The machine contains the Security functions (Data Overwrite Security and HDD Encryption) in the controller board.

If you are installing a new machine, it is recommended to activate the Data Overwrite Security and HDD Encryption by selecting "Format All Data" from “System Settings” on the operation panel.

  • This method is recommended because there is no user data on the hard drive yet (Address Book data, image data, etc.).

If the customer wishes to activate the Data Overwrite Security and HDD Encryption unit on a machine that is already running, it is recommended to activate the unit by selecting "All Data" from “System Settings” on the operation panel.

  • Selecting "All Data" will preserve the data that has already been saved to the HDD. (If "Format All Data" is selected, all user data saved to the HDD up to that point will be erased).

Immediately after encryption is enabled, the encryption setting process will take several minutes to complete before you can begin using the machine.

  • If encryption is enabled after data has been stored on the HDD, or of the encryption key is changed, this process can take up to three and a half hours or more.

The machine cannot be operated while data is being encrypted.

Once the encryption process begins, it cannot be stopped.

Make sure that the machine's main power is not turned off while encryption is in progress.

If the machine's main power is turned off while encryption is in progress, the HDD will be damaged and all data on it will be unusable.

Print the encryption key and keep the encryption key (which is printed as a paper sheet).

Keep the encryption key in a safe place. If the encryption key is lost and cannot be printed, the controller board, HDD and NVRAM must all be replaced at the same time.

  • "NVRAM" mentioned in here means the NVRAM on the Controller Board.
  • "NVRAM" or EEPROM on the BICU has nothing to do with this.

Please use the following procedure when reinstalling Data Overwrite Security and HDD Encryption.

Data Overwrite Security

Before You Begin the Procedure

  1. Make sure that the following settings (1) to (3) are not at their factory default values.

    (1) Supervisor login password

    (2) Administrator login name

    (3) Administrator login password

    If any of these settings is at the factory default value, tell the customer these settings must be changed before you do the installation procedure.

  2. Make sure that “Admin. Authentication” is on.

    [System Settings] -> [Administrator Tools] -> [Administrator Authentication Management] -> [Admin. Authentication]

    If this setting is off, tell the customer this setting must be on before you do the installation procedure.

  3. Make sure that “Administrator Tools” is enabled (selected).

    [System Settings] -> [Administrator Tools] -> [Administrator Authentication Management] -> [Available Settings]

    If this setting is disabled (not selected), tell the customer this setting must be enabled (selected) before you do the installation procedure.

Installation Procedure

  1. Connect the network cable if it needs to be connected.

  2. Turn ON the main power.

  3. Go into the SP mode and push “EXECUTE” in SP5-878-001.

  4. Exit the SP mode and turn OFF the main power.

  5. Turn ON the main power.

  6. Do SP5-990-005 (SP print mode Diagnostic Report).
    Make sure to shut down and reboot the machine once before printing the SMC. Otherwise, the latest settings may not be collected when the SMC is printed.

  7. Go into the User Tools mode, and select [System Settings] [Administrator Tools] [Auto Erase Memory Setting] [On].

  8. Exit the User Tools mode.

    Icon [1]

    This icon is lit when there is temporary data to be overwritten, and blinks during overwriting.

    Icon [2]

    This icon is lit when there is no temporary data to be overwritten.

  9. Check the display and make sure that the overwrite erase icon appears.

  10. Check the overwrite erase icon.

    The icon [1] is lit when there is temporary data to be overwritten, and blinks during overwriting.

    The icon [2] is lit when there is no temporary data to be overwritten.

Using Auto Erase Memory

The Auto Erase Memory function can be enabled by the following procedure.

  1. Log in as the machine administrator from the control panel.
  2. Press the [User Tools] icon.
  3. Press [Machine Features].
  4. Press [System Settings].
  5. Press [Administrator Tools].

  6. Press [Next] three times.

  7. Press [Auto Erase Memory Setting].

  8. Press [On].

  9. Select the method of overwriting.
    If you select [NSA] or [DoD], proceed to step 12.
    If you select [Random Numbers], proceed to step 10.

