Professional Documents
Culture Documents
2012.02
Ver. 1.02
Revision history
After publication of this service manual, the parts and mechanism may be subject to change for
improvement of their performance.
Therefore, the descriptions given in this service manual may not coincide with the actual machine.
When any change has been made to the descriptions in the service manual, a revised version will be
issued with a revision mark added as required.
Revision mark:
• To indicate clearly a section revised, show 1 to the left of the revised section.
A number within 1 represents the number of times the revision has been made.
• To indicate clearly a section revised, show 1 in the lower outside section of the correspond-
ing page.
A number within 1 represents the number of times the revision has been made.
NOTE
Revision marks shown in a page are restricted only to the latest ones with the old ones deleted.
• When a page revised in Ver. 2.0 has been changed in Ver. 3.0:
The revision marks for Ver. 3.0 only are shown with those for Ver. 2.0 deleted.
• When a page revised in Ver. 2.0 has not been changed in Ver. 3.0:
The revision marks for Ver. 2.0 are left as they are.
CONTENTS
bizhub 42/36
Security function
1. OVERVIEW ............................................................................................................. 1
2. COMPLIANCE WITH THE ISO15408 STANDARD................................................. 1
3. DATA TO BE PROTECTED ..................................................................................... 1
4. PRECAUTIONS FOR OPERATION CONTROL...................................................... 2
Security Function
5. CHECKING THE FIRMWARE VERSION/REVISION NUMBER............................. 4
5.1 Security authentication firmware version number................................................. 4
6. Accessing the Service Mode................................................................................... 4
6.1 Access method to the Service Mode .................................................................... 4
7. ENHANCING THE SECURITY FUNCTION............................................................ 6
7.1 Security enhancing procedure.............................................................................. 6
7.1.1 Making and checking the service settings .................................................... 6
7.1.2 Requests to the administrator ....................................................................... 6
7.1.3 Functions whose settings are changed by Enhanced Security Mode........... 7
8. SERVICE MODE FUNCTIONS............................................................................... 8
8.1 Firmware Version.................................................................................................. 8
8.1.1 Checking the firmware version number......................................................... 8
8.2 Clear Admin Password function............................................................................ 9
8.2.1 Initializing the administrator password .......................................................... 9
8.3 CE Password function......................................................................................... 10
8.3.1 Setting the CE password............................................................................. 10
9. DATA ERASE FUNCTION ..................................................................................... 12
9.1 Data erase procedure ......................................................................................... 12
9.2 Items to be cleared by data erase function......................................................... 12
10. FIRMWARE REWRITING ..................................................................................... 14
10.1 Checking the current firmware version ............................................................... 14
10.2 Firmware upgrading procedure by USB memory device .................................... 14
10.2.1 Preparations for firmware upgrading........................................................... 14
10.3 Firmware upgrading procedure by updater......................................................... 16
10.3.1 Updating method......................................................................................... 16
10.3.2 Checking the version after the firmware update.......................................... 26
10.3.3 Restore All .................................................................................................. 26
11. LOADABLE DRIVER DOWNLOADING ................................................................ 27
11.1 Outline ................................................................................................................ 27
11.2 Downloading procedure...................................................................................... 27
11.2.1 Preparations for loadable driver downloading ............................................. 27
i
Security Function Ver. 1.02 Feb. 2012
ii
Security Function Ver. 1.02 Feb. 2012 1. OVERVIEW
1. OVERVIEW
This Service Manual contains the essential operating procedures and precautions for using
bizhub 42/36
the security functions.
Security Function
3. DATA TO BE PROTECTED
The underlying concept of this machine toward security is “to protect data that can be dis-
closed against the intention of users.”
The following types of image files that have been stored in the machine and made available
for use by its users are protected while the machine is being used.
