Trusted Platform Module

Password Procedures

The Infineon Security Platform software allows users to configure passwords from 6 to 255 characters. A good password should consist of:

At least one upper case letter (A to Z)

At least one numerical character (0 to 9)

At least one symbol character (!, @, &, etc.)

Examples: “I wear a Brown hat 2 worK @ least once-a-month” or “uJGFak&%)adf35a9m”

NOTE

Avoid using names or dates that can be easily guessed such as: birthdays, anniversaries, family member names, pet names, etc.

All passwords associated with the Infineon Security Platform software (Owner, Emergency Recovery Token, and User passwords) and the Wave Systems EMBASSY Trust Suite are NOT RECOVERABLE and cannot be reset without the original text. The system owner should document all passwords and store them in a secured location (vault, safe deposit box, off-site storage) and kept available for future use. These documents should be updated after any password changes.

Emergency Recovery File Back Up Procedures

After completing the Infineon Security Platform Initialization Wizard, the Emergency Recovery Token (SPEmRecToken.xml) must be moved to removable media (floppy, CDR, flash media, etc). Once this is done, the removable media should be stored in a secure location. DO NOT LEAVE ANY COPIES of the Emergency Recovery Token on the hard drive or within any hard drive image backups. If a copy of the Emergency Recovery Token remains on the system, it could be used to compromise the Trusted Platform Module and platform.

After completing the Infineon Security Platform User Initialization Wizard, a copy of the Emergency Recovery Archive (SPEmRecArchive.xml) should be copied to removable media and stored in a secure location. This procedure should be repeated after any password changes or the addition of a new user.

Hard Drive Image Backup Procedures

To allow for emergency recovery from a hard drive failure, frequent images of the hard drive should be created and stored in a secure location. In the event of a hard drive failure, the latest image can be restored to a new hard drive and access to the encrypted data can be re-established.

NOTE

All encrypted and unencrypted data that was added after the last image was created will be lost.

87

Page 87
Image 87
Intel D865GRH manual Password Procedures, Emergency Recovery File Back Up Procedures, Hard Drive Image Backup Procedures