Konica Minolta Bizhub C3850 User manual

Security Operations

2014. 8

Ver. 1.05

User’s Guide

bizhub C3850/C3350 Contents-1

Contents

1 Security

1.1 Introduction ..................................................................................................................................... 1-2

Compliance with the ISO15408 Standard ......................................................................................... 1-2

Operating Precautions ....................................................................................................................... 1-2

INSTALLATION CHECKLIST.............................................................................................................. 1-3

1.2 Security Functions .......................................................................................................................... 1-4

Check Count Clear Conditions .......................................................................................................... 1-4

1.3 Data to be Protected ...................................................................................................................... 1-5

1.4 Precautions for Operation Control ................................................................................................ 1-6

Roles and Requirements of the Administrator................................................................................... 1-6

Password Usage Requirements ........................................................................................................ 1-6

Network Connection Requirements for the Machine......................................................................... 1-6

User information control system control requirements ..................................................................... 1-7

Security function operation setting operating requirements.............................................................. 1-7

Operation and control of the machine ............................................................................................... 1-7

Machine Maintenance Control........................................................................................................... 1-7

Operating conditions for the IC card and IC card reader .................................................................. 1-7

IC card owner requirements .............................................................................................................. 1-8

1.5 Miscellaneous.................................................................................................................................. 1-9

Password Rules ................................................................................................................................. 1-9

Precautions for Use of Various Types of Applications....................................................................... 1-9

Encrypting communications ............................................................................................................ 1-10

IPP printing ...................................................................................................................................... 1-10

Items of Data Cleared by Data Erase Function................................................................................ 1-11

HDD Format ..................................................................................................................................... 1-12

Upgrading of the firmware ............................................................................................................... 1-12

Software used in the machine ......................................................................................................... 1-12

2 Administrator Operations

2.1 Accessing the Administrator Settings .......................................................................................... 2-2

Accessing the Administrator Settings................................................................................................ 2-2

2.2 Enhancing the Security Function................................................................................................... 2-5

Setting the Enhanced Security Mode ................................................................................................ 2-7

2.3 Setting the Authentication Method ............................................................................................... 2-9

Setting the Authentication Method .................................................................................................... 2-9

2.4 ID & Print Setting Function........................................................................................................... 2-11

Setting the ID & Print........................................................................................................................ 2-11

2.5 System Auto Reset Function ....................................................................................................... 2-12

Setting the System Auto Reset function.......................................................................................... 2-12

2.6 User Setting Function................................................................................................................... 2-14

Making user setting.......................................................................................................................... 2-14

2.7 IC card information Setting Function.......................................................................................... 2-16

Registering information from the control panel ............................................................................... 2-16

2.8 Changing the Administrator Password....................................................................................... 2-18

Changing the Administrator Password ............................................................................................ 2-18

2.9 Protecting Data in the HDD.......................................................................................................... 2-21

2.9.1 Setting the Encryption Key (encryption word) ................................................................................. 2-21

2.9.2 Deleting the encryption key ............................................................................................................. 2-24

2.10 Erasing data when the machine is to be discarded or use of a leased machine is

terminated...................................................................................................................................... 2-25

2.10.1 Setting the Overwrite All Data.......................................................................................................... 2-25

2.10.2 Setting the Restore All ..................................................................................................................... 2-28

2.11 SSL Setting Function .................................................................................................................... 2-30

2.11.1 Device Certificate Setting ................................................................................................................ 2-30

bizhub C3850/C3350 Contents-2

2.11.2 SSL Setting ...................................................................................................................................... 2-32

2.11.3 Removing a Certificate..................................................................................................................... 2-33

2.12 S/MIME Communication Setting Function ................................................................................. 2-34

2.12.1 Setting the S/MIME Communication ............................................................................................... 2-34

2.12.2 Registering the certificate ................................................................................................................ 2-35

2.13 SNMP Setting Function ................................................................................................................ 2-37

2.13.1 Changing the auth-password and priv-password ........................................................................... 2-37

2.13.2 SNMP access authentication function............................................................................................. 2-38

2.13.3 SNMP v3 setting function ................................................................................................................ 2-38

2.13.4 SNMP network setting function ....................................................................................................... 2-38

2.14 Accessing the Scan to HDD file................................................................................................... 2-39

Accessing the image file .................................................................................................................. 2-39

2.15 TCP/IP Setting Function............................................................................................................... 2-41

2.15.1 Setting the IP Address ..................................................................................................................... 2-41

2.15.2 Registering the DNS Server ............................................................................................................. 2-41

2.16 SMB Setting Function................................................................................................................... 2-42

Making the SMB Setting .................................................................................................................. 2-42

2.17 AppleTalk (Bonjour) Setting Function ......................................................................................... 2-43

Making the AppleTalk (Bonjour) Setting .......................................................................................... 2-43

2.18 E-Mail Setting Function ................................................................................................................ 2-44

Setting the SMTP Server (E-Mail Server)......................................................................................... 2-44

