• In server mode Backup and Restoration of user credentials and settings is handled by Trusted Computing Management Server, except Backup and Restoration of Personal Secure Drive (PSD) image files.
• The update of user credentials and settings which is handled by Trusted Computing Management Server is also based on Backup and Restore.

• Automatically written Backup Archive ("System Backup Archive", e.g. file SPSystemBackup.xml and folder SPSystemBackup): Set up by Security Platform Administrator. Contains credentials and settings of all Security Platform Users (for one or multiple Security Platform computers). Also contains computer identification and user identification, which are used to match computers and users during the restoration process.
• Manually written Backup Archive (e.g. SPBackupArchive.xml): Created by Security Platform User. Contains credentials and settings of one Security Platform User (for one Security Platform computer). Also contains computer identification and user identification, which are used to match computer and user during the restoration process.

• Emergency Recovery data for all users is included in automatically written Backup Archives. It is also included for the concerned user in manually written Backup Archives, if Automatic Backup has already been configured at the time the manual backup is performed.
• Emergency Recovery Token (e.g. SPEmRecToken.xml) or combined Emergency Recovery/Password Reset Token (e.g. SpToken_<PCName>.xml): Created by Security Platform Administrator. Is required for a restoration of Emergency Recovery data.

Notes:

• In contrast to the PSD Backup, standard hard disk backup tools produce unencrypted backups.
• If the PSD credentials are lost and no credential backup is available, but the PSD image file or backup image file is available, this data can be recovered via Personal Secure Drive Recovery.

• PSD configuration settings are included in both automatically written Backup Archives and manually written Backup Archives.
• PSD backup file (e.g. SpPSDBackup.fsb): A backup copy of the PSD image file may be created during a Security Platform User's manual backup.

Details on how to perform System Backup

Details on how to perform Manual Backup

If Security Platform is not yet initialized:

Configuration via Quick Initialization Wizard

Here the System Backup is automatically configured with default settings.

Configuration via Security Platform Initialization Wizard

Follow the steps mentioned:

• Launch Infineon Security Platform Settings Tool. In the Welcome page of Quick Initialization Wizard, select Advanced Initialization.
• Select Security Platform initialization and click Next.
• Set the Owner Password and click Next.
• During the Initialization Wizard, check the checkbox Automatic Backup (includes Emergency Recovery) and click Next.
• Browse to a location on the hard drive for saving the Backup Archive. A Backup Archive consisting of an XML file (e.g. SPSystemBackup.xml) and a folder (e.g. SPSystemBackup) will be created at the default location: \%ALLUSERSPROFILE%\My Documents\Security Platform.
• The default scheduled backup is set to 12:00 PM, daily. To change the time, click Schedule..., select a start time to create a scheduled backup and click Ok, then click Next.
• Select the option Create a new Recovery Token.
• Browse to a location of your choice for saving the Emergency Recovery Token file (default file name: SPEmRecToken.xml).
• Set a new token password and click Next.
• Confirm the settings and click Next.
• Check the checkbox Run automatic backup now. Click Finish on the Completion page.
• Security Platform credentials and settings are backed up for the first time now. Regular backups will take place as scheduled.

If Security Platform is already initialized: Settings Tool - Backup - Configure...

Follow the steps mentioned:

• Launch Infineon Security Platform Settings Tool and select Backup.
• Click Configure... to launch the Initialization Wizard.
• Browse to a location on the hard drive for saving the Backup Archive. A Backup Archive consisting of an XML file (e.g. SPSystemBackup.xml) and a folder (e.g. SPSystemBackup) will be created at the default location: \%ALLUSERSPROFILE%\My Documents\Security Platform.
• The default scheduled backup is set to 12:00 PM, daily. To change the time, click Schedule..., select a start time to create a scheduled backup and click Ok, then click Next.
• Confirm the settings and click Next.
• Check the checkbox Run automatic backup now and click Finish on the Completion page.
• Security Platform credentials and settings are backed up for the first time now. Regular backups will take place as scheduled.

In server mode this button is disabled as automatic backup is handled by Trusted Computing Management Server, i.e. no explicit configuration is necessary here by the user.

Follow the steps mentioned:

• Launch Infineon Security Platform Settings Tool and select Backup. Settings Tool - Backup - Backup...
• Click Backup... to launch the Backup Wizard.
• Click Browse... and select a location on the hard drive for saving the Backup Archive (default file name: SpBackupArchive.xml). Click Next.
• Configure your Personal Secure Drive backup settings (see Configure Personal Secure Drive Backup Settings) and click Next.
• Confirm the settings and click Next.
• Click Finish on the Completion page.

In server mode, you can only backup your Personal Secure Drives (PSD). In server mode, Trusted Computing Management Server performs the backup of user credentials and settings. Apart from the conditions mentioned above, this button is disabled, if Personal Secure Drive (PSD) is not configured.

If a manually written Backup Archive is available and no Emergency Recovery data needs to be restored, then a user can perform restoration without preparation by an administrator.

If Emergency Recovery data is included in a manual backup and the current user is administrator, this backup can be used also for an Emergency Recovery restoration of the current user.

Follow the steps mentioned:

• Launch Infineon Security Platform Settings Tool and select Backup. Security Module - Backup - Restore...
• Click Restore... to launch the Backup Wizard.
• If you want to restore your settings and credentials, check the checkbox Restore my settings and credentials. Click Browse... and navigate to the Backup Archive (default file name: SPBackupArchive.xml).
• Click Next.
• Authenticate yourself and click Next.
• Confirm the settings and click Next.
• If you want to restore one or more Personal Secure Drives, configure your Personal Secure Drive restoration settings (see Configure Personal Secure Drive Restore Settings).
• Click Next.
• Confirm the settings and click Next.
• Optionally you can check the checkbox Start Security Platform User Initialization Wizard if you want to configure other Security Platform features.
• Click Finish on the Completion page.
• Your certificates are restored now. You can view your certificates in User Settings - Security Platform Certificates.
• Right click on the Taskbar Notification Icon and load your Personal Secure Drives. Authenticate yourself.

In server mode, you can only restore your Personal Secure Drive (PSD). In server mode, Trusted Computing Management Server performs the restoration of credentials and settings.