Ricoh Mp 3351 User Guide

							  Page 11 of 81 
Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved.   Engine UnitScanner EnginePrinter EngineFax UnitEngine Control BoardController BoardHDDRAMNVRAMIc KeyFlashROMProcessorIc HddUSB PortUserDocumentOutput DocumentTelephone LineOperation Panel 
UnitTOETOE
SD Card
SlotNetwork Unit* Optional
 
Figure 2: Hardware configuration of TOE 
Operation Panel Unit (hereafter Operation Panel ) 
The Operation Panel is an interface device that is installed on the TOE for use by users. It features key 
switches, LED indicators, an LCD touch screen, and the Operation Panel Control Board. The Operation 
Panel Control Software is installed in the Operation Panel Control Board. The Operation Panel Control 
Software controls the LEDs and displays information on the LCD touch screen after input information has 
been sent from the key switches and LCD touch screen to the MFP Control Software, or in response to direct 
instructions from the MFP Control Software. 
Engine Unit 
The Engine Unit contains a Scanner Engine, Printer Engine, and the Engine Control Board. The Scanner 
Engine is an input device to read the paper documents. The Printer Engine is an output device for printing 
and outputting of paper documents. The Engine Control Software is installed in the Engine Control Board. 
The Engine Control Software sends information about the status of the Scanner Engine and Printer Engine to 
the MFP Control Software, and operates the Scanner Engine or Printer Engine according to instructions from 
the MFP Control Software.  
						

							  Page 12 of 81 
Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved.  Fax Unit (optional) 
The Fax Unit is a device that has a modem function to send and receive fax data when connected to a 
telephone line. 
The Fax Unit has an interface to the MFP Control Software. The interface provides the MFP Control 
Software with information about the status of fax communications and controls the fax communications 
according to instructions from the MFP Control Software. 
Controller Board 
The Controller Board contains Processors, FlashROM, RAM, NVRAM, and Ic Key. It is connected to the 
Operation Panel Unit, Engine Unit, Fax Unit, Network Unit, USB Port, SD Card Slot, and Ic Hdd. The Ic 
Hdd is also connected to the HDD. The following are descriptions of these components:  
[Processor] 
A semiconductor chip that carries out the basic arithmetic processing of the MFP operation. 
[FlashROM] 
A memory medium in which the MFP Control Software is installed.  
[RAM] 
A volatile memory medium used for image processing. 
[NVRAM] 
A non-volatile memory medium in which MFP Control Data for configuring the MFP operation is 
stored. 
[Ic Key] 
A security chip that generates random numbers and encryption keys, and detects any tampering with the 
MFP Control Software. 
Ic Hdd 
A security chip that encrypts information to be stored on the HDD and decrypts information to be read from 
the HDD. 
HDD 
The hard disk drive, where image data and user information for identification and authentication are stored. 
Network Unit 
Network Unit is an interface board for connection to an Ethernet (100BASE-TX/10BASE-T) network. 
USB Port 
The USB Port is used to connect a client computer to the TOE, print or fax from the client computer. 
SD Card Slot 
The SD Card Slot is a slot that is used by a customer engineers (hereafter called a CE) for maintenance 
work using an SD card. It is located on the side of the TOE, and is normally covered. When a CE performs  
						

							  Page 13 of 81 
Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved.  maintenance work, s/he removes this cover to insert and remove the SD card. 
When installing the TOE, the CE inserts an SD card into the SD Card Slot to activate the Stored Data 
Protection Function. 
1.4.2 Guidance Documents 
The following sets of user guidance documents are available for this TOE: [English version-1], [English 
version-2], [English version-3], and [English version-4]. Selection of the guidance document sets depends on 
characteristics of sales areas and/or companies. Details of the document sets are as follows: 
[English version-1] 
- 9228/9233 
MP 2851/3351 
LD528/LD533 
Aficio MP 2851/3351 
Operating Instructions 
About This Machine 
- 9228/9233 
MP 2851/3351  
LD528/LD533 
Aficio MP 2851/3351 
Operating Instructions 
Troubleshooting 
- Notes for Users 
- App2Me Start Guide 
- Manuals for Users 
9228/9233 
MP 2851/3351  
LD528/LD533 
Aficio MP 2851/3351 
- Manuals for Administrators 
9228/9233 
MP 2851/3351  
LD528/LD533 
Aficio MP 2851/3351 
- Manuals for Administrators 
Security Reference Supplement 
9228/9233 
MP 2851/3351  
LD528/LD533 
Aficio MP 2851/3351 
- Notes for Administrators: Using this Machine in a CC-Certified Environment 
- VM Card Manuals  
						

