Upload
vuongthien
View
228
Download
2
Embed Size (px)
Citation preview
Smart Operation Panel Security White Paper ver. 2.0
Copyright 2016 RICOH Americas Corporation. All rights reserved. Page 1 of 53
Visit our Knowledgebase at: http://www.ricoh-usa.com/support/knowledge_base.aspx
8/10/2016
Technical Information:
Smart Operation Panel ver 2.0 Security White Paper
Document Version 3.0
Smart Operation Panel Security White Paper ver. 2.0
Page 2 of 53
NOTICE:
This document may not be reproduced or distributed in whole or in part, for any purpose or in any fashion
without the prior written consent of Ricoh Company limited. Ricoh Company limited retains the sole
discretion to grant or deny consent to any person or party.
Copyright © 2016 by Ricoh Company Ltd.
All product names, domain names or product illustrations, including desktop images, used in this document
are trademarks, registered trademarks or the property of their respective companies. They are used
throughout this book in an informational or editorial fashion only. Ricoh Company, Ltd. Does not grant or
intend to grant hereby any right to such trademarks or property to any third parties. The use of any trade
name or web site is not intended to convey endorsement or any other affiliation with Ricoh products.
The content of this document, and the appearance, features and specifications of Ricoh products are
subject to change from time to time without notice. While care has been taken to ensure the accuracy of
this information, Ricoh makes no representation or warranties about the accuracy, completeness or
adequacy of the information contained herein, and shall not be liable for any errors or omissions in these
materials. The only warranties for Ricoh products and services are as set forth in the express warranty
statements accompanying them. Nothing herein shall be construed as constituting an additional warranty.
Ricoh does not provide legal, accounting or auditing advice, or represent or warrant that our products or
services will ensure that you are in compliance with any law. Customer is responsible for making the final
selection of solution and technical architectures, and for ensuring its own compliance with various laws
such as the Gramm-Leach-Bliley Act, the Sarbanes-Oxley Act and the Health Insurance Portability and
Accountability Act (HIPAA).
Smart Operation Panel Security White Paper ver. 2.0
Page 3 of 53
Version History: Version Issue Date Revisions
1.0 July 26, 2013 Initial release
2.0 Dec. 2015 Revised points
1. Revised some appearance
2. Revised some chapter setting
3. Add the Table 3: Correspondence table for port number
between WiFi and main unit system
4. Add the description on the Table 2: Software
configuration and 12.2 countermeasures for Android
vulnerabilities
3.0 July 2016
Target Readers:
1. End users: The information contained in the document can be distributed to end users. Before distributing
this document to end users, region specific information including model names must be modified.
2. The regional support and marketing staff of each regional company
3. The support and marketing staff of Ricoh Sales companies including Ricoh family group companies and
their subsidiaries.
Smart Operation Panel Security White Paper ver. 2.0
Page 4 of 53
TABLE OF CONTENTS:
1. Introduction .................................................................................................................. 7
1. Executive Summary ....................................................................................................... 8
2. Hardware Configuration/Software Configuration ........................................................ 9
2-1. Hardware Configuration .................................................................................................. 10
2-2. Software configuration.................................................................................................... 12
3. Data Security for external I/F ....................................................................................... 15
4. Remote Access ............................................................................................................ 16
4-1. Network connection functions by SOP .......................................................................... 16
4-1-1. SOP’s functions to use the network .................................................................................... 17
4-1-2. Wireless LAN specifications ................................................................................................ 17
4-1-3. Main MFP unit network connection specifications ............................................................. 17
4-1-4. Wireless Direct connection function ................................................................................... 18
4-1-5. Connection functions from a wireless terminal to the main MFP unit ............................... 18
4-2. Bluetooth ......................................................................................................................... 19
5. Authentication/Access Control ................................................................................... 19
5-1. Authentication ................................................................................................................. 19
5-1-1. Authentication settings ........................................................................................................ 19
5-1-2. Authentication ...................................................................................................................... 20
5-1-3. Service privilege login .......................................................................................................... 21
5-1-4. Remote login......................................................................................................................... 21
5-2. Access control ................................................................................................................. 22
6. Administrator Settings ................................................................................................. 22
7. Persistent Data on the SOP ......................................................................................... 23
7-1. Persistent data on the SOP ............................................................................................. 23
7-1-1. Security log (job log/access log) ......................................................................................... 23
7-1-2. Other data ............................................................................................................................. 23
7-2. Using the HDD of the main MFP unit.............................................................................. 24
8. Applications .................................................................................................................. 25
Smart Operation Panel Security White Paper ver. 2.0
Page 5 of 53
8-1. The basic policy of pre-installation applications .......................................................... 25
8-2. Quick Copy/Quick Scanner/Quick Fax applications ..................................................... 25
8-2-1. Specifications ....................................................................................................................... 25
8-2-2. Data flow ............................................................................................................................... 25
8-2-3. Data flow security ................................................................................................................. 25
8-2-4. Log ........................................................................................................................................ 25
8-3. Printer/Quick Print Release/Copy/Scanner/Fax applications ....................................... 26
8-3-1. Functional specifications ..................................................................................................... 26
8-3-2. Data flow ............................................................................................................................... 26
8-3-3. Data flow security ................................................................................................................. 26
8-3-4. Log ........................................................................................................................................ 26
8-4. Web browser .................................................................................................................... 26
8-4-1. Web browser functions ........................................................................................................ 27
8-4-2. Bookmark functions ............................................................................................................. 27
8-4-3. History functions .................................................................................................................. 27
8-4-4. Web contents print functions ............................................................................................... 27
8-4-5. Functions to view or store PDF files ................................................................................... 27
8-4-6. Administration functions...................................................................................................... 28
8-4-7. Encrypted communication ................................................................................................... 29
8-4-8. Displaying URLs ................................................................................................................... 30
8-4-9. Displaying a web site certificate .......................................................................................... 30
8-4-10. Temporarily stored data ..................................................................................................... 30
8-4-11. Browser security ................................................................................................................. 30
8-5. Print/Scan (Memory Storage Device) ............................................................................. 30
8-5-1. Specification ......................................................................................................................... 30
8-5-2. Data flow ............................................................................................................................... 31
8-5-3. Data flow security ................................................................................................................. 31
8-5-4. Log ........................................................................................................................................ 31
8-6. Check Status application ................................................................................................ 32
Smart Operation Panel Security White Paper ver. 2.0
Page 6 of 53
8-6-1. Functional specifications ..................................................................................................... 32
8-6-2. Data flow ............................................................................................................................... 32
8-6-3. Data flow security ................................................................................................................. 32
8-7. Quick Card Authentication ............................................................................................. 32
8-7-1. Functional specifications ..................................................................................................... 32
8-7-2. Data flow ............................................................................................................................... 32
8-7-3. Data flow security ................................................................................................................. 33
8-7-4. Log ........................................................................................................................................ 33
9. Security Policy for Installation/Updates of Installable Applications ........................ 33
9-1. Installation/Update of Installable Applications .............................................................. 33
9-2. Installation/Update from Application Site ...................................................................... 34
9-2-1. Configuring Application Site ................................................................................................ 34
9-2-2. Installing/updating/deleting applications ............................................................................ 35
9-2-3. Communication protocols ................................................................................................... 37
9-2-4. Encrypting communication paths ........................................................................................ 38
9-2-5. Using Application Site under a proxy environment ............................................................ 38
10. Data Protection ........................................................................................................... 38
10-1. Protection of data within the main unit system ........................................................... 38
10-2. Protection of data within the SOP ................................................................................ 38
11. Security Considerations ............................................................................................ 41
11-1. Protection of user information ..................................................................................... 41
11-2. Countermeasures for Android vulnerabilities ............................................................. 41
11-3. Security for the wireless connection when it is enabled ............................................ 42
11-3-1. Security of connection to installable applications ............................................................ 42
11-3-2. Connection security to the main unit system .................................................................... 42
11-4. Internet access of the application ................................................................................ 43
12. Term dictionary .......................................................................................................... 43
13. Appendix ..................................................................................................................... 43
Smart Operation Panel Security White Paper ver. 2.0
Page 7 of 53
1. Introduction
Smart Operation Panel is an exciting new technology from Ricoh. The Smart Operation Panel
or SOP was designed by listening to our customers / dealers across the globe to provide a
new and improved user interface to our MFP’s and printers.
With the advent of tablets and mobile phones users demand a more intuitive way to use their
business technology. Ricoh, as an industry leader in the document solutions industry
needed to push the usability envelop and create an entirely new user experience. We came
up with the Smart Operation Panel or SOP.
Along with this new and innovative user interface, we have a full compatibility mode with our
existing technology, Hardware, Software, and applications. We want to ensure a seamless
transition from current technology to new technology.
Ricoh’s strategy is to offer our customers a new level of usability. We want to leverage the
everyday knowledge of users with mobile phones, and tablets. Ricoh is not looking to use
this new SOP as the core platform of the Ricoh technology. Ricoh has an industry leading
platform that has been proven to be very secure while providing industry leading technology
and functionality for our customers. Ricoh will continue to innovate our new platform based on
our customers’ feedback to provide more optimized business process solutions.
Ricoh’s industry leading new technology offers many new technology advantages. Ricoh
understands the importance of Information Security when it comes to our customer’s
enterprise environments. Whether you are a huge global enterprise or a small independent
business, your data /information is the most critical part of your business.
This document describes the information security concepts associated with the SOP.
NOTE
This document applies to following models of operation panel.
