CRP-C0136-01 Certification Report Buheita Fujiwara, Chairman Information-technology Promotion Agency, Japan Target of Evaluation Application date/ID 2007-06-08 (ITC-7156) Certification No. C0136 Sponsor Canon Inc. Name of TOE Canon iR3025/iR3030/iR3035/iR3045 Series HDD Data Erase Kit-B1 Version of TOE Version 1.00 PP Conformance None Conformed Claim EAL3 Developer Canon Inc. Evaluation Facility Mizuho Information & Research Institute, Inc. Center for Evaluation of Information Security This is to report that the evaluation result for the above TOE is certified as follows. 2007-12-26 Hideji Suzuki, Technical Manager Information Security Certification Office IT Security Center Evaluation Criteria, etc.: This TOE is evaluated in accordance with the following criteria prescribed in the “IT Security Evaluation and Certification Scheme”. - Common Criteria for Information Technology Security Evaluation Version 2.3 (ISO/IEC 15408:2005) - Common Methodology for Information Technology Security Evaluation Version 2.3 (ISO/IEC 18045:2005) Evaluation Result: Pass “Canon iR3025/iR3030/iR3035/iR3045 Series HDD Data Erase Kit-B1 Version 1.00” has been evaluated in accordance with the provision of the “IT Security Certification Procedure” by Information-technology Promotion Agency, Japan, and has met the specified assurance requirements. CRP-C0136-01 Notice: This document is the English translation version of the Certification Report published by the Certification Body of Japan Information Technology Security Evaluation and Certification Scheme. CRP-C0136-01 Table of Contents 1. Executive Summary ............................................................................... 1 1.1 Introduction ..................................................................................... 1 1.2 Evaluated Product ............................................................................ 1 1.2.1 Name of Product ......................................................................... 1 1.2.2 Product Overview ........................................................................ 1 1.2.3 Scope of TOE and Overview of Operation....................................... 2 1.2.4 TOE Functionality ....................................................................... 3 1.3 Conduct of Evaluation....................................................................... 4 1.4 Certification ..................................................................................... 4 1.5 Overview of Report ............................................................................ 4 1.5.1 PP Conformance.......................................................................... 4 1.5.2 EAL ........................................................................................... 4 1.5.3 SOF ........................................................................................... 5 1.5.4 Security Functions ...................................................................... 5 1.5.5 Threat ........................................................................................ 6 1.5.6 Organisational Security Policy ..................................................... 6 1.5.7 Configuration Requirements ........................................................ 6 1.5.8 Assumptions for Operational Environment .................................... 6 1.5.9 Documents Attached to Product ................................................... 7 2. Conduct and Results of Evaluation by Evaluation Facility......................... 8 2.1 Evaluation Methods .......................................................................... 8 2.2 Overview of Evaluation Conducted ..................................................... 8 2.3 Product Testing ................................................................................ 8 2.3.1 Developer Testing........................................................................ 8 2.3.2 Evaluator Testing...................................................................... 11 2.4 Evaluation Result ........................................................................... 12 3. Conduct of Certification ....................................................................... 13 4. Conclusion.......................................................................................... 14 4.1 Certification Result ......................................................................... 14 4.2 Recommendations ........................................................................... 14 5. Glossary ............................................................................................. 15 6. Bibliography ....................................................................................... 