu<ber of ali3 3i"it of ariou #awor3
Setu# of the authentication <etho3 of Secure Brint an3 the authentication o#eration
#rohibition function
When ecure #rint file are authenticate3. the authentication o#eration #rohibition
function o#erate in a <o3e. an3 3oe not o#erate in the other <o3e
!he o#eration <o3e of the function 3etectin" unucceful authentication in each
authentication function i alo nchronou with the aboe <o3e
!he aboe-<entione3 o#erational <o3e are electe3
Setu# of the networ; ettin" <o3ification function b S(MB1 an3 2
)t i electe3 whether to enable or 3iable the function to chan"e M)+ b S(MB1 an3 2
'#erational Setu# of Authentication unction when writin" uin" S(MB
!he ecurit leel of authentication or ;i##in" authentication i electe3
or the ecurit leel. either Donl authentication #awor3D or Dauthentication #awor3
Q #riac #awor3D i aailable
Setu# of the :: encr#tion function
Whether to actiate or to# the function i electe3
An encr#tion #a#hrae i re"itere3 or chan"e3 when the function i actiate3
Setu# of the uer bo@ collectie <ana"e<ent function
)t i electe3 whether to enable or 3iable thi function
Setu# of the #rint ca#ture function
A function to erif the #rint 3ata receie3 b MB when the #rint function i fault
)t i electe3 whether to enable or 3iable thi function Setu# of the networ; ettin" <ana"e<ent reet function
!hi function reet a erie of ite< to factor 3efault alue
)t i electe3 whether to enable or 3iable thi function
Setu# of the trute3 channel $SS*/!*S encr#tion co<<unication% function
SS*/!*S erer certificate are "enerate3 or i<#orte3
!he encr#tion <etho3 ue3 for co<<unication i et u#
Setu# of the tran<iion a33re 3ata
A tran<iion a33re or <etho3 ue3 for bo@ file tran<iion etc i electe3
S/M)M, certificate are i<#orte3
Setu# of the Web:A4 erer Setu# of the co<<unication function of the Web:A4 erer. which can obtain uer
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 15/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
15 / 112
ettin"
Setu# of the !B erer function
Whether to actiate or to# the function i electe3
Setu# of the S/M)M, function
Whether #er<it or #rohibit the S/M)M, certificate auto<atic re"itration function i
electe3
!he encr#tion <etho3 ue3 for 3ata encr#tion i electe3
Setu# of the ): N #rint function
Whether to actiate the ): N #rint function or not in nor<al #rintin" i electe3
1F61F61F61F6 Serice ,n"ineer unction
!', #roi3e a <ana"e<ent function of a3<initrator an3 a <aintenance function. uch a
a3Hutin" the 3eice for Scan/Brint etc. within the erice <o3e that onl a erice en"ineer can
o#erate !he followin" how the function relate3 to ecurit
Mo3ification function of a3<initrator #awor3
!he followin" i a et of o#eration ettin" function relate3 e#eciall to the behaior of the
ecurit function
Authentication etu# of the erice en"ineer with the C,R #awor3
Whether to actiate or to# the function i electe3
Setu# of re<ote 3ia"notic function $later 3ecri#tion%
Able to elect #er<iion or #rohibition
Setu# of a !', u#3ate function ia )nternet
Able to elect #er<iion or #rohibition
Setu# of <aintenance function
Able to elect #er<iion or #rohibition
!he for<at function of ::
A lo"ical for<at an3 a #hical for<at are e@ecutable
)ntallation ettin" of ::
An e@#licit intallation ettin" i necear to ue :: a a 3ata tora"e area
)nitialization function
!he ariou ettin" that the uer or the a3<initrator ha et an3 the 3ata that the uerha tore3 are 3elete3
1FR1FR1FR1FR 'ther unction
!', #roi3e the function that run bac;"roun3 without awarene of the uer an3 the
u#3atin" function of !', !he followin" e@#lain the <aHor function
,ncr#tion ;e "eneration function
Berfor< encr#tion/3ecr#tion b AS)C when writin" 3ata in :: or rea3in" 3ata fro<
:: $!', 3oe not #roce the encr#tion an3 3ecri#tion itelf%
R An abbreiation of Cuto<er Serice en"ineer
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 16/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
16 / 112
!he o#erational etu# of thi function i #erfor<e3 b the a3<initrator function When
actiate3. !', "enerate the encr#tion ;e b the encr#tion #a#hrae that wa entere3
on the #anel
e<ote 3ia"notic function
MB eIui#<ent infor<ation uch a o#eratin" tate an3 the nu<ber of #rinte3 heet i
<ana"e3 b <a;in" ue of the connection b a #ort of A #ublic line. b a <o3e< throu"h
S-22C or b ,-<ail or Web:A4 to co<<unicate with the u##ort center of MB #ro3uce3
b &onica Minolta +uine !echnolo"ie. )nc )n a33ition. if necear. a##ro#riate erice
$hi#<ent of a33itional toner #ac;a"e. account clai<. 3i#atch of erice en"ineer 3ue to
the failure 3ia"noi. etc% are #roi3e3
U#3atin" function of !',
!', facilitate3 with the function to u#3ate itelf A for the u#3ate <ean. there are a
<etho3 that e@it a one of ite< of re<ote 3ia"notic function. a <etho3 that 3ownloa3
fro< !B erer throu"h ,thernet $!', u#3ate function ia )nternet%. an3 a <etho3 that
#erfor< the connection of e@ternal <e<or
,ncr#tion co<<unication function
!', can encr#t the 3ata tran<itte3 fro< client BC to MB. an3 the 3ata receie3 b
3ownloa3 fro< MB b uin" SS*/!*S
!he o#erational etu# of thi function i #erfor<e3 b the a3<initrator function
S/M)M, certificate auto<atic re"itration function
)t i the function to re"iter the certificate for S/M)M, $confor< to )!U-! 50=% with each
tran<iion a33re auto<aticall When a certificate i attache3 in receie3 e-<ail. MB
reco"nize uer ): accor3in" to the infor<ation of e-<ail hea3er. an3 re"iter the
certificate a certificate of the a<e uer ):
!he tan3ar3 i that MB i not intalle3 a@ unit an3 3oe not hae a #ort of a@ #ublic line.
o there i not the acce to the internal networ; throu"h MB !', #roi3e the followin"
function. #roi3e3 that a@ unit i intalle3 in MB
a@ unit control function
!', #rohibit acce to the internal networ;. where MB wa connecte3 to. fro< a #ort ofa@ #ublic line throu"h a@ unit
!', <a;e effectie ue of the ecurit function $:: encr#tion function% of AS)C. which i
an e@ternal entit !he followin" e@#lain t#ical function relate3 to the e@ternal entit
Utilization of AS)C
AS)C. an e@ternal entit. actiate a function to encr#t the 3ata in :: a a function to
#rotect unauthorize3 brin"-out of 3ata an3 o on when an encr#tion #a#hrae i et u#
1F71F71F71F7 ,nhance3 Securit unction
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 17/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
17 / 112
4ariou ettin" function relate3 to the behaior of the ecurit function for the A3<initrator
function an3 the Serice en"ineer function can be et collectiel to the ecure alue b the
o#eration ettin" of the D,nhance3 Securit unctionD ,ach alue et i #rohibite3 chan"in"
itelf into the ulnerable one in3ii3uall A the function that 3oe not hae a ettin" function of
the o#eration in3ii3uall. there i the reet function of the networ; ettin" an3 the u#3ate
function of !', throu"h the networ;. but the ue of thee function i #rohibite3
!he followin" e@#lain the erie of the ettin" con3ition of bein" the enhance3 ecurit
function actie )n or3er to actiate the enhance3 ecurit function. the #rereIuiite i reIuire3
that an a3<initrator #awor3 an3 a C, #awor3 houl3 be et alon" with the #awor3
#olic
Uer authentication function 4ali3 $+oth authentication b the <ain bo3an3 the e@ternal erer are uable%
Uer acce of BU+*)C Brohibite3 Serice en"ineer authentication function 4ali3 Bawor3 #olic function 4ali3 Setu# of ecure #rint authentication <etho3 Authentication o#eration #rohibition function
effectie <etho3 Setu# of Authentication '#eration Brohibition function
!he #anel an3 account are loc;e3 out for 5econ3 when authentication ha faile3 $failurefreIuenc threhol3 1-%
Uer bo@ collectie <ana"e<ent function Brohibite3 (etwor; ettin" <o3ification function with S(MB1 an3 2
Brohibite3 Authentication '#eration when writin" uin" S(MB
4ali3 Setu# of :: encr#tion function 4ali3
Brint ca#ture function Brohibite3 Maintenance function Brohibite3 Chan"e of ettin" b re<ote 3ia"notic function
Brohibite3 (etwor; ettin" <ana"e<ent reet function Brohibite3 !', u#3ate function ia )nternet Brohibite3 !ran<iion a33re 3ata uer etu# function
Brohibite3 '#erational etu# of !rute3 Channel function
4ali3 Setu# of o#eration #rohibition releae ti<e of A3<initrator authentication
Setu# #rohibite3 for 1-F <inute
Setu# of o#eration #rohibition releae ti<e of C, authentication Setu# #rohibite3 for 1-F <inute !B Serer function Brohibite3 Auto<atic re"itration of S/M)M, certificate Brohibite3 Setu# of li<itation of S/M)M, encr#tion eerit
4ali3 $'nl :,S an3 A,S areuer-electable%
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 18/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
18 / 112
2222 Confor<ance Clai<
21212121 CC Confor<ance Clai<
!hi S! confor< to the followin" tan3ar3
Co<<on Criteria for )nfor<ation !echnolo" Securit ,aluation
Bart 1 )ntro3uction an3 "eneral <o3el 4erion 1 eiion $>a#anee !ranlation 10%
Bart 2 Securit functional co<#onent 4erion 1 eiion $>a#anee !ranlation 10%
Bart Securit aurance co<#onent 4erion 1 eiion $>a#anee !ranlation 10%
• Securit function reIuire<ent Bart2 ,@ten3e3
• Securit aurance reIuire<ent Bart Confor<ant
22222222 BB Clai<
!here i no BB that i reference3 b thi S!
2222 Bac;a"e Clai<
!hi S! confor< to Bac;a"e ,A* !here i no a33itional aurance co<#onent
2F2F2F2F eference
• Co<<on Criteria for )nfor<ation !echnolo" Securit ,aluation Bart 1)ntro3uction an3
"eneral <o3el 4erion 1 eiion CCM+-200=-0R-001
• Co<<on Criteria for )nfor<ation !echnolo" Securit ,aluation Bart 2Securit functional
co<#onent 4erion 1 eiion CCM+-200=-0R-002
• Co<<on Criteria for )nfor<ation !echnolo" Securit ,aluation Bart Securit aurance
co<#onent 4erion 1 eiion CCM+-200=-0R-00
• Co<<on Metho3olo" for )nfor<ation !echnolo" Securit ,aluation
,aluation <etho3olo" 4erion 1 eiion CCM+-200=-0R-00F
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 19/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
19 / 112
Securit Broble< :efinition
!hi cha#ter will 3ecribe the conce#t of #rotecte3 aet. au<#tion. threat. an3
or"anizational ecurit #olicie
1111 Brotecte3 Aet
Securit conce#t of !', i Dthe #rotection of 3ata that can be 3icloe3 a"aint the intention of
the uerD A MB i "enerall ue3. the followin" i<a"e file in aailable ituation beco<e the
#rotecte3 aet
• Secure Brint file
An i<a"e file re"itere3 b Secure Brint
• ): N #rint file
An i<a"e file ae3 a an ): N #rint file when #rint 3ata are re"itere3 b the ): N #rint
function
• Uer +o@ file
An i<a"e file tore3 in the #eronal uer bo@. #ublic uer bo@ an3 "rou# uer bo@
A for a i<a"e file of a Hob ;e#t a a wait tate b actiitie of #lural Hob. an3 a i<a"e file of a
Hob ;e#t that #rint the re<ain3er of co#ie beco<in" a a wait tate for confir<ation of the
finih. an3 other than the i<a"e file 3ealt with the aboe-<entione3 i not inten3e3 to be
#rotecte3 in the "eneral ue of MB. o that it i not treate3 a the #rotecte3 aet
)n the tore of a ecure #rint file or an ): N #rint file an3 the tran<iion of a uer bo@ file.
<a;in" in the #re#aration for the threat thou"ht when unauthorize3 MB or <ail erer i
connecte3 b an chance. or when o#erational etu# of BC-A i chan"e3 een if without
unauthorize3 MB. the ettin" of MB $)B a33re etc% an3 o#eration ettin" of BC-A reIuire
not to be <o3ifie3 ille"all !herefore. the ettin" of MB $)B a33re etc% an3 o#eration ettin"
of BC-A are coni3ere3 a ubi3iar #rotecte3 aet
'n the other han3. when the tore3 3ata hae #hicall "one awa fro< the Huri3iction of a
uer. uch a the ue of MB en3e3 b the leae return or 3icar3. or the cae of a theft of ::.
the uer ha concern about lea; #oibilit of eer re<ainin" 3ata !herefore. in thi cae. the
followin" 3ata file beco<e #rotecte3 aet
• Secure Brint ile
• ): N #rint ile
• Uer +o@ ile
• 'n-<e<or )<a"e ile
)<a"e file of Hob in the wait tate
• Store3 )<a"e ile
Store3 i<a"e file other than ecure #rint file. uer bo@ file. or ): N #rint file
• :: re<ainin" )<a"e ile
!he file which re<ain in the :: 3ata area that i not 3elete3 onl b "eneral3eletion o#eration $3eletion of a file <aintenance area%
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 20/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
20 / 112
• )<a"e-relate3 ile
!e<#orar 3ata file "enerate3 in #rint i<a"e file #rocein"
• !ran<iion A33re :ata ile
ile inclu3in" ,-<ail a33re an3 tele#hone nu<ber that beco<e the 3etination to
tran<it an i<a"e
2222 Au<#tion
!he #reent ection i3entifie an3 3ecribe the au<#tion for the eniron<ent for uin" the
!',
AA:M)( AA:M)( AA:M)( AA:M)( $$$$BeronnelBeronnelBeronnelBeronnel con3itioncon3itioncon3itioncon3ition totototo bebebebe anananan a3<initratora3<initratora3<initratora3<initrator%%%%
A3<initrator. in the role "ien to the<. will not carr out a <aliciou act 3urin" the erie of
#er<itte3 o#eration "ien to the<
AS,4)C, AS,4)C, AS,4)C, AS,4)C, $$$$BeronnelBeronnelBeronnelBeronnel con3itioncon3itioncon3itioncon3ition totototo bebebebe aaaa ericeericeericeerice en"ineeren"ineeren"ineeren"ineer%%%%
Serice en"ineer. in the role "ien to the<. will not carr out a <aliciou act 3urin" erie of
#er<itte3 o#eration "ien to the<
A(,!W'& A(,!W'& A(,!W'& A(,!W'& $$$$(etwor;(etwor;(etwor;(etwor; connectionconnectionconnectionconnection con3itioncon3itioncon3itioncon3ition forforforfor MBMBMBMB%%%%
• !he intra-office *A( where the MB with the !', will be intalle3 i not interce#te3
• When the intra-office *A( where the MB with the !', will be intalle3 i connecte3 to an
e@ternal networ;. acce fro< the e@ternal networ; to the MB i not allowe3
A A A AS,C,!
S,C,!S,C,!S,C,! $
$$$'#eration'#eration'#eration'#erational
alalal con3ition
con3itioncon3itioncon3ition about
aboutaboutabout ecret
ecretecretecret infor<ation
infor<ationinfor<ationinfor<ation%
%%%
,ach #awor3 an3 encr#tion #a#hrae 3oe not lea; fro< each uer in the ue of !',
AS,!!)(G AS,!!)(G AS,!!)(G AS,!!)(G $$$$'#eration'#eration'#eration'#erationalalalal ettin"ettin"ettin"ettin" con3itioncon3itioncon3itioncon3ition of of of of ,nhance3,nhance3,nhance3,nhance3 SecuritSecuritSecuritSecurit functionfunctionfunctionfunction%%%%
!he enhance3 ecurit function i enable3 when a uer ue the !',
!hreat
)n thi ection. threat that are au<e3 3urin" the ue of the !', an3 the eniron<ent for
uin" the !', are i3entifie3 an3 3ecribe3
!!!!:)SCA::)SCA::)SCA::)SCA:----MBMBMBMB $$$$*eae*eae*eae*eae----returnreturnreturnreturn an3an3an3an3 3icar33icar33icar33icar3 of of of of MMMMBBBB%%%%
When leae3 MB are returne3 or 3icar3e3 MB are collecte3. ecure #rint file. uer bo@
file. ): N #rint file. on-<e<or i<a"e file. tore3 i<a"e file. ::-re<ainin" i<a"e file.
i<a"e-relate3 file. tran<iion a33re 3ata file. an3 ariou #awor3 which were et u#
can lea; b the #eron with <aliciou intent when he/he analze the :: or (4AM in the
MB
!!!!+)(G+)(G+)(G+)(G----'U!'U!'U!'U!----S!'AG,S!'AG,S!'AG,S!'AG, $$$$Unauthorize3Unauthorize3Unauthorize3Unauthorize3 brin"brin"brin"brin"----out of ::out of ::out of ::out of ::%%%%
• Secure #rint file. uer bo@ file. ): N #rint file. on-<e<or i<a"e file. tore3 i<a"e file.::-re<ainin" i<a"e file. i<a"e-relate3 file. tran<iion a33re 3ata file. an3
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 21/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
21 / 112
ariou #awor3 which were et u# can lea; b a <aliciou #eron or a uer ille"all when
he/he brin" out the file to analze the :: in a MB
• A #eron or a uer with <aliciou intent ille"all re#lace the :: in MB )n the re#lace3
::. newl create3 file uch a ecure #rint file. uer bo@ file. ): N #rint file.
on-<e<or i<a"e file. tore3 i<a"e file. ::-re<ainin" i<a"e file. i<a"e-relate3 file.
tran<iion a33re 3ata file an3 ariou #awor3 which were et u# are accu<ulate3
A #eron or a uer with <aliciou intent ta;e out to analze the re#lace3 ::. o that uch
i<a"e file will lea;
!ACC,SS!ACC,SS!ACC,SS!ACC,SS----B)4A!,B)4A!,B)4A!,B)4A!,----+'+'+'+' $$$$Unauthorize3Unauthorize3Unauthorize3Unauthorize3 acceacceacceacce totototo thethethethe #eronal#eronal#eronal#eronal ueruerueruer bo@bo@bo@bo@ whichwhichwhichwhich ue3ue3ue3ue3 aaaa ueruerueruer
functionfunctionfunctionfunction%%%%
,@#oure of the uer bo@ file when a #eron or a uer with <aliciou intent accee the uer
bo@ where other uer own. an3 o#erate the uer bo@ file. uch a co#ie. <oe. 3ownloa3.
#rint. tran<it. an3 o on
!ACC,SS!ACC,SS!ACC,SS!ACC,SS----BU+*)CBU+*)CBU+*)CBU+*)C----+'+'+'+' $$$$Unauthorize3Unauthorize3Unauthorize3Unauthorize3 acceacceacceacce totototo #ublic#ublic#ublic#ublic ueruerueruer bo@bo@bo@bo@ whichwhichwhichwhich ue3ue3ue3ue3 aaaa ueruerueruer functionfunctionfunctionfunction%%%%
,@#oure of the uer bo@ file when a #eron or a uer with <aliciou intent accee the #ublic
uer bo@ which i not #er<itte3 to ue. an3 o#erate the uer bo@ file. uch a co#ie. <oe.
3ownloa3. #rint tran<it. an3 o on
!ACC,SS!ACC,SS!ACC,SS!ACC,SS----G'UBG'UBG'UBG'UB----+'+'+'+' $$$$Unauthorize3Unauthorize3Unauthorize3Unauthorize3 acceacceacceacce totototo thethethethe "rou#"rou#"rou#"rou# ueruerueruer bo@bo@bo@bo@ whichwhichwhichwhich ueueueue3333 aaaa ueruerueruer
functionfunctionfunctionfunction%%%%
,@#oure of the uer bo@ file when a #eron or a uer with <aliciou intent accee the "rou#
uer bo@ which the account where a uer 3oe not belon" to own. an3 o#erate the uer bo@
file. uch a co#ie. <oe. 3ownloa3. #rint tran<it. an3 o on
!ACC,SS!ACC,SS!ACC,SS!ACC,SS----S,CU,S,CU,S,CU,S,CU,----B)(!B)(!B)(!B)(! $$$$Unauthorize3Unauthorize3Unauthorize3Unauthorize3 acceacceacceacce totototo thethethethe ecureecureecureecure #rint#rint#rint#rint filefilefilefile orororor ): N #rint): N #rint): N #rint): N #rint file bfile bfile bfile b
utilizin" the uer functionutilizin" the uer functionutilizin" the uer functionutilizin" the uer function%%%%
• Secure #rint file are e@#oe3 b thoe <aliciou inclu3in" uer when he/he o#erate
$#rint etc% one to which acce i not allowe3
• ): N #rint file are e@#oe3 b thoe <aliciou inclu3in" uer when he/he o#erate $#rint
etc% one which were tore3 b other uer
!!!!U(,B,C!,:U(,B,C!,:U(,B,C!,:U(,B,C!,:----!A(SM)SS)'(!A(SM)SS)'(!A(SM)SS)'(!A(SM)SS)'( $$$$!ran<iion to uninten3e3 a33re!ran<iion to uninten3e3 a33re!ran<iion to uninten3e3 a33re!ran<iion to uninten3e3 a33re%%%%• Maliciou #eron or uer chan"e the networ; ettin" that are relate3 to the tran<iion
of a uer bo@ file ,en an a33re i et #reciel. a uer bo@ file i tran<itte3 $the ,-<ail
tran<iion or the !B tran<iion% to the entit which a uer 3oe not inten3 to. o that
a uer bo@ file i e@#oe3
8!he networ; ettin" which are relate3 to uer bo@ file tran<iion9
Settin" relate3 to the SM!B erer
Settin" relate3 to the :(S erer
• Maliciou #eron or uer chan"e the networ; ettin" which et in MB to i3entif MB
itelf where !', intalle3. b ettin" to the alue of the entit uch a another unauthorize3
MB fro< the alue of MB $(et+)'S na<e. A##le!al; #rinter na<e. )B a33re etc% that!', i ori"inall intalle3. o that ecure #rint file or ): N #rint file are e@#oe3
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 22/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
22 / 112
• Maliciou #eron or uer chan"e the !S) receiin" ettin" A uer bo@ file i tore3 to the
entit which a uer 3oe not inten3 to. o that a uer bo@ file i e@#oe3
• Maliciou #eron or uer chan"e the BC-A rece#tion ettin" + chan"in" the ettin" of
the torin" for the #ublic uer bo@ to tore to co<<on area for all uer. a uer bo@ file i
tore3 to the entit which a uer 3oe not inten3 to. o that a uer bo@ file i e@#oe3
K !hi threat e@it onl in the cae that the ettin" of BC-A rece#tion i <eant to wor; a
the o#eration ettin" for bo@ torin"
!!!!ACC,SS ACC,SS ACC,SS ACC,SS----S,!!)(GS,!!)(GS,!!)(GS,!!)(G $$$$An An An An unauthorize3unauthorize3unauthorize3unauthorize3 chan"echan"echan"echan"e of of of of aaaa functionfunctionfunctionfunction ettin"ettin"ettin"ettin" con3itioncon3itioncon3itioncon3ition relate3relate3relate3relate3 totototo
ecuritecuritecuritecurit%%%%
!he #oibilit of lea;in" uer bo@ file. ecure #rint file. or ): N #rint file rie becaue
thoe <aliciou inclu3in" uer chan"e the ettin" relate3 to the enhance3 ecurit function
!!!!+AC&UB+AC&UB+AC&UB+AC&UB----,S!',,S!',,S!',,S!', $$$$Unauthorize3Unauthorize3Unauthorize3Unauthorize3 ueueueue of of of of bbbbac;u#ac;u#ac;u#ac;u# functionfunctionfunctionfunction an3an3an3an3 retorretorretorretorationationationation functionfunctionfunctionfunction%%%%
Uer bo@ file. ecure #rint file. or ): N #rint file can lea; b thoe <aliciou inclu3in" uer
uin" the bac;u# function an3 the retoration function ille"all Alo hi"hl confi3ential 3ata
uch a #awor3 can be e@#oe3. o that ettin" <i"ht be falifie3
FFFF 'r"anizational Securit Bolicie
ecentl. there are a lot of or"anization that 3e<an3 ecurit of networ; in office Althou"h a
threat of wireta##in" actiitie etc in intra-office *A( i not au<e3 in thi S!. !', ecurit
eniron<ent that corre#on3 to the or"anization that 3e<an3e3 ecurit <eaure in
intra-office *A( i au<e3 Moreoer. althou"h a accu<ulate3 3ata in a client BC an3 a erer
e@itin" in internal networ;. an3 a "eneral 3ata traelin" acro the internal networ; are not
#rotecte3 aet. !', ecurit eniron<ent that corre#on3 to the or"anization that #rohibite3
the acce to internal networ; ia MB fro< a@ #ublic line #ortal i au<e3
!he ecurit #olicie a##lie3 in the or"anization that ue !', are i3entifie3 an3 3ecribe3 a
follow
BC'MMU()CA!)'(BC'MMU()CA!)'(BC'MMU()CA!)'(BC'MMU()CA!)'(----:A!A :A!A :A!A :A!A $$$$SSSSecureecureecureecure co<<unicco<<unicco<<unicco<<unicationationationation of of of of i<a"ei<a"ei<a"ei<a"e file%file%file%file%
i"hl confi3ential i<a"e file $ecure #rint file. uer bo@ file. an3 ): N #rint file% which
tran<itte3 or receie3 between )! eIui#<ent <ut be co<<unicate3 ia a trute3 #a to the
correct 3etination. or encr#te3 when the or"anization or the uer e@#ect to be #rotecte3
BBBB,>,C!,>,C!,>,C!,>,C!----*)(,*)(,*)(,*)(, $$$$Acce #rohibition fro< #ublic line Acce #rohibition fro< #ublic line Acce #rohibition fro< #ublic line Acce #rohibition fro< #ublic line%%%%
An acce to internal networ; fro< #ublic line ia the a@ #ublic line #ortal <ut be
#rohibite3
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 23/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
23 / 112
FFFF Securit 'bHectie
)n thi cha#ter. in relation to the au<#tion. the threat. an3 the or"anizational ecurit
#olic i3entifie3 in Cha#ter . the reIuire3 ecurit obHectie for the !', an3 the eniron<ent
for the ua"e of the !', are 3ecribe3 b bein" 3ii3e3 into the cate"orie of the ecurit
obHectie for the !', an3 the ecurit obHectie for the eniron<ent. a follow
F1F1F1F1 Securit 'bHectie for the !',
)n thi ection. the ecurit obHectie for the !', i i3entifie3 an3 3ecribe3
'''',G)S!,,:,G)S!,,:,G)S!,,:,G)S!,,:----US,US,US,US, $$$$UtilizationUtilizationUtilizationUtilization of of of of #er<itte3#er<itte3#er<itte3#er<itte3 ueruerueruer%%%%
!', #er<it the ue of MB intalle3 !', onl to the uer who uccee3e3 the i3entification
an3 authentication
''''B)4A!,B)4A!,B)4A!,B)4A!,----+'+'+'+' $$$$BeronalBeronalBeronalBeronal ueruerueruer bo@bo@bo@bo@ acceacceacceacce controlcontrolcontrolcontrol%%%%
• !', #er<it onl a uer to ue the uer function of the #eronal uer bo@ that thi uer
own
• !', #er<it onl a uer to ue the uer function of the ue bo@ file in the #eronal uer bo@
that thi uer own
''''BU+*)CBU+*)CBU+*)CBU+*)C----+'+'+'+' $$$$BublicBublicBublicBublic ueruerueruer bo@bo@bo@bo@ aaaaccecceccecce controlcontrolcontrolcontrol%%%%
• !', #er<it the uer who uccee3e3 i3entification an3 authentication the rea3in"
o#eration of the #ublic uer bo@
• !', #er<it the uer function of the #ublic uer bo@ onl to the uer who i #er<itte3 the
ue of thi #ublic uer bo@
• !', #er<it the uer function of the uer bo@ file in the #ublic uer bo@ onl to the uer who
i #er<itte3 the ue of thi #ublic uer bo@
''''G'UBG'UBG'UBG'UB----+'+'+'+' $$$$Grou#Grou#Grou#Grou# ueruerueruer bo@bo@bo@bo@ acceacceacceacce controlcontrolcontrolcontrol%%%%
• !', #er<it the uer function of the "rou# uer bo@ that thi account own onl to the uer
who i #er<itte3 the ue of thi account
• !', #er<it the uer function of the uer bo@ file in the "rou# uer bo@ that thi account
own onl to the uer who i #er<itte3 the ue of thi account
'S,CU,'S,CU,'S,CU,'S,CU,----B)(!B)(!B)(!B)(! $$$$Acce control for ecure #rint file an3 Acce control for ecure #rint file an3 Acce control for ecure #rint file an3 Acce control for ecure #rint file an3 ): N #rint): N #rint): N #rint): N #rint filefilefilefile%%%%
• !', #er<it the uer function of a ecure #rint file onl to the uer who wa allowe3 to ue
the file
• !', #er<it the uer function of an ): N #rint file onl to the uer who tore3 that file
''''C'()GC'()GC'()GC'()G $$$$Acce Acce Acce Acce li<itationli<itationli<itationli<itation totototo <ana"e<ent<ana"e<ent<ana"e<ent<ana"e<ent functionfunctionfunctionfunction%%%%
!', #er<it onl the a3<initrator the o#eration of the followin" function
• !he ettin" function relate3 to the SM!B erer
• !he ettin" function relate3 to the :(S erer• !he ettin" function relate3 to the a33re of MB
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 24/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
24 / 112
• +ac;u# function
• etoration function
• !he ettin" function of !rute3 Channel function ettin" 3ata
• !he ettin" function of certificate. tran<iion a33re 3ata. etc ue3 for the S/M)M,
function
• !he ettin" function of !S) receiin"
• !he ettin" function of BC-A rece#tion
• Counter <ana"e<ent function
!', #er<it the o#eration of the followin" function onl to the a3<initrator an3 the erice
en"ineer
• !he function relate3 to the ettin" of ,nhance3 Securit function
'''''4,W)!,'4,W)!,'4,W)!,'4,W)!,----A** A** A** A** $$$$Co<#leteCo<#leteCo<#leteCo<#lete oerwriteoerwriteoerwriteoerwrite 3eletion3eletion3eletion3eletion%%%%
!', oerwrite all the 3ata re"ion of :: in MB with 3eletion 3ata. an3 <a;e all i<a"e
3ata unable to retore )n a33ition. !', #roi3e a function to initialize ettin" uch a the
hi"hl confi3ential #awor3 on (4AM $a3<initrator #awor3. encr#tion #a#hrae.
S(MB #awor3. an3 Web:A4 erer #awor3% et b a uer or an a3<initrator
''''CYB!CYB!CYB!CYB!----&,Y &,Y &,Y &,Y $$$$,ncr#tion,ncr#tion,ncr#tion,ncr#tion ;e;e;e;e "eneration"eneration"eneration"eneration%%%%
!', "enerate an encr#tion ;e to encr#t an3 tore all the 3ata written in the :: in the
MB inclu3in" i<a"e file
''''!US!,:!US!,:!US!,:!US!,:----BASSBASSBASSBASS $$$$!he!he!he!he ueueueue of of of of !rute3!rute3!rute3!rute3 ChannelChannelChannelChannel%%%%
!', #roi3e the function that co<<unicate ia !rute3 Channel the followin" i<a"e file.
which i tran<itte3 an3 receie3 between MB an3 client BC
8 )<a"e file tran<itte3 fro< MB to client BC 9
• Uer bo@ file
8 )<a"e file tran<itte3 fro< client BC to MB 9
• )<a"e file that will be tore3 a uer bo@ file
• )<a"e file that will be tore3 a ecure #rint file
• )<a"e file that will be tore3 a ): N #rint file
''''CYB!'CYB!'CYB!'CYB!'----MA)*MA)*MA)*MA)* $$$$!he!he!he!he ueueueue of of of of encr#te3encr#te3encr#te3encr#te3 <ail<ail<ail<ail%%%%
!', #roi3e the function that encr#t an3 tran<it the uer bo@ file tran<itte3 fro< MB
to the correct 3etination with e-<ail
'A'A'A'A----C'(!'*C'(!'*C'(!'*C'(!'* $a@ unit control%$a@ unit control%$a@ unit control%$a@ unit control%
!', #roi3e the control function that #rohibit an acce to internal networ; which the MB
connect with. fro< #ublic line ia the a@ #ublic line #ortal
''''AU! AU! AU! AU!----CABA+)*)!Y CABA+)*)!Y CABA+)*)!Y CABA+)*)!Y $!he$!he$!he$!he u##ortu##ortu##ortu##ort o#erationo#erationo#erationo#eration totototo utilizeutilizeutilizeutilize ueruerueruer authenticationauthenticationauthenticationauthentication functionfunctionfunctionfunction%%%%
!', u##ort the necear o#eration to utilize the uer authentication function b uer
infor<ation <ana"e<ent erer uin" Actie :irector
''''CYB!'CYB!'CYB!'CYB!'----CABA+)*)!Y CABA+)*)!Y CABA+)*)!Y CABA+)*)!Y $!he$!he$!he$!he u##ortu##ortu##ortu##ort o#erationo#erationo#erationo#eration totototo utilizeutilizeutilizeutilize :::::::: enenenencr#tioncr#tioncr#tioncr#tion functionfunctionfunctionfunction%%%%!', u##ort necear <echanical o#eration to utilize the :: encr#tion function b
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 25/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
25 / 112
AS)C
F2F2F2F2 Securit 'bHectie for the '#erational ,niron<ent
)n thi ection. the ecurit obHectie for !', o#erational eniron<ent are 3ecribe3
',,,:',,,:',,,:',,,:----+AC& +AC& +AC& +AC& $$$$UtilizationUtilizationUtilizationUtilization of of of of a##licationa##licationa##licationa##lication totototo howhowhowhow ecureecureecureecure #awor3#awor3#awor3#awor3%%%%
!he a3<initrator an3 uer utilize the a##lication of a brower etc. ue3 b client BC to acce
MB. that #roi3e a##ro#riate #rotecte3 fee3bac; to the uer #awor3. uer bo@ #awor3.
account #awor3. a3<initrator #awor3. ecure #rint #awor3. S(MB #awor3. an3
Web:A4 erer #awor3. which will be entere3
',',',',SSSS,4,,4,,4,,4, $$$$UtilizationUtilizationUtilizationUtilization of of of of ueruerueruer infor<ationinfor<ationinfor<ationinfor<ation <ana"e<ent<ana"e<ent<ana"e<ent<ana"e<ent erer%erer%erer%erer%
!he a3<initrator et to utilize uer <ana"e<ent b Actie :irector in cae of uin"
e@ternal uer infor<ation <ana"e<ent erer intea3 of MB for the <ana"e<ent of uer
account
',',',',S,SS)'(S,SS)'(S,SS)'(S,SS)'( $!er<ination$!er<ination$!er<ination$!er<ination of of of of eioneioneioneion afterafterafterafter o#eration%o#eration%o#eration%o#eration%
!he a3<initrator ha the uer i<#le<ent the followin" o#eration
• After the o#eration of ecure #rint file. ): N #rint file. an3 the uer bo@ an3 uer bo@ file
en3. the lo"off o#eration i #erfor<e3
!he a3<initrator e@ecute the followin" o#eration
• After the o#eration of the ariou function in a3<initrator <o3e en3. the lo"off o#eration
i #erfor<e3
!he erice en"ineer e@ecute the followin" o#eration
• After the o#eration of the ariou function in erice <o3e en3. the lo"off o#eration i
#erfor<e3
',',',',A:M)(A:M)(A:M)(A:M)( $$$$A AA A reliablereliablereliablereliable a3<initratora3<initratora3<initratora3<initrator%%%%
!he re#onible #eron in the or"anization who ue MB will ai"n a #eron who can
faithfull e@ecute the "ien role 3urin" the o#eration of the MB with !', a an
a3<initrator
',',',',S,4)C,S,4)C,S,4)C,S,4)C, $$$$!he!he!he!he ericeericeericeerice en"ineeren"ineeren"ineeren"ineerJJJJ "uarantee"uarantee"uarantee"uarantee%%%%
• !he re#onible #eron in the or"anization <ana"in" the <aintenance of MB e3ucate a
erice en"ineer in or3er to faithfull carr out the "ien role for the intallation of the !',.
the etu# of !', an3 the <aintenance of the MB with !',
• !he a3<initrator obere the <aintenance wor; of MB with !', b a erice en"ineer
',(,!W'& ',(,!W'& ',(,!W'& ',(,!W'& $$$$(etwor;(etwor;(etwor;(etwor; ,niron<ent,niron<ent,niron<ent,niron<ent inininin whichwhichwhichwhich thethethethe MBMBMBMB iiii connecte3connecte3connecte3connecte3%%%%
• !he re#onible #eron in the or"anization who ue MB carrie out the ta##in" #reention
<eaure b ettin" the ci#her co<<unication eIui#<ent an3 the ta##in" 3etection
eIui#<ent to the *A( of the office where MB with !', i intalle3
• !he re#onible #eron in the or"anization who ue MB carrie out the <eaure for the
unauthorize3 acce fro< the outi3e b ettin" u# the eIui#<ent uch a the firewall tointerce#t the acce fro< an e@ternal networ; to MB with !',
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 26/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
26 / 112
',A',A',A',A----U()!U()!U()!U()! $Utilization of a@ unit%$Utilization of a@ unit%$Utilization of a@ unit%$Utilization of a@ unit%
!he erice en"ineer intall the a@ unit on MB which i the o#tional #art an3 et to
utilize the function of the a@ unit
',',',',S,C,!S,C,!S,C,!S,C,! $$$$A##ro#riate A##ro#riate A##ro#riate A##ro#riate <an<an<an<ana"e<enta"e<enta"e<enta"e<ent of of of of confi3entialconfi3entialconfi3entialconfi3ential infor<ationinfor<ationinfor<ationinfor<ation%%%%
!he a3<initrator ha the uer i<#le<ent the followin" o#eration
• &ee# the uer #awor3 an3 ecure #rint #awor3 confi3ential
• &ee# the uer bo@ #awor3 an3 account #awor3 confi3ential between the uer who
co<<onl utilize it
• Shoul3 not et the alue that can be "uee3 for the uer #awor3. ecure #rint #awor3
an3 the uer bo@ #awor3
• !he uer #awor3 an3 the uer bo@ #awor3 houl3 be #ro#erl chan"e3
• When the a3<initrator chan"e the uer #awor3 or the uer bo@ #awor3. <a;e the uer
to chan"e the< #ro<#tl
!he a3<initrator e@ecute the followin" o#eration
• Aoi3 ettin" an ea-to-"ue alue on the a3<initrator #awor3. account #awor3.
S(MB #awor3. encr#tion #a#hrae. an3 Web:A4 erer #awor3
• &ee# the a3<initrator #awor3. account #awor3. S(MB #awor3. encr#tion
#a#hare an3 Web:A4 erer #awor3 confi3ential
• Chan"e the a3<initrator #awor3. account #awor3. S(MB #awor3. encr#tion
#a#hrae. an3 Web:A4 erer #awor3 a##ro#riatel
!he erice en"ineer e@ecute the followin" o#eration
• Shoul3 not et the alue that can be "uee3 for the C, #awor3
•
&ee# the C, #awor3 confi3ential• !he C, #awor3 houl3 be #ro#erl chan"e3
• When the erice en"ineer chan"e the a3<initrator #awor3. <a;e the a3<initrator to
chan"e it #ro<#tl
',S,!!)(G',S,!!)(G',S,!!)(G',S,!!)(G----S,CU)!Y S,CU)!Y S,CU)!Y S,CU)!Y $$$$'#eration'#eration'#eration'#erational etu#al etu#al etu#al etu# of of of of ,nhance3,nhance3,nhance3,nhance3 SecuritSecuritSecuritSecurit functionfunctionfunctionfunction%%%%
!he a3<initrator <a;e the etu# of the enhance3 ecurit function effectie for !', before
a uer ue it
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 27/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
27 / 112
FFFF Securit 'bHectie ationale
F1F1F1F1 (eceit
!he corre#on3ence between the au<#tion. threat an3 or"anization ecurit #olicie an3
ecurit obHectie are hown in the followin" table )t how that the ecurit obHectie
corre#on3 to at leat one au<#tion. threat or or"anization ecurit #olicie
!able!able!able!able 1111 Confor<itConfor<itConfor<itConfor<it of of of of ecuritecuritecuritecurit obHectieobHectieobHectieobHectie totototo au<#tionau<#tionau<#tionau<#tion. threat. an3. threat. an3. threat. an3. threat. an3 or"anizationor"anizationor"anizationor"anization ecurit #olicecurit #olicecurit #olicecurit #olicieieieie
'r"anization ecurit
#olicie
Au<#tion
!hreat
Securit obHectie
A /A :M) (
A / S , 0 4) C ,
A /(,! W ' 0&
A / S , C 0,!
A / S ,! ! ) ( G
! /:) S C A 0:- M B
! /+ 0) ( G- ' U! - S
! ' 0A G,
! /A C C , S S - B 0) 4
A ! ,- + '
! /A C C , S S - B U+*
) C - + '
! /A C C , S S - G 0 ' UB - + '
! /A C C , S S - S , C U
0,- B 0) (!
! / U(, B , C ! ,:
- ! 0A ( S M) S S ) '(
! /A C C , S S - S ,! !
) ( G
! /+A C & UB - 0, S ! ' 0,
B / C 'MM U() C A ! ) '(- :A ! A
B / 0, > , C ! - * ) (,
',G)S!,,:-US,
'B)4A!,-+'
'BU+*)C-+'
'G'UB-+'
'S,CU,-B)(!
'C'()G ''4,W)!,-A**
'CYB!'-&,Y
'!US!,:-BASS
'CYB!'-MA)*
'A-C'(!'*
'CYB!'-CABA+)*)!Y
'AU!-CABA+)*)!Y
',,,:-+AC&
',S,4,
',S,SS)'(
',A:M)(
',S,4)C,
',(,!W'&
',A-U()!
',S,C,!