3 User Operations

3.1 User Authentication Function ........................................................................................................ 3-2

3.1.1 Performing user authentication (authentication through entry of the user name and

user password)....................................................................................................................................3-3

3.1.2 Performing user authentication (identification through the IC card) .................................................. 3-6

3.1.3 Performing user authentication (authentication through the IC card + user password) .................... 3-7

3.2 ID & Print Function........................................................................................................................ 3-11

3.2.1 Registering ID & Print files ............................................................................................................... 3-11

3.2.2 Accessing the ID & Print file............................................................................................................. 3-13

3.3 Change Password Function......................................................................................................... 3-15

Performing Change Password ......................................................................................................... 3-15

3.4 Secured Job Function................................................................................................................... 3-16

3.4.1 Registering Secured Job files .......................................................................................................... 3-16

3.4.2 Accessing the Secured Job file ....................................................................................................... 3-18

3.5 Scan to HDD Function .................................................................................................................. 3-21

3.5.1 Registering image files..................................................................................................................... 3-21

3.5.2 Accessing the image file .................................................................................................................. 3-23

3.6 S/MIME transmission function .................................................................................................... 3-25

Sending E-mail by S/MIME.............................................................................................................. 3-25

4 Application Software

4.1 PageScope Data Administrator ..................................................................................................... 4-2

Precautions during backup or restore ............................................................................................... 4-2

4.1.1 Accessing from PageScope Data Administrator ............................................................................... 4-2

4.1.2 Setting the user authentication method............................................................................................. 4-4

4.1.3 Changing the authentication mode.................................................................................................... 4-6

4.1.4 Making the user settings.................................................................................................................... 4-9

4.1.5 Setting the IC card information........................................................................................................ 4-10

4.1.6 Registering the S/MIME certificate .................................................................................................. 4-12

4.2 TWAIN driver.................................................................................................................................. 4-14

Accessing from the TWAIN driver.................................................................................................... 4-14

1Security

bizhub C3850/C3350 1-2

1.1 Introduction 1

1 Security

1.1 Introduction

Thank you for purchasing our product.

This User's Guide contains the operating procedures and precautions to be used when using the security

functions offered by the bizhub C3850/C3350 machine. To ensure the best possible performance and effec-

tive use of the machine, read this manual thoroughly before using the security functions. The Administrator

of the machine should keep this manual for ready reference. The manual should be of great help in finding

solutions to operating problems and questions.

This User's Guide (Ver. 1.05) covers the following.

Compliance with the ISO15408 Standard

When the Enhanced Security Mode on this machine is set to [ON], more enhanced security functions are

available.

The security functions offered by the bizhub C3850/C3350 machine comply with ISO/IEC15408 (level: EAL3).

Operating Precautions

The machine gives an alarm message or an alarm sound (peep) when a wrong operation is performed or a

wrong entry is made during operation of the machine. (No "peep" alarm sound is issued if a specific sound

setting in Sound Setting of Accessibility Setting is set to [OFF].) If the alarm message or alarm sound is given,

perform the correct operation or make the correct entry according to the instructions given by the message

or other means.

The Administrator of the machine should not leave the machine with the setting screen left displayed after

the access to that mode is completed or in the middle of the mode. If it is absolutely necessary to leave the

machine, the Administrator of the machine should log off from the mode.

The Administrator of the machine should make sure that each individual general user logs off from the current

mode whenever the access to that mode is completed or if the user leaves the machine in the middle of the

mode with the mode screen left displayed.

NOTICE

This machine permits duplicate login operations performed by the service engineer, the Administrator of the

machine, and the user.

-The Administrator of the machine should make sure that, when the service engineer changes the set-

tings, neither the Administrator of the machine nor the user performs the login operation.

-The Administrator of the machine should make sure that no user is allowed to perform the login oper-

ation when the Administrator of the machine changes or deletes user information or user data.

-To prevent settings of the machine from being duplicated, the Administrator of the machine should not

attempt to change the settings in a condition of having logged onto a mode simultaneously from the

control panel and the client PC.

TOE Name bizhub C3850/bizhub C3350/ineo+ 3850/ineo+ 3350 Control Software

Controller Firmware A3GN30G0142-999

bizhub C3850/C3350 1-3

1.1 Introduction 1

INSTALLATION CHECKLIST

This Installation Checklist contains items that are to be check by the Service Engineer installing this machine.

The Service Engineer should check the following items, then explain each checked item to the Administrator

of the machine.

To Service Engineer

Make sure that each of these items is properly carried out by checking the box on the right of each item.

When the above steps have been properly carried out, the Service Engineer should make a copy of this page

and give the original of this page to the Administrator of the machine. The copy should be kept at the corre-

sponding Service Representative for filing.

1. Perform the following steps before installing this machine.

Check with the Administrator to determine if the security functions of this machine should

be enhanced. If the functions should be enhanced, check the following.

If the security functions are not to be enhanced, quit the operation without checking the fol-

lowing.

