KYOCERa 3MSC0TKDEN0 Data Encryption Overwrite
Product Information
| Product Name | Data Encryption/Overwrite Functions |
|---|---|
| Manufacturer | Kyocera Document Solutions |
| Website | kyoceradocumentsolutions.com |
Product Usage Instructions
Instructions for General Users (for Both General Users and Administrators)
- Security Functions ………………………………………………………………..2
- Message Display after the Security Functions are Installed …..3
Security Functions:
The security functions enable overwriting and encryption.
Overwriting:
When canceling a job, the machine immediately starts overwriting the data that has already been stored in the SSD (Solid State Drive).
Printers store print jobs as data in the SSD, and print from that data. Users can also store various types of data in the SSD. As the data storage area used for such data remains in the SSD as is until it is overwritten by other data, the data stored here remains restorable using special tools for undesirable use. The security functions delete and overwrite (hereinafter collectively referred to as overwrite(s)) the unnecessary data storage area used for the output data or deleted data to ensure that data cannot be restored. Overwriting is performed automatically, without user intervention.
CAUTION: Do not turn off the power switch during overwriting, as it may crash the SSD. When you cancel a job, the machine immediately starts overwriting the data that has been already stored in the SSD.
Encryption:
Printers store Custom Box and Job Box data in the SSD. To prevent data leakage or tampering if the SSD is stolen, the security functions encrypt the data before storing it in the SSD. Encryption is automatically performed, and no special procedure is required.
CAUTION: Although encryption enhances security, data stored in a Custom Box or Job Box can be decoded by the normal printing operation. Therefore, never store confidential data in a Custom Box or Job Box.
Security Functions
Instructions for Administrators (for Those in Charge of Installation and Operations of the Security Functions)
If any kind of problem occurs during the installation or use of the security functions, please contact your dealer or service technician.
- Installing the Security Functions …………………………………………..4
- Changing Data Security Functions ………………………………………12
- Warning Message……………………………………………………………….15
- Disposal ……………………………………………………………………………..15
- Appendix ……………………………………………………………………………16
Installing the Security Functions:
Before Installation:
- Ensure you have the necessary login credentials for the administrator’s machine.
- Make sure that the service representative must be a person who belongs to the supplying company.
- Install the machine in a safe location with controlled access, and unauthorized access to the machine can be prevented.
- The system will be initialized during installation of the security functions. This means that the data stored in the SSD will be all overwritten. Special attention should be given if you install the security functions on the Printer currently used.
- The network to which the machine is hooked up must be protected by a firewall to prevent extraneous attacks.
Installation
Installation of the security functions should be performed by the service personnel. The administrator should log in the menu to enter the encryption code under the supervision of the service representative.
Encryption Code
An encryption code of 8 alphanumeric characters (0 to 9, A to Z, a to z) to encrypt data needs to be entered. By default, the code is set 00000000.
As an encryption key is then created from this code, it is safe enough to continue using the default code.
CAUTION: Be sure to remember the encryption code you entered. If you need to enter the encryption code again for some reason and you do not enter the same encryption code, all the data stored on the SSD will be overwritten as a security precaution.
Installation Procedure:
- Press the [Menu] key.
- Use the arrow keys to select [Op Functions], and then press the [OK] key.
- The Login screen appears.
- Enter the Login User Name using the numeric keys, and then press the [OK] key. The log in screen reappears.
- Enter the Login Password using the numeric keys, and then press the [OK] key. The Login Password entry screen is displayed.
- Use the arrow keys to select the Login Password entry field, and then press the [OK] key.
- Press the [Menu] key.
- Press the
or 
key to select [Op Functions], and then press the [OK] key. - The Login screen appears.
NOTE: When user login administration is set:
- When logged in as an administrator, the log in screen is not displayed and the System/Network menu screen is displayed.
- The setting is not possible when logged in as anyone other than an administrator. Log in again as an administrator.
- With the “Login User Name” entry field selected, press the [OK] key. The “Login User Name” entry screen is displayed.
- Enter the Login User Name using the numeric keys then press the [OK] key. The log in screen reappears.
NOTE: The initial setting for the administrator’s Login User Name is “Admin”.- For details on entering characters, refer to the machine’s Operation Guide.
- Press the or key to select the “Login Password” entry field.