',S,!!)(G-S,CU)!Y
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 28/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
28 / 112
F2F2F2F2 Sufficienc of Au<#tion
!he ecurit obHectie for the au<#tion are 3ecribe3 a follow
AA:M)( AA:M)( AA:M)( AA:M)( $$$$Beronnel Con3ition to be anBeronnel Con3ition to be anBeronnel Con3ition to be anBeronnel Con3ition to be an A3<initrator% A3<initrator% A3<initrator% A3<initrator%
!hi con3ition au<e that a3<initrator are not <aliciou
With ',A:M)(. the or"anization that ue the MB ai"n #eronnel who are reliable in
the or"anization that ue the MB. o the reliabilit of the a3<initrator i realize3
AS,4)C, AS,4)C, AS,4)C, AS,4)C, $$$$BeronnelBeronnelBeronnelBeronnel Con3itionCon3itionCon3itionCon3ition totototo bebebebe aaaa SericeSericeSericeSerice ,n"ineer%,n"ineer%,n"ineer%,n"ineer%
!hi con3ition au<e the erice en"ineer are not <aliciou
With ',S,4)C,. the or"anization that <ana"e the <aintenance of the MB e3ucate the
erice en"ineer Alo the a3<initrator nee3 to obere the <aintenance of the MB. o that
the reliabilit of erice en"ineer i aure3
A(,!W'& A(,!W'& A(,!W'& A(,!W'& $$$$(etwor;(etwor;(etwor;(etwor; ConnectionConnectionConnectionConnection Con3itionCon3itionCon3itionCon3ition forforforfor thethethethe MBMBMBMB%%%%
!hi con3ition au<e that there are no wireta##in" actiitie an3 no acce b an
un#ecifie3 #eron fro< an e@ternal networ; to the intra-office *A(
',(,!W'& re"ulate the wireta##in" #reention b the intallation of 3eice uch a a
wireta##in" 3etection 3eice an3 3eice to #erfor< the encr#tion co<<unication on the
intra-office *A( )t alo re"ulate the unauthorize3 acce #reention fro< e@ternal b the
intallation of 3eice uch a firewall in or3er to bloc; acce to the MB fro< the e@ternal
networ;. o that thi con3ition i realize3
AS,C,! AS,C,! AS,C,! AS,C,! $'#eratin"$'#eratin"$'#eratin"$'#eratin" con3itioncon3itioncon3itioncon3ition concernin"concernin"concernin"concernin" confi3entialconfi3entialconfi3entialconfi3ential infor<ation%infor<ation%infor<ation%infor<ation%
!hi con3ition au<e each #awor3 an3 encr#tion #a#hrae uin" for the ue of !',
houl3 not be lea;e3 b each uer
',S,C,! re"ulate that the a3<initrator <a;e the uer to e@ecute the o#eration rule
concernin" the ecure #rint #awor3. uer bo@ #awor3. uer #awor3. an3 account
#awor3 an3 that the a3<initrator e@ecute the o#eration rule concernin" the
a3<initrator #awor3. S(MB #awor3. encr#tion #a#hrae. account #awor3. an3
Web:A4 erer #awor3 )t alo re"ulate that the erice en"ineer e@ecute the o#eration
rule concernin" the C, #awor3. an3 that the erice en"ineer <a;e the a3<initrator to
e@ecute the o#eration rule concernin" the a3<initrator #awor3. o that thi con3ition irealize3
AS,!!)(G AS,!!)(G AS,!!)(G AS,!!)(G $$$$,nhance3,nhance3,nhance3,nhance3 SecuritSecuritSecuritSecurit unctionunctionunctionunction '#erational'#erational'#erational'#erational Setu#Setu#Setu#Setu# Con3itionCon3itionCon3itionCon3ition%%%%
!hi con3ition au<e the enhance3 ecurit function o#erational ettin" con3ition i
atifie3
',S,!!)(G-S,CU)!Y re"ulate that thi i ue3 after the a3<initrator actiate the
enhance3 ecurit function. o that thi con3ition i realize3
FFFF Sufficienc of !hreat
!he ecurit obHectie a"aint threat are 3ecribe3 a follow
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 29/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
29 / 112
!:)SCA:!:)SCA:!:)SCA:!:)SCA:----MBMBMBMB $*eae$*eae$*eae$*eae returnreturnreturnreturn an3an3an3an3 3icar33icar33icar33icar3 of of of of MB%MB%MB%MB%
!hi threat au<e the #oibilit of lea;in" infor<ation fro< MB collecte3 fro< the uer
''4,W)!,-A** i that !', #roi3e the function to oerwrite 3ata for the 3eletion of
all area of :: an3 initialize the infor<ation of (4AM. o that the #oibilit of the
threat i re<oe3 b e@ecutin" thi function before MB i collecte3
Accor3in"l. thi threat i countere3 ufficientl
!+)(G!+)(G!+)(G!+)(G----'U!'U!'U!'U!----S!'AG,S!'AG,S!'AG,S!'AG, $Unauthorize3$Unauthorize3$Unauthorize3$Unauthorize3 brin"brin"brin"brin"in"in"in"in" outoutoutout ::::::::%%%%
!hi threat au<e the #oibilit that the i<a"e 3ata in :: lea; b bein" tolen fro<
the o#erational eniron<ent un3er MB ue3 or b intallin" the unauthorize3 :: an3
ta;in" awa with the 3ata accu<ulate3 in it
or the aboe. the #oibilit of the threat i re3uce3 becaue 'CYB!'-&,Y au<e that
!', "enerate an encr#tion ;e to encr#t the 3ata written in the ::. an3 a <echanical
o#eration to ue the :: encr#tion function b AS)C i u##orte3 b
'CYB!'-CABA+)*)!Y
Accor3in"l. thi threat i countere3 ufficientl
!ACC,SS!ACC,SS!ACC,SS!ACC,SS----B)4A!,B)4A!,B)4A!,B)4A!,----+'+'+'+' $Unauthorize3$Unauthorize3$Unauthorize3$Unauthorize3 acceacceacceacce totototo #eronal#eronal#eronal#eronal ueruerueruer bo@bo@bo@bo@ uin"uin"uin"uin" ueruerueruer functionfunctionfunctionfunction%%%%
!hi threat au<e the #oibilit that an unauthorize3 o#eration i 3one b uin" the uer
function for the #eronal uer bo@ which each uer ue to tore the i<a"e file
',G)S!,,:-US, i au<e3 that onl the uer to who< !', uccee3 i3entification
an3 authentication i #er<itte3 to ue MB intalle3 !',. further<ore. the o#eration of a
#eronal uer bo@ an3 the uer bo@ file in a #eronal uer bo@ i retricte3 onl to the uer
who i the owner b 'B)4A!,-+'. o that the #oibilit of the threat i re3uce3 When
the e@ternal uer infor<ation <ana"e<ent erer i ue3. the #oibilit of the threat i
re3uce3 becaue the uer i3entification an3 authentication i o#erate3 throu"h
'AU!-CABA+)*)!Y u##ortin" the o#eration for the uer authentication function b the
uer infor<ation <ana"e<ent erer of Actie :irector an3 throu"h ',S,4, ettin" to
ue the uer <ana"e<ent b Actie :irector b the a3<initrator
',,,:-+AC& ue the a##lication re"ulatin" to return the #rotecte3 fee3bac; for the
entere3 #awor3 in the uerJ authentication. an3 ',S,SS)'( alo reIuire the lo"-off
o#eration after the o#eration en3. o that ',G)S!,,:-US, an3 'B)4A!,-+' are
u##orte3 ufficientl
Accor3in"l. thi threat i countere3 ufficientl
!ACC,SS!ACC,SS!ACC,SS!ACC,SS----BU+*)CBU+*)CBU+*)CBU+*)C----+'+'+'+' $Unauthorize3$Unauthorize3$Unauthorize3$Unauthorize3 acceacceacceacce totototo ####ublicublicublicublic ueruerueruer bo@bo@bo@bo@ uin"uin"uin"uin" ueruerueruer functionfunctionfunctionfunction%%%%
!hi threat au<e the #oibilit that an unauthorize3 o#eration i 3one b uin" the uer
function for the #ublic uer bo@ which each uer hare to tore the i<a"e file
',G)S!,,:-US, au<e that onl the uer to who< !', uccee3 i3entification an3
authentication i #er<itte3 to ue MB intallin" !',. further<ore. the o#eration of the
#ublic uer bo@ an3 the uer bo@ file in the #ublic uer bo@ i retricte3 onl to the uer who i
#er<itte3 b 'BU+*)C-+'. o that the #oibilit of the threat i re3uce3 When the
e@ternal uer infor<ation <ana"e<ent erer i ue3. the #oibilit of the threat i re3uce3
becaue the uer i3entification an3 authentication i o#erate3 throu"h'AU!-CABA+)*)!Y u##ortin" the o#eration for the uer authentication function b the
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 30/112
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 31/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
31 / 112
!!!!U(,B,C!,:U(,B,C!,:U(,B,C!,:U(,B,C!,:----!A(SM)SS)'(!A(SM)SS)'(!A(SM)SS)'(!A(SM)SS)'( $$$$!ran<iion to uninten3e3 a33re!ran<iion to uninten3e3 a33re!ran<iion to uninten3e3 a33re!ran<iion to uninten3e3 a33re%%%%
!hi threat au<e the #oibilit of en3in" the uer bo@ file to the a33re that inJt
inten3e3. when the networ; ettin" that relate to the tran<iion i ille"all chan"e3 !hi
i concerne3 about a #oibilit that the uer bo@ file i tran<itte3 to the #ecifie3 erer
ille"all without the chan"e of the networ; eniron<ent contitution b the <aliciou #eron
b. for intance. ille"all bein" chan"e3 the a33re of the SM!B erer that rela ,-<ail for
the ,-<ail. or ille"all bein" chan"e3 the a33re of the :(S erer where the 3o<ain na<e
i inIuire3 when the a33re of the SM!B erer i ue3 for a earch of the 3o<ain na<e
or !B tran<iion. b bein" li;el to ue the <echani< of the earch of the 3o<ain na<e
i concerne3 about the i<ilar #oibilit of the inci3ent <i"ht be occurre3 b ,-<ailin"
urther<ore. when the networ; ettin" which i relate3 to the a33re of MB i <o3ifie3
ille"all. it au<e the #oibilit to ue the #rint function to the unauthorize3 entit fro<
client BC b the uer who beliee a !', ,#eciall. it beco<e a #roble< if a ecure #rint
file or an ): N #rint file which i reIuire3 to be conceale3 fro< other uer in the office i
tran<itte3 to the unauthorize3 entit
)n a33ition to thi. the ettin" of BC-A rece#tion an3 the ettin" of !S) rece#tion au<e
the #oibilit of uninten3e3 uer bo@ file torin" at A rece#tion
'n the other han3. 'C'()G re"ulate that the role to o#erate the networ; ettin" relatin"
to the tran<iion of !',. the ettin" of BC-A rece#tion an3 the ettin" of !S) rece#tion
are li<ite3 to the a3<initrator. an3 o the #oibilit of thi threat i re<oe3
',,,:-+AC& ue the a##lication re"ulatin" that the fee3bac; #rotecte3 i returne3 for
the entere3 #awor3 b the a3<initratorJ authentication an3 ',S,SS)'( reIuire to
lo"off after the o#eration en3. o that 'C'()G i u##orte3 ufficientl
Accor3in"l. thi threat i countere3 ufficientl
!ACC,SS!ACC,SS!ACC,SS!ACC,SS----S,!!)(GS,!!)(GS,!!)(GS,!!)(G $$$$Unauthorize3Unauthorize3Unauthorize3Unauthorize3 chan"echan"echan"echan"e of of of of functionfunctionfunctionfunction ettin"ettin"ettin"ettin" con3itioncon3itioncon3itioncon3ition relate3relate3relate3relate3 totototo ecuritecuritecuritecurit%%%%
!hi threat au<e the #oibilit of 3eelo#in" coneIuentiall into the lea;a"e of the uer
bo@ file. ecure #rint file. or ): N #rint file b hain" been chan"e3 the #ecific function
ettin" which relate to ecurit
'C'()G re"ulate that onl the a3<initrator an3 the erice en"ineer are #er<itte3 to
#erfor< the etu# of the enhance3 ecurit function that control all ettin" function relate3
to a erie of ecurit. an3 o the #oibilit of the threat i re<oe3
',,,:-+AC& ue the a##lication re"ulatin" that the fee3bac; #rotecte3 i returne3 for
the entere3 ariou #awor3 b the a3<initratorJ authentication. an3 ',S,SS)'( i
alo reIuete3 to lo"off re#ectiel after the o#eration of the a3<initrator <o3e en3. othat 'C'()G i u##orte3 ufficientl
Accor3in"l. thi threat i countere3 ufficientl
!+AC&UB!+AC&UB!+AC&UB!+AC&UB----,S!',,S!',,S!',,S!', $Unauthorize3$Unauthorize3$Unauthorize3$Unauthorize3 ueueueue of of of of bac;bac;bac;bac;----u#u#u#u# functionfunctionfunctionfunction an3an3an3an3 retorretorretorretorationationationation functionfunctionfunctionfunction%%%%
!hi threat au<e a #oibilit that uer bo@ file. ecure #rint file. or ): N #rint file <a
lea; when the bac;-u# function or the retoration function i ille"all ue3 Moreoer. thi
au<e that confi3ential 3ata uch a #awor3 <i"ht lea; or ariou ettin" are falifie3.
o that uer bo@ file. ecure #rint file. or ): N #rint file <a lea;
'C'()G re"ulate that the ue of the bac;-u# function an3 the retoration function i
#er<itte3 onl to the a3<initrator. o that the #oibilit of the threat i re<oe3',,,:-+AC& ue the a##lication re"ulatin" that the #rotecte3 fee3bac; i returne3 for
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 32/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
32 / 112
the entere3 #awor3 b the a3<initrator authentication an3 ',S,SS)'( i alo
reIuete3 the lo"-off o#eration after the o#eration en3. an3 o 'C'()G i ufficientl
u##orte3
Accor3in"l. thi threat i countere3 ufficientl
FFFFFFFF Sufficienc of 'r"anizational Securit Bolicie
Securit obHectie corre#on3in" to or"anizational ecurit #olicie i e@#laine3 a follow
BC'MMU()CA!)'(BC'MMU()CA!)'(BC'MMU()CA!)'(BC'MMU()CA!)'(----:A!A :A!A :A!A :A!A $ecure$ecure$ecure$ecure co<<unicationco<<unicationco<<unicationco<<unication of of of of i<a"ei<a"ei<a"ei<a"e file%file%file%file%
!hi or"anizational ecurit #olic #recribe carrin" out #rocein" ia trute3 #a to a
correct 3etination or encr#tin" to enure the confi3entialit about the i<a"e file which
flow on a networ; in the cae of the or"anization or the uer e@#ect to be #rotecte3 A thi
corre#on3 a oneJ reIuet. there i no nee3 to #roi3e ecure co<<unication function for
all co<<unication At leat one ecure co<<unication <etho3 between MB an3 client BC
nee3 to be #roi3e3 when tran<ittin" the ecure #rint file or the uer bo@ file
'!US!,:-BASS #roi3e !rute3 Channel to a correct 3etination in the tran<iion
an3 rece#tion of an i<a"e between MB an3 client BC for uer bo@ file. ecure #rint file.
an3 ): N #rint file that ae confi3ential i<a"e. o that the or"anizational ecurit #olicie
i achiee3
Alo. the ecurit obHectie #roi3e the tran<iion function to a correct 3etination b
encr#tin" the uer bo@ file tran<itte3 b e-<ail fro< MB to client BC b
'CYB!'-MA)*. o that the or"anizational ecurit #olicie i achiee3
urther<ore. 'C'()G retrict the !rute3 Channel function ettin" 3ata. the
<ana"e<ent of the uer bo@ fileJ encr#tion b e-<ail an3 the tran<iion a33re 3ata to
the a3<initrator An3. ',,,:-+AC& ue the a##lication re"ulatin" that the #rotecte3
fee3bac; i returne3 for the entere3 #awor3 in the a3<initratorJ authentication. an3
',S,SS)'( i alo re"ulate3 to lo" off after the o#eration of the a3<initrator <o3e en3.
o that 'C'()G i u##orte3
Accor3in"l. thi or"anizational ecurit #olic i ufficientl to achiee
B,>,C!B,>,C!B,>,C!B,>,C!----*)(,*)(,*)(,*)(, $Acce #rohibition fro< #ublic line%$Acce #rohibition fro< #ublic line%$Acce #rohibition fro< #ublic line%$Acce #rohibition fro< #ublic line%
!hi or"anizational ecurit #olic #rohibit bein" accee3 to a tore3 3ata in a client BC
an3 a erer e@itin" in internal networ; or a "eneral 3ata flowin" on internal networ; fro<
#ublic line ia the #ort of a@ #ublic line on a@ unit intalle3 to MB!hi <ean that co<<unication. li;e re<ote 3ia"notic function or ille"al o#eration
co<<an3. e@ce#t i<a"e 3ata which i ent fro< #ublic line networ; an3 forwar3e3 to
internal networ; ia the #ort of a@ #ublic line of MB i not forwar3e3 to internal networ;.
een thou"h a@ unit i intalle3 on MB at the reIuet of the or"anization
'A-C'(!'* #rohibit the acce to the 3ata e@itin" in internal networ; inclu3in" a
"eneral 3ata fro< #ublic line ia the a@ #ublic line #ortal
Alo. ',A-U()! i re"ulate3 to intall a@ unit which i the o#tional #art on MB b
erice en"ineer. o that 'A-C'(!'* i u##orte3
Accor3in"l. thi or"anizational ecurit #olic i achiee3
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 33/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
33 / 112
5555 ,@ten3e3 Co<#onent :efinition
51515151 ,@ten3e3 unction Co<#onent
)n thi S!. three e@ten3e3 function co<#onent are 3efine3 !he neceit of each ecurit
function reIuire<ent an3 the reaon of the labelin" 3efinition are 3ecribe3
A:)B1A:)B1A:)B1A:)B1
!hi i the ecurit function reIuire<ent for the #rotection of the re<ainin" infor<ation of
uer 3ata an3 !S 3ata
(eceit of e@tenion
!he re"ulation for the #rotection of the !S 3ata re<ainin" infor<ation i necear +ut
the ecurit function reIuire<ent to e@#lain the #rotection of the re<ainin" infor<ation
e@it onl in :B)B1 for the uer 3ata !here i no ecurit function reIuire<ent to
atif thi reIuire<ent
eaon for a##lie3 cla $A:%
!here i no reIuire<ent to e@#lain both of the uer 3ata an3 the !S 3ata with no
3itinction !herefore. new Cla wa 3efine3
eaon for a##lie3 fa<il $)B%
A thi i the e@tenion u# to the !S 3ata b uin" the content e@#laine3 b the releant
fa<il of :B cla. the a<e label of thi fa<il wa a##lie3
))))!CAB1!CAB1!CAB1!CAB1
!hi i the ecurit function reIuire<ent for re"ulatin" the necear abilit for !', to ue
effectiel the ecurit function of the e@ternal entit. )! eniron<ent
(eceit of e@tenion
)n cae of !', uin" the e@ternal ecurit function. the e@ternal ecurit function to be
urel ecure i i<#ortant. but !', abilit to #roi3e i er i<#ortant in or3er to ue
correctl the e@ternal ecurit function +ut there i no conce#t a thi reIuire<ent in the
ecurit function reIuire<ent
eaon for a##lie3 cla $)!%
!here i no uch conce#t in CC #art 2 !herefore. new Cla wa 3efine3
eaon for a##lie3 fa<il $CAB1%
A i<ilar to cla. there i no uch conce#t in CC #art 2 !herefore. new a<il wa3efine3
511511511511 A:)B1 :efinition
ClaClaClaCla nananana<e<e<e<e
A: Brotection of all 3ata
Meanin" of abbreiation A: $unctional reIuire<ent for All :ata #rotection%
ClaClaClaCla behaiorbehaiorbehaiorbehaior
!hi cla contain a fa<il #ecifin" the reIuire<ent relate3 with the #rotection of the uer3ata an3 the !S 3ata with no 3itinction 'ne fa<il e@it here
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 34/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
34 / 112
- ei3ual )nfor<ation Brotection of All :ata $A:)B%O
a<ila<ila<ila<il behaiorbehaiorbehaiorbehaior
!hi fa<il corre#on3 to the neceit neer to acce the 3elete3 3ata or newl create3
obHect an3 !S 3ata which houl3 not et a acceible !hi fa<il reIuire the #rotection for
the infor<ation that wa 3elete3 or releae3 lo"icall but ha a #oibilit to e@it till in
!',
Co<#onentCo<#onentCo<#onentCo<#onent leelin"leelin"leelin"leelin"
A:)B1 Dei3ual )nfor<ation Brotection of All :ata after the e@#licit 3eletion o#erationD
reIuire of !S to aure that the ubet of the 3efine3 obHect controlle3 b !S cannot
utilize an re<ainin" infor<ation of eer reource un3er the allocation of reource or the
releae of it
Au3it Au3it Au3it Au3it A:)B1
!he ue of the uer i3entification infor<ation with the e@#licit 3eletion o#eration
Mana"e<entMana"e<entMana"e<entMana"e<ent A:)B1
(o e@#ecte3 <ana"e<ent actiit
FAD_RIP.1eeeei3uali3uali3uali3ual )nfor<ation)nfor<ation)nfor<ation)nfor<ation BrotectionBrotectionBrotectionBrotection of of of of All All All All :ata:ata:ata:ata afterafterafterafter thethethethe e@#licite@#licite@#licite@#licit 3eletion3eletion3eletion3eletiono#erationo#erationo#erationo#eration
FAD_RIP.1.1
!S hall enure that the content of the infor<ation allocate3 to ource before hall not be aailable
after the e@#licit 3eletion o#eration a"aint the obHect an3 !S 3ata Lai"n<ent lit of obHect an3 lit
of !S 3ata
ierarchical to (o other co<#onent
:e#en3encie (o 3e#en3encie
512512512512 )!CAB1 :efinition
ClaClaClaCla na<ena<ena<ena<e
)! Su##ort for )! eniron<ent entitMeanin" of abbreiation )! $unctional reIuire<ent for )! eniron<ent u##ort%
ClaClaClaCla behaiorbehaiorbehaiorbehaior
!hi cla contain a fa<il #ecifin" the reIuire<ent relate3 with the ue of the ecurit
erice #roi3e3 b )! eniron<ent entit 'ne fa<il e@it here
- Ue of )! eniron<ent entit $)!CAB%O
a<ila<ila<ila<il behaiorbehaiorbehaiorbehaior
!hi fa<il corre#on3 to the ca#abilit 3efinition for !', at the ue of ecurit function of)! eniron<ent entit
A:)B ei3ual )nfor<ation Brotection of All :ata 1
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 35/112
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 36/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
36 / 112
6666 )! Securit eIuire<ent
)n thi cha#ter. the !', ecurit reIuire<ent are 3ecribe3
8888:efinition:efinition:efinition:efinition of of of of *abel*abel*abel*abel9999
!he ecurit function reIuire<ent reIuire3 for the !', are 3ecribe3 !hoe re"ulate3 in CC
Bart 2 will be 3irectl ue3 for the functional reIuire<ent co<#onent. an3 the a<e label will
be ue3 a well !he new a33itional reIuire<ent which i not 3ecribe3 in CC #art 2 i newl
etablihe3 an3 i3entifie3 with the label that 3oenJt co<#ete with CC #art 2
8888 Metho3Metho3Metho3Metho3 of of of of #ecifin"#ecifin"#ecifin"#ecifin" ecuritecuritecuritecurit functionfunctionfunctionfunction reIuire<entreIuire<entreIuire<entreIuire<ent DDDD'#eration'#eration'#eration'#erationDDDD 9999
)n the followin" 3ecri#tion. when ite< are in3icate3 in DitalicD an3 Dbol3.D it <ean that the
are ai"ne3 or electe3 When ite< are in3icate3 in DitalicD an3 Dbol3D with #arenthei ri"ht
after the un3erline3 ori"inal entence. it <ean that the un3erline3 entence are refine3 A
nu<ber in the #arenthee after a label <ean that the functional reIuire<ent i ue3
re#eate3l
8888Metho3Metho3Metho3Metho3 of of of of clearclearclearclear in3iin3iin3iin3icationcationcationcation of of of of 3e#en3enc3e#en3enc3e#en3enc3e#en3enc9999
!he label in the #arenthee D$ %D in the 3e#en3ent ection in3icate a label for the ecurit
functional reIuire<ent ue3 in thi S! When it i a 3e#en3enc that i not reIuire3 to be ue3
in thi S!. it i 3ecribe3 a D(/AD in the a<e #arenthee
61616161 !', Securit eIuire<ent
611611611611 !', Securit unctional eIuire<ent
6111611161116111 Cr#to"ra#hic Su##ort
FCS_CKM.1 Cr#to"ra#hicCr#to"ra#hicCr#to"ra#hicCr#to"ra#hic ;e;e;e;e "eneration"eneration"eneration"eneration
FCS_CKM.1.1
!he !S hall "enerate cr#to"ra#hic ;e in accor3ance with a #ecifie3 cr#to"ra#hic ;e "eneration
al"orith< Lai"n<ent cr#to"ra#hic ;e "eneration al"orith< an3 #ecifie3 cr#to"ra#hic ;e ize
Lai"n<ent cr#to"ra#hic ;e ize that <eet the followin" Lai"n<ent lit of tan3ar3
Lai"n<ent lit of tan3ar3 *ite3 *ite3 *ite3 *ite3 in in in in D DD D!able !able !able !able2 22 2 Cr#to"ra#hic Cr#to"ra#hic Cr#to"ra#hic Cr#to"ra#hic ;e ;e ;e ;e "eneration "eneration "eneration "eneration
elation elation elation elation of of of of Stan3ar3 Stan3ar3 Stan3ar3 Stan3ar3 - -- -Al"orith< Al"orith< Al"orith< Al"orith<- -- -&e &e &e &e ize ize ize izeD DD D
Lai"n<ent cr#to"ra#hic ;e "eneration al"orith<
*ite3 *ite3 *ite3 *ite3 in in in in D DD D!able !able !able !able2 22 2 Cr#to"ra#hic Cr#to"ra#hic Cr#to"ra#hic Cr#to"ra#hic ;e ;e ;e ;e "eneration "eneration "eneration "eneration
elation elation elation elation of of of of Stan3ar3 Stan3ar3 Stan3ar3 Stan3ar3 - -- -Al"orith Al"orith Al"orith Al"orith< << <- -- -&e &e &e &e ize ize ize izeD DD D
Lai"n<ent cr#to"ra#hic ;e ize
*ite3 *ite3 *ite3 *ite3 in in in in D DD D!able2 !able2 !able2 !able2 Cr#to"ra#hic Cr#to"ra#hic Cr#to"ra#hic Cr#to"ra#hic ;e ;e ;e ;e "eneration "eneration "eneration "eneration
elation elation elation elation of of of of Stan3ar3 Stan3ar3 Stan3ar3 Stan3ar3 - -- -Al"orith< Al"orith< Al"orith< Al"orith<- -- -&e &e &e &e ize ize ize izeD DD D
ierarchical to (o other co<#onent
:e#en3encie CSC&M2 or CSC'B1 $CSC'B1%. CSC&MF $(/A%
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 37/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
37 / 112
!able!able!able!able 2222 Cr#to"raCr#to"raCr#to"raCr#to"ra####hichichichic &e&e&e&e GenerationGenerationGenerationGeneration elationelationelationelation of of of of Stan3ar3Stan3ar3Stan3ar3Stan3ar3----Al"orith< Al"orith< Al"orith< Al"orith<----&e&e&e&e izeizeizeize
*it of Stan3ar3 Cr#to"ra#hic &e Generation Al"orith< Cr#to"ra#hic &e ize
)BS )BS )BS )BS 176 176 176 176- -- -2 22 2 B BB Beu3oran3o< eu3oran3o< eu3oran3o< eu3oran3o< nu<ber nu<ber nu<ber nu<ber Generation Generation Generation Generation A AA Al"orith< l"orith< l"orith< l"orith< - -- - 127 127 127 127 bit bit bit bit
- -- - 1=2 1=2 1=2 1=2 bit bit bit bit
- -- - 167 167 167 167 bit bit bit bit
- -- - 256 256 256 256 bit bit bit bit
&onica Minolta &onica Minolta &onica Minolta &onica Minolta
,ncr#tion ,ncr#tion ,ncr#tion ,ncr#tion
#ecification #ecification #ecification #ecification tan3ar3 tan3ar3 tan3ar3 tan3ar3
&onica Minolta &onica Minolta &onica Minolta &onica Minolta :: :: :: :: ,ncr#tion ,ncr#tion ,ncr#tion ,ncr#tion &e &e &e &e Generation Generation Generation Generation
Al"orith< Al"orith< Al"orith< Al"orith<
- -- - 127127127127 bit bit bit bit
FCS_COP.1 Cr#to"ra#hicCr#to"ra#hicCr#to"ra#hicCr#to"ra#hic o#erationo#erationo#erationo#eration
FCS_COP.1.1
!he !S hall #erfor< Lai"n<ent lit of Cr#to"ra#hic o#eration in accor3ance with a #ecifie3
cr#to"ra#hic al"orith< Lai"n<ent cr#to"ra#hic al"orith< an3 cr#to"ra#hic ;e izeLai"n<ent cr#to"ra#hic ;e ize that <eet the followin" Lai"n<ent lit of tan3ar3
Lai"n<ent lit of tan3ar3
*ite3 *ite3 *ite3 *ite3 in in in in D DD D!able !able !able !able Cr#to"ra#hic Cr#to"ra#hic Cr#to"ra#hic Cr#to"ra#hic o#eration o#eration o#eration o#eration
elation elation elation elation of of of of Al"orith< Al"orith< Al"orith< Al"orith<- -- -&e &e &e &e ize ize ize ize- -- -Cr#to"ra#hic Cr#to"ra#hic Cr#to"ra#hic Cr#to"ra#hic o#eration o#eration o#eration o#erationD DD D
Lai"n<ent cr#to"ra#hic al"orith<
*ite3 *ite3 *ite3 *ite3 in in in in D DD D!able !able !able !able Cr#to"ra#hic Cr#to"ra#hic Cr#to"ra#hic Cr#to"ra#hic o#eration o#eration o#eration o#eration
elation elation elation elation of of of of Al"orith< Al"orith< Al"orith< Al"orith<- -- -&e &e &e &e ize ize ize ize- -- -Cr#to"ra#hic Cr#to"ra#hic Cr#to"ra#hic Cr#to"ra#hic o#eration o#eration o#eration o#erationD DD D
Lai"n<ent cr#to"ra#hic ;e ize
*ite3 *ite3 *ite3 *ite3 in in in in D DD D!able !able !able !able Cr#to"ra#hic Cr#to"ra#hic Cr#to"ra#hic Cr#to"ra#hic o#eration o#eration o#eration o#eration
elation elation elation elation of of of of Al"orith< Al"orith< Al"orith< Al"orith<- -- -&e &e &e &e ize ize ize ize- -- -Cr#to"ra#hic Cr#to"ra#hic Cr#to"ra#hic Cr#to"ra#hic o#eration o#eration o#eration o#erationD DD D
Lai"n<ent lit of cr#to"ra#hic o#eration
*ite3 *ite3 *ite3 *ite3 in in in in D DD D!able !able !able !able Cr#to"ra#hic Cr#to"ra#hic Cr#to"ra#hic Cr#to"ra#hic o#eration o#eration o#eration o#erationelation elation elation elation of of of of Al"orith< Al"orith< Al"orith< Al"orith<- -- -&e &e &e &e ize ize ize ize- -- -Cr#to"ra#hic Cr#to"ra#hic Cr#to"ra#hic Cr#to"ra#hic o#eration o#eration o#eration o#erationD DD D
ierarchical to (o other co<#onent
:e#en3encie :B)!C1 or :B)!C2 or CSC&M1 $CSC&M1 $ onl a #art of eent%%.
CSC&MF $(/A%
!able!able!able!able Cr#to"ra#hicCr#to"ra#hicCr#to"ra#hicCr#to"ra#hic '#eration'#eration'#eration'#eration elationelationelationelation of of of of Al"orith< Al"orith< Al"orith< Al"orith<----&e&e&e&e izeizeizeize----Cr#to"ra#hicCr#to"ra#hicCr#to"ra#hicCr#to"ra#hic '#eration'#eration'#eration'#eration
*it of
tan3ar3
Cr#to"ra#hic
Al"orith<
Cr#to"ra#hic
;e ize
Content of Cr#to"ra#hic o#eration
)B )B )B )BS SS S BU+ BU+ BU+ BU+ 1 11 1=R =R =R =R A,S A,S A,S A,S - -- - 127 127 127 127 bit bit bit bit
- -- - 1=2 1=2 1=2 1=2 bit bit bit bit- -- - 256 256 256 256 bit bit bit bit
,ncr#tion ,ncr#tion ,ncr#tion ,ncr#tion of of of of S/ S/ S/ S/M)M, M)M, M)M, M)M, tran<iion tran<iion tran<iion tran<iion 3ata 3ata 3ata 3ata
SB700 SB700 SB700 SB700- -- -6R 6R 6R 6R - -- -& && &e e e e- -- -!ri#le !ri#le !ri#le !ri#le- -- -:,S :,S :,S :,S - -- - 167 167 167 167 bit bit bit bit ,ncr#tion ,ncr#tion ,ncr#tion ,ncr#tion of of of of S/ S/ S/ S/M)M, M)M, M)M, M)M, tran<iion tran<iion tran<iion tran<iion 3ata 3ata 3ata 3ata
)BS )BS )BS )BS 176 176 176 176- -- -2 22 2 SA SA SA SA - -- - 102F 102F 102F 102F bit bit bit bit
- -- - 20F7 20F7 20F7 20F7 bit bit bit bit
- -- - 0R2 0R2 0R2 0R2 bit bit bit bit
- -- - F0=6 F0=6 F0=6 F0=6 bit bit bit bit
,ncr#tion ,ncr#tion ,ncr#tion ,ncr#tion of of of of cr#to"ra#hic cr#to"ra#hic cr#to"ra#hic cr#to"ra#hic ;e ;e ;e ;e to to to to e ee encr#t ncr#t ncr#t ncr#t
S/ S/ S/ S/M)M, M)M, M)M, M)M, tran<iion tran<iion tran<iion tran<iion 3ata 3ata 3ata 3ata
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 38/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
38 / 112
6112611261126112 Uer :ata Brotection
FDP_ACC.1[1] SubetSubetSubetSubet acceacceacceacce controlcontrolcontrolcontrol
FDP_ACC.1.1[1]!he !S hall enforce the Lai"n<ent acce control SB on Lai"n<ent lit of ubHect. obHect. an3
o#eration a<on" ubHect an3 obHect coere3 b the SB
Lai"n<ent lit of ubHect. obHect. an3 o#eration a<on" ubHect an3 obHect coere3 b the SB
*ite3 *ite3 *ite3 *ite3 in in in in D DD D!able !able !able !ableF FF F Uer Uer Uer Uer bo@ bo@ bo@ bo@ acce acce acce acce control control control control o#erational o#erational o#erational o#erational lit lit lit lit D DD D
Lai"n<ent acce control SB
Uer Uer Uer Uer +o@ +o@ +o@ +o@ acce acce acce acce control control control control
ierarchical to (o other co<#onent
:e#en3encie :BAC1 $:BAC1L1%
!able!able!able!able FFFF UerUerUerUer +o@+o@+o@+o@ Acce Acce Acce Acce ControlControlControlControl '#erational'#erational'#erational'#erational *it*it*it*it
SubHect 'bHect '#erational *it
Uer Uer Uer Uer +o@ +o@ +o@ +o@ - -- - *it *it *it *it A AA A ta; ta; ta; ta; to to to to act act act act for for for for a aa a uer uer uer uer
Uer Uer Uer Uer +o@ +o@ +o@ +o@ ile ile ile ile - -- - Brint Brint Brint Brint
- -- - !ran<iion !ran<iion !ran<iion !ran<iion $, $, $, $,- -- -<ail <ail <ail <ail tran<iion.tran<iion.tran<iion.tran<iion. !B !B !B !B tran<iion.tran<iion.tran<iion.tran<iion.
SM+ SM+ SM+ SM+ tran<iion tran<iion tran<iion tran<iion.... A A A A tran<iion tran<iion tran<iion tran<iion an3 an3 an3 an3 Web:A4 Web:A4 Web:A4 Web:A4
tran<iion tran<iion tran<iion tran<iion% %% %
- -- - :ownloa3 :ownloa3 :ownloa3 :ownloa3
- -- - Moe Moe Moe Moe to to to to other other other other uer uer uer uer bo@e bo@e bo@e bo@e
- -- - Co# Co# Co# Co# to to to to other other other other uer uer uer uer bo@e bo@e bo@e bo@e
- -- - Co# toCo# toCo# toCo# to e@ternal e@ternal e@ternal e@ternal <e<or <e<or <e<or <e<or
- -- - +ac;u# +ac;u# +ac;u# +ac;u#
FDP_ACC.1[2] SubetSubetSubetSubet acceacceacceacce controlcontrolcontrolcontrol
FDP_ACC.1.1[2]
!he !S hall enforce the Lai"n<ent acce control SB on Lai"n<ent lit of ubHect. obHect. an3
o#eration a<on" ubHect an3 obHect coere3 b the SB
Lai"n<ent lit of ubHect. obHect. an3 o#eration a<on" ubHect an3 obHect coere3 b the SB
*ite3 *ite3 *ite3 *ite3 in in in in D DD D!able !able !able !able 5 55 5 Secure Secure Secure Secure #rint #rint #rint #rint file file file file acce acce acce acce control control control control o#erational o#erational o#erational o#erational li li li lit tt tD DD D
Lai"n<ent acce control SB
Secure Secure Secure Secure #rint #rint #rint #rint fi fi fi file le le le acce acce acce acce control control control control
ierarchical to (o other co<#onent
:e#en3encie :BAC1 $:BAC1L2%
!able!able!able!able 5555 SecureSecureSecureSecure BrintBrintBrintBrint ileileileile Acce Acce Acce Acce ControlControlControlControl '#erational'#erational'#erational'#erational *it*it*it*it
SubHect 'bHect '#erational lit
A AA A ta; ta; ta; ta; to to to to act act act act for for for for a aa a uer uer uer uer Secure Secure Secure Secure Brin Brin Brin Brint tt t ile ile ile ile - -- - *it *it *it *it
- -- - Brint Brint Brint Brint
- -- - +ac; +ac; +ac; +ac;- -- -U UU U# ## #
FDP_ACC.1[3] SubetSubetSubetSubet acceacceacceacce controlcontrolcontrolcontrol
FDP_ACC.1.1[3]
!he !S hall enforce the Lai"n<ent acce control SB on Lai"n<ent lit of ubHect. obHect. an3o#eration a<on" ubHect an3 obHect coere3 b the SB
Lai"n<ent lit of ubHect. obHect. an3 o#eration a<on" ubHect an3 obHect coere3 b the SB
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 39/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
39 / 112
*ite3 *ite3 *ite3 *ite3 in in in in D DD D!able6 !able6 !able6 !able6 Settin" Settin" Settin" Settin" <ana"e<ent <ana"e<ent <ana"e<ent <ana"e<ent acce acce acce acce control control control control o#erational o#erational o#erational o#erational lit lit lit litD DD D
Lai"n<ent acce control SB
Settin" Settin" Settin" Settin" <ana"e<ent <ana"e<ent <ana"e<ent <ana"e<ent acce acce acce acce control control control control
ierarchical to (o other co<#onent
:e#en3encie :BAC1 $:BAC1L%
!able!able!able!able 6666 Settin"Settin"Settin"Settin" Mana"e<entMana"e<entMana"e<entMana"e<ent Acce Acce Acce Acce ControlControlControlControl '#erational'#erational'#erational'#erational *it*it*it*it
SubHect 'bHect '#erational lit
A AA A ta; ta; ta; ta; to to to to act act act act for for for for a aa a uer uer uer uer - -- - SM!B SM!B SM!B SM!B Serer Serer Serer Serer Grou# Grou# Grou# Grou# 'bHect 'bHect 'bHect 'bHect
- -- - :(S :(S :(S :(S Serer Serer Serer Serer Grou# Grou# Grou# Grou# 'bHect 'bHect 'bHect 'bHect
- -- - MB MB MB MB A33re A33re A33re A33re Grou# Grou# Grou# Grou# 'bHect 'bHect 'bHect 'bHect 7 77 7
- -- - BC BC BC BC- -- -A A A A rece#tion rece#tion rece#tion rece#tion ettin" ettin" ettin" ettin" 'bHect 'bHect 'bHect 'bHect
- -- - !ran< !ran< !ran< !ran<iion A33re iion A33re iion A33re iion A33re :ata 'bHect :ata 'bHect :ata 'bHect :ata 'bHect
- -- - Settin" Settin" Settin" Settin"
- -- - etore etore etore etore
FDP_ACC.1[4] Subet acce controlSubet acce controlSubet acce controlSubet acce control
FDP_ACC.1.1[4]!he !S hall enforce the Lai"n<ent acce control SB on Lai"n<ent lit of ubHect. obHect. an3
o#eration a<on" ubHect an3 obHect coere3 b SB
Lai"n<ent lit of ubHect. obHect. an3 o#eration a<on" ubHect an3 obHect coere3 b SB
*ite3 in*ite3 in*ite3 in*ite3 in D DD D!ableR!ableR!ableR!ableR ): N #rint ): N #rint ): N #rint ): N #rint filefilefilefile A AA Accecceccecce C CC Control o#erational lit ontrol o#erational lit ontrol o#erational lit ontrol o#erational litD DD D
Lai"n<ent acce control SB
): N #rint ): N #rint ): N #rint ): N #rint file acce control file acce control file acce control file acce control
ierarchical to (o other co<#onent
:e#en3encie :BAC1 $:BAC1LF%
!able!able!able!able RRRR ): N): N): N): N BBBBrintrintrintrint filefilefilefile Acce Control '#erational *it Acce Control '#erational *it Acce Control '#erational *it Acce Control '#erational *it
SubHect 'bHect '#erational lit
A ta; to act for a uer A ta; to act for a uer A ta; to act for a uer A ta; to act for a uer ): N #rint ): N #rint ): N #rint ): N #rint ile ile ile ile - -- - *it *it *it *it
- -- - Brint Brint Brint Brint
- -- - + ++ +ac;u# ac;u# ac;u# ac;u#
FDP_ACF.1[1] SecuritSecuritSecuritSecurit attributeattributeattributeattribute bae3bae3bae3bae3 acceacceacceacce controlcontrolcontrolcontrol
FDP_ACF.1.1[1]
!he !S hall enforce the Lai"n<ent acce control SB to obHect bae3 on the followin" Lai"n<ent
lit of ubHect an3 obHect controlle3 un3er the in3icate3 SB. an3 for each. the SB-releant ecurit
attribute. or na<e3 "rou# of SB-releant ecurit attribute
Lai"n<ent lit of ubHect an3 obHect controlle3 un3er the in3icate3 SB. an3 for each. the
SB-releant ecurit attribute. or na<e3 "rou# of SB-releant ecurit attribute
8 88 8SubHect SubHect SubHect SubHect9 99 9 8 88 8SubHect SubHect SubHect SubHect attribute attribute attribute attribute9 99 9
- -- - A AA A ta; ta; ta; ta; to to to to act act act act for for for for a aa a uer uer uer uer - -- - Uer Uer Uer Uer Attribute Attribute Attribute Attribute $ $$ $Uer Uer Uer Uer ): ): ): ):% %% %
- -- - Account Account Account Account (a<e (a<e (a<e (a<e $Account $Account $Account $Account ):% ):% ):% ):%
- -- - Uer Uer Uer Uer +o@ +o@ +o@ +o@ Attribute Attribute Attribute Attribute $ $$ $Uer Uer Uer Uer +o@ +o@ +o@ +o@ ): ): ): ):% %% %
- -- - A3<initrator A3<initrator A3<initrator A3<initrator Attribute Attribute Attribute Attribute
- -- ---------------------------------------------------------------------------------------------------------------------------------------------- --------------------------------------------------------------------------------------------------------------------------------------------- --------------------------------------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------------------------------------------------------
8 88 8'bHect 'bHect 'bHect 'bHect9 99 9 8 88 8'bHect 'bHect 'bHect 'bHect attribute attribute attribute attribute9 99 9
- -- - Uer Uer Uer Uer +o@ +o@ +o@ +o@ - -- - Uer Uer Uer Uer Attribute Attribute Attribute Attribute $ $$ $Uer Uer Uer Uer ): ): ): ): or or or or Bublic Bublic Bublic Bublic or or or or Account Account Account Account ): ): ): ):% %% %
- -- - Uer Uer Uer Uer +o@ +o@ +o@ +o@ ile ile ile ile - -- - Uer Uer Uer Uer +o@ +o@ +o@ +o@ Attribute Attribute Attribute Attribute $ $$ $Uer Uer Uer Uer +o@ +o@ +o@ +o@ ): ): ): ):% %% %
Lai"n<ent acce control SB
8 !he MB a33re "rou# obHect i a erie of 3ata concernin" the a33re of the <ain bo3 of MB uch a )B
a33re an3 the A##letal; #rinter na<e
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 40/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
40 / 112
Uer Uer Uer Uer +o@ +o@ +o@ +o@ acce acce acce acce control control control control
FDP_ACF.1.2[1]
!he !S hall enforce the followin" rule to 3eter<ine if an o#eration a<on" controlle3 ubHect an3
controlle3 obHect i allowe3 Lai"n<ent rule "oernin" acce a<on" controlle3 ubHect an3
controlle3 obHect uin" controlle3 o#eration on controlle3 obHect
Lai"n<ent rule "oernin" acce a<on" controlle3 ubHect an3 controlle3 obHect uin" controlle3
o#eration on controlle3 obHect 8 88 8'#eration '#eration '#eration '#eration control control control control to to to to B BB Beronal eronal eronal eronal uer uer uer uer bo@ bo@ bo@ bo@9 99 9
A AA A ta; ta; ta; ta; to to to to act act act act for for for for a aa a uer uer uer uer i i i i #er<itte3 #er<itte3 #er<itte3 #er<itte3 to to to to 3o 3o 3o 3o the the the the lit lit lit lit 3i#la 3i#la 3i#la 3i#la o#eration o#eration o#eration o#eration to to to to the the the the uer uer uer uer bo@ bo@ bo@ bo@ with with with with the the the the uer uer uer uer
attribute attribute attribute attribute of of of of an an an an obHect obHect obHect obHect attribute attribute attribute attribute corre#on3in" corre#on3in" corre#on3in" corre#on3in" to to to to the the the the uer uer uer uer attribute attribute attribute attribute $u $u $u $uer er er er ):% ):% ):% ):% of of of of the the the the ubHect ubHect ubHect ubHect attributeattributeattributeattribute
8 88 8'#eration '#eration '#eration '#eration control control control control to to to to Grou# Grou# Grou# Grou# uer uer uer uer bo@ bo@ bo@ bo@9 99 9
A AA A ta; ta; ta; ta; to to to to act act act act for for for for a aa a uer uer uer uer i i i i #er<itte3 #er<itte3 #er<itte3 #er<itte3 to to to to 3o 3o 3o 3o the the the the lit lit lit lit 3i#la 3i#la 3i#la 3i#la o#eration o#eration o#eration o#eration to to to to the the the the uer uer uer uer bo@ bo@ bo@ bo@ with with with with the the the the Account Account Account Account
(a<e (a<e (a<e (a<e of of of of an an an an ob ob ob obHect Hect Hect Hect attribute attribute attribute attribute corre#on3in" corre#on3in" corre#on3in" corre#on3in" to to to to the the the the Account Account Account Account (a<e (a<e (a<e (a<e $ $$ $account account account account ):% ):% ):% ):% of of of of the the the the ubHect ubHect ubHect ubHect attributeattributeattributeattribute
8 88 8'#eration '#eration '#eration '#eration control control control control to to to to Bublic Bublic Bublic Bublic uer uer uer uer bo@ bo@ bo@ bo@9 99 9
A AA A ta; ta; ta; ta; to to to to act act act act for for for for the the the the uer uer uer uer who who who who i i i i relate3 relate3 relate3 relate3 to to to to the the the the uer uer uer uer attribute attribute attribute attribute $uer $uer $uer $uer ):% ):% ):% ):% i i i i #er<itte3 #er<itte3 #er<itte3 #er<itte3 to to to to 3o 3o 3o 3o the the the the lit lit lit lit
3i#la 3i#la 3i#la 3i#la o#eration o#eration o#eration o#eration to to to to the the the the uer uer uer uer bo@ bo@ bo@ bo@ where where where where D DD DBublic Bublic Bublic BublicD DD D i i i i et et et et to to to to the the the the uer uer uer uer attribute attribute attribute attribute of of of of the the the the obH obH obH obHect ect ect ect attributeattributeattributeattribute
8 88 8'#erational '#erational '#erational '#erational control control control control to to to to Uer Uer Uer Uer bo@ bo@ bo@ bo@ file file file file9 99 9
A AA A ta; ta; ta; ta; to to to to act act act act for for for for a aa a uer uer uer uer i i i i #er<itte3 #er<itte3 #er<itte3 #er<itte3 to to to to #rint #rint #rint #rint.... tran<it tran<it tran<it tran<it $, $, $, $,- -- -<ail <ail <ail <ail tran<iion.tran<iion.tran<iion.tran<iion. !B !B !B !B tran<iion.tran<iion.tran<iion.tran<iion. SM+ SM+ SM+ SM+
tran<iion tran<iion tran<iion tran<iion.... A A A A tran<iion tran<iion tran<iion tran<iion an3 an3 an3 an3 Web:A4 Web:A4 Web:A4 Web:A4 tran<iion tran<iion tran<iion tran<iion%. %. %. %. 3ownloa3.3ownloa3.3ownloa3.3ownloa3. <oe <oe <oe <oe to to to to other other other other uer uer uer uer bo@e bo@e bo@e bo@e....