I swear that I would never disclose information as it relates to the settings of this machine

to anybody, or perform malicious or intentional act during setup and service procedures for

the machine.

When giving a copy of the User's Guide, explain the following to the administrator

A digital signature is assigned to the data certified by ISO15408. To ensure integrity of the

file, have the administrator of the machine confirm the digital signature using the property

of the provided data file in the user's PC environment.

When giving the User’s Guide Security Operations to the Administrator of the machine,

check that the User’s Guide is the security-compatible version and explain to the Adminis-

trator that it is security-compatible.

2. After this machine is installed, refer to the Service Manual and perform the following steps.

Check that the Firmware version of [Controller F/W] and [Boot F/W] checked with the Ser-

vice Manual match the values shown in the Firmware Version screen.

If the version of the [Controller F/W] does not match, explain to the Administrator of the ma-

chine that the firmware requires rewriting and rewrite the firmware.

If the version of the [Boot F/W] does not match, suspend the installation procedure and

contact Konica Minolta.

Set the CE Password.

3. After this machine is installed, refer to this User’s Guide and perform the following steps.

Check that the Administrator Password has been set by the Administrator of the machine.

Check that the Encryption Key has been set by the administrator of the machine.

Check that User Authentication has been set to [Device] or [External Server] (Active Direc-

tory only) by the Administrator of the machine.

Check that the self-signed certificate for SSL communications has been registered by the

Administrator of the machine.

Check that Password Rules has been set to [ON] by the Administrator of the machine.

Let the Administrator of the machine set Enhanced Security Mode to [ON].

Explain to the administrator that the settings for the security functions for this machine have

been specified.

Product Name Company Name User Division Name Person in charge

Customer (Administrator of Machine)

Service Representative -

bizhub C3850/C3350 1-4

1.2 Security Functions 1

1.2 Security Functions

Setting the Enhanced Security Mode to [ON] will validate the security function of this machine. For details of

the settings of different security functions to be changed by turning [ON] the Enhanced Security Mode, see

page 2-5.

Setting the Enhanced Security Mode to [ON] will enhance the authentication function. Access control is then

provided through password authentication for any access to the Administrator Settings, User Authentication

mode, and Secured Job file. Access is thereby granted only to the authenticated user.

A password that can be set must meet the requirements of the Password Rules. The machine does not ac-

cept setting of an easily decipherable password. For details of the Password Rules, see page 1-9.

If a wrong password has been entered three cumulative times during password authentication, the machine

determines that it is unauthorized access through Prohibited Functions When Authentication Error, prohibit-

ing any further entry of the password. By prohibiting the password entry operation, the machine prevents un-

authorized use or removal of data, thereby ensuring secured used of the machine. This function is not,

however, governed by authentication by the ISO15408.

When the machine is to be discarded, or use of a leased machine is terminated at the end of the leasing con-

tract, the data erase function overwrites and erases all data stored in all spaces of the HDD. The function also

resets all passwords saved in the memory area on the MFP board to factory settings, preventing leak of data.

For details of items to be cleared by data erase function, see page 1-11.

Check Count Clear Conditions

The following are the conditions for clearing or resetting the check count of the number of wrong entries at

the time of authentication.

NOTICE

The check count is cleared or reset by restarting the machine. If there is any user who frequently turns ON

and OFF the machine, warn him or her of the fact or take necessary steps.

-Authentication of Administrator Settings is successful.

-The machine is restarted

-User Authentication mode is successful.

-The machine is restarted

-Authentication of Secured Job is successful.

-The machine is restarted

-Authentication of SNMP is successful.

-The machine is restarted

bizhub C3850/C3350 1-5

1.3 Data to be Protected 1

1.3 Data to be Protected

The underlying concept of this machine toward security is "to protect data that can be disclosed against the

intention of users."

The following types of image files that have been stored in the machine and made available for use by its

users are protected while the machine is being used.

-Image files stored in the HDD by Secured Job

-Image files stored as "Personal" in the HDD by Scan to HDD

-Image files stored in the HDD by ID & Print

-Image files sent by an E-mail

The following data are also counted among the assets to be protected:

-Password

– User passwords and Secured Job passwords stored in the HDD, and Administrator passwords and

SNMP passwords stored in the memory area on the MFP board

-Encryption Key

– Encryption Key to be registered in the memory area on the MFP board

-User identification information

– User identification information stored in the HDD

-IC card information

– User IC card information stored in the HDD

-Trusted channel setting data

– Trusted channel setting data stored in the memory area on the MFP board

-External server identification setting data

– External server identification setting data stored in the HDD

-Destination recipient data

– Data including E-mail addresses and telephone numbers, serving as data identifying the recipients to

which the image registered in the HDD is sent

-S/MIME certificate data

– Certificate data registered in the HDD and used when the image is sent by E-mail

The following types of data stored in the HDD and memory area on the MFP board are protected when use

of a leased machine is terminated at the end of the leasing contract, the machine is to be discarded.

