service manual bizhub c250

SECURITY FUNCTIONSERVICE MANUAL

2006.092006.09Ver. 1.04Ver. 1.04

This Service Manual (Ver. 1.04) describes bizhub 200/bizhub 250

/bizhub 350/ineo 250/ineo 350 (Ver. 1) Multi Function Peripheral

Control Software (MFP: 4040-0100-G10-25-000).

Revision historyAfter publication of this service manual, the parts and mechanism may be subject to change forimprovement of their performance. Therefore, the descriptions given in this service manual may not coincide with the actual machine.

When any change has been made to the descriptions in the service manual, a revised version will beissued with a revision mark added as required.

Revision mark:• To indicate clearly a section revised, show to the left of the revised section.

A number within represents the number of times the revision has been made.

• To indicate clearly a section revised, show in the lower outside section of the correspond-ing page. A number within represents the number of times the revision has been made.

NOTERevision marks shown in a page are restricted only to the latest ones with the old ones deleted.

• When a page revised in Ver. 2.0 has been changed in Ver. 3.0: The revision marks for Ver. 3.0 only are shown with those for Ver. 2.0 deleted.

• When a page revised in Ver. 2.0 has not been changed in Ver. 3.0: The revision marks for Ver. 2.0 are left as they are.

11

1

1

2006/09 1.04 — Error Corrections




2006/05 1.00 — Issue of the first edition

Date Service manual Ver. Revision mark Descriptions of revision

biz

hu

b 2

00

/25

0/3

50

ine

o 2

50

/35

0S

ecu

rity

Fu

nctio

n

Security Function Ver. 1.04 Sep. 2006

i

CONTENTS

Security Function

1. Overview ................................................................................................................. 1

2. Compliance with the ISO15408 standard................................................................ 1

3. Data to be protected................................................................................................ 1

4. Precautions for operation control ............................................................................ 2

5. Accessing the Tech. Rep. Mode.............................................................................. 4

5.1 Access procedure................................................................................................. 4

6. Checking the firmware version number................................................................... 5

6.1 Security authentication firmware version number list ........................................... 5

6.2 Checking the firmware version number ................................................................ 5

7. Enhancing the security function .............................................................................. 6

7.1 Details of settings ................................................................................................. 6

7.2 Security enhancing procedure.............................................................................. 7

7.2.1 Making and checking the service settings .................................................... 7

7.2.2 RAM Clear for CS Remote Care ................................................................... 9

7.2.3 Requests to the administrator ..................................................................... 10

7.2.4 Functions disabled by the setting of Enhance Security............................... 11

8. Overwrite All data function .................................................................................... 14

9. Terminal TX function ............................................................................................. 14

9.1 Accessing Terminal TX ....................................................................................... 14

9.2 Attention when Terminal TX function is used...................................................... 14

10. Firmware upgrade ................................................................................................. 15

10.1 Preparations for firmware rewriting..................................................................... 15

10.1.1 Service environment ................................................................................... 15

10.1.2 Writing into the Compact flash .................................................................... 15

10.1.3 Checking ROM version ............................................................................... 15

10.2 Firmware rewriting .............................................................................................. 15

10.2.1 MSC (MFP) ................................................................................................. 15

biz

hu

b 2

00

/25

0/3

50

ine

o 2

50

/35

0S

ecu

rity

Fu

nctio

nSecurity Function Ver. 1.04 Sep. 2006

ii

Blank Page

Security Function Ver. 1.04 Sep. 2006 1. Overview

1

biz

hu

b 2

00

/25

0/3

50

ine

o 2

50

/35

0S

ecu

rity

Fu

nctio

n

1. OverviewThis Service Manual contains the essential operating procedures and precautions for using the security functions.

2. Compliance with the ISO15408 standardThis machine has an enhance security function: Set the Enhance Security setting, in Administrator Management Mode, to [ON].The security functions offered by this machine comply with ISO15408/IEC15408 (level: EAL3).

3. Data to be protectedThe underlying concept of this machine toward security is “to protect data that can be dis-closed against the intention of users.”The following types of image files that have been stored in the machine and made available for use by its users are protected while the machine is being used.• Image files stored by secure print• Image files stored in personal user box and public user box

The following types of data stored in the HDD are protected when use of a leased machine is terminated at the end of the leasing contract, the machine is to be discarded, or when the HDD is stolen.• User Box files

(including those saved in the Public User Box)• Swap data files

Generated in a copy, PC print, or Secure Print Document that is too large in size to fit in the RAM space.

• Overlay image files Background image files A copy can be made with this image file to be registered set in the background.

