Ricoh's Security Functions

Security Functions for Communications

Network port security

Multifunction copiers, as well as other devices, have several communications protocols to choose from. Each of the protocols can either be enabled or disabled, so that only required protocols can be used and unauthorized access is minimized.

IP address filtering

Accesses using TCP/IP can be controlled by designating the range of IP addresses from which accesses are allowed. For instance, designating an access control range of [192.16.15.16] to [192.16.15.20] allows access from the PCs whose IP addresses are from 192.16.15.16 to 192.16.15.20. Limiting the IP addresses will reduce the risk of threats like access from unauthorized PCs.

Security for fax lines

A multifunction copier with a fax feature is connected to the outside via a telephone line. It is necessary to block unauthorized accesses via the telephone line. Ricoh software is designed to only process appropriate types of data and send that data to appropriate functions in the device. Therefore, only fax data is received from the fax line and it is communicated only to the processes needed for fax operation. This mechanism prevents unauthorized access from the fax line to the network or to the programs inside the device.

IPsec communications

The administrator of the multifunction copier can use IPsec for encrypted communications. IPsec enables communications in units of secure packets at the IP protocol level. Even if no encryption is used in a high-order protocol or application, IPsec enhances security by preventing the content of communications from being tapped into or altered.

Encryption over SSL/TLS

Encryption over SSL/TLS

The administrator of the multifunction copier can set up SSL/TLS for encrypted communications. The SSL/TLS setup prevents data from being tapped into, analyzed, or altered during communications. For instance, a customer using e-mail services and cloud services over the Internet may want to encrypt communications using the scan-to-e-mail function. This method greatly reduces the risk of information leaks or alterations when an external SMTP server is used.

Since recent hackers have high skills for decrypting communications, strong encryption algorithms are needed to minimize information leakage from hardcopy devices. Ricoh implements the 256-bit AES and SHA-2 encryption algorithms required by the U.S. National Institute of Standards and Technology (NIST) to increase the security of communications and internal processing for all of its multifunction copiers.

  • Ricoh's multifunction copiers are capable of SSL/TLS communications conforming to FIPS 140-2 specifications, the network communications requirements of the U.S. government.

SNMPv3-encrypted communications

SNMP (Simple Network Management Protocol) is a protocol for collecting information on network devices so that they can be monitored and controlled. The information includes, for example, the total number of copies a device has printed and the errors it has encountered. SNMP is also used to operate the devices, such as monitoring the operating status of its services. These functions are based on information obtained from a management information base (MIB), which describes the configuration of the network devices. SNMPv3 incorporates user authentication and data encryption functions which protect user data and network device information.

S/MIME for scan-to-e-mail

To minimize the risk of information leaks, e-mail messages can be sent using public key cryptography and a certificate of user verification that has been registered in the address book of a multifunction copier. Spoofing and message alteration can be prevented by attaching an electronic signature using a secret key based on a device certificate in the the multifunction copier.

  • This feature is not available with W-NET FAX and direct SMTP.

WPA (Wi-Fi Protected Access) support

WPA (Wi-Fi Protected Access) support

WPA is an encryption system for wireless networks. WPA provides greater security than WEP, a conventional encryption system. In addition to the SSID and security key used in WEP, WPA features a user authentication function and an encryption protocol called TKIP (Temporal Key Integrity Protocol) which automatically updates the encryption key at certain intervals.

Page Top

Security Functions for Management

User authentication

User authentication

Individual users can be identified by the multifunction copier. Ricoh's user authentication functions are based either on user codes of up to eight digits or on combinations of login user names and passwords. Linked with the Windows® domain controllers and LDAP servers over the network, the multifunction copier allows user authentication via an existing authentication system.

User authentication

User authentication using authentication cards

Instead of entering the user name and password, a user can just hold an authentication card over the card reader/writer for authentication. When data is sent from a client PC for printing, the multifunction copier suspends processing that data until the user walks over to the device, holds the authentication card over the reader, and enters printing instructions on the operator panel.

Job logs/access logs

Logs stored in the multiufnction copier provide a variety of information such as how the functions have been used, what errors have occurred, how the device has been accessed, and who have accessed the device. These logs impose a disincentive to people intending to leak information, and allow tracking in the unlikely event of an unauthorized access. The following information is logged:

Job logs
  • ・All information on the user's document workflow, including photocopying, document storage in a document box, printing on the printer, fax transmission, and scanner distribution.
  • ・Printing of reports, including the system settings list that is output from the operating unit.
Access logs
  • ・Authentication events such as login and logout
  • ・Document operation including generation, editing, and deletion of stored documents
  • ・Operations by service engineers, such as hard disk initialization
  • ・Log transfer results and system operation when an unauthorized copy is read
  • ・Security operations such as encrypted communication, access attacks, lockouts, and firmware validation

User access restriction

With a user management tool, the system administrator can restrict the access privileges of users. For instance, the administrator can set up the privileges to allow only selected users to access the address book registered in the multifunction copier. This blocks unauthorized access to important information, such as the personal information recorded in the address book.