MP C306ZSP/MP C306ZSPF/MP C406ZSP/MP C406ZSPF
MP 305+ SP/MP 305+ SPF
MP CW2201SP
MP C3004SP/MP C3004SPG/MP C3004ASP/MP C3504SP/MP C3504SPG/MP C3504ASP/MP
C4504SP/MP C4504SPG/MP C4504ASP/MP C5504SP/MP C5504ASP/MP C6004SP/MP
C6004SPG
MP 6503SP/ MP 7503SP/ MP 9003SP
Smart Operation Panel Security White Paper ver. 2.0
Page 8 of 53
1.Executive Summary
Please use this section to address some of the high level concerns you may have when
transitioning to this new innovative platform.
1. Protection of User Information
User information, document information, and contact details are never stored on the SOP.
They are securely stored in the main unit system (See Device Security White Paper
provided separately).
2. Android Vulnerabilities
Ricoh uses its proprietary operating system based on android as the OS of the SOP.
The SOP is connected to the MFP/Printer via USB technology. Ricoh’s core platform is
proprietary technology that resides on the MFP/Printer. The SOP is used for user
interaction with the main MFP/Printer system. (See section 3). Typical android
vulnerabilities are not exploited on the SOP.
- It is not possible to install any type of application without a Ricoh unique signature
using a 2048- bit RSA encryption key.
- Android browser concerns can be minimized by
Internal access to the main unit is not possible from the SOP. A message
will be displayed to indicate no access is allowed.
No applications over the browser can be downloaded or installed.
Using the administrator browser configurations many browser settings can
be changed. It can be turned off if necessary.
3. Network Security:
SOP does not have any wired network ports
Network administrators can disable any network connection (Wireless LAN, Wireless
direct, or using the main board of the SOP. Note: certain functions running on SOP may
not function properly. For details, see section 4 and 5.
4. Access / Authentication:
Authentication itself is managed by the service layer of the main MFP/Printer. It is
configured by administrators. Authentication data itself is only sent from SOP to the main
unit, it cannot be sent outside the machine. For details, see section 6.
5. Data Security:
All internal data is protected by the main unit system’s access control system. Remote
data transfer by Ricoh’s Web Image Monitor cannot be performed with the SOP network
connections. No user data is stored on the SOP persistently. For details, see section 8
and 9.
Smart Operation Panel Security White Paper ver. 2.0
Page 9 of 53
6. On-Going Vulnerabilities Check:
Ricoh examines all vulnerabilities disclosed by CERT and other organizations to
determine if any updates are required. For details, see section 12.
2.Hardware Configuration/Software Configuration
This section details an outline of the SOP’s configuration.
Diagram 1: Configuration of SOP
The SOP connects to the main MFP unit using a USB connection. The cable or connector is
protected by the cover in the same manner as a regular control panel.
The SOP supports network access via the main unit system and also the control panel’s wireless
connection.
Smart Operation Panel Security White Paper ver. 2.0
Page 10 of 53
2-1.Hardware Configuration
The control panel of the SOP consists of the hardware components listed in Table 1.
Table 1: Hardware configuration
Category Item Contents Notes
LCD Size 10.1 inch panel
Pixel count WSVGA (1024x600)
Bit width RGB666 18-bit color
Brightness 200cd/m2 (typ.)
Backlight LED backlight (Lifespan 15000
hrs)
Touch panel Lightweight touch panel, dual
touch detection
Memory Volatile
memory
RAM (DDR3-1066)
2GB
Non-volatile
memory
eMMC NAND
8 GB (16 GB memory is used
in SLCMode)
Programming area
and data area of
the operating
system and
applications
External I/F USB
memory
USB 2.0 Host Type-A
SD card SD card slot 1ch (SD/SDNC)
USB
extension
USB 2.0 Host Type-miniAB Camera, USB
keyboard, USB
card reader
USB
extension
USB 2.0 Host Type-miniB For NFC
extension
Internal I/F Extensions MicroSD card slot It is installed for
future extensions
and not used
currently
Network Wireless
LAN
802.11b/g/n
Bluetooth Bluetooth 4.0
Smart Operation Panel Security White Paper ver. 2.0
Page 11 of 53
Voice
input/output
Speaker/
Microphone
Monaural speaker 1ch
(Output 1-2W)
Microphone
RTC Accuracy Real Time Clock
Lunar equality: 52.56 seconds
Due to external crystal
pendulum accuracy.
(20ppm/hour)
Hard key Total 4
Special key 3
Reset Force reset button Press in the
event of a
crash/freeze
LED Total 5
System 1
- Main power/power saving
(blue)
Used as the main
power and the
power saving lamp.
MFP 2
- Status Confirmation
(red/yellow)
- Data in (blue)
- Home (blue)
The status
confirmations are
RGB3 device LEDs
Fax 1
- Private/alternate/data being
sent (blue)
2
- Back (white)
- Menu (white)
The back and
Menu LED has the
same control (one
port)
Access LED 1
- USB (blue)
- SD card (blue)
Mechanical
specification
Hinges Tilt or fixed depending on
models’ specification
Smart Operation Panel Security White Paper ver. 2.0
Page 12 of 53
Power
consumption
During
operation
Stationary: Less than 4 W
Wireless LAN high load
operation: Less than 4.6 W
Not including
External I/F or
internal function
extensions.
During
sleep mode
Less than 350 mW
During sleep mode,
power will not be
sent to extension
USB devices
connected to the
USB port.
2-2.Software configuration
There are two types of software:
1. SOP firmware
2. Installable applications
1. SOP Firmware
The SOP firmware consists of Android OS (Ricoh’s proprietary operating system) and the
pre-installed applications (Web Browser, Gallery etc.) It is provided as a single ROM image.
2.Installable applications
“Installable applications” indicates applications that can be installed separately.
Table 2: Software configuration
SOP firmware Installable applications
Explanation Exists as an independent part of
the system.
This includes android and
pre-installed applications
These applications are not
included in firmware and
installed separately.
Smart Operation Panel Security White Paper ver. 2.0
Page 13 of 53
Internal
configuration
The SOP firmware includes the
following
- Android operating system (Linux
kernel, Android runtime, library,
application framework)
Settings
Android standard IME
- Web browser application
- Gallery
- Self-diagnosis application
- Launcher application
- Installer application *1
- Servlet server application *2
- Authentication
- Monitoring service (obtaining
controller’s SP code)
- Validity verification*3
- LUI system
- Initialization
- Banner applications
- Date display widget
- Status check applications
- System message
- Manuals
Below listed are applications
other than those on the left.
- Quick Copy/Quick
Scanner/Quick Fax applications
- Printer/Quick Print Release
applications
- Copy/Scanner/ Fax applications
- Media Print and Scanner
applications
- Print/Scan (Memory Storage
Device)
- Language conversion widget
- Supply indication widget
- IME applications
- Home applications
- OCS emulator
- NFC dispatcher
- Quick card authentication
- Standard IC card plugins
- USB card reader plugins
- QR code applications
- Scant to folder helper
- Eco screen widget
- FAX reception status display
widget
- Stop key widget
- Bluetooth services
- Bluetooth authentication plug-in
Changes/
additional
measures
Updates can be performed as
follows:
1. Update using a SD card from
recovery mode.
2. Update using a batch file from a
network.
3. Package update is enabled.
The following can be performed
with a service privilege login:
1. Add or update each
application by a
service-privileged login using an
SD card from the settings menu.
2. Add or update each
application using a batch file
from a network.
3. Add or update through Ricoh
servers.
Smart Operation Panel Security White Paper ver. 2.0
Page 14 of 53
4. Add or update remotely using
a PC utility tool or Web Image
Monitor for service
representatives.
5. Package update is enabled.
*1: Installation/update applications for installable applications
*2: Server applications to implement importing/exporting and remote firmware updates
*3: Applications that run on the MFP where the validity verification function is enabled.
Diagram 2: SOP application configuration
Smart Operation Panel Security White Paper ver. 2.0
Page 15 of 53
3.Data Security for external I/F
The SOP’s external I/F contains the following physical external I/F;
1. Wireless LAN I/F
For the functions to be provided, refer to 5.1 Network connection functions by SOP.
The network administrator can disable these functions.
2. SD card slot
The functions to be provided are for SD card data access from SOP or the main
MFP unit. They are used as specified in 10.1 Installation/Update of Installable
Applications, Setting of Wallpapers, 9.3 Media Print and Scanner Applications, and so on.
The machine administrator can disable these functions.
3. USB2.0 Host Type-miniB (NFC extensions)
For the functions to be provided, refer to 9.8 Quick Card Authentication.
4. USB2.0 Host Type-A (USB memory)
For the functions to be provided, refer to 9.3 Media Print and Scanner Applications.
The machine administrator can disable USB memory devices.
5. USB2.0 Host Type-A (camera, USB keyboard, USB card reader)
The functions to be provided are for data input using a camera or keyboard, data input/output using a
card reader, and so on.
6. Bluetooth
The functions to be provided are for data input using a keyboard or mouse, audio output to speakers,
and so on.
The network administrator can disable these functions.
Regarding 3, 4, and 5, the machine administrator cannot disable USB devices other than USB
memory devices, and data input to and data output from cameras and card readers are not possible
unless applications for them are available. Only service and machine administrators can install these
applications.