- Press the [OK] key. The “Login Password” entry screen is displayed.
- Enter the Login Password using the numeric keys then press the [OK] key. The log in screen reappears.
NOTE: The initial setting for the administrator’s Login Password is “Admin”.
- Pressing [Login]. If the entered Login User Name and Login Password are correct, the Op Functions menu screen appears.
- Press the or key to select the [Data Encryption].
- Press the [OK] key. The Data Encryption menu screen appears.
- Press the or key to select the [License On].
- Press the [OK] key. A confirmation screen will appear.
- Pressing [Yes].
- Turn the power switch on again following to the indication in the panel screen
Use the procedure below to select the interface.
Introduction
This Setup Guide explains the procedures for installing and operating the Data Encryption/Overwrite Functions (hereinafter called Security Functions) and the procedure for system initialization. Organization administrators should read and understand this manual.
- Nominate a reliable person for the machine administrator when installing the security functions.
- Sufficiently supervise the nominated administrator so that it can observe the security policy and operation rules at the organization to which it belongs and properly operate the machine in accordance with the operation guide of the product.
- Sufficiently supervise the general users so that they can operate the machine while observing the security policy and operation rules at the organization to which they belong.
Message Display after the Security Functions are Installed
When the security functions have been installed and is running properly, Overwriting. appears in the message display while unneeded data is being overwritten.
CAUTION: Do not turn the power switch off during overwriting. It may crash the SSD.
NOTE: If you turn the machine off at the power switch during overwriting, data may not be overwritten completely from the SSD. Turn the machine back on at the power switch. Overwriting automatically resumes.
After Installation
Change the machine setting as follows to securely operate it. If the system in the machine is initialized, it returns to the settings before installation, so make changes in the same way. If you allow service personnel to conduct maintenance operations, confirm the set values.
Items changed in Command Center RX
| Item | Value | |||||
| Device Settings | Energy Saver/Timer | Timer Settings | Auto Panel Reset |
On | ||
| Panel Reset Timer |
Setting any value | |||||
| Network Settings | TCP/IP | Bonjour Settings | Bonjour | Off | ||
| IPSec Settings | IPSec | On | ||||
| Restriction | Allowed | |||||
| Allowed IPSec Rules* (“Settings” selection of any of Rule No.) |
Policy | Rule | On | |||
| Key Management Type | IKEv1 | |||||
| Encapsulation Mode | Transport | |||||
| IP Address | IP Version | IPv4 | ||||
| IP Address (IPv4) |
IP Address of the destination terminal | |||||
| Subnet Mask |
Setting any value |
|||||
| Authentication | Local Side | Authentication Type | Pre-shared Key | |||
| Pre-shared Key |
Setting any value |
|||||
| Network Settings | TCP/IP | Allowed IPSec Rules* (“Settings” selection of any of Rule No.) | Key Exchange (IKE phase1) | Mode | Main mode |
| Hash | MD5:Disable, SHA1:Disable, SHA-256:Enable, SHA-384:Enable, SHA-512:Enable AES- XCBC:Disable | ||||
| Diffie Hellman Group |
Select one from
following option. modp2048(14), modp4096(16), modp6144(17), modp8192(18), ecp256(19), ecp384(20), ecp521(21), modp1024s160 (22), modp2048s224 (23), modp2048s256 (24) |
||||
| Data Protection (IKE phase2) | Protocol | ESP | |||
| Hash | MD5:Disable, SHA1:Disable, SHA-256:Enable, SHA-384:Enable, SHA-512:Enable, AES-XCBC: Setting any value, AES-GCM- 128:Enable, AES-GCM- 192:Enable, AES-GCM- 256:Enable, AES GMAC128: Setting any value, AES-GMAC-192: Setting any value, AES-GMAC-256: Setting any value |
| Network Settings | Protocol | Print Protocols | NetBEUI | Off |
| LPD | Off | |||
| FTP Server (Reception) | Off | |||
| IPP | Off | |||
| IPP over TLS | On | |||
| IPP Authenticati on |
Off | |||
| Raw | Off | |||
| WSD Print | Off | |||
| POP3 (E-mail RX) |
Off | |||
| Send Protocols | SMTP
(E-mail TX) |
On | ||
| SMTP (E- mail TX) – Certificate Auto Verification |
Validity Period: Enable | |||
| Other Protocols | SNMPv1/v2c | Off | ||
| SNMPv3 | Off | |||
| HTTP | Off | |||