-Image files stored in the HDD by Secured Job

-Image files stored as "Personal" in the HDD by Scan to HDD

-Image files stored in the HDD by ID & Print

-Image files of a job in the queue

-Any image files stored in the HDD data space other than the Secured Job files, files stored as "Personal"

by Scan to HDD, and ID & Print files.

-Data files left in the HDD data space, used as image files and not deleted through the general deletion

operation

-Temporary data files generated during print image file processing

-Destination recipient data (e-mail address, telephone number)

-S/MIME certificate data

-Administrator passwords, SNMP passwords, Encryption Key, trusted channel setting data, and ma-

chine setting data stored in the memory area on the MFP board

-User identification information, user IC card information, User passwords, Secured Job passwords, and

external server identification setting data stored in the HDD

This machine offers the SSL function as a data protection method to ensure confidentiality of images (Scan

to HDD files) transmitted and received over the network.

When transmitting and receiving highly confidential image data (Secured Job files, Scan to HDD files, ID &

Print files, Image files sent by an E-mail) among different pieces of IT equipment within an office LAN, the

machine carries out communications with the correct destination via reliable paths or through anti-sniffing

measures, assuming an office environment that responds to most stringent security requirements.

NOTICE

Secured Job files and ID & Print files transmitted from the client PC to the machine are not encrypted. To

protect the Secured Job files and ID & Print files, take necessary anti-sniffing measures, including installation

of cryptographic communications equipment or a sniffing detector.

bizhub C3850/C3350 1-6

1.4 Precautions for Operation Control 1

1.4 Precautions for Operation Control

This machine and the data handled by this machine should be used in an office environment that meets the

following conditions.

Roles and Requirements of the Administrator

The Administrator should take full responsibility for controlling the machine, thereby ensuring that no improp-

er operations are performed.

-A single individual person who is capable of taking full responsibility for controlling the machine should

be appointed as the Administrator to make sure that no improper operations are performed.

-When an SMTP server (mail server), a DNS server, a user information control system, or a WebDAV

server is to be used, the Administrator of the machine should periodically check that the corresponding

administrator of the server appropriately manages the server to allow no settings to be changed without

permission.

Password Usage Requirements

The Administrator must control the Administrator Password, auth-password, and priv-password appropriate-

ly so that they may not be leaked. These passwords should not be ones that can be easily guessed. The user,

on the other hand, should control the Secured Job Password and User Password appropriately so that they

may not be leaked. Again, these passwords should not be ones that can be easily guessed.

-Make absolutely sure that only the Administrator knows the Administrator Password, auth-password,

and priv-password.

-The Administrator must change the Administrator Password, auth-password, and priv-password at

regular intervals.

-The Administrator should make sure that any number that can easily be guessed from birthdays, em-

ployee identification numbers, and the like is not set for the Administrator Password, auth-password,

and priv-password.

-If a User Password has been changed, the Administrator should have the corresponding user change

the password as soon as possible.

-If the Administrator Password has been changed by the Service Engineer, the Administrator should

change the Administrator Password as soon as possible.

-The Administrator should have users ensure that the passwords set for the User Authentication and Se-

cured Job are known only by the user concerned.

-The Administrator should have users change the passwords set for the User Authentication at regular

intervals.

-The Administrator should make sure that any user does not set any number that can easily be guessed

from birthdays, employee identification numbers, and the like for the passwords set for the User Au-

thentication and Secured Job.

-Upon change of the Administrators, the old Administrator of the machine should promptly have the new

one change the Administrator password.

Network Connection Requirements for the Machine

If the LAN is to be connected to an outside network, no unauthorized attempt to establish connection from

the external network should be permitted.

-If the LAN, in which the machine is installed, is connected to an outside network, install a firewall or

similar network device to block any access to the machine from the outside network and make the nec-

essary settings.

-Provide an appropriate network control at all times to make sure that no other copying machine is con-

nected without prior notice to the office LAN to which this machine is connected.

bizhub C3850/C3350 1-7

1.4 Precautions for Operation Control 1

User information control system control requirements

The administrator of the machine and the server administrator are required to apply patches to, or perform

account control for, this machine and the user information control system connected to the office LAN in

which the machine is installed to ensure operation control that achieves appropriate access control.

-Apply patches so that the user information management system is always up-to-date.

-Change the corresponding account information promptly as soon as user authorities are changed.

-Delete the corresponding account information promptly as soon as the specific user is transferred.

Security function operation setting operating requirements

The Administrator should make sure of correct operation control so that the machine is used with the En-

hanced Security Mode set to [ON].

Operation and control of the machine

The Administrator of the machine should perform the following operation control.

-The Administrator of the machine should log off from the Administrator Settings whenever the operation

in the Administrator Settings is completed. The Administrator of the machine should also make sure

that each individual user logs off from the User Authentication mode after the operation in the User Au-

thentication mode is completed, including operation of the Secured Job file.