Smart Operation Panel Security White Paper ver. 2.0
Page 16 of 53
4.Remote Access
4-1.Network connection functions by SOP
It is possible for the SOP to use the following network connections
a) Wireless LAN communication (using wireless card equipped on SOP)
b) NAT connection using the network board of the main unit system
c) Wireless direct function (using wireless card equipped on SOP)
Wireless LAN and wireless direct function can establish connections from a wireless terminal to the
main MFP unit.
1. Connection from WiFi to installable applications
2. Access from WiFi to the main unit system
Diagram 3: Network connection and data flow
IPv6 is only supported through a connection using the main MFP unit’s network board.
Wireless LAN module of the SOP only supports IPv4.
The above network connection capabilities (wireless LAN, a connection using the main unit system’s
network board, and wireless direct) can be configured by the network administrator (single selection
only. Multiple network connections cannot be used at the same time.). Wireless LAN and network
connections to the main MFP unit cannot be used at the same time. Also, wireless LAN and wireless
direct cannot be used at the same time.
Wireless
LAN module
Main unit system
LAN
USB
SOP
b) Network connection from the main unit system
a)Wireless LAN communication
c) Wireless direct Connections to the main MFP unit
Smart Operation Panel Security White Paper ver. 2.0
Page 17 of 53
In addition, the network administrator can completely disable the network connection capabilities for
the SOP.
In this case, connection to the network from the SOP (web connection through the web browser
or e-mail transmission) is not possible.
4-1-1.SOP’s functions to use the network
With the SOP, the use of the network connection is assumed for the following situations. However,
the new SOP applications that are going to be developed in the future will expand the purposes.
Client functions:
・Web browsing with the web browser (See 9.5 Web Browser)
Server functions:
・Remote firmware updates in installable applications
・Remote setting functions using Servlet for installable applications
(*The machine administrator can specify whether to activate the server function or not. Specifying
this setting can disable access from outside.)
(*Port numbers are variable, and login with service privileges can specify port numbers.)
To transfer files using applications or communicate using Web Image Monitor, network connection
enabled on the main unit system is used. The SOP’s wireless network connection cannot be used for
this.
4-1-2.Wireless LAN specifications
Wireless LAN Compatibility: 802.11b/g/n
Supported authentications: WEP, WPA/WPA2 PSK, 802.1x EAP
Port closing: Unavailable*
4-1-3.Main MFP unit network connection specifications
The main unit’s network address is shared by the SOP.
In the case of a network connection request with a specified port for the main unit system’s address,
the request is forwarded to the SOP
(* 10 ports can be assigned for the SOP. The port number can be changed, and settings can be
changed with a service privilege login.)
Smart Operation Panel Security White Paper ver. 2.0
Page 18 of 53
Port closing: Available (It is possible for the network administrator to specify settings to close all
ports of the SOP by using telnet from the main unit system.)
4-1-4.Wireless Direct connection function
Wireless Direct function enables the direct network connection with the devices capable of
wireless connection (smart phone, PC and so on) by using the wireless module of SOP.
The Wireless Direct connection function is to provide proprietary functions by using
installable applications. Currently there are no installable applications that is provided with the
proprietary functions. However, TCP port 49301 is open to receive shared services (Wireless
Direct is set to [Enabled]), and group owner mode is set to [Enabled].
4-1-5.Connection functions from a wireless terminal to the main MFP unit
For wireless LAN and wireless direct connections, functions provided via the main unit
system’s LAN are provided through packet transmission to the controller.
As for 2 above, a wireless device connects to SOP via WiFi, and if a connection to SOP is
established using Wireless Direct and a specific port is requested for the connection, this
connection is processed as if it were conducted via LAN from the main unit system. A network
administrator can enable or disable this function. The inbound port number for Wireless and
the corresponding port number of the main unit system are variable, so that they can be
specified by a login user with service privileges.
The functions of the main unit system that can be used by this connection function must be
enabled by configuring the settings on the main unit system. For instance, to use from
Wireless Direct the HTTP of the main unit system, it must be enabled in advance.
Table 3: Correspondence table for port number between WiFi and main unit system
Port number from
WiFi (Default value)
Correspondence port number of
main unit system (Default
value)
Description
UDP 161
(SNMP)
UDP 161 Obtain MIB from wireless
direct
TCP 514
(rsh)
TCP 514 Scan from wireless direct
Smart Operation Panel Security White Paper ver. 2.0
Page 19 of 53
4-2.Bluetooth
Communication is possible with devices supporting Bluetooth 4.0.
Data can be input using a keyboard or mouse and audio data can be output to speakers.
Also, a smartphone ID can be input using Smart Device connector, and wireless LAN
connection information can also be output.
The machine administrator can enable or disable Bluetooth I/F. (The factory-default setting
is “disabled”.)
5.Authentication/Access Control
5-1.Authentication
User authentication (including user code authentication) or administrator authentication can be
enabled on the SOP in association with the user or administrator authentication settings of the main
unit system
According to access privilege settings on applications, only authorized users can start applications.
(The application icons that users do not have privilege are not displayed.)
Also, only administrators (machine administrator and/or network administrator) can change the
screen features of the SOP when they log in.
Authentication itself is processed using the service layer of the main system.
Authentication data is sent internally from the SOP, and it will not be sent to outside the machine.
5-1-1.Authentication settings
Users can access the Machine Features of the main unit system by pressing the User Tool button
on the Home screen or application list.
Authentication settings are configured using administrator settings, and the applications of the SOP
work accordingly.
When a password is entered using 2 byte code characters, these characters are not masked due to
the specification restrictions on the Android keyboard. For this, the SOP provides its proprietary
“Setting for Entering Authentication Password” (“Only 1 Byte Characters” or “1 Byte and 2 Byte
Characters”)
Smart Operation Panel Security White Paper ver. 2.0
Page 20 of 53
When “Only 1 Byte Characters” is specified in “Setting for Entering Authentication Password”,
passwords that can be entered using the SOP keyboard are 1 byte characters (ASCII character and
symbols).
5-1-2.Authentication
Authentication can be performed using the login button in the upper part of the Home screen.
When the Machine Features screen or printer screen is displayed, authentication can be performed
using the login button on the screen.
Smart Operation Panel Security White Paper ver. 2.0
Page 21 of 53
5-1-3.Service privilege login
Service privilege login by the SOP is not associated with the main system. It is performed or
controlled using SOP applications.
After a service privilege login is performed, it is only possible to configure the Screen Features for
service representatives, which includes installing or uninstalling applications and self-diagnosis for the
SOP.
Service privilege login is protected by combining special keys. For this, a service privilege login can
only be performed by service representatives who know the key combination.
Service privilege login is interlocked with “SP mode transfer prohibition”, so that the machine
administrator can prevent login using service privileges.
5-1-4.Remote login
For functions to update firmware using batch files via the network and those to install and update
installable applications, remote login function is provided. A sequence of the operation from login
(remote login start) to logout (remote login termination) is completed in a single http request.
Therefore, it is not kept logged in after remote firmware update. While a remote login is performed,
operations (including SOP login) on the SOP cannot be performed.
Remote login cannot be performed if the machine administrator disables the server functions.
Smart Operation Panel Security White Paper ver. 2.0
Page 22 of 53
5-2.Access control
Usage restrictions by each user can be enabled for copy or other application functions.
Usage restrictions on applications are realized on the Home screen. Applications that can be used
are displayed on the Home screen, depending on the login user's privilege. When there is no login
user, applications that are displayed on the Home screen are those that no restrictions are set.
Usage restriction information on the main unit system's applications is applied to the SOP's
applications. For this, individual usage restrictions are not provided for the SOP's applications. It is
specified application by application that which application conform to which setting of the main unit
system.
Ex.:
・Quick Copy/Quick Scanner/Quick Fax applications:
Conform to the usage restrictions of the copier, scanner, or fax of the main unit system.
Usage restrictions on the functions of the main unit system (viewing documents, user management,
and so on) conform to the specifications of the main unit system
6.Administrator Settings
Administrators’ roles for SOP are the same with those specified for the main system. Also, setting
configurations are the same with the main unit system
Administrators' proprietary roles for the SOP are shown below.
Table 4: Administrators' proprietary roles for the SOP
Role Administrator Notes
Placing icons/widgets
on the Home screen
Machine
administrator
When [Use of User-Specific Customization] is set
to [Enable], general users can specify the settings.
Changing wallpapers Machine
administrator
Ditto
Default values for the
SOP settings
Machine
administrator
Network
administrator
- General users can also specify settings for
“Language switching”
- When Bluetooth is enabled, general users
can also specify device pairing.
- When wireless direct is enabled, general
users can also connect to devices.
*If no administrator authentication is implemented, each privilege is open to general users.
Smart Operation Panel Security White Paper ver. 2.0
Page 23 of 53
7.Persistent Data on the SOP
7-1.Persistent data on the SOP
The SOP has data that is stored in eMMC NAND persistently.
The date are shown below. These are sole data in a system.
・Default values for the SOP settings
・Browser information
・Live wallpaper
When “Personalized Home Screen” is enabled, the data shown below is user-specific.
When it is disabled, the data is sole system data. (The factory-default setting is “disabled”.)
・Layout of items (icons, widgets, etc) on the home screen
・Wallpaper (still image)
・Display languages
No user data (address book information, login account, and document data) is stored on the SOP
persistently.
7-1-1.Security log (job log/access log)
If the main unit system function is used from SOP, the job log and access log are stored. The logs
are stored on the main unit system.
Log data to be stored:
-Jobs by copier, fax, scanner and other functions of the main unit system
-Jobs by Quick Copy/Quick Scanner/Quick Fax applications
Log data not to be stored:
-service privilege login on the SOP
-encrypted communication log using the SOP's network
7-1-2.Other data
The SOP stores unique firmware data and configuration changes (installation and version updates)
of the SOP's installable applications.
