Table of Contents
Advertisement
2
Technology > Main Controller > Controls > Security features (encryption key and certificate, password protection)
●
Configuration of Security Information
The security functionality behaves differently depending on the TPM setting on the UI.
This machine provides the two types of TPM settings. See the figure below for the security
information flow in each setting.
- When the TPM setting is ON
TPM Key
TPM PCB
Public Key
Common
Key
Password
SRAM
When the TPM setting is ON, the TPM key is enabled to secure information with the three
keys. Therefore, the security information held in each machine is safely protected.
The security information in this setting can be accessed by the three keys and multiple
passwords stored in the SRAM and HDD.
Each data is stored in the specified location (enclosed with blue dots in the figure above).
Since the data in the upper layer are linked to those in the lower layer, security information is
activated only when data in all the layers are linked.
For the backup purpose, the backup key is temporarily stored also in the HDD to be prepared
for a TPM failure (only for the initial failure after the TPM setting is ON).
This key can be backed up using the USB flash drive. Once backed up, the backup key is
deleted from the HDD.
The common key information is stored in the HDD as well as the SRAM. The common key
stored in the SRAM is cleared when the main controller PCB 2 (SRAM) is replaced or after
MN-CON clear. However, the common key stored in the HDD automatically restores that in
the SRAM so that the security information is decodable even after servicing. Note that the
2
Technology > Main Controller > Controls > Security features (encryption key and certificate, password protection)
(Temporarily stored in HDD)
USB flash drive
Backup Key
for TPM failure
Backup
Backup for
Common Key
Password
HDD
F-2-20
F-2-20
security information is not decodable correctly in case the HDD is failed or formatted because
the public key information stored in the HDD is cleared. If this occurs, execute "Initialize All
Data / Settings" in user mode to set the TPM setting to OFF. This will maintain the password
information in the SRAM even after the password information is initialized.
- When the TPM setting is OFF:
Backup
Common
Key
Password
Password
SRAM
When the TPM setting is OFF, the TPM key is disabled. Thus, the security information is
protected only by the common key.
Under this setting, the security information held in this machine is protected at the level
equivalent to the conventional machines.
The security functionality in this setting is configured by the common key and multiple
passwords stored in the SRAM and HDD.
When the TPM setting is set to OFF, the security information is protected by the common key
and multiple passwords stored in SRAM and HDD.
The common key information is stored in the HDD as well as the SRAM. The common
key stored in the SRAM is cleared when the main controller PCB 2 (SRAM) is replaced or
after MN-CON clear. Since the common key stored in the HDD will automatically restore
the common key in the SRAM, the security information is decodable correctly even after
servicing. Unlike the case that the TPM setting is set to ON, the password information stored
in the HDD is initialized when the HDD is replaced or formatted. However, the password
information is maintained in the SRAM.
TPM Setting for Security Information
The security information can be protected with or without TPM by switching between TPM
settings in Setting / Registration mode.
•
When the TPM setting is ON
The security functionality is enabled in 4 levels (TPM key, public key, common key and
password).
•
When the TPM setting is OFF
The security functionality is enabled in 2 levels (common key and password).
2-14
Backup of
Common Key
HDD
F-2-21
F-2-21
2-14
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