co# co# co# co# to to to to the the the the other other other other uer uer uer uer bo@e bo@e bo@e bo@e an3 co# toan3 co# toan3 co# toan3 co# to e@ternal e@ternal e@ternal e@ternal <e<or <e<or <e<or <e<or.... to to to to the the the the uer uer uer uer bo@ bo@ bo@ bo@ file file file file that that that that hae hae hae hae the the the the <atche3 <atche3 <atche3 <atche3
the the the the uer uer uer uer bo@ bo@ bo@ bo@ attribute attribute attribute attribute $uer $uer $uer $uer bo@ bo@ bo@ bo@ ):% ):% ):% ):% of of of of the the the the obHect obHect obHect obHect attribute attribute attribute attribute with with with with the the the the uer uer uer uer bo@ bo@ bo@ bo@ attribute attribute attribute attribute of of of of the the the the ubHect ubHect ubHect ubHect
attributeattributeattributeattribute
FDP_ACF.1.3[1]
!he !S hall e@#licitl authorie acce of ubHect to obHect bae3 on the followin" a33itional rule
Lai"n<ent rule. bae3 on ecurit attribute. that e@#licitl authorie acce of ubHect to obHect
Lai"n<ent rule. bae3 on ecurit attribute. that e@#licitl authorie acce of ubHect to obHect
- -- - A AA A ta; ta; ta; ta; to to to to act act act act for for for for the the the the uer uer uer uer that that that that ha ha ha ha an an an an a3<initrator a3<initrator a3<initrator a3<initrator attribute attribute attribute attribute i i i i #er<itte3 #er<itte3 #er<itte3 #er<itte3 to to to to o#erate o#erate o#erate o#erate 3i#lain" 3i#lain" 3i#lain" 3i#lain" of of of of uer uer uer uer
bo@ bo@ bo@ bo@ litlitlitlit
- -- - A AA A ta; ta; ta; ta; to to to to act act act act for for for for the the the the uer uer uer uer that that that that ha ha ha ha an an an an a3<initrator a3<initrator a3<initrator a3<initrator attribute attribute attribute attribute i i i i #er<itte3 #er<itte3 #er<itte3 #er<itte3 to to to to o#erate o#erate o#erate o#erate the the the the bac; bac; bac; bac;- -- -u# u# u# u# the the the the
uer uer uer uer bo@ bo@ bo@ bo@ file file file file
FDP_ACF.1.4[1]
!he !S hall e@#licitl 3en acce of ubHect to obHect bae3 on the followin" a33itional rule
Lai"n<ent rule. bae3 on ecurit attribute that e@#licitl 3en acce of ubHect to obHect
Lai"n<ent rule. bae3 on ecurit attribute. that e@#licitl 3en acce of ubHect to obHect
(one (one (one (one
ierarchical to (o other co<#onent
:e#en3encie :BACC1 $:BACC1L1% . M!MSA $M!MSAL1. M!MSAL%
FDP_ACF.1[2] SecuriSecuriSecuriSecuritttt attributeattributeattributeattribute bae3bae3bae3bae3 acceacceacceacce controlcontrolcontrolcontrol
FDP_ACF.1.1[2]
!he !S hall enforce the Lai"n<ent acce control SB to obHect bae3 on the followin" Lai"n<ent
lit of ubHect an3 obHect controlle3 un3er the in3icate3 SB. an3 for each. the SB-releant ecurit
attribute. or na<e3 "rou# of SB-releant ecurit attribute
Lai"n<ent lit of ubHect an3 obHect controlle3 un3er the in3icate3 SB. an3 for each. the SB-releant
ecurit attribute. or na<e3 "rou# of SB-releant ecurit attribute
8 88 8SubHect SubHect SubHect SubHect9 99 9 8 88 8SubHect SubHect SubHect SubHect attribute attribute attribute attribute9 99 9
- -- - A ta; to act for a uer A ta; to act for a uer A ta; to act for a uer A ta; to act for a uer - -- - ile ile ile ile attribute attribute attribute attribute $ $$ $Secure Secure Secure Secure #rint #rint #rint #rint internal internal internal internal control control control control ): ): ): ):% %% %
- -- - Uer Uer Uer Uer attribute attribute attribute attribute $ $$ $Uer Uer Uer Uer ): ): ): ):% %% %
- -- - A3<initrator A3<initrator A3<initrator A3<initrator attribute attribute attribute attribute
---------------------------------------------------- ---------------------------------------------------- ---------------------------------------------------- ---------------------------------------------------------------------------------------------------------------------------------------------- ------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------8 88 8'bHect 'bHect 'bHect 'bHect9 99 9 8 88 8'bHect 'bHect 'bHect 'bHect attribute attribute attribute attribute9 99 9
- -- - Secure Secure Secure Secure #rint #rint #rint #rint file file file file - -- - ile ile ile ile attribute attribute attribute attribute $ $$ $Secure Secure Secure Secure #rint #rint #rint #rint internal internal internal internal control control control control ): ): ): ):% %% %
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 41/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
41 / 112
Lai"n<ent acce control SB
Secure Secure Secure Secure #rint #rint #rint #rint file file file file acce acce acce acce control control control control
FDP_ACF.1.2[2]
!he !S hall enforce the followin" rule to 3eter<ine if an o#eration a<on" controlle3 ubHect an3
controlle3 obHect i allowe3 Lai"n<ent rule "oernin" acce a<on" controlle3 ubHect an3 controlle3
obHect uin" controlle3 o#eration on controlle3 obHect
Lai"n<ent rule "oernin" acce a<on" controlle3 ubHect an3 controlle3 obHect uin" controlle3o#eration on controlle3 obHect
- -- - A AA A ta; ta; ta; ta; to to to to act act act act for for for for a aa a uer uer uer uer who who who who ha ha ha ha a aa a uer uer uer uer attribute attribute attribute attribute $uer $uer $uer $uer ):% ):% ):% ):% i i i i #er<itte3 #er<itte3 #er<itte3 #er<itte3 to to to to 3i#la 3i#la 3i#la 3i#la the the the the lit lit lit lit of of of of all all all all the the the the ecure ecure ecure ecure
#rint #rint #rint #rint filefilefilefile
- -- - A AA A ta; ta; ta; ta; to to to to act act act act for for for for a aa a uer uer uer uer who who who who ha ha ha ha the the the the file file file file attribute attribute attribute attribute $the $the $the $the ecure ecure ecure ecure #rint #rint #rint #rint internal internal internal internal control control control control ):% ):% ):% ):% i i i i #er<itte3 #er<itte3 #er<itte3 #er<itte3 the the the the
#rint #rint #rint #rint o#eration o#eration o#eration o#eration to to to to the the the the ecure ecure ecure ecure #rint #rint #rint #rint file file file file that that that that ha ha ha ha <atch <atch <atch <atche3 e3 e3 e3 the the the the file file file file attribute attribute attribute attribute $ $$ $ecure ecure ecure ecure #rint #rint #rint #rint internal internal internal internal control control control control
):% ):% ):% ):% with with with with the the the the file file file file attribute attribute attribute attribute $ecure $ecure $ecure $ecure #rint #rint #rint #rint internal internal internal internal control control control control ):%):%):%):%
FDP_ACF.1.3[2]
!he !S hall e@#licitl authorie acce of ubHect to obHect bae3 on the followin" a33itional rule
Lai"n<ent rule. bae3 on ecurit attribute. that e@#licitl authorie acce of ubHect to obHect
Lai"n<ent rule. bae3 on ecurit attribute. that e@#licitl authorie acce of ubHect to obHect
A AA A ta; ta; ta; ta; to to to to act act act act for for for for a aa a uer uer uer uer who who who who ha ha ha ha an an an an a3<initrato a3<initrato a3<initrato a3<initrator rr r attribute attribute attribute attribute i i i i #er<itte3 #er<itte3 #er<itte3 #er<itte3 to to to to bac; bac; bac; bac; u# u# u# u# ecure ecure ecure ecure #rint #rint #rint #rint filefilefilefile
FDP_ACF.1.4[2]!he !S hall e@#licitl 3en acce of ubHect to obHect bae3 on the followin" a33itional rule
Lai"n<ent rule. bae3 on ecurit attribute. that e@#licitl 3en acce of ubHect to obHect
Lai"n<ent rule. bae3 on ecurit attribute. that e@#licitl 3en acce of ubHect to obHect
(one (one (one (one
ierarchical to (o other co<#onent
:e#en3encie :BACC1 $:BACC1L2% . M!MSA $M!MSAL2%
FDP_ACF.1[3] SecuritSecuritSecuritSecurit attributeattributeattributeattribute bae3bae3bae3bae3 acceacceacceacce controlcontrolcontrolcontrol
FDP_ACF.1.1[3]
!he !S hall enforce the Lai"n<ent acce control SB to obHect bae3 on the followin" Lai"n<ent
lit of ubHect an3 obHect controlle3 un3er the in3icate3 SB. an3 for each. the SB-releant ecuritattribute. or na<e3 "rou# of SB-releant ecurit attribute
Lai"n<ent lit of ubHect an3 obHect controlle3 un3er the in3icate3 SB. an3 for each. the
SB-releant ecurit attribute. or na<e3 "rou# of SB-releant ecurit attribute
8 88 8SubHect SubHect SubHect SubHect9 99 9 8 88 8SubHect SubHect SubHect SubHect attribute attribute attribute attribute9 99 9
- -- - A ta; to act for a uer A ta; to act for a uer A ta; to act for a uer A ta; to act for a uer - -- - A3<initrator A3<initrator A3<initrator A3<initrator attribute attribute attribute attribute
----------------------------------------------------------------------------------------------------------------------- ----------------------------------------------------------------------------------------------------------------------- ----------------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------------------------------------------------------- ----------------------- ----------------------- -----------------------
8 88 8'bHect 'bHect 'bHect 'bHect9 99 9
- -- - SM!B SM!B SM!B SM!B erer erer erer erer "rou# "rou# "rou# "rou# obHect obHect obHect obHect
- -- - :(S :(S :(S :(S erer erer erer erer "rou# "rou# "rou# "rou# obHect obHect obHect obHect
- -- - MB MB MB MB a33re a33re a33re a33re "rou# "rou# "rou# "rou# obHect obHect obHect obHect
- -- - BC BC BC BC- -- -A A A A rece#tionrece#tionrece#tionrece#tion ettin" ettin" ettin" ettin" obHect obHect obHect obHect
- -- - !ran<iion A33re !ran<iion A33re !ran<iion A33re !ran<iion A33re 3ata obHect 3ata obHect 3ata obHect 3ata obHect
K KK K (o (o (o (o 'bHect 'bHect 'bHect 'bHect Attribute Attribute Attribute Attribute
Lai"n<ent acce control SB
Settin" Settin" Settin" Settin" <ana" <ana" <ana" <ana"e<ent e<ent e<ent e<ent acce acce acce acce control control control control
FDP_ACF.1.2[3]
!he !S hall enforce the followin" rule to 3eter<ine if an o#eration a<on" controlle3 ubHect an3
controlle3 obHect i allowe3 Lai"n<ent rule "oernin" acce a<on" controlle3 ubHect an3
controlle3 obHect uin" controlle3 o#eration on controlle3 obHect
Lai"n<ent rule "oernin" acce a<on" controlle3 ubHect an3 controlle3 obHect uin" controlle3
o#eration on controlle3 obHect
- -- - A AA A ta; ta; ta; ta; act act act act for for for for a aa a uer uer uer uer who who who who ha ha ha ha a aa a a3<initrator a3<initrator a3<initrator a3<initrator attribute attribute attribute attribute i i i i #er<itte3 #er<itte3 #er<itte3 #er<itte3 t tt to oo o et et et et the the the the SM!B SM!B SM!B SM!B erer erer erer erer "rou# "rou# "rou# "rou#
obHec obHec obHec obHect.t.t.t. the the the the :(S :(S :(S :(S erer erer erer erer "rou# "rou# "rou# "rou# obHect obHect obHect obHect.... the the the the MB MB MB MB a33re a33re a33re a33re "rou# "rou# "rou# "rou# obHect obHect obHect obHect.... the the the the BC BC BC BC- -- -A A A A rece#tion rece#tion rece#tion rece#tion ettin" ettin" ettin" ettin"obHect obHect obHect obHect.... an3 the tran<iion a33re an3 the tran<iion a33re an3 the tran<iion a33re an3 the tran<iion a33re 3ata obHect3ata obHect3ata obHect3ata obHect an3 an3 an3 an3 to to to to o#erate o#erate o#erate o#erate the the the the retoration retoration retoration retoration
FDP_ACF.1.3[3]
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 42/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
42 / 112
!he !S hall e@#licitl authorie acce of ubHect to obHect bae3 on the followin" a33itional rule
Lai"n<ent rule. bae3 on ecurit attribute. that e@#licitl authorie acce of ubHect to obHect
Lai"n<ent rule. bae3 on ecurit attribute. that e@#licitl authorie acce of ubHect to obHect
(one (one (one (one
FDP_ACF.1.4[3]
!he !S hall e@#licitl 3en acce of ubHect to obHect bae3 on the followin" a33itional rule
Lai"n<ent rule. bae3 on ecurit attribute. that e@#licitl 3en acce of ubHect to obHectLai"n<ent rule. bae3 on ecurit attribute. that e@#licitl 3en acce of ubHect to obHect
(one (one (one (one
ierarchical to (o other co<#onent
:e#en3encie :BACC1 $:BACC1L% . M!MSA $(/A%
FDP_ACF.1[4] Securit attribute bae3 acce controlSecurit attribute bae3 acce controlSecurit attribute bae3 acce controlSecurit attribute bae3 acce control
FDP_ACF.1.1[4]
!he !S hall enforce the Lai"n<ent acce control SB to obHect bae3 on the followin" Lai"n<ent
lit of the ubHect an3 obHect controlle3 un3er the in3icate3 SB. an3 for each. SB-releant ecurit
attribute. or na<e3 "rou# of SB-releant ecurit attribute
Lai"n<ent lit of the ubHect an3 obHect controlle3 un3er the in3icate3 SB. an3 for each.
SB-releant ecurit attribute. or na<e3 "rou# of SB-releant ecurit attribute
8SubHect98SubHect98SubHect98SubHect9 8SubHect attribute9 8SubHect attribute9 8SubHect attribute9 8SubHect attribute9
- -- - A ta; to act for a uer A ta; to act for a uer A ta; to act for a uer A ta; to act for a uer - -- - Uer attribute $uer ):% Uer attribute $uer ):% Uer attribute $uer ):% Uer attribute $uer ):%
- -- - A3<initrator attribute A3<initrator attribute A3<initrator attribute A3<initrator attribute
------------------------------------------------------------ ------------------------------------------------------------ ------------------------------------------------------------ ---------------------------------------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------- ---------------------------------------------------------------------------------- ----------------------------------------------------------------------------------
8'bHect98'bHect98'bHect98'bHect9 8'bHect attribute9 8'bHect attribute9 8'bHect attribute9 8'bHect attribute9
- -- - ): N #rint ): N #rint ): N #rint ): N #rint filefilefilefile - -- - Uer attribute $uer ):% Uer attribute $uer ):% Uer attribute $uer ):% Uer attribute $uer ):%
Lai"n<ent acce control SB
): N #rint ): N #rint ): N #rint ): N #rint file acc file acc file acc file acce e e e control control control control
FDP_ACF.1.2[4]
!he !S hall enforce the followin" rule to 3eter<ine if an o#eration a<on" controlle3 ubHect an3controlle3 obHect i allowe3 Lai"n<ent rule "oernin" acce a<on" controlle3 ubHect an3
controlle3 obHect uin" controlle3 o#eration on controlle3 obHect
Lai"n<ent rule "oernin" acce ue3 for controlle3 o#eration to controlle3 obHect a<on" controlle3
ubHect an3 controlle3 obHect
- -- - A ta; A ta; A ta; A ta; to actto actto actto act forforforfor a uer a uer a uer a uer i #er<itte3 t i #er<itte3 t i #er<itte3 t i #er<itte3 toooo lit an3 #rint lit an3 #rint lit an3 #rint lit an3 #rint the the the the ): N): N): N): N #rint #rint #rint #rint file whoe uer attribute of thefile whoe uer attribute of thefile whoe uer attribute of thefile whoe uer attribute of the
obHect attributeobHect attributeobHect attributeobHect attribute are eIual toare eIual toare eIual toare eIual to thoe of the ubHect attribute $uer ):% thoe of the ubHect attribute $uer ):% thoe of the ubHect attribute $uer ):% thoe of the ubHect attribute $uer ):%
FDP_ACF.1.3[4]
!he !S hall e@#licitl authorie acce of ubHect to obHect bae3 on the followin" u##le<ental rule
Lai"n<ent rule. bae3 on ecurit attribute. that e@#licitl authorie acce of ubHect to obHect
Lai"n<ent rule. bae3 on ecurit attribute. that e@#licitl authorie acce of ubHect to obHect
A ta; A ta; A ta; A ta; to actto actto actto act for a uer with the a3<initrator a for a uer with the a3<initrator a for a uer with the a3<initrator a for a uer with the a3<initrator attribute i #er<itte3 to bac; u#ttribute i #er<itte3 to bac; u#ttribute i #er<itte3 to bac; u#ttribute i #er<itte3 to bac; u# ): N #rint ): N #rint ): N #rint ): N #rint file file file file
FDP_ACF.1.4[4]!he !S hall e@#licitl 3en acce of ubHect to obHect bae3 on the followin" a33itional rule
Lai"n<ent rule. bae3 on ecurit attribute. that e@#licitl 3en acce of ubHect to obHect
Lai"n<ent rule. bae3 on ecurit attribute. that e@#licitl 3en acce of ubHect to obHect
(one (one (one (one
ierarchical to (o other co<#onent
:e#en3encie :BACC1 $:BACC1LF% . M!MSA $M!MSALF%
FDP_IFC.1 Subet infor<ation flow controlSubet infor<ation flow controlSubet infor<ation flow controlSubet infor<ation flow control
FDP_IFC.1.1
!he !S hall enforce the Lai"n<ent infor<ation flow control SB on Lai"n<ent lit of ubHect.infor<ation. an3 o#eration that caue controlle3 infor<ation to flow to an3 fro< controlle3 ubHect
coere3 b the SB
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 43/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
43 / 112
Lai"n<ent lit of ubHect. infor<ation. an3 o#eration that caue controlle3 infor<ation to flow to an3
fro< controlle3 ubHect coere3 b the SB
8SubHect9 8SubHect9 8SubHect9 8SubHect9
- -- - ece#tion fro< a@ unit ece#tion fro< a@ unit ece#tion fro< a@ unit ece#tion fro< a@ unit
8 88 8) )) )nfor<ation nfor<ation nfor<ation nfor<ation9 99 9
- -- - eceie3 3ata fro< #ubliceceie3 3ata fro< #ubliceceie3 3ata fro< #ubliceceie3 3ata fro< #ublic line line line line
8 88 8' '' '#eration #eration #eration #eration9 99 9- -- - Sen3 to internal networ; Sen3 to internal networ; Sen3 to internal networ; Sen3 to internal networ;
Lai"n<ent infor<ation flow control SB
a@a@a@a@ infor<ation flow control infor<ation flow control infor<ation flow control infor<ation flow control
ierarchical to (o other co<#onent
:e#en3encie :B)1$:B)1%
FDP_IFF.1 Si<#le ecurit attributeSi<#le ecurit attributeSi<#le ecurit attributeSi<#le ecurit attribute
FDP_IFF.1.1
!he !S hall enforce the Lai"n<ent infor<ation flow control SB bae3 on the followin" t#e of
ubHect an3 infor<ation ecurit attribute Lai"n<ent lit of ubHect an3 infor<ation controlle3 un3er
the in3icate3 SB. an3 for each. the ecurit attribute
Lai"n<ent infor<ation flow control SB
a@a@a@a@ infor<ation flow control infor<ation flow control infor<ation flow control infor<ation flow control
Lai"n<ent lit of ubHect an3 infor<ation controlle3 un3er the in3icate3 SB. an3 for each. the
ecurit attribute
8SubHect9 8SubHect9 8SubHect9 8SubHect9
- -- - ece#tion fro< a@ unit ece#tion fro< a@ unit ece#tion fro< a@ unit ece#tion fro< a@ unit
8) 8) 8) 8)nfor<ation nfor<ation nfor<ation nfor<ation9 99 9
- -- - eceie3 3ata fro< #ublic line eceie3 3ata fro< #ublic line eceie3 3ata fro< #ublic line eceie3 3ata fro< #ublic line
8S 8S 8S 8Securit attribute ecurit attribute ecurit attribute ecurit attribute9 99 9
- -- - )<a"e 3ata attribute )<a"e 3ata attribute )<a"e 3ata attribute )<a"e 3ata attribute
- -- - :ata attribute:ata attribute:ata attribute:ata attribute other than other than other than other than i<a"e 3ata i<a"e 3ata i<a"e 3ata i<a"e 3ata
FDP_IFF.1.2!he !S hall #er<it an infor<ation flow between a controlle3 ubHect an3 controlle3 infor<ation ia a
controlle3 o#eration if the followin" rule hol3 Lai"n<ent for each o#eration. the ecurit
attribute-bae3 relationhi# that <ut hol3 between ubHect an3 infor<ation ecurit attribute
Lai"n<ent for each o#eration. the ecurit attribute-bae3 relationhi# that <ut hol3 between ubHect
an3 infor<ation ecurit attribute
: :: :oe notoe notoe notoe not en3 en3 en3 en3 3ata3ata3ata3ata other than other than other than other than i<a"e 3ata receie3 fro< A unit to internal networ; i<a"e 3ata receie3 fro< A unit to internal networ; i<a"e 3ata receie3 fro< A unit to internal networ; i<a"e 3ata receie3 fro< A unit to internal networ;
FDP_IFF.1.3
!he !S hall enforce the Lai"n<ent a33itional infor<ation flow control SB rule
Lai"n<ent a33itional infor<ation flow control SB rule
(one (one (one (one
FDP_IFF.1.4
!he !S hall e@#licitl authorie an infor<ation flow bae3 on the followin" rule Lai"n<ent rule.bae3 on ecurit attribute. that e@#licitl authorie infor<ation flow
Lai"n<ent rule. bae3 on ecurit attribute. that e@#licitl authorie infor<ation flow
(one (one (one (one
FDP_IFF.1.5
!he !S hall e@#licitl 3en an infor<ation flow bae3 on the followin" rule Lai"n<ent rule. bae3
on ecurit attribute. that e@#licitl 3en infor<ation flow
Lai"n<ent rule. bae3 on ecurit attribute. that e@#licitl 3en infor<ation flow
(one (one (one (one
ierarchical to (o other co<#onent
:e#en3encie :B)C1$:B)C1% . M!MSA $(/A%
611611611611 )3entification an3 Authentication
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 44/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
44 / 112
FIA_AFL.1[1] Authentication Authentication Authentication Authentication failurefailurefailurefailure han3lin"han3lin"han3lin"han3lin"
FIA_AFL.1.1[1]
!he !S hall 3etect when Lelection Lai"n<ent #oitie inte"er nu<ber. an a3<initrator
confi"urable #oitie inte"er within Lai"n<ent ran"e of acce#table alue unucceful
authentication atte<#t occur relate3 to Lai"n<ent lit of authentication eent Lai"n<ent lit of authentication eent
- -- - Authentication Authentication Authentication Authentication for for for for accein" accein" accein" accein" the the the the erice erice erice erice <o3e <o3e <o3e <o3e
- -- - e e e e- -- -authentication authentication authentication authentication for for for for chan"in" chan"in" chan"in" chan"in" the the the the C, C, C, C, #awor3 #awor3 #awor3 #awor3
Lelection Lai"n<ent #oitie inte"er nu<ber. an a3<initrator confi"urable #oitie inte"er
within Lai"n<ent ran"e of acce#table alue
Lai"n<ent Lai"n<ent Lai"n<ent Lai"n<ent ran"e ran"e ran"e ran"e of of of of acce#table acce#table acce#table acce#table alue alue alue alue an an an an a3<initrator a3<initrator a3<initrator a3<initrator confi"urable confi"urable confi"urable confi"urable #oitie #oitie #oitie #oitie inte"er inte"er inte"er inte"er within within within within 1 11 1- -- -
FIA_AFL.1.2[1]
When the 3efine3 nu<ber of unucceful authentication atte<#t ha been Lelection <et.
ur#ae3 . the !S hall Lai"n<ent lit of action
Lelection <et. ur#ae3
Met Met Met Met
Lai"n<ent lit of action 8 88 8Action Action Action Action whe whe whe when nn n it it it it i i i i 3etecte3 3etecte3 3etecte3 3etecte39 99 9
- -- - *o" *o" *o" *o" off off off off fro< fro< fro< fro< the the the the authentication authentication authentication authentication tatu tatu tatu tatu of of of of the the the the erice erice erice erice <o3e <o3e <o3e <o3e if if if if it it it it i.i.i.i. an3 an3 an3 an3 loc; loc; loc; loc; the the the the a aa authentication uthentication uthentication uthentication
function function function function which which which which u u u ue e e e the the the the C, C, C, C, #awor3 #awor3 #awor3 #awor3
- -- - )f )f )f )f it it it it not not not not un3er un3er un3er un3er the the the the authentication authentication authentication authentication tatu.tatu.tatu.tatu. loc; loc; loc; loc; the the the the authentication authentication authentication authentication function function function function which which which which ue ue ue ue the the the the C, C, C, C,
#a #a #a #awor3wor3wor3wor3
8 88 8'#eration '#eration '#eration '#eration for for for for recoerin" recoerin" recoerin" recoerin" the the the the nor<al nor<al nor<al nor<al con3ition con3ition con3ition con3ition9 99 9
Berfor< Berfor< Berfor< Berfor< the the the the loc; loc; loc; loc; releae releae releae releae function function function function of of of of C, C, C, C, a aa authentication uthentication uthentication uthentication b b b b #ecific #ecific #ecific #ecific o#erationo#erationo#erationo#eration
$When $When $When $When t tt ti<e i<e i<e i<e et inet inet inet in the releae ti<e ettin"the releae ti<e ettin"the releae ti<e ettin"the releae ti<e ettin" of o#eration #rohibitionof o#eration #rohibitionof o#eration #rohibitionof o#eration #rohibition forforforfor C, C, C, C, authenticationauthenticationauthenticationauthentication #ae3 #ae3 #ae3 #ae3
fro< fro< fro< fro< #ecific #ecific #ecific #ecific o#eration.o#eration.o#eration.o#eration. t tt the he he he releae releae releae releae #roce #roce #roce #roce i i i i #erfor<e3% #erfor<e3% #erfor<e3% #erfor<e3%
ierarchical to (o other co<#onent
:e#en3encie )AUAU1 $)AUAU2L1%
FIA_AFL.1[2] Authentication Authentication Authentication Authentication failurefailurefailurefailure han3lin"han3lin"han3lin"han3lin"
FIA_AFL.1.1[2]
!he !S hall 3etect when Lelection Lai"n<ent #oitie inte"er nu<ber. an a3<initrator
confi"urable #oitie inte"er within Lai"n<ent ran"e of acce#table alue unucceful
authentication atte<#t occur relate3 to Lai"n<ent lit of authentication eent Lai"n<ent lit of authentication eent
- -- - Au Au Au Authentication thentication thentication thentication for for for for accein" accein" accein" accein" the the the the a3<initrator a3<initrator a3<initrator a3<initrator <o3e <o3e <o3e <o3e
- -- - e e e e- -- -authentication authentication authentication authentication for for for for chan"in" chan"in" chan"in" chan"in" the the the the a3<initrator a3<initrator a3<initrator a3<initrator #awor3 #awor3 #awor3 #awor3
Lelection Lai"n<ent #oitie inte"er nu<ber. an a3<initrator confi"urable #oitie inte"er
within Lai"n<ent ran"e of acce#table alue L LL Lai"n<ent ai"n<ent ai"n<ent ai"n<ent ran"e ran"e ran"e ran"e of of of of acce#table acce#table acce#table acce#table alue alue alue alue an an an an a3<initrator a3<initrator a3<initrator a3<initrator confi"urable confi"urable confi"urable confi"urable #oitie #oitie #oitie #oitie inte"er inte"er inte"er inte"er within within within within 1 11 1- -- -
FIA_AFL.1.2[2]
When the 3efine3 nu<ber of unucceful authentication atte<#t ha been Lelection <et.
ur#ae3 . the !S hall Lai"n<ent lit of action
Lelection <et. ur#ae3
Met Met Met Met
Lai"n<ent lit of action
8 88 8Action Action Action Action when when when when it it it it i i i i 3etecte3 3etecte3 3etecte3 3etecte39 99 9
- -- - *o" *o" *o" *o" off off off off fro< fro< fro< fro< the the the the authentication authentication authentication authentication tatu tatu tatu tatu of of of of the the the the a3<initrator a3<initrator a3<initrator a3<initrator <o3e <o3e <o3e <o3e if if if if it it it it i.i.i.i. an3 an3 an3 an3 loc; loc; loc; loc; the the the the a aa authentication uthentication uthentication uthentication
function function function function which which which which u u u ue e e e the the the the a3<ini a3<ini a3<ini a3<initrator trator trator trator #awor3 #awor3 #awor3 #awor3
- -- - )f )f )f )f it it it itJ JJ J not not not not un3er un3er un3er un3er the the the the authentication authentication authentication authentication tatu.tatu.tatu.tatu. loc; loc; loc; loc; the the the the authentication authentication authentication authentication function function function function which which which which ue ue ue ue the the the the
a3<initrator a3<initrator a3<initrator a3<initrator #awor3 #awor3 #awor3 #awor38 88 8'#eration '#eration '#eration '#eration for for for for recoerin" recoerin" recoerin" recoerin" the the the the nor<al nor<al nor<al nor<al con3ition con3ition con3ition con3ition9 99 9
- -- - B BB Berfor< erfor< erfor< erfor< the the the the boot boot boot boot #roce #roce #roce #roce of of of of the the the the !',!',!',!', $eleae $eleae $eleae $eleae # ## #roce roce roce roce i i i i #erfor<e3 #erfor<e3 #erfor<e3 #erfor<e3 af af af after ter ter ter ti<e et inti<e et inti<e et inti<e et in the releae ti<ethe releae ti<ethe releae ti<ethe releae ti<e
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 45/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
45 / 112
ettin"ettin"ettin"ettin" of o#eration #rohibitionof o#eration #rohibitionof o#eration #rohibitionof o#eration #rohibition forforforfor A3<initrator A3<initrator A3<initrator A3<initrator authenticationauthenticationauthenticationauthentication #ae3 #ae3 #ae3 #ae3 b b b b the the the the boot boot boot boot #roce #roce #roce #roce% %% %
ierarchical to (o other co<#onent
:e#en3encie )AUAU1 $)AUAU2L2%
FIA_AFL.1[3] Authentication Authentication Authentication Authentication failurefailurefailurefailure han3han3han3han3lin"lin"lin"lin"
FIA_AFL.1.1[3]
!he !S hall 3etect when Lelection Lai"n<ent #oitie inte"er nu<ber. an a3<initrator
confi"urable #oitie inte"er within Lai"n<ent ran"e of acce#table alue unucceful
authentication atte<#t occur relate3 to Lai"n<ent lit of authentication eent Lai"n<ent lit of authentication eent
- -- - Authentication Authentication Authentication Authentication for for for for accein" accein" accein" accein" the the the the M)+ M)+ M)+ M)+ obHect obHect obHect obHect throu"h throu"h throu"h throu"h S(MB S(MB S(MB S(MB
Lelection Lai"n<ent #oitie inte"er nu<ber. an a3<initrator confi"urable #oitie inte"er
within Lai"n<ent ran"e of acce#table alue
L LL Lai"n<ent ai"n<ent ai"n<ent ai"n<ent ran"e ran"e ran"e ran"e of of of of acce#table acce#table acce#table acce#table alue alue alue alue an an an an a3<initrator a3<initrator a3<initrator a3<initrator confi"urable confi"urable confi"urable confi"urable #oitie #oitie #oitie #oitie inte"er inte"er inte"er inte"er within within within within 1 11 1- -- -
FIA_AFL.1.2[3]
When the 3efine3 nu<ber of unucceful authentication atte<#t ha been Lelection <et.
ur#ae3 . the !S hall Lai"n<ent lit of action
Lelection <et. ur#ae3
Met Met Met Met
Lai"n<ent lit of action
8 88 8Action Action Action Action when when when when it it it it i i i i 3etecte3 3etecte3 3etecte3 3etecte39 99 9
:en :en :en :en the the the the acce acce acce acce to to to to the the the the M)+ M)+ M)+ M)+ obHect obHect obHect obHect an3 an3 an3 an3 loc; loc; loc; loc; the the the the authentication authentication authentication authentication function function function function to to to to ue ue ue ue S(MB S(MB S(MB S(MB #awor3 #awor3 #awor3 #awor3
8 88 8'#e '#e '#e '#eration ration ration ration for for for for recoerin" recoerin" recoerin" recoerin" the the the the nor<al nor<al nor<al nor<al con3ition con3ition con3ition con3ition9 99 9
- -- - Berfor< Berfor< Berfor< Berfor< the the the the 3elete 3elete 3elete 3elete function function function function of of of of authentication authentication authentication authentication failure failure failure failure freIuenc freIuenc freIuenc freIuenc offere3 offere3 offere3 offere3 within within within within the the the the a3<initrator a3<initrator a3<initrator a3<initrator
<o3e<o3e<o3e<o3e
ierarchical to (o other co<#onent
:e#en3encie )AUAU1 $)AUAU2L2%
FIA_AFL.1[4] Authen Authen Authen Authenticationticationticationtication failurefailurefailurefailure han3lin"han3lin"han3lin"han3lin"
FIA_AFL.1.1[4]
!he !S hall 3etect when Lelection Lai"n<ent #oitie inte"er nu<ber. an a3<initrator
confi"urable #oitie inte"er within Lai"n<ent ran"e of acce#table alue unucceful
authentication atte<#t occur relate3 to Lai"n<ent lit of authentication eent Lai"n<ent lit of authentication eent
- -- - Authentication Authentication Authentication Authentication for for for for accein" accein" accein" accein" the the the the !', !', !', !', b b b b uer uer uer uer
- -- - e e e e- -- -authentication when a uer chan"e hi/her own uer #awor3 authentication when a uer chan"e hi/her own uer #awor3 authentication when a uer chan"e hi/her own uer #awor3 authentication when a uer chan"e hi/her own uer #awor3
Lelection Lai"n<ent #oitie inte"er nu<ber. an a3<initrator confi"urable #oitie inte"er
within Lai"n<ent ran"e of acce#table alue
Lai"n<ent Lai"n<ent Lai"n<ent Lai"n<ent ran"e ran"e ran"e ran"e of of of of acce#table acce#table acce#table acce#table alue alue alue alue an an an an a3<initrator a3<initrator a3<initrator a3<initrator confi"urable confi"urable confi"urable confi"urable #oitie #oitie #oitie #oitie inte"er inte"er inte"er inte"er within within within within 1 11 1- -- - FIA_AFL.1.2[4]
When the 3efine3 nu<ber of unucceful authentication atte<#t ha been Lelection <et.
ur#ae3. the !S hall Lai"n<ent lit of action
Lelection <et. ur#ae3
Met Met Met Met
Lai"n<ent lit of action
8 88 8Action Action Action Action when when when when it it it it i i i i 3etecte3 3etecte3 3etecte3 3etecte39 99 9
- -- - While While While While authenticationauthenticationauthenticationauthentication iiii #erfor<e3 #erfor<e3 #erfor<e3 #erfor<e3. lo" . lo" . lo" . lo" off off off off fro< fro< fro< fro< the the the the authentication authentication authentication authentication tatu tatu tatu tatu of of of of the the the the uer.uer.uer.uer. an3 an3 an3 an3 loc; loc; loc; loc; the the the the
a aa authentication uthentication uthentication uthentication function function function function for for for for the the the the ueruerueruer
- -- - 'therwie. loc; the authentication function for'therwie. loc; the authentication function for'therwie. loc; the authentication function for'therwie. loc; the authentication function for uin" the uer #awor3uin" the uer #awor3uin" the uer #awor3uin" the uer #awor3
8 88 8'#eration '#eration '#eration '#eration for for for for recoerin" recoerin" recoerin" recoerin" the the the the nor<al nor<al nor<al nor<al con3ition con3ition con3ition con3ition9 99 9
- -- - Berfor< Berfor< Berfor< Berfor< the the the the 3e 3e 3e 3elete lete lete lete function function function function of of of of authentication authentication authentication authentication failure failure failure failure freIuenc freIuenc freIuenc freIuenc offere3 offere3 offere3 offere3 within within within within the the the the a3<initrator a3<initrator a3<initrator a3<initrator
<o3e<o3e<o3e<o3e
ierarchical to (o other co<#onent
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 46/112
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 47/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
47 / 112
FIA_AFL.1[7] Authentication Authentication Authentication Authentication faifaifaifailurelurelurelure han3lin"han3lin"han3lin"han3lin"
FIA_AFL.1.1[7]
!he !S hall 3etect when Lelection Lai"n<ent #oitie inte"er nu<ber. an a3<initrator
confi"urable #oitie inte"er within Lai"n<ent ran"e of acce#table alue unucceful
authentication atte<#t occur relate3 to Lai"n<ent lit of authentication eent Lai"n<ent lit of authentication eent
- -- - Account Account Account Account authentication authentication authentication authentication Account Account Account Account authentication authentication authentication authentication when when when when the the the the belon"in" belon"in" belon"in" belon"in" account account account account of of of of the the the the uer uer uer uer who who who who
accee accee accee accee in in in in the the the the nchronize3 nchronize3 nchronize3 nchronize3 <etho3 <etho3 <etho3 <etho3 i i i i not not not not re"itere3re"itere3re"itere3re"itere3
- -- - Account Account Account Account a aa authentication uthentication uthentication uthentication Account Account Account Account authentication authentication authentication authentication of of of of the the the the uer uer uer uer who who who who accee accee accee accee in in in in the the the the <etho3 <etho3 <etho3 <etho3 not not not not
nchronize3 nchronize3 nchronize3 nchronize3
Lelection Lai"n<ent #oitie inte"er nu<ber. an a3<initrator confi"urable #oitie inte"er
within Lai"n<ent ran"e of acce#table alue
Lai"n<en Lai"n<en Lai"n<en Lai"n<ent t t t ran"e ran"e ran"e ran"e of of of of acce#table acce#table acce#table acce#table alue alue alue alue an an an an a3<initrator a3<initrator a3<initrator a3<initrator confi"urable confi"urable confi"urable confi"urable #oitie #oitie #oitie #oitie inte"er inte"er inte"er inte"er within within within within 1 11 1- -- -
FIA_AFL.1.2[7]
When the 3efine3 nu<ber of unucceful authentication atte<#t ha been Lelection <et.
ur#ae3 . the !S hall Lai"n<ent lit of action
Lelection <et. ur#ae3
Met Met Met MetLai"n<ent lit of action
8 88 8Action Action Action Action when when when when it it it it i i i i 3etecte3 3etecte3 3etecte3 3etecte39 99 9
*oc; *oc; *oc; *oc; the the the the authentication authentication authentication authentication function function function function for for for for the the the the concerne3 concerne3 concerne3 concerne3 account.account.account.account. an3 an3 an3 an3 3en 3en 3en 3en the the the the acce acce acce acce to to to to the the the the !', !', !', !', b b b b the the the the
uer uer uer uer who who who who #er<itte3 #er<itte3 #er<itte3 #er<itte3 the the the the ue ue ue ue of of of of the the the the accountaccountaccountaccount
8 88 8'#eration '#eration '#eration '#eration for for for for recoerin" recoerin" recoerin" recoerin" the the the the nor<al nor<al nor<al nor<al con3ition con3ition con3ition con3ition9 99 9
Berfor< Berfor< Berfor< Berfor< the the the the 3elete 3elete 3elete 3elete function function function function of of of of authentication authentication authentication authentication failure failure failure failure freIuenc freIuenc freIuenc freIuenc offere3 offere3 offere3 offere3 within within within within the the the the a3<initrator a3<initrator a3<initrator a3<initrator
<o3e<o3e<o3e<o3e
ierarchical to (o other co<#onent
:e#en3encie )AUAU1 $)AUAU1L2%
FIA_AFL.1[8] Authentication Authentication Authentication Authentication failurefailurefailurefailure han3lin"han3lin"han3lin"han3lin"
FIA_AFL.1.1[8]
!he !S hall 3etect when Lelection Lai"n<ent #oitie inte"er nu<ber. an a3<initrator
confi"urable #oitie inte"er within Lai"n<ent ran"e of acce#table alue unucceful
authentication atte<#t occur relate3 to Lai"n<ent lit of authentication eent Lai"n<ent lit of authentication eent
- -- - Authentication Authentication Authentication Authentication when when when when it it it it accee accee accee accee erice erice erice erice <o3e <o3e <o3e <o3e fro< the #anel fro< the #anel fro< the #anel fro< the #anel
- -- - Authentication Authentication Authentication Authentication when when when when it it it it accee accee accee accee a3<initrator a3<initrator a3<initrator a3<initrator <o3e <o3e <o3e <o3e fro< fro< fro< fro< the the the the #anel #anel #anel #anel
- -- - Uer Uer Uer Uer authentication authentication authentication authentication wh wh wh when en en en uer uer uer uer accee accee accee accee !', !', !', !', fro< fro< fro< fro< the the the the #anel #anel #anel #anel
- -- - Account Account Account Account authentication authentication authentication authentication when when when when uer uer uer uer accee accee accee accee !', !', !', !', fro< fro< fro< fro< the the the the #anel #anel #anel #anel
- -- - Authentication Authentication Authentication Authentication when when when when it it it it accee accee accee accee ecure ecure ecure ecure #rint #rint #rint #rint file file file file fro< the #anel fro< the #anel fro< the #anel fro< the #anel
- -- - Authentication Authentication Authentication Authentication when when when when it it it it accee accee accee accee Bublic Bublic Bublic Bublic uer uer uer uer bo@ bo@ bo@ bo@ fro< fro< fro< fro< the the the the #anel #anel #anel #anel
Lelection Lai"n<ent #oitie inte"er nu<ber. an a3<initrator confi"urable #oitie inte"erwithin Lai"n<ent ran"e of acce#table alue
Lai"n<ent Lai"n<ent Lai"n<ent Lai"n<ent #oitie #oitie #oitie #oitie inte"er inte"er inte"er inte"er nu<ber nu<ber nu<ber nu<ber 1 11 1
FIA_AFL.1.2[8]
When the 3efine3 nu<ber of unucceful authentication atte<#t ha been Lelection <et.
ur#ae3 . the !S hall Lai"n<ent lit of action
Lelection <et. ur#ae3
Met Met Met Met
Lai"n<ent lit of action
8 88 8Action Action Action Action when when when when it it it it i i i i 3etecte3 3etecte3 3etecte3 3etecte39 99 9
:en :en :en :en all all all all acce acce acce acce fro< fro< fro< fro< the the the the #anel #anel #anel #anel
8 88 8'#eration '#eration '#eration '#eration for for for for recoerin" recoerin" recoerin" recoerin" the the the the nor<al nor<al nor<al nor<al co co co con3ition n3ition n3ition n3ition9 99 9
Auto<aticall Auto<aticall Auto<aticall Auto<aticall releae releae releae releae the the the the loc; loc; loc; loc; after after after after 5 55 5 econ3econ3econ3econ3ierarchical to (o other co<#onent
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 48/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
48 / 112
:e#en3encie )AUAU1$)AUAU2L1. )AUAU2L2. )AUAU1L1. )AUAU2L.