This information is used by service representatives to recover the SOP when a failure occurs.
Therefore, this information can only be accessed if a service privilege login is performed.
Smart Operation Panel Security White Paper ver. 2.0
Page 24 of 53
If firmware updates are not allowed for the main unit system, the setting is also applied to the SOP
when the main unit system starts or the main unit system's settings are changed. Applying the setting
can prevent illegal firmware updates to or application installation on the SOP.
Also, if an application is installed or updated, or if the firmware is updated, the version list of
firmware and application is recorded with the activated time and date when the SOP powers on after
the installation or update.
(For past 30 installations or updates)
This firmware/application update history can be viewed only if a service privilege login is performed.
<Deleting persistent data on the SOP>
Three methods of deleting data are available for SOP
1. “Screen Features initialization” menu for administrators
Persistent data such as setting values or cached data that are stored on the SOP can be deleted.
This method is for user data initialization when devices are disposed of or moved.
Installed applications or installation records are not deleted.
2. “Initialization using recovery mode” when a service privilege login is performed
Each partition of eMMC NAND flash memory of the SOP is completely deleted.
This deletion is performed using the recovery mode that only service representatives can use.
The areas subject to deletion include “data area” (each application's data, applications, all setting
values), “cache area” (each application's cached data area), and “free area” that includes the firmware
update prohibition setting and firmware/application update history.
This method can be used in case the SOP is not able to start up properly. This might be caused by
the eMMC NAND not functioning properly.
3. Overwrite functions of user data stored on the main MFP unit
Processes are the same as those specified in 1 above.
7-2.Using the HDD of the main MFP unit
When powered on, the SOP mounts the HDD of the main MFP unit via USB by using NFS.
No functions other than the data overwrite function can be accessed to the area that the SOP uses.
Data overwrite can be automatic or complete.
Data stored on the HDD is deleted when the application used to store the data is uninstalled.
Enabling the encryption function on the main unit system protects this data.
Smart Operation Panel Security White Paper ver. 2.0
Page 25 of 53
8.Applications
This section describes applications to perform jobs. Widgets or other applications that do not handle
secure data are not explained here.
8-1.The basic policy of pre-installation applications
Pre-installed applications are applications that Ricoh provides. They use checklists to inspect illegal
use and leakage of information.
Each pre-installed application is described below. As this document is shared among several products,
there are some products that do not support part of the applications described below.
8-2.Quick Copy/Quick Scanner/Quick Fax applications
8-2-1.Specifications
The Quick applications use a simpler user interface provided by the SOP, while in the background
using the standard copy/scan/fax functionality of the main unit system.
8-2-2.Data flow
Settings for each job are configured and jobs are performed using the main unit system.
The preview function of Quick Scanner/Quick Fax is applied to the non-persistent memory area in
RAM to display previews obtained from the main unit system.
8-2-3. Data flow security
Job settings are configured on the SOP and internally sent to the main unit system.
The data flow after it is sent is the same with that on the main unit system. Accordingly, Image data
and so on are protected by the security system of the main unit system
As the preview image of Quick Scanner and Quick Fax are stored on the RAM, the data is released
immediately after data access is terminated.
When the main unit system is continuously used, the non-persistent memory area in RAM is
overwritten by its applications or other applications for reuse, and it is initialized when the machine is
turned off.
8-2-4. Log
Same as the main unit system. Please refer to its device security white paper.
Smart Operation Panel Security White Paper ver. 2.0
Page 26 of 53
8-3.Printer/Quick Print Release/Copy/Scanner/Fax applications
8-3-1.Functional specifications
The main MFP unit’s functions for copying, scanning, faxing, and printing are available on
the SOP to provide UI with a screen configurations easier for user than those of normal applications.
8-3-2.Data flow
Settings for each job are configured and jobs are performed using the main unit system.
However, the preview function of Quick Printer application/Smart Scanner/Smart Fax
displays previews obtained from the main MFP unit by copying them to the non-persistent
memory area.
8-3-3.Data flow security
Security settings are configured on the SOP and internally applied to the controller, so that
job data is sent.
The data flow on the SOP when it receives a job is the same with that on the main unit
system. Accordingly, images on the SOP are protected by the security system applied to the
main unit system.
Because previews of Quick Print Release application/Scanner/Fax are copied to the
non-persistent memory area, the memory is released immediately when data access ends.
When the MFP is further used, the memory area is overwritten by its applications or other
applications for reuse, and it is initialized when the machine is turned off.
8-3-4.Log
Same with that of the main unit system.
* MP C306ZSP/MP C306ZSPF/MP C406ZSP/MP C406ZSPF do not support these applications.
8-4.Web browser
The SOP is installed with the standard browser of Android.
Functional differences include functions to print Web pages and prevent users other than the
machine administrator from changing the browser setting.
Accordingly, the security specifications applied to the SOP's browser are the same with those to
Android.
Smart Operation Panel Security White Paper ver. 2.0
Page 27 of 53
8-4-1.Web browser functions
Web browser functions allow users to view Web contents on the network. These functions can be
used by users with the privileges for.
8-4-2.Bookmark functions
The Bookmark function allows a website to be pre-registered, so the website can be accessed
without having to enter the full URL. All stored Bookmarks are available to all users (Not specific user)
Registering or deleting a bookmark can be performed by any user with user privileges.
8-4-3.History functions
History function allows websites that are accessed before to be registered automatically so the
website can be accessed without having to enter the full URL..
The login user's history data is deleted when the user logs out.
8-4-4.Web contents print functions
Web contents print functions allow users to print Web contents that are displayed on the SOP.
Only users with print privileges can print using these functions.
8-4-5.Functions to view or store PDF files
The Web browser enables users to view or store PDF files.
To view a PDF file, its URL is accessed, stored in the non-persistent memory area in RAM,
and displayed on the new tab.
Closing the tab deletes the stored data.
A PDF file being viewed can be stored in an SD/USB memory. The administrator can
enable or disable the SD/USB memory.
Types of support provided for PDF security are as follows:
Table 5: PDF Security-related support
Function Current support
Encryption AES128/256
Viewing password Available
Authority password Not supported
Digital signature Not supported
Smart Operation Panel Security White Paper ver. 2.0
Page 28 of 53
8-4-6.Administration functions
Administration functions include those to control the browser's behavior.
These functions are identical with Android's standard browser. No proprietary functions by Ricoh
are added.
.
These setting values are uniquely configured as a system, and user-specific settings are not
available
The machine administrator can configure these settings.
These settings can be deleted by executing “Reset to the factory-default setting” on the browser's
configuration menu or by performing Screen Features - Screen Device Setting – Initialize Screen
Feature Setting.
These settings are stored in the eMMC NAND of the SOP. They are not encrypted.
A list of the setting items under the browser setting
Table 6: Browser setting item list
Items Explanation
Page contents settings
Text size Text sizes can be specified
Default magnification ratio Magnification ratios can be specified.
Full screen display A new page is displayed in full screen.
Text encoding Text encoding can be specified.
Blocking pop-ups Pop-ups can be blocked.
Image scanning Images can be displayed on a Web page
Page auto-adjust Page sizes can be changed to fit to screens.
Displaying pages always
horizontally
Pages are always displayed horizontally.
Enabling JavaScript JavaScript is enabled.
Enabling plug-ins Plug-ins are enabled.
Opening background pages A new window is opened in the background
of the window currently displayed.
Home page setting Any page can be used as the home page.
Privacy settings
Deleting cached data Cached contents and database on
computers are deleted.
Deleting the history The browser's history is deleted.
Smart Operation Panel Security White Paper ver. 2.0
Page 29 of 53
Accepting cookies Cookies sent from a website can be stored
and scanned.
Deleting all cookies All cookies stored in the browser are
deleted.
Storing form data Data entered in forms are stored and called
later.
Deleting form data All stored form data is deleted.
Enabling location information A website is allowed to access the user's
current location information.
Disabling location information Access from a website to the user's location
information is disabled.
Security settings
Saving passwords User names and passwords on Web sites
are saved.
Deleting passwords All saved passwords are deleted.
Security warning A warning message appears if a site has
security vulnerabilities.
Advanced settings
Search engine settings Search engines can be selected.
Website settings Advanced settings for individual websites
can be configured.
Resetting to the default
setting
Current settings are reset to the default
setting.
8-4-7.Encrypted communication
Applying encrypted communications using SSL/TLS reduces risks of information leakage
by wiretapping. SSL3.0/TLS1.0/TLS1.1/TLS1.2 are supported.
A supported encryption method (CipherSuite) is shown in Appendix 1. It is not possible to
enable/disable the (priority order of) encryption methods.
The root certificates pre-installed in the SOP are shown in Appendix 2.
The machine administrator can add a root certificate from the Screen Features of the SOP
and added root certificates can be deleted from the Screen Features all at once.
Smart Operation Panel Security White Paper ver. 2.0
Page 30 of 53
8-4-8.Displaying URLs
Displaying the URL of a website that users access allows them to check whether they are
connected to a valid site. This can prevent users from accessing illegal sites.
When a website supports encrypted communication, the URL of the site is padded on the left with a
key symbol.
8-4-9.Displaying a web site certificate
Displaying a site certificate for a website that users access allows them to check whether they are
connected to a valid site. This can prevent users from accessing illegal sites.
