Protect the confidentiality of print and scan data on the Océ POWERsync controller
Enable hard disk encryption of the Océ POWERsync controller on Océ PlotWave 345/365/450/550 printing systems.
Disk encryption is optional and is based on Microsoft® BitLocker® drive encryption technology.
To enable disk encryption of the Océ POWERsync controller, two items are required:
In order to protect the confidentiality of print and scan data in the system controller hard disk, some security policies request
the encryption of all data on disk.
A service technician needs to install the Disk Encryption License and TPM (Trusted Platform Module) board in the controller.
Description
Microsoft Windows® BitLocker Drive Encryption Technology is a security option that provides data protection for the
controller, by encrypting all data stored on the Windows operating system volume.
A Trusted Platform Module (TPM) is a microchip that is built into a computer. It is used to store cryptographic information,
such as encryption keys. Information stored on the TPM can be more secure from external software attacks and physical
theft.
BitLocker uses the TPM to help protect the Windows 8 embedded operating system and user data and helps to ensure that a
computer is not tampered with.
BitLocker Drive Encryption
Once the Disk Encryption License (1504C004) is activated in combination with the TPM Module (1502C004), the data on the
Océ POWERsync controller is protected by encrypting the entire Windows operating system volume.
A TPM is mandatory to encrypt the Hard disk of the controller; BitLocker uses this TPM to lock the
encryption keys that protect the data. As a result, the keys cannot be accessed until the TPM has
verified the state of the computer. Encrypting the entire volume protects all of the data, including the
operating system itself, the Windows registry, temporary files, and the hibernation file. Because the
keys needed to decrypt data remain locked by the TPM, an attacker cannot read the data just by
removing your hard disk and installing it in another computer. This process is also valid for the optional
removable hard disk.
Trusted Platform Module (TPM)
A TPM is a microchip designed to provide basic security-related functions, primarily involving encryption keys. The TPM must
be installed on the motherboard of the controller, and communicates with the rest of the system by using a hardware bus.
The controller that incorporates a TPM has the ability to create cryptographic keys and encrypt them so that they can be
decrypted only by the TPM. Each TPM has a master wrapping key, called the Storage Root Key (SRK), which is stored
within the TPM itself. The private portion of a key created in a TPM is never exposed to any other component, software,
process, or person.
With a TPM, private portions of key pairs are kept separated from the memory controlled by the operating system. Because
the TPM uses its own internal firmware and logic circuits for processing instructions, it does not rely upon the operating
system and is not exposed to external software vulnerabilities.