-The Administrator of the machine should appropriately control the device certificate (SSL certificate)

registered in the machine.

The administrator of the machine disables the following functions and operates and manages the machine

under a condition in which those functions are disabled.

Machine Maintenance Control

The Administrator of the machine should perform the following maintenance control activities.

-Provide adequate control over the machine to ensure that only the Service Engineer is able to perform

physical service operations on the machine.

-Provide adequate control over the machine to ensure that any physical service operations performed

on the machine by the Service Engineer are overseen by the Administrator of the machine.

-Some options require that Enhanced Security Mode be turned [OFF] before they can be used on the

machine. If you are not sure whether a particular option to be additionally purchased is fully operational

with the Enhanced Security Mode turned [ON], contact your Service Representative.

Operating conditions for the IC card and IC card reader

The machine supports the following types of IC card and IC card reader.

Operate the IC card reader under the following conditions.

-Be sure to use the IC card reader provided by the Service Representative. For details, contact your Ser-

vice Representative.

Function Name Setting Procedure

USB Memory Print Function Using [Administrator Settings] ö [System Settings] ö [Folder Settings]

ö [External Memory Function Settings], set [Print Document] to [OFF].

Registering and Changing

Addresses

Start the PageScope Web Connection and, using [Security] ö [Limiting

Access to Destination] ö [Restrict User Access] of the administrator

mode, set [Registering and Changing Addresses] to [Restrict]*.

*: When the Enhanced Security Mode is [ON], do not change this setting

to [Allow].

IC card type IC card reader

Type A AU-201, SCL-010

Felica IDm AU-201, SCL-010

HID Prox AU-201H (North America only)

bizhub C3850/C3350 1-8

1.4 Precautions for Operation Control 1

-To use the IC card reader, it is necessary to install the loadable driver in the machine. For details, con-

tact your Service Representative.

-Only one IC card reader can be connected to the machine.

-No guarantee is given for correct operation, if the IC card reader is not connected to the machine when

the machine is turned ON or if it is removed and reinserted with the machine turned ON.

-Even if the IC card reader supports two or more types of IC cards, only one type of IC card can be used

for authentication. No guarantee is given for correct operation, if authentication is performed by using

two or more types of IC cards.

-No guarantee is given for correct operation in authentication with two or more types of IC cards simul-

taneously read by the IC card reader.

-SCL-010 is not covered by certification of ISO15408.

IC card owner requirements

The Administrator of the machine should make sure that operating rules that specify the following operations

exist within the organization and that the operations are implemented according to the rules.

-The person responsible within the organization that uses the machine should distribute the IC card is-

sued for use by the organization to a specific person who is authorized to own the IC card.

-The person responsible within the organization that uses the machine should prohibit the user from

transferring or lending the IC card to any third person and make sure that the user reports any lost IC

card.

-If only the IC card is used for user authentication, the person responsible within the organization that

uses the machine should make sure that only the authorized IC cards are used.

bizhub C3850/C3350 1-9

1.5 Miscellaneous 1

1.5 Miscellaneous

Password Rules

According to certain Password Rules, registration of a password consisting of a string of a single character

or change of a password to one consisting of a string of a single character is rejected for the Administrator

Password, User Password, Secured Job Password, and SNMP Password. For the Administrator Password,

User Password, and SNMP Password, the same password as that currently set is not accepted.

Study the following table for more details of the number of digits and characters that can be used for each

password.

NOTICE

Before setting the Enhanced Security Mode, be sure to enable the Password Rules. The Password Rules can

be turned on by selecting [ON] for [Password Rules] that can be accessed from the control panel as follows:

[Utility] ö [Administrator Settings] ö [] ö [Security Settings] ö [Security Details].

Precautions for Use of Various Types of Applications

Comply with the following requirements when using various types of applications.

-When PageScope Web Connection or an application of various other types is used, the password con-

trol function of the application stores the password that has been entered in your PC. If you want the

password not stored, disable the password control function of the application.

When using the PageScope Web Connection or an application of various other types, use one that

shows "*" or "●" for the password entered. Do not use a function, if any, that directly shows on the

screen the password entered.

-When using the PageScope Web Connection or an application of various other types, make settings so

that cache files are not saved on the web browser.

-Do not access any other site once you have logged onto the machine with the PageScope Web Con-

nection. Accessing any other site or a link included in e-mail, in particular, can lead to execution of an

unintended type of operation. Whenever access to any other site is necessary, be sure first to log off

from the machine through the PageScope Web Connection.

-Using the same password a number of times increases the risk of spoofing.

-Internet Explorer or other type of web browser, "SSL v3" or "TLS v1" should be used, not "SSL v2," for

the SSL setting.

-PageScope Direct Print cannot be used if the Enhanced Security Mode is set to [ON].

-Optional applications not described in this User’s Guide are not covered by certification of ISO15408.