17 CRP-C0136-01 1 1. Executive Summary 1.1 Introduction This Certification Report describes the content of certification result in relation to IT Security Evaluation of “Canon iR3025/iR3030/iR3035/iR3045 Series HDD Data Erase Kit-B1 Version 1.00” (hereinafter referred to as “the TOE”) conducted by Mizuho Information & Research Institute, Inc. Center for Evaluation of Information Security (hereinafter referred to as “Evaluation Facility”), and it reports to the sponsor, Canon Inc.. The reader of the Certification Report is advised to read the corresponding ST and manuals (please refer to “1.5.9 Documents Attached to Product” for further details) attached to the TOE together with this report. The assumed environment, corresponding security objectives, security functional and assurance requirements needed for its implementation and their summary specifications are specifically described in ST. The operational conditions and functional specifications are also described in the document attached to the TOE. Note that the Certification Report presents the certification result based on assurance requirements conformed to the TOE, and does not certify individual IT product itself. Note: In this Certification Report, IT Security Evaluation Criteria and IT Security Evaluation Method prescribed by IT Security Evaluation and Certification Scheme are named CC and CEM, respectively. 1.2 Evaluated Product 1.2.1 Name of Product The target product by this Certificate is as follows: Name of Product: iR3025/iR3030/iR3035/iR3045 Series HDD Data Erase Kit-B1 Version: 1.00 Developer: Canon Inc. 1.2.2 Product Overview This product is software to be installed and used on the Canon multifunction product series iR3025/iR3030/iR3035/iR3045 (hereafter referred to as the “Multifunction Product” except where otherwise indicated). The Canon iR3025/iR3030/iR3035/iR3045 series is a digital copier that offers a variety of functions including Copy, Send (Universal Send), Fax Reception, Mail Box, Print, and so on. It is also equipped with a large-capacity HDD and temporarily stores image data on the HDD that is created during copying, printing, and other document handling operations. In most standard multifunction products, such temporary image data is deleted only logically after use, i.e., upon completion of copying or printing, and residual information of the deleted image data is not erased, left exposed to the risk of reuse. The TOE is used for protecting any residual information of temporary image data from being reused. CRP-C0136-01 2 1.2.3 Scope of TOE and Overview of Operation Figure 1-1 illustrates an example of the use environment of the Multifunction Product with the TOE installed. Figure 1-1: Assumed operating environment for the Canon iR3025/iR3030/iR3035/iR3045 series The physical scope of the TOE includes: the whole of the software program that controls the functions of the Multifunction Product identified in Figure 1-2, the Web browser contents of the Remote UI, and the MEAP Authentication Application that is shipped standard with the Multifunction Product. These all come pre-installed on the HDD of the Multifunction Product. The hardware components of the Multifunction Product, including the Controller and the HDD, are outside the scope of the TOE. Also outside the TOE scope are the hardware components of a user’s PC and its installed operating system, Web browser, printer drivers, fax drivers, and image viewer plug-ins. The TOE allows MEAP applications to run on top of it. Note that the physical scope of the TOE includes the MEAP Authentication Application that comes pre-installed on the Multifunction Product, but not any other optionally installed MEAP applications. Figure 1-2 illustrates the physical scope of the TOE on the Multifunction Product. System Software (software: TOE) Remote UI Contents (software: TOE) Pre-installed MEAP App (software: TOE) Optional MEAP App (software: outside TOE) Controller (hardware: outside TOE) Scan Engine/ADF (hardware: outside TOE) Printer Engine (hardware: outside TOE) Operation Panel (hardware: outside TOE) Note: The cross-hatched region indicates the scope of the TOE. Figure 1-2: TOE and hardware/software outside the TOE CRP-C0136-01 3 1.2.4 TOE Functionality The functions of the TOE are described below. 1) Security Functions The TOE has the following security functions. z HDD Data Complete Erase A function that, upon the deletion of temporary image data, erases residual information of temporary image data from the HDD by overwriting the corresponding disk space with meaningless data. z System Manager Identification and Authentication A function that identifies and authenticates the claimed identity of an authorized System Manager via the System Manager ID and System Password, prior to permitting entry into System Management mode. z System Manager Management A function that allows registration of a System Manager ID and System Password as well as activation and deactivation the HDD Data Complete Erase function. 