INFORMATION PROCESSING APPARATUS AND CONTROL METHOD THEREFOR

US 20170010881A1
Filed: 07/05/2016
Published: 01/12/2017
Est. Priority Date: 07/07/2015
Status: Active Grant

First Claim

Patent Images

1. An information processing apparatus including a security chip, comprising:

a counter unit configured to hold a counter value which monotonically increases;

a version management unit configured to manage a current version number of software in the information processing apparatus by the counter value held in the counter unit;

a first verification unit configured to verify validity of update software of the software and a version number of the update software;

a rollback detection unit configured to detect, by comparing the version number of the update software with the current version number of the software held in the counter unit, whether a version of the update software is newer than a version of the current software;

an update unit configured to update the software using the update software if the rollback detection unit determines that the version of the update software is newer than the version of the current software; and

a second verification unit configured to verify whether the update unit has successfully updated the software,wherein if the second verification unit determines that the software has been successfully updated, the version management unit increases the version number held in the counter unit until the version number matches the version number of the update software.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This invention prevents rollback of firmware of an information processing apparatus. The apparatus including a security chip includes a counter which holds a value which monotonically increases, a version management unit which manages a current version number of software in the apparatus, a first verification unit which verifies validity of update software of the software and a version number of the update software, a rollback detection unit which detects whether a version of the update software is newer than a version of the current software, an update unit which updates the software using the update software, and a second verification unit which verifies whether the update unit has successfully updated the software. If the software has been successfully updated, the version management unit increases the value held in the counter until the value matches the version number of the update software.

44 Citations

View as Search Results

8 Claims

1. An information processing apparatus including a security chip, comprising:
- a counter unit configured to hold a counter value which monotonically increases;
  
  a version management unit configured to manage a current version number of software in the information processing apparatus by the counter value held in the counter unit;
  
  a first verification unit configured to verify validity of update software of the software and a version number of the update software;
  
  a rollback detection unit configured to detect, by comparing the version number of the update software with the current version number of the software held in the counter unit, whether a version of the update software is newer than a version of the current software;
  
  an update unit configured to update the software using the update software if the rollback detection unit determines that the version of the update software is newer than the version of the current software; and
  
  a second verification unit configured to verify whether the update unit has successfully updated the software,wherein if the second verification unit determines that the software has been successfully updated, the version management unit increases the version number held in the counter unit until the version number matches the version number of the update software.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The apparatus according to claim 1, further comprising:
    - a saving unit serving as an access controllable nonvolatile memory,wherein if the version management unit requests to increase the version number, the counter unit requests an authorization secret as a password, and ifthe authorization secret is correct, increases the version number held in the counter unit, and the authorization secret is saved in the saving unit which undergoes access control to be accessible when no software activated in the information processing apparatus is altered.
  - 3. The apparatus according to claim 2, wherein the authorization secret is saved in the saving unit which undergoes access control to be accessible when an OS of the information processing apparatus is inactive.
  - 4. The apparatus according to claim 2, whereinthe first verification unit uses a root certificate as a public key certificate to verify, by a digital signature, validity of the update software of the software and the version number of the update software, andthe root certificate is saved in the saving unit which undergoes access control to be accessible when no software activated in the information processing apparatus is altered.
  - 5. The apparatus according to claim 2, wherein the authorization secret is encrypted using the security chip so as to be decrypted when no software activated in the information processing apparatus is altered.

6. A control method for an information processing apparatus using a security chip, comprising:
- holding a counter value which monotonically increases;
  
  managing a current version number of software by the counter value;
  
  verifying validity of update software of the software and a version number of the update software;
  
  detecting, by comparing the version number of the update software with the current version number of the software indicated by the counter value, whether a version of the update software is newer than a version of the current software;
  
  updating the software using the update software if it is determined that the version of the update software is newer than the version of the current software; and
  
  verifying whether the software has been successfully updated,wherein if it is determined, in the verifying whether the software has been successfully updated, that the software has been successfully updated, the version number indicated by the counter value is increased in the managing until the version number matches the version number of the update software.

7. A non-transitory computer-readable storage medium storing a program to be executed by a processor of an information processing apparatus using a security chip, wherein the processorholds a counter value which monotonically increases,manages a current version number of software by the counter value,verifies validity of update software of the software and a version number of the update software,detects, by comparing the version number of the update software with the current version number of the software indicated by the counter value, whether a version of the update software is newer than a version of the current software,updates the software using the update software if it is determined that the version of the update software is newer than the version of the current software, andverifies whether the software has been successfully updated, andif it is determined in the verification that the software has been successfully updated, the version number indicated by the counter value is increased in the management until the version number matches the version number of the update software.

8. An information processing apparatus using a security chip which holds a counter unit capable of monotonically increasing a counter, comprising:
- a management unit configured to manage a version number of software of the information processing apparatus by the counter of the counter unit; and
  
  an update unit configured to update the software,wherein if the update by the update unit succeeds, the management unit increases the counter of the counter unit up to a version number of the software after the update, andif the update by the update unit fails, the update unit returns the software to the software before the update.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Canon Kabushiki Kaisha (Canon Inc.)
Original Assignee
Canon Kabushiki Kaisha (Canon Inc.)
Inventors
Kawazu, Ayuta

Granted Patent

US 9,965,268 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 11/14   Error detection or correcti...

G06F 11/1433   during software upgrading

G06F 8/65   Updates security arrangemen...

G06F 8/654   using techniques specially ...

G06F 8/71   Version control security ar...

INFORMATION PROCESSING APPARATUS AND CONTROL METHOD THEREFOR

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

44 Citations

8 Claims

Specification

Use Cases

Quick Links

Others

INFORMATION PROCESSING APPARATUS AND CONTROL METHOD THEREFOR

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

8 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others