• Image files stored in the HDD by secured job
• Image files stored as “Personal” in the HDD by scan to HDD
• Image files stored in the HDD by ID & Print
The following data are also counted among the assets to be protected:
• Password
- User passwords and secured job passwords stored in the HDD and CE passwords,
administrator passwords and SNMP passwords stored in the NVRAM
• User identification information
- User identification information stored in the HDD
• IC card information
- User IC card information stored in the HDD
• Trusted channel setting data
- Trusted channel setting data stored in the NVRAM
• External server identification setting data
- External server identification setting data stored in the HDD
The following types of data stored in the HDD, SSD, and NVRAM are protected when use of
a leased machine is terminated at the end of the leasing contract or the machine is to be
discarded, or when the HDD is stolen.
• Image files stored in the HDD by secured job
• Image files stored as “Personal” in the HDD by scan to HDD
• Image files stored in the HDD by ID & Print
• Image files of a job in the queue
• Any image files stored in the HDD data space and SSD data space other than the
Secured Job files, files stored as “Personal” by Scan to HDD, and ID & Print files
• Data files left in the HDD data space and SSD data space, used as image files and not
deleted through the general deletion operation
• Temporary data files generated during print image file processing
• Destination recipient data (e-mail address, telephone number)
• Administrator passwords, SNMP passwords, trusted channel setting data, and machine
setting data stored in the NVRAM
• User identification information, user IC card information, user passwords, secured job
passwords, and external server identification setting data stored in the HDD
* If the HDD is stolen, data is protected by the HDD encryption function, however, the HDD
encryption function is not governed by authentication by the ISO15408.
1
4. PRECAUTIONS FOR OPERATION CONTROL Security Function Ver. 1.02 Feb. 2012
This machine offers the SSL function as a data protection method to ensure confidentiality
of images (scan to HDD files) transmitted and received over the network.
bizhub 42/36
When transmitting and receiving highly confidential image data (secured job files, scan to
HDD files, ID & Print files) among different pieces of IT equipment within an office LAN, the
machine carries out communications with the correct destination via reliable paths or
through anti-sniffing measures, assuming an office environment that responds to most
stringent security requirements.
2
Security Function Ver. 1.02 Feb. 2012 4. PRECAUTIONS FOR OPERATION CONTROL
bizhub 42/36
should check the firmware version number, and make sure that the system has not been
altered.
E. Miscellaneous
The service engineer should explain to the administrator of the machine that the lan-
guages, in which the contents of the User’s Guide [Security Operations] have been evalu-
ated, are Japanese and English. He or she should also explain the way how to get the
manual in the language, in which it is evaluated.
Security Function
In addition, the service engineer should promptly provide the version of the User’s Guide
that has been evaluated for the user whenever the user needs one.
3
5. CHECKING THE FIRMWARE VERSION/REVISION NUMBER Security Function Ver. 1.02
• Confirm the need to enhance or not to enhance the security function with the administra-
tor of this machine: If administrator wants to enhance, check the firmware version/revi-
sion number.
• If the firmware version/revision number of this machine is different from numbers shown
in the list below, it will be necessary to re-write to the following certified firmware version/
revision.
Refer to P.14 for the method of how to re-write the firmware.
Security Function
A3EWS1E034DA
NOTE
• The CE password entered is displayed as “✱.”
• NEVER forget the CE password. When forgetting the CE password, call responsi-
ble person of KMBT.
If the CE password is forgotten, replacement of the MFP board will initialize the
setting values and turn “OFF” the Enhanced Security mode. Be sure to have the
administrator set the Enhanced Security mode back to “ON” again.
4
Security Function Ver. 1.02 Feb. 2012 6. Accessing the Service Mode
• Each time a wrong CE password is entered, the CE password illegal access count
is incremented by one.
bizhub 42/36
When the access to the Service Mode has been successful with the correct CE
password entered, the CE password illegal access count is cleared and reset to 0.
• When “ON” is set for Enhanced Security Mode, access to the Service Mode
through the CE Password is restricted by up to 3 times.
If the CE password illegal access count exceeds 3 times, the machine is then set
into an access lock state.
It is necessary for unlocking the access lock state to restart the machine with main
power switch OFF and ON.