  10. Press [Change].

  11. Enter the number of times that you want to overwrite using the number keys, and then press [#].

  12. Press [OK]. Auto Erase Memory is set.

  13. Log out.

  14. Check the display and make sure that the overwrite erase icon appears.

  15. Check the overwrite erase icon.
    The icon [1] is lit when there is temporary data to be overwritten, and blinks during overwriting.
    The icon [2] is lit when there is no temporary data to be overwritten.

    Icon [1]

    This icon is lit when there is temporary data to be overwritten, and blinks during overwriting.

    Icon [2]

    This icon is lit when there is no temporary data to be overwritten.

HDD Encryption

Before You Begin the Procedure:

  1. Make sure that the following settings (1) to (3) are not at the factory default settings.

    (1) Supervisor login password

    (2) Administrator login name

    (3) Administrator login password

    If any of these settings is at the factory default value, tell the customer these settings must be changed before you do the installation procedure.

  2. Confirm that "Admin. Authentication" is on.
    [System Settings] -> [Administrator Tools] -> [Administrator Authentication Management] -> [Admin. Authentication] -> [On]

    If this setting is off, tell the customer that this setting must be on before you can do the installation procedure.

  3. Confirm that "Administrator Tools" is selected and enabled.

    [System Settings] -> [Administrator Tools] -> [Administrator Authentication Management] -> [Available Settings]

    "Available Settings" is not displayed until step 2 is done.

    If this setting is not selected, tell the customer that this setting must be selected before you can do the installation procedure.

Installation Procedure

  1. Turn ON the main power, and then enter the SP mode.

  2. Select SP5878-002, and then press "Execute" on the LCD.

  3. Exit the SP mode after "Completed" is displayed on the LCD.

  4. Turn OFF the main power.

Enable Encryption Setting

Machine Data Encryption Settings can be enabled by the following procedure.

When setting up encryption, specify whether to start encryption after deleting data (initialize) or encrypt and retain existing data. If data is retained, it may take some time to encrypt it.

  1. Turn ON the main power.

  2. Log in as the machine administrator from the control panel.

  3. Press the [User Tools] icon.

  4. Press [Machine Features].

  5. Press [System Settings].

  6. Press [Administrator Tools].

  7. Press [Next] three times.

  8. Press [Machine Data Encryption Settings].

  9. Press [Encrypt].

  10. Select the data to be carried over to the hard disk and not be reset.
    To carry all of the data over to the hard disk, select [All Data].
    To carry over only the machine settings data, select [File System Data Only].
    To reset all of the data, select [Format All Data].

  11. Select the backup method.

    If you have selected [Save to SD Card], load an SD card into the media slot on the side of the control panel and press [OK] to back up the machine's data encryption key.
    If you have selected [Print on Paper], press the [Start] key to print out the machine's data encryption key.

  12. Press [OK].

  13. Press [Exit].

  14. Press [Exit].

  15. Log out.
  16. Turn OFF the main power, and then turn the main power back ON.
    The machine will start to convert the data on the memory after you turn on the machine. Wait until the message "Memory conversion complete. Turn the main power switch off." appears, and then turn the main power off again.
Check the Encryption Settings
  1. Press the [User Tools] icon.
  2. Press [Machine Features].
  3. Press [System Settings].
  4. Press [Administrator Tools].
  5. Press [Machine Data Encryption Settings].
  6. Confirm whether the encryption has been completed or not on this display.
Print the Encryption Key

Use the following procedure to print the key again if it has been lost or misplaced.

  1. Press the [User Tools] icon.
  2. Press [Machine Features].
  3. Press [System Settings].
  4. Press [Administrator Tools].
  5. Press [Machine Data Encryption Settings].
    If this item is not visible, press [Next] to display more settings.
  6. Press [Print Encryption Key].
Encryption Key Example

The encryption key is printed out as a sheet of paper like the example shown above.

Please instruct the customer to keep it in a safe place.

Backing Up the Encryption Key

The encryption key can be backed up. Select whether to save it to an SD card or to print it.

The encryption key is required for data recovery if the machine malfunctions. Be sure to store the encryption key safely for retrieving backup data.

  1. Log in as the machine administrator from the control panel.
  2. Press the [User Tools] icon.
  3. Press [Machine Features].
  4. Press [System Settings].
  5. Press [Administrator Tools].
  6. Press [Next] three times.
  7. Press [Machine Data Encryption Settings].
  8. Press [Print Encryption Key].