Types of passwords No. of digits Characters

User Password 8 to 64 digits • Numeric characters: 0 to 9

• Alpha characters: upper and lower case letters

• Symbols: !, #, $, %, &, ’, (, ), *, ,, -, ., /, :, ;, <, =, >,

?, @, [, \, ], ^, _, `, {, |, }, ~, +

Selectable from among a total of 93 characters

• A "SPACE" and "”" cannot be used

Administrator Password 8 digits • Numeric characters: 0 to 9

• Alpha characters: upper and lower case letters

• Symbols: !, #, $, %, &, ’, (, ), *, ,, -, ., /, :, ;, <, =, >,

?, @, [, \, ], ^, _, `, {, |, }, ~, +, SPACE

Selectable from among a total of 94 characters

• "”" cannot be used

Secured Job Password 8 digits • Numeric characters: 0 to 9

• Alpha characters: upper and lower case letters

• Symbols: !, #, $, %, &, ’, (, ), *, ,, -, ., /, :, ;, <, =, >,

?, @, [, \, ], ^, _, `, {, |, }, ~, SPACE

Selectable from among a total of 93 characters

• "+" and "”" cannot be used

SNMP Password

• auth-password

• priv-password

8 to 32 digits • Numeric characters: 0 to 9

• Alpha characters: upper and lower case letters

• Symbols: !, $, %, &, (, ), *, ,, -, ., /, :, ;, <, =, >, ?, @,

[, ], ^, _, `, {, |, }, ~, +

Selectable from among a total of 90 characters

• A "SPACE", "”", "#", "’", and "\" cannot be used

bizhub C3850/C3350 1-10

1.5 Miscellaneous 1

Encrypting communications

The following are the cryptographic algorithms of key exchange and communications encryption systems

supported in generation of encryption keys.

-TLS_RSA_WITH_3DES_EDE_CBC_SHA

-TLS_RSA_WITH_AES_128_CBC_SHA

-TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA

-TLS_DHE_RSA_WITH_AES_256_CBC_SHA

NOTICE

No algorithms can be selected during generation of encryption keys. SSL v3 is automatically selected for the

SSL setting according to the application and browser. Do not therefore change the setting manually to SSL

v2. An increased risk results of data to be protected being tampered with or leaked.

The Administrator of the machine should make sure that SSL encryption communication is not performed

with the SSL set in SSL v2.

Do not use an SSL certificate that is electronically signed by MD5, as an increased risk results of data to be

protected being tampered with or leaked.

Use the following browsers to ensure SSL encryption communication with appropriate strength. Use of any

of the following browsers achieves SSL encryption communication that ensures confidentiality of the image

data transmitted and received.

For Windows

-Microsoft Internet Explorer 8 or later

-Mozilla Firefox 18 or later

For Mac OS

-Mozilla Firefox 18 or later

On Linux

-Mozilla Firefox 18 or later

IPP printing

IPP (Internet Printing Protocol) is a function that allows Secured Job and image data stored in HDD to be

printed via the Internet by using the HTTP (HyperText Transfer Protocol) of the TCP/IP Protocol. IPPS (IPP

over SSL/TLS) is the type of IPP that performs the SSL encryption communication.

To perform IPP printing, the printer driver must be installed. From "Add Printer Wizard", type the IP address

of this machine in the following format in the "URL" field.

To set IPP printing:

-Type "http://<IP address of the machine>/ipp"

To set IPPS printing:

-Type "https://<IP address of the machine>/ipp"

-Type "https://[host name].[domain name]/ipp"

For [Host Name] and [Domain Name], specify the names set with the DNS server.

Windows Vista or later, which offers enhanced security functions, gives a certificate error message if the SSL

certificate is one that is not issued by a certification body. In such cases, it becomes necessary to register

the certificate of this machine as that issued by a reliable party for the computer account.

First, register Host Name and IP address of this machine in the DNS server in advance. Then, in TCP/IP Set-

tings of PageScope Web Connection, set the DNS Host Name and DNS Default Domain Name registered

with the DNS server.

It should also be noted that, for the certificate to be imported, a certificate for SSL encryption communication

should be registered in PageScope Web Connection and exported in advance as the certificate including the

public key.

bizhub C3850/C3350 1-11

1.5 Miscellaneous 1

1From "Continue to this website," call the PageScope Web Connection window to the screen.

2Click "Certificate Error" to display the certificate. Then, click "Install Certificate" to install the certificate.

3Display the physical stores. Then, deploy the certificate, which has earlier been exported, in "Local

Computer" of "Trusted Root Certification Authorities" to thereby import the certificate.

Items of Data Cleared by Data Erase Function

The data erase function clears the following items of data.

NOTICE

Perform "Restore All" from the control panel of the machine, and not via the network.

The encryption key is not deleted even if Restore All or Overwrite All Data is performed. For the detailed de-

leting procedure, see page 2-24.