• HDD stored image files Files stored in the HDD from copy and PC print and printed through operations from the control panel.

• Remaining image files Files that are not erased through ordinary file deleting operations and are left in the data space.

• Destination recipient data filesFiles including e-mail addresses and telephone numbers

4. Precautions for operation control Security Function Ver. 1.04 Sep. 2006

2

biz

hu

b 2

00

/25

0/3

50

ine

o 2

50

/35

0S

ecu

rity

Fu

nctio

n

4. Precautions for operation controlA. Requirements of the service engineerThe service engineer should take full responsibility for controlling the machine during his or her procedures for setting up and servicing the machine so that no improper operations are performed.

<To achieve effective security>• The service engineer who sets up and services the machine should have completed the

course in security and be certified accordingly.• The service engineer should swear that he or she would never disclose information as it

relates to the settings of this machine to anybody in accordance with the Installation Checklist contained in User’s Guide [Security Operations].

• The service engineer should perform his or her physical service jobs in the presence of the administrator of the machine.

B. Protection of setting data in Tech. Rep. ModeThe service code used to access Tech. Rep. Mode must be adequately controlled by the service engineer concerned to ensure that it is not leaked. Make sure that any password that could be easily guessed by a third person is not used as the service code.

<To achieve effective security>The service code should:• Not be one that is easily guessed by third persons.• Not be known by any third person.• Be changed at regular intervals.• Be set again quickly if one has been initialized.

C. Network connection requirements for the machinePackets being transmitted over the LAN installed in the office, in which the machine is installed, should be protected from unauthorized manipulation. If the LAN is to be con-nected to an outside network, no unauthorized attempt to establish connection from the external network should be permitted.

<To achieve effective security>• If the LAN, in which the machine is installed, is connected to an outside network, install a

firewall or similar network device to block any access to the machine from the outside network and make the necessary settings.

• Configure the LAN installed in the office, in which the machine is installed, by using a switching hub and other devices to ensure that the packets are protected from unautho-rized manipulation.

• Provide an appropriate network control at all times to make sure that no other copying machine is connected without prior notice to the office LAN to which this machine is con-nected.

D. Machine maintenance controlWhen the service engineer performs maintenance service jobs for the machine, he or she should check the firmware version number and the checksum value, and make sure that the system has not been altered.

Security Function Ver. 1.04 Sep. 2006 4. Precautions for operation control

3

biz

hu

b 2

00

/25

0/3

50

ine

o 2

50

/35

0S

ecu

rity

Fu

nctio

n

E. MiscellaneousThe service engineer should explain to the administrator of the machine that the lan-guages, in which the contents of the User’s Guide [Security Operations] have been evalu-ated, are Japanese and English. He or she should also explain the way how to get the manual in the language, in which it is evaluated.In addition, the service engineer should promptly provide the version of the User’s Guide that has been evaluated for the user whenever the user needs one.

5. Accessing the Tech. Rep. Mode Security Function Ver. 1.04 Sep. 2006

4

biz

hu

b 2

00

/25

0/3

50

ine

o 2

50

/35

0S

ecu

rity

Fu

nctio

n

5. Accessing the Tech. Rep. Mode• The service engineer uses an 8-digit service code for verifying his or her identity as ser-

vice engineer, as he or she attempts to use the functions available from the Tech. Rep. Mode. During this authentication procedure, the password entered is displayed as “✳.”

5.1 Access procedure

1. Press the Utility/Counter key.2. Touch [Check Detail].3. Press the following keys in this order.

Stop → 0 → 0 → Stop → 0 → 14. Enter the 8-digit service code and touch [END]. (Default value: 00000000)

NOTE• If [END] is touched with a wrong service code entered, the basic screen reappears.• The machine counts entry of any wrong service code as unauthorized access. If a

wrong service code is entered three times, the machine is set into an access lock state for any subsequent entry of the service code. To cancel the access lock state, the main power switch of the machine must be turned OFF and ON. Note, however, that the main power switch must be turned OFF and ON as follows to ensure correct operations: Turn OFF the main power switch, then wait for 10 sec. or more before turning it ON again.The unauthorized access count value is cleared when authentication to the Tech. Rep. Mode is successful or when the main power switch is turned OFF and ON through the correct sequence.

• If you forget the service code, it becomes necessary to replace the RAMS Board with a new one. Take necessary steps not to forget the service code.

• The RAMS Board is not available as a replacement part. If it requires replacement, contact Office Printing Support Division by way of CSES.