2) Multifunction Product Control The TOE controls the following functions of the Multifunction Product. z Copy A function that creates copies of paper documents by scanning and printing. z Fax Reception A function that automatically prints or forwards incoming faxes/I-faxes. z User Inbox A function that automatically saves scanned documents and documents received from external PCs for saving to a User Inbox to their respective destination inboxes in the form of image data. Image data stored in a User Inbox can be edited, e.g., to be merged with other documents or overlaid with form images, before printing. z Print A function that turns the Multifunction Product into a network printer for printing documents from remote PCs. z Universal Send (document transfer) A function that allows sending scanned documents or documents in a User Inbox or the Memory Reception Inbox as faxes, or as TIFF or PDF files to outside e-mail addresses or shared folders on external PCs. This function also allows network faxing from a user’s PC using a fax driver. z Remote UI The Multifunction Product can be operated not only via the Operation Panel but also via the Remote UI software. The Remote UI allows remote PC users to access the Multifunction Product through their Web browser and network connection, enabling them to view device status information, manipulate jobs, perform inbox management operations, configure device settings, and so on. z MEAP Users can install optional MEAP applications to add new functions to the Multifunction Product. CRP-C0136-01 4 1.3 Conduct of Evaluation Based on the IT Security Evaluation/Certification Program operated by the Certification Body, TOE functionality and its assurance requirements are being evaluated by evaluation facility in accordance with those publicized documents such as “IT Security Evaluation and Certification Scheme”[2], “IT Security Certification Procedure”[3] and “Evaluation Facility Approval Procedure”[4]. Scope of the evaluation is as follow. - Security design of the TOE shall be adequate; - Security functions of the TOE shall be satisfied with security functional requirements described in the security design; - This TOE shall be developed in accordance with the basic security design; - Above mentioned three items shall be evaluated in accordance with the CC Part 3 and CEM. More specific, the evaluation facility examined “iR3025/iR3030/iR3035/iR3045 Series HDD Data Erase Kit-B1 Security Target” as the basis design of security functions for the TOE (hereinafter referred to as “the ST”)[1], the evaluation deliverables in relation to development of the TOE and the development, manufacturing and shipping sites of the TOE. The evaluation facility evaluated if the TOE is satisfied both Annex B of CC Part 1 (either of [5], [8] or [11]) and Functional Requirements of CC Part 2 (either of [6], [9] or [12]) and also evaluated if the development, manufacturing and shipping environments for the TOE is also satisfied with Assurance Requirements of CC Part 3 (either of [7], [10] or [13]) as its rationale. Such evaluation procedure and its result are presented in “Canon iR3025/iR3030/iR3035/iR3045 Series HDD Data Erase Kit-B1 Evaluation Technical Report” (hereinafter referred to as “the Evaluation Technical Report”) [17]. Further, evaluation methodology should comply with the CEM (either of [14], [15] or [16]). 1.4 Certification The Certification Body verifies the Evaluation Technical Report and Observation Report prepared by the evaluation facility and evaluation evidence materials, and confirmed that the TOE evaluation is conducted in accordance with the prescribed procedure. Certification review is also prepared for those concerns found in the certification process. Evaluation is completed with the Evaluation Technical Report dated 2007-12 submitted by the evaluation facility and those problems pointed out by the Certification Body are fully resolved and confirmed that the TOE evaluation is appropriately conducted in accordance with CC and CEM. The Certification Body prepared this Certification Report based on the Evaluation Technical Report submitted by the evaluation facility and concluded fully certification activities. 1.5 Overview of Report 1.5.1 PP Conformance There are no PPs to which the TOE claims conformance. 1.5.2 EAL The evaluation assurance level of the TOE defined in the ST is EAL3 conformance. CRP-C0136-01 5 1.5.3 SOF The ST for the TOE claims SOF-basic as the minimum strength of function level of the TOE. The TOE is software for the Multifunction Product that is a commercial product, and is intended for use in general offices. Therefore, the claim for SOF-basic as the minimum function strength of the TOE is appropriate. 