Canon imageRUNNER ADVANCE C350 series Service Manual page 77

2
Technical Explanation > Main Controller > Security > Security features(encryption key and certificate, password protection)
■ Security features(encryption key and certificate, password
protection)
On the Main Controller PCB 1 of the main body, "TPM PCB" is equipped. TPM stands for
Trusted Plattform Module, and is the chip name which generates and stores the encryption
key and has the encryption calculation function for the public key.
TPM PCB can protect the security information(password, certificate and encriptiion key)
stored in the Flash Set / registered / saved data other than the security information is not
protected.
To encrypt or decode the security information, use the TPM key installed in the chip.
Memory
It is extremely difficult from the outside to take out the TPM key installed in the chip.
Therefore, even the following cases occur, the security information in the main body can be
protected securely.
• HDD or Main Controller PCB is taken out
• System of the main body is intruded through the network
To enable this function, setting is required in Settings / Registration mode.
Management Settings > Data Management > TPM Settings -> On (default: OFF)
2 Technical Explanation > Main Controller > Security > Security features(encryption key and certificate, password protection)
● Configuration of Security Information
The security functionality behaves differently depending on the TPM setting on the UI.This
machine provides the two types of TPM settings. See the figure below for the security
information flow in each setting.
- When the TPM setting is ON
When the TPM setting is ON, the TPM key is enabled to secure information with the three
keys. Therefore, the security information held in each machine is safely protected.The
security information in this setting can be accessed by the three keys and multiple passwords
stored in the Flash.Each data is stored in the specified location (enclosed with blue dots in the
figure above).Since the data in the upper layer are linked to those in the lower layer, security
information is activated only when data in all the layers are linked.For the backup purpose,
the backup key is temporarily stored also in the Flash to be prepared for a TPM failure (only
F-2-45
for the initial failure after the TPM setting is ON).This key can be backed up using the USB
flash drive. Note that the security information is not decodable correctly in case the Flash is
failed or formatted because the public key information stored in the Flash is cleared. If this
occurs, execute "Initialize All Data / Settings" in Settings/Registration to set the TPM setting to
OFF.
TPM Key
TPM PCB
(Temporarily stored in Flash)
Public Key
Backup Key
for TPM failure
Common
Key
Password
Password
Flash
2-34
USB flash drive
F-2-46
2-34