5. The Tech. Rep. Mode menu will appear.

NOTE• If you leave the site with the Tech Rep. Mode setting screen being displayed, unau-

thorized changes could occur for any set values. When you finish the setting of Tech. Rep. Mode, or if you have to leave the site by necessity when the Tech. Rep. Mode has been set, be sure to press [Exit] to the main screen.

4040F2E767DA

Security Function Ver. 1.04 Sep. 2006 6. Checking the firmware version number

5

biz

hu

b 2

00

/25

0/3

50

ine

o 2

50

/35

0S

ecu

rity

Fu

nctio

n

6. Checking the firmware version numberConfirm the need to enhance or not to enhance the security function with the administrator of this machine: If administrator wants to enhance, check the firmware version number and the checksum value.If the firmware version number of this machine is different from numbers shown in the list below, it will be necessary to re-write to the firmware version corresponding to security.

6.1 Security authentication firmware version number list

6.2 Checking the firmware version number

1. Call the Tech. Rep. Mode to the screen.See P.42. Touch [ROM Version] from the Tech. Rep. Mode.3. Check the Firmware version number of “MFP” using firmware version number list.

4. Touch [Calculation] of MFP CheckSum to check the checksum value.

Ver. Check Sum

MFP 4040-0100-G10-25-000 3e09

4040S1E025AA

4040S1E026AA

7. Enhancing the security function Security Function Ver. 1.04 Sep. 2006

6

biz

hu

b 2

00

/25

0/3

50

ine

o 2

50

/35

0S

ecu

rity

Fu

nctio

n

7. Enhancing the security function• Perform the Enhance Security setting procedures while making checks of installation

checklist in User’s Guide [Security Operations].• To make the Enhance Security setting, service settings must first be made. Make the

necessary service settings and check that they have been correctly made.

7.1 Details of settings

*1: Password rules• The password rules reject setting of any password that is a string of a single character for

registration or change of a password.• See the chart below for the number of digits, and the type and number of characters to

be used for the service code.

Item Setting/Check Default Setting

Service Code8-digit password that meets the

requirements of password rules *100000000

CS Remote Care Cancel setting. ⎯

Applicable password No. of digits Characters

Service Code 8 digits• Numerals: 0 to 9, #, *Up to 12 characters may be used.

Security Function Ver. 1.04 Sep. 2006 7. Enhancing the security function

7

biz

hu

b 2

00

/25

0/3

50

ine

o 2

50

/35

0S

ecu

rity

Fu

nctio

n

7.2 Security enhancing procedure

7.2.1 Making and checking the service settings

• To make the Enhance Security setting, the service code must first be changed to one that meets the requirements of the password rules. If the service code is the default value (00000000) or one that fails to meet the require-ments of the password rules, change the service code through the following procedure.

1. Call the Tech. Rep. Mode to the screen.See P.42. Press the following keys in this order.

Stop → 0 → Clear key3. Touch [Service Code Change].

4. Touch [Current Code] and enter the currently set 8-digit service code.

4040S1E027AA

4040S1E028AA


8

biz

hu

b 2

00

/25

0/3

50

ine

o 2

50

/35

0S

ecu

rity

Fu

nctio

n

5. Touch [New Code] and enter a new 8-digit service code.

6. Touch [Retype New Code] and enter the new 8-digit service code again.

7. Then, touch [Enter].

NOTE• If the service code entered in [Current Code] is different from the service code cur-

rently registered, the touch of [Enter] will cause the basic screen to reappear. Change the service code by following the specified steps again.

• If the service code entered in [New Code] does not meet the requirements of the password rules, the touch of [Enter] will clear all service codes so far entered. Enter the current service code and a new one that meets the password rules again.

• If there is a mismatch in the service codes between that entered in [New Code] and that entered in [Retype New Code], the touch of [Enter] clears all service codes so far entered. Enter the service codes once again.

8. Quit the Tech. Rep. Mode.

NOTE• If you leave the site with the Tech. Rep. Mode setting screen being displayed,

unauthorized changes could occur for any set values. When you finish the setting of Tech. Rep. Mode, or if you have to leave the site by necessity when the Tech. Rep. Mode has been set, be sure to press [Exit] to the main screen.

4040S1E029AA

4040S1E030AA


9

biz

hu

b 2

00

/25

0/3

50

ine

o 2

50

/35

0S

ecu

rity

Fu

nctio

n

7.2.2 RAM Clear for CS Remote Care

1. Call the Tech. Rep. Mode to the screen.See P.42. Touch [CS Remote Care].3. Touch [Detail Setting].

4. Touch [RAM Clear].

5. Select [YES] and touch [END].

4040S1E031AA

4040S1E032AA

4040S1E033AA


10

biz

hu

b 2

00

/25

0/3

50

ine

o 2

50

/35

0S

ecu

rity

Fu

nctio

n

7.2.3 Requests to the administrator

• When making the Enhance Security setting, the Administrator setting must first be made. The Administrator must perform or check the following settings.