1.5.4 Security Functions The security functions of the TOE are described below. z HDD Data Complete Erase When deleting temporary image data from the HDD, the TOE overwrites the corresponding disk space with meaningless data in order to ensure that no residual information remains on the HDD. The HDD Data Complete Erase function runs at the following times: (1) Upon completion of copying, printing, fax reception, or sending (Universal Send): any residual information of temporary image data created on the HDD is completely erased. (2) Upon startup of the TOE: any residual information of previously deleted temporary image data detected on the HDD is completely erased. (3) Upon restart of the TOE, due to the System Manager having executed the Initialize All Data/Settings function of the Multifunction Product: any residual information of previously deleted temporary image data detected on the HDD is completely erased. z System Manager Identification and Authentication The TOE requires any user accessing the System Manager Management function to enter the System Manager ID and System Password in order to restrict the System Manager Management function to the authentic System Manager only. The TOE identifies and authenticates the accessing user as System Manager only if the entered System Manager ID and System Password both match the pre-registered System Manager ID and System Password. If the entered System Manager ID or System Password does not match the pre-registered System Manager ID or System Password, the TOE does not identify nor authenticate the accessing user as System Manager and imposes a 1-second wait time before allowing a retry. z System Manager Management The TOE grants the following privileges only to the System Manager: (1) Only the System Manager can modify or delete the System Manager ID and System Password. (2) Only the System Manager can activate or deactivate the HDD Data Complete Erase function. CRP-C0136-01 6 1.5.5 Threat This TOE assumes such threats presented in Table 1-1 and provides functions for countermeasure to them. Table 1-1 Assumed Threats Identifier Threat T.HDD_ACCESS Direct Access to HDD Data A malicious individual may attempt to remove the HDD of the Multifunction Product and reuse residual information of temporary image data by directly accessing the HDD using disk editor tools, etc. 1.5.6 Organisational Security Policy There are no organizational security policies required for using the TOE. 1.5.7 Configuration Requirements The TOE can be put into action by installing it on the Canon multifunction product series iR3025/iR3030/iR3035/iR3045. Also, in order to perform the operations described below, additional servers and software are required. Operating the Multifunction Product via the Remote UI requires the installation and use of a Web browser on a user’s PC. Desktop printing or faxing requires the installation and use of an appropriate printer driver or fax driver on a user’s PC. Sending I-faxes or documents using the Universal Send function requires a mail server, an FTP server, and a file server. The PC environment used for testing the TOE is as follows: z Operating system: Microsoft Windows XP Professional SP2 z Web browser: Microsoft Internet Explorer Version 6.0 SP2 1.5.8 Assumptions for Operational Environment Assumptions required in environment using this TOE presents in the Table 1-2. The effective performance of the TOE security functions are not assured unless these preconditions are satisfied. Table 1-2 Assumptions in Use of the TOE Identifier Assumptions A.ADMIN Trusted System Manager The System Manager shall be trusted not to abuse his privileges. A.ADMIN_PWD System Password The System Manager shall set a non-guessable 7-digit number as the System Password. A.NETWORK The Multifunction Product running the TOE, upon CRP-C0136-01 7 Connection of the Multifunction Product connection to a network, shall be connected to the internal network that is not accessible directly from outside networks such as the Internet. 1.5.9 Documents Attached to Product The documents to be provided with the TOE are listed below. zHDD Data Erase Kit-B Reference Guide (FT5-1447) zHDD Data Erase Kit-B1 Installation Procedure (FT1-0188) ziR Series User Documentation (FT5-1524) zimageRUNNER 3045/3035/3030/3025 Reference Guide (USRM1_3148) zimageRUNNER 3045/3035/3030/3025 Remote UI Guide (USRM1_3151) zMEAP SMS Administrator Guide (USRM1_3153) zimageRUNNER 3045/3035/3030/3025 Copying and Mail Box Guide (USRM1_3149) zimageRUNNER 3045/3035/3030/3025 Sending and Facsimile Guide (USRM1_3150) zimageRUNNER 3045/3035/3030/3025 Network Guide (USRM1_3152) . CRP-C0136-01 8 2. Conduct and Results of Evaluation by Evaluation Facility 2.1 Evaluation Methods Evaluation was conducted by using the evaluation methods prescribed in CEM in accordance with the assurance requirements in CC Part 3. Details for evaluation activities are report in the Evaluation Technical Report. It described the description of overview of the TOE, and the contents and verdict evaluated by each work unit prescribed in CEM. 2.2 Overview of Evaluation Conducted The history of evaluation conducted was present in the Evaluation Technical Report as follows. Evaluation has started on 2007-06 and concluded by completion the Evaluation Technical Report dated 2007-12. The evaluation facility received a full set of evaluation deliverables necessary for evaluation provided by developer, and examined the evidences in relation to a series of evaluation conducted. Additionally, the evaluation