8-4-10.Temporarily stored data
Cached data, cookies, history, form data (only when form data settings are enabled), user names
and passwords logging in URLs (only if [Remember Password] setting is enabled), and browser
setting information are recorded. Cached data, cookies and history are automatically deleted when
user logout is performed.
8-4-11.Browser security
Document data or user information cannot be accessed from browser application. Accordingly,
data stored in the SOP cannot be stolen even when users access illegal sites. If an access to the main
unit system is attempted, an alert message indicating no access is allowed is displayed
Also, it is internally blocked to download or install applications over the browser although no error
message is displayed. Accordingly, malware or other malicious applications cannot be installed
unintentionally.
These measures prevent the SOP from receiving attacks over the browser.
The measures above explained are also applied to PDF/JavaScript/HTML 5, so that no
access to the persistent area inside the machine is possible.
As described in 9.3, the security specifications of this browser is equal to those of Android’s standard
web browser. In an environment where using the standard browser is prohibited, it is possible to
prohibit the browser from being used by not assigning privileges to use the browser.
8-5.Print/Scan (Memory Storage Device)
8-5-1.Specification
Media Print and Scanner applications provide the functions of Media Print and
ScanToMedia.
Smart Operation Panel Security White Paper ver. 2.0
Page 31 of 53
・Media Print
Uses the print function of the main unit system and performs printing by connecting an
external media to the SOP, scanning images stored in the external media.
・ScanToMedia
Stores in an external media the image scanned by using the scanner function of the main
unit system after connecting the external media to the SOP.
8-5-2.Data flow
Settings for print/scan jobs are configured and jobs are performed using the main unit
system.
8-5-3.Data flow security
Security settings are configured on the SOP and internally applied to the main unit system,
so that job data is sent.
Images in the main unit system are protected by the security system applied to the main
unit system.
The data stored in the non-persistent memory area of the SOP is released immediately data
access is terminated.
When the MFP is further used, the memory area is overwritten by its applications or other
applications for reuse, and it is initialized when the machine is turned off.
8-5-4.Log
Same with that of the main unit system except described below.
[Differences to the scanner applications of the main unit system]
1. The job log consists of scanning log and storing log, which can be associated as a job.
2. Regarding when to log in, storing log data will be recorded “when the first page of the original is
scanned” and “when data is stored”.
3. If the media is taken out while it is being written, the storing log records the event as a cancellation
by the user
* MP C306ZSP/MP C306ZSPF/MP C406ZSP/MP C406ZSPF do not support these applications.
Smart Operation Panel Security White Paper ver. 2.0
Page 32 of 53
8-6. Check Status application
8-6-1.Functional specifications
Allows users to view job history using copy/scan/fax/print functions
8-6-2.Data flow
After obtaining job histories using copy/scan/fax/print functions that each application stores
on the main unit system, those histories are stored in RAM of the SOP temporarily.
The status check application reads and lists these job histories and provides their details.
8-6-3.Data flow security
As job history is stored in the Non-persistent memory area in RAM of the SOP, they are
initialized when the machine is turned off.
8-7.Quick Card Authentication
8-7-1.Functional specifications
Quick card authentication associates the unique information stored in a card with the
authentication information registered to the address book, so that users can log in to a
machine by holding a registered card over the reader.
An NFC card reader or USB card reader can be used
The machine administrator can enable or disable this function (the default setting is
“disabled”.)
This function is for general users only and it cannot be used for administrator login.
8-7-2.Data flow
・Temporary registration
When user authentication is performed successfully, the Quick Card Authentication
temporarily registers a login user’s authentication information from the address book of the
main unit system to the non-persistent memory area of the SOP.
・Priority user setting
Smart Operation Panel Security White Paper ver. 2.0
Page 33 of 53
Once a priority user is specified, information used for authentication can be registered from
the address book of the main unit system to the non-persistent memory area of the SOP
when the main unit system starts.
Using this function requires pre-registration by the user administrator (the default setting is
“not pre-registered”).
8-7-3.Data flow security
The address book information registered using this function includes user ID, password,
entry ID, user name, copy privilege, Document Server privilege, fax privilege, printer privilege,
scanner privilege, and browser privilege.
Registered data using temporary registration or priority user setting is encrypted using
AES256bit and stored in the non-persistent memory area of the SOP, which is deleted when
the main unit system is shut down.
8-7-4.Log
Same with that of the main unit system. Please refer to its Device Security White Paper.
9.Security Policy for Installation/Updates of Installable
Applications
9-1.Installation/Update of Installable Applications
Applications can be installed or updated through service privilege logins. However, “6. Install or
update from Application Site” can be performed by the machine administrator.
Installation/update can be performed as follows:
1. With a service privilege login, install or update each application using an SD card from the
setting menu.
2. Install or update each application using a batch file from the network
3. Install or update each application through Ricoh servers
4. Install or update each application remotely using a PC utility tool for service representatives
or Web Image Monitor.
5. Package update
6. Install or update from Application Site (refer to 10.2 for details)
The applications which can be installed are limited to those with a Ricoh's original signature.
Applications with a different signature cannot be installed.
This signature uses a 2048-bit RSA encryption key.
Smart Operation Panel Security White Paper ver. 2.0
Page 34 of 53
In addition, firmware updates can be performed through recovery mode.
Only firmware updates with the Ricoh's unique signature can be installed.
This signature uses a 2048-bit RSA encryption key.
The administrator can prohibit installations/updates of applications and firmware updates by
enabling the setting to prevent firmware updates of applications from the System Settings.
Firmware is updated when 1, 2, or 5 above is performed.
Below shown are signature verification algorithms used for application or firmware/installation or
update.
Table 7: Signature verification algorithms
Signature verification
applied at
Signature
verification
algorithm
CAVP verification list
Application
installation/update
RSA 2048bit
(MD5-hash)
http://csrc.nist.gov/groups/STM/cavp/docum
ents/dss/rsanewval.html#1627
http://csrc.nist.gov/groups/STM/cavp/docum
ents/shs/shaval.htm#2644
Firmware update RSA 2048bit
(SHA-1 hash)
http://csrc.nist.gov/groups/STM/cavp/docum
ents/dss/rsanewval.html#1626
http://csrc.nist.gov/groups/STM/cavp/docum
ents/shs/shaval.htm#2643
9-2. Installation/Update from Application Site
9-2-1.Configuring Application Site
When starting Application Site for the first time, save to the control panel the regional code
and extension code (sales company code) both of which the user specifies. Whenever
starting it, send both codes to the Application Site server. When an installation or update is
performed on the Application Site server, communication is performed with two servers that
are the Application server and the application distribution server. For communications with
the Application Site server, refer to the white paper published separately.
The explanation below is about communications to the application distribution server.
Smart Operation Panel Security White Paper ver. 2.0
Page 35 of 53
9-2-2. Installing/updating/deleting applications
Data flows are shown to install, update, or delete applications via Application Site.
For firmware update via Application Site, as it is performed using the firmware update system of the
MFP’s main unit, refer to the specifications explanations of the MFP’s main unit.
Smart Operation Panel Security White Paper ver. 2.0
Page 36 of 53
Diagram 6: Data flow between the control panel and the application delivery service (for
installation)
Smart Operation Panel Security White Paper ver. 2.0
Page 37 of 53
Diagram 7: Data flow between the control panel and the application delivery
service (for update)
Diagram 8: Data flow between the control panel and the application delivery service (for deletion)
9-2-3. Communication protocols
Below shown are communication hosts, ports, and protocols that are used for communications between
devices and the application delivery service
Table 8: Communication protocols between devices and the application delivery service
Connected to Communication host Port Protocol
Application
delivery service
support.ricoh.com 443 HTTPS
e2-as1.support-download.com 443 HTTPS
e2-cs2.support-download.com 443 HTTPS
Smart Operation Panel Security White Paper ver. 2.0
Page 38 of 53
9-2-4. Encrypting communication paths
Below shown are encryption methods applied to communication paths between devices and the
application delivery service.
Table 9: Encryption methods for communication paths
Connected to Certificate used HTTPS protocol and its
version
Application
delivery service
sha256RSA2048bit
(root certificate)
TLSv1.0
(TLSv1.0 , TLSv1.1,
TLSv1.2 in the IPv6
environment)
9-2-5. Using Application Site under a proxy environment
As communications via the Internet is needed to use the application delivery service, to use it under a
proxy environment, the proxy setting needs to be configured from the network setting in the initial settings
of the control panel.
To use authentication for a proxy server, it is needed to specify the user name and password of the proxy
server by using main unit system / SOP’s screen feature setting.
The specified user name and password are not sent to the application delivery service.
10.Data Protection
10-1.Protection of data within the main unit system
The SOP accesses the main unit system’s data. However, this internal data is protected by the main
unit system’s access control.
10-2.Protection of data within the SOP
It is only possible to install applications with the Ricoh's original signature on the SOP. This
means that it is only possible to install applications that are created by Ricoh and Ricoh Developer
program partners and then tested by Ricoh to check that no unauthorized actions take place.
With this, it can be guaranteed that data gathering/loss cannot occur due to unauthorized
applications.
Smart Operation Panel Security White Paper ver. 2.0
Page 39 of 53
In addition, as a means for accesses from outside MFP, there are remote firmware updates for
installable applications via wireless LAN or the main unit system’s LAN connection.
For this purpose, a web server has been prepared for the SOP.
However, this server process does not contain any other content, and this this process cannot directly
access the file systems of the SOP.
Therefore these I/F cannot access the data in SOP.