)AUAU2LF. )AUAU1L2%
FIA_AFL.1[9] Authentication failure han3lin" Authentication failure han3lin" Authentication failure han3lin" Authentication failure han3lin"
FIA_AFL.1.1[9]!he !S hall 3etect when Lelection Lai"n<ent #oitie inte"er nu<ber. an a3<initrator
confi"urable #oitie inte"er within Lai"n<ent ran"e of acce#table alue unucceful
authentication atte<#t occur relate3 to Lai"n<ent lit of authentication eent Lai"n<ent lit of authentication eent
- -- - Authentication when Authentication when Authentication when Authentication when accein" b Web:A4 accein" b Web:A4 accein" b Web:A4 accein" b Web:A4
Lelection Lai"n<ent #oitie inte"er nu<ber. an a3<initrator confi"urable #oitie inte"er
within Lai"n<ent ran"e of acce#table alue
Lai"n<entLai"n<entLai"n<entLai"n<ent ran"e ofran"e ofran"e ofran"e of acce#table acce#table acce#table acce#table alue alue alue alue an a3<initrator confi"urable #oitie inte"er within 1 an a3<initrator confi"urable #oitie inte"er within 1 an a3<initrator confi"urable #oitie inte"er within 1 an a3<initrator confi"urable #oitie inte"er within 1- -- -
FIA_AFL.1.2[9]
When the 3efine3 nu<ber of unucceful authentication atte<#t ha been Lelection <et.
ur#ae3. the !S hall Lai"n<ent lit of action
Lelection <et. ur#ae3
Met Met Met Met
Lai"n<ent lit of action
8Action when it i 3etecte39 8Action when it i 3etecte39 8Action when it i 3etecte39 8Action when it i 3etecte39
:en:en:en:en thethethethe acceacceacceacce b Web:A4. an3 loc; the authentication function which ue theb Web:A4. an3 loc; the authentication function which ue theb Web:A4. an3 loc; the authentication function which ue theb Web:A4. an3 loc; the authentication function which ue the Web:A4 Web:A4 Web:A4 Web:A4 erererererererer
#awor3 #awor3 #awor3 #awor3
8'#eration for 8'#eration for 8'#eration for 8'#eration for recoerin" the nor<al con3ition9 recoerin" the nor<al con3ition9 recoerin" the nor<al con3ition9 recoerin" the nor<al con3ition9
Berfor< Berfor< Berfor< Berfor< thethethethe 3elete 3elete 3elete 3elete function of the authentication failurefunction of the authentication failurefunction of the authentication failurefunction of the authentication failure freIuenc offere3 with freIuenc offere3 with freIuenc offere3 with freIuenc offere3 within the a3<initratorin the a3<initratorin the a3<initratorin the a3<initrator
<o3e<o3e<o3e<o3e
ierarchical to (o other co<#onent
:e#en3encie )AUAU1 $)AUAU2L2%
FIA_ATD.1 UerUerUerUer attributeattributeattributeattribute 3ef 3ef 3ef 3efinitioninitioninitioninition
FIA_ATD.1.1
!he !S hall <aintain the followin" lit of ecurit attribute belon"in" to in3ii3ual uer
Lai"n<ent lit of ecurit attribute
Lai"n<ent lit of ecurit attribute
- -- - Uer Uer Uer Uer attribute attribute attribute attribute $Uer $Uer $Uer $Uer ):% ):% ):% ):%
- -- - Uer Uer Uer Uer bo@ bo@ bo@ bo@ attri attri attri attribute bute bute bute $ $$ $Uer Uer Uer Uer bo@ bo@ bo@ bo@ ): ): ): ):% %% %
- -- - ile ile ile ile attribute attribute attribute attribute $ $$ $Secure Secure Secure Secure #rint #rint #rint #rint internal internal internal internal control control control control ): ): ): ):% %% %
- -- - Account Account Account Account na<e na<e na<e na<e $Account $Account $Account $Account ):% ):% ):% ):%
- -- - A3<initrator A3<initrator A3<initrator A3<initrator Attribute Attribute Attribute Attribute
ierarchical to (o other co<#onent:e#en3encie (o 3e#en3encie
FIA_SOS.1[1] 4erification 4erification 4erification 4erification of of of of ecretecretecretecret
FIA_SOS.1.1[1]
!he !S hall #roi3e a <echani< to erif that ecret $A3<initrator $A3<initrator $A3<initrator $A3<initrator Bawor3.Bawor3.Bawor3.Bawor3. C, C, C, C, Bawor3 Bawor3 Bawor3 Bawor3....
ecure #rint #awor3. uer bo@ #awor3. account #awor3. an3 Web:A4 erer #awor3 ecure #rint #awor3. uer bo@ #awor3. account #awor3. an3 Web:A4 erer #awor3 ecure #rint #awor3. uer bo@ #awor3. account #awor3. an3 Web:A4 erer #awor3 ecure #rint #awor3. uer bo@ #awor3. account #awor3. an3 Web:A4 erer #awor3% %% % <eet
Lai"n<ent a 3efine3 Iualit <etric
Lai"n<ent a 3efine3 Iualit <etric
- -- - (u<ber (u<ber (u<ber (u<ber of of of of 3i"it 3i"it 3i"it 3i"it 7 77 7- -- - 3i"it 3i"it 3i"it 3i"it
- -- - Character Character Character Character t#e t#e t#e t#e #oible to chooe #oible to chooe #oible to chooe #oible to chooe fro< = or <ore fro< = or <ore fro< = or <ore fro< = or <ore character character character character
- -- - ule ule ule ule $1% $1% $1% $1% :o :o :o :o not not not not co<#oe co<#oe co<#oe co<#oe b b b b onl onl onl onl one an3one an3one an3one an3 the the the the a<e a<e a<e a<e character character character character
$2% $2% $2% $2% :o :o :o :o not not not not et et et et the the the the a<e a<e a<e a<e #awor3 #awor3 #awor3 #awor3 a a a a the the the the current current current current ettin" ettin" ettin" ettin" after chan"e after chan"e after chan"e after chan"e
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 49/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
49 / 112
ierarchical to (o other co<#onent
:e#en3encie (o 3e#en3encie
FIA_SOS.1[2] 4erification 4erification 4erification 4erification of of of of ecretecretecretecret
FIA_SOS.1.1[2]!he !S hall #roi3e a <echani< to erif that ecret $S(MB $S(MB $S(MB $S(MB Bawor3% Bawor3% Bawor3% Bawor3% <eet Lai"n<ent a
3efine3 Iualit <etric
Lai"n<ent a 3efine3 Iualit <etric
- -- - (u<ber (u<ber (u<ber (u<ber of of of of 3i"it 3i"it 3i"it 3i"it 7 77 7- -- - 3i"it 3i"it 3i"it 3i"it or or or or <ore <ore <ore <ore
- -- - Character Character Character Character t#e t#e t#e t#e #oible to chooe #oible to chooe #oible to chooe #oible to chooe fro< =0 or <orefro< =0 or <orefro< =0 or <orefro< =0 or <ore character character character character
- -- - ule ule ule ule
$1% $1% $1% $1% :o not:o not:o not:o not co<#oe co<#oe co<#oe co<#oe b onlb onlb onlb onl one an3one an3one an3one an3 the a<e characterthe a<e characterthe a<e characterthe a<e character
$2% $2% $2% $2% :o not et the a<e #awor3 a the current ettin" after chan :o not et the a<e #awor3 a the current ettin" after chan :o not et the a<e #awor3 a the current ettin" after chan :o not et the a<e #awor3 a the current ettin" after chan"e"e"e"e
ierarchical to (o other co<#onent
:e#en3encie (o 3e#en3encie
FIA_SOS.1[3] 4erification 4erification 4erification 4erification of of of of ecretecretecretecret
FIA_SOS.1.1[3]
!he !S hall #roi3e a <echani< to erif that ecret $Uer $Uer $Uer $Uer Bawor3% Bawor3% Bawor3% Bawor3% <eet Lai"n<ent a 3efine3
Iualit <etric
Lai"n<ent a 3efine3 Iualit <etric
- -- - (u<ber (u<ber (u<ber (u<ber of of of of 3i"it 3i"it 3i"it 3i"it 7 77 7- -- - 3i"it 3i"it 3i"it 3i"it or or or or <ore <ore <ore <ore
- -- - Character Character Character Character t#e t#e t#e t#e #oible to chooe #oible to chooe #oible to chooe #oible to chooe fro< 177 or <ore fro< 177 or <ore fro< 177 or <ore fro< 177 or <ore character character character character
- -- - ule ule ule ule
$1% $1% $1% $1% :o not:o not:o not:o not co<#oe co<#oe co<#oe co<#oe b onlb onlb onlb onl one an3one an3one an3one an3 the a<e characterthe a<e characterthe a<e characterthe a<e character
$2% $2% $2% $2% :o not et the a<e #awor3 a the current e :o not et the a<e #awor3 a the current e :o not et the a<e #awor3 a the current e :o not et the a<e #awor3 a the current ettin" after chan"ettin" after chan"ettin" after chan"ettin" after chan"e
ierarchical to (o other co<#onent
:e#en3encie (o 3e#en3encie
FIA_SOS.1[4] 4erification 4erification 4erification 4erification of of of of ecretecretecretecret
FIA_SOS.1.1[4]
!he !S hall #roi3e a <echani< to erif that ecret $,ncr#tion $,ncr#tion $,ncr#tion $,ncr#tion #a#hrae% #a#hrae% #a#hrae% #a#hrae% <eet Lai"n<ent a
3efine3 Iualit <etric
Lai"n<ent a 3efine3 Iualit <etric
- -- - (u<ber (u<ber (u<ber (u<ber of of of of 3i"it 3i"it 3i"it 3i"it 20 20 20 20- -- - 3i"it 3i"it 3i"it 3i"it
- -- - Character Character Character Character t#e t#e t#e t#e #oible to chooe #oible to chooe #oible to chooe #oible to chooe fro< 7 or <ore fro< 7 or <ore fro< 7 or <ore fro< 7 or <ore character character character character
- -- - ule ule ule ule
$1% $1% $1% $1% :o :o :o :o not not not not co<#oe co<#oe co<#oe co<#oe b b b b onl onl onl onl one an3one an3one an3one an3 the the the the a<e a<e a<e a<e charactercharactercharactercharacter
$2% $2% $2% $2% :o :o :o :o not not not not et et et et the the the the a<e a<e a<e a<e #a#hra #a#hra #a#hra #a#hrae ee e a a a a the the the the current current current current ettin" ettin" ettin" ettin" after chan"e after chan"e after chan"e after chan"e
ierarchical to (o other co<#onent
:e#en3encie (o 3e#en3encie
FIA_SOS.1[5] 4erification 4erification 4erification 4erification of of of of ecretecretecretecret
FIA_SOS.1.1[5]
!he !S hall #roi3e a <echani< to erif that ecret $Seion $Seion $Seion $Seion )nfor<ation% )nfor<ation% )nfor<ation% )nfor<ation% <eet Lai"n<ent a
3efine3 Iualit <etric
Lai"n<ent a 3efine3 Iualit <etric
10 10 10 10 10 10 10 10 an3 an3 an3 an3 aboe aboe aboe aboeierarchical to (o other co<#onent
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 50/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
50 / 112
:e#en3encie (o 3e#en3encie
FIA_SOS.2 4erification of ecret 4erification of ecret 4erification of ecret 4erification of ecret
FIA_SOS.2.1
!he !S hall #roi3e a <echani< to "enerate ecret $Seion $Seion $Seion $Seion infor<ation% infor<ation% infor<ation% infor<ation% that <eet Lai"n<ent a3efine3 Iualit <etric
Lai"n<ent a 3efine3 Iualit <etric
10 10 10 10 10 10 10 10 an3 an3 an3 an3 aboe aboe aboe aboe
FIA_SOS.2.2
!he !S hall be able to enforce the ue of !S "enerate3 ecret for Lai"n<ent lit of !S
function
Lai"n<ent lit of !S function
- -- - A3<initrator A3<initrator A3<initrator A3<initrator authentication authentication authentication authentication $ $$ $Acce Acce Acce Acce throu"h throu"h throu"h throu"h the the the the networ; networ; networ; networ;% %% %
- -- - Uer Uer Uer Uer authentication authentication authentication authentication $ $$ $Acce Acce Acce Acce throu"h throu"h throu"h throu"h the the the the networ networ networ networ; ;; ;% %% %
- -- - Uer Uer Uer Uer bo@ bo@ bo@ bo@ au au au auth th th thentication entication entication entication $ $$ $Acce Acce Acce Acce throu"h throu"h throu"h throu"h the the the the networ; networ; networ; networ;% %% %
ierarchical to (o other co<#onent
:e#en3encie (o 3e#en3encie
FIA_UAU.1[1] !i<in" of authentication!i<in" of authentication!i<in" of authentication!i<in" of authentication
FIA_UAU.1.1[1]
!he !S hall allow Lai"n<ent lit of !S <e3iate3 action on behalf of the uer to be #erfor<e3
before the uer i authenticate3
Lai"n<ent lit of !S <e3iate3 action
Confir< Confir< Confir< Confir< the the the the to##e3to##e3to##e3to##e3 tate of uer tate of uer tate of uer tate of uer ue ue ue ue $ $$ $Metho3 of uer authentication Metho3 of uer authentication Metho3 of uer authentication Metho3 of uer authentication Machine authentication Machine authentication Machine authentication Machine authentication
onl% onl% onl% onl%
FIA_UAU.1.2[1]
!he !S hall reIuire each uer $Uer% $Uer% $Uer% $Uer% to be uccefull authenticate3 before allowin" an other
!S-<e3iate3 action on behalf of that uer $Uer% $Uer% $Uer% $Uer% ierarchical to (o other co<#onent
:e#en3encie )AU):1$)AU):2L%
FIA_UAU.1[2] !i<in" of authentication!i<in" of authentication!i<in" of authentication!i<in" of authentication
FIA_UAU.1.1[2]
!he !S hall allow Lai"n<ent lit of !S <e3iate3 action on behalf of the uer to be #erfor<e3
before the uer i authenticate3
Lai"n<ent lit of !S <e3iate3 action
C CC Confir< the to##e3 tate ofonfir< the to##e3 tate ofonfir< the to##e3 tate ofonfir< the to##e3 tate of the accountthe accountthe accountthe account
FIA_UAU.1.2[2]
!he !S hall reIuire each uer $ $$ $Uer who i #er<itte3 to ue account Uer who i #er<itte3 to ue account Uer who i #er<itte3 to ue account Uer who i #er<itte3 to ue account% %% % to be uccefull
authenticate3 before allowin" an other !S-<e3iate3 action on behalf of that uer $ $$ $Uer who iUer who iUer who iUer who i
#er<itte3 to ue account #er<itte3 to ue account #er<itte3 to ue account #er<itte3 to ue account% %% %
ierarchical to (o other co<#onent
:e#en3encie )AU):1$)AU):2L%
FIA_UAU.2[1] UerUerUerUer authenticationauthenticationauthenticationauthentication bef bef bef beforeoreoreore anananan actionactionactionaction
FIA_UAU.2.1[1]
!he !S hall reIuire each uer $ $$ $Serice Serice Serice Serice ,n"ineer ,n"ineer ,n"ineer ,n"ineer% %% % to be uccefull authenticate3 before allowin"
an other !S-<e3iate3 action on behalf of that uer $ $$ $Serice Serice Serice Serice ,n"ineer ,n"ineer ,n"ineer ,n"ineer% %% %
ierarchical to )AUAU1:e#en3encie )AU):1 $)AU):2L1%
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 51/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
51 / 112
FIA_UAU.2[2] UerUerUerUer authenticationauthenticationauthenticationauthentication beforebeforebeforebefore anananan actionactionactionaction
FIA_UAU.2.1[2]
!he !S hall reIuire each uer $ $$ $A3<initrator A3<initrator A3<initrator A3<initrator $Uer who i authenticate3 b$Uer who i authenticate3 b$Uer who i authenticate3 b$Uer who i authenticate3 b A3<initrator A3<initrator A3<initrator A3<initrator
#awor3. Uer who i authenticate3 b Web:A4 erer #awor3. Ue #awor3. Uer who i authenticate3 b Web:A4 erer #awor3. Ue #awor3. Uer who i authenticate3 b Web:A4 erer #awor3. Ue #awor3. Uer who i authenticate3 b Web:A4 erer #awor3. Uer who i authenticate3 b
r who i authenticate3 br who i authenticate3 br who i authenticate3 b
S(MB #awor3% S(MB #awor3% S(MB #awor3% S(MB #awor3%% %% % to be uccefull authenticate3 before allowin" an other !S-<e3iate3 action on
behalf of that uer $ $$ $A3<initrator A3<initrator A3<initrator A3<initrator $Uer who i authenticate3 b$Uer who i authenticate3 b$Uer who i authenticate3 b$Uer who i authenticate3 b A3<initrator A3<initrator A3<initrator A3<initrator #awor3. Uer who i #awor3. Uer who i #awor3. Uer who i #awor3. Uer who i
authenticate3 b Web:A4 erer authenticate3 b Web:A4 erer authenticate3 b Web:A4 erer authenticate3 b Web:A4 erer #awor3. Uer who i authenticate3 b S(MB #awor3% #awor3. Uer who i authenticate3 b S(MB #awor3% #awor3. Uer who i authenticate3 b S(MB #awor3% #awor3. Uer who i authenticate3 b S(MB #awor3%% %% %
ierarchical to )AUAU1
:e#en3encie )AU):1 $)AU):2L2%
FIA_UAU.2[3] UerUerUerUer authenticationauthenticationauthenticationauthentication beforebeforebeforebefore anananan actionactionactionaction
FIA_UAU.2.1[4]
!he !S hall reIuire each uer $ $$ $Uer Uer Uer Uer who who who who i i i i #er<i #er<i #er<i #er<itte3 tte3 tte3 tte3 to to to to ue ue ue ue ecure ecure ecure ecure #rint #rint #rint #rint file file file file% %% % to be uccefull
authenticate3 before allowin" an other !S-<e3iate3 action on behalf of that uer $ $$ $Uer Uer Uer Uer who who who who i i i i #er<itte3 #er<itte3 #er<itte3 #er<itte3 to to to to ue ue ue ue ecure ecure ecure ecure #rint #rint #rint #rint file file file file% %% %
ierarchical to )AUAU1
:e#en3encie )AU):1 $)AU):2LF%
FIA_UAU.2[4] UerUerUerUer authenticationauthenticationauthenticationauthentication beforebeforebeforebefore anananan actionactionactionaction
FIA_UAU.2.1[5]
!he !S hall reIuire each uer $ $$ $Uer Uer Uer Uer who who who who i i i i #er<itte3 #er<itte3 #er<itte3 #er<itte3 to to to to ue ue ue ue the the the the #ublic #ublic #ublic #ublic uer uer uer uer bo@ bo@ bo@ bo@% %% % to be
uccefull authenticate3 before allowin" an other !S-<e3iate3 action on behalf of that uer
$ $$ $Uer Uer Uer Uer who who who who i i i i #er<itte3 #er<itte3 #er<itte3 #er<itte3 to to to to ue ue ue ue the the the the #ublic #ublic #ublic #ublic uer uer uer uer bo@ bo@ bo@ bo@% %% %
ierarchical to )AUAU1:e#en3encie )AU):1 $)AU):2L5%
FIA_UAU.6 eeee----authenticatin"authenticatin"authenticatin"authenticatin"
FIA_UAU.6.1
!he !S hall re-authenticate the uer un3er the con3ition Lai"n<ent lit of con3ition un3er
which re-authentication i reIuire3
Lai"n<ent lit of con3ition un3er which re-authentication i reIuire3
- -- - When the erice en"ineer <o3ifie the C, #awor3When the erice en"ineer <o3ifie the C, #awor3When the erice en"ineer <o3ifie the C, #awor3When the erice en"ineer <o3ifie the C, #awor3
- -- - When When When When the the the the a3<initrator a3<initrator a3<initrator a3<initrator <o3ifie <o3ifie <o3ifie <o3ifie the the the the a3<initrator a3<initrator a3<initrator a3<initrator #awor3 #awor3 #awor3 #awor3
- -- - When the uer chan"e hi/her own uer #awor3When the uer chan"e hi/her own uer #awor3When the uer chan"e hi/her own uer #awor3When the uer chan"e hi/her own uer #awor3
- -- - When When When When a uer #er<itte3 a uer #er<itte3 a uer #er<itte3 a uer #er<itte3 to ueto ueto ueto ue aaaa #ublic uer bo@ chan"e the #ublic uer bo@ chan"e the #ublic uer bo@ chan"e the #ublic uer bo@ chan"e the ueruerueruer bo@ #awor3 ofbo@ #awor3 ofbo@ #awor3 ofbo@ #awor3 of the the the the #ublic uer #ublic uer #ublic uer #ublic uerbo@bo@bo@bo@
ierarchical to (o other co<#onent
:e#en3encie (o 3e#en3encie
FIA_UAU.7 Brotecte3Brotecte3Brotecte3Brotecte3 autheautheautheauthenticationnticationnticationntication fee3bac;fee3bac;fee3bac;fee3bac;
FIA_UAU.7.1
!he !S hall #roi3e onl Lai"n<ent lit of fee3bac; to the uer while the authentication i in
#ro"re
Lai"n<ent lit of fee3bac;
:i#la :i#la :i#la :i#la D DD DK KK KD DD D eer eer eer eer character character character character 3ata 3ata 3ata 3ata in#utin#utin#utin#utierarchical to (o other co<#onent
:e#en3encie )AUAU1 $)AUAU2L1. )AUAU2L2. )AUAU1L1. )AUAU2L.
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 52/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
52 / 112
)AUAU2LF. )AUAU1L2%
FIA_UID.2[1] UerUerUerUer i3entificationi3entificationi3entificationi3entification beforebeforebeforebefore anananan actionactionactionaction
FIA_UID.2.1[1]
!he !S hall reIuire each uer $ $$ $Serice Serice Serice Serice ,n"ineer ,n"ineer ,n"ineer ,n"ineer% %% % to be uccefull i3entifie3 before allowin" another !S-<e3iate3 action on behalf of that uer $ $$ $Serice Serice Serice Serice ,n"ineer ,n"ineer ,n"ineer ,n"ineer% %% %
ierarchical to )AU):1
:e#en3encie (o 3e#en3encie
FIA_UID.2[2] UerUerUerUer i3entificationi3entificationi3entificationi3entification beforebeforebeforebefore anananan actionactionactionaction
FIA_UID.2.1[2]
!he !S hall reIuire each uer $ $$ $A3<initrator A3<initrator A3<initrator A3<initrator% %% % to be uccefull i3entifie3 before allowin" an other
!S-<e3iate3 action on behalf of that uer $ $$ $A3<initrator A3<initrator A3<initrator A3<initrator% %% %
ierarchical to )AU):1
:e#en3encie (o 3e#en3encie
FIA_UID.2[3] UerUerUerUer i3entificationi3entificationi3entificationi3entification bebebebeforeforeforefore anananan actionactionactionaction
FIA_UID.2.1[3]
!he !S hall reIuire each uer $ $$ $Uer Uer Uer Uer% %% % to be uccefull i3entifie3 before allowin" an other
!S-<e3iate3 action on behalf of that uer $ $$ $Uer Uer Uer Uer% %% %
ierarchical to )AU):1
:e#en3encie (o 3e#en3encie
FIA_UID.2[4] UerUerUerUer i3entificationi3entificationi3entificationi3entification beforebeforebeforebefore anananan actionactionactionaction
FIA_UID.2.1[4]
!he !S hall reIuire each uer $ $$ $Uer Uer Uer Uer who who who who i i i i #er<itte3 #er<itte3 #er<itte3 #er<itte3 to to to to ue ue ue ue ecure ecure ecure ecure #rint #rint #rint #rint file file file file% %% % to be uccefull
i3entifie3 before allowin" an other !S-<e3iate3 action on behalf of that uer $ $$ $Uer Uer Uer Uer who who who who i i i i
#er<itte3 #er<itte3 #er<itte3 #er<itte3 to to to to ue ue ue ue ecure ecure ecure ecure #rint #rint #rint #rint file file file file% % % %
ierarchical to )AU):1
:e#en3encie (o 3e#en3encie
FIA_UID.2[5] UerUerUerUer i3entificationi3entificationi3entificationi3entification beforebeforebeforebefore anananan actionactionactionaction
FIA_UID.2.1[5]
!he !S hall reIuire each uer $ $$ $Uer Uer Uer Uer who who who who i i i i #er<itte3 #er<itte3 #er<itte3 #er<itte3 to to to to ue ue ue ue the the the the #ublic #ublic #ublic #ublic uer uer uer uer bo@ bo@ bo@ bo@% %% % to be uccefull
i3entifie3 before allowin" an other !S-<e3iate3 action on behalf of that uer $ $$ $Uer Uer Uer Uer who who who who i i i i #er<itte3 #er<itte3 #er<itte3 #er<itte3 to to to to ue ue ue ue the the the the #ublic #ublic #ublic #ublic uer uer uer uer bo@ bo@ bo@ bo@% %% %
ierarchical to )AU):1
:e#en3encie (o 3e#en3encie
FIA_UID.2[6] UerUerUerUer i3entificationi3entificationi3entificationi3entification bebebebeforeforeforefore anananan actionactionactionaction
FIA_UID.2.1[6]
!he !S hall reIuire each uer $ $$ $Uer Uer Uer Uer who who who who i i i i #er<itte3 #er<itte3 #er<itte3 #er<itte3 to to to to ue ue ue ue the the the the account account account account% %% % to be uccefull i3entifie3
before allowin" an other !S-<e3iate3 action on behalf of that uer $ $$ $Uer Uer Uer Uer who who who who i i i i #er<itte3 #er<itte3 #er<itte3 #er<itte3 to to to to ue ue ue ue
the the the the account account account account% %% %
ierarchical to )AU):1
:e#en3encie (o 3e#en3encie
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 53/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
53 / 112
FIA_UID.2[7] UerUerUerUer i3entificationi3entificationi3entificationi3entification beforebeforebeforebefore anananan actionactionactionaction
FIA_UID.2.1[7]
!he !S hall reIuire each uer $ $$ $,@ternal ,@ternal ,@ternal ,@ternal Serer Serer Serer Serer% %% % to be uccefull i3entifie3 before allowin" an
other !S-<e3iate3 action on behalf of that uer $ $$ $,@ternal ,@ternal ,@ternal ,@ternal Serer Serer Serer Serer% %% %
ierarchical to )AU):1
:e#en3encie (o 3e#en3encie
FIA_USB.1 UerUerUerUer----ubHectubHectubHectubHect bin3in"bin3in"bin3in"bin3in"
FIA_USB.1.1
!he !S hall aociate the followin" uer ecurit attribute with ubHect actin" on the behalf of that
uer Lai"n<entO lit of uer ecurit attribute
Lai"n<entO lit of uer ecurit attribute
- -- - Uer Uer Uer Uer attribute attribute attribute attribute $Uer $Uer $Uer $Uer ):% ):% ):% ):%
- -- - Uer Uer Uer Uer bo@ bo@ bo@ bo@ attribute attribute attribute attribute $Uer $Uer $Uer $Uer bo@ bo@ bo@ bo@ ):% ):% ):% ):%
- -- - ile ile ile ile attribute attribute attribute attribute $Secure $Secure $Secure $Secure #rint #rint #rint #rint internal internal internal internal control control control control ):% ):% ):% ):%
- -- - Account Account Account Account na<e na<e na<e na<e $Acco $Acco $Acco $Account unt unt unt ):% ):% ):% ):%- -- - A3<initrator A3<initrator A3<initrator A3<initrator Attribute Attribute Attribute Attribute
FIA_USB.1.2
!he !S hall enforce the followin" rule on the initial aociation of uer ecurit attribute with
ubHect actin" on the behalf of uer Lai"n<ent rule for the initial aociation of attribute
Lai"n<ent rule for the initial aociation of attribute
8 88 8Uer Uer Uer Uer bo@ bo@ bo@ bo@ attribute attribute attribute attribute9 99 9
!he !he !he !he uer uer uer uer bo@ bo@ bo@ bo@ ): ): ): ): of of of of the the the the concerne3 concerne3 concerne3 concerne3 uer uer uer uer bo@ bo@ bo@ bo@ aociate aociate aociate aociate to to to to the the the the ta; ta; ta; ta; actin" actin" actin" actin" on on on on the the the the behalf behalf behalf behalf of of of of uer uer uer uer when when when when
authenticate3 authenticate3 authenticate3 authenticate3 with with with with the the the the acce acce acce acce to to to to the the the the uer uer uer uer bo@ bo@ bo@ bo@
8 88 8Account Account Account Account (a<e (a<e (a<e (a<e9 99 9
- -- - )n )n )n )n the the the the < << <etho3 etho3 etho3 etho3 not not not not nchronize3 nchronize3 nchronize3 nchronize3 with with with with U UU Uer er er er a aa authentication uthentication uthentication uthentication.... t tt the he he he account account account account ): ): ): ): of of of of the the the the concerne3 concerne3 concerne3 concerne3 account account account account
aociate aociate aociate aociate to to to to the the the the ta; ta; ta; ta; actin" actin" actin" actin" on on on on the the the the behalf behalf behalf behalf of of of of uer uer uer uer when when when when authenticate3 authenticate3 authenticate3 authenticate3 with with with with the the the the acce acce acce acce to to to to the the the the
accountaccountaccountaccount
- -- - )n )n )n )n the the the the < << <etho3 etho3 etho3 etho3 nchronize3 nchronize3 nchronize3 nchronize3 with with with with U UU Uer er er er a aa authentication uthentication uthentication uthentication.... t tt the he he he ac ac ac account count count count ): ): ): ): that that that that i i i i et et et et to to to to the the the the concerne3 concerne3 concerne3 concerne3
uer uer uer uer aociate aociate aociate aociate to to to to the the the the ta; ta; ta; ta; actin" actin" actin" actin" on on on on the the the the behalf behalf behalf behalf of of of of uer uer uer uer when when when when authenticate3 authenticate3 authenticate3 authenticate3 with with with with the the the the acce acce acce acce to to to to the the the the
ueruerueruer
8 88 8ile ile ile ile attribute attribute attribute attribute9 99 9
!he !he !he !he ecure ecure ecure ecure #rint #rint #rint #rint internal internal internal internal control control control control ): ): ): ): of of of of the the the the concerne3 concerne3 concerne3 concerne3 ecure ecure ecure ecure #rint #rint #rint #rint file file file file aociate aociate aociate aociate to to to to the the the the ta; ta; ta; ta; actin" actin" actin" actin" on on on on
the the the the behalf behalf behalf behalf of of of of uer uer uer uer when when when when authenticate3 authenticate3 authenticate3 authenticate3 with with with with the the the the acce acce acce acce to to to to the the the the ecure ecure ecure ecure #rint #rint #rint #rint filefilefilefile
8Uer 8Uer 8Uer 8Uer attribute9 attribute9 attribute9 attribute9
!he !he !he !he uer uer uer uer ): ): ): ): of of of of the the the the concerne3 concerne3 concerne3 concerne3 uer uer uer uer aociate aociate aociate aociate to to to to the the the the ta; ta; ta; ta; actin" actin" actin" actin" on on on on the the the the behalf behalf behalf behalf of of of of uer uer uer uer when when when when
authenticate3 authenticate3 authenticate3 authenticate3 a a a a the the the the uer uer uer uer
8A3<initrator 8A3<initrator 8A3<initrator 8A3<initrator attribute9 attribute9 attribute9 attribute9
!he !he !he !he A3<initrator A3<initrator A3<initrator A3<initrator attribute attribute attribute attribute aociate aociate aociate aociate to to to to the the the the ta; ta; ta; ta; actin" actin" actin" actin" on on on on the the the the behalf behalf behalf behalf of of of of uer uer uer uer when when when when authenticate3 authenticate3 authenticate3 authenticate3
a a a a the the the the A3<initrator A3<initrator A3<initrator A3<initrator
FIA_USB.1.3
!he !S hall enforce the followin" rule "oernin" chan"e to the uer ecurit attribute aociate3
with ubHect actin" on the behalf of uer Lai"n<ent rule for the chan"in" of attribute
Lai"n<ent rule for the chan"in" of attribute
(one (one (one (one
ierarchical to (o other co<#onent
:e#en3encie )AA!:1 $)AA!:1%
611F611F611F611F Securit Mana"e<ent
FMT_MOF.1[1] Mana"e<entMana"e<entMana"e<entMana"e<ent of of of of ecuritecuritecuritecurit functionfunctionfunctionfunction behaiorbehaiorbehaiorbehaior
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 54/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
54 / 112
FMT_MOF.1.1[1]
!he !S hall retrict the abilit to Lelection 3eter<ine the behaior of. 3iable. enable. <o3if thebehaior of the function Lai"n<ent lit of function to Lai"n<ent the authorize3 i3entifie3 role Lai"n<ent lit of function
- -- - ,nhance3 ,nhance3 ,nhance3 ,nhance3 Securit Securit Securit Securit Settin" Settin" Settin" Settin"Lelection 3eter<ine the behaior of. 3iable. enable. <o3if the behaior of
3iable 3iable 3iable 3iableLai"n<ent the authorize3 i3entifie3 role - -- - A3<initrator A3<initrator A3<initrator A3<initrator- -- - Seri Seri Seri Serice ce ce ce ,n"ineer ,n"ineer ,n"ineer ,n"ineer
ierarchical to (o other co<#onent
:e#en3encie M!SM1 $M!SM1% . M!SM1 $M!SM1L1. M!SM1L2%
FMT_MOF.1[2] Mana"e<entMana"e<entMana"e<entMana"e<ent of of of of ecuritecuritecuritecurit functionfunctionfunctionfunction behaiobehaiobehaiobehaiouuuurrrr
FMT_MOF.1.1[2]
!he !S hall retrict the abilit to Lelection 3eter<ine the behaior of. 3iable. enable. <o3if thebehaiour of the function Lai"n<ent lit of function to Lai"n<ent the authorize3 i3entifie3
role Lai"n<ent lit of function
- -- - Uer Uer Uer Uer Authentication Authentication Authentication Authentication unction unction unction unction
- -- - S/M)M, S/M)M, S/M)M, S/M)M, function function function function
- -- - S(MB S(MB S(MB S(MB #awor3 #awor3 #awor3 #awor3 authentication authentication authentication authentication function function function function
- -- - ): N #rint ): N #rint ): N #rint ): N #rint function function function functionLelection 3eter<ine the behaior of. 3iable. enable. <o3if the behaior of
<o3if <o3if <o3if <o3if the the the the behaior behaior behaior behaior of of of ofLai"n<ent the authorize3 i3entifie3 role
A3<initrator A3<initrator A3<initrator A3<initrator
ierarchical to (o other co<#onent
:e#en3encie M!SM1 $M!SM1% . M!SM1 $M!SM1L2%
FMT_MOF.1[3] Mana"e<entMana"e<entMana"e<entMana"e<ent of of of of ecuritecuritecuritecurit functionfunctionfunctionfunction behaiorbehaiorbehaiorbehaior
FMT_MOF.1.1[3]
!he !S hall retrict the abilit to Lelection 3eter<ine the behaiour of. 3iable. enable. <o3if thebehaiour of the function Lai"n<ent lit of function to Lai"n<ent the authorize3 i3entifie3role Lai"n<ent lit of function
- -- - Account Account Account Account Authentication Authentication Authentication Authentication unction unction unction unction
- -- - !rute3 !rute3 !rute3 !rute3 Channel Channel Channel Channel unction unction unction unctionLelection 3eter<ine the behaior of. 3iable. enable. <o3if the behaiour of
<o3if <o3if <o3if <o3if the the the the behaior behaior behaior behaior of of of of. 3iable . 3iable . 3iable . 3iableLai"n<ent the authorize3 i3entifie3 role
A3<initrator A3<initrator A3<initrator A3<initrator
ierarchical to (o other co<#onent
:e#en3encie M!SM1 $M!SM1% . M!SM1 $M!SM1L2%
FMT_MSA.1[1] ManManManManaaaa"e<ent"e<ent"e<ent"e<ent of of of of ecuritecuritecuritecurit attributeattributeattributeattribute
FMT_MSA.1.1[1]
!he !S hall enforce the Lai"n<ent acce control SB$%. infor<ation flow control SB$% to
retrict the abilit to Lelection chan"e3efault. Iuer. <o3if. 3elete . Lai"n<ent other o#eration
the ecurit attribute Lai"n<ent lit of ecurit attribute to Lai"n<ent the authorize3 i3entifie3
role
Lai"n<ent lit of ecurit attribute Uer Uer Uer Uer attribute attribute attribute attribute of of of of the the the the uer uer uer uer bo@ bo@ bo@ bo@ that that that that i i i i et et et et uer uer uer uerJ JJ J own own own own Luer Luer Luer Luer ): ): ): ):
Lelection chan"e3efault. Iuer. <o3if. 3elete . Lai"n<ent other o#eration
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 55/112
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 56/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
56 / 112
ecurit attribute $Uer Uer Uer Uer attribute attribute attribute attribute of of of of the the the the u uu ue e e er rr r bo@ bo@ bo@ bo@ % that are ue3 to enforce the SB
Lelection. chooe one of retrictie. #er<iie. Lai"n<ent other #ro#ert
L LL Lai"n<ent ai"n<ent ai"n<ent ai"n<ent other other other other #ro#ert #ro#ert #ro#ert #ro#ert
e#on3e3 e#on3e3 e#on3e3 e#on3e3 the the the the re"it re"it re"it re"ite ee er rr re3 e3 e3 e3 ituation ituation ituation ituation of of of of the the the the uer uer uer uer bo@ bo@ bo@ bo@ claifie3 claifie3 claifie3 claifie3 into into into into the the the the followin" followin" followin" followin" caecaecaecae
$1% $1% $1% $1% LBubl LBubl LBubl LBublic.ic.ic.ic. when when when when an an an an uer uer uer uer bo@ bo@ bo@ bo@ i i i i re"itere3 re"itere3 re"itere3 re"itere3 b b b b the the the the o#eration o#eration o#eration o#eration of of of of uer uer uer uer or or or or a3<initrator a3<initrator a3<initrator a3<initrator
$2% $2% $2% $2% LUer LUer LUer LUer ): ): ): ): of of of of the the the the uer uer uer uer who who who who #erfor<e3 #erfor<e3 #erfor<e3 #erfor<e3 the the the the releant releant releant releant Hob. Hob. Hob. Hob. when when when when a aa a uer uer uer uer bo@ bo@ bo@ bo@ i i i i re"itere3 re"itere3 re"itere3 re"itere3
auto<aticall auto<aticall auto<aticall auto<aticall accor3in" accor3in" accor3in" accor3in" to to to to the the the the o#eration o#eration o#eration o#eration of of of of tore3 tore3 tore3 tore3 Hob Hob Hob Hob #ecifin" #ecifin" #ecifin" #ecifin" unre"itere3 unre"itere3 unre"itere3 unre"itere3 uer uer uer uer bo@bo@bo@bo@Lai"n<ent acce control SB. infor<ation flow control SB
Uer Uer Uer Uer bo@ bo@ bo@ bo@ acce acce acce acce con con con cont tt trol rol rol rol
FMT_MSA.3.2[1]
!he !S hall allow the Lai"n<ent the authorize3 i3entifie3 role to #ecif alternatie initial
alue to oerri3e the 3efault alue when an obHect or infor<ation i create3
Lai"n<ent the authorize3 i3entifie3 role
Cae Cae Cae Cae $1% $1% $1% $1% i3entifie3 i3entifie3 i3entifie3 i3entifie3 in in in in Lai"n<ent Lai"n<ent Lai"n<ent Lai"n<ent other other other other #ro#ert #ro#ert #ro#ert #ro#ert of of of of M!MSA1 M!MSA1 M!MSA1 M!MSA1 Uer Uer Uer Uer. a3<initrator . a3<initrator . a3<initrator . a3<initrator
Cae Cae Cae Cae $2% $2% $2% $2% i3entifie3 i3entifie3 i3entifie3 i3entifie3 in in in in Lai"n<ent Lai"n<ent Lai"n<ent Lai"n<ent other other other other #ro#ert #ro#ert #ro#ert #ro#ert of of of of M!MSA1 M!MSA1 M!MSA1 M!MSA1 (one (one (one (one
ierarchical to (o other co<#onent
:e#en3encie M!MSA1 $M!MSA1L1. M!MSA1L2% . M!SM1 $M!SM1L%
FMT_MSA.3[2] StaticStaticStaticStatic attributeattributeattributeattribute initializationinitializationinitializationinitialization
FMT_MSA.3.1[2]
!he !S hall enforce the Lai"n<ent acce control SB. infor<ation flow control SB to #roi3e
Lelection. chooe one of retrictie. #er<iie. Lai"n<ent other #ro#ert 3efault alue for
ecurit attribute $Secure Secure Secure Secure #rint #rint #rint #rint internal internal internal internal control control control control ): ): ): ): % that are ue3 to enforce the SB
Lelection. chooe one of retrictie. #er<iie. Lai"n<ent other #ro#ert
L LL Lai"n<ent ai"n<ent ai"n<ent ai"n<ent other other other other #ro#ert #ro#ert #ro#ert #ro#ert )3entifie3 )3entifie3 )3entifie3 )3entifie3 uniIuel uniIuel uniIuel uniIuel
Lai"n<ent acce control SB. infor<ation flow control SB
Secure Secure Secure Secure #rint #rint #rint #rint file file file file acce acce acce acce control control control control
FMT_MSA.3.2[2]
!he !S hall allow the Lai"n<ent the authorize3 i3entifie3 role to #ecif alternatie initial
alue to oerri3e the 3efault alue when an obHect or infor<ation i create3
Lai"n<ent the authorize3 i3entifie3 role
( (( (one one one one
ierarchical to (o other co<#onent
:e#en3encie M!MSA1 $(/A% . M!SM1 $(/A%
FMT_MSA.3[3] StaticStaticStaticStatic attributeattributeattributeattribute initializationinitializationinitializationinitialization
FMT_MSA.3.1[3]
!he !S hall enforce the Lai"n<ent acce control SB. infor<ation flow control SB to #roi3e
Lelection. chooe one of retrictie. #er<iie. Lai"n<ent other #ro#ert 3efault alue for
ecurit attribute $Uer Uer Uer Uer bo@ bo@ bo@ bo@ attribute attribute attribute attribute of of of of uer uer uer uer bo@ bo@ bo@ bo@ file file file file % that are ue3 to enforce the SBLelection. chooe one of retrictie. #er<iie. Lai"n<ent other #ro#ert
Lai"n<ent Lai"n<ent Lai"n<ent Lai"n<ent other other other other #ro# #ro# #ro# #ro#ert ert ert ert Corre#on3 Corre#on3 Corre#on3 Corre#on3 with with with with the the the the alue alue alue alue of of of of the the the the uer uer uer uer bo@ bo@ bo@ bo@ attribute attribute attribute attribute of of of of the the the the uer uer uer uer bo@ bo@ bo@ bo@