facility directly visited the development and manufacturing sites on 2007-10 and examined procedural status conducted in relation to each work unit for configuration management, delivery and operation and lifecycle by investigating records and staff hearing. Further, the evaluation facility executed sampling check of conducted testing by developer and evaluator testing by using developer testing environment at developer site on 2007-10. Concerns found in evaluation activities for each work unit were all issued as Observation Report and were reported to developer. These concerns were reviewed by developer and all problems were solved eventually. As for concerns indicated during evaluation process by the Certification Body, the certification review was sent to the evaluation facility. These were reflected to evaluation after investigation conducted by the evaluation facility and the developer. 2.3 Product Testing This section overviews the developer testing effort as reviewed by the evaluator, as well as the evaluator testing effort. 2.3.1 Developer Testing 1) Developer Test Environment Figure 2-1 shows the test configuration used by the developer. CRP-C0136-01 9 Figure 2-1 Configuration of Developer Testing The testing was conducted in the environment/configuration shown in Figure 2-1 using the hardware and software tools listed in Table 2-1. Table 2-1: Test tools Equipment Description Multifunction Product A digital copier with the combined functionality of copying, faxing, printing, document transmission (Universal Send), and so on. The Multifunction Product has a large-capacity HDD to perform these functions, allowing the TOE to run thereon. In the testing, iR3045 was used. iR 3045 was chosen simply because Canon iR3025, iR3030, iR3035, and iR3045 all sport the same model controller; the TOE’s operating platform. The testing practically used two devices (iR2870 and iR3045, in order to use the Fax Transmission function). Options installed on the Multifunction The following options were installed on iR3045: Universal Send (software) that provides the Send capability; Web Access Software (software) that enables Web access from the device’s UI; Network Central Office simulator CRP-C0136-01 10 Product ScanGear (software) that allows using other multifunction products in the same subnet on the network as scanners; PS (software) that adds support for the PostScript page description language; PCL (software) that adds support for the Printer Control Language page description language; UFR II (software) that adds support for the Ultra Fast Rendering II page description language; and Direct Printing (software) that allows direct printing from a Web browser. Terminal PC A Windows PC that supports serial cable and network connections. One terminal PC was used. HUB A connectivity device; used to create a LAN. A TCP/IP 100 Mbps switching HUB was used. Network cables UTP cables (Category 5) were used to connect between the Multifunction Product and the HUB, and between the terminal PC and the HUB. Three cables were used in total. RS232c board A serial interface board; connected to the controller inside the Multifunction Product. Serial cable A cross-over cable with DSUB-9 connectors was used between the terminal PC and the Multifunction Product. Central Office simulator TLE 101-II (ASCII) was used to connect between the Multifunction Product and a fax machine (iR2870) via a simulated telephone line. OS Microsoft Windows XP Professional Service Pack 2. Terminal software Windows-compatible terminal software was used on the terminal PC to monitor the status of the TOE on the Multifunction Product. Tera Term Pro was used. Web browser Standard browser software; used to run the Remote UI on the secondary test PC. Microsoft Internet Explorer 6.0 SP2 was used. Printing software A Windows-based software program that allows printing with standard Windows printing settings. Printer driver PCL5e driver; the one contained on the bundled CD-ROM of iR3045 was used. MEAP test programs Test programs created by the developer for testing the MEAP API. These programs allow checking the behavior of TSFs through MEAP API calls that are made by operating the UI in exactly the same fashion as in commercial MEAP applications. The MEAP test programs were installed on the Multifunction Product as per the MEAP SDK and SMS manuals. The test programs used for the testing are as follows. z SC040SimplePDLPrint.jar z SC049CopyJobManager.jar z SC029DepartmentManage2.jar 2) Outlining of Developer Testing Outlining of the testing performed by the developer is as follow. a. Test configuration Figure 2-1 shows the developer test configuration. The developer testing was CRP-C0136-01 11 conducted in the same TOE test environment as the TOE configuration identified in the ST. b. Testing Approach The functions that provide a user-operable external interface was tested by executing the functions and observing the resulting behavior, whereas the function without a user-operable external