Hdd Encryption/ Mirroring Kit (Optional); Hdd Encryption Functionality; Data Encryption Mechanism; Actions Against Troubles – Overview - Canon imageRUNNER ADVANCE 8105 Series Service Manual

2
Technology > Main Controller > Controls > HDD Encryption/ Mirroring Kit (optional)
■

HDD Encryption/ Mirroring Kit (optional)

This option enables to generate the encryption key inside the encryption board and to encrypt
the whole HDD including the system software. Encryption allows leaks of confidential data,
even when the HDD is stolen, including image data (temporarily generated at Copy or Print
jobs) and user data stored in BOX/ Advanced BOX. In addition, the data written into the two
hard disks are also encrypted when the HDD mirroring functionality is enabled. The following
descriptions focus on the HDD encryption function. See the previous section for the mirroring
functionality.
●

HDD Encryption Functionality

The HDD of the host machine holds temporary image data including scanned images or PDL
data as well as user data in BOX and Advanced BOX. Such images or user file information
are saved in the HDD only with system information cleared. Under this condition, the data
or images can be restored by accessing directly to the stolen HDD using the access editor
and the like. To counter such threats against securities, data written to the disk should be
always encrypted to protect them from illegal restoration of image data or others. This product
employs an unconventional approach to achieve HDD encryption and mirroring functionality
with the dedicated chipset on a board (Canon MFP Security Chip Version 2.00). Since the two
functions are operated in a HDD, the encryption functionality can be independently enabled.
●

Data Encryption Mechanism

The encryption board receives signals transmitted from the controller board, and encrypts
and saves them in the HDD.
The encryption board receives the encrypted data saved in the HDD to decode and send
them to the controller.
The encryption board can be configured with a HDD and an encryption/ mirroring board, or
with 2 HDDs and an encryption/ mirroring board.
●
Conditions for Encryption Board Operation
The encryption board has the function to recognize and authenticate the host machine. An
error is triggered if a second-hand HDD encryption/ mirroring board is installed to the other
machine.
● Compatibility among Device, Encryption Board and HDD
E602-2000 error may occur if the unmatched authentication information is found between the
controller and the HDD encryption board and the encryption board is mounted.
The device, the encryption board and HDD can be connected in 4 use cases.
2 Technology > Main Controller > Controls > HDD Encryption/ Mirroring Kit (optional)
The following shows the statuses for each use case.
Case 1: Normally operated
Case 2: HDD-related error occurs because the system on the HDD cannot be read (other
than E602-2000 error)
Case 3: E602-2000 is triggered by failure in mutual authentication
Case 4: Unable to decode properly due to unmatched key for the encryption board
Correct
Correct
encryption
controller
board
two-way authentication
Correct Correct HDD
controller
(Protection property)
It is not possible to decode.
Correct
Controller
encryption
not authorized
board
It is not possible two-way authentication
Encryption board
not authorized
Actions against Troubles – Overview
●
Servicing User data Recovery
HDD cleared Replace HDDs
replacement
Encryption cleared Install HDD encryption
board Kit
replacement
Main controller cleared Clear the key for HDD
2 replacement data encryption kit
(SRAM)
Main controller not cleared N/A
1 replacement
Main controller Information After MN-CON clear
clear held in SRAM process is done
cleared
Encryption
Correct HDD
(Protection property)
Encryption
Correct HDD
(Protection property)
Correct HDD
(Protection property)
It is not possible to decode.
F-2-38 F-2-38
Action
1) Format the HDD
2) Install the system software
1) Replace encryption board
2) Initialize Encryption Board (see *1)
3) Format the HDD
4) Install the system
1) Initialize the encryption board (see *1)
2) Format the HDD
3) Install the system
N/A
MN-CON clear does not clear
authentication information; no work is
required specifically for HDD encryption kit
2-28
T-2-16 T-2-16
2-28