| HTTPS | On | |||
| HTTP(Client side) – Certificate Auto Verification | Validity Period : Enable | |||
| Enhanced WSD | Off | |||
| Enhanced WSD(TLS) | On | |||
| LDAP | Off | |||
| IEEE802.1X | Off | |||
| LLTD | Off | |||
| REST | Off | |||
| REST over TLS | Off | |||
| VNC(RFB) | Off | |||
| VNC(RFB)
over TLS |
Off | |||
| Enhanced VNC(RFB) over TLS | Off | |||
| Security Settings | Device Security |
Job Status/Job Log Settings | Display Jobs Detail Status | My Jobs Only |
| Display Jobs Log | My Jobs Only |
| Security Settings | Network Security | Secure Protocol Settings | TLS | On | ||
| Serverside Settings | TLS Version | TLS1.0: Disable TLS1.1: Disable TLS1.2: Enable TLS1.3: Enable | ||||
| Effective Encryption | ARCFOUR: Disable, DES: Disable, 3DES: Enable, AES: Enable, AES-GCM: Setting any value CHACHA20/ POLY1305: Setting any value | |||||
| HTTP
Security |
Secure Only (HTTPS) | |||||
| IPP Security | Secure Only (IPPS) | |||||
| Enhanced WSD Security | Secure Only (Enhanced WSD over TLS) | |||||
| Clientside Settings | TLS Version | TLS1.0: Disable TLS1.1: Disable TLS1.2: Enable TLS1.3: Enable | ||||
| Effective Encryption | ARCFOUR: Disable, DES: Disable, 3DES: Enable, AES: Enable, AES-GCM: Setting any value CHACHA20/ POLY1305: Setting any value |
|||||
| Management Settings |
Authentication | Settings | Authentication Settings | General | Authenticati on | Local Authentication |
| History Settings |
Job Log History | Recipient E-mail Address |
E-mail Address for the administrator of the machine | |||
| Auto Sending |
On | |||||
Items changed on the machine
| Item | Value | ||
| Menu | Security | Security Level | Very High |
For the procedures for changing the settings, refer to the machine Operation Guide and Command Center RX User Guide. After changing the settings, run [Software verification] in the menu to verify that the machine operates correctly. Periodically perform [Software verification] after installation as well. After installing the security functions, you can change the security password. Refer to page 13 for the procedures. The administrator of the machine should periodically store the histories, and check each history to make sure there was no unauthorized access or abnormal operation. Grant regular users permission based on your company rules, and promptly delete any user accounts that stop being used due to retirement or other reasons.
IPsec setting
It is possible to protect data by enabling the IPsec function that encrypts the communication path. Please note the following points when enabling the IPsec function.
- The value set by the IPsec rule has to be matched with the destination PC. Communication error occurs in case the setting does not match.
- IP address set by the IPsec rule has to be matched with the IP address of the SMTP server which is set on the main unit.
- In case the setting does not match, data sent by mail can’t be encrypted.
- Pre-shared key set by the IPsec rule has to be created by using the alphanumeric symbols of 8 digits or more which will not be easily guessed.
Changing Data Security Functions
Enter the security password to change data security functions.
- Press the [Menu] key.
- Press the or key to select [Security], and then press the [OK] key.
- The Login screen appears.
NOTE: When user login administration is set:
- When logged in as an administrator, the log in screen is not displayed and the System/Network menu screen is displayed.
- The setting is not possible when logged in as anyone other than an administrator. Log in again as an administrator.
- With the “Login User Name” entry field selected, press the [OK] key. The “Login User Name” entry screen is displayed.
- Enter the Login User Name using the numeric keys then press the [OK] key. The log in screen reappears.
NOTE: The initial setting for the administrator’s Login User Name is “Admin”.- For details on entering characters, refer to the machine’s Operation Guide.
- Press the or key to select the “Login Password” entry field.
- Press the [OK] key. The “Login Password” entry screen is displayed.
- Enter the Login Password using the numeric keys then press the [OK] key. The log in screen reappears.
NOTE: The initial setting for the administrator’s Login Password is “Admin”.
- Pressing [Login]. If the entered Login User Name and Login Password are correct, the Security menu screen appears.