USB devices (camera and card reader) cannot input/output data without applications to use their
functions. Application installation is possible by service privilege and machine administrator as
previously written.
As a result, so safety protection from external access is guaranteed.
Also as stated in 3.1, no data input or output is possible unless a USB device (camera, card reader)
is provided with an application for data input or output.
Only the service or machine administrator can install this application, as explained before.
As a USB-connected keyboard cannot input debug commands used for the SOP, it is not possible
to access internal information illegally by using debug commands.
The SOP is not implemented with the Autorun function similar to that of the Windows operating
system. Because of this, a program installed in the USB memory cannot be Autorun even though a
USB memory device is inserted.
Table 10: List of measures taken for installation/implementation of malicious physical I/F software
Smart Operation Panel Security White Paper ver. 2.0
Page 40 of 53
USB memory (Type-A)
Extended USB Type A
Extended USB Type-miniB
SD
Driver - uvdc class driver
- HID class driver
- USB hub deriver
- USB mass storage
-
Prevention
of
installation/i
mplementati
on of
malicious
software
1. Because of the signature verification
function, no illegal software can be installed on
the SOP. For this, even though an illegal
software application is found in a USB memory
device, it is not possible to install the
application.
2. The SOP is not equipped with functions to
directly execute a program installed in a USB
memory device.
3. It is possible to execute a program installed in
a USB memory device by calling it from a
software application installed on the SOP.
However, as mentioned in 1 above, no illegal
software can be installed, so that it is unlikely
that an illegal program in a USB memory device
is called from the software installed on the SOP.
4. The SOP is not implemented with the
Autorun function similar to that of the Windows
operating system. Because of this, a program
installed in the USB memory cannot be Autorun
even though a USB memory device is inserted.
5. Operations that can be performed using a
keyboard or mouse are the same as those that
can be performed by touching the panel.
Normal user authentication and access control
protections are provided.
1. Thanks to the signature verification
function, no illegal software can be
installed on the SOP. For this, even
though an illegal software application is
found in an SD card, it is not possible to
install the application.
2. The SOP is not equipped with functions
to directly execute a program installed in
an SD card.
3. It is possible to execute a program
installed in an SD card by calling it from a
software application installed on the SOP.
However, as mentioned in 1 above, no
illegal software can be installed, so that it
is unlikely that an illegal program in an SD
card is called from the software installed
on SOP.
4. The SOP is not implemented with the
Autorun function similar to that of the
Windows operating system. Because of
this, a program installed in the SD cannot
be Autorun even though a SD memory
device is inserted.
Smart Operation Panel Security White Paper ver. 2.0
Page 41 of 53
6. As a USB-connected keyboard cannot input
debug commands used for the SOP, it is not
possible to access internal information illegally
by using debug commands.
7. Firmware and application installation on the
SOP is protected by access control. In addition,
because of signature verification, no illegal
software can be installed. Accordingly no illegal
application can be installed even though an
illegal keyboard or mouse is connected.
Disabling I/F ・The service/machine administrator can disable
the USB mass storage function.
・The machine administrator can disable
this function.
11.Security Considerations
11-1.Protection of user information
User information (document information and address book information) is not stored within the SOP
but within the main unit system only.
The access control of the main unit system protects user information. However, authentication
information used for Quick Card Authentication is encrypted and stored in the non-persistent memory
area of the SOP. This information cannot be accessed from applications other than Quick Card
Authentication. Also it is deleted when the system shuts down. Due to this, unauthorized access or
leaking of user data through SOP applications (including the browser) does not occur.
11-2.Countermeasures for Android vulnerabilities
The main vulnerabilities found on general Android devices are unwanted behaviour or the sending
of the device’s information to a third party due to the installation of malware in an application, and
unauthorized applications exploit Android’s vulnerabilities.
It is not possible to install applications which do not have a Ricoh's unique signature attached, and
installing other applications will result in an error when they are being installed. In other words, SOP
does not support any digital application distribution platform such as represented by Google Play.
Due to this, the installation of unauthorized applications is not possible, and general Android
vulnerabilities are not exploited on the SOP.
Also, vulnerabilities disclosed from CERT and so on are checked and responded occasionally.
Since Ricoh’s proprietary customization was applied to the Android OS, responding to disclosed
Smart Operation Panel Security White Paper ver. 2.0
Page 42 of 53
vulnerabilities includes checking whether vulnerable source codes are used or not, and if they are
used, it is judged whether security measures should be taken or not, considering difficulty levels and
chances of attacks on the vulnerabilities, importance of assets, severity of security measures. If
security measures are needed, policies for them are decided including necessity and methods of
applying those measures to machines in the market. When it is judged that security measures should
be taken and security patches have been released, a version using the security patches as the base is
created, and if no security patches are available, a version using security patches compiled within the
company is created.
11-3.Security for the wireless connection when it is enabled
When the wireless connection is enabled, connection to installable applications or the main
unit system will be possible, as stated in 4.4 above.
11-3-1.Security of connection to installable applications
No application installed by default supports wireless communication. If a communication
request is sent to installable applications, the request is cancelled and not processed.
Accordingly, any data of the SOP is retrieved, tampered, or destroyed using this I/F.
11-3-2.Connection security to the main unit system
1. Wireless and LAN for the Wireless Direct connection function
The Wireless Direct connection function relates to the Wireless network of SOP and the
LAN of the main unit system. For this, security considerations attributed to these features are
described below.
2. Bypass connection from Wireless to LAN
Using this connection function, communications using Wireless are notified to the network
processing module of the main unit system directly and internally.
For this, any communication information related to this Wireless is not transmitted to the
LAN environment that the main unit system connects to.
Accordingly, no communication from Wireless to devices networked with the LAN
environment (bypass connection) occurs.
3. Effective range of the security setting
The security settings are common for both wireless LAN of SOP and LAN of main unit system. This
indicates that security policies applicable to Wireless and LAN are the same.
Administrators are expected to apply security policies from this perspective when enabling
this function.
Smart Operation Panel Security White Paper ver. 2.0
Page 43 of 53
11-4.Internet access of the application
Internet access is required depending on the application which is installed in the SOP.
Proxy setting is necessary to use the service that needs internet access under the proxy
environment. Its setting is in the controller or SOP (or both). In addition, some application
needs setting in the application itself. Proxy user name and password are required for the
setting.
The data sent over the Internet depend on service to use. For example, in Application Site,
the installation state of application and serial number are sent, but does not include any user
data.
12.Term dictionary
SOP: Smart Operation Panel
SOP firmware: Firmware for the SOP, an individual part of the system
Installable applications: Applications for the SOP which can be installed and used separately from
the SOP firmware
Service privilege: Login by a service representative to change the SOP's settings for the service
representative who performs confidential operations.
Quick Copy/Quick Scanner/Quick Fax application: An application that features simpler screen
configurations using the copying, scanning and fax functions of the main system.
Operation Panel default settings: Indicates the SOP’s default settings.
Default settings: Indicates the main system’s default settings.
13.Appendix
Appendix 1: WebCipherSuite supported by web browsers (in order of precedence)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA
Smart Operation Panel Security White Paper ver. 2.0
Page 44 of 53
TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA
TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA
TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
Smart Operation Panel Security White Paper ver. 2.0
Page 45 of 53
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_RC4_128_SHA
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
TLS_ECDH_RSA_WITH_RC4_128_SHA
TLS_ECDH_ECDSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5
TLS_EMPTY_RENEGOTIATION_INFO_SCSV
Appendix 2: Root certificates pre-installed in the SOP
Subject Signature Algorithm
/C=US/O=thawte,Inc./OU=Certification Services
Division/OU=(c) 2006 thawte,Inc. - For authorized use
only/CN=thawte Primary Root CA sha1WithRSA2048
/OU=Copyright (c) 1997 Microsoft Corp./OU=Microsoft
Corporation/CN=Microsoft Root Authority md5WithRSA2048
/C=US/O=Wells Fargo WellsSecure/OU=Wells Fargo Bank
NA/CN=WellsSecure Public Root Certificate Authority sha1WithRSA2048
/C=TR/O=Elektronik Bilgi Guvenligi A.S./CN=e-Guven Kok
Elektronik Sertifika Hizmet Saglayicisi sha1WithRSA2048
/C=US/ST=Arizona/L=Scottsdale/O=Starfield
Technologies,Inc./CN=Starfield Services Root Certificate
Authority - G2 sha256WithRSA2048
/OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign sha1WithRSA2048
/C=ES/L=C/ Muntaner 244 Barcelona/CN=Autoridad de
Certificacion Firmaprofesional CIF
A62634068/[email protected] sha1WithRSA2048
/[email protected]/C=EE/O=AS sha1WithRSA2048
Smart Operation Panel Security White Paper ver. 2.0
Page 46 of 53
Sertifitseerimiskeskus/CN=Juur-SK
/C=DK/O=TDC/CN=TDC OCES CA sha1WithRSA2048
/O=Digital Signature Trust Co./CN=DST Root CA X3 sha1WithRSA2048
/C=FR/O=Certplus/CN=Class 2 Primary CA sha1WithRSA2048
/C=ES/ST=Madrid/L=Madrid/O=IPS Certification Authority s.l.