that that that that electe3 electe3 electe3 electe3 a a a a a aa a tar"et tar"et tar"et tar"et to to to to tore tore tore tore the the the the uer uer uer uer bo@ bo@ bo@ bo@ file file file file concerne3concerne3concerne3concerne3
Lai"n<ent acce control SB. infor<ation flow control SB
Uer Uer Uer Uer bo@ bo@ bo@ bo@ acce acce acce acce control control control control
FMT_MSA.3.2[3]
!he !S hall allow the Lai"n<ent the authorize3 i3entifie3 role to #ecif alternatie initial
alue to oerri3e the 3efault alue when an obHect or infor<ation i create3
Lai"n<ent the authorize3 i3entifie3 role
(one (one (one (one
ierarchical to (o other co<#onent
:e#en3encie M!MSA1 $(/A% . M!SM1 $(/A%
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 57/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
57 / 112
FMT_MSA.3[4] Static attribute initializationStatic attribute initializationStatic attribute initializationStatic attribute initialization
FMT_MSA.3.1[4]
!he !S hall enforce the Lai"n<ent acce control SB. infor<ation flow control SB to #roi3e
Lelection chooe one of retrictie. #er<iie. Lai"n<ent other #ro#ert 3efault alue for the
ecurit attribute $Uer attribute Uer attribute Uer attribute Uer attribute ofofofof ): N #rint ): N #rint ): N #rint ): N #rint file file file file % that are ue3 to enforce the SB
Lelection chooe one of retrictie. #er<iie. Lai"n<ent other #ro#ert
Lai"n<ent other #ro#ertLai"n<ent other #ro#ertLai"n<ent other #ro#ertLai"n<ent other #ro#ert Shall beShall beShall beShall be eIual to eIual to eIual to eIual to the alue the alue the alue the alue of the uer attribute of the uer of the uer attribute of the uer of the uer attribute of the uer of the uer attribute of the uer whowhowhowho
toretoretoretore thatthatthatthat ): N #rint ): N #rint ): N #rint ): N #rint file file file file
Lai"n<ent acce control SB. infor<ation flow control SB
): N #rint ): N #rint ): N #rint ): N #rint filefilefilefile acce control acce control acce control acce control
FMT_MSA.3.2[4]
!he !S hall allow the Lai"n<ent the authorie3 i3entifie3 role to #ecif alternatie initial
alue to oerri3e the 3efault alue when an obHect or infor<ation i create3
Lai"n<ent the authorize3 i3entifie3 role
(one (one (one (one
ierarchical to (o other co<#onent
:e#en3encie M!MSA1 $(/A% . M!SM1 $(/A%
FMT_MTD.1[1] Mana"e<entMana"e<entMana"e<entMana"e<ent of of of of !S!S!S!S 3ata3ata3ata3ata
FMT_MTD.1.1[1]
$ $$ $When When When When the the the the L<achine L<achine L<achine L<achine authentication authentication authentication authentication i i i i electe3 electe3 electe3 electe3 a a a a the the the the Uer Uer Uer Uer authentication authentication authentication authentication <etho3 <etho3 <etho3 <etho3% %% % !he !S hall
retrict the abilit to Lelection chan"e3efault. Iuer. <o3if. 3elete. clear . Lai"n<ent other
o#eration the Lai"n<ent lit of !S 3ata to Lai"n<ent the authorize3 i3entifie3 role
Lai"n<ent lit of !S 3ata
Uer Uer Uer Uer # ## #awor3 awor3 awor3 awor3
Lelection chan"e3efault. Iuer. <o3if. 3elete. clear . Lai"n<ent other o#eration
Lai"n<entLai"n<entLai"n<entLai"n<ent other other other other o#eration o#eration o#eration o#eration e"itration e"itration e"itration e"itration
Lai"n<ent the authorize3 i3entifie3 role A3<initrator A3<initrator A3<initrator A3<initrator
ierarchical to (o other co<#onent
:e#en3encie M!SM1 $M!SM1% . M!SM1 $M!SM1L2%
FMT_MTD.1[2] Mana"e<entMana"e<entMana"e<entMana"e<ent of of of of !S!S!S!S 3ata3ata3ata3ata
FMT_MTD.1.1[2]
$ $$ $When When When When the the the the L<achine L<achine L<achine L<achine authentication authentication authentication authentication i i i i electe3 electe3 electe3 electe3 a a a a the the the the Uer Uer Uer Uer authentication authentication authentication authentication <etho3 <etho3 <etho3 <etho3% %% % !he !S hall
retrict the abilit to Lelection chan"e3efault. Iuer. <o3if. 3elete. clear . Lai"n<ent other
o#eration the Lai"n<ent lit of !S 3ata to Lai"n<ent the authorize3 i3entifie3 role
Lai"n<ent lit of !S 3ata
Uer Uer Uer UerJ JJ J own own own own uer uer uer uer #awor3 #awor3 #awor3 #awor3Lelection chan"e3efault. Iuer. <o3if. 3elete. clear . Lai"n<ent other o#eration
<o3if <o3if <o3if <o3if
Lai"n<ent the authorize3 i3entifie3 role
- -- - Uer Uer Uer Uer
- -- - A3<initrator A3<initrator A3<initrator A3<initrator
ierarchical to (o other co<#onent
:e#en3encie M!SM1 $M!SM1% . M!SM1 $M!SM1L2. M!SM1L%
FMT_MTD.1[3] Mana"e<entMana"e<entMana"e<entMana"e<ent of of of of !S!S!S!S 3ata3ata3ata3ata
FMT_MTD.1.1[3]!he !S hall retrict the abilit to Lelection chan"e3efault. Iuer. <o3if. 3elete. clear . Lai"n<ent
other o#eration the Lai"n<ent lit of !S 3ata to Lai"n<ent the authorize3 i3entifie3 role
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 58/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
58 / 112
Lai"n<ent lit of !S 3ata
- -- - Uer Uer Uer Uer ): ): ): ):
- -- - Account Account Account Account ): ): ): ):
- -- - Account Account Account Account #awor3 #awor3 #awor3 #awor3
- -- - Secure Secure Secure Secure #rint #rint #rint #rint #awor3 #awor3 #awor3 #awor3
- -- - Banel Banel Banel Banel auto auto auto auto lo" lo" lo" lo"- -- -off off off off ti<e ti<e ti<e ti<e
- -- - !hrehol3 !hrehol3 !hrehol3 !hrehol3 (u<ber (u<ber (u<ber (u<ber of of of of authentication authentication authentication authentication failure failure failure failure- -- - ,@ternal ,@ternal ,@ternal ,@ternal erer erer erer erer authentication authentication authentication authentication ettin" ettin" ettin" ettin" 3ata 3ata 3ata 3ata
- -- - S/ S/ S/ S/M)M, M)M, M)M, M)M, certificate certificate certificate certificate = == =
- -- - +elon"in" +elon"in" +elon"in" +elon"in" Account Account Account Account of of of of Uer Uer Uer Uer
- -- - e e e eleae ti<e ofleae ti<e ofleae ti<e ofleae ti<e of o#eration #rohibition foro#eration #rohibition foro#eration #rohibition foro#eration #rohibition for A3<initrator A3<initrator A3<initrator A3<initrator authentication authentication authentication authentication
- -- - ,ncr#tion ,ncr#tion ,ncr#tion ,ncr#tion #a#hrae #a#hrae #a#hrae #a#hrae
- -- - S(MB S(MB S(MB S(MB #awor3 #awor3 #awor3 #awor3
- -- - !S) !S) !S) !S) receiin" receiin" receiin" receiin" ettin" ettin" ettin" ettin" 3ata 3ata 3ata 3ata
- -- - Web:A4 erer #awor3 Web:A4 erer #awor3 Web:A4 erer #awor3 Web:A4 erer #awor3
Lelection chan"e3efault. Iuer. <o3if. 3elete. clear . Lai"n<ent other o#eration
<o3if <o3if <o3if <o3if
Lai"n<ent the authorize3 i3entifie3 role
A3<initrator A3<initrator A3<initrator A3<initratorierarchical to (o other co<#onent
:e#en3encie M!SM1 $M!SM1% . M!SM1 $M!SM1L2%
FMT_MTD.1[4] Mana"e<entMana"e<entMana"e<entMana"e<ent of of of of !S!S!S!S 3ata3ata3ata3ata
FMT_MTD.1.1[4]
!he !S hall retrict the abilit to Lelection chan"e3efault. Iuer. <o3if. 3elete. clear . Lai"n<ent
other o#eration the Lai"n<ent lit of !S 3ata to Lai"n<ent the authorize3 i3entifie3 role
Lai"n<ent lit of !S 3ata
Uer Uer Uer Uer bo@ bo@ bo@ bo@ #awor3 #awor3 #awor3 #awor3 of of of of th th th the ee e releant releant releant releant uer uer uer uer bo@ bo@ bo@ bo@
Lelection chan"e3efault. Iuer. <o3if. 3elete. clear . Lai"n<ent other o#eration
<o3if <o3if <o3if <o3ifLai"n<ent the authorize3 i3entifie3 role
- -- - Uer Uer Uer Uer who who who who i i i i #er<itte3 #er<itte3 #er<itte3 #er<itte3 to to to to ue ue ue ue that that that that #ublic #ublic #ublic #ublic uer uer uer uer bo@ bo@ bo@ bo@
- -- - A3<initrator A3<initrator A3<initrator A3<initrator
ierarchical to (o other co<#onent
:e#en3encie M!SM1 $M!SM1% . M!SM1 $M!SM1L2. M!SM1LF%
FMT_MTD.1[5] Mana"e<entMana"e<entMana"e<entMana"e<ent of of of of !S!S!S!S 3ata3ata3ata3ata
FMT_MTD.1.1[5]
!he !S hall retrict the abilit to Lelection chan"e3efault. Iuer. <o3if. 3elete. clear . Lai"n<ent
other o#eration the Lai"n<ent lit of !S 3ata to Lai"n<ent the authorize3 i3entifie3 role Lai"n<ent lit of !S 3ata
Uer Uer Uer Uer bo@ bo@ bo@ bo@ #awor3 #awor3 #awor3 #awor3
Lelection chan"e3efault. Iuer. <o3if. 3elete. clear . Lai"n<ent other o#eration
L LL Lai"n<ent ai"n<ent ai"n<ent ai"n<ent other other other other o#eration o#eration o#eration o#eration e"itration e"itration e"itration e"itration
Lai"n<ent the authorize3 i3entifie3 role
- -- - Uer Uer Uer Uer
- -- - A3<initrator A3<initrator A3<initrator A3<initrator
ierarchical to (o other co<#onent
:e#en3encie M!SM1 $M!SM1% . M!SM1 $M!SM1L2. M!SM1L%
9 )t inten3 the o#eration of re#lacin" a ettable 3i"ital certificate for each uer in tea3 of the <o3ification of thealue itelf
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 59/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
59 / 112
FMT_MTD.1[6] Mana"e<entMana"e<entMana"e<entMana"e<ent of of of of !S!S!S!S 3ata3ata3ata3ata
FMT_MTD.1.1[6]
!he !S hall retrict the abilit to Lelection chan"e3efault. Iuer. <o3if. 3elete. clear . Lai"n<ent
other o#eration the Lai"n<ent lit of !S 3ata to Lai"n<ent the authorize3 i3entifie3 role
Lai"n<ent lit of !S 3ata
A3<initrator A3<initrator A3<initrator A3<initrator #awor3 #awor3 #awor3 #awor3
Lelection chan"e3efault. Iuer. <o3if. 3elete. clear . Lai"n<ent other o#eration
<o3if <o3if <o3if <o3if
Lai"n<ent the authorize3 i3entifie3 role
- -- - A3<initrator A3<initrator A3<initrator A3<initrator
- -- - Serice Serice Serice Serice , ,, ,n"ineer n"ineer n"ineer n"ineer
ierarchical to (o other co<#onent
:e#en3encie M!SM1 $M!SM1% . M!SM1 $M!SM1L1. M!SM1L2%
FMT_MTD.1[7] Mana"e<entMana"e<entMana"e<entMana"e<ent of of of of !S!S!S!S 3ata3ata3ata3ata
FMT_MTD.1.1[7]!he !S hall retrict the abilit to Lelection chan"e3efault. Iuer. <o3if. 3elete. clear . Lai"n<ent
other o#eration the Lai"n<ent lit of !S 3ata to Lai"n<ent the authorize3 i3entifie3 role
Lai"n<ent lit of !S 3ata
- -- - S(MB S(MB S(MB S(MB #awor3 #awor3 #awor3 #awor3
- -- - Uer Uer Uer Uer #awor3 #awor3 #awor3 #awor3
- -- - Account Account Account Account #awor3 #awor3 #awor3 #awor3
- -- - Uer Uer Uer Uer bo@ bo@ bo@ bo@ #awor3 #awor3 #awor3 #awor3
- -- - Se Se Se Secure #rint #awor3cure #rint #awor3cure #rint #awor3cure #rint #awor3
- -- - Web:A4 erer #awor3 Web:A4 erer #awor3 Web:A4 erer #awor3 Web:A4 erer #awor3
Lelection chan"e3efault. Iuer. <o3if. 3elete. clear . Lai"n<ent other o#eration
Iuer Iuer Iuer Iuer
Lai"n<ent the authorize3 i3entifie3 role A3<initrator A3<initrator A3<initrator A3<initrator
ierarchical to (o other co<#onent
:e#en3encie M!SM1 $M!SM1% . M!SM1 $M!SM1L2%
FMT_MTD.1[8] Mana"e<entMana"e<entMana"e<entMana"e<ent of of of of !S!S!S!S 3ata3ata3ata3ata
FMT_MTD.1.1[8]
!he !S hall retrict the abilit to Lelection chan"e3efault. Iuer. <o3if. 3elete. clear . Lai"n<ent
other o#eration the Lai"n<ent lit of !S 3ata to Lai"n<ent the authorize3 i3entifie3 role
Lai"n<ent lit of !S 3ata
Secure Secure Secure Secure #rint #rint #rint #rint #awor3 #awor3 #awor3 #awor3
Lelection chan"e3efault. Iuer. <o3if. 3elete. clear . Lai"n<ent other o#eration Lai"n<ent Lai"n<ent Lai"n<ent Lai"n<ent other other other other o#er o#er o#er o#eration ation ation ation e"itration e"itration e"itration e"itration
Lai"n<ent the authorize3 i3entifie3 role
Uer Uer Uer Uer
ierarchical to (o other co<#onent
:e#en3encie M!SM1 $M!SM1% . M!SM1 $M!SM1L%
FMT_MTD.1[9] Mana"e<entMana"e<entMana"e<entMana"e<ent of of of of !S!S!S!S 3ata3ata3ata3ata
FMT_MTD.1.1[9]
!he !S hall retrict the abilit to Lelection chan"e3efault. Iuer. <o3if. 3elete. clear . Lai"n<ent
other o#eration the Lai"n<ent lit of !S 3ata to Lai"n<ent the authorize3 i3entifie3 role Lai"n<ent lit of !S 3ata
- -- - C, C, C, C, #awor3 #awor3 #awor3 #awor3
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 60/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
60 / 112
- -- - e e e eleae ti<e ofleae ti<e ofleae ti<e ofleae ti<e of o#eration #rohibition foro#eration #rohibition foro#eration #rohibition foro#eration #rohibition for C, C, C, C, authentication authentication authentication authentication
Lelection chan"e3efault. Iuer. <o3if. 3elete. clear . Lai"n<ent other o#eration
<o3if <o3if <o3if <o3if
Lai"n<ent the authorize3 i3entifie3 role
Serice Serice Serice Serice ,n"ineer ,n"ineer ,n"ineer ,n"ineer
ierarchical to (o other co<#onent
:e#en3encie M!SM1 $M!SM1% . M!SM1 $M!SM1L1%
FMT_MTD.1[10] Mana"e<entMana"e<entMana"e<entMana"e<ent of of of of !S!S!S!S 3ata3ata3ata3ata
FMT_MTD.1.1[10]
!he !S hall retrict the abilit to Lelection chan"e3efault. Iuer. <o3if. 3elete. clear . Lai"n<ent
other o#eration the Lai"n<ent lit of !S 3ata to Lai"n<ent the authorize3 i3entifie3 role
Lai"n<ent lit of !S 3ata
Uer Uer Uer Uer ): ): ): ):
Lelection chan"e3efault. Iuer. <o3if. 3elete. clear . Lai"n<ent other o#eration
Lai"n<ent Lai"n<ent Lai"n<ent Lai"n<ent other other other other o#eration o#eration o#eration o#eration e"itration e"itration e"itration e"itration
Lai"n<ent the authorize3 i3entifie3 role
A3<initrator. A3<initrator. A3<initrator. A3<initrator. ,@ternal ,@ternal ,@ternal ,@ternal erer erer erer erer
ierarchical to (o other co<#onent
:e#en3encie M!SM1 $M!SM1% . M!SM1 $M!SM1L2. M!SM1L5%
FMT_MTD.1[11] Mana"e<eMana"e<eMana"e<eMana"e<entntntnt of of of of !S!S!S!S 3ata3ata3ata3ata
FMT_MTD.1.1[11]
!he !S hall retrict the abilit to Lelection chan"e3efault. Iuer. <o3if. 3elete. clear . Lai"n<ent
other o#eration the Lai"n<ent lit of !S 3ata to Lai"n<ent the authorize3 i3entifie3 role
Lai"n<ent lit of !S 3ata
- -- - Account Account Account Account ): ): ): ):
- -- - Account Account Account Account #awor3 #awor3 #awor3 #awor3- -- - S/M)M, S/M)M, S/M)M, S/M)M, certificate certificate certificate certificate
- -- - :ata of !S) rece#tion ettin" :ata of !S) rece#tion ettin" :ata of !S) rece#tion ettin" :ata of !S) rece#tion ettin"
- -- - :ata of e@ternal erer authentication ettin" :ata of e@ternal erer authentication ettin" :ata of e@ternal erer authentication ettin" :ata of e@ternal erer authentication ettin"
Lelection chan"e3efault. Iuer. <o3if. 3elete. clear . Lai"n<ent other o#eration
Lai"n<ent Lai"n<ent Lai"n<ent Lai"n<ent other other other other o#eration o#eration o#eration o#eration e"itration e"itration e"itration e"itration
Lai"n<ent the authorize3 i3entifie3 role
A3<initrator A3<initrator A3<initrator A3<initrator
ierarchical to (o other co<#onent
:e#en3encie M!SM1 $M!SM1% . M!SM1 $M!SM1L2%
FMT_MTD.1[12] Mana"e<entMana"e<entMana"e<entMana"e<ent of of of of !S!S!S!S 3ata3ata3ata3ata
FMT_MTD.1.1[12]
!he !S hall retrict the abilit to Lelection chan"e3efault. Iuer. <o3if. 3elete. clear . Lai"n<ent
other o#eration the Lai"n<ent lit of !S 3ata to Lai"n<ent the authorize3 i3entifie3 role
Lai"n<ent lit of !S 3ata
+elon"in" +elon"in" +elon"in" +elon"in" Account Account Account Account of of of of a aa a uer uer uer uer oneelf oneelf oneelf oneelf
Lelection chan"e3efault. Iuer. <o3if. 3elete. clear . Lai"n<ent other o#eration
Lai"n<ent Lai"n<ent Lai"n<ent Lai"n<ent other other other other o#eration o#eration o#eration o#eration e"itration e"itration e"itration e"itration
Lai"n<ent the authorize3 i3entifie3 role
A3<initra A3<initra A3<initra A3<initrator.tor.tor.tor. the the the the uer uer uer uer who who who who i i i i #er<itte3 #er<itte3 #er<itte3 #er<itte3 to to to to ue ue ue ue of of of of the the the the account account account account 10 10 10 10
ierarchical to (o other co<#onent
10 A uer who inJt relate3 with an account na<e. an3 who wa infor<e3 of the account #awor3 for the account): fro< the a3<initrator off-line
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 61/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
61 / 112
:e#en3encie M!SM1 $M!SM1% . M!SM1 $M!SM1L2. M!SM1L6%
FMT_MTD.1[13] Mana"e<ent of !S 3ataMana"e<ent of !S 3ataMana"e<ent of !S 3ataMana"e<ent of !S 3ata
FMT_MTD.1.1[13]
!he !S hall retrict the abilit to Lelection chan"e3efault. Iuer. <o3if. 3elete. clear . Lai"n<entother o#eration the Lai"n<ent lit of !S 3ata to Lai"n<ent the authorize3 i3entifie3 role
Lai"n<ent lit of !S 3ata
U UU Uer ): er ): er ): er ):
Account ): Account ): Account ): Account ):
Lelection chan"e3efault. Iuer. <o3if. 3elete. clear . Lai"n<ent other o#eration
Lai"n<ent other o#eration Baue an3 reu<e Lai"n<ent other o#eration Baue an3 reu<e Lai"n<ent other o#eration Baue an3 reu<e Lai"n<ent other o#eration Baue an3 reu<e
Lai"n<ent the authorize3 i3entifie3 role
A3<initrator A3<initrator A3<initrator A3<initrator
ierarchical to (o other co<#onent
:e#en3encie M!SM1 $M!SM1% . M!SM1 $M!SM1L2. M!SM1L5%
FMT_SMF.1 S#ecificationS#ecificationS#ecificationS#ecification of of of of Mana"e<entMana"e<entMana"e<entMana"e<ent unctionunctionunctionunction
FMT_SMF.1.1
!he !S hall be ca#able of #erfor<in" the followin" <ana"e<ent function Lai"n<ent lit of
<ana"e<ent function to be #roi3e3 b the !S
Lai"n<ent lit of <ana"e<ent function to be #roi3e3 b the !S
- -- - Sto# Sto# Sto# Sto# unction unction unction unction of of of of ,nhance3 ,nhance3 ,nhance3 ,nhance3 ecurit ecurit ecurit ecurit function function function function b b b b a3<initrator a3<initrator a3<initrator a3<initrator
- -- - '#eration etu# function of'#eration etu# function of'#eration etu# function of'#eration etu# function of ): N #rint ): N #rint ): N #rint ): N #rint function b a3<initrator function b a3<initrator function b a3<initrator function b a3<initrator
- -- - '#eration '#eration '#eration '#eration Metho3 Metho3 Metho3 Metho3 S SS Settin" ettin" ettin" ettin" unction unction unction unction of of of of Uer Uer Uer Uer Authentication Authentication Authentication Authentication unction unction unction unction b b b b a3<initrator a3<initrator a3<initrator a3<initrator
- -- - '#eration '#eration '#eration '#eration Metho3 Metho3 Metho3 Metho3 Settin" Settin" Settin" Settin" unction unction unction unction of of of of Account Account Account Account Authentication Authentication Authentication Authentication unction unction unction unction b b b b a3<initrator a3<initrator a3<initrator a3<initrator
- -- - '#eration '#eration '#eration '#eration Settin" Settin" Settin" Settin" unction unction unction unction of of of of S(MB S(MB S(MB S(MB #awor3 #awor3 #awor3 #awor3 authentication authentication authentication authentication function function function function b b b b a3<initrator a3<initrator a3<initrator a3<initrator
- -- - Settin" Settin" Settin" Settin" function function function function of of of of a aa authentication uthentication uthentication uthentication failure failure failure failure freIuenc freIuenc freIuenc freIuenc threhol3 threhol3 threhol3 threhol3 b b b b a3<initrator a3<initrator a3<initrator a3<initrator in in in in the the the the authentication authentication authentication authentication
o#eration o#eration o#eration o#eration #rohibition #rohibition #rohibition #rohibition function function function function- -- - +ac;u# +ac;u# +ac;u# +ac;u# unction unction unction unction b b b b a3<initrator a3<initrator a3<initrator a3<initrator 11 11 11 11
- -- - etor etor etor etoration ation ation ation unction unction unction unction b b b b a3<initrator a3<initrator a3<initrator a3<initrator 12 12 12 12
- -- - e"itration e"itration e"itration e"itration function function function function of of of of account account account account ): ): ): ): b b b b a3<initrator a3<initrator a3<initrator a3<initrator
- -- - Mo3ific Mo3ific Mo3ific Mo3ification ation ation ation function function function function of of of of account account account account ): ): ): ): b b b b a3<initrator a3<initrator a3<initrator a3<initrator
- -- - e"itration e"itration e"itration e"itration function function function function of of of of account account account account #awor3 #awor3 #awor3 #awor3 b b b b a3<initrator a3<initrator a3<initrator a3<initrator
- -- - Mo3ification Mo3ification Mo3ification Mo3ification function function function function of of of of account account account account #awor3 #awor3 #awor3 #awor3 b b b b a3<initrator a3<initrator a3<initrator a3<initrator
- -- - Banel Banel Banel Banel Auto Auto Auto Auto *o" *o" *o" *o"- -- -off off off off !i<e !i<e !i<e !i<e Settin" Settin" Settin" Settin" unction unction unction unction b b b b a3<initrator a3<initrator a3<initrator a3<initrator
- -- - Mo3ification Mo3ification Mo3ification Mo3ification function function function function of of of of a aa a3<initrator 3<initrator 3<initrator 3<initrator #awor3 #awor3 #awor3 #awor3 b b b b a3<initrator a3<initrator a3<initrator a3<initrator
- -- - Mo3ification Mo3ification Mo3ification Mo3ification function function function function of of of of S(MB S(MB S(MB S(MB #awor3 #awor3 #awor3 #awor3 b b b b a3<initrator a3<initrator a3<initrator a3<initrator
- -- - e"itration e"itration e"itration e"itration function function function function of of of of uer uer uer uer bo@ bo@ bo@ bo@ #awor3 #awor3 #awor3 #awor3 b b b b a3<initrator a3<initrator a3<initrator a3<initrator
- -- - Mo3ification Mo3ification Mo3ification Mo3ification function function function function of of of of uer uer uer uer bo@ bo@ bo@ bo@ #awor3 #awor3 #awor3 #awor3 b b b b a3<initrator a3<initrator a3<initrator a3<initrator
- -- - Mo3ification function of Web:A4Mo3ification function of Web:A4Mo3ification function of Web:A4Mo3ification function of Web:A4 erer #awor3 berer #awor3 berer #awor3 berer #awor3 b a3<initrator a3<initrator a3<initrator a3<initrator
- -- - e"itration function of uer bo@ b a3<initrator e"itration function of uer bo@ b a3<initrator e"itration function of uer bo@ b a3<initrator e"itration function of uer bo@ b a3<initrator
- -- - Mo3ification Mo3ification Mo3ification Mo3ification function function function function of of of of uer uer uer uer attribute attribute attribute attribute of of of of the the the the uer uer uer uer bo@ bo@ bo@ bo@ b b b b the the the the a3<initrator a3<initrator a3<initrator a3<initrator
- -- - e"itration e"itration e"itration e"itration function function function function of of of of uer uer uer uer ): ): ): ): b b b b a3<initrator a3<initrator a3<initrator a3<initrator
- -- - Sto# Sto# Sto# Sto# function of uer b a3<ini function of uer b a3<ini function of uer b a3<ini function of uer b a3<initrator trator trator trator
- -- - eu<e function of uer b a3<initrator eu<e function of uer b a3<initrator eu<e function of uer b a3<initrator eu<e function of uer b a3<initrator
- -- - Sto# Sto# Sto# Sto# function of account b a3<initrator function of account b a3<initrator function of account b a3<initrator function of account b a3<initrator
- -- - eu<e function of account b a3<initrator eu<e function of account b a3<initrator eu<e function of account b a3<initrator eu<e function of account b a3<initrator
- -- - e"itration e"itration e"itration e"itration function function function function of of of of uer uer uer uer #awor3 #awor3 #awor3 #awor3 when when when when <etho3 <etho3 <etho3 <etho3 of of of of uer uer uer uer authentication authentication authentication authentication b b b b a3<initrator a3<initrator a3<initrator a3<initrator i i i i
<achine <achine <achine <achine authenticati authenticati authenticati authentication on on on
- -- - Mo3ification Mo3ification Mo3ification Mo3ification function function function function of of of of uer uer uer uer #awor3 #awor3 #awor3 #awor3 when when when when <etho3 <etho3 <etho3 <etho3 of of of of uer uer uer uer authentication authentication authentication authentication b b b b a3<initrator a3<initrator a3<initrator a3<initrator i i i i
<achine <achine <achine <achine authentication authentication authentication authentication
11 A #art of the bac;u# function corre#on3 to the inIuir function of !S 3ata12 A #art of the retoration function corre#on3 to the <o3ification function of !S 3ata
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 62/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
62 / 112
- -- - e"itration e"itration e"itration e"itration function function function function of of of of S/M)M, S/M)M, S/M)M, S/M)M, certificate certificate certificate certificate b b b b a3<initrator a3<initrator a3<initrator a3<initrator
- -- - e"itration e"itration e"itration e"itration <o3ification <o3ification <o3ification <o3ification function function function function of of of of S/M)M, S/M)M, S/M)M, S/M)M, certificate certificate certificate certificate b b b b a3<init a3<init a3<init a3<initrator rator rator rator
- -- - '#eration '#eration '#eration '#eration ettin" ettin" ettin" ettin" function function function function of of of of S/M)M, S/M)M, S/M)M, S/M)M, function function function function b b b b a3<initrator a3<initrator a3<initrator a3<initrator
- -- - '#eration '#eration '#eration '#eration ettin" ettin" ettin" ettin" function function function function of of of of !rute3 !rute3 !rute3 !rute3 Channel Channel Channel Channel function function function function b b b b a3<initrator a3<initrator a3<initrator a3<initrator
- -- - e"itration e"itration e"itration e"itration function function function function of of of of +elon"in" +elon"in" +elon"in" +elon"in" Account Account Account Account of of of of uer uer uer uer b b b b a3<initrator a3<initrator a3<initrator a3<initrator
- -- - Mo3ification Mo3ification Mo3ification Mo3ification function function function function of of of of +elon"in" +elon"in" +elon"in" +elon"in" Acco Acco Acco Account unt unt unt of of of of uer uer uer uer b b b b a3<initrator a3<initrator a3<initrator a3<initrator
- -- - Mo3ification Mo3ification Mo3ification Mo3ification function function function function of of of of eleae ti<e ofeleae ti<e ofeleae ti<e ofeleae ti<e of o#eration #rohibition foro#eration #rohibition foro#eration #rohibition foro#eration #rohibition for A3<initrator A3<initrator A3<initrator A3<initrator authentication authentication authentication authentication b b b ba3<initrator a3<initrator a3<initrator a3<initrator
- -- - Mo3ification Mo3ification Mo3ification Mo3ification function function function function of of of of ,ncr#tion ,ncr#tion ,ncr#tion ,ncr#tion #a#hrae #a#hrae #a#hrae #a#hrae b b b b a3<initrator a3<initrator a3<initrator a3<initrator
- -- - Mo3ification Mo3ification Mo3ification Mo3ification function function function function of of of of !S) !S) !S) !S) receiin" receiin" receiin" receiin" ett ett ett ettin" in" in" in" 3ata 3ata 3ata 3ata b b b b a3<initrator a3<initrator a3<initrator a3<initrator
- -- - Mo3ification Mo3ification Mo3ification Mo3ification function function function function of of of of C,C,C,C, #awor3 #awor3 #awor3 #awor3 b b b b erice erice erice erice en"ineer en"ineer en"ineer en"ineer
- -- - Mo3ification Mo3ification Mo3ification Mo3ification function function function function of of of of a3<initrator a3<initrator a3<initrator a3<initrator #awor3 #awor3 #awor3 #awor3 b b b b erice erice erice erice en"ineer en"ineer en"ineer en"ineer
- -- - Sto# Sto# Sto# Sto# function function function function of of of of ,nhance3 ,nhance3 ,nhance3 ,nhance3 Securit Securit Securit Securit function function function function b b b b erice erice erice erice en"ineer en"ineer en"ineer en"ineer
- -- - Mo3ification Mo3ification Mo3ification Mo3ification function function function function of of of of eleae eleae eleae eleae ti<e ofti<e ofti<e ofti<e of o#eration #rohibition foro#eration #rohibition foro#eration #rohibition foro#eration #rohibition for C, C, C, C, authentication authentication authentication authentication b b b b erice erice erice erice
en"ineer en"ineer en"ineer en"ineer
- -- - 'erwrite 'erwrite 'erwrite 'erwrite function function function function for for for for the the the the 3efault 3efault 3efault 3efault alue alue alue alue of of of of the the the the uer uer uer uer attribute attribute attribute attribute of of of of the the the the uer uer uer uer bo@ bo@ bo@ bo@ b b b b the the the the ueruerueruer
- -- - Mo3ification Mo3ification Mo3ification Mo3ification function function function function of of of of uer uer uer uer #awor3 #awor3 #awor3 #awor3 when when when when <etho3 <etho3 <etho3 <etho3 of of of of uer uer uer uer authentication authentication authentication authentication i i i i <achine <achine <achine <achine
a aa authentication uthentication uthentication uthentication b b b b uer uer uer uer
- -- - e"itration e"itration e"itration e"itration function function function function of of of of uer uer uer uer bo@ bo@ bo@ bo@ #awor3 #awor3 #awor3 #awor3 b b b b uer uer uer uer
- -- - Mo3ification Mo3ification Mo3ification Mo3ification function function function function of of of of uer uer uer uer attribute attribute attribute attribute of of of of uer uer uer uer bo@ bo@ bo@ bo@ b b b b uer uer uer uer
- -- - e"itration e"itration e"itration e"itration function function function function of of of of +elon"in" +elon"in" +elon"in" +elon"in" Account Account Account Account of of of of uer uer uer uer oneelf oneelf oneelf oneelf b b b b uer uer uer uer who who who who i i i i #er<itte3 #er<itte3 #er<itte3 #er<itte3 the the the the ue ue ue ue of of of of the the the the
account account account account
- -- - Uer Uer Uer Uer bo@ bo@ bo@ bo@ re"itration re"itration re"itration re"itration function function function function b b b b uer uer uer uer
- -- - Auto<atic Auto<atic Auto<atic Auto<atic B BB Beronal eronal eronal eronal uer uer uer uer bo@ bo@ bo@ bo@ re"itration re"itration re"itration re"itration function function function function b b b b uer uer uer uer bo@ bo@ bo@ bo@ tore3 tore3 tore3 tore3 Hob Hob Hob Hob that that that that #ecifie #ecifie #ecifie #ecifie unre"itere3 unre"itere3 unre"itere3 unre"itere3
bo@ bo@ bo@ bo@ b b b b uer uer uer uer
- -- - Ma Ma Ma Machine chine chine chine non non non non- -- -re"itere3 re"itere3 re"itere3 re"itere3 uer uer uer uerJ JJ J uer uer uer uer ): ): ): ): auto<atic auto<atic auto<atic auto<atic re"itration re"itration re"itration re"itration function function function function with with with with e@ternal e@ternal e@ternal e@ternal erer erer erer erer when when when when
uer uer uer uer authe authe authe authentic ntic ntic ntication ation ation ation <etho3 <etho3 <etho3 <etho3 i i i i e@ternal e@ternal e@ternal e@ternal erer erer erer erer authentication authentication authentication authentication
- -- - e"itration e"itration e"itration e"itration function function function function of of of of ecure ecure ecure ecure #rint #rint #rint #rint #awor3 #awor3 #awor3 #awor3 accor3in" accor3in" accor3in" accor3in" to to to to ecure ecure ecure ecure #rint #rint #rint #rint file file file file re"itration re"itration re"itration re"itration b b b b uer uer uer uer
- -- - Mo3ification Mo3ification Mo3ification Mo3ification function function function function of of of of uer uer uer uer attribute attribute attribute attribute of of of of uer uer uer uer bo@ bo@ bo@ bo@ b b b b uer uer uer uer who who who who i i i i #er<itte3 #er<itte3 #er<itte3 #er<itte3 the the the the ue ue ue ue of of of of #ublic #ublic #ublic #ublic uer uer uer uer b bb bo@ o@ o@ o@
- -- - Mo3ification Mo3ification Mo3ification Mo3ification function function function function of of of of uer uer uer uer bo@ bo@ bo@ bo@ #awor3 #awor3 #awor3 #awor3 of of of of the the the the uer uer uer uer bo@ bo@ bo@ bo@ b b b b uer uer uer uer who who who who i i i i #er<itte3 #er<itte3 #er<itte3 #er<itte3 the the the the ue ue ue ue of of of of #ublic #ublic #ublic #ublic
uer uer uer uer bo@ bo@ bo@ bo@
- -- - Mo3ification Mo3ification Mo3ification Mo3ification function function function function of of of of the the the the concerne3 concerne3 concerne3 concerne3 uer uer uer uer bo@ bo@ bo@ bo@J JJ J uer uer uer uer attribute attribute attribute attribute b b b b uer uer uer uer who who who who i i i i #er<itte3 #er<itte3 #er<itte3 #er<itte3 the the the the ue ue ue ue of of of ofthe the the the "rou# "rou# "rou# "rou# bo@ bo@ bo@ bo@
ierarchical to (o other co<#onent
:e#en3encie (o 3e#en3encie
FMT_SMR.1[1] SecuritSecuritSecuritSecurit rolerolerolerole
FMT_SMR.1.1[1]
!he !S hall <aintain the role Lai"n<ent the authorie3 i3entifie3 role
Lai"n<ent the authorie3 i3entifie3 role
Serice Serice Serice Serice ,n"ineer ,n"ineer ,n"ineer ,n"ineer
FMT_SMR.1.2[1]!he !S hall be able to aociate uer with role
ierarchical to (o other co<#onent
:e#en3encie )AU):1 $)AU):2L1%
FMT_SMR.1[2] SecuritSecuritSecuritSecurit rolerolerolerole
FMT_SMR.1.1[2]
!he !S hall <aintain the role Lai"n<ent the authorie3 i3entifie3 role
Lai"n<ent the authorie3 i3entifie3 role
A3<initrator A3<initrator A3<initrator A3<initrator
FMT_SMR.1.2[2]
!he !S hall be able to aociate uer with roleierarchical to (o other co<#onent
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 63/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
63 / 112
:e#en3encie )AU):1 $)AU):2L2%
FMT_SMR.1[3] SecuritSecuritSecuritSecurit rolerolerolerole
FMT_SMR.1.1[3]
!he !S hall <aintain the role Lai"n<ent the authorie3 i3entifie3 role Lai"n<ent the authorie3 i3entifie3 role
U UU Uer er er er
FMT_SMR.1.2[3]
!he !S hall be able to aociate uer with role
ierarchical to (o other co<#onent
:e#en3encie )AU):1 $)AU):2L%
FMT_SMR.1[4] SecuritSecuritSecuritSecurit rolerolerolerole
FMT_SMR.1.1[4]
!he !S hall <aintain the role Lai"n<ent the authorie3 i3entifie3 role
Lai"n<ent the authorie3 i3entifie3 role Uer Uer Uer Uer who who who who i i i i authorize3 authorize3 authorize3 authorize3 to to to to ue ue ue ue that that that that #ublic #ublic #ublic #ublic uer uer uer uer bo@ bo@ bo@ bo@
FMT_SMR.1.2[4]
!he !S hall be able to aociate uer with role
ierarchical to (o other co<#onent
:e#en3encie )AU):1 $)AU):2L5%
FMT_SMR.1[5] SecuritSecuritSecuritSecurit rolerolerolerole
FMT_SMR.1.1[5]
!he !S hall <aintain the role Lai"n<ent the authorie3 i3entifie3 role
Lai"n<ent the authorie3 i3entifie3 role ,@ternal ,@ternal ,@ternal ,@ternal erer erer erer erer
FMT_SMR.1.2[5]
!he !S hall be able to aociate uer with role
ierarchical to (o other co<#onent
:e#en3encie )AU):1 $)AU):2LR%
FMT_SMR.1[6] SecuritSecuritSecuritSecurit rolerolerolerole
FMT_SMR.1.1[6]
!he !S hall <aintain the role Lai"n<ent the authorie3 i3entifie3 role
Lai"n<ent the authorie3 i3entifie3 role
! !! !he he he he uer uer uer uer who who who who i i i i #er<i #er<i #er<i #er<itte3 tte3 tte3 tte3 to to to to ue ue ue ue of of of of the the the the account account account account
FMT_SMR.1.2[6]
!he !S hall be able to aociate uer with role
ierarchical to (o other co<#onent
:e#en3encie )AU):1 $)AU):2L6%
6115611561156115 !', Acce
FTA_SSL.3 !S!S!S!S----initiate3initiate3initiate3initiate3 ter<inationter<inationter<inationter<ination
FTA_SSL.3.1
!he !S hall ter<inate an interactie eion after a Lai"n<ent ti<e interal of uer inactiit
Lai"n<ent ti<e interal of uer inactiit
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 64/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
64 / 112
!i<e !i<e !i<e !i<e 3eci3e3 3eci3e3 3eci3e3 3eci3e3 fro< fro< fro< fro< the the the the final final final final o#eration o#eration o#eration o#eration 3e#en3in" 3e#en3in" 3e#en3in" 3e#en3in" on on on on the the the the #anel #anel #anel #anel auto auto auto auto lo"off lo"off lo"off lo"off ti<e ti<e ti<e ti<e $1 $1 $1 $1- -- -= == = <inute/% <inute/% <inute/% <inute/% while while while while a aa a
a3<in a3<in a3<in a3<initrator itrator itrator itrator or or or or a aa a uer uer uer uer i i i i o#eratin" o#eratin" o#eratin" o#eratin" on on on on the the the the #anel #anel #anel #anel
ierarchical to (o other co<#onent
:e#en3encie (o 3e#en3encie
6116611661166116 !rute3 Ba/Channel
FTP_ITC.1 )nter)nter)nter)nter----!S!S!S!S trute3trute3trute3trute3 channelchannelchannelchannel
FTP_ITC.1.1
!he !S hall #roi3e a co<<unication channel between itelf an3 another trute3 )! #ro3uct that i
lo"icall 3itinct fro< other co<<unication channel an3 #roi3e aure3 i3entification of it en3
#oint an3 #rotection of the channel 3ata fro< <o3ification or 3icloure
FTP_ITC.1.2
!he !S hall #er<it Lelection the !S. another trute3 )! #ro3uct to initiate co<<unication ia the
trute3 channel
Lelection the !S. another trute3 )! #ro3uct