							  Page 14 of 81 
Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved.  [English version-2] 
- Quick Reference Copy Guide 
- Quick Reference Fax Guide 
- Quick Reference Printer Guide 
- Quick Reference Scanner Guide 
- Manuals for This Machine 
- Safety Information for Aficio MP 2851/Aficio MP 3351 
- Notes for Users 
- App2Me Start Guide 
- Manuals for Users 
MP 2851/3351 
Aficio MP 2851/3351 
A 
- Manuals for Administrators 
Security Reference 
MP 2851/3351 
Aficio MP 2851/3351 
- Manuals for Administrators 
Security Reference Supplement 
9228/9233 
MP 2851/3351 
LD528/LD533 
Aficio MP 2851/3351 
- Notes for Administrators: Using this Machine in a CC-Certified Environment 
- VM Card Manuals 
[English version-3] 
- Quick Reference Copy Guide 
- Quick Reference Fax Guide 
- Quick Reference Printer Guide 
- Quick Reference Scanner Guide 
- Manuals for This Machine 
- Safety Information for MP 2851/MP 3351 
- Notes for Users 
- App2Me Start Guide 
- Manuals for Users 
MP 2851/3351 
Aficio MP 2851/3351 
A  
						

							  Page 15 of 81 
Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved.  - Manuals for Administrators 
Security Reference 
MP 2851/3351 
Aficio MP 2851/3351 
- Manuals for Administrators 
Security Reference Supplement 
9228/9233 
MP 2851/3351 
LD528/LD533 
Aficio MP 2851/3351 
- Notes for Administrators: Using this Machine in a CC-Certified Environment 
- VM card Manuals 
[English version-4] 
- MP 2851/MP 3351 
MP 2851/MP 3351 
Aficio MP 2851/3351 
Operating Instructions 
About This Machine 
- MP 2851/MP 3351 
MP 2851/MP 3351 
Aficio MP 2851/3351 
Operating Instructions 
Troubleshooting 
- Quick Reference Copy Guide 
- Quick Reference FAX Guide 
- Quick Reference Printer Guide 
- Quick Reference Scanner Guide 
- Notes for Users 
- App2Me Start Guide 
- Manuals for Users 
MP 2851/3351 
Aficio MP 2851/3351 
- Manuals for Administrators 
MP 2851/3351 
Aficio MP 2851/3351 
- Manuals for Administrators 
Security Reference Supplement 
9228/9233 
MP 2851/3351 
LD528/LD533 
Aficio MP 2851/3351  
						

							  Page 16 of 81 
Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved.  - Notes for Administrators: Using this Machine in a CC-Certified Environment 
- VM Card Manuals 
1.4.3 User Roles 
This section describes the roles involved in this TOE operation. 
1.4.3.1 Responsible Manager of MFP 
The responsible manager of the MFP is a person who belongs to the organisation that uses the TOE, and 
has the role of selecting the TOE administrators and TOE supervisor. 
The responsible manager of the MFP selects up to four administrators and one supervisor. When selecting 
administrators, the responsible manager assigns each administrator one or more of the following 
administrator roles: user administration, machine administration, network administration, and/or file 
administration. 
1.4.3.2 Administrator 
An administrator is a user who is registered on the TOE as an administrator. One to four administrators can 
be registered for the TOE. Administrator roles for administrators include user administration, machine 
administration, network administration, and file administration. Administrators may have concurrent 
administrator roles, and administrator roles can be assigned to one or more administrators. One default 
administrator is registered and assigned all four administrator roles as a factory setting. When the TOE is 
being installed, the administrators who are selected by the responsible manager change the settings of their 
own administrator IDs, passwords, and administrator roles. Table 1 describes the duties involved in each 
administrator role. 
Table 1: List of administrator roles Administrator role Explanation about duties involved User administration Managing general users. Machine administration Managing machines and performing audits. Network administration Managing the TOEs network connections. File administration Managing the documents stored in the TOE.  
1.4.3.3 Supervisor 
The supervisor is a user who manages administrator passwords and changes them. One supervisor must be 
registered for the TOE. A default supervisor is registered for the TOE as a factory setting. The person 
selected to be a supervisor by the responsible manager can change the supervisor ID and password of the 
default supervisor.  
						