Items of Data Cleared Description Method

Enhanced Security Mode Set to [OFF] Overwrite All Data

HDD Format

Restore All

User registration data Deletes all user-related data that has been

registered

Overwrite All Data

HDD Format

Secured Job Password/file Deletes all Secured Job-related informa-

tion and files saved

Overwrite All Data

HDD Format

Scan to HDD file Deletes all files stored as "Personal" by

Scan to HDD

Overwrite All Data

HDD Format

ID & Print file Deletes all ID & Print files Overwrite All Data

HDD Format

Image files • Image files saved other than the Se-

cured Job files, files stored as "Person-

al" by Scan to HDD, and ID & Print files

• Image files of jobs in job queue state

• Remainder data files, used as image

files and not deleted through only the

general deletion operation

• Temporary data files generated during

print image file processing

Overwrite All Data

HDD Format

Destination recipient data

files

Deletes all destination recipient data in-

cluding e-mail addresses and telephone

numbers

Overwrite All Data

HDD Format

Administrator Password Clears the currently set password, reset-

ting it to the factory setting

Restore All

SNMP Password Clears the currently set password, reset-

ting it to the factory setting (MAC address)

Restore All

SSL certificate Deletes the currently set SSL certificate Overwrite All Data

HDD Format

Restore All

S/MIME certificate Deletes the currently set S/MIME certifi-

cate

Overwrite All Data

HDD Format

Network Setting Clears the currently set network settings

(DNS Server setting, IP Address setting,

SMTP Server setting, NetBIOS setting, and

AppleTalk (Bonjour) setting), resetting it to

the factory setting

Restore All

Machine setting data Deletes the machine setting data Restore All

Trusted channel setting data Deletes the trusted channel setting data Restore All

External server identification

setting data

Deletes the external server identification

setting data

Overwrite All Data

HDD Format

bizhub C3850/C3350 1-12

1.5 Miscellaneous 1

HDD Format

Execute HDD format when, for example, to initialize the HDD (to be reset to the default state) or when the

HDD is replaced with a referent one. Executing HDD format deletes data saved in the machine’s HDD.

-For details of items that are cleared by HDD Format, see page 1-11.

-HDD formatting turns [OFF] the Enhanced Security Mode. So, it must be turned [ON] again. For details

of settings, see page 2-5.

Upgrading of the firmware

If upgrading of the firmware has been performed by the service engineer, the Administrator of the machine

must execute [Restore All]. Execute [Restore All] after the firmware has been upgraded. For details of the ex-

ecution of [Restore All], see page 2-28.

-For details of items of data to be cleared by [Restore All], see page 1-11.

-The execution of [Restore All] will turn [OFF] the Enhanced Security Mode. So, it must be turned [ON]

again. For details of settings, see page 2-5.

Software used in the machine

The following lists the types of software and their versions used for the ISO15408 evaluation for this machine.

The user should appropriately manage the software used with the machine on his or her own responsibility.

Software Version, etc.

OS (Operating System) Windows 7 Professional SP1

Internet Explorer Ver. 10

Mozilla Firefox Ver. 27.0.1

Printer Driver KONICA MINOLTA C3850 Series

• PCL6 Ver. 1.1.1.0

• XPS Ver. 1.1.0.0

PageScope Data Administrator

with Device Set-Up and Utilities

Ver. 1.0.06000.03221

PageScope Data Administrator

(plug-in)

Ver. 4.1.25000.07251

TWAIN Driver Ver. 1.0.0.0

IC card reader driver AU-201_V2.1.02000 (for AU-201)

AU-201H_V2.1.00000 (for AU-201H)

2Administrator Operations

bizhub C3850/C3350 2-2

2.1 Accessing the Administrator Settings 2

2 Administrator Operations

2.1 Accessing the Administrator Settings

This machine implements authentication of the user of the Administrator Settings function through the 8-digit

Administrator Password that verifies the identity as the Administrator of the person who accesses the func-

tion. During the authentication procedure, the Administrator Password entered for the authentication purpose

appears as "*" or "●" on the display. A failure in authentication as a result of the entry of a wrong password

is counted as unauthorized access.

NOTICE

Make sure that none of the general users of the machine will know the Administrator Password.

If the Administrator Password is forgotten, it must be set again by the Service Engineer. Contact your Service

Representative.

Accessing the Administrator Settings

The machine does not accept access to the Administrator Settings under any of the following conditions.

Wait for some while before attempting to gain access to the Administrator Settings again.

-There is a job being executed by the machine.

-There is a reserved job (timer TX, fax redial waiting, etc.) in the machine.

-Immediately after the power switch has been turned ON.

-A malfunction code is displayed on the machine.

0Do not leave the machine with the setting screen of Administrator Settings left shown on the display. If

it is absolutely necessary to leave the machine, be sure first to log off from the Administrator Settings.

1Touch [Utility].

2Touch [Administrator Settings].

3Enter the 8-digit Administrator Password from the keyboard.

bizhub C3850/C3350 2-3

2.1 Accessing the Administrator Settings 2

%Touch [C] to clear all characters.

%Touch [ ] to delete the last character entered.

%Touch [Shift] to show the upper case/symbol screen.