Security Function
(The illegal access count value is cleared by machine’s restart)
• To go from the CE password screen to another, enter the CE password and call the
Service Mode menu to the screen. Then, quit the Service Mode.
A3EWS1E035DA
NOTE
• If you leave the site with the Service Mode setting screen being displayed, unau-
thorized changes could occur for any set values. When you finish the setting of
Service Mode, or if you have to leave the site by necessity when the Service Mode
has been set, be sure to press [Close] and log-out from the Service Mode.
5
7. ENHANCING THE SECURITY FUNCTION Security Function Ver. 1.02 Feb. 2012
• Perform the Enhanced Security Mode procedures while making checks of installation
checklist in User’s Guide [Security Operations].
See P.10
7.1.2 Requests to the administrator
• When making the Enhance Security setting, the Administrator settings must be made.
The administrator must perform or check the following settings.
6
Security Function Ver. 1.02 Feb. 2012 7. ENHANCING THE SECURITY FUNCTION
bizhub 42/36
functions.
Security Function
• To allow or restrict printing which user
and account are not specified.
User List Display Setting OFF OFF (not to be changed)
• To display the list key for User names on
user authentication screen.
SSL OFF ON (not to be changed)
• To set whether to encrypt access by
SSL.
SSL Encryption Strength AES-256,3DES, AES/3DES
• To set the SSL encryption strength for RC4-128,DES, (not to be changed to one contain-
the SSL encryption communication. RC4-40 ing strength lower than AES/3DES)
FTP Server Enable Selection can be made between
• To set whether to use FTP server func- [Enable] and [Disable]
tion or not.
SNMPv1/v2c Read/Write enable Only Read is enabled (not to be
• To use when changing Write setting. changed)
SNMP v3 Security Level and auth-pass- Auth-password/ The security level can be selected
word/priv-password Priv-password from among [authpassword] or
• To set the security level for the Reading/ [auth-password/priv-password].
Writing Authority User which is used for An 8-digit or more auth-password
SNMP v3. or priv-password can both be set.
Administrator Password Change Via Enabled Restrict (not to be changed)
Network (Pagescope Web Connection)
Network firmware update protect Invalid Valid
CS Remote Care Usable Remote device setting disabled
Telnet OFF OFF (not to be changed)
NOTE
• Turning ON the Enhanced Security Mode does not enable the ID & Print function.
To protect image files, be sure to have the administrator enable ID & Print function
manually.
7
8. SERVICE MODE FUNCTIONS Security Function Ver. 1.02 Feb. 2012
A3EW30G0022405
Version
Revision
A3EWS1E036DA
5. Touch [OK].
6. Touch [Boot F/W].
7. Check the Firmware version/revision number of “Boot” using firmware version/revision
number.
A3EW99G0010000
Version
Revision
A3EWS1E037DA
8
Security Function Ver. 1.02 Feb. 2012 8. SERVICE MODE FUNCTIONS
bizhub 42/36
• This function is used when initializing the administrator password. It is therefore used
when the administrator forgets the administrator password or etc.
NOTE
• If the administrator password is initialized by the service engineer, never fail to
have the administrator change the administrator password accordingly.
Security Function
1. Call the Service Mode to the screen.
See P.4
2. Display [002/005] screen of the Service Mode.
3. Touch [Clear Admin Password].
A3EWS1E038DA
A3EWS1E039DA
5. Get the Administrator of the machine to access the Administrator Settings using the
default password. Then, have him or her select the following functions in this order and
change the default password: [Administrator Settings] [Security Settings] [Admin-
istrator Password].
9
8. SERVICE MODE FUNCTIONS Security Function Ver. 1.02 Feb. 2012
• The CE Password function is used to change the CE password to call the Service Mode
to the screen.
A3EWS1E068DA
4. Touch [Password] of the upper section, and enter the 8-digit new CE password using
the screen key board or the 10-key pad.
A3EWS1E040DA
5. Touch [Password] of the lower section, and reenter the 8-digit new CE password using
the screen key board or the 10-key pad.