!he !he !he !he other other other other trute3 trute3 trute3 trute3 )! )! )! )! #ro3uct #ro3uct #ro3uct #ro3uctFTP_ITC.1.3
!he !S hall initiate co<<unication ia the trute3 channel for Lai"n<ent lit of function for which
a trute3 channel i reIuire3
Lai"n<ent lit of function for which a trute3 channel i reIuire3
- -- - :ownloa3 :ownloa3 :ownloa3 :ownloa3 of of of of the the the the uer uer uer uer bo@ bo@ bo@ bo@ filefilefilefile
- -- - U#loa3 U#loa3 U#loa3 U#loa3 of of of of the the the the i<a"e i<a"e i<a"e i<a"e file file file file that that that that will will will will be be be be tore3 tore3 tore3 tore3 a a a a a aa a uer uer uer uer bo@ bo@ bo@ bo@ filefilefilefile
- -- - U UU U#loa3 #loa3 #loa3 #loa3 of of of of the the the the i<a"e i<a"e i<a"e i<a"e file file file file that that that that will will will will be be be be the the the the ecure ecure ecure ecure #rint #rint #rint #rint filefilefilefile
- -- - U#loa3 of the i<a"e file that will be the ): N Brint fileU#loa3 of the i<a"e file that will be the ): N Brint fileU#loa3 of the i<a"e file that will be the ): N Brint fileU#loa3 of the i<a"e file that will be the ): N Brint file
ierarchical to (o other co<#onent
:e#en3encie (o 3e#en3encie
611R611R611R611R ,@tenion e<ainin" All )nfor<ation Brotection
FAD_RIP.1 Brotection of all re<aiBrotection of all re<aiBrotection of all re<aiBrotection of all re<aininininin" infor<ation after e@#licit 3eletion o#erationn" infor<ation after e@#licit 3eletion o#erationn" infor<ation after e@#licit 3eletion o#erationn" infor<ation after e@#licit 3eletion o#eration
FAD_RIP.1.1
!S hall enure that the content of the infor<ation allocate3 to ource before hall not be aailable
after the e@#licit 3eletion o#eration a"aint the obHect an3 !S 3ata Lai"n<ent lit of obHect an3 lit
of !S 3ata
Lai"n<ent *it of obHect an3 lit of !S 3ata
8 88 8'bHect 'bHect 'bHect 'bHect9 99 9
- -- - Uer Uer Uer Uer +o@ +o@ +o@ +o@ file file file file
- -- - Secure Secure Secure Secure #rint #rint #rint #rint file file file file
- -- - ): N #rint ): N #rint ): N #rint ): N #rint file file file file
- -- - 'n 'n 'n 'n- -- -<e< <e< <e< <e<o oo or r r r i<a"e i<a"e i<a"e i<a"e file file file file
- -- - Store3 Store3 Store3 Store3 i<a"e i<a"e i<a"e i<a"e file file file file
- -- - :: r :: r :: r :: re<ainin" e<ainin" e<ainin" e<ainin" i<a"e i<a"e i<a"e i<a"e file file file file
- -- - ) )) )<a"e <a"e <a"e <a"e- -- -relate3 relate3 relate3 relate3 file file file file
- -- - !ran<iion !ran<iion !ran<iion !ran<iion a33re a33re a33re a33re 3ata 3ata 3ata 3ata file file file file
8 88 8!S !S !S !S 3ata 3ata 3ata 3ata9 99 9
- -- - ,ncr#tion ,ncr#tion ,ncr#tion ,ncr#tion #a#hrae #a#hrae #a#hrae #a#hrae
- -- - A3<initrator A3<initrator A3<initrator A3<initrator #awor3 #awor3 #awor3 #awor3
- -- - S(MB S(MB S(MB S(MB #awor3 #awor3 #awor3 #awor3
- -- - Web:A4 erer #awor3 Web:A4 erer #awor3 Web:A4 erer #awor3 Web:A4 erer #awor3- -- - Uer Uer Uer Uer ): ): ): ):
- -- - Uer Uer Uer Uer #awor3 #awor3 #awor3 #awor3
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 65/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
65 / 112
- -- - Uer Uer Uer Uer +o@ +o@ +o@ +o@ #awor3 #awor3 #awor3 #awor3
- -- - Secure Secure Secure Secure #rint #rint #rint #rint #awor3 #awor3 #awor3 #awor3
- -- - Account Account Account Account ): ): ): ):
- -- - Account Account Account Account #awor3 #awor3 #awor3 #awor3
- -- - S/M)M, S/M)M, S/M)M, S/M)M, certificate certificate certificate certificate
- -- - SS* certificate SS* certificate SS* certificate SS* certificate
ierarchical to (o other co<#onent:e#en3encie (o 3e#en3encie
6117611761176117 ,@tenion Ca#abilit of Uin" )! ,niron<ent ,ntit
FIT_CAP.1[1] Ca#abilitCa#abilitCa#abilitCa#abilit of of of of uin"uin"uin"uin" ecuritecuritecuritecurit ericeericeericeerice of of of of )!)!)!)! eniron<enteniron<enteniron<enteniron<ent entitentitentitentit
FIT_CAP.1.1[1]
!S hall #roi3e the necear ca#abilit to ue the erice for Lai"n<ent ecurit erice #roi3e3
b )! eniron<ent entit Lai"n<ent necear ca#abilit lit for the o#eration of ecurit erice
Lai"n<ent ecurit erice #roi3e3 b )! eniron<ent entit Uer Uer Uer Uer authentication authentication authentication authentication function function function function of of of of uer uer uer uer infor<ation infor<ation infor<ation infor<ation <ana"e<ent <ana"e<ent <ana"e<ent <ana"e<ent erer erer erer erer uin" uin" uin" uin" Actie :irector Actie :irector Actie :irector Actie :irector
Lai"n<ent necear ca#abilit lit for the o#eration of ecurit erice
- -- - )nIuir )nIuir )nIuir )nIuir function function function function of of of of authentication authentication authentication authentication infor<atio infor<atio infor<atio infor<ation nn n for for for for the the the the i3entification i3entification i3entification i3entification an3 an3 an3 an3 authentication authentication authentication authentication tar"et tar"et tar"et tar"et uer uer uer uer
- -- - AcIuire<ent AcIuire<ent AcIuire<ent AcIuire<ent function function function function of of of of authentication authentication authentication authentication infor<ation infor<ation infor<ation infor<ation for for for for the the the the i3entification i3entification i3entification i3entification an3 an3 an3 an3 authentication authentication authentication authentication tar"et tar"et tar"et tar"et
uer uer uer uer
ierarchical to (o other co<#onent
:e#en3encie (o 3e#en3encie
FIT_CAP.1[2] Ca#abilitCa#abilitCa#abilitCa#abilit of of of of uin"uin"uin"uin" ecuritecuritecuritecurit ericeericeericeerice of of of of )!)!)!)! eniron<enteniron<enteniron<enteniron<ent entitentitentitentit
FIT_CAP.1.1[2]!S hall #roi3e the necear ca#abilit to ue the erice for Lai"n<ent ecurit erice #roi3e3
b )! eniron<ent entit Lai"n<ent necear ca#abilit lit for the o#eration of ecurit erice
Lai"n<ent ecurit erice #roi3e3 b )! eniron<ent entit
:: e :: e :: e :: encr#tion ncr#tion ncr#tion ncr#tion function function function function achiee3 achiee3 achiee3 achiee3 b b b b AS)C AS)C AS)C AS)C
Lai"n<ent necear ca#abilit lit for the o#eration of ecurit erice
Su##ort Su##ort Su##ort Su##ort function function function function of the of the of the of the i ii i<a"e file<a"e file<a"e file<a"e file #rocein" #rocein" #rocein" #rocein" b b b b :::::::: encr#tion encr#tion encr#tion encr#tion function function function function
ierarchical to (o other co<#onent
:e#en3encie (o 3e#en3encie
612612612612 !', Securit Aurance eIuire<ent
!he !', i a co<<ercial office #ro3uct that i ue3 in a "eneral office eniron<ent. an3
therefore a !', ecurit aurance reIuire<ent that i reIuire3 for ,A* confor<ance. which
i a ufficient leel a an aurance for co<<ercial office #ro3uct. i a##lie3 !he followin" table
u<<arize the a##lie3 !', ecurit aurance reIuire<ent
!!!!ableableableable 7777 !',!',!',!', SecuritSecuritSecuritSecurit Aurance Aurance Aurance Aurance eIuire<enteIuire<enteIuire<enteIuire<ent
!', Securit Aurance eIuire<ent Co<#onent
Securit architecture 3ecri#tion A:4AC1 A:4 :eelo#<entunctional #ecification with co<#lete u<<ar A:4SB
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 66/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
66 / 112
!', Securit Aurance eIuire<ent Co<#onent
Architectural 3ei"n A:4!:S2
'#erational uer "ui3ance AG:'B,1 AG: Gui3ance 3ocu<ent
Bre#aratie #roce3ure AG:B,1
Authoriation control A*CCMC
)<#le<entation re#reentation CM coera"e A*CCMS
:elier #roce3ure A*C:,*1
)3entification of ecurit <eaure A*C:4S1
A*C *ife Ccle Su##ort
:eelo#er 3efine3 life-ccle <o3el A*C*C:1
Confor<ance clai< AS,CC*1
,@ten3e3 co<#onent 3efinition AS,,C:1
S! intro3uction AS,)(!1
Securit obHectie AS,'+>2
:erie3 ecurit reIuire<ent AS,,T2
Securit #roble< 3efinition AS,SB:1
AS, Securit !ar"et ,aluation
!', u<<ar #ecification AS,!SS1
Anali of coera"e A!,C'42
!etin" baic 3ei"n A!,:B!1
unctional tetin" A!,U(1 A!, !et
)n3e#en3ent tetin" - a<#le A!,)(:2
A4A 4ulnerabilit Ae<ent 4ulnerabilit anali A4A4A(2
62626262 )! Securit eIuire<ent ationale
621621621621 ationale for )! Securit unctional eIuire<ent
6211621162116211 (eceit
!he corre#on3ence between the ecurit obHectie an3 the )! ecurit functional
reIuire<ent are hown in the followin" table )t how that the )! ecurit functional
reIuire<ent corre#on3 to at leat one ecurit obHectie
!able!able!able!able ==== Confor<itConfor<itConfor<itConfor<it of of of of )!)!)!)! SecuritSecuritSecuritSecurit unctionalunctionalunctionalunctional eIuire<enteIuire<enteIuire<enteIuire<ent totototo SecuritSecuritSecuritSecurit 'bHectie'bHectie'bHectie'bHectie
Securit 'bHectie
Securit
unctional
eIuire<ent
O.R E
GI S T E R E D - U
S E R
O.P R I V A T E -B
OX
O.P
U B L I C -B
OX
O. GR
O U P -B
OX
O. S E
C U R E -P R I N T
O. C
ON F I G
O. OV E R WR I T E -A L L
O. C R Y P T
O-K E Y
O.T R
U S T E D -P A
S S
O. C R Y P T
O-MA I L
O.F A X - C
ON T R
OL
O.A
U T H - C A P A B I L I T Y
O. C R Y P T
O- C A P A B I L I T Y
* s e t . a d mi n
* s e t . s er v i c
e
set.admin X X X X X Xset.service X X X X X X
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 67/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
67 / 112
Securit 'bHectie
Securit
unctional
eIuire<ent
O.R E
GI S T E R E D
- U S E R
O.P R I V A T E -B
OX
O.P
U B L I C -B
OX
O. GR
O U P -B
OX
O. S E
C U R E -P R I N T
O. C
ON F I G
O. OV E R WR I T E -A L L
O. C R Y P T
O-K E Y
O.T R
U S T E D -P A
S S
O. C R Y P T
O-MA I L
O.F A X - C
ON T R
O
L
O.A
U T H - C A P A B
I L I T Y
O. C R Y P T
O- C A P A B I L I T Y
* s e t . a d mi n
* s e t . s er v i c
e
FCS_CKM.1 X X
FCS_COP.1 X
FDP_ACC.1[1] X X X X
FDP_ACC.1[2] X X
FDP_ACC.1[3] X
FDP_ACC.1[4] X X
FDP_ACF.1[1] X X X X
FDP_ACF.1[2] X X
FDP_ACF.1[3] XFDP_ACF.1[4] X X
FDP_IFC.1 X
FDP_IFF.1 X
FIA_AFL.1[1] X
FIA_AFL.1[2] X
FIA_AFL.1[3] X
FIA_AFL.1[4] X
FIA_AFL.1[5] X
FIA_AFL.1[6] X
FIA_AFL.1[7] X
FIA_AFL.1[8] X X X X X X
FIA_AFL.1[9] X
FIA_ATD.1 X X X X X
FIA_SOS.1[1] X X X X X X
FIA_SOS.1[2] X
FIA_SOS.1[3] X
FIA_SOS.1[4] X
FIA_SOS.1[5] X X X
FIA_SOS.2 X X X
FIA_UAU.2[1] X
FIA_UAU.2[2] X X
FIA_UAU.1[1] X
FIA_UAU.2[3] X
FIA_UAU.2[4] X
FIA_UAU.1[2] XFIA_UAU.6 X X X X X
FIA_UAU.7 X X X X X X
FIA_UID.2[1] X
FIA_UID.2[2] X X
FIA_UID.2[3] X
FIA_UID.2[4] X
FIA_UID.2[5] X
FIA_UID.2[6] X
FIA_UID.2[7] X
FIA_USB.1 X X X X X
FMT_MOF.1[1] X
FMT_MOF.1[2] X X X
FMT_MOF.1[3] X XFMT_MSA.1[1] X X
FMT_MSA.1[2] X X
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 68/112
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 69/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
69 / 112
uer i3entification an3 authentication
8(ecear reIuire<ent for i3entification an3 authentication of the uer9
)t i3entifie an3 authenticate that the uer who accee i a #er<itte3 uer b )AU):2 L
an3 )AUAU1 L1
)AUAUR return DKD for each entere3 character a fee3bac; #rotecte3 b the #anel an3
u##ort the authentication
)n the cae of the failure authentication fro< the #anel. )AA*1 L7 refue all in#ut
acce#tance fro< the #anel for 5 econ3 in eer failure When the authentication failure
reache 1- ti<e. )AA*1 LF loc; the authentication function for that uer fro< then on
!hi loc; tatu i releae3 b the a3<initratorJ releae o#eration
M!M'1 L2 #er<it onl the a3<initrator the election of the uer authentication
<etho3 which are DMachine authenticationD an3 D,@ternal erer authenticationD
M!M!:1 L #er<it onl the a3<initrator the ettin" $<o3ification% of the threhol3 of
the Authentication failure freIuenc which i the trial freIuenc of the failure authentication
in the uer authentication
)AS'S1 L5 ecure the Iualit erification of the eion infor<ation ue3 in the uer
authentication ia the networ;. an3 )AS'S2 ecure the Iualit of the eion infor<ation
which i "enerate3 an3 ue3
8(ecear reIuire<ent for <ana"in" eion of uer who i i3entifie3 an3 authenticate39
!he 3uration of eion of the uer who i i3entifie3 an3 authenticate3 contribute to re3uce
the chance of attac;in" aociate3 with unnecear eion connection. b en3in" the eion
after the #anel auto<atic lo"off ti<e ela#e with !ASS* when it lo" in fro< the #anel
!he chan"e in the #anel auto lo"off ti<e i li<ite3 to the a3<initrator b M!M!:1 L
8(ecear reIuire<ent for <ana"in" the i3entification an3 authentication infor<ation of the
uer9
When Dthe <achine authenticationD i choen in a <etho3 of the uer authentication b
M!M!:1 L1. the initial re"itration of a uer #awor3 in the uerJ re"itration i
#er<itte3 onl b the a3<initrator
When Dthe <achine authenticationD ha been electe3 in the <etho3 of the uer authentication.
the re"itration of the uer ):. #aue an3 reu<#tion of ue in the uer re"itration i
#er<itte3 to the a3<initrator b M!M!:1 L10 an3 M!M!:1 L1 When the De@ternal
erer authenticationD $ha been electe3 in the uer authentication <etho3. the uer who iauthenticate3 the i3entification i #er<itte3 fro< an e@ternal erer an3 re"itere3
auto<aticall b thi reIuire<ent $!hi corre#on3 to the uer ): re"itration of the
De@ternal ererD% At thi re"itration. the e@ternal erer accein" !', i i3entifie3 the
e@ternal erer re"itere3 b )AU):2 LR !hi <ana"e<ent behaior i <aintaine3 a the
role of the e@ternal erer b M!SM1 L5 )n a33ition. the re"itration function of uer ):
i #ecifie3 for the a3<initration function b M!SM1
!he re"itration an3 chan"e o#eration of an e@ternal erer ettin" i li<ite3 to onl the
a3<initrator b M!M!:1 L an3 M!M!:1 L11
!he Iualit of the uer #awor3 i erifie3 b )AS'S1 L When D<achine authenticationDi electe3 in the <etho3 of the uer authentication. a chan"e of the uer #awor3 i li<ite3 to
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 70/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
70 / 112
the uer itelf an3 the a3<initrator b M!M!:1 L2 )n a33ition. when a uer chan"e
hi/her own uer #awor3. the uer i re-authenticate3 b )AUAU6
8(ecear reIuire<ent to ;ee# the a3<initrator ecure9
refer to eta3<in
8(ecear reIuire<ent to ;ee# the erice en"ineer ecure9
refer to eterice
8ole an3 <ana"e<ent function for each <ana"e<ent9
!he role to 3o thee <ana"e<ent i <aintaine3 a a a3<initrator b M!SM1 L2 an3 a
uer b M!SM1 L Moreoer. thee <ana"e<ent function are #ecifie3 b M!SM1
!hi ecurit obHectie i atifie3 b the co<#letion of thee <ulti#le functional reIuire<ent
'B)4A!,'B)4A!,'B)4A!,'B)4A!,----+'+'+'+' $#eronal$#eronal$#eronal$#eronal ueruerueruer bo@bo@bo@bo@ acceacceacceacce control%control%control%control%
!hi ecurit obHectie li<it acce to the #eronal uer bo@ an3 the uer bo@ file in the
#eronal uer bo@ to onl the uer who own that uer bo@. an3 nee3 ariou reIuire<ent
that relate to the acce control
8Uer bo@ acce control $a #eronal uer bo@%9
After the uer ha been i3entifie3 an3 authenticate3. the uer ): i aociate3 with the ta;
of actin" a ue b )AA!:1 an3 )AUS+1 + :BACC1 L1 an3 :BAC1 L1. the
ta; of actin" the uer ha a uer ):. an3 i #er<itte3 to 3i#la the lit of the uer bo@ with a
corre#on3in" uer attribute )n a33ition. after the uer bo@ ha been electe3. when the uer
bo@ ): i aociate3 with the ta; of actin" a ue b )AA!:1 an3 )AUS+1. the
o#eration uch a a #rint. a 3ownloa3. tran<iion. a <oe<ent. an3 a co# i #er<itte3 to
the uer bo@ file that ha a corre#on3in" obHect attribute to uer ): an3 uer bo@ ): of the
ubHect attribute
8Mana"e<ent of a #eronal uer bo@9
M!MSA1 L1 #er<it to the uer an3 the a3<initrator the chan"e o#eration of the uer
attribute of the uer bo@ where the uer ): i et
A for the re"itration of the uer bo@. #ublic i a##ointe3 to the uer attribute of the uer bo@
b M!MSA L1. an3 it i #er<itte3 onl to the uer an3 a3<initrator to "ie the initialalue to chan"e the #ublic attribute )n a33ition. when the Hob to tore the non-re"itere3 uer
bo@ into the uer bo@ a##ointe3 i e@ecute3 3ue to the a<e reIuire<ent. a uer ): of the uer
who e@ecute a Hob concerne3 i a##ointe3 auto<aticall
A for the uer bo@ attribute of the uer bo@ file. the alue conitent with the uer bo@
attribute of the uer bo@ which wa electe3 a the file ae3 i et u# b M!MSA L
8(ecear reIuire<ent to ;ee# the a3<initrator ecure9
refer to eta3<in
8(ecear reIuire<ent to ;ee# the erice en"ineer ecure9 refer to eterice
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 71/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
71 / 112
8ole an3 controllin" function for each <ana"e<ent9
A the role of 3oin" thee <ana"e<ent. M!SM1 L2 <aintain an a3<initrator an3
M!SM1 L <aintain a uer #er<itte3 the ue of the uer bo@ M!SM1 #ecifie
thee <ana"e<ent function
!hi ecurit obHectie i atifie3 b the co<#letion of thee <ulti#le functional
reIuire<ent
'BU+*)C'BU+*)C'BU+*)C'BU+*)C----+' $a #ublic+' $a #ublic+' $a #ublic+' $a #ublic ueruerueruer bo@ acce control%bo@ acce control%bo@ acce control%bo@ acce control%
!hi ecurit obHectie #er<it the in#ection of the #ublic uer bo@ to all uer. an3 li<it
the ettin" of the #ublic uer bo@ an3 the o#eration of the uer function of the uer bo@ file in
the #ublic uer bo@ onl to the uer who #er<itte3 the utilization of that #ublic uer bo@ An3
it nee3 the ariou reIuire<ent re"ar3in" acce control
8Uer bo@ acce control $a #ublic uer bo@%9
After the uer ha been i3entifie3 an3 authenticate3. the uer ): i aociate3 with the ta;
of actin" a ue b )AA!:1 an3 )AUS+1 :BACC1 L1 an3 :BAC1 L1 #er<it
the lit 3i#la o#eration to the uer bo@ where #ublic i et on the uer attribute to the ta;
of actin" the uer who ha uer ):
)t i reIuire3 to be a uer who i #er<itte3 the ue of the uer bo@ to o#erate the uer bo@ file
in the #ublic uer bo@ )AU):2 L5 an3 )AUAU2 LF i3entifie an3 authenticate that it
i a uer who i #er<itte3 the ue of the uer bo@
)AUAUR return DKD for each entere3 character a fee3bac; #rotecte3 b the #anel an3
u##ort the authentication
)n the cae of the failure authentication fro< the #anel. )AA*1 L7 refue all in#ut
acce#tance fro< the #anel for 5 econ3 in eer failure When the authentication failure
reache 1- ti<e. )AA*1 L6 loc; the authentication function for that uer fro< then on
!hi loc; tatu i releae3 b the a3<initratorJ releae o#eration
M!M!:1 L #er<it onl to the a3<initrator the etu# of the threhol3 of the
unauthorize3 acce 3etection alue that i the trial freIuenc of the failure authentication in
the authentication of the uer who i #er<itte3 the ue of the uer bo@
When )AA!:1 an3 )AUS+1 relate a uer bo@ ): to the ta; of actin" ue. :BACC1
L1 an3 :BAC1 L1 #er<it the uer bo@ file that ha a corre#on3in" obHect attribute to
the uer bo@ ): of the ubHect attribute an3 i et #ublic to the uer attribute of uer bo@. theo#eration uch a a #rint. a 3ownloa3. tran<iion. a <oe<ent. an3 a co#
)AS'S1 L5 ecure the Iualit erification of the eion infor<ation ue3 in the uer bo@
authentication ia the networ;. an3 )AS'S2 ecure the Iualit of the eion infor<ation
which i "enerate3 an3 ue3
8Mana"e<ent of a #ublic uer bo@9
M!MSA1 L2 #er<it the uer who i #er<itte3 the ue of the uer bo@ an3 the
a3<initrator to o#erate the chan"e of the uer attribute of ue bo@ which DBublicD i et
M!M!:1 LF #er<it the chan"e in the uer bo@ #awor3 onl to the a3<initrator an3
the uer who i #er<itte3 to the ue of the uer bo@ )AS'S1 L1 erifie the Iualit of theuer bo@ #awor3 )f a uer #er<itte3 to ue a #ublic uer bo@ chan"e the uer bo@ #awor3
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 72/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
72 / 112
of the #ublic uer bo@. )AUAU6 re-authenticate the uer
A for the uer bo@ re"itration. M!MSA L1 #ecifie the #ublic to the uer attribute of
the uer bo@. an3 #er<it onl the uer an3 a3<initrator to "ie the initial alue to chan"e
the uer attribute M!M!:1 L5 #er<it the re"itration of the uer bo@ #awor3 onl to
the uer or the a3<initrator or the uer bo@ attribute of the uer bo@ file. the uer bo@
attribute alue of the electe3 uer bo@ a tora"e i et b M!MSA L
8(ecear reIuire<ent to ;ee# the a3<initrator ecure9
refer to eta3<in
8(ecear reIuire<ent to ;ee# the erice en"ineer ecure9
refer to eterice
8ole an3 controllin" function for each <ana"e<ent9
A the role of 3oin" thee <ana"e<ent. M!SM1L2 <aintain an a3<initrator an3
M!SM1LF <aintain a uer #er<itte3 the ue of the uer bo@ M!SM1 #ecifie
thee <ana"e<ent function
!hi ecurit obHectie i atifie3 b the co<#letion of thee <ulti#le functional
reIuire<ent
'G'UB'G'UB'G'UB'G'UB----+'+'+'+' $Grou#$Grou#$Grou#$Grou# ueruerueruer bo@bo@bo@bo@ acceacceacceacce controlcontrolcontrolcontrol%%%%
!hi ecurit obHectie #er<it the brower of the "rou# uer bo@ onl to the uer who i
#er<itte3 the ue of the account )t alo li<it the et of the "rou# uer bo@ which i not a
#aue tatu of ue an3 the o#eration of the uer function of the uer bo@ file in the "rou#
uer bo@ onl to the uer who i #er<itte3 the ue of the "rou# uer bo@. an3 reIuire ariou
reIuire<ent that relate to the acce control
8Uer bo@ acce control $a "rou# uer bo@%9
After the uer ha been i3entifie3 an3 authenticate3. the uer ): i aociate3 with the ta;
of actin" a ue b )AA!:1 an3 )AUS+1 An3 after the account ha been authenticate3.
the account ): i aociate3 with the ta; of actin" a ue b )AA!:1 an3 )AUS+1
:BACC1L1 an3 :BAC1L1 #er<it a ta; to act for the uer to o#erate the lit to the
uer bo@ $"rou# uer bo@% where the uer attribute corre#on3e3 with the Account (a<e
$account ):% in the ecurit attribute of the ubHect i et)t i reIuire3 to be a uer who i #er<itte3 the ue of the "rou# uer bo@ to o#erate the uer
bo@ file in the "rou# uer bo@ which i not a #aue tatu of ue When the Account
authentication <etho3 i Dthe <etho3 not nchronize3D. )AU):2 L6 an3 )AUAU1 L2
i3entifie an3 authenticate that it i a uer who i #er<itte3 the ue of the "rou# uer bo@
When the account authentication <etho3 i Dnchronize3 <etho3D an3 the Account that uer
belon" to i not re"itere3. )AU):2 L6 an3 )AUAU1 L2 i3entifie an3 authenticate
that it i a uer who i #er<itte3 the ue of the account
)AUAUR return DKD for each entere3 character a fee3bac; #rotecte3 b the #anel an3
u##ort the authentication
)n the cae of the failure authentication fro< the #anel. )AA*1 L7 refue all in#utacce#tance fro< the #anel for 5 econ3 in eer failure When the authentication failure
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 73/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
73 / 112
reache 1- ti<e. )AA*1 LR loc; the authentication function for that account fro< then
on !hi loc; tatu i releae3 b the a3<initratorJ releae o#eration
M!M!:1 L #er<it onl the a3<initrator the etu# of the threhol3 of the
unauthorize3 acce 3etection alue that i the trial freIuenc of the failure authentication in
the authentication of the uer who i #er<itte3 the ue of the "rou# uer bo@
When )AA!:1 an3 )AUS+1 relate to the uer bo@ ): un3er the ta; to act for uer.
:BACC1L1 an3 :BAC1L1 #er<it the uer bo@ file that ha a corre#on3in" obHect
attribute to the account ): an3 the uer bo@ ): of the ubHect attribute the o#eration uch a
#rint. 3ownloa3. tran<iion. <oe<ent an3 co#
8(ecear reIuire<ent to <ana"e the "rou# uer bo@9
M!MAS1 L #er<it the <o3ification o#eration of the uer attribute of the uer bo@ that
i et Daccount ):D to the uer who i #er<itte3 the acce to the "rou# uer bo@ an3 the
a3<initrator
or the uer bo@ attribute of the uer bo@ file. the uer bo@ attribute alue of the electe3 uer
bo@ a tora"e i et b M!MSA L
8(ecear reIuire<ent to <ana"e the ubHect attribute relate3 with the "rou# uer bo@9
M!M!:1L11 an3 M!M!:1L1 retrict the re"itration. #aue of ue an3 reu<#tion
of ue of the account ): an3 account #awor3 onl to the a3<initrator Alo. M!M!:1
L retrict the <o3ification of the account ): an3 account #awor3 onl to the
a3<initrator M!M!:1 L12 retrict the re"itration of the belon"in" account ai"ne3
to the uer. to the a3<initrator an3 to the uer who i #er<itte3 the ue of the account
)AS'S1 L1 erifie the Iualit of the account #awor3
8Mana"e<ent of the account authentication <etho39
M!M'1 L retrict the behaior <ana"e<ent of the account authentication function
an3 the to# o#eration <ana"e<ent onl to the a3<initrator
8(ecear reIuire<ent to ;ee# the a3<initrator ecure9
refer to eta3<in
8(ecear reIuire<ent to ;ee# the erice en"ineer ecure9
refer to eterice
8ole an3 controllin" function for each <ana"e<ent9
A the role of 3oin" thee <ana"e<ent. M!SM1 L2 <aintain an a3<initrator an3
M!SM1 L6 <aintain a uer #er<itte3 the ue of the "rou# uer bo@ M!SM1
#ecifie thee <ana"e<ent function
!hi ecurit obHectie i atifie3 b the co<#letion of thee <ulti#le functional
reIuire<ent
'S,CU,'S,CU,'S,CU,'S,CU,----B)(!B)(!B)(!B)(! $$$$Acce control Acce control Acce control Acce control of of of of ecureecureecureecure #rint file#rint file#rint file#rint file an3an3an3an3 ): N #rint): N #rint): N #rint): N #rint filefilefilefile%%%%
!hee ecurit obHectie e@#lain the #olic for the ecure #rint fileirt. for ecure #rint file. thi ecurit obHectie li<it the #rint of the ecure #rint file onl
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 74/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
74 / 112
for the uer. who i #er<itte3 the ue of the ecure #rint file. an3 reIuire ariou
reIuire<ent that relate to the acce control
8Secure #rint file acce control9
After the uer ha been i3entifie3 an3 authenticate3. the uer ): i aociate3 with the ta;
of actin" a ue b )AA!:1 an3 )AUS+1 :BACC1 L2 an3 :BAC1 L2 #er<it
the lit 3i#la o#eration of eer ecure #rint file to the ta; of actin" the uer who ha uer
):
A it <ut be a uer who i #er<itte3 the ue of the ecure #rint file to #rint it. )AU):2 LF
an3 )AUAU2 L i3entifie an3 authenticate that it i a uer who i #er<itte3 the ue of
the ecure #rint file
)AUAUR return DKD for each entere3 character a fee3bac; #rotecte3 b the #anel an3
u##ort the authentication
)AA*1 L7 refue all in#ut acce#tance fro< the #anel for 5 econ3 in eer failure
When the authentication failure reache 1- ti<e. )AA*1 L5 loc; the authentication
function for the concerne3 ecure #rint file !hi loc; tatu i releae3 b the a3<initratorJ
releae o#eration
M!M!:1 L #er<it onl to the a3<initrator the etu# of the threhol3 of the
authentication failure freIuenc that i the trial freIuenc of the failure authentication in
the authentication of the uer who i #er<itte3 the ue of the ecure #rint file
When )AA!:1 an3 )AUS+1 relate the ecure #rint internal control ): to the ta; of
actin" ue. :BACC1 L2 an3 :BAC1 L2 #er<it the #rint o#eration to the ecure #rint
file that ha a corre#on3in" obHect attribute to the ecure #rint internal control ): of the
ubHect attribute
A for ecure #rint internal control ):. M!MSA L2 "ie the alue uniIuel i3entifie3
when the ecure #rint file i tore3
8Secure #rint #awor39
M!M!:1 L7 #er<it onl to the uer the re"itration of the ecure #rint #awor3 ue3
for the authentication )AS'S1 L1 erifie the Iualit of the ecure #rint #awor3
(e@t. for ): N #rint file. thi ecurit obHectie li<it the #rint of the ): N #rint file onl for
the uer who tore3 that file. o that ariou reIuire<ent re"ar3in" acce control are
necear
8): N #rint file acce control9
:BACC1LF an3 :BAC1LF #er<it the ta; ubtitutin" for a uer with a uer ): to
lit an3 #rint the ): N #rint file with the uer attribute conitent with the uer ):
or the uer attribute et in the ): N #rint file. the uer ): of the uer who tore the file
when the file i tore3 i et b M!MSA LF
8'#eration <ana"e<ent of the ): N #rint function9
Mana"e<ent of thi o#eration <o3e i li<ite3 onl to the a3<initrator b M!M'1 L2
8(ecear reIuire<ent to ;ee# the a3<initrator ecure9 refer to eta3<in
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 75/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
75 / 112
8(ecear reIuire<ent to ;ee# the erice en"ineer ecure9
refer to eterice
8ole an3 controllin" function for each <ana"e<ent9
A the role of 3oin" thee <ana"e<ent. M!SM1 L2 <aintain an a3<initrator an3
M!SM1 L <aintain a uer Moreoer. M!SM1 #ecifie thee <ana"e<ent
function
!hi ecurit obHectie i atifie3 b the co<#letion of thee <ulti#le functional
reIuire<ent
'C'()G'C'()G'C'()G'C'()G $$$$Acce Acce Acce Acce li<itationli<itationli<itationli<itation totototo anananan <ana"e<ent<ana"e<ent<ana"e<ent<ana"e<ent functionfunctionfunctionfunction%%%%
!hi ecurit obHectie li<it the ettin" relate3 to the SM!B erer. the ettin" relate3 to the
:(S erer. the ettin" relate3 to the ,nhance3 Securit function. the bac;u# function. an3
the retoration function to the a3<initrator. an3 nee3 ariou reIuire<ent to li<it the
acce to a erie of ettin" function an3 the <ana"e<ent function
8Mana"e<ent of networ; ettin"9
When the a3<initrator attribute i aociate3 with the ta; of ubtitutin" the ue.
:BACC1L an3 :BAC1L #er<it the ta; of ubtitutin" the uer to o#erate the
ettin" of SM!B erer "rou# obHect. :(S erer "rou# obHect. MB a33re "rou# obHect.
BC-A rece#tion ettin" obHect. an3 tran<iion a33re 3ata obHect
8'#eration li<itation of +ac;u# an3 retoration function9
When the a3<initrator attribute i aociate3 with the ta; of actin" the ue b )AA!:1
an3 )AUS+1. the ta; of actin" the uer i #er<itte3 the bac;-u# o#eration ofO
- the uer bo@ file b :BACC1 L1 an3 :BAC1 L1
- the ecure #rint file b :BACC1 L2 an3 :BAC1 L2
- the ): N #rint file b :BACC1 LF an3 :BAC1 LF
)n a33ition. the retoration o#eration i #er<itte3 for
- SM!B erer "rou# obHect. :(S erer "rou# obHect. MB a33re "rou# obHect. BC-A
o#eration ettin" obHect. an3 tran<iion a33re 3ata obHect b :BACC1L an3
:BAC1L
Moreoer. the retoration o#eration $<o3ification o#eration% i #er<itte3 onl to thea3<initrator for the followin" 3ata
- the enhance3 ecurit ettin" 3ata b M!M'1 L1
- the o#eration ettin" 3ata of uer authentication function. encr#tion tren"th ettin" 3ata
for S/M)M, function an3 the o#eration ettin" 3ata of S(MB #awor3 authentication
function b M!M'1L2
- the !rute3 Channel ettin" 3ata. encr#tion #a#hrae an3 the o#eration ettin" 3ata of
account authentication function b M!M'1L
- the uer attribute of the uer bo@ b M!MSA1 L1. M!MSA1 L2 an3 M!MSA1 L
- the uer #awor3 b M!M!:1 L2
- the uer ):. the S(MB #awor3. the #anel auto lo"off ti<e. the authentication failurefreIuenc. the ecure #rint #awor3. the e@ternal authentication ettin" 3ata. the account
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 76/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
76 / 112
):. the account #awor3. the S/M)M, certificate. the belon"in" account of uer. releae
ti<e of o#eration #rohibition for a3<initrator authentication. !S) receiin" ettin". an3
Web:A4 erer #awor3 b M!M!:1L
- the uer bo@ #awor3 b M!M!:1 LF
M!M!:1 LR #er<it onl to the a3<initrator the bac;u# o#eration $inIuir o#eration%
of the S(MB #awor3. the uer #awor3. the uer bo@ #awor3. an3 the ecure #rint
#awor3. the account #awor3. an3 Web:A4 erer #awor3
8'#erational li<itation of ,nhance3 Securit function9
M!M'1 L1 #er<it onl the a3<initrator an3 erice en"ineer to 3iable the ettin"
for the enhance3 ecurit function
8Mana"e<ent of encr#tion #a#hrae 9
M!M!:1 L #er<it onl a3<initrator the <o3ification o#eration to the encr#tion
#a#hrae )AS'S1 LF erifie the Iualit of the encr#tion #a#hrae
8(ecear reIuire<ent for accein" M)+ obHect9
!he SM!B erer "rou# obHect. the :(S erer "rou# obHect an3 the MB a33re "rou#
obHect e@it a an M)+ obHect a well. o that the retriction i necear een in the acce
fro< the S(MB
)AU):2 L2 an3 )AUAU2 L2 i3entifie an3 authenticate that the uer who accee
the M)+ obHect i an a3<initrator
)AA*1 L loc; the authentication function to acce the M)+ obHect when the failure
authentication reache 1- ti<e !hi loc; i releae3 b the loc; releae o#eration b the
a3<initrator
M!M!:1 L retrict the threhol3 ettin" of the unauthorize3 acce 3etection alue
that i the trial freIuenc of the failure authentication in the a3<initrator authentication
uin" the S(MB #awor3 onl to the a3<initrator
M!M!:1 L retrict the chan"e of the S(MB #awor3 to the a3<initrator
)AS'S1 L2 erifie the Iualit of the S(MB #awor3
M!M'1 L2 retrict the <etho3 of the S(MB #awor3 authentication function onl
to the a3<initrator
8eIuire<ent for the counter <ana"e<ent function $acce b Web:A4%9
)AU):2 L2 an3 )AUAU2 L2 i3entif an3 authenticate that the uer accein" bWeb:A4 i an a3<initrator
M!M!:1 LR #er<it the i3entifie3 an3 authenticate3 a3<initrator to #erfor< inIuir
of uer #awor3 an3 account #awor3
)AA*1 L= loc; the a3<initrator authentication function which ue the Web:A4
erer #awor3 when the failure authentication reache 1- ti<e !hi loc; i releae3 b
the loc; releae o#eration b the a3<initrator
M!M!:1L retrict the threhol3 ettin" of the unauthorize3 acce 3etection alue
that i the trial freIuenc of the failure authentication in the a3<initrator authentication
uin" the Web:A4 erer #awor3 onl to the a3<initrator
M!M!:1 L retrict the chan"e of the Web:A4 erer #awor3 onl to thea3<initrator )AS'S1 L1 erifie the Iualit of the Web:A4 erer #awor3
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 77/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
77 / 112
8 '#erational *i<it of !rute3 Channel function ettin" 3ata9
!he behaior an3 the to# ettin" of !rute3 Channel function are #er<itte3 onl to the
a3<initrator b M!M'1 L
8'#erational *i<it for S/M)M, function9
!he re"itration of the S/M)M, certificate i #er<itte3 onl to the a3<initrator b
M!M!:1 L11 !he <o3ification of the re"itere3 S/M)M, certificate i #er<itte3 onl to
the a3<initrator b M!M!:1 L )n a33ition. the etu# of tran<iion a33re 3ata i
#er<itte3 onl to the a3<initrator b :BACC1 L an3 :BAC1 L !he behaior of
the S/M)M, function i #er<itte3 onl to the a3<initrator b the M!M'1 L2
8'#erational *i<it for A function9
!he re"itration of the uer bo@ to be tore3 in !S) rece#tion $!S) rece#tion ettin"% i
#er<itte3 onl to the a3<initrator b M!M!:1 L11 !he <o3ification of the re"itere3
!S) rece#tion ettin" i #er<itte3 onl to the a3<initrator b M!M!:1 L )n a33ition.
the ettin" of the area tore3 when BC-A i receie3 $BC-A rece#tion ettin"% i
#er<itte3 onl to the a3<initrator b :BACC1 L an3 :BAC1 L
8(ecear reIuire<ent to ;ee# the a3<initrator ecure9
refer to eta3<in
8(ecear reIuire<ent to ;ee# the erice en"ineer ecure9
refer to eterice
8ole an3 controllin" function for each <ana"e<ent9
A the role of 3oin" thee <ana"e<ent. M!SM1L1 <aintain a erice en"ineer an3
M!SM1L2 <aintain an a3<initrator Moreoer. M!SM1 #ecifie thee
<ana"e<ent function
!hi ecurit obHectie i atifie3 b the co<#letion of thee <ulti#le functional
reIuire<ent
''4,W)!,''4,W)!,''4,W)!,''4,W)!,----A** A** A** A** $$$$Co<#leteCo<#leteCo<#leteCo<#lete oerwriteoerwriteoerwriteoerwrite 3eletion3eletion3eletion3eletion%%%%
!hi ecurit obHectie re"ulate that it 3elete all 3ata area of :: an3 initialize theconceale3 infor<ation of (4AM that i et b the uer. an3 reIuire ariou reIuire<ent
that relate to the 3eletion
A:)B1 "uarantee that thee obHectie infor<ation not to be able to ue the content of
an #reiou infor<ation b the 3eletion o#eration
!herefore. thi ecurit obHectie i atifie3
'CYB!'CYB!'CYB!'CYB!''''----&,Y &,Y &,Y &,Y $$$$,ncr#tion,ncr#tion,ncr#tion,ncr#tion ;e;e;e;e "eneration"eneration"eneration"eneration%%%%
!hi ecurit obHectie re"ulate that the encr#tion ;e necear to encr#t all the 3ata
written in :: b AS)C i "enerate3. an3 nee3 ariou reIuire<ent that relate to the
encr#tion ;e "enerationUin" &onica Minolta :: encr#tion ;e "eneration al"ori< accor3in" to the &onica
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 78/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
78 / 112
Minolta encr#tion #ecification tan3ar3. CSC&M1 "enerate an encr#tion ;e 127 bit
lon" )n a33ition. the encr#tion ;e i "enerate3 on AM that i a olatilit <e<or with
the #ower u##l '( an3 i 3ia##eare3 with the #ower u##l '
!hi ecurit obHectie i atifie3 b thi functional reIuire<ent
'!US!,:'!US!,:'!US!,:'!US!,:----BASSBASSBASSBASS $Ua"e$Ua"e$Ua"e$Ua"e of of of of !rute3!rute3!rute3!rute3 Channel%Channel%Channel%Channel%
!hi ecurit obHectie "enerate the !rute3 Channel in the tran<iion an3 rece#tion uch
a a uer bo@ file. a ecure #rint file. an3 an ): N #rint file. an3 the reIuire<ent that relate
with the !rute3 Channel i necear !B)!C1 "enerate the !rute3 Channel accor3in"
to the reIuire<ent fro< the other !rute3 )! #ro3uct. an3 it i a##lie3 to the tran<iion
an3 rece#tion. uch a the uer bo@ file. the ecure #rint file. an3 the ): N #rint file
!hi ecurit obHectie i atifie3 b thi functional reIuire<ent.