- Press the or key to select [Data Security]. 11 Press the [OK] key. The Data Security screen appears.
Changing Security Password
You can customize the security password so that only the administrator can use the security functions.
- In the Data Security menu, press the [?] or [?] key to select [SSD Initializ.].
- Press the [OK] key. The “SecurityPassword” entry screen appears.
- Enter the Security Password using the numeric keys.
NOTE: The initial setting for the Security Password is “000000”. - Press the [OK] key. If the Security Password entered is correct, the “SSD Initializ.” menu screen appears. If the Security Password entered was not correct, “Incorrect password.” is displayed and the SecurityPassword screen reappears. Enter the correct Security Password.
- In the SSD Initializ. menu, press the or key to select [Security Passwd].
- Press the [OK] key. The “New Password” entry screen appears.
- Enter the new Security Password using the numeric keys. The security password must be 6 alphanumeric characters.
CAUTION: Avoid any easy-to-guess numbers for the security password (e.g. 111111 or 123456). - Press the [OK] key. The “Confirm Password” entry screen appears.
- To confirm, re-enter the security password to be registered. Enter the new Security Password using the numeric keys.
- Press the [OK] key. If the Security Password entered matches then the password is changed to the new password and the SSD Initializ. menu reappears.
If the password does not match, “Incorrect password.” is displayed and the “New Password” screen reappears. Enter again from the new Security Password.
System Initialization
Overwrite all the data stored in the SSD when disposing of the machine.
CAUTION: If you accidentally turn the power switch off during initialization, the SSD might possibly crash or initialization might fail
NOTE: If you accidentally turn the power switch off during initialization, turn the power switch on again. Initialization automatically restarts.
- In the SSD Initializ. menu, press the [?] or [?] key to select [Initialization].
- Press the [OK] key. A confirmation message is displayed.
- Press [Yes]. Initialization starts. If you do not wish to initialize, press [No]. The SSD Initializ. menu reappears.
- When the initialization is finished Task is completed. is displayed. Turn the power switch off and then on.
Warning Message
If the encryption code information of the machine has been lost for some reason, the screen shown here appears when the power is turned on.
Follow the steps below.
- Enter the encryption code that was entered during the installation of the security functions.
CAUTION: Even though entering a different encryption code can also enable continuation of a job, this will overwrite all the data stored in the SSD. Exercise extreme caution when entering an encryption code.
The encryption code is not the same as the security password. - Press the [OK] key.
- When the Task is completed. screen appears, turn the power switch off and then on.
Disposal
If the machine is unused and demolished, initialize the system of this product to erase the SSD data. If the machine is unused and demolished, obtain directions for disposal from the dealer (from which you purchased the machine) or your service representative.
Appendix
List of factory default settings
The default settings for security mode are shown below.
Items changed in Command Center RX
| Item | Value | |||||
| Device Settings | Energy Saver/Timer |
Timer Settings | Auto Panel Reset |
On | ||
| Panel
Reset Timer |
90 seconds | |||||
| Network Settings | TCP/IP | Bonjour Settings | Bonjour | On | ||
| IPSec Settings | IPSec | Off | ||||
| Restriction | Allowed | |||||
| IPSec Rules (“Settings” selection of any of Rule No.) |
Policy | Rule | Off | |||
| Key Management Type | IKEv1 | |||||
| Encapsulation Mode | Transport | |||||
| IP Address | IP Version | IPv4 | ||||
| IP Address (IPv4) | No setting | |||||
| Subnet Mask | No setting | |||||