NOTE• Make sure that the Administrator code is changed to one that meets the require-

ments of the password rules.If the Enhance Security setting is turned [ON] with any Administrator code that fails to meet the requirements of the password rules set, it becomes impossible to access the Administrator Management mode. Recovery in this case calls for replacement of the RAMS board.

• If the Administrator code is forgotten with the Enhance Security function set to [ON], the RAMS board must be replaced with a new one in order to set a new Administrator code. Explain to the Administrator therefore that the Administrator code should never be forgotten.

• The RAMS board is not available as a replacement part. If replacement of the RAMS board is necessary, contact Office Printing Support Division by way of CSES.

• The RAMS Board is not available as a replacement part. If it requires replacement, contact Office Printing Support Division by way of CSES.

Item Setting/Check Default Setting

Administrator CodeCheck that the code is not a string of the same character.

12345678

Lock password when HDD is mounted

Set the HDD lock password (if HD-504 is mounted).

⎯

PageScope Web Connection SSL/TLS certificate ⎯


11

biz

hu

b 2

00

/25

0/3

50

ine

o 2

50

/35

0S

ecu

rity

Fu

nctio

n

7.2.4 Functions disabled by the setting of Enhance Security

• Note that setting Enhance Security setting to “ON” disables the following functions.

Function Default SettingWhen Enhance Security setting is set to [ON]

Software SW(To be set in the Tech. Rep. Mode and Administrator Management Mode)

Available on screen

Not available on screen (not to be changed)* Since the Software SW becomes unavailable on the screen, setting cannot be changed for the following four func-tions, which are set with the Software SW, either.• Password rules• Access lock• Secure Document Access Method• Temporary data overwriting

Password rulesSee P.6

OFF ON

Access lock• Detects the number of failed

authentication attempts for the Administrator Manage-ment mode, Secure Print, and User Box and, when authentication attempt fails a predetermined number of times, sets the machine into an access lock state.

OFFONThree failed authentication attempts sets the machine into the access lock state.

Secure Document Access Method• Selects the method of

selecting documents for Secure Print on the control panel.

Displays all Secure Print docu-ments that are identified and authenticated by a specified Secure Print ID and Secure Print password

A method is set, in which authentication is made by means of the Secure Print Password after the relevant Secure Print documents have been narrowed down using Secure Print ID.

Temporary data overwriting• Overwrite data to delete the

image data in memory.OFF ON

SNMP Setting EnableEnable* Use of “private” (Read/Write) of Com-munity Name becomes disabled.

Delete HDD Lock Password• Cancels the HDD lock password reg-

istered when the optional HD-504 is mounted.

Available on screen

Not available on screen (not to be changed)


12

biz

hu

b 2

00

/25

0/3

50

ine

o 2

50

/35

0S

ecu

rity

Fu

nctio

n

Tech

. Rep

. Mod

e

Internet ISW Setting

Available on screen


Administrator # Initialize• To initialize the Administrator

Code.

CS Remote Care• To make various settings related

to CS Remote Care (system that controls the machine by sending and receiving data of various types for the control of the machine over the telephone line or through e-mail).

Tech

. Rep

. Mod

e

Soft Switch Setting• This sets up the soft switches for

maintenance.

Available on screen


Remote Maintenance• To select whether to allow or

prohibit the remote mainte-nance function.

Allow remote maintenance

Prohibit remote maintenance(not to be changed)

Initi

al M

ode

Total Clear• To clear data other than that of

the counters, adjustment values, and HDD.

Available on screen


Clear FAX Setting• To clear all fax settings.

Mai

nten

ance

Mod

e

Mem. contents• This displays the RAM data of

MAIN-CPU on the LCD by speci-fying its absolute address which will be provided by our technical department.

Available on screen


Memory Dump• This outputs a report on the RAM

data of MAIN-CPU by specifying its absolute address which will be provided by our technical department.

File Display• This displays the RAM data of

MAIN-CPU on the LCD by speci-fying its file name.



13

biz

hu

b 2

00

/25

0/3

50

ine

o 2

50

/35

0S

ecu

rity

Fu

nctio

n

NOTE• If HDD Format is executed using Tech. Rep. Mode with the Enhance Security Set-

ting turned ON, the HDD Lock Password will be cleared.If HDD Format has been executed, temporarily turn OFF the Enhance Security Set-ting and set the HDD Lock Password again. Then, turn ON the Enhance Security Setting.