							  Page 17 of 81 
Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved.  1.4.3.4 General User 
A general user is an authorised TOE user who is registered in the Address Book by a user administrator. 
General users can store document data in the TOE and perform operations on the document data. 
1.4.3.5 Customer Engineer 
A customer engineer (hereafter CE) is an expert in maintenance of the TOE and is employed by 
manufacturers, technical support service companies, and sales companies. 
1.4.4 Logical Boundaries of TOE 
The logical boundaries of the TOE comprise the functions provided by the TOE. This section describes the 
Basic Functions, which is the service provided by the TOE to users, and the Security Functions, which 
counter threats to the TOE. These functions are outlined in Figure 3. Fax Function
HDDFax
General userAdministratorSupervisorCE
General user
Printer FunctionCopy FunctionDocument Server
Function
Scanner Function
ManagementFunction
Security Management Function
Telephone Line Intrusion
Protection Function
Web Service Function
(To MFP Control Software in FlashROM)
MFP Control Software
Verification Function
Identification and Authentication FunctionNetwork Communication Data
Protection Function
Network Communication Data
Protection FunctionSMB server
FTP server
SMTP server TOE corresponding
printer driver
fax driver
Web browser
Security Function
Basic Function
TOE
Service Mode
Lock Function
MaintenanceFunction
Document Data
Access Control Function
Stored Data
Protection Function
* Audit
Function
* The performed events are notified to Audit Function by each Security Function.Functions for CEs 
Figure 3: Logical boundaries of TOE 
1.4.4.1 Basic Functions 
Basic Functions include the Copy Function, Printer Function, Fax Function, Scanner Function, Document 
Server Function, and Management Function, which are operated from the Operation Panel, and the Web  
						

							  Page 18 of 81 
Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved.  Service Function, which is operated from the Web browser of a client computer. 
General users are provided with the Copy Function, Document Server Function, Printer Function, Fax 
Function, and Scanner Function. Administrators and supervisors are provided with the Management Function. 
These functions are accessed by pushing the relevant buttons on the Operation Panel. 
General users, administrators, and supervisors can use the Web Service Functions, depending on their role. 
Copy Function 
This function is for scanning originals and printing the scanned image according to the Print Settings 
specified by the user. Print Settings include the number of copies, magnification, and custom settings (e.g. 
printing multiple pages onto a single sheet). In addition, the scanned original images can be stored in the 
D-BOX. Document data stored in the D-BOX using the Copy Function can be printed and deleted using the 
Document Server Function, which is part of the Basic Functions and described later. 
Printer Function 
This function is for printing out the print data sent from a client computer. The TOE receives the print data 
from a client computer on the network or directly connected to its USB Port. The TOE prints the received 
data using its Direct Print Function or Store and Print Function. The print data can be stored in the D-BOX as 
document data using the Store and Print Function, and the stored document data can be printed and deleted 
using the Document Server Function, which is part of the Basic Functions and described later. 
Fax Function 
This function is for sending and receiving fax data over a telephone line. Fax Functions consists of the Fax 
Receive Function (hereafter called Fax Reception), the Fax Transmission Function (hereafter called Fax 
Transmission), and a function for printing and deleting fax data. 
Fax Reception either prints received fax data, or converts received fax data into fax reception data and then 
stores it in the D-BOX. 
Fax reception data stored in the D-BOX can be printed and deleted using the Fax Function or Document 
Server Function, which is part of the Basic Functions and described later. 
Fax Transmission includes Immediate Transmission, Memory Transmission, and stored document Fax 
Transmission, which are available from the Operation Panel, and also include LAN-Fax transmission, which 
is available from a client computer. Document data stored in the D-BOX for faxing can be printed and 
deleted using the Document Server Function, which is part of the Basic Functions and described later. 
Although the MFP provides IP-Fax and Internet Fax Function as a part of the Fax Function, no evaluation 
based on this document is applied to these functions. 
Scanner Function 
This function is for scanning and digitising paper originals and delivering scanned images to folders or 
sending them as document data by e-mail via networks. A client computer can process scanned data. This 
function can also be used for storing scanned images in the D-BOX as document data. Document data that is 
stored in the D-BOX using this function can be sent by e-mail, delivered to folders, and deleted using this 
function.  
						