'CYB!''CYB!''CYB!''CYB!'----MA)*MA)*MA)*MA)* $Ua"e$Ua"e$Ua"e$Ua"e of of of of ,ncr#tion,ncr#tion,ncr#tion,ncr#tion <ail%<ail%<ail%<ail%
!hi ecurit obHectie re"ulate the encr#tion of a uer bo@ file when tran<ittin" the uer
bo@ file b e-<ail. an3 ariou reIuire<ent relate3 to the encr#tion are necear
CSC&M1 "enerate the encr#tion ;e $127. 167. 1=2 or 256 bit% b uin" Beu3oran3o<
nu<ber Generation Al"orith< accor3in" to )BS 176-2
CSC'B1 encr#t the uer bo@ file b uin" A,S $encr#tion ;e 127. 1=2 or 256 bit% of
)BS BU+ 1=R $it beco<e a tran<iion 3ata of S/M)M,% Alo. the a<e reIuire<ent
encr#t the uer bo@ file b uin" -&e-!ri#le-:,S $encr#tion ;e 167 bit% of SB700-6R
$+ the a<e to;en. it beco<e a tran<iion 3ata of S/M)M,% CSC'B1 encr#t thee
encr#tion ;e b SA of )BS 176-2 b uin" a #ublic ;e of S/M)M, certificate of each
3etination $102F. 20F7. 0R2 or F0=6 bit%
!hi ecurit obHectie i atifie3 b the co<#letion of thee #lural functional reIuire<ent
' A' A' A' A----C'(!'*C'(!'*C'(!'*C'(!'* $$$$a@ unita@ unita@ unita@ unit control%control%control%control%
!hi ecurit obHectie re"ulate to #rohibit an acce to internal networ; which the MB
concerne3 connect with. fro< #ublic line ia the a@ #ublic line #ortal
!hi <ean that co<<unication. li;e re<ote 3ia"notic function or ille"al o#eration
co<<an3. e@ce#t i<a"e 3ata which i ent fro< #ublic line networ; an3 forwar3e3 to
internal networ; ia MB i not forwar3e3 to internal networ;. an3 ariou reIuire<ent
relate3 to the flow control of a@ unit are necear
A##lin" :B)C1 an3 :B)1. the flow control not to en3 3ata. e@ce#t the i<a"e 3ata
which the rece#tion function fro< a #ublic line receie3. to internal networ; i achiee3!hi ecurit obHectie i atifie3 b thi functional reIuire<ent
''''AU!AU!AU!AU!----CCCCABA+)*)!Y ABA+)*)!Y ABA+)*)!Y ABA+)*)!Y $$$$Su##ortSu##ortSu##ortSu##ort actionactionactionaction totototo ueueueue ueruerueruer authenticationauthenticationauthenticationauthentication functionfunctionfunctionfunction%%%%
!hi ecurit obHectie re"ulate that !', u##ort the uer authentication function uin" an
uer infor<ation <ana"e<ent erer that i the entit outi3e !',. an3 nee3 ariou
reIuire<ent that re"ulate to u##ort the e@ternal entit action
A##lin" )!CAB1 L1. the inIuir an3 the acIuire<ent function for the i3entification an3
authentication obHectie uer are achiee3 for the uer authentication function b the Actie
:irector of the uer infor<ation <ana"e<ent erer
!hi ecurit obHectie i atifie3 b thi functional reIuire<ent
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 79/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
79 / 112
''''CYB!CYB!CYB!CYB!''''----CABA+)*)!Y CABA+)*)!Y CABA+)*)!Y CABA+)*)!Y $$$$Su##ortSu##ortSu##ortSu##ort actionactionactionaction totototo ueueueue thethethethe :::::::: encr#tionencr#tionencr#tionencr#tion funcfuncfuncfunctiontiontiontion%%%%
!hi ecurit obHectie re"ulate that !', u##ort the action to encr#t the 3ata tore3 in
:: b AS)C that i the entit outi3e !',. an3 nee3 ariou reIuire<ent that re"ulate
to u##ort the e@ternal entit action
A##lin" )!CAB1L2. a u##ort function to #roce all 3ata in :: throu"h the ::
encr#tion function i<#le<ente3 b AS)C i achiee3 for that :: encr#tion function
!hi ecurit obHectie i atifie3 b thi functional reIuire<ent
eta3<in eta3<in eta3<in eta3<in $$$$SetSetSetSet of of of of necearnecearnecearnecear reIuire<entreIuire<entreIuire<entreIuire<ent ttttoooo ;ee#;ee#;ee#;ee# a3<initratora3<initratora3<initratora3<initrator ecureecureecureecure%%%%
8)3entification an3 Authentication of an a3<initrator9
)AU):2 L2 an3 )AUAU2 L2 i3entifie an3 authenticate that the accein" uer i an
a3<initrator
)AUAUR return DKD for each character entere3 a fee3bac; #rotecte3 in the #anel. an3
u##ort the authentication
)AA*1 L7 refue. in cae of the failure authentication trie3 fro< the #anel. all the in#ut
recei#t fro< the #anel for fie econ3 in eer failure When the failure authentication
reache 1- ti<e. )AA*1 L2 lo"off if itJ un3er authentication. an3 loc; all the
authentication function that ue the a3<initrator #awor3 fro< then on !he releae
function i e@ecute3 b tartin" !', with turnin" ' an3 '( the #ower u##l. o that the
loc; i releae3 after the releae ti<e of o#eration #rohibition for a3<initrator
authentication #ae3
M!M!:1 L #er<it onl to the a3<initrator the ettin" of the threhol3 of the
authentication failure freIuenc which i the trial freIuenc of the failure authentication in
the a3<initrator authentication an3 chan"e of the releae ti<e of o#eration #rohibition for
a3<initrator authentication
8Mana"e<ent of eion of i3entifie3 an3 authenticate3 a3<initrator9
!he 3uration of eion of the a3<initrator who i i3entifie3 an3 authenticate3 contribute
to re3uce the chance of attac;in" aociate3 with unnecear eion connection b en3in"
the eion after the #anel auto<atic lo"off ti<e ela#e b !ASS* if it lo" in fro< the
#anel !he chan"e in the #anel auto lo"off ti<e i li<ite3 to the a3<initrator b
M!M!:1 L
8Mana"e<ent of a3<initratorJ authentication infor<ation9
)AS'S1 L1 erifie the Iualit of the a3<initrator #awor3 Moreoer. )AS'S L5erifie the Iualit of eion infor<ation ue3 to authenticate the a3<initrator ia the
networ;. an3 )AS'S2 ecure the Iualit of eion infor<ation that i "enerate3 an3
ue3 M!M!:1 L6 retrict the chan"e in the a3<initrator #awor3 to the
a3<initrator an3 the erice en"ineer When the a3<initrator chan"e the a3<initrator
#awor3. )AUAU6 re-authenticate it )n thi re-authentication. when the failure
authentication reache 1- ti<e. )AA*1 L2 lo"off it if itJ un3er authentication. an3
releae the authentication tatu of the a3<initrator fro< then on An3 it loc; all the
authentication function to ue the a3<initrator #awor3 !he releae function i e@ecute3
b tartin" !', with turnin" ' an3 '( the #ower u##l. o that the loc; i releae3 after
the releae ti<e of o#eration #rohibition for a3<initrator authentication #ae3
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 80/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
80 / 112
8ole an3 <ana"e<ent function for each <ana"e<ent9
M!SM1 L1 hae erice en"ineer <aintain the role to 3o thee <ana"e<ent. an3
M!SM1L2 hae the a3<initrator 3o the a<e A33itionall. M!SM1 #ecifie thee
<ana"e<ent function
eterice eterice eterice eterice $$$$SetSetSetSet of of of of necearnecearnecearnecear reIuire<entreIuire<entreIuire<entreIuire<ent totototo ;ee#;ee#;ee#;ee# ericeericeericeerice en"ineeren"ineeren"ineeren"ineer ecureecureecureecure%%%%
8)3entification an3 Authentication of a erice en"ineer9
)AU):2 L1 an3 )AUAU2L1 i3entifie an3 authenticate that the accein" uer i a
erice en"ineer
)AUAUR return DKD eer one character entere3 a the fee3bac; #rotecte3 in the #anel.
an3 u##ort the authentication
)AA*1L7 refue all the in#ut recei#t fro< the #anel for fie econ3 at each failure.
an3 when the failure authentication reache 1- ti<e. )AA*1L1 lo"off it if itJ un3er
authentication. an3 loc; all the authentication function to ue the C, #awor3 !he C,
authentication loc; releae function i e@ecute3 an3 the releae ti<e of o#eration #rohibition
for C, authentication ela#e. o that thi loc; tatu i releae3
M!M!:1 L #er<it onl to the a3<initrator the ettin" of the threhol3 of the
authentication failure freIuenc that i the trial freIuenc of the failure authentication in the
erice en"ineer authentication M!M!:1 L= #er<it onl to the erice en"ineer the
ettin" of the releae ti<e of o#eration #rohibition for C, authentication
8Mana"e<ent of erice en"ineerJ authentication infor<ation9
)AS'S1L1 erifie the Iualit of the C, #awor3 M!M!:1 L= retrict the chan"e in
the C, #awor3 to the erice en"ineer Moreoer. )AUAU6 re-authenticate it )n thi
re-authentication. when the failure authentication reache 1- ti<e. )AA*1L1 releae
the authentication tatu of the erice en"ineer an3 loc; all the authentication function to
ue the C, #awor3 !he C, authentication loc; releae function i e@ecute3 an3 the releae
ti<e of o#eration #rohibition for C, authentication ela#e. o that thi loc; tatu i
releae3
8ole an3 <ana"e<ent function for each <ana"e<ent9
M!SM1 L1 <aintain the role to 3o thee <ana"e<ent a a erice en"ineer
M!SM1 #ecifie thee <ana"e<ent function
621621621621 :e#en3encie of )! Securit unctional eIuire<ent
!he 3e#en3encie of the )! ecurit functional reIuire<ent co<#onent are hown in the
followin" table When a 3e#en3enc re"ulate3 in CC Bart 2 i not atifie3. the reaon i
#roi3e3 in the ection for the D:e#en3encie elation in thi S!D
!able!able!able!able 10101010 :e#en3encie:e#en3encie:e#en3encie:e#en3encie of of of of )!)!)!)! SecuritSecuritSecuritSecurit unctionalunctionalunctionalunctional eIuire<enteIuire<enteIuire<enteIuire<ent Co<#onentCo<#onentCo<#onentCo<#onent
(/A (ot A##licable
unctional
eIuire<entCo<#onent for
thi S!
:e#en3encie on CC Bart 2 :e#en3encie elation in thi S!
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 81/112
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 82/112
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 83/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
83 / 112
unctional
eIuire<ent
Co<#onent for
thi S!
:e#en3encie on CC Bart 2 :e#en3encie elation in thi S!
)AU):2L5 (one (/A
)AU):2L6 (one (/A
)AU):2LR (one (/A
)AUS+1 )AA!:1 )AA!:1
M!M'1L1M!SM1.
M!SM1
M!SM1.
M!SM1L1. M!SM1L2
M!M'1L2M!SM1.
M!SM1
M!SM1.
M!SM1L2
M!M'1LM!SM1.
M!SM1
M!SM1.
M!SM1L2
M!MSA1L1
:BACC1 or :B)C1.
M!SM1.
M!SM1
:BACC1L1.
M!SM1.
M!SM1L2. M!SM1L
M!MSA1L2:BACC1 or :B)C1.M!SM1.
M!SM1
:BACC1L1.M!SM1.
M!SM1L2. M!SM1LF
M!MSA1L
:BACC1 or :B)C1.
M!SM1.
M!SM1
:BACC1L1.
M!SM1.
M!SM1L2. M!SM1L6
M!MSAL1M!MSA1.
M!SM1
M!MSA1L1. M!MSA1L2.
M!SM1L
M!MSAL2
M!MSA1.
M!SM1(either i a##licable
8!he reaon not to a##l M!MSA19
!hi i the internal control ): that i i3entifie3
uniIuel. an3 thi 3oe not reIuire the <ana"e<ent
uch a chan"e or 3eletion. after thi i ai"ne3 once
8M!SM19
!he ai"n<ent of M!MSA2L2 i not a##licable
M!SM1 i the 3e#en3enc that i et relatin" to
the followin" an3 o there i no neceit of
a##lication
M!MSAL
M!MSA1.
M!SM1
(either i a##licable
8!he reaon not to a##l M!MSA19
!he uer bo@ attribute of a uer bo@ file alwa nee3
to corre#on3 with the uer bo@ !herefore. the alue
onl ha to be "ien at the ti<e of tora"e )t i not
necear to chan"e the alue of thi attribute at the
ti<e of other o#erational ti<in" Accor3in"l. the
<ana"e<ent reIuire<ent i unnecear
8M!SM19
!he ai"n<ent of M!MSA2L i not a##licable
M!SM1 i the 3e#en3enc that i et relatin" to
the followin" an3 o there i no neceit of
a##lication
M!MSALF
M!MSA1.
M!SM1
(either i a##licable
8!he reaon not to a##l M!MSA19)t i the conce#t of ): N #rint that the obHect i a #rint
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 84/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
84 / 112
unctional
eIuire<ent
Co<#onent for
thi S!
:e#en3encie on CC Bart 2 :e#en3encie elation in thi S!
obHect to which onl the #eron who tore3 it can
acce. o it i not au<e3 that the obHect i
tranferre3 to an other uer ConeIuentl. it i notnecear to chan"e the alue of the attribute when
the uer #erfor< o#eration other than tore. o that
the <ana"e<ent reIuire<ent i unnecear
8M!SM19
!he ai"n<ent of M!MSA2LF i not a##licable
M!SM1 i the 3e#en3enc that i et relatin" to
the followin" an3 o there i no neceit of
a##lication
M!M!:1L1M!SM1.
M!SM1
M!SM1.
M!SM1L2
M!M!:1L2M!SM1.
M!SM1
M!SM1.
M!SM1L2 . M!SM1L
M!M!:1LM!SM1.
M!SM1
M!SM1.
M!SM1L2
M!M!:1LFM!SM1.
M!SM1
M!SM1.
M!SM1L2. M!SM1LF
M!M!:1L5M!SM1.
M!SM1
M!SM1.
M!SM1L2. M!SM1L
M!M!:1L6M!SM1.
M!SM1
M!SM1.
M!SM1L1. M!SM1L2
M!M!:1LRM!SM1.
M!SM1
M!SM1.
M!SM1L2
M!M!:1L7M!SM1.
M!SM1
M!SM1.
M!SM1L
M!M!:1L=M!SM1.
M!SM1
M!SM1
M!SM1L1
M!M!:1L10M!SM1
M!SM1
M!SM1
M!SM1L2. M!SM1L5
M!M!:1L11M!SM1
M!SM1
M!SM1
M!SM1L2
M!M!:1L12
M!SM1
M!SM1
M!SM1
M!SM1L2
M!SM1L6
M!M!:1L1M!SM1
M!SM1
M!SM1
M!SM1L2
M!SM1 (one (/A
M!SM1L1 )AU):1 )AU):2L1
M!SM1L2 )AU):1 )AU):2L2
M!SM1L )AU):1 )AU):2L
M!SM1LF )AU):1 )AU):2L5
M!SM1L5 )AU):1 )AU):2LR
M!SM1L6 )AU):1 )AU):2L6
!ASS* (one (/A
!B)!C1 (one (/A
A:)B1 (one (/A
)!CAB1L1 (one (/A
)!CAB1L2 (one (/A
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 85/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
85 / 112
622622622622 ationale for )! Securit Aurance eIuire<ent
!hi !', i intalle3 an3 ue3 in an eniron<ent where a3eIuate ecurit i <aintaine3 in
ter< of the #hical. #eronnel. an3 connectiit (onethele. a3eIuate effectiene in the
eniron<ent where the !', i ue3 <ut be aure3 A a "eneral co<<ercial office #ro3uct.
the e@ecution of tet bae3 on function #ecification an3 !', 3ei"n. an3 anali of the
tren"th of function an3 a earch for ulnerabilitie are reIuire3 )n a33ition. it i 3eirable that
it ha a 3eelo#<ent eniron<ent control. a confi"uration <ana"e<ent for the !', an3 a
ecure 3itribution #roce3ure An3 therefore the election of ,A*. which #roi3e an a3eIuate
aurance leel. i reaonable
!he ecure reIuire<ent 3e#en3enc anali i au<e3 to be a##ro#riate becaue the
#ac;a"e ,A* ha been electe3. therefore 3etail are not 3icue3
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 86/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
86 / 112
RRRR !', Su<<ar S#ecification
!he lit of the !', ecurit function le3 fro< the !', ecurit function reIuire<ent i hown
in !able 11 below !he 3etaile3 #ecification i e@#laine3 in the #ara"ra#h 3ecribe3 below
!able!able!able!able 11111111 (a<e an3 )3entifier(a<e an3 )3entifier(a<e an3 )3entifier(a<e an3 )3entifier of of of of !',!',!',!', SecuritSecuritSecuritSecurit unctionunctionunctionunction
(o !', Securit unction
1 A:M)( A3<initrator function
2 A:M)(-S(MB S(MB a3<initrator function
S,4)C, Serice <o3e function
F US, Uer function
5 +' Uer bo@ function
6 B)(! Secure #rint function. ): N #rint function
R '4,W)!,-A** All area oerwrite 3eletion function7 CYB! ,ncr#tion ;e "eneration function
= ,S,! Authentication ailure reIuenc eet function
10 !US!,:-BASS !rute3 Channel function
11 S/M)M, S/M)M, encr#tion #rocein" function
12 A-C'(!'* a@ unit control function
1 SUBB'!-AU! ,@ternal Serer authentication o#eration u##ort function
1F SUBB'!-CYB!' AS)C u##ort function
15 A:M)(-Web:A4 A3<initrator function $Counter <ana"e<ent function%
R1R1R1R1 A:M)( $A3<initrator unction%
A:M)( i a erie of ecurit function that a3<initrator o#erate. uch a an a3<initrator
i3entification authentication function in an a3<initrator <o3e accein" fro< a #anel or
throu"h a networ;. an3 a ecurit <ana"e<ent function that inclu3e a chan"e of an
a3<initrator #awor3 an3 a loc; cancellation of a loc;e3 uer bo@ $(eerthele. all function
are not feaible function throu"h both a #anel an3 a networ;%
R11R11R11R11 A3<initrator )3entification Authentication unction
)t i3entifie an3 authenticate the accein" uer a the a3<initrator in re#one to the
acce reIuet to the a3<initrator <o3e
Broi3e the a3<initrator authentication <echani< authenticatin" b the a3<initrator
#awor3 that conit of the character hown in !able 12
Broi3e the a3<initrator authentication <echani< uin" the eion infor<ation
bei3e the a3<initrator #awor3. after the a3<initrator i authenticate3 to the acce
fro< the networ;.
Accor3in" to #rotocol. ue the eion infor<ation of <ore than 1010. or "enerate an3 ue
the eion infor<ation <ore than 1010
eturn DKD for each character a fee3bac; for the entere3 a3<initrator #awor3
eet the nu<ber of authentication failure when uccee3in" in the authentication
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 87/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
87 / 112
)n the cae of acce fro< a #anel. it 3oenJt acce#t the in#ut fro< a #anel for fie econ3
when failin" in the authentication
*oc; all the authentication function to ue the a3<initrator #awor3 when 3etectin" the
authentication failure that beco<e 1- ti<e at total in each authentication function b
uin" the a3<initrator #awor3 $efue the acce to the a3<initrator <o3e%
!he a3<initrator #ecifie the failure freIuenc threhol3 b the unauthorize3 acce
3etecte3 threhol3 ettin" function
,S,! wor; an3 the loc; of authentication function i releae3
A 3ecribe3 aboe. )AA*1L2. )AA*1L7. )AS'S1L5. )AS'S2 )AUAU2L2.
)AUAUR an3 )AU):2L2 are realize3
!able!able!able!able 12121212 CCCCharacterharacterharacterharacter an3an3an3an3 ((((u<beru<beru<beru<ber of of of of ::::i"iti"iti"iti"it forforforfor BBBBawor3awor3awor3awor3 13
'bHectie (u<ber
of 3i"it
Character
C, Bawor3
A3<initrator Bawor3
Account Bawor3
Uer +o@ Bawor3
Secure Brint Bawor3
Web:A4 Serer Bawor3
7 Selectable fro< = or <ore character in total
$Al#habet. nu<eric. an3 <bol $So<e are not inclu3e3%
,ncr#tion #a#hrae 20 Selectable fro< 7 or <ore character in total
$Al#habet. nu<eric. an3 <bol $So<e are not inclu3e3%
Uer Bawor3 7 or <ore Selectable fro< 177 or <ore character in total
$Al#habet. nu<eric. <bol $So<e are not inclu3e3%. an3
#ecial character $So<e are not inclu3e3%
S(MB Bawor3
- Briac Bawor3
- Authentication Bawor3
7 or <ore Selectable fro< =0 or <ore character in total
$Al#habet. nu<eric. an3 <bol $So<e are not inclu3e3%
R12R12R12R12 Auto *o"off unction of A3<initrator Mo3e
While accein" an a3<initrator <o3e fro< a #anel. if not acce#tin" an o#eration 3urin" the
#anel auto<atic lo"off ti<e. it lo" off the a3<initrator <o3e auto<aticall
A 3ecribe3 aboe. )ASS* i realize3
R1R1R1R1 unction Su##orte3 in A3<initrator Mo3e
When a uer i i3entifie3 an3 authenticate3 a an a3<initrator b the a3<initrator
i3entification authentication function at the accein" reIuet to the a3<initrator <o3e. the
a3<initrator attribute i aociate3 with the ta; ubtitutin" the uer An3 the followin"
o#eration an3 the ue of the function are #er<itte3
A 3ecribe3 aboe. )AA!:1 an3 )AUS+1 are realize3
13 !able 12 how the <ini<u< #awor3 #ace a the ecurit #ecification !herefore. althou"h o<e e@clu3e3character are hown 3e#en3in" on the #awor3 t#e. the e@clu3e3 character are #er<itte3 to ue if #oible
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 88/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
88 / 112
R11R11R11R11 Chan"e of A3<initrator Bawor3
When a uer i re-authenticate3 a an a3<initrator b the #anel an3 the new #awor3
atifie the Iualit. the #awor3 i chan"e3
Broi3e the a3<initrator authentication <echani< that i authenticate3 b the
a3<initrator #awor3 which conit of the character hown in !able 12
eet the nu<ber of authentication failure when uccee3in" in the re-authentication
eturn DKD for each character a fee3bac; for the entere3 a3<initrator #awor3 in the
re-authentication
When the authentication failure that beco<e 1- ti<e at total in each authentication
function b uin" the a3<initrator #awor3 i 3etecte3. it lo"off the a3<initrator <o3e
accein" fro< the #anel. an3 loc; all the authentication function to ue the a3<initrator
#awor3 $!he acce to the a3<initrator <o3e i refue3%
!he a3<initrator #ecifie the failure freIuenc threhol3 b the unauthorize3 acce
3etection threhol3 ettin" function
,S,! wor;. o that the loc; of the authentication function i releae3
4erif the new a3<initrator #awor3 if the followin" Iualitie are atifie3
)t i co<#oe3 of the character an3 b the nu<ber of 3i"it hown in the a3<initrator
#awor3 of !able 12
)t hall not be co<#oe3 of one ;in3 of character
)t 3oenJt <atch with the current alue
A 3ecribe3 aboe. )AA*1L2. )AS'S1L1. )AUAU6. )AUAUR. M!M!:1L6.
M!SM1 an3 M!SM1L2 are realize3
R12R12R12R12 Uer Setu#
Uer e"itration $'nl the uer who ue with the <achine authentication a Uer
authentication <etho3%
Uer i re"itere3 b ettin" the uer ): $!hou"h uer ): i co<#oe3 of the uer na<e an3
the authentication erer infor<ation1F. onl uer na<e i re"itere3 in cae of the <achine
authentication% an3 re"iterin" the uer #awor3 )t erifie whether the uer #awor3
newl et hae been atifie3 the followin" Iualitie
)t i co<#oe3 of the character an3 b the nu<ber of 3i"it. hown in the uer #awor3of the !able 12
)t hall not be co<#oe3 of one ;in3 of character
While the e@ternal erer authentication i effectie. the uer #awor3 cannot be re"itere3
Alo re"iter the belon"in" account $account ):%. an3 relate $!he account ettin" i
necear beforehan3%
Chan"e of uer #awor3 $'nl the uer who ue with the <achine authentication a Uer
14 )t aociate with the e@ternal erer authentication ettin" 3ata that i et in the cae of the ue of thee@ternal erer $onl Actie :irectl <etho3 i a##licable% a the <etho3 of the uer authentication function+ecaue it 3eal when there are #lural uer infor<ation <ana"e<ent erer. there i a cae in which #lural etof authentication erer infor<ation are inclu3e3 in the e@ternal erer infor<ation ettin" 3ata
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 89/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
89 / 112
authentication <etho3%
Uer #awor3 i chan"e3 )t erifie whether the uer #awor3 newl et hae been
atifie3 the followin" Iualitie
)t i co<#oe3 of the character an3 b the nu<ber of 3i"it. hown in the uer #awor3
of the !able 12
)t hall not be co<#oe3 of one ;in3 of character
)t hall not be eIual to the alue which i currentl et
Uer 3eletion
Uer ): an3 uer #awor3 i 3elete3
When a #eronal uer bo@ that a concerne3 uer own e@it. that #eronal uer bo@ i
auto<aticall et to the #ublic uer bo@ of Duer attribute #ublicD
Baue/reu<e of Uer $'nl in the <achine authentication a Uer authentication <etho3%
S#ecif the Uer ): an3 #aue the uer or reu<e the uer in the #aue tate !he uer in the
#aue tate i not i3entifie3 an3 not authenticate3. o that the uer cannot ue the uer
function after i3entification an3 authentication
Chan"e of the belon"in" account
!he belon"in" account that relate3 to uer i chan"e3
A 3ecribe3 aboe. )AS'S1L. M!M!:1L1. M!M!:1L2. M!M!:1L.
M!M!:1L10. M!M!:1L12. M!M!:1L1. M!SM1 an3 M!SM1L2 are
realize3
R1R1R1R1
Uer +o@ Setu#
Uer +o@ e"itration
When the a3<initrator attribute i relate3. the iew of the lit of uer bo@e i #er<itte3 A
#eronal uer bo@. a "rou# uer bo@. an3 a #ublic uer bo@ are re"itere3 b electin" the uer
attribute to the non-re"itration uer bo@ ): electe3 fro< the lit of uer bo@e When the
are re"itere3. E#ublicP i #ecifie3 on the uer attribute of the uer bo@ b 3efault. howeer. a
uer ): or an account ): can be electe3
)n the cae of the #eronal uer bo@. the arbitrar uer ): re"itere3 i #ecifie3
)n the cae of the #ublic uer bo@. erif that a uer bo@ #awor3 re"itere3 atifie the
followin" con3ition• )t i co<#oe3 of the character an3 b the nu<ber of 3i"it. hown in the uer bo@
#awor3 of the !able 12
• )t hall not be co<#oe3 of one ;in3 of character
S#ecif the arbitrar account ): re"itere3 when "rou# uer bo@
Chan"e of Uer +o@ Bawor3
!he uer bo@ #awor3 et to the #ublic uer bo@ i chan"e3
)t erifie whether the uer bo@ #awor3 newl et hae been atifie3 the followin"
Iualitie
• )t i co<#oe3 of the character an3 b the nu<ber of 3i"it. hown in the uer bo@#awor3 of the !able 12
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 90/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
90 / 112
• )t hall not be co<#oe3 of one ;in3 of character
• )t hall not be eIual to the alue which i currentl et
Chan"e of uer attribute of uer bo@
S#ecif the uer attribute of a #eronal uer bo@ to the other uer or the account that
re"itere3
S#ecif the uer attribute of "rou# uer bo@ to the uer or the other account that
re"itere3
S#ecif the uer attribute of #ublic uer bo@ to the uer or account that re"itere3
S#ecif the uer attribute of a #eronal uer bo@ or "rou# uer bo@ to #ublic
• )f a uer bo@ #awor3 i not re"itere3 at the a<e ti<e. the #awor3 hall be
re"itere3. an3 the a<e #rocein" a the chan"e of uer bo@ #awor3 <entione3
aboe i #erfor<e3
A 3ecribe3 aboe. :BACC1L1. :BAC1L1. )AS'S1L1. M!MSA1L1.
M!MSA1L2. M!MSA1L. M!MSAL1. M!M!:1LF. M!M!:1L5. M!SM1
an3 M!SM1L2 are realize3
R1FR1FR1FR1F eleae of *oc;
eet $clear all% the nu<ber of ti<e of authentication failure for each uer
)f there i a uer to who< acce i loc;e3. the loc; i releae3
eet $clear all% the nu<ber of ti<e of authentication failure for all ecure #rint #awor3
)f there i a ecure #rint #awor3 to which acce i loc;e3. the loc; i releae3
eet $clear all% the nu<ber of ti<e of authentication failure of each uer bo@e
)f there i a uer bo@ to which acce i loc;e3. the loc; i releae3
eet $clear all% the nu<ber of ti<e of authentication failure of each account
)f there i a uer account to which acce i loc;e3. the loc; i releae3
eet $clear all% the nu<ber of ti<e of authentication failure of S(MB #awor3
)f the acce to a M)+ obHect i loc;e3. the loc; i releae3
eet $clear all% the nu<ber of ti<e of authentication failure of Web:A4 erer #awor3
)f accein" b Web:A4 i loc;e3 u#. the loc; i releae3
A 3ecribe3 aboe. )AA*1 L. )AA*1LF. )AA*1L5. )AA*1L6.
)AA*1LR. an3 )AA*1L= are realize3
R15R15R15R15 Setu# of Uer Authentication unction
Set the followin" authentication <etho3 in a uer authentication function
Machine authentication Authentication <etho3 which utilize a uer #awor3 <ana"e3 on
MB i3e
,@ternal erer authentication Authentication <etho3 which utilize a uer #awor3
<ana"e3 with a uer infor<ation <ana"e<ent erer connecte3 throu"h a networ;$'nl
Actie :irector <etho3 i obHect%
When e@ternal erer authentication i ue3. the e@ternal erer authentication ettin"3ata $Contain the <ulti#le authentication erer infor<ation. uch a 3o<ain na<e to
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 91/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
91 / 112
which e@ternal erer belon"% nee3 to be et
Set the followin" authentication <etho3 in the account authentication function ue3 with a
uer authentication function
Account authentication function nchronize3 <etho3
!he <etho3 which utilize an account ): aociate3 with uer ): beforehan3
Account authentication function <etho3 not nchronize3
!he <etho3 to authenticate b the account ): an3 the account #awor3 at the ti<e of acce.
without utilizin" the account ): that aociate3 with uer ): beforehan3
Account authentication function not ue
Utilize onl the authentication function b uer ):. an3 not utilize the i3entification an3
authentication b account infor<ation
A 3ecribe3 aboe. M!M'1 L2. M!M'1L. M!M!:1L. M!M!:1L11.
M!SM1 an3 M!SM1L2 are realize3
R16R16R16R16 Unauthorize3 Acce Setu#
Setu# of unauthorize3 acce 3etection threhol3
!he unauthorize3 acce 3etection threhol3 in the authentication o#eration #rohibition
function i et for 1- ti<e
Setu# of the releae ti<e of o#eration #rohibition for A3<initrator Authentication
Set the releae ti<e of o#eration #rohibition for A3<initrator Authentication between 5-60
<inute
A 3ecribe3 aboe. M!M!:1L. M!SM1 an3 M!SM1L2 are realize3
R1RR1RR1RR1R
Setu# of Auto *o"off unction
!he #anel auto lo"off ti<e which i the ettin" 3ata of the auto lo"off function houl3 be et
within the followin" ti<e ran"e
#anel auto lo"off ti<e 1 - = <inute
A 3ecribe3 aboe. M!M!:1 L. M!SM1 an3 M!SM1L2 are realize3
R17R17R17R17 (etwor; Setu#
A etu# o#eration of the followin" ettin" 3ata i #erfor<e3
A erie of etu# 3ata that relate to SM!B erer $)B a33re. Bort (u<ber. etc% A erie of etu# 3ata that relate to :(S erer $)B a33re. Bort (u<ber. etc%
A erie of etu# 3ata that relate to MB a33re $)B a33re. (et+)'S (a<e. A##le!al;
Brinter (a<e. etc%
A 3ecribe3 aboe. :BACC1L an3 :BAC1L are realize3
R1=R1=R1=R1= ,@ecution of +ac;-u# an3 etoration unction
All the ettin" 3ata tore3 in (4AM an3 :: are bac;e3-u# an3 re-tore3 e@ce#t the
a3<initrator #awor3. the C, #awor3. an3 encr#tion #a#hrae A the obHect relate3 to
ecurit. 3ue to the relation of confi3entialit an3 co<#letene. the one hown b the followin"claification i tar"ete3
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 92/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
92 / 112
8!#e A 'bHect to which bac;-u# an3 retoration houl3 be li<ite39
S(MB #awor3
Uer #awor3
Account #awor3
Secure #rint #awor3
Uer +o@ #awor3
Web:A4 erer #awor3
8!#e + 'bHect to which retoration houl3 be li<ite39
A erie of 3ata that relate to SM!B erer ettin"
A erie of 3ata that relate to :(S erer ettin"
A erie of 3ata that relate to MB a33re ettin"
'#eration ettin" 3ata of S(MB #awor3 authentication function
Settin" 3ata of ,nhance3 Securit function
Settin" 3ata of o#eration <etho3 of uer authentication function
'#eration ettin" 3ata of account authentication function
Authentication failure freIuenc threhol3 of authentication o#eration #rohibition function
Banel auto lo"off ti<e
Uer ):
Uer attribute of uer bo@
Account ):
S/M)M, certificate
!ran<iion a33re 3ata
,ncr#tion tren"th ettin" 3ata in S/M)M, function
SS* certificate
+elon"in" Account of uer
eleae ti<e of o#eration #rohibition for A3<initrator authentication
BC-A rece#tion ettin"
!S) receiin" ettin" 3ata
,@ternal erer authentication ettin" 3ata
8!#e C 'bHect to which bac;-u# houl3 be li<ite39
Secure #rint file
Uer bo@ file ): N #rint file
A 3ecribe3 aboe. :BACC1L1. :BACC1L2. :BACC1L. :BACC1LF.
:BAC1L1. :BAC1L2 . :BAC1L. :BAC1LF. M!M'1L1 . M!M'1L2 .
M!M'1L. M!MSA1L1 . M!MSA1L2 . M!MSA1L. M!M!:1L2 .
M!M!:1L . M!M!:1LF . M!M!:1LR. M!SM1 an3 M!SM1L2 are
realize3
R110R110R110R110 '#eration Setu# of :: ,ncr#tion unction
8,ncr#tion Ba#hrae Chan"e9
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 93/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
93 / 112
!he encr#tion #a#hrae i chan"e3 )t i chan"e3 when the newl etu# encr#tion
#a#hrae atifie Iualit reIuire<ent. an3 CYB!' i #erfor<e3
4erif that the encr#tion #a#hrae newl et atifie the followin" Iualitie
)t i co<#oe3 of the character an3 b the nu<ber of 3i"it hown in the encr#tion
#a#hrae of the !able 12
)t hall not be co<#oe3 of one ;in3 of character
)t hall not be <atche3 with the current alue
A 3ecribe3 aboe. )AS'S1LF. M!M!:1L. M!SM1 an3 M!SM1L2 are
realize3
R111R111R111R111 Chan"e of S(MB Bawor3
!he S(MB #awor3 $Briac #awor3 an3 Authentication #awor3% i chan"e3 !hi i
#erfor<e3 when the newl etu# #awor3 atifie Iualit reIuire<ent
4erifie that the S(MB #awor3 which i newl et atifie the followin" Iualitie
)t i co<#oe3 of the character an3 b the nu<ber of 3i"it hown in S(MB #awor3 of
the !able 12
)t hall not be co<#oe3 of one ;in3 of character
)t hall not be <atche3 with the current alue
A 3ecribe3 aboe. )AS'S1L2. M!M!:1L. M!SM1. an3 M!SM1L2 are
realize3
R112R112R112R112 Setu# of S(MB Bawor3 Authentication unction
!he authentication <etho3 in the S(MB #awor3 authentication function i et to D'nl
Authentication #awor3D or the DAuthentication #awor3 an3 Briac #awor3D
A 3ecribe3 aboe. M!M'1L2. M!SM1 an3 M!SM1L2 are realize3
R11R11R11R11 Account Setu#
Account re"itration
Account i re"itere3 b ettin" the account ): an3 re"iterin" the account #awor3 )t
erifie whether the account #awor3 newl et hae been atifie3 the followin" Iualitie
)t i co<#oe3 of the character an3 b the nu<ber of 3i"it. hown in the account
#awor3 of the !able 12 )t hall not be co<#oe3 of one ;in3 of character
Chan"e of account ): an3 account #awor3
Account ): an3 account #awor3 i chan"e3 )t erifie whether the account #awor3
newl et hae been atifie3 the followin" Iualitie
)t i co<#oe3 of the character an3 b the nu<ber of 3i"it. hown in the account
#awor3 of the !able 12
)t hall not be co<#oe3 of one ;in3 of character
)t hall not be <atche3 to the current ettin"
Account 3eletion
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 94/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
94 / 112
Account ): an3 account #awor3 are 3elete3
When the "rou# uer bo@ of the account ): e@it. that "rou# uer bo@ i auto<aticall et
to the #ublic uer bo@ of Duer attribute #ublicD
Baue/reu<e of Account
Account ): i #ecifie3. an3 the ue of the account i #aue3 or the ue of the account in the
#aue tate i reu<e3 !he account in the #aue tate i not 3one the i3entification an3
authentication. an3 beco<e i<#oible to ue the uer function to nee3 the i3entification
an3 authentication of account
A 3ecribe3 aboe. )AS'S1L1. M!MSA1L. M!M!:1L. M!M!:1L11.
M!M!:1L1. M!SM1 an3 M!SM1L2 are realize3
R11FR11FR11FR11F Setu# of !rute3 Channel unction
Set the ettin" 3ata of !rute3 Channel function b SS*/!*S
Co<<unication ,ncr#tion Stren"th Settin" $Mo3ification of the co<<unication encr#tion
<etho3%
'#eration an3 Sto# Settin" of the !rute3 Channel function
A 3ecribe3 aboe. M!M'1L. M!SM1 an3 M!SM1L2 are realize3
R115R115R115R115 Setu# of S/M)M, !ran<iion unction
Set the ettin" 3ata which are ue3 when the uer bo@ file i S/M)M, tran<itte3
!ran<iion a33re 3ata $e-<ail a33re%
e"itration an3 <o3ification of S/M)M, certificate
Setu# of ,ncr#tion Stren"th for S/M)M, function
A 3ecribe3 aboe. :BACC1L. :BAC1L. M!M'1L2. M!M!:1L.
