Print out this category
Works before / after introduction
The works above are basically done by users.
Execute the following in Setting / Registration mode (“TPM setting” is OFF by default).
1. Enable the feature
2. Backup the TPM key
3. Restore the TPM key
4. Disable the feature
CAUTION:
When the TPM setting is set to “ON”, advice users on the following:
Back up the TPM key swiftly after the setting is ON
Keep the password used at backup securely
Never lose the USB flash drive with the backup TPM key file saved
The TPM key should be restored after the TPM PCB is replaced due to failures or the like. (TPM key restoration is enabled only at TPM PCB replacement.)
Unless the key is restored, the security information (passwords, encryption key, and certificates) cannot be used.
When the key restoration is failed due to the USB flash drive lost or others, “Initialize All Data / Settings” should be executed to reactivate TPM functionality. The security may be undermined if the old Setting / Registration data are maintained as it is.
1. Enable Functionality
CAUTION: Setup of “System Management PIN”
It is recommended for users (administrators) to set the system management PIN before installing TPM. The TPM key is backed up after the TPM setting is set to “ON”. However, the key backup is permitted only once. Unless the key is properly backed up, users other than administrators may illegally obtain the backup file. To avoid such risks effectively, the system management PIN should be set.
1) Set Management Settings> Data Management> TPM Settings to ON.
2) Click [Yes], and restart the machine.
This setting is enabled after the machine is restarted.
2.TPM Key Backup
The TPM key backup file can be stored only in USB memory (supported file system: FAT32).
Note that this file requires the memory free space of several MBs.
1) Insert the USB memory to the machine.
The USB I/F (host) is found at the side of the Control Panel as well as the Main Controller PCB 1.
CAUTION:
Ensure to insert only one USB memory.
If the backup job is started with 2 or more USB memories connected, the message is shown to notify that the backup is failed.
NOTE:
The USB memory holds the TPM key backup files by serial number. Thus, backup files for multiple machines can be saved in a USB memory.
2)Click [Backup TPM Key] in Management Settings> Data Management> TPM Settings.
3) Click [Password] to enter the password (4-12 digits). Then, enter the password for confirmation.
4) Click [OK] to initiate TPM key backup.
5) Click [OK] on Backup Completion Screen and remove the USB memory.
CAUTION: The following may cause failures in backup.
If any of the following is detected, the backup process is aborted and the message and the cause for the failure are shown on the screen.
Take an appropriate measure to recover this.
The USB memory is not inserted to the machine
2 or more USB memories are inserted to the machine
The USB memory has insufficient free memory space
The USB memory is write-protected
No key is found
CAUTION: The USB memory should be securely stored.
Give advice users on the following points.
The USB memory should be securely stored
Once the TPM key backup file is saved in the USB memory, never save the backup file on a server or the like accessible to unanimous users.
NOTE: Name of TPM key backup file
The serial number for the machine is automatically assigned as the backup file name.
3. Restore of TPM key
Procedure is about the same as the backup work.
Difference between restore work and backup work:
Rebooting is necessary (turn OFF and then ON the main power) after completion of restore work.
1) Connect the USB memory that saves TPM key.
2) Select the following: Management settings> Data management> TPM settings; and click [Restore TPM key].
3) Enter the password set in the backup process.
4) Click [OK] on Start Restoration Screen. The restoration process is started.
5) Click [OK] on Restoration Completion Screen. Remove the USB flash drive and turn OFF/ ON the main power.
CAUTION: The following may cause failures in restoration.
If any of the following is detected, the restoration process is aborted and the message and the cause for the failure are shown on the screen. Take an appropriate measure for recovery.
The USB memory is not inserted to the machine
2 or more USB flash memories are inserted to the machine
The USB memory is security-protected
No TPM key is saved in the USB memory
The TPM key saved in the USB memory is not for the machine
The wrong password is entered
After the TPM key was backed up, [Initialize All Systems/ Settings] was executed
SRAM (the Main Controller PCB 1) or HDD is crashed
4. Disable the feature
To set OFF for the TPM setting, execute [Initialize All Data/Settings].
CAUTION: Points to caution when disabling functionality
To disable the use of TPM, all data and settings should be initialized. If this is executed, user information saved in the HDD/ SRAM is totally cleared. Ensure to back up the data before disabling TPM settings.
List of data to be cleared
Data saved in BOX/ Advanced Box
Data saved in Inbox (Fax Box/ System Box)
Destination data registered in Address Book
Read mode registered using Send function
Mode memory registered using Copy/ Box function
MEAP applications and their license files
Data saved using MEAP applications
Password for MEAP SMS (Service Management Service)
(The password is returned to default if any change is made.)
User authentication information registered by local device authentication via SSO-H (Single Sign-On H)
Unsent documents (documents for scheduled transmission and reserved transmission)
Job logs
Contents set in Settings/Registration
Image-composite registration form
Registered transfer settings
Key pair and certificate and CRL registered in Management Setting (Settings/Registration)> Device Management> Certificate Settings
Steps of data restoration after recovery
The restoration process triggers Settings/Registration> Management Setting> Data Management> Import/Export.
The data listed below cannot be restored, thus should be set again.
Environment Settings
Paper settings
Display settings in the destination to save
Time fine-adjustment for timer/ power settings
Date/ time settings (excluding time zone and daylight-saving settings)
User settings for SNMPv3
Context settings
Firewall settings (excluding MAC address filter)
Adjustment/Maintenance
Function Settings
Image-composite form for the common print operation
Printer settings
Transfer settings for the common receipt/ transfer settings
Inbox settings
Frequently-used Copy settings
Registered short-cuts in “Other Functions”
Frequently-used Send settings
Frequently-used settings for saving/ using files
Address Settings
Address Book
Management Settings
Sheet counts in Department ID Management
Settings for device information distribution
Certificate settings
License registration
Remote operation settings
Box backup/ restoration
TPM Settings