ipsCA/OU=ipsCA/CN=ipsCA Global CA
Root/[email protected] sha1WithRSA2048
/C=US/O=Digital Signature Trust/OU=DST ACES/CN=DST
ACES CA X6 sha1WithRSA2048
/C=ES/O=FNMT/OU=FNMT Clase 2 CA sha1WithRSA1024
/C=TW/O=Government Root Certification Authority sha1WithRSA4096
/C=DE/O=TC TrustCenter GmbH/OU=TC TrustCenter
Universal CA/CN=TC TrustCenter Universal CA III sha1WithRSA2048
/C=DE/O=T-Systems Enterprise Services
GmbH/OU=T-Systems Trust Center/CN=T-TeleSec GlobalRoot
Class 3 sha256WithRSA2048
/OU=GlobalSign Root CA - R3/O=GlobalSign/CN=GlobalSign sha256WithRSA2048
/C=EU/L=Madrid (see current address at
www.camerfirma.com/address)/serialNumber=A82743287/O=A
C Camerfirma S.A./CN=Chambers of Commerce Root - 2008 sha1WithRSA4096
/C=US/O=The Go Daddy Group,Inc./OU=Go Daddy Class 2
Certification Authority sha1WithRSA2048
/C=US/O=Starfield Technologies,Inc./OU=Starfield Class 2
Certification Authority sha1WithRSA2048
/C=US/O=GeoTrust Inc./OU=(c) 2007 GeoTrust Inc. - For
authorized use only/CN=GeoTrust Primary Certification
Authority - G2 ecdsa-with-SHA384
/C=DE/O=TC TrustCenter GmbH/OU=TC TrustCenter Class 2
CA/CN=TC TrustCenter Class 2 CA II sha1WithRSA2048
/C=KR/O=KISA/OU=Korea Certification Authority
Central/CN=KISA RootCA 3 sha1WithRSA2048
/C=US/O=Network Solutions L.L.C./CN=Network Solutions
Certificate Authority sha1WithRSA2048
/C=US/O=America Online Inc./CN=America Online Root
Certification Authority 2 sha1WithRSA4096
/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate
Signing/CN=StartCom Certification Authority sha1WithRSA4096
/O=Cybertrust,Inc/CN=Cybertrust Global Root sha1WithRSA2048
/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert sha1WithRSA2048
Smart Operation Panel Security White Paper ver. 2.0
Page 47 of 53
Global Root CA
/C=CH/O=WISeKey/OU=Copyright (c) 2005/OU=OISTE
Foundation Endorsed/CN=OISTE WISeKey Global Root GA CA sha1WithRSA2048
/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust
Root sha1WithRSA2048
/C=SE/O=AddTrust AB/OU=AddTrust External TTP
Network/CN=AddTrust External CA Root sha1WithRSA2048
/C=CH/O=SwissSign AG/CN=SwissSign Gold CA - G2 sha1WithRSA4096
/C=NL/O=Staat der Nederlanden/CN=Staat der Nederlanden
Root CA - G2 sha256WithRSA4096
/O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref.
(limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net
Certification Authority (2048) sha1WithRSA2048
/C=TR/L=Gebze - Kocaeli/O=T\xC3\xBCrkiye Bilimsel ve
Teknolojik Ara\xC5\x9Ft\xC4\xB1rma Kurumu -
T\xC3\x9CB\xC4\xB0TAK/OU=Ulusal Elektronik ve Kriptoloji
Ara\xC5\x9Ft\xC4\xB1rma Enstit\xC3\xBCs\xC3\xBC -
UEKAE/OU=Kamu Sertifikasyon
Merkezi/CN=T\xC3\x9CB\xC4\xB0TAK UEKAE K\xC3\xB6k
Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1 -
S\xC3\xBCr\xC3\xBCm 3 sha1WithRSA2048
/C=US/O=Entrust,Inc./OU=See
www.entrust.net/legal-terms/OU=(c) 2009 Entrust,Inc. - for
authorized use only/CN=Entrust Root Certification Authority -
G2 sha256WithRSA2048
/C=CH/O=SwissSign AG/CN=SwissSign Platinum CA - G2 sha1WithRSA4096
/C=KR/O=KISA/OU=Korea Certification Authority
Central/CN=KISA RootCA 1 sha1WithRSA2048
/C=US/O=GTE Corporation/OU=GTE CyberTrust
Solutions,Inc./CN=GTE CyberTrust Global Root md5WithRSA1024
/C=DE/O=Deutsche Telekom AG/OU=T-TeleSec Trust
Center/CN=Deutsche Telekom Root CA 2 sha1WithRSA2048
/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST
Network/OU=http://www.usertrust.com/CN=UTN - DATACorp
SGC sha1WithRSA2048
/C=DE/O=TC TrustCenter GmbH/OU=TC TrustCenter
Universal CA/CN=TC TrustCenter Universal CA I sha1WithRSA2048
/C=CH/O=SwissSign AG/CN=SwissSign Silver CA - G2 sha1WithRSA4096
/C=US/O=VeriSign,Inc./OU=VeriSign Trust Network/OU=(c) sha256WithRSA2048
Smart Operation Panel Security White Paper ver. 2.0
Page 48 of 53
2008 VeriSign,Inc. - For authorized use only/CN=VeriSign
Universal Root Certification Authority
/CN=T\xC3\x9CRKTRUST Elektronik Sertifika Hizmet
Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1/C=TR/L=Ankara/
O=T\xC3\x9CRKTRUST Bilgi \xC4\xB0leti\xC5\x9Fim ve
Bili\xC5\x9Fim G\xC3\xBCvenli\xC4\x9Fi Hizmetleri A.\xC5\x9E.
(c) Kas\xC4\xB1m 2005 sha1WithRSA2048
/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA 2 sha1WithRSA2048
/C=FR/ST=France/L=Paris/O=PM/SGDN/OU=DCSSI/CN=IGC/
A/[email protected] sha1WithRSA2048
/C=US/O=Equifax/OU=Equifax Secure Certificate Authority sha1WithRSA1024
/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA
Limited/CN=COMODO Certification Authority sha1WithRSA2048
/C=HU/L=Budapest/O=NetLock Halozatbiztonsagi
Kft./OU=Tanusitvanykiadok/CN=NetLock Uzleti (Class B)
Tanusitvanykiado md5WithRSA1024
/C=BM/O=QuoVadis Limited/OU=Root Certification
Authority/CN=QuoVadis Root Certification Authority sha1WithRSA2048
/C=US/O=VeriSign,Inc./OU=VeriSign Trust Network/OU=(c)
2007 VeriSign,Inc. - For authorized use only/CN=VeriSign
Class 3 Public Primary Certification Authority - G4 ecdsa-with-SHA384
/C=HU/L=Budapest/O=NetLock
Kft./OU=Tan\xC3\xBAs\xC3\xADtv\xC3\xA1nykiad\xC3\xB3k
(Certification Services)/CN=NetLock Arany (Class Gold)
F\xC5\x91tan\xC3\xBAs\xC3\xADtv\xC3\xA1ny sha256WithRSA2048
/C=HU/L=Budapest/O=NetLock Halozatbiztonsagi
Kft./OU=Tanusitvanykiadok/CN=NetLock Expressz (Class C)
Tanusitvanykiado md5WithRSA1024
/C=US/O=thawte,Inc./OU=Certification Services
Division/OU=(c) 2008 thawte,Inc. - For authorized use
only/CN=thawte Primary Root CA - G3 sha256WithRSA2048
/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert
Assured ID Root CA sha1WithRSA2048
/C=US/O=Wells Fargo/OU=Wells Fargo Certification
Authority/CN=Wells Fargo Root Certificate Authority sha1WithRSA2048
/C=PL/O=Unizeto Sp. z o.o./CN=Certum CA sha1WithRSA2048
/C=US/O=VISA/OU=Visa International Service
Association/CN=Visa eCommerce Root sha1WithRSA2048
/C=NO/O=Buypass AS-983163327/CN=Buypass Class 2 CA 1 sha1WithRSA2048
Smart Operation Panel Security White Paper ver. 2.0
Page 49 of 53
/C=US/O=VeriSign,Inc./OU=Class 3 Public Primary Certification
Authority - G2/OU=(c) 1998 VeriSign,Inc. - For authorized use
only/OU=VeriSign Trust Network sha1WithRSA1024
/C=US/O=Equifax Secure Inc./CN=Equifax Secure Global
eBusiness CA-1 md5WithRSA1024
/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA
Limited/CN=AAA Certificate Services sha1WithRSA2048
/C=US/O=VeriSign,Inc./OU=Class 3 Public Primary Certification
Authority sha1WithRSA1024
/C=US/OU=www.xrampsecurity.com/O=XRamp Security
Services Inc/CN=XRamp Global Certification Authority sha1WithRSA2048
/C=FR/O=Certinomis/OU=0002 433998903/CN=Certinomis -
Autorit\xC3\xA9 Racine sha1WithRSA4096
/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA sha1WithRSA2048
/C=DE/O=TC TrustCenter GmbH/OU=TC TrustCenter Class 3
CA/CN=TC TrustCenter Class 3 CA II sha1WithRSA2048
/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 2 sha1WithRSA4096
/L=ValiCert Validation Network/O=ValiCert,Inc./OU=ValiCert
Class 3 Policy Validation
Authority/CN=http://www.valicert.com//emailAddress=info@vali
cert.com sha1WithRSA1024
/C=US/O=VeriSign,Inc./OU=VeriSign Trust Network/OU=(c)
1999 VeriSign,Inc. - For authorized use only/CN=VeriSign
Class 3 Public Primary Certification Authority - G3 sha1WithRSA2048
/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert
High Assurance EV Root CA sha1WithRSA2048