| Authentication | Local Side | Authentication Type | Pre-shared Key | |||
| Pre-shared Key | No setting | |||||
| Network Settings | TCP/IP | IPSec Rules (“Settings” selection of any of Rule No.) | Key Exchange (IKE phase1) | Mode | Main Mode | |
| Hash | MD5: Disable, SHA1: Enable, SHA-256: Enable, SHA- 384: Enable, SHA-512: Enable AES-XCBC: Disable |
|||||
| Encryption | 3DES: Enable, AES-CBC-128: Enable, AESCBC-192: Enable, AESCBC-256: Enable, AESCBC-128: Enable, AESCBC-192: Enable, AESCBC-256: Enable |
|||||
| Diffie-Hellman Group | modp1024(2) | |||||
| Lifetime (Time) | 28800 seconds | |||||
| Network Settings | TCP/IP | IPSec Rules (“Settings” selection of any of Rule No.) | Data Protection (IKE phase2) | Protocol | ESP |
| Hash | MD5: Disable, SHA1: Enable, SHA-256: Enable, SHA-384: Enable, SHA-512: Enable, AES-XCBC: Disable, AES-GCM-128: Enable, AES-GCM-192: Enable, AES-GCM-256: Enable, AES-GMAC-128: Disable, AES-GMAC- 192: Disable, AES-GMAC-256: Disable | ||||
| Encryption | 3DES: Enable, AES-CBC-128: Enable, AES-CBC-192: Enable, AES-CBC-256: Enable, AES-GCM-128: Enable, AES-GCM-192: Enable, AES-GCM-256: Enable, AES-CTR: Disable | ||||
| PFS | Off | ||||
| Lifetime Measurement | Time & Data Size | ||||
| Lifetime (Time) | 3600 seconds | ||||
| Lifetime (Data Size) | 100000KB | ||||
| Extended Sequence Number | Off |
| Network Settings | Protocol | Print Protocols | NetBEUI | On |
| LPD | On | |||
| FTP Server (Reception) | On | |||
| IPP | Off | |||
| IPP over TLS | On | |||
| IPP
Authentication |
Off | |||
| Raw | On | |||
| WSD Print | On | |||
| POP3
(E-mail RX) |
Off | |||
| Send Protocols | SMTP
(E-mail TX) |
Off | ||
| Other Protocols | SNMPv1/v2c | On | ||
| SNMPv3 | Off | |||
| HTTP | On | |||
| HTTPS | On | |||
| HTTP(Client side) – Certificate Auto Verification | Validity Period: Enable | |||
| Enhanced WSD | On | |||
| Enhanced WSD(TLS) | On | |||
| LDAP | Off | |||
| IEEE802.1X | Off | |||
| LLTD | On | |||
| REST | On | |||
| REST over TLS | On | |||
| VNC(RFB) | Off | |||
| VNC(RFB)
over TLS |
Off | |||
| Enhanced VNC(RFB) over TLS | On | |||
| Security Settings | Device Security | Job Status/Job Log Settings | Display Jobs Detail Status | Show All |
| Display Jobs Log | Show All |
| Security Settings | Network Security | Secure Protocol Settings | TLS | On | ||
| Serverside Settings | TLS Version | TLS1.0: Disable TLS1.1: Enable TLS1.2: Enable TLS1.3: Enable | ||||
| Effective Encryption | ARCFOUR: Disable, DES: Disable, 3DES: Enable, AES: Enable, AES-GCM: Disable, CHACHA20/ POLY1305: Enable | |||||
| HTTP Security | Secure Only (HTTPS) | |||||
| IPP Security | Secure Only (IPPS) | |||||
| Enhanced WSD Security | Secure Only (Enhanced WSD over TLS) | |||||
| Clientside Settings | TLS Version | TLS1.0: Disable TLS1.1: Enable TLS1.2: Enable TLS1.3: Enable | ||||
| Effective Encryption | ARCFOUR: Disable, DES: Disable, 3DES: Enable, AES: Enable, AES-GCM: Enable, CHACHA20/ POLY1305: Enable | |||||
| Management Settings | Authentication | Settings | Authentication Settings | General | Authentication | Off |
| History Settings | Job Log History | Recipient E-mail Address | No setting | |||
| Auto Sending | Off | |||||
Items changed on the machine
| Item | Value | ||
| Menu | Security | Security Level | High |
The initial value of the custom box
| Item | Value |
| Owner | Local User |
| Permission | Private |
Log information
The following settings and status regarding security are shown in the machine log.
- Event date and time
- Type of event
- Information of the log in user or the user who attempted to log in
- Event result (Success or fail)
Event to be displayed in the log
| Log | Event |
| Job Logs | End job/Check job status/Change job/Cancel job |
© 2022 KYOCERA Document Solutions Inc.
Documents / Resources
 |
KYOCERa 3MSC0TKDEN0 Data Encryption Overwrite [pdf] User Guide 3MSC0TKDEN0, 3MSC0TKDEN0 Data Encryption Overwrite, Data Encryption Overwrite, Encryption Overwrite, Overwrite |