%Touch [Cancel] to go back to the previous screen.

4Touch [OK].

%If a wrong Administrator Password is entered, a message that tells that the Administrator Password

does not match appears. Enter the correct Administrator Password.

%A failure in authentication as a result of the entry of a wrong password is counted as unauthorized

access. If the cumulative number of unauthorized accesses reaches three during operation of the

machine, the machine is set into an access lock state and prohibits any subsequent password entry

operations. To cancel the access lock state, turn off, then on, the power switch of the machine.

When the power switch is turned off, then on again, wait at least 10 seconds to turn it on after turn-

ing it off. This interval is necessary to ensure that the machine functions properly.

5Press the [Reset] key to log off from the Administrator Settings.

bizhub C3850/C3350 2-4

2.1 Accessing the Administrator Settings 2

0If an attempt is made to log on to the Administrator Mode while a job is being executed, the machine

gives a message that tells that it is now impossible to log on to the Administrator Mode. Click [OK] and

try logging on to the Administrator Mode after the execution of the job is completed.

0Do not leave the machine with the Administrator Mode setting screen left shown on the display. If it is

absolutely necessary to leave the machine, be sure first to log off from the Administrator Mode.

1Start the Web browser.

2Enter the IP address of the machine in the address bar.

3Press the [Enter] key to start PageScope Web Connection.

4Click the Administrator radio button and [Log in].

5Enter the 8-digit Administrator Password in the password box.

%When accessing the Administrator Mode using the PageScope Web Connection, enter the same

Administrator Password as that for the machine.

6Click [OK].

%If a wrong Administrator Password is entered, a message that tells that the authentication has failed

appears. Enter the correct Administrator Password.

%A failure in authentication as a result of the entry of a wrong password is counted as unauthorized

access. If the cumulative number of unauthorized accesses reaches three during operation of the

machine, the machine is set into an access lock state and prohibits any subsequent password entry

operations. To cancel the access lock state, turn off, then on, the power switch of the machine.

When the power switch is turned off, then on again, wait at least 10 seconds to turn it on after turn-

ing it off. This interval is necessary to ensure that the machine functions properly.

7Click [Log out]. This allows you to log off from the Administrator Mode.

bizhub C3850/C3350 2-5

2.2 Enhancing the Security Function 2

2.2 Enhancing the Security Function

When access to the machine by the Administrator of the machine through the Administrator Settings from

the control panel is authenticated, the machine enables setting of the Enhanced Security Mode that allows

settings for enhancing each of different security functions to be converted all at once.

In the Enhanced Security Mode, the machine allows selection of whether to use the Enhanced Security Mode

or not. When the Enhanced Security Mode is set to [ON], the security function is enhanced by automatically

setting such functions as that which determines whether each password meets predetermined requirements.

The following settings must first be made before the Enhanced Security Mode is set to [ON].

Setting the Enhanced Security Mode to [ON] changes the setting values of the following functions.

Settings to be Made in Advance Description

Administrator Password An 8-digit password that meets the Password Rules.

The factory setting is "12345678."

Encryption Key Set the Encryption Key.

User Authentication Set to either [Device] or [External Server] (Active Directory).

Certificate for SSL Register the self-signed certificate for SSL communications.

Password Rules Set to [ON].

Function Name Factory Setting When Enhanced Security Mode is set to [ON]

Public Access Restrict Restrict (not to be changed)

Print without Authentica-

tion

Restrict Restrict (not to be changed)

User Name List OFF OFF (not to be changed)

Registering and Chang-

ing Address by the user

Allow Restrict (to be changed)

SSL OFF ON (not to be changed)

SSL Encryption Strength AES-256, 3DES,

RC4-128,

DES, RC4-40

AES-256, 3DES (not to be changed to one containing

strength lower than AES/3DES)

S/MIME S/MIME: Dis-

able

Digital Signa-

ture: Do not add

signature

E-mail Text En-

cryption Meth-

od: 3DES

S/MIME: Enable (not to be changed)

Digital Signature: Select when sending

E-mail Text Encryption Method: 3DES, AES-128, AES-

192, AES-256 (not to be changed to DES or RC-2)

FTP Server Enable Disable

(Selection can be made between [Enable] and [Disable])

SNMPv1/v2c Read/Write en-

abled

Only Read is enabled (not to be changed)

SNMP v3 Security Level

and auth-password/priv-

password

(SNMP v3 Write User)

auth-password/

priv-password

auth-password/priv-password

(Selection can be made between [auth-password] and

[auth-password/priv-password])

Administrator Password

Change Via Network

(Pagescope Web Con-

nection)

Enabled Restrict

Network firmware update

protect

Invalid Valid

CS Remote Care Usable Remote device setting disabled

Telnet Enable Disable (not to be changed)

Page is loading ...

Konica Minolta Bizhub C3850 User manual

This manual is also suitable for

Konica Minolta Bizhub C3850 User manual

Related papers

Other documents