Ricoh's Security Functions

Network port security

Multifunction copiers, as well as other devices, have several communications protocols to choose from. Each of the protocols can either be enabled or disabled, so that only required protocols can be used and unauthorized access is minimized.

IP address filtering

Accesses using TCP/IP can be controlled by designating the range of IP addresses from which accesses are allowed. For instance, designating an access control range of [192.16.15.16] to [192.16.15.20] allows access from the PCs whose IP addresses are from 192.16.15.16 to 192.16.15.20. Limiting the IP addresses will reduce the risk of threats like access from unauthorized PCs.

Security for fax lines

A multifunction copier with a fax feature is connected to the outside via a telephone line. It is necessary to block unauthorized accesses via the telephone line. Ricoh software is designed to only process appropriate types of data and send that data to appropriate functions in the device. Therefore, only fax data is received from the fax line and it is communicated only to the processes needed for fax operation. This mechanism prevents unauthorized access from the fax line to the network or to the programs inside the device.

IPsec communications

The administrator of the multifunction copier can use IPsec for encrypted communications. IPsec enables communications in units of secure packets at the IP protocol level. Even if no encryption is used in a high-order protocol or application, IPsec enhances security by preventing the content of communications from being tapped into or altered.

Encryption over SSL/TLS

• ※Ricoh's multifunction copiers are capable of SSL/TLS communications conforming to FIPS 140-2 specifications, the network communications requirements of the U.S. government.

SNMPv3-encrypted communications

SNMP (Simple Network Management Protocol) is a protocol for collecting information on network devices so that they can be monitored and controlled. The information includes, for example, the total number of copies a device has printed and the errors it has encountered. SNMP is also used to operate the devices, such as monitoring the operating status of its services. These functions are based on information obtained from a management information base (MIB), which describes the configuration of the network devices. SNMPv3 incorporates user authentication and data encryption functions which protect user data and network device information.

S/MIME for scan-to-e-mail

To minimize the risk of information leaks, e-mail messages can be sent using public key cryptography and a certificate of user verification that has been registered in the address book of a multifunction copier. Spoofing and message alteration can be prevented by attaching an electronic signature using a secret key based on a device certificate in the the multifunction copier.

• ※This feature is not available with W-NET FAX and direct SMTP.

WPA (Wi-Fi Protected Access) support

User authentication

User authentication using authentication cards

Instead of entering the user name and password, a user can just hold an authentication card over the card reader/writer for authentication. When data is sent from a client PC for printing, the multifunction copier suspends processing that data until the user walks over to the device, holds the authentication card over the reader, and enters printing instructions on the operator panel.

Job logs/access logs

Logs stored in the multiufnction copier provide a variety of information such as how the functions have been used, what errors have occurred, how the device has been accessed, and who have accessed the device. These logs impose a disincentive to people intending to leak information, and allow tracking in the unlikely event of an unauthorized access. The following information is logged:

Job logs

• ・All information on the user's document workflow, including photocopying, document storage in a document box, printing on the printer, fax transmission, and scanner distribution.
• ・Printing of reports, including the system settings list that is output from the operating unit.

Access logs

• ・Authentication events such as login and logout
• ・Document operation including generation, editing, and deletion of stored documents
• ・Operations by service engineers, such as hard disk initialization
• ・Log transfer results and system operation when an unauthorized copy is read
• ・Security operations such as encrypted communication, access attacks, lockouts, and firmware validation

User access restriction

With a user management tool, the system administrator can restrict the access privileges of users. For instance, the administrator can set up the privileges to allow only selected users to access the address book registered in the multifunction copier. This blocks unauthorized access to important information, such as the personal information recorded in the address book.

User lockout function

When wrong passwords are consecutively entered during the login process, the multifunction copier judges that the password is being cracked. This triggers the lockout function, which inhibits login using that user name. The locked-out user name cannot be authenticated even if it is combined with the correct password. The lockout will be released in a certain lapse of time or by an administrator or a supervisor. Thus, the attacker cannot continue cracking the password.

PDF password encryption

To increase security against unauthorized use, PDF files can be protected by encryption and password. A protected PDF file can be opened only by a person who knows the password. A password can also set for changing the privileges, thus restricting the printing, modification, copying, and extraction of the content.

Locked print

A document received from a PC can be stored in the hard disk drive in the multifunction copier. Using the locked print function, a password is specified when sending the document, and that password must be entered on the multifunction copier before it can be printed. Since the document will not be printed until the owner reaches the device, locked print makes sure that the document will remain under the control of its owner.

Unauthorized copy control

To guard against attempts to make unauthorized copies, Ricoh offers functions to ensure security of hardcopy documents. The copy guard function prints documents with special invisible patterns embedded across the background. If the printed document is photocopied, the embedded patterns will be visible on the copies. With the optional unauthorized copy guard module installed, the copier will detect the embedded patterns and replace the photocopied image with a gray image to prevent information leaks. This function is useful when confidential information has to be printed. Restricting the duplication of confidential information prevents this kind of information leakage.

Displaying confirmation of transmission

Re-entering a fax number to confirm destination

People can easily make mistakes when entering a fax number directly on the keypad. Our customer engineers can set up the device so that the number needs to be entered twice or more for confirmation. If different numbers are entered, the transmission will not commence. This feature minimizes the risk of sending information to a wrong destination.

• ※Ricoh's multifunction products comply with FASEC 1, a security guideline for facsimile

Firmware validation

Multifunction copiers and ordinary printers have built-in software (called firmware) which controls their operation. If the firmware is altered by a malicious person, the devices could be used as stepping stones for intrusion into the corporate networks or to damage the devices.

To prevent the genuine firmware from being overridden by the unauthorized firmware, Ricoh uses electronic signatures to validate the firmware. This technology blocks the unauthorized firmware and ensures device security.