User lockout function

When wrong passwords are consecutively entered during the login process, the multifunction copier judges that the password is being cracked. This triggers the lockout function, which inhibits login using that user name. The locked-out user name cannot be authenticated even if it is combined with the correct password. The lockout will be released in a certain lapse of time or by an administrator or a supervisor. Thus, the attacker cannot continue cracking the password.

Page Top

Hard Disk Security Functions

Hard disk drive (HDD) encryption

Address books, authentication information, and accumulated documents stored in a multifunction copiers are encrypted as they are stored. This function prevents information from being leaked even if the hard disk drive is physically removed.

Hard disk drive (HDD) encryption

Data to be encrypted

The following data stored in the non-volatile memory or hard disk drive of the multifunction copiers are encrypted:

  • ・Address book
  • ・User authentication data
  • ・Stored documents
  • ・Temporarily stored documents
  • ・Logs
  • ・Network interface settings
  • ・Configuration

DataOverwriteSecurity System (DOSS)

DataOverwriteSecurity System (DOSS)

When a document is scanned by an MFP or a scanner or when data is received from a PC, some data may be stored on the hard disk drive or memory device. For example, temporary image data, data the user has chosen to save, or device configuration data may be stored. When the data is no longer needed this function actively erases it by overwriting it.

Event-driven:

The image data stored in the device during the copying and printing processes is overwritten and erased each time a job is executed.

Overwrite all:

All data, including the user information registered in the multifunction copier, is erased at one time when the multifunction copier is to be transferred to another department or to be decommissioned.

Encryption key protection via TPM

Ricoh MFPs employ a Trusted Platform Module (TPM) which is a tamper-proof hardware security module that performs cryptographic functions and securely stores cryptographic data. Ricoh uses the TPM to store the root encryption key that protects the hard disk data encryption key and the digital certificate of the MFP, and to perform a trusted boot operation which validates MFP firmware authenticity before permitting the MFP to operate.
The root key and cryptographic functions are always contained within the TPM and cannot be altered from outside. This provides a high level assurance of the validity of the MFP’s firmware, device identity, and hard disk security. This is another good example of how Ricoh’s MFP products are designed with our customers’ security interests at the forefront.

Ricoh Products Equipped with Trusted Platform Module (TPM)

Encryption key protection via TPM

Document Security Functions

PDF password encryption

To increase security against unauthorized use, PDF files can be protected by encryption and password. A protected PDF file can be opened only by a person who knows the password. A password can also set for changing the privileges, thus restricting the printing, modification, copying, and extraction of the content.

Locked print

A document received from a PC can be stored in the hard disk drive in the multifunction copier. Using the locked print function, a password is specified when sending the document, and that password must be entered on the multifunction copier before it can be printed. Since the document will not be printed until the owner reaches the device, locked print makes sure that the document will remain under the control of its owner.

Locked print

Unauthorized copy control

To guard against attempts to make unauthorized copies, Ricoh offers functions to ensure security of hardcopy documents. The copy guard function prints/copies documents with special invisible patterns embedded across the background. If the printed/copied document is photocopied, the embedded patterns will be visible on the copies. With the optional unauthorized copy guard module installed, the copier will detect the embedded patterns and replace the photocopied image with a gray image to prevent information leaks. This function is useful when confidential information has to be printed. Restricting the duplication of confidential information prevents this kind of information leakage.

Unauthorized copy control

Page Top

Device Operation Security Functions

Displaying confirmation of transmission

Displaying confirmation of transmission

Before you start sending a fax, information on the destination fax number and the number of pages can be easily viewed. This screen minimizes the risk of dialing the wrong number. Our customer engineers can set up the device so that this screen is always displayed before transmission.

Re-entering a fax number to confirm destination

People can easily make mistakes when entering a fax number directly on the keypad. Our customer engineers can set up the device so that the number needs to be entered twice or more for confirmation. If different numbers are entered, the transmission will not commence. This feature minimizes the risk of sending information to a wrong destination.

  • Ricoh's multifunction products comply with FASEC 1, a security guideline for facsimile

Re-entering a fax number to confirm destination

Page Top

Ricoh's Functions Designed to Protect Firmware

Firmware validation

Multifunction copiers and ordinary printers have built-in software (called firmware) which controls their operation. If the firmware is altered by a malicious person, the devices could be used as stepping stones for intrusion into the corporate networks or to damage the devices.

To prevent the genuine firmware from being overridden by the unauthorized firmware, Ricoh uses electronic signatures to validate the firmware. Moreover, a Trusted Platform Module (TPM) which is tamper-proof hardware security module validates MFP firmware authenticity before permitting the MFP to operate. These technologies ensure device security.

Ricoh Products Equipped with Trusted Platform Module (TPM)

Page Top

Supported security functions vary from products. For more information describing the functions of each product please reference the specific product related support documentation., or contact your nearest Ricoh dealer.

Page Top