							  Page 19 of 81 
Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved.  Document Server Function 
This function is for scanning originals and storing scanned image data in the D-BOX as document data. In 
addition, document data stored in the D-BOX using the Copy Function, Printer Function, Fax Function, or 
Document Server Function can be printed and deleted using the Document Server Function. Document data 
stored in the D-BOX using the Scanner Function cannot be printed or deleted using the Document Server 
Function. When document data is printed, the Print Setting information for the stored document data will be 
updated according to the users settings. 
Management Function 
This function is for setting the following information: information for configuring operation of the machine, 
information for connecting the TOE to networks, user information, and information on restriction of use of 
document data. The users ability to manage this information depends on the users role (general user, 
administrator, or supervisor). This function is available from the Operation Panel or by accessing the Web 
Service Function from a client computer. Some information can be managed from the Operation Panel, client 
computer, and both. As for Management Functions, security-related functions are described later in Security 
Management Function in 1.4.4.2 Security Functions. 
Although the Management Function also provides Back Up/Restore Address Book functions, no evaluation 
based on this document is applied to these functions.  
Web Service Function 
This function is for allowing authorised TOE users (general users, administrators or supervisors) to operate 
the TOE remotely from a client computer. Remote operation is possible if a Web browser is installed on the 
client computer and the TOE and client computer are network-connected. Users can use this function by 
accessing the web server of the TOE from their computers Web browser. The following TOE operations are 
available: 
1. Printing document data stored in the D-BOX. 
Document data stored using the Copy Function, Document Server Function, Fax Function, or 
Printer Function can be printed. When document data is printed, the Print Setting information for 
the stored document data will be updated according to the users settings. 
2. Sending document data stored in the D-BOX. 
Document data stored using the Scanner Function can be sent. 
3. Deleting document data stored in the D-BOX. 
4. Downloading document data stored in the D-BOX. 
Document data stored using the Scanner Function or Fax Function can be downloaded. 
5. Subset of Management Functions.  
6. Checking the status of the TOE. 
 
1.4.4.2 Security Functions 
The Security Functions include the Audit Function, Identification and Authentication Function, Document 
Data Access Control Function, Stored Data Protection Function, Network Communication Data Protection  
						

							  Page 20 of 81 
Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved.  Function, Security Management Function, Service Mode Lock Function, Telephone Line Intrusion 
Protection Function, and MFP Control Software Verification Function. This section describes these 
functions. 
Audit Function 
This function is for checking the operational status of the TOE, and for recording events in the audit log, 
which is necessary for the detection of security breaches. Only the machine administrator is able to read and 
delete the recorded audit logs. The machine administrator can read the audit logs using the Web Service 
Function, and delete the audit logs using both the Operation Panel and the Web Service Function. 
Identification and Authentication Function 
This function is for those who attempt to use the TOE from the Operation Panel or a client computer. It 
prompts the users to enter their user IDs and authentication details for user identification and authentication. 
However, when printing or faxing from a client computer, this function sends the users ID and 
authentication details to the TOE after the users enters their user ID and authentication details from printer or 
fax drivers, which are outside the TOE. The TOE then attempts to identify and authenticate the user with the 
received user ID and authentication information. 
The Identification and Authentication Function includes the following: 
- Account Lockout: If the number of consecutive unsuccessful attempts with the same 
particular user ID reaches the specified Number of Attempts before Lockout, this function 
temporarily prevents further login attempts from this user ID. 
- Authentication Feedback Area Protection: When a user enters their password, this function 
masks the password with protection characters as it appears in the authentication feedback 
area, in order to prevent the password being viewed by others. 
- Password Quality Maintenance: This forces users to register passwords that satisfy both the 
Minimum Password Length and Password Complexity Setting, which the user administrator 
sets in advance. 
Although this TOE has other Identification and Authentication Functions, this evaluation does not cover the 
functions other than those listed above. 
Document Data Access Control Function 
This function restricts operations on document data stored in the D-BOX to specified users only. 
Operations on document data include reading and deleting. Each of these operations is as follows: 
Reading document data: Read document data stored in the D-BOX. 
Deleting document data: Delete document data stored in the D-BOX. 
The TOE allows specified users, (file administrators, and general users) to perform operations on document 
data. 
File administrators are allowed to delete any document data. 
General users are allowed to perform only operations that are authorised by the permissions to process 
document data. The operation permissions in document data include read-only, edit, edit/delete, and full 
control. For editing permission, the same operation on document data is permitted as the read-only