interface (i.e., HDD Data Complete Erase function) was tested by dumping and analyzing a hard drive image of the Multifunction Product. c. Scope of Testing Performed The developer tested 43 items. A coverage analysis was performed and verified that the security functions and external interfaces described in the functional specification were thoroughly tested. A depth analysis was performed and verified that the subsystems and subsystem interfaces described in the high-level design were all thoroughly tested. d. Result The results of the tests by the developer provide evidence that the expected test results match the actual test results. The evaluator confirmed the legitimacy of the developer testing approach and tested items, and consistencies between the testing approach described in the test plan and the actual test results. 2.3.2 Evaluator Testing 1) Evaluator Test Environment The evaluator used the same test configuration used by the developer. 2) Outlining of Evaluator Testing An outline of the evaluator testing is as follows. a. Test configuration Figure 2-1 shows the evaluator test configuration. The evaluator testing was conducted in the same TOE test environment as the TOE configuration identified in the ST. b. Testing Approach The functions with an external interface that the evaluator can operate was tested by executing the functions and observing the resulting behavior, whereas the function without an evaluator-operable external interface was tested by retrieving the function result using a HDD dumper and analyzing it. c. Coverage of testing The evaluator performed 15 tests in total: 5 independent tests and 10 sampled CRP-C0136-01 12 developer tests. The evaluator devised independent testing with the following taken into account. (1) Coverage of all security functions (2) Coverage of all user-operable interfaces (3) Coverage of all sub-systems (4) Testing of the impact of concurrent operations (5) Testing of modified functionality (6) Testing of the impact of illegal parameter input d. Result The evaluator successfully completed all the tests and observed the behavior of the TOE security functions. The evaluator confirmed that the actual test results match the expected test results, and that there are no obvious exploitable vulnerabilities in the TOE. 2.4 Evaluation Result The evaluator confirmed in the Evaluation Technical Report that the TOE satisfies all CEM work units. CRP-C0136-01 13 3. Conduct of Certification The following certification was conducted based on each materials submitted by evaluation facility during evaluation process. 1. Contents pointed out in the Observation Report shall be adequate. 2. Contents pointed out in the Observation Report shall properly be reflected. 3. Evidential materials submitted were sampled, its contents were examined, and related work units shall be evaluated as presented in the Evaluation Technical Report. 4. Rationale of evaluation verdict by the evaluator presented in the Evaluation Technical Report shall be adequate. 5. The Evaluator’s evaluation methodology presented in the Evaluation Technical Report shall conform to the CEM. Concerns found in certification process were prepared as certification review, which were sent to evaluation facility. The Certification Body confirmed such concerns pointed out in Observation Report and certification review were solved in the ST and the Evaluation Technical Report. CRP-C0136-01 14 4. Conclusion 4.1 Certification Result The Certification Body verified the Evaluation Technical Report, the Observation Report and the related evaluation evidential materials submitted and confirmed that all evaluator action elements required in CC Part 3 are conducted appropriately to the TOE. The Certification Body verified the TOE is satisfied the EAL3 assurance requirements prescribed in CC Part 3. 4.2 Recommendations None CRP-C0136-01 15 5. Glossary The abbreviations used in this document are listed below. CC Common Criteria for Information Technology Security Evaluation CEM Common Methodology for Information Technology Security Evaluation EAL Evaluation Assurance Level PP Protection Profile SOF Strength of Function ST Security Target TOE Target of Evaluation TSF TOE Security Functions The terms used in this document are described below. Controller The TOE’s operating platform. A hardware device with a CPU and memory. Department ID A unique ID assigned to each multifunction product user, who can be an individual or a department. A multifunction product running with the Department ID Management function enabled requires any user be identified and authenticated before operating the multifunction product. The System Manager is a user who is granted a special department ID called System Manager ID. HDD The hard disk drive of a multifunction product. It is the storage place for the TOE and its assets. I-fax An Internet faxing service that allows transmission and reception of faxes using the Internet instead of telephone lines. Image data Image data