  9. Select the backup method.
    If you have selected [Save to SD Card], load an SD card into the media slot on the side of the control panel and press [OK]; once the machine's data encryption key is backed up, press [Exit].
    If you have selected [Print on Paper], press the [Start] key. Print out the machine's data encryption key.

  10. Press [Exit].

  11. Log out.

Encryption Key Restoration

How to restore the old encryption key to the machine

The following message appears after the controller board is replaced. In such a case, it is necessary to restore the encryption key to the new controller board.

To do this, follow the procedure below.

  1. Prepare an SD card that has been initialized in FAT16 format.
  2. Using a PC, create a folder in the SD card and name it "restore_key".
  3. Create a folder in the "restore_key" folder and name it the same as machine's serial number, "xxxxxxxxxxx" (11 digits).

  4. Create a text file called "key_xxxxxxxxxxx.txt" and save it in the "xxxxxxxxxxx" folder. Write the encryption key in the text file.
    /restore_key/xxxxxxxxxxx/key_xxxxxxxxxxx.txt

    Ask an Administrator to enter the encryption key. The key has already been printed out by the user and may have been saved in the "key_xxxxxxxxxxx.txt" file. (The function of back-up the encryption key to the SD card directly is provided 11A products or later.)

  5. Turn ON the machine’s main power.
  6. Confirm that a message is displayed on the LCD telling to insert the SD card that contains the encryption key.
  7. Turn OFF the main power.
  8. Insert the SD card that contains the encryption key into SD card slot 2 (the lower slot).

  9. Turn ON the main power.

    The machine will automatically restore the encryption key to the flash memory on the controller board.

  10. Turn OFF the main power when the machine has returned to normal status.

  11. Remove the SD card from SD card slot 2.

How to do a forced start up with no encryption key

If the encryption key back-up has been lost, follow the procedure below to do a forced start-up.

  • The HDD will be formatted after the forced start-up.
  • Encrypted data will be deleted.
  • User settings will be cleared.

  1. Prepare an SD card.
  2. Create a directory named "restore_key" inside the root directory of the SD card. Then, save the "nvram_key.txt" file using the following name:
    /restore_key/nvram_key.txt

  3. Create a text file and write "nvclear".

    • Write this string at the head of the file.
    • Use all lower-case letters.
    • Do not use quotation marks or blank spaces.
    • It is judged that a forced start has been selected when the content of "nvclear" is executed and the machine shifts to the alternate system (forced start).

  4. Confirm that a message is displayed on the LCD telling to insert the SD card that contains the encryption key.

  5. Turn OFF the main power.

  6. Insert the SD card that contains the encryption key into SD card slot 2 (the lower slot).

  7. Turn ON the main power.
    The machine automatically clear the HDD encryption.

  8. Turn OFF the main power when the machine has returned to normal status.

  9. Remove the SD card from SD card Slot 2.

  10. Turn ON the main power.

  11. Memory clear SP5-801-xxx (Exclude SP-5-801-001: All Clear and SP-5-801-002: Engine), and clear SP5-846-046: address book.

  12. Set necessary user settings in User Tools.

SP descriptions
  • SP5-878-002 (Option Setup: HDD Encryption)
    Executes the setup for encryption.
  • SP5-990-005 (SP Print Mode: Diagnostic Report)
    Prints the configuration sheets of the system and user settings : SMC.
    Make sure to shut down and reboot the machine once before printing the SMC. Otherwise, the latest settings may not be collected when the SMC is printed.
  • SP5-801-001 (Memory Clear: All Clear)
    Resets all correction data for process control and all software counters, and returns all modes and adjustments to their default values.
  • SP5-801-002 (Memory Clear: Engine)
    Clears non-volatile memory of engine.
  • SP5-846-046 (UCS Setting: Addr Book Media)
    Displays the slot number where an address book data is in.
    0: Unconfirmed
    1: SD Slot 1
    2: SD Slot 2
    3: SD Slot 3
    4: USB Flash ROM
    10: SD Slot 10
    20: HDD
    30: Nothing