M!M!:1L11. M!SM1. an3 M!SM1L2 are realize3
R116R116R116R116 Setu# of A
Set the ettin" 3ata of A relate3 ettin" a follow.
BC-A rece#tion Settin"
Settin" either of two <o3e at BC-A o#eration which are to tore in each uer bo@ an3to tore in co<<on area for all uer accor3in" to the 3ei"nate3 infor<ation at A
tran<iion
!S) rece#tion Settin"
Settin" the torin" uer bo@ at !S) rece#tion b relatin" the tran<itter tele#hone
nu<ber with the uer bo@ a the i3entification infor<ation of tran<itter ter<inal
A 3ecribe3 aboe. :BACC1L. :BACB1L. M!M!:1L. M!M!:1L11.
M!SM1 an3 M!SM1L2 are realize3
R11RR11RR11RR11R unction elate3 to ,nhance3 Securit unction
!he function that influence the etu# of the ,nhance3 Securit function that the
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 95/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
95 / 112
a3<initrator o#erate i a follow $K )t ha e@#laine3 the influence of the bac;u# an3
retoration function in R1=%
'#erational etu# of ,nhance3 Securit function
unction to et ali3 or inali3 of ,nhance3 Securit function
:: lo"ical for<at function
unction to write the 3efault alue of <ana"e<ent 3ata uin" the file te< of :: Alon"
with the e@ecution of thi lo"ical for<at. the etu# of the ,nhance3 Securit function i
inali3ate3
All area oerwrite 3eletion function
!he etu# 3ata of enhance3 ecurit function are inali3ate3 b e@ecutin" the oerwrite
3eletion of all area
A 3ecribe3 aboe. M!M'1L1. M!SM1 an3 M!SM1L2 are realize3
R117R117R117R117 unction elate3 to Bawor3 )nitialization unction
!he function that relate to the initialization of the #awor3 that the a3<initrator o#erate
i a follow
All area oerwrite 3eletion function
!he ettin" of the a3<initrator #awor3. the S(MB #awor3 an3 the Web:A4 erer
#awor3 are initialize3 to the alue at factor hi#<ent b e@ecutin" the oerwrite 3eletion
of all area
A 3ecribe3 aboe. M!M!:1L . M!M!:1L6. M!SM1 an3 M!SM1L2 are
realize3
R11=R11=R11=R11=
Chan"e of Web:A4 Serer Bawor3
!he Web:A4 erer #awor3 i chan"e3 !hi i #erfor<e3 when the newl etu# Web:A4
erer #awor3 atifie the Iualit
4erifie that the Web:A4 erer #awor3 which i newl et atifie the followin"
Iualitie
)t i co<#oe3 of the character an3 b the nu<ber of 3i"it. hown in the Web:A4 erer
#awor3 of the !able 12
)t hall not be co<#oe3 of one ;in3 of character
)t hall not be <atche3 to the current ettin"
A 3ecribe3 aboe. )AS'S1L1. M!M!:1L. M!SM1. an3 M!SM1L2 arerealize3
R120R120R120R120 '#erational Setu# of the ): N Brint unction
!he o#eration <o3e of the ): N #rint function are et u# a follow
): N #rint auto<atic o#eration <o3e
An o#eration <o3e that tore a #rint file ent fro< a client BC a an ): N #rint file een if
#rintin" i reIuete3 b the nor<al #rint etu#
): N #rint #ecifie3 o#eration <o3e
An o#eration <o3e that tore a #rint file ent fro< a client BC a an ): N #rint file onlwhen it i reIuete3 to tore that file a an ): N #rint file
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 96/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
96 / 112
A 3ecribe3 aboe. M!M'1L2. M!SM1. an3 M!SM1L2 are realize3
R2R2R2R2 A:M)(-S(MB $S(MB A3<initrator unction%
A:M)(-S(MB i a ecurit function. which i3entifie an3 authenticate the a3<initrator
in the acce throu"h the networ; b uin" S(MB fro< client BC. an3 then #er<it the
o#eration of a ettin" function of the networ; onl to the a3<initrator whoe i3entification an3
authentication wa uccee3e3
R21R21R21R21 )3entification an3 Authentication unction b S(MB Bawor3
)t i3entifie an3 authenticate b the S(MB #awor3. that the uer who accee the M)+
obHect throu"h the networ; with the ue of S(MB i an a3<initrator
Broi3e the S(MB authentication <echani< which authenticate b the S(MB #awor3
that conit of the character hown in !able 12
'nl Authentication #awor3 or both the Briac #awor3 an3 the Authentication
#awor3 i ue3
)n the cae of S(MB. the S(MB #awor3 i ue3 for eer eion without reIuirin" the
a3<initrator authentication <echani< b the e#arate eion infor<ation
eet the authentication failure freIuenc if it uccee3 in authentication
)n the cae of both the Briac #awor3 an3 the Authentication #awor3 are ue3. the
authentication failure freIuenc i reet onl when both #awor3 to"ether uccee3e3 in
the authentication
When the authentication failure that beco<e the 1- ti<e at total in each authentication
function b uin" the S(MB #awor3 i 3etecte3. all the authentication function to ue the
S(MB #awor3 are loc;e3 $!he acce to the M)+ obHect i refue3%
!he a3<initrator #ecifie the failure freIuenc threhol3 b the unauthorize3 acce
3etection threhol3 ettin" function
)n the cae of both the Briac #awor3 an3 the Authentication #awor3 are utilize3.
een thou"h both #awor3 to"ether fail in authentication. it i 3etecte3 a one failure
!he loc; tatu i releae3 when the loc; releae function to the M)+ obHect of A:M)( i
#erfor<e3
A 3ecribe3 aboe. )AA*1L . )AUAU2L2 an3 )AU):2L2 are realize3
R22R22R22R22 Mana"e<ent unction uin" S(MB
When it i i3entifie3 an3 authenticate3 that the uer i an a3<initrator b the S(MB
#awor3. the acce to the M)+ obHect i #er<itte3. an3 then the o#eration of the ettin" 3ata
hown below i #er<itte3 to be 3one
$1% (etwor; Setu#
Setu# o#eration of the followin" ettin" 3ata i #erfor<e3
Settin" 3ata that relate to SM!B erer $)B a33re. #ort nu<ber. etc%
Settin" 3ata that relate to :(S erer $)B a33re. #ort nu<ber. etc% A erie of ettin" 3ata that relate to MB a33re $)B a33re. (et+)'S na<e. A##le!al;
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 97/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
97 / 112
#rinter na<e. etc%
A 3ecribe3 aboe. :BACC1L an3 :BAC1L are realize3
$2% Chan"e of S(MB #awor3
!he S(MB #awor3 $Briac #awor3 an3 Authentication #awor3% i chan"e3 4erif that
the S(MB #awor3 newl et atifie the followin" Iualitie
)t i co<#oe3 of the character an3 b the nu<ber of 3i"it hown in the S(MB #awor3
of the !able 12
!hi #awor3 i not co<#oe3 of one character onl
!hi #awor3 i not <atche3 to the currentl etu# #awor3
A 3ecribe3 aboe. )AS'S1L2. M!M!:1L . M!SM1 an3 M!SM1L2 are
realize3
$% Setu# of S(MB #awor3 authentication function
!he authentication <etho3 in the S(MB #awor3 authentication function i et to the
DAuthentication #awor3 onlD or the DBriac #awor3 an3 the Authentication #awor3D
A 3ecribe3 aboe. M!M'1L2 . M!SM1 an3 M!SM1L2 are realize3
RRRR S,4)C, $Serice Mo3e unction%
S,4)C, i a erie of ecurit function that the erice en"ineer o#erate. uch a the
erice en"ineer i3entification authentication function in erice <o3e accein" fro< a #anel.
an3 a ecurit <ana"e<ent function that inclu3e a chan"e in the C, #awor3 an3 the
a3<initrator #awor3
R1R1R1R1 Serice ,n"ineer )3entification Authentication unction
)t i i3entifie3 an3 authenticate3 the accein" uer a the erice en"ineer in re#one to the
acce reIuet to the erice <o3e fro< the #anel
Broi3e the C, authentication <echani< that i authenticate3 b the C, #awor3 that
conit of the character hown in !able 12
!he C, authentication <echani< b the e#arate eion infor<ation i not reIuire3
becaue the erice <o3e can onl be accee3 fro< the #anel
eturn EKP for each character a fee3bac; for the entere3 C, #awor3
eet the nu<ber of the authentication failure when uccee3in" in the authentication (ot acce#t the in#ut fro< the #anel for fie econ3 when the authentication faile3
When the authentication failure that beco<e 1- ti<e at total in each authentication
function b uin" the C, #awor3 i 3etecte3. it loc; all the authentication function to ue
the C, #awor3 $!he acce to the erice <o3e i refue3%
!he a3<initrator #ecifie the failure freIuenc threhol3 b the unauthorize3 acce
3etection threhol3 ettin" function
*oc; of authentication function i releae3 with ,S,! function o#erate3
A 3ecribe3 aboe. )AA*1L1. )AA*1L7. )AUAU2L1. )AUAUR an3
)AU):2L1 are realize3
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 98/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
98 / 112
R2R2R2R2 unction Su##orte3 in Serice Mo3e
When a uer i i3entifie3 an3 authenticate3 a a erice en"ineer b the erice en"ineer
i3entification authentication function at the acce reIuet to the erice <o3e. the ue of the
followin" function i #er<itte3
R21R21R21R21 Chan"e of C, Bawor3
When a uer i re-authenticate3 a a erice en"ineer an3 the new #awor3 atifie the
Iualit. it i chan"e3
Broi3e the C, authentication <echani< that i re-authenticate3 b the C, #awor3 that
conit of the character hown in !able 12
eet the authentication failure freIuenc when uccee3in" in the re-authentication
eturn DKD for each character a fee3bac; for the entere3 C, #awor3 in the
re-authentication
When the authentication failure that beco<e 1- ti<e at total in each authentication
function b uin" the C, #awor3 i 3etecte3. it lo"off the erice <o3e accein" fro< the
#anel. an3 loc; all the authentication function to ue the C, #awor3 $!he acce to the
erice <o3e i refue3%
!he a3<initrator #ecifie the failure freIuenc threhol3 b the unauthorize3 acce
3etection threhol3 ettin" function
!he ,S,! function unloc; the authentication function
)t erifie that the C, #awor3 newl et atifie the followin" Iualitie
)t i co<#oe3 of the character an3 b the nu<ber of 3i"it. hown in the C, #awor3 of
the !able 12
)t hall not be co<#oe3 of one ;in3 of character
)t hall not be <atche3 with the current alue
A 3ecribe3 aboe. )AA*1L1. )AS'S1L1. )AUAU6. )AUAUR. M!M!:1L=.
M!SM1 an3 M!SM1L1 are realize3
R22R22R22R22 Chan"e of A3<initrator Bawor3
Chan"e the a3<initrator #awor3 4erif that the a3<initrator #awor3 newl et
atifie the followin" Iualitie
)t i co<#oe3 of the character an3 b the nu<ber of 3i"it. hown in the a3<initrator#awor3 of the !able 12
)t hall not be co<#oe3 of one ;in3 of character
)t hall not be <atche3 with the current alue
A 3ecribe3 aboe. )AS'S1L1. M!M!:1L6. M!SM1 an3 M!SM1L1 are
realize3
R2R2R2R2 Setu# of the releae ti<e of o#eration #rohibition for C, Authentication
Set the releae ti<e of o#eration #rohibition for C, Authentication between 5 - 60 <inute
A 3ecribe3 aboe. M!M!:1L=. M!SM1 an3 M!SM1L1 are realize3
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 99/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
99 / 112
R2FR2FR2FR2F unction elate3 to ,nhance3 Securit unction
!he function that influence the ettin" of the ,nhance3 Securit function that the erice
en"ineer o#erate are a follow
:: lo"ical for<at function
unction to write the initial alue of <ana"e<ent 3ata uin" the file te< of :: !he
ettin" of the ,nhance3 Securit function i inali3ate3 alon" with the e@ecution of thi
lo"ical for<at
:: #hical for<at function
unction to rewrite the entire 3i; in :: with a re"ulate3 #attern inclu3in" the i"nal row
uch a the trac; an3 ector infor<ation !he ettin" of the ,nhance3 Securit function i
inali3ate3 alon" with the e@ecution of thi #hical for<at
)nitialization function
unction to reet eer ettin" alue written in (4AM to the factor 3efault !he etu# of
the ,nhance3 Securit function i inali3ate3 b e@ecutin" thi initialization function
A 3ecribe3 aboe. M!M'1L1. M!SM1 an3 M!SM1L1 are realize3
RFRFRFRF US, $Uer unction%
US, i3entifie an3 authenticate the uer for the ue of MB ariou function !o the
i3entifie3 an3 authenticate3 uer. it #roi3e the <ana"e<ent function of the uer #awor3
that i <ana"e3 in the MB at the ti<e of <achine authentication. bei3e the #er<iion of the
ue of function uch a +' an3 B)(!
RF1RF1RF1RF1 Uer Authentication unction
8Account Authentication Uer i3entification an3 authentication in the nchronize3 <etho39
When the acce reIuet for the uer bo@ an3 the tore reIuet for the ecure #rint file. it i
i3entifie3 an3 authenticate3 to be a #er<itte3 uer Account (a<e $account ):% i aociate3
with the concerne3 uer ): that i et u# beforehan3 bei3e the uer ): for the i3entifie3 an3
authenticate3 uer. an3 the ue of +' an3 B)(! i #er<itte3 to the i3entifie3 an3
authenticate3 uer
eturn DKD for each character a fee3bac; for the entere3 uer #awor3
eet the nu<ber of authentication failure when uccee3in" in the authentication
(ot acce#t the acce fro< the #anel for fie econ3 when the authentication faile3 When the authentication failure that beco<e 1- ti<e at total for the concerne3 uer i
3etecte3. it loc; all the authentication function to the uer
!he a3<initrator #ecifie the failure freIuenc threhol3 b the o#eration ettin" of
the authentication o#eration #rohibition function
!he loc; of authentication function i releae3 b #erfor<in" the loc; releae function to the
concerne3 uer of A:M)(
A 3ecribe3 aboe. )AA*1LF. )AA*1L7. )AA!:1. )AUAU 1L1. )AUAUR
)AU):2L an3 )AUS+1 are realize3
8 Account authentication Account re"itration function when the belon"in" account of uer inot re"itere3 in the nchronize3 <etho39
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 100/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
100 / 112
eIuire the Account authentication after Uer i3entification an3 authentication
e"iter the ucceful account ): a account na<e when uccee3in" in the account
authentication $+ thi. M!M!:1L12. M!SM1 an3 M!SM1L6 are realize3%
$!he 3etail of the account authentication i the a<e a #rocein" of the ite< e@#laine3 in
the followin" 8 Account authentication Uer i3entification an3 authentication in the
authentication <etho3 not nchronize39%
8 Account authentication Uer i3entification an3 authentication in the authentication <etho3
not nchronize39
When the acce reIuet for the uer bo@ an3 the tore reIuet for the ecure #rint file. it i
i3entifie3 an3 authenticate3 to be a #er<itte3 uer !he 3etail of uer authentication i the a<e
a account authentication uer i3entification an3 authentication in the nchronize3 <etho3 )n
the cae of the acce fro< the #anel. the account authentication i reIuire3. Account (a<e i
aociate3 with the uer ): if uccee3in" the account authentication. an3 the ue of +' an3
B)(! i #er<itte3 to the uer who i i3entifie3 an3 authenticate3
Broi3e account authentication <echani< that i authenticate3 the account b the
account #awor3 that conit of the character hown in !able 12
eturn DKD for each character a fee3bac; for the entere3 account #awor3
eet the nu<ber of authentication failure when uccee3in" in the authentication
(ot acce#t the acce fro< the #anel for fie econ3 when the authentication faile3
When the authentication failure that beco<e 1- ti<e at total for the concerne3 account i
3etecte3. it loc; all the authentication function to the account
!he a3<initrator #ecifie the failure freIuenc threhol3 b the o#eration ettin" of
the authentication o#eration #rohibition function
!he loc; of the authentication function i releae3 b #erfor<in" the loc; releae function to
the concerne3 account of A:M)(
A 3ecribe3 aboe. )AA*1LR. )AA*1L7. )AA!:1. )AUAU1L2. )AUAUR
)AU):2L6 an3 )AUS+1 are realize3
When accein" fro< a networ;. the account i not authenticate3 after the uer authentication
but the uer an3 the account are #rocee3 with one eIuence When authenticatin" the account.
the account ): i aociate3 with the uer ):. an3 the uer ): an3 the account ): are <eaure3
b the eion infor<ation which i the a<e a uer i3entification an3 authentication in the
account authentication the nchronize3 <etho3
Broi3e the uer authentication <echani< that authenticate the uer b the uer#awor3 that conit of the character hown in !able 12
After the uer i authenticate3 to the acce fro< the networ;. the uer authentication
<echani< uin" eion infor<ation bei3e the uer #awor3 i #roi3e3
Accor3in" to the #rotocol. it ue the eion infor<ation <ore than 1010 or it "enerate
an3 ue the eion infor<ation <ore than 1010
A 3ecribe3 aboe. )AA!:1. )AS'S1L5. )AS'S2 an3 )AUS+1 are realize3
8Account authentication Uer i3entification an3 authentication when it 3oe not ue39
When the acce reIuet for the uer bo@ an3 the tore reIuet of the ecure #rint file. it i
i3entifie3 an3 authenticate3 to be a #er<itte3 uer !he 3etail of the uer authentication i thea<e a account authentication uer i3entification an3 authentication in the nchronize3
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 101/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
101 / 112
<etho3 !he ue of +' an3 B)(! i #er<itte3 to the uer who i i3entifie3 an3
authenticate3
A 3ecribe3 aboe. )AA*1LF. )AA*1L7. )AA!:1. )AUAU 1L1. )AUAUR
)AU):2L an3 )AUS+1 are realize3
8Auto<atic re"itration of the Uer ):9
)n the cae of the E,@ternal erer authenticationP ha been electe3 a the uer
authentication <etho3. the i3entifie3 an3 authenticate3 uer i re"itere3 a a uer ): with the
uer na<e an3 authentication erer infor<ation that wa ue3 with i3entification an3
authentication
A 3ecribe3 aboe. )AU):2LR. M!M!:1L10. M!SM1 an3 M!SM1L5 are
realize3
RF2RF2RF2RF2 Auto *o"off unction in Uer )3entification an3 Authentication :o<ain
While the uer who i i3entifie3 an3 authenticate3 i accein" fro< a #anel. if it 3oe not
acce#t an o#eration for <ore than the D#anel auto<atic lo"off ti<eD. it lo" off fro< a uer
i3entification an3 authentication 3o<ain auto<aticall
A 3ecribe3 aboe. !ASS* i realize3
RFRFRFRF Mo3ification unction of Uer Bawor3
When the i3entification an3 authentication are uccee3e3. an3 the acce to the uer
i3entification an3 authentication 3o<ain i #er<itte3. the uer i #er<itte3 to chan"e it own
#awor3 When the e@ternal erer authentication i effectie. thi function cannot be a##lie3
!he uer #awor3 i chan"e3 when it i re-authenticate3 that the uer i a uer an3 the newl
etu# #awor3 atifie the Iualit
Broi3e uer authentication <echani< that i authenticate3 the uer b the uer
#awor3 that conit of the character hown in !able 12
eet the nu<ber of authentication failure when uccee3in" in the re-authentication
eturn EKP for each character a fee3bac; for the entere3 uer #awor3. in the cae of acce
fro< the #anel at the re-authentication
When the authentication failure that beco<e 1- ti<e at total for the concerne3 account i
3etecte3 b each authentication function utilizin" the uer #awor3. all the authentication
function utilizin" the uer #awor3 of the uer are loc;e3 out $*o"in b the uer i 3enie3Chan"e o#eration of the uer #awor3 i 3enie3%
!he a3<initrator #ecifie the failure freIuenc threhol3 b the unauthorize3 acce
3etection threhol3 ettin" function
!he loc; of the authentication function i releae3 b #erfor<in" the loc; releae function
to the concerne3 account of A:M)(
Chan"e3 when the uer #awor3 newl et atifie the followin" Iualitie
)t i co<#oe3 of the character an3 b the nu<ber of 3i"it. hown in the uer #awor3 of
the !able 12
)t hall not be co<#oe3 of one ;in3 of character
!hi #awor3 i not <atche3 to the currentl etu# #awor3 A 3ecribe3 aboe. )AA*1LF. )AS'S1L. )AUAU6. )AUAUR. M!M!:1L2.
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 102/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
102 / 112
M!SM1. an3 M!SM1L are realize3
R5R5R5R5 +' $Uer +o@ unction%
+' #er<it a uer who wa i3entifie3 an3 authenticate3 a a #er<itte3 uer to o#erate an3
<ana"e hi/her #eronal uer bo@ When the account authentication i ue3. +' #er<it the
uer to o#erate an3 <ana"e the "rou# uer bo@ aociate3 with the account to which the uer
belon" +' i a erie of ecurit function uch a the acce control function allowin" that
the uer i #er<itte3 to ue the #ublic uer bo@ when he/he trie to acce that #ublic uer bo@
an3 #er<ittin" ariou o#eration of the #ublic uer bo@ an3 the uer bo@ file after the
authentication uccee3
8e"itration of uer bo@ b uer o#eration9
!o re"iter a #eronal uer bo@. a "rou# uer bo@ or #ublic uer bo@ b electin" the uer
attribute to the non-re"itration uer bo@ ): electe3 When itJ re"itere3. it i #oible to elect
DUer ):D or DAccount ):D in the uer attribute of the uer bo@ which hae been #ecifie3 DBublicD
a a 3efault alue
)n the cae of the #eronal uer bo@. the arbitrar uer ): re"itere3 i #ecifie3
)n the cae of the #ublic uer bo@. erif that a uer bo@ #awor3 re"itere3 atifie the
followin" con3ition
)t i co<#oe3 of the character an3 b the nu<ber of 3i"it. hown in the uer bo@
#awor3 of the !able 12
)t hall not be co<#oe3 of one ;in3 of character
)n the cae of "rou# uer bo@. the arbitrar account ): re"itere3 i #ecifie3
A 3ecribe3 aboe. )AS'S1L1. M!MSAL1. M!M!:1L5. M!SM1 an3
M!SM1L are realize3
8Auto<atic re"itration of uer bo@9
)n the uer bo@ o#eration to tore of the co# Hob an3 the #rint Hob. when the #ecifie3 uer bo@
i unre"itere3. the #eronal uer bo@ which i et the uer ): of the uer who o#erate the
Hob concerne3 i auto<aticall re"itere3
A 3ecribe3 aboe. M!MSAL1 an3 M!SM1 are realize3
8Storin" of uer bo@ file9 )n the new torin" o#eration. <oe or co# o#eration of uer bo@ file. the uer bo@ ):
eIuialent to the uer bo@ #ecifie3 a tar"et tora"e i et to the uer bo@ attribute a the
uer bo@ file
A 3ecribe3 aboe. M!MSAL i realize3
R51R51R51R51 Beronal Uer +o@ unction
R511R511R511R511 Acce Control unction to Beronal Uer +o@
!he ta; to act for the i3entifie3 an3 authenticate3 uer ha DUer ):D of the uer who ii3entifie3 an3 authenticate3 for the uer attribute !hi ta; i #er<itte3 the 3i#la of the lit
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 103/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
103 / 112
of the #eronal uer bo@ which ha a corre#on3in" uer attribute with thi uer attribute
A 3ecribe3 aboe. )AA!:1. )AUS+1. :BACC1L1 an3 :BAC1L1 are realize3
R512R512R512R512 Acce Control unction to Uer +o@ ile in Beronal Uer +o@
When the uer bo@ to o#erate i electe3. DUer +o@ ):D of the uer bo@ i aociate3 with the
ta; a a uer bo@ attribute in a33ition to the uer attribute !hi ta; i #er<itte3. to the uer
bo@ file with the uer bo@ attribute corre#on3in" to the uer bo@ attribute of itelf. the #rintin".
the ,-<ail tran<iion $inclu3e the S/M)M, tran<iion%. the !B tran<iion. the A
tran<iion. the SM+ tran<iion. Web:A4 tran<iion. 3ownloa3. the re<oin" to other
uer bo@e. the co# o#eration to other uer bo@e. an3 the co# o#eration to an e@ternal
<e<or
A 3ecribe3 aboe. )AA!:1. )AUS+1. :BACC1L1 an3 :BAC1L1 are realize3
R51R51R51R51 Uer Attribute Chan"e of Beronal Uer +o@
!he uer attribute can be chan"e3
)f another re"itere3 uer i #ecifie3. it beco<e a #eronal uer bo@ that another uer
<ana"e
)f #ublic i #ecifie3. it beco<e a #ublic uer bo@ )t i necear to re"iter the uer bo@
#awor3 )n thi cae. it i erifie3 that the uer bo@ #awor3 atifie the followin"
reIuire<ent
)t i co<#oe3 of the character an3 b the nu<ber of 3i"it hown in the uer bo@
#awor3 of the !able 12
)t hall not be co<#oe3 of one ;in3 of character
)f account ): i #ecifie3. it beco<e a "rou# uer bo@ that can be accee3 b a uer who i
#er<itte3 the ue of the concerne3 account
A 3ecribe3 aboe. )AS'S1L1. M!MSA1L1. M!SM1 an3 M!SM1L are
realize3
R52R52R52R52 Bublic Uer +o@ unction
When the uer i i3entifie3 an3 authenticate3 a a #er<itte3 uer. the ta; to act for the uer
who i i3entifie3 an3 authenticate3 ha DUer ):D of the i3entifie3 an3 authenticate3 uer a the
uer attribute !hi ta; i #er<itte3 the 3i#la of the lit of the #ublic uer bo@ which i et the#ublic a the uer attribute !he o#eration #ecification of each #ublic uer bo@ i a follow
$A 3ecribe3 aboe. )AA!:1. )AUS+1. :BACC1L1 an3 :BAC1L1 are realize3%
R521R521R521R521 Authentication unction in Acce to Bublic Uer +o@
or the acce reIuet for each #ublic uer bo@. after the aboe-<entione3 erification function
i o#erate3. the uer who accee i authenticate3 that it i a uer #er<itte3 the ue of a uer
bo@ concerne3 re#ectiel
Broi3e the uer bo@ authentication <echani< that i authenticate3 b the uer bo@
#awor3 that conit of the character hown in !able 12 After the uer bo@ i authenticate3 to the acce fro< the networ;. it #roi3e the uer bo@
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 104/112
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 105/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
105 / 112
eet the nu<ber of authentication failure when uccee3in" in the re-authentication
eturn EKP for each character a fee3bac; for the entere3 uer bo@ #awor3. in the cae of
acce fro< the #anel at the re-authentication
When the authentication failure that beco<e 1- ti<e at total for the concerne3 #ublic
uer bo@ i 3etecte3 b each authentication function utilizin" the uer #awor3. all the
authentication function utilizin" the uer bo@ #awor3 of the #ublic uer bo@ are loc;e3
out $:en the lo"in of the #ublic uer bo@ :en the chan"e o#eration of the uer bo@
#awor3 of the #ublic uer bo@%
!he a3<initrator #ecifie the failure freIuenc threhol3 b the unauthorize3 acce
3etection threhol3 ettin" function
!he loc; of the authentication function i releae3 b the loc; releae function to the #ublic
uer bo@ of A:M)( e@ecute3
Chan"e3 when the uer bo@ #awor3 newl et atifie the followin" Iualitie
)t i co<#oe3 of the character an3 b the nu<ber of 3i"it. hown in the uer #awor3 of
the !able 12
)t hall not be co<#oe3 of one ;in3 of character
!hi #awor3 i not <atche3 to the currentl etu# #awor3
A 3ecribe3 aboe. )AA*1L6. )AS'S1L1. )AUAU6. )AUAUR. M!M!:1LF.
M!SM1. an3 M!SM1LF are realize3
R5R5R5R5 Grou# Uer +o@ unction
R51R51R51R51 Acce Control unction for Grou# Uer +o@
!he ta; to act for the i3entifie3 an3 authenticate3 uer ha the EAccount ):D a the Account
(a<e that i aociate3 with the i3entifie3 an3 authenticate3 uer !hi ta; i #er<itte3 the
3i#la of the lit of the "rou# uer bo@ which ha a corre#on3in" uer attribute with thi
account ):
A 3ecribe3 aboe. )AA!:1. )AUS+1. :BACC1L1 an3 :BAC1L1 are realize3
R52R52R52R52 Acce Control unction to Uer +o@ ile in Grou# Uer +o@
When the uer bo@ to o#erate i electe3. DUer +o@ ):D of the uer bo@ i aociate3 with the
ta; a a uer bo@ attribute in a33ition to the uer attribute !hi ta; i #er<itte3. to the uer
bo@ file with the uer bo@ attribute corre#on3in" to the uer bo@ attribute of ubHect attribute.the #rintin". the ,-<ail tran<iion $inclu3e the S/M)M, tran<iion%. the !B tran<iion.
the A tran<iion. the SM+ tran<iion. Web:A4 tran<iion. 3ownloa3. the re<oin"
to other uer bo@e. the co# o#eration to other uer bo@e. an3 the co# o#eration to an
e@ternal <e<or
A 3ecribe3 aboe. )AA!:1. )AUS+1. :BACC1 L1 an3 :BAC1L1 are realize3
R5R5R5R5 Uer Attribute Chan"e of Grou# Uer +o@
!he uer attribute can be chan"e3
)f another account ): i #ecifie3. it beco<e a "rou# uer bo@ that the uer of another Account (a<e can acce
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 106/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
106 / 112
)f #ublic i #ecifie3. it beco<e a #ublic uer bo@ )t i necear to re"iter the uer bo@
#awor3 )n thi cae. it i erifie3 that the uer bo@ #awor3 atifie the followin"
reIuire<ent
)t i co<#oe3 of the character an3 b the nu<ber of 3i"it hown in the uer bo@
#awor3 of the !able 12
)t hall not be co<#oe3 of one ;in3 of character
S#ecif a re"itere3 uer. an3 chan"e to a #eronal uer bo@ for the re"itere3 uer
A 3ecribe3 aboe. )AS'S1 L1. M!MSA1L. M!SM1 an3 M!SM1L6 are
realize3
R6R6R6R6 B)(! $Secure Brint unction. ): N Brint unction%
B)(! i a ecurit function relate3 to the ecure #rint function an3 ): N #rint function
)t #roi3e the acce control function that allow the #rintin" an3 3i#lain" the lit of the
ecure #rint file after authenticatin" if a uer i the authorize3 #eron to ue the ecure #rint file
for the acce to the ecure #rint file fro< the #anel to the i3entifie3 an3 authenticate3 uer
Moreoer. for the uer who wa i3entifie3 an3 authenticate3 a a #er<itte3 uer. when ): N
#rint file are accee3 fro< the #anel. B)(! #roi3e the acce control function that allow
the #rintin" an3 3i#lain" the lit of onl the one tore3 b the uer
R61R61R61R61 Secure Brint unction
R611R611R611R611 Authentication unction b Secure Brint Bawor3
When the uer i i3entifie3 an3 authenticate3 a the #er<itte3 uer. it authenticate that the
accein" uer i a uer to who< the ue of the ecure #rint file i #er<itte3. in re#one to the
acce reIuet to each ecure #rint file
Broi3e the ecure #rint authentication <echani< that i authenticate3 b the ecure
#rint #awor3 that conit of the character hown in !able 12
!he ecure #rint authentication <echani< b the e#arate eion infor<ation i not
nee3e3 becaue it beco<e onl an acce fro< the #anel in the cae of the ecure #rint
eturn DKD for each character a fee3bac; for the entere3 ecure #rint #awor3
eet the nu<ber of authentication failure when uccee3in" in the authentication
!he acce fro< the #anel i not acce#te3 for 5 econ3 when the authentication i faile3
When the authentication failure that beco<e the 1- ti<e in total for the ecure #rint fileconcerne3 i 3etecte3. the authentication function to the ecure #rint file i loc;e3
!he a3<initrator #ecifie the failure freIuenc threhol3 b the unauthorize3 acce
3etection threhol3 ettin" function
!he loc; i releae3 b the loc; releae function to the ecure #rint file of A:M)(
e@ecute3
A 3ecribe3 aboe. )AA*1L5. )AA*1L7. )AUAU2L. )AUAUR an3
)AU):2LF are realize3
R612R612R612R612 Acce Control unction to Secure Brint ile
!he ecure #rint file acce control o#erate when it i authenticate3
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 107/112
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 108/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
108 / 112
initialization i a follow
<'bHect for the 3eletion ::9
Secure #rint file
Uer bo@ file
): N #rint file
'n-<e<or i<a"e file
Store3 i<a"e file
:: re<ainin" i<a"e file
)<a"e relate3 file
!ran<iion a33re 3ata file
Uer ):
Uer #awor3
Uer bo@ #awor3
Secure #rint #awor3
Account ):
Account #awor3
S/M)M, certificate
SS* certificate
8'bHect for the initialization (4AM9
A3<initrator Bawor3
S(MB #awor3
Web:A4 erer #awor3
,ncr#tion #a#hrae --- ,ncr#tion Ba#hrae i 3elete3. an3 the
o#erational ettin" of :: encr#tion function i
turne3 '
!he 3eletion <etho3 uch a the 3ata oerwritten in :: an3 the writin" freIuenc i
e@ecute3 accor3in" to the 3eletion <etho3 of the oerall area oerwrite 3eletion function et b
A:M)( $!able 1% or the :: encr#tion function. the encr#tion #a#hrae which wa et
i 3iable3 b turnin" off the o#erational etu# !he etu# of the ,nhance3 Securit function
beco<e inali3 in the e@ecution of thi function $efer to the 3ecri#tion for the o#erational
etu# of the ,nhance3 Securit function in A:M)(%
A 3ecribe3 aboe. A:)B1 i realize3
!able!able!able!able 1111 !#e!#e!#e!#e an3 Metho3an3 Metho3an3 Metho3an3 Metho3 of of of of ''''erwriteerwriteerwriteerwrite ::::eletioneletioneletioneletion of of of of 'er'er'er'erallallallall A AA Arearearearea
Metho3 'erwritten 3ata t#e an3 their or3er
Mo3e1 0@00
Mo3e2 an3o< nu<ber an3o< nu<ber 0@00
Mo3e 0@00 0@ an3o< nu<ber 4erification
Mo3eF an3o< nu<ber 0@00 0@
Mo3e5 0@00 0@ 0@00 0@
Mo3e6 0@00
0@
0@00
0@
0@00
0@
an3o< nu<berMo3eR 0@00 0@ 0@00 0@ 0@00 0@ 0@AA
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 109/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
109 / 112
Metho3 'erwritten 3ata t#e an3 their or3er
Mo3e7 0@00 0@ 0@00 0@ 0@00 0@ 0@AA 4erification
R7R7R7R7 CYB! $,ncr#tion &e Generation unction%
CYB! "enerate an encr#tion ;e to encr#t all 3ata written in :: b uin" the &onica
Minolta :: encr#tion ;e "eneration al"orith< that i re"ulate3 b the &onica Minolta
encr#tion #ecification tan3ar3
When the encr#tion #a#hrae i 3eci3e3 in the :: encr#tion functional o#eration
ettin" to which the acce i retricte3 in A:M)(. an encr#tion ;e 127 bit lon" i
"enerate3 fro< the encr#tion #a#hrae b a##lin" the &onica Minolta :: encr#tion ;e
"eneration al"orith<
A 3ecribe3 aboe. CSC&M1 i realize3
R=R=R=R= ,S,! $Authentication ailure reIuenc eet unction%
,S,! i a function that releae the loc; b reettin" the authentication failure freIuenc
when the account loc; in the a3<initrator authentication an3 C, authentication
$1% C, Authentication function loc; releae #rocein" function
!he function i e@ecute3 b the #ecific o#eration. an3 the loc; i releae3 b clearin" the
failure freIuenc of the C, authentication to 0 after the releae ti<e of o#eration #rohibition
for C, authentication
A 3ecribe3 aboe. )AA*1L1 i realize3
$2% A3<initrator authentication function loc; releae #rocein" function
!he function i e@ecute3 b '/'( of the <ain #ower u##l. an3 the loc; i releae3 b
clearin" the failure freIuenc of the a3<initrator authentication to 0 after the releae ti<e of
o#eration #rohibition for A3<initrator authentication
A 3ecribe3 aboe. )AA*1L2 i realize3
R10R10R10R10 !US!,:-BASS $!rut Channel unction%
!US!,:-BASS i a function that "enerate an3 achiee the !rute3 Channel b uin"
SS* or !S* #rotocol when tran<ittin" an3 receiin" the followin" i<a"e file between client BCan3 MB
Uer bo@ file $3ownloa3 fro< MB to client BC%
)<a"e file that will be tore3 a a uer bo@ file $u#loa3 fro< client BC to MB%
)<a"e file that will be tore3 a Secure Brint file $u#loa3 fro< client BC to MB%
)<a"e file that will be tore3 a an ): N #rint file $u#loa3 fro< client BC to MB%
A 3ecribe3 aboe. !B)!C1 i realize3
R11R11R11R11 S/M)M, $S/M)M, ,ncr#tion Brocein" unction%
S/M)M, i a function to encr#t the uer bo@ file when tran<ittin" the uer bo@ file aS/M)M,
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 110/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
110 / 112
8Uer bo@ file ,ncr#tion &e "eneration9
!he ,ncr#tion ;e i "enerate3 to encr#t the uer bo@ file b the #eu3oran3o< nu<ber
Generation Al"orith< which )BS 176-2 #roi3e $,ncr#tion ;e len"th i 127. 167. 1=2
or 256 bit%
A 3ecribe3 aboe. CSC&M1 i realize3
8,ncr#tion of Uer bo@ file 9
)t i encr#te3 b A,S which )BS BU+ 1=R #roi3e b uin" encr#tion ;e $127. 1=2 an3
256 bit% to encr#t the uer bo@ file
)t i encr#te3 b the -&e-!ri#le-:,S which SB700-6R #roi3e b uin" the encr#tion
;e $167 bit% to encr#t the uer bo@ file
A 3ecribe3 aboe. CSC'B1 i realize3
8,ncr#tion of Uer bo@ file ,ncr#tion ;e9
!he encr#tion ;e to encr#t the uer bo@ file i encr#te3 b SA which )BS 176-2
#roi3e
!he ;e len"th of the encr#tion ;e ue3 in thi cae i 102F. 20F7. 0R2 or F0=6 bit
A 3ecribe3 aboe. CSC'B1 i realize3
R12R12R12R12 A-C'(!'* $A Unit Control unction%
A-C'(!'* i the function that #rohibit an acce to internal networ; connecte3 to
MB throu"h the A unit b !', control
!', control the function that tranfer the 3ata receie3 fro< #ublic line to internal *A(
!he #rohibition of acce $3ata forwar3in" e@ce#t i<a"e 3ata% fro< #ublic line to internal
networ; i realize3 b !', control
A 3ecribe3 aboe. :B)C1 an3 :B)1 are realize3
R1R1R1R1 SUBB'!-AU! $,@ternal Serer Authentication '#eration Su##ort unction%
SUBB'!-AU! i the function that realize the uer authentication function in
coo#eration with the uer infor<ation <ana"e<ent erer of Actie :irector $the function that
o#erate with US,%
When the Ee@ternal erer authenticationP i electe3 for uer authentication <etho3. theinIuir for the authentication infor<ation of the uer i 3one for the uer infor<ation
<ana"e<ent erer un3er the uerJ reIuet of the i3entification an3 authentication #roce
After thi inIuir. the uer i3entification an3 authentication #roce i realize3 b "ettin" the
uer authentication infor<ation returne3 bac; fro< uer infor<ation <ana"e<ent erer
A 3ecribe3 aboe. CSCAB1 L1 i realize3
R1FR1FR1FR1F SUBB'!-CYB!' $AS)C Su##ort unction%
SUBB'!-CYB!' i the function that o#erate the :: encr#tion function that utilize
AS)C fro< !',or all 3ata written in ::. an encr#tion ;e "enerate3 b CYB!' i et in AS)C. an3
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 111/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
Co#ri"ht$c% 2010-2011 &'()CA M)('*!A +US)(,SS !,C('*'G),S. )(C. All i"ht eere3
111 / 112
encr#tion i #erfor<e3 b the AS)C 'n the other han3. for the encr#te3 3ata rea3 out of the
::. the encr#tion ;e "enerate3 b CYB!' i et in AS)C in the a<e <anner a aboe.
an3 3ecr#tion i #erfor<e3 b the AS)C
A 3ecribe3 aboe. CSCAB1 L2 i realize3
R15R15R15R15 A:M)(-Web:A4 $A3<initrator unction $Counter Mana"e<ent unction%%
A:M)(-Web:A4 i the ecurit function that i3entifie an3 authenticate a3<initrator
when accee3 ia a networ; fro< a client BC uin" Web:A4. an3 #er<it onl the
a3<initrator who wa i3entifie3 an3 authenticate3 uccefull to o#erate the counter
<ana"e<ent function $!he counter <ana"e<ent function inclu3e !S 3ata !hi i 3ecribe3
in 3etail below%
R151R151R151R151 )3entification an3 Authentication unction b Web:A4 Serer Bawor3
)t i i3entifie3 an3 authenticate3 b the Web:A4 erer #awor3 that a uer accein" ia a
networ; uin" Web:A4 i an a3<initrator
Broi3e the Web:A4 authentication <echani< which authenticate the uer b the
Web:A4 erer #awor3 conitin" of the character hown in !able 12
or Web:A4. no e#arate <echani< to authenticate the a3<initrator bae3 on the
eion infor<ation. but a Web:A4 erer #awor3 i ue3 for each eion
eet the nu<ber of authentication failure when uccee3in" in the authentication
When the authentication failure that beco<e the econ3. fourth. an3 i@th in total i
3etecte3 b each authentication function utilizin" a Web:A4 erer #awor3. all the
authentication function utilizin" a Web:A4 erer #awor3 i loc;e3 $:en the acce
uin" Web:A4%
!he a3<initrator #ecifie the failure freIuenc threhol3 b the unauthorize3 acce
3etection threhol3 ettin" function
!he loc; i releae3 b the loc; releae function to the Web:A4 authentication of A:M)(
e@ecute3
A 3ecribe3 aboe. )AA*1L=. )AUAU2L2. an3 )AU):2L2 are realize3
R152R152R152R152 Mana"e<ent unction Utilizin" Web:A4
When it i i3entifie3 an3 authenticate3 that the uer i an a3<initrator b the Web:A4erer #awor3. acce utilizin" Web:A4 i #er<itte3. an3 the etu# o#eration of the followin"
ettin" 3ata i #er<itte3
R1521R1521R1521R1521 'btention of Uer Bawor3
Uer #awor3 i obtaine3 for each re"itere3 uer
A 3ecribe3 aboe. M!M!:1LR. M!SM1. an3 M!SM1L2 are realize3
R1522R1522R1522R1522 'btention of Account Bawor3
Account #awor3 i obtaine3 for each re"itere3 account
8/11/2019 Service Manual Firmware KM652
http://slidepdf.com/reader/full/service-manual-firmware-km652 112/112
bizhub 652 / bizhub 602 / bizhub 552 / bizhub 502 / ineo 652 / ineo 602 / ineo 552 / ineo 502Control Software A2WU0Y0-0100-GM0-00 Securit !ar"et
A 3ecribe3 aboe. M!M!:1LR. M!SM1. an3 M!SM1L2 are realize3