that is created on the HDD of a multifunction product through document scanning, printing, or fax reception. Mail Box A function of a multifunction product that offers storage space for scanned documents, print jobs, and incoming faxes. Three types of storage inboxes are available: User Inbox, Confidential Fax Inbox, and Memory Reception Inbox. MEAP Short for Multifunctional Embedded Application Platform; a platform for writing applications that run on Canon’s multifunction products. It allows execution of special “MEAP applications” developed in the Java language. MEAP application An application developed in the Java language to run on multifunction products. A MEAP application can be used in conjunction with the native functions of a multifunction product, e.g., printing, copying, faxing, and scanning, to customize the user interface, simplify the document flow, automate routine tasks, and so on. CRP-C0136-01 16 MEAP Authentication Application A MEAP application that allows authentication of regular users of a multifunction product, integration with Active Directory, etc. Operation Panel A hardware component of a multifunction product, comprising operation keys and a touch panel display, that is used for operation of the multifunction product. Remote UI An interface that allows remote access to a multifunction product from a desktop Web browser for viewing device status information, manipulating jobs, configuring Mail Box settings, customizing device settings, and so on. System Manager The administrator of a multifunction product that is responsible for device configuration and management, and, optionally, management of inboxes, on behalf of inbox users. A multifunction product identifies a user who logs in with the System Manager ID as System Manager. System Management mode Operational mode of a multifunction product in which System Manager privileges are maintained on the multifunction product. Any operations performed in this mode are executed as System Manager actions. Entry into this mode requires the System Manager ID and System Password. System Management mode is exited when the ID key is pressed down on the multifunction product’s Operation Panel. Universal Send A function that allows sending scanned documents or documents in a User Inbox or the Memory Reception Inbox as faxes, or as TIFF or PDF files to outside e-mail addresses or shared folders on external PCs. CRP-C0136-01 17 6. Bibliography [1] Canon iR3025/iR3030/iR3035/iR3045 Series HDD Data Erase Kit-B1 Security Target Version 1.07(November 21th, 2007) [2] IT Security Evaluation and Certification Scheme, May 2007, Information-technology Promotion Agency, Japan CCS-01 [3] IT Security Certification Procedure, May 2007, Information-technology Promotion Agency, Japan CCM-02 [4] Evaluation Facility Approval Procedure, May 2007, Information-technology Promotion Agency, Japan CCM-03 [5] Common Criteria for Information Technology Security Evaluation Part 1: Introduction and general model Version 2.3 August 2005 CCMB-2005-08-001 [6] Common Criteria for Information Technology Security Evaluation Part 2: Security functional requirements Version 2.3 August 2005 CCMB-2005-08-002 [7] Common Criteria for Information Technology Security Evaluation Part 3: Security assurance requirements Version 2.3 August 2005 CCMB-2005-08-003 [8] Common Criteria for Information Technology Security Evaluation Part 1: Introduction and general model Version 2.3 August 2005 CCMB-2005-08-001 (Translation Version 1.0 December 2005) [9] Common Criteria for Information Technology Security Evaluation Part 2: Security functional requirements Version 2.3 August 2005 CCMB-2005-08-002 (Translation Version 1.0 December 2005) [10] Common Criteria for Information Technology Security Evaluation Part 3: Security assurance requirements Version 2.3 August 2005 CCMB-2005-08-003 (Translation Version 1.0 December 2005) [11] ISO/IEC 15408-1:2005 - Information Technology - Security techniques - Evaluation criteria for IT security - Part 1: Introduction and general model [12] ISO/IEC 15408-2:2005 - Information technology - Security techniques - Evaluation criteria for IT security - Part 2: Security functional requirements [13] ISO/IEC 15408-3:2005 - Information technology - Security techniques - Evaluation criteria for IT security - Part 3: Security assurance requirements [14] Common Methodology for Information Technology Security Evaluation: Evaluation Methodology Version 2.3 August 2005 CCMB-2005-08-004 [15] Common Methodology for Information Technology Security Evaluation: Evaluation Methodology Version 2.3 August 2005 CCMB-2005-08-004 (Translation Version 1.0 December 2005) [16] ISO/IEC 18045:2005 Information technology - Security techniques - Methodology for IT security evaluation CRP-C0136-01 18 [17] Canon iR3025/iR3030/iR3035/iR3045 Series HDD Data Erase Kit-B1 Evaluation Technical Report Version 4, December 12th, 2007, Mizuho Information & Research Institute, Inc. Center for Evaluation of Information Security