TPM Settings - Canon imageRUNNER ADVANCE 6075/6065/6055 e-Manual

TPM Settings

If the TPM setting is activated and backed up on to the USB memory, you can safely store in the TPM chip the encryption key (TPM key) that encrypts confidential information such as the password, public key pair for SSL communication, and user certificate that are stored in the machine. Doing so, you can prevent important information for the machine from leaking. Also, you can recover the system if the TPM chip fails by restoring the TPM key.

CAUTION
Before the TPM setting is activated, the administrator must check that the default settings of the System Manger ID and System PIN (System Manger Settings) are changed. If the default settings of the System Manager ID and System PIN are not changed, user other than the administrator can backup and the TPM backup key may be taken. Backup immediately on to the USB memory after the TPM setting is activated. Restoring of the TPM key recovers the access to the HDD/SRAM which is the origin of the TPM chip failure and does not recover the HDD/SRAM.

CAUTION

Before the TPM setting is activated, the administrator must check that the default settings of the System Manger ID and System PIN (System Manger Settings) are changed. If the default settings of the System Manager ID and System PIN are not changed, user other than the administrator can backup and the TPM backup key may be taken.

Backup immediately on to the USB memory after the TPM setting is activated.

Restoring of the TPM key recovers the access to the HDD/SRAM which is the origin of the TPM chip failure and does not recover the HDD/SRAM.

IMPORTANT
The security provided by TPM does not guarantee complete protection of the data and hardware. Note that Canon will not be liable for any failure or damages resulting from the use of this mode. You can use the USB memory that is commercially available. The following is the file system of the USB memory supported by this machine. FAT32 The following USB memory and usage are not supported. USB memory with security function or memory card reader that connects via USB Using the USB memory with extension cable Using the USB memory via the USB hub USB memory not compliant with USB standard You may not be able to use properly, depending on the USB memory you are using. When you are using the USB memory, the machine cannot enter the sleep mode. Also, the Weekly Timer settings are ignored. Insert the USB memory straight into the USB port. If the USB memory is inserted in an angle or if you insert a USB memory type not compliant with USB standard, the USB port may be damaged. You cannot access the machine during backing up or restoring data in the USB memory. Do not remove the USB memory during backing up or restoring data. Doing so may cause damage to the USB memory, USB port, or the data inside of the USB memory. Also if the USB memory is removed when restoring, the machine may be damaged. The data on the machine is backed up on the USB memory after it has been encrypted. You cannot manage or browse the backed up data on the computer. The following condition must be met to use the USB memory. Press → [Preferences] → [External Interface] → [USB Settings] → set [Use MEAP Driver for USB External Device] to 'Off'.

IMPORTANT

The security provided by TPM does not guarantee complete protection of the data and hardware. Note that Canon will not be liable for any failure or damages resulting from the use of this mode.

You can use the USB memory that is commercially available.

The following is the file system of the USB memory supported by this machine.

FAT32

The following USB memory and usage are not supported.

USB memory with security function or memory card reader that connects via USB

Using the USB memory with extension cable

Using the USB memory via the USB hub

USB memory not compliant with USB standard

You may not be able to use properly, depending on the USB memory you are using.

When you are using the USB memory, the machine cannot enter the sleep mode. Also, the Weekly Timer settings are ignored.

Insert the USB memory straight into the USB port. If the USB memory is inserted in an angle or if you insert a USB memory type not compliant with USB standard, the USB port may be damaged.

You cannot access the machine during backing up or restoring data in the USB memory.

Do not remove the USB memory during backing up or restoring data. Doing so may cause damage to the USB memory, USB port, or the data inside of the USB memory. Also if the USB memory is removed when restoring, the machine may be damaged.

The data on the machine is backed up on the USB memory after it has been encrypted. You cannot manage or browse the backed up data on the computer.

The following condition must be met to use the USB memory.

Press

→ [Preferences] → [External Interface] → [USB Settings] → set [Use MEAP Driver for USB External Device] to 'Off'.

Setting TPM

This section explains how to activate the TPM setting.

CAUTION
Before the TPM setting is activated, the System Manager must check that the default settings of the System Manger ID and System PIN (System Manger Settings) are changed. If the default settings of the System Manager ID and System PIN are not changed, user other than the administrator can backup and the TPM backup key may be taken. Since TPM key can only be backed up once, you cannot restore the TPM key. Backup the TPM key immediately on to the USB memory after the TPM setting is activated. If initialization is performed following the steps for "Initializing All Data/Settings," all of the data encrypted by the TPM key is completely erased and the TPM setting becomes inactive.

CAUTION

Before the TPM setting is activated, the System Manager must check that the default settings of the System Manger ID and System PIN (System Manger Settings) are changed. If the default settings of the System Manager ID and System PIN are not changed, user other than the administrator can backup and the TPM backup key may be taken. Since TPM key can only be backed up once, you cannot restore the TPM key.

Backup the TPM key immediately on to the USB memory after the TPM setting is activated.

If initialization is performed following the steps for "Initializing All Data/Settings," all of the data encrypted by the TPM key is completely erased and the TPM setting becomes inactive.

Press

→ [Management Settings] → [Data Management] → [TPM Settings].

Press [Yes].

NOTE
If the TPM setting is activated, it may take longer to start the machine.

Backing Up the TPM Key

If the TPM setting is activated and the TPM chip fails, you cannot recover the confidential information since each type of confidential information is uniquely encrypted with the TPM key. Thus, immediately backup when the TPM setting is activated.

For backing up, use the commercially available USB memory.

CAUTION
For security reasons, you can only backup the TPM key once. Store the USB memory with the backup data in a safe place. Also, write down the password set when backing up and keep it in a safe place. For the backup of the TPM key, it is recommended that you use a USB memory with free space of 10 MB or more.

IMPORTANT
You cannot back up the TPM key for the following cases: USB memory is write protected USB memory is not connected More than one USB memory is connected Not enough free space in the connected USB memory TPM key does not exist on the machine

Press

→ [Management Settings] → [Data Management] → [TPM Settings].

Press [Back Up TPM Key].

Press [Password] → enter a password that is 4 to 12 characters long → press [OK].

In the Confirm screen, enter the same password to confirm the password → press [OK].

Connect the USB memory to the machine → press [OK] → [OK].

If the error screen is displayed, follow the instructions on the screen and backup again.

Restoring the TPM Key

If the TPM chip fails, you can use the previously backed up data of the TPM key to restore the TPM key on to the new TPM chip. For information on backing up the TPM key, see "Backing Up the TPM Key." For information on TPM chip failure, contact your local authorized Canon dealer.

CAUTION
Restoring of the TPM key recovers the access to the HDD/SRAM that became inaccessible due to TPM chip failure and does not recover the HDD/SRAM.

IMPORTANT
You cannot restore the TPM key for the following cases: USB memory is not connected More than one USB memory is connected TPM key does not exist on the USB memory TPM key on the USB memory is not correct

NOTE
The setting is effective only after you restart the machine (the main power switch is turned OFF, and then back ON). For instruction on restarting (turning the main power switch OFF and then ON) the machine, see "Main Power and Control Panel Power."

Press

→ [Management Settings] → [Data Management] → [TPM Settings].

Press [Restore TPM Key].

Press [Password] → enter the password you specified when backing up → press [OK] → [OK].

Connect the USB memory to the machine → press [OK].

If the error screen is displayed, follow the instructions on the screen and restore again.

Confirm that the TPM key was successfully restored → press [OK] → restart the machine.