10
Security Function Ver. 1.02 Feb. 2012 8. SERVICE MODE FUNCTIONS
NOTE
• If Password Rules of Security Settings available from [Administrator Settings]
bizhub 42/36
[Security Details] is set to “ON,” the machine does not accept any new password
that contains only the same character, consists of less than 8 digits, or that is the
same as the previous password.
• In the CE password change display, enter the same CE password to the entry
areas (upper and lower).
• For the CE Password, set a value other than the default.
• Quitting the Service Mode after the new password has been set will validate the
setting of the new password.
Security Function
• NEVER forget the CE password. When forgetting the CE password, call responsi-
ble person of KMBT.
If the CE password is forgotten, replacement of the MFP board will initialize the
setting values and turn “OFF” the Enhanced Security mode. Be sure to have the
administrator set the Enhanced Security mode back to “ON” again.
NOTE
• If there is a mismatch in the CE Password between that typed first and that just
typed, the machine displays a message telling that the CE Password entered is
wrong. In this case, set the CE Password once again.
11
9. DATA ERASE FUNCTION Security Function Ver. 1.02 Feb. 2012
• The data erase function (Overwrite All Data/SSD Low-level Format/Restore All) over-
writes and deletes all data saved in all areas of the HDD and data areas of the SSD, and
resets all passwords stored in NVRAM to the default settings. It can be used when the
machine is to be discarded or use of a leased machine is terminated at the end of the
leasing contract, thereby properly blocking leaks of data.
12
Security Function Ver. 1.02 Feb. 2012 9. DATA ERASE FUNCTION
bizhub 42/36
Trusted channel setting Deletes the trusted channel setting data Restore All
data
External server identifica- Deletes the external server identification Overwrite All Data
tion setting data setting data
Security Function
13
10. FIRMWARE REWRITING Security Function Ver. 1.02 Feb. 2012
A3EWS1E041DA
NOTE
• Be sure to save the firmware data in “drive:/firmware/***.exe.”
• The MFP can display up to 20 files of firmware data during upgrading.
14
Security Function Ver. 1.02 Feb. 2012 10. FIRMWARE REWRITING
bizhub 42/36
2. Connect the USB memory device to the MFP.
3. Call the Service Mode to the screen.
See P.4
4. Display [002/006] screen of the Service Mode.
5. Touch [Firmware Update].
Security Function
A3EWS1E042DA
A3EWS1E043DA
NOTE
• Before upgrading firmware, use [Details] to check that the firmware data is correct.
A3EWS1E044DA
7. Touch [Close].
15
10. FIRMWARE REWRITING Security Function Ver. 1.02 Feb. 2012
A3EWS1E045DA
NOTE
• NEVER disconnect the USB memory device from the MFP during the firmware
upgrading procedure.
11. The MFP is automatically restarted as soon as the firmware is upgraded correctly.
A. System requirements
16
Security Function Ver. 1.02 Feb. 2012 10. FIRMWARE REWRITING
bizhub 42/36
NOTE
• Before starting the firmware updater, turn ON the main power switch of the MFP,
and make sure that it is correctly connected.
Security Function
XXXXXXX
XXXXXXX
A3EWS1E071DA
4. The license agreement is displayed. Select “I agree”, and then click the [Next].
A3EWS1E072DA
17
10. FIRMWARE REWRITING Security Function Ver. 1.02 Feb. 2012
5. The list of printer drivers is displayed. Select the appropriate connection for the environ-
ment where the MFP is being used.
bizhub 42/36
XXXXXXX
XXXXXXX
Security Function
A3EWS1E073DA
NOTE
• If you select “Network port” or “Local port”, make sure that the printer driver has
been installed.
• If you select “Printer IP address”, the firmware can be updated even if a printer
driver is not already installed.
18
Security Function Ver. 1.02 Feb. 2012 10. FIRMWARE REWRITING
bizhub 42/36
2. Select the printer driver, and then click the [Next].
Security Function
A3EWS1E074DA
3. A message appears, requesting confirmation to update the firmware. Click the [Start] to
begin transferring the firmware.
