|
Infineon Security Platform Solution |
Migrating Keys to other Systems
Once a system user is set up as an Infineon Security Platform User, there may arise the requirement to provide the user-specific security environment not only on the computer where the setup happened, but also on other computers the user has access to. Multiple setups on different computers will not help, as the security elements will not be compatible - e.g., an e-mail signed on one computer will not be accepted on the other due to different signing keys.
Migration Basics
The Infineon Security Platform offers the possibility to maintain and administrate this situation by offering a migration path for the user-specific secret. The basic idea of this technology is the strict separation of the administrative and operational role of migration. This separation is required to guarantee the personality of the migrated secrets, ensuring at the same time that no means exist to transfer the secrets without knowledge of an administrative instance.
After the successful migration of a user the target computer hosts the very same security environment that is also available on the source computer. From the point of view of the Infineon Security Platform User, no difference exists in the operational behavior of the systems.
Nevertheless, the two computers are still independent Infineon Security Platforms. The migration of user keys does not have any impact on the primary security structure of the Infineon Security Platform. Most importantly the secrets stored in the Trusted Platform Module are not touched by this operation.
 |
In server mode, migration of user-specific
credentials and settings
is handled by Trusted Computing Management Server. At logon, users get necessary updates whenever
their credentials and settings have changed. This is also called roaming.
The update from the server database overwrites local user-specific credentials and settings.
In stand-alone mode user-specific credentials and settings on the migration source and destination computer are merged. |
The migration operation is performed using the Infineon Security Platform Migration Wizard.
|
Migration to a computer without existing
user keys and certificates: The migration process will install new user keys and certificates on the machine you are migrating to. You will need to configure Security Platform Features for use with these new keys and certificates. |
 |
Migration to a computer with existing user
keys and certificates (different Basic User Key): The migration process will invalidate your existing Security Platform keys and certificates installed on the machine you are migrating to. Your encrypted data may be lost as a result of this operation. Please decrypt your encrypted data before proceeding with migration or contact your system administrator for data recovery procedure. |
|
Migration to a computer with existing user
keys and certificates (same Basic User Key): If the destination computer already uses the same Basic User Key as the source computer, then the migration process will merge your user keys and certificates. After migration, the keys and certificates from the migration archive will be active. Old keys and certificates will be kept. This way you will not lose any encrypted data. For example, if you have encrypted your data with EFS or PSD on both the migration source computer and destination computer, but you have used different certificates on both computers, then migration will activate the certificate from the source computer on the destination computer. The certificate the destination computer had used before will be kept and can be reactivated anytime. |
|
Migration and Personal Secure Drive:
|
©Infineon Technologies AG