• The key mark will appear on the lower right corner of the control panel screen even if the HDD Lock Password is cleared as a result of HDD Format having been executed. Note, however, that the Enhance Security Setting is not turned ON in this case.

Mai

nten

ance

Mod

eFile Dump• This outputs a report on the RAM

data of MAIN-CPU by specifying its file name.

Available on screen


Soft Switch Set• This sets up the soft switches for

maintenance.

Protocol Trace• To produce an output of a proto-

col trace.

Service Call Report• To produce an output of a ser-

vice call report.


8. Overwrite All data function Security Function Ver. 1.04 Sep. 2006

14

biz

hu

b 2

00

/25

0/3

50

ine

o 2

50

/35

0S

ecu

rity

Fu

nctio

n

8. Overwrite All data function• The following types of data are cleared when the Overwrite All data function of the

Administrator Management Mode is executed. Whenever the Overwrite All data function is executed, be sure to make the settings that have been cleared again.(For the setting items of the Administrator Management Mode, have the Adminis-trator of the machine make the necessary settings.)

A. Items cleared by Overwrite All data function

9. Terminal TX function• The Terminal TX function accessed through [Tech. Rep. Mode] → [FAX Set] allows one-

touch dial and other data resident at the call center to be received and data resident in the machine to be transmitted to the call center.

9.1 Accessing Terminal TX

1. Call the Tech. Rep. Mode to the screen.See P.42. Touch [FAX Set].3. Touch [Terminal TX].

9.2 Attention when Terminal TX function is used

• Execution of this function can at times result in the Administrator code informa-tion being transmitted. Whenever this function is executed, therefore, be sure to have the Administrator of the machine change the Administrator code.

Item Details

NVRAM(RAMS board)

Enhance Security Function• Clear the current settings, resetting them to the

default ones.

Administrator Code • Reset to the default value

HDD Lock Password • Deleted

Destination data • Deleted

Service Code • Reset to the default value

HDD

All box files

• All is deleted.

Swap data files

Overlay image files

HDD stored image files

Box password

Security Function Ver. 1.04 Sep. 2006 10. Firmware upgrade

15

biz

hu

b 2

00

/25

0/3

50

ine

o 2

50

/35

0S

ecu

rity

Fu

nctio

n

10. Firmware upgrade

10.1 Preparations for firmware rewriting

10.1.1 Service environment

• Drive which enables writing/reading of Compact flash• Compact flash (with 32 MB or more)

10.1.2 Writing into the Compact flash

• Copy the firmware files using the computer.

NOTEThe copying operation should be performed on the files contained in the folder, instead of the folder.• Copy only those files to be upgraded to the compact flash.• If wrong firmware is copied, no control panel display is given and thus no firmware

can be downloaded.

10.1.3 Checking ROM version

• Before attempting to upgrade the firmware, check the current ROM version.

10.2 Firmware rewriting

NOTE• NEVER attempt to remove or insert the compact flash with the machine power

turned ON.

10.2.1 MSC (MFP)

1. Turn OFF the main power switch.2. Remove the Compact flash Cover[1].

3. Insert the compact flash card [2], in which only the MSC upgrading files have been written, into the slot.

NOTE• Make sure that this compact flash

card contains only the upgrading firmware of the MSC, and not that of the engine or Finisher.

NOTE• Be sure to turn ON the sub power switch first before turning ON the main power

switch.

4040F2C596DA

[1]

4040F2C597DA

[2]

10. Firmware upgrade Security Function Ver. 1.04 Sep. 2006

16

biz

hu

b 2

00

/25

0/3

50

ine

o 2

50

/35

0S

ecu

rity

Fu

nctio

n

4. Turn ON the main power switch.

5. The firmware upgrading sequence will start.

6. When the upgrading sequence is completed, which is notified by the message “FINISH” appearing on the screen, turn OFF the main power switch.

NOTE• NEVER turn OFF the main power

switch until the message “FINISH” appears on the screen.

7. Remove the Compact Flash [2] card from the slot.

8. Turn ON the main power switch.9. Call the Tech. Rep. Mode to the screen.10. Select [ROM Version].11. Make sure if the version of Firmware is updated.

4040F2C749DA

4040F2C597DA

[2]

© 2006 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.© 2006 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.

Printed in JapanPrinted in JapanDD4040SE1DD4040SE1

Use of this manual should be strictly supervised toavoid disclosure of confidential information.Use of this manual should be strictly supervised toavoid disclosure of confidential information.

service manual bizhub c250

Documents