NOTE
• Do not turn off the MFP while its firmware is being updated.
A3EWS1E075DA
19
10. FIRMWARE REWRITING Security Function Ver. 1.02 Feb. 2012
A3EWS1E076DA
5. If the firmware was successfully updated, the MFP will automatically restart.
20
Security Function Ver. 1.02 Feb. 2012 10. FIRMWARE REWRITING
NOTE
bizhub 42/36
• If spooling fails, data may remain in the printer spooler. Delete this data, and then
try again.
Security Function
A3EWS1E077DA
3. Check that the printer is ready and that it is correctly connected, and then click the
[Update again].
A3EWS1E078DA
21
10. FIRMWARE REWRITING Security Function Ver. 1.02 Feb. 2012
A3EWS1E079DA
3. A message appears, requesting confirmation to update the firmware. Click the [Start] to
begin transferring the firmware.
NOTE
• Do not turn off the MFP while its firmware is being updated.
A3EWS1E080DA
22
Security Function Ver. 1.02 Feb. 2012 10. FIRMWARE REWRITING
bizhub 42/36
Security Function
A3EWS1E081DA
5. If the firmware was successfully updated, the MFP will automatically restart.
A3EWS1E082DA
23
10. FIRMWARE REWRITING Security Function Ver. 1.02 Feb. 2012
3. A message appears, requesting confirmation to update the firmware. Click the [Start] to
begin transferring the firmware.
bizhub 42/36
NOTE
• Do not turn off the MFP while its firmware is being updated.
Security Function
A3EWS1E083DA
A3EWS1E084DA
5. If the firmware was successfully updated, the MFP will automatically restart.
24
Security Function Ver. 1.02 Feb. 2012 10. FIRMWARE REWRITING
bizhub 42/36
2. Click [OK].
Security Function
A3EWS1E085DA
3. Check that the MFP is ready and that it is correctly connected, and then click the
[Update again].
A3EWS1E086DA
25
10. FIRMWARE REWRITING Security Function Ver. 1.02 Feb. 2012
See P.4
2. Touch [Firmware Version].
3. Select the firmware to be updated and check the current version.
Security Function
A3EWS1E041DA
26
Security Function Ver. 1.02 Feb. 2012 11. LOADABLE DRIVER DOWNLOADING
bizhub 42/36
11.1 Outline
• When using the machine with user authentication by the IC card, the loadable driver
must be downloaded to the machine to use the IC card reader.
Security Function
A. System requirements
• PC equipped with a USB port
• USB memory device
B. Saving the loadable driver data into the USB memory device
1. Save the loadable driver data in appropriate space in the PC.
2. Connect the USB memory device to the PC.
3. Create a “firmware” folder immediately under the drive of the USB memory device.
4. Copy the loadable driver (***.bin) in the firmware folder created in step 3.
NOTE
• Be sure to save the firmware data in “drive:/firmware/***.bin.”
A3EWS1E062DA
27
11. LOADABLE DRIVER DOWNLOADING Security Function Ver. 1.02 Feb. 2012
6. The loadable driver data list in the USB memory device will be displayed.
bizhub 42/36
Security Function
A3EWS1E063DA
A3EWS1E064DA
NOTE
• NEVER disconnect the USB memory device from the MFP during the loadable
driver downloading procedure.
10. Follow the message on the control panel to reboot the MFP.
A3EWS1E065DA
28
Security Function Ver. 1.02 Feb. 2012 11. LOADABLE DRIVER DOWNLOADING
bizhub 42/36
1. Turn the main power switch ON.
2. Call the Service Mode to the screen.
See P.4
3. Display [004/006] screen of the Service Mode.
Security Function
A3EWS1E070DA
A3EWS1E066DA
29
11. LOADABLE DRIVER DOWNLOADING Security Function Ver. 1.02 Feb. 2012
bizhub 42/36
Security Function
Blank Page
30
© 2011 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.
Printed in Japan
Use of this manual should be strictly supervised to
DDA3EW-A-SE1
avoid disclosure of confidential information.