/O=RSA Security Inc/OU=RSA Security 2048 V3 sha1WithRSA2048
/CN=T\xC3\x9CRKTRUST Elektronik Sertifika Hizmet
Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1/C=TR/L=ANKARA
/O=(c) 2005 T\xC3\x9CRKTRUST Bilgi \xC4\xB0leti\xC5\x9Fim
ve Bili\xC5\x9Fim G\xC3\xBCvenli\xC4\x9Fi Hizmetleri
A.\xC5\x9E. sha1WithRSA2048
/C=US/ST=Arizona/L=Scottsdale/O=Starfield
Technologies,Inc./CN=Starfield Root Certificate Authority - G2 sha256WithRSA2048
/C=US/O=AffirmTrust/CN=AffirmTrust Networking sha1WithRSA2048
/C=US/O=GeoTrust Inc./CN=GeoTrust Universal CA 2 sha1WithRSA4096
/C=RO/O=certSIGN/OU=certSIGN ROOT CA sha1WithRSA2048
/C=CN/O=CNNIC/CN=CNNIC ROOT sha1WithRSA2048
/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA ecdsa-with-SHA384
Smart Operation Panel Security White Paper ver. 2.0
Page 50 of 53
Limited/CN=COMODO ECC Certification Authority
/C=US/O=Equifax Secure/OU=Equifax Secure eBusiness CA-2 sha1WithRSA1024
/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 3 sha1WithRSA4096
/C=PL/O=Unizeto Technologies S.A./OU=Certum Certification
Authority/CN=Certum Trusted Network CA sha1WithRSA2048
/C=HK/O=Hongkong Post/CN=Hongkong Post Root CA 1 sha1WithRSA2048
/C=US/O=GeoTrust Inc./CN=GeoTrust Primary Certification
Authority sha1WithRSA2048
/C=TW/O=Chunghwa Telecom Co.,Ltd./OU=ePKI Root
Certification Authority sha1WithRSA4096
/C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security
Communication EV RootCA1 sha1WithRSA2048
/C=EU/L=Madrid (see current address at
www.camerfirma.com/address)/serialNumber=A82743287/O=A
C Camerfirma S.A./CN=Global Chambersign Root - 2008 sha1WithRSA4096
/C=EU/O=AC Camerfirma SA CIF
A82743287/OU=http://www.chambersign.org/CN=Global
Chambersign Root sha1WithRSA2048
/C=US/O=Digital Signature Trust Co./OU=DSTCA E2 sha1WithRSA1024
/C=JP/O=SECOM Trust.net/OU=Security Communication
RootCA1 sha1WithRSA2048
/C=FI/O=Sonera/CN=Sonera Class2 CA sha1WithRSA2048
/C=US/O=thawte,Inc./OU=(c) 2007 thawte,Inc. - For authorized
use only/CN=thawte Primary Root CA - G2 ecdsa-with-SHA384
/C=JP/O=Japan Certification Services,Inc./CN=SecureSign
RootCA11 sha1WithRSA2048
/C=HU/ST=Hungary/L=Budapest/O=NetLock Halozatbiztonsagi
Kft./OU=Tanusitvanykiadok/CN=NetLock Kozjegyzoi (Class A)
Tanusitvanykiado md5WithRSA2048
/C=ES/O=Agencia Catalana de Certificacio (NIF
Q-0801176-I)/OU=Serveis Publics de Certificacio/OU=Vegeu
https://www.catcert.net/verarrel (c)03/OU=Jerarquia Entitats de
Certificacio Catalanes/CN=EC-ACC sha1WithRSA2048
/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root
CA sha1WithRSA2048
/C=TW/O=TAIWAN-CA/OU=Root CA/CN=TWCA Root
Certification Authority sha1WithRSA2048
/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com,Inc./CN=Go
Daddy Root Certificate Authority - G2 sha256WithRSA2048
Smart Operation Panel Security White Paper ver. 2.0
Page 51 of 53
/L=ValiCert Validation Network/O=ValiCert,Inc./OU=ValiCert
Class 2 Policy Validation
Authority/CN=http://www.valicert.com//emailAddress=info@vali
cert.com sha1WithRSA1024
/C=US/O=America Online Inc./CN=America Online Root
Certification Authority 1 sha1WithRSA2048
/C=US/O=SecureTrust Corporation/CN=Secure Global CA sha1WithRSA2048
/C=US/O=Entrust,Inc./OU=www.entrust.net/CPS is
incorporated by reference/OU=(c) 2006 Entrust,Inc./CN=Entrust
Root Certification Authority sha1WithRSA2048
/C=US/O=Digital Signature Trust Co./OU=DSTCA E1 sha1WithRSA1024
/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting
cc/OU=Certification Services Division/CN=Thawte Premium
Server CA/[email protected] sha1WithRSA2048
/C=AT/O=A-Trust Ges. f. Sicherheitssysteme im elektr.
Datenverkehr
GmbH/OU=A-Trust-nQual-03/CN=A-Trust-nQual-03 sha1WithRSA2048
/C=US/O=VeriSign,Inc./OU=VeriSign Trust Network/OU=(c)
1999 VeriSign,Inc. - For authorized use only/CN=VeriSign
Class 4 Public Primary Certification Authority - G3 sha1WithRSA2048
/C=US/O=GeoTrust Inc./OU=(c) 2008 GeoTrust Inc. - For
authorized use only/CN=GeoTrust Primary Certification
Authority - G3 sha256WithRSA2048
/C=CO/O=Sociedad Cameral de Certificaci\xC3\xB3n Digital -
Certic\xC3\xA1mara S.A./CN=AC Ra\xC3\xADz
Certic\xC3\xA1mara S.A. sha1WithRSA4096
/C=US/O=AffirmTrust/CN=AffirmTrust Premium ECC ecdsa-with-SHA384
/C=NL/O=Staat der Nederlanden/CN=Staat der Nederlanden
Root CA sha1WithRSA2048
/C=US/O=SecureTrust Corporation/CN=SecureTrust CA sha1WithRSA2048
/C=ES/CN=Autoridad de Certificacion Firmaprofesional CIF
A62634068 sha1WithRSA4096
/C=DK/O=TDC Internet/OU=TDC Internet Root CA sha1WithRSA2048
/C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security
Communication RootCA2 sha256WithRSA2048
/C=SK/L=Bratislava/O=Disig a.s./CN=CA Disig sha1WithRSA2048
/C=JP/O=Japan Certification Services,Inc./CN=SecureSign
RootCA1 sha1WithRSA2048
/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST sha1WithRSA2048
Smart Operation Panel Security White Paper ver. 2.0
Page 52 of 53
Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Ne
twork Applications
/C=US/O=AffirmTrust/CN=AffirmTrust Premium sha384WithRSA4096
/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting
cc/OU=Certification Services Division/CN=Thawte Server
CA/[email protected] sha1WithRSA1024
/C=US/O=AffirmTrust/CN=AffirmTrust Commercial sha256WithRSA2048
/C=ch/O=Swisscom/OU=Digital Certificate
Services/CN=Swisscom Root CA 1 sha1WithRSA4096
/C=US/O=GeoTrust Inc./CN=GeoTrust Universal CA sha1WithRSA4096
/C=US/O=Equifax Secure Inc./CN=Equifax Secure eBusiness
CA-1 md5WithRSA1024
/C=HU/L=Budapest/O=Microsec Ltd./CN=Microsec e-Szigno
Root CA 2009/[email protected] sha256WithRSA2048
/CN=ACEDICOM Root/OU=PKI/O=EDICOM/C=ES sha1WithRSA4096
/C=NO/O=Buypass AS-983163327/CN=Buypass Class 3 CA 1 sha1WithRSA2048
/C=US/O=VeriSign,Inc./OU=Class 4 Public Primary Certification
Authority - G2/OU=(c) 1998 VeriSign,Inc. - For authorized use
only/OU=VeriSign Trust Network sha1WithRSA1024
/C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref.
(limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net
Secure Server Certification Authority sha1WithRSA1024
/C=EU/O=AC Camerfirma SA CIF
A82743287/OU=http://www.chambersign.org/CN=Chambers of
Commerce Root sha1WithRSA2048
/L=ValiCert Validation Network/O=ValiCert,Inc./OU=ValiCert
Class 1 Policy Validation
Authority/CN=http://www.valicert.com//emailAddress=info@vali
cert.com sha1WithRSA1024
/CN=ComSign Secured CA/O=ComSign/C=IL sha1WithRSA2048
/C=HU/L=Budapest/O=Microsec Ltd./OU=e-Szigno
CA/CN=Microsec e-Szigno Root CA sha1WithRSA2048
/CN=EBG Elektronik Sertifika Hizmet
Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1/O=EBG
Bili\xC5\x9Fim Teknolojileri ve Hizmetleri A.\xC5\x9E./C=TR sha1WithRSA4096
/C=JP/O=Japanese Government/OU=ApplicationCA sha1WithRSA2048
/C=US/O=VeriSign,Inc./OU=VeriSign Trust Network/OU=(c)
2006 VeriSign,Inc. - For authorized use only/CN=VeriSign
Class 3 Public Primary Certification Authority - G5 sha1WithRSA2048
Smart Operation Panel Security White Paper ver. 2.0
Page 53 of 53
/C=ES/O=Generalitat Valenciana/OU=PKIGVA/CN=Root CA
Generalitat Valenciana sha1WithRSA2048
/C=FR/O=Dhimyotis/CN=Certigna sha1WithRSA2048
/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST
Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Ha
rdware sha1WithRSA2048