Method and apparatus for preventing software version rollback
First Claim
1. An information processing apparatus, comprising:
- a security chip including a counter which monotonically increases a counter value;
a central processing unit (CPU); and
a memory storing a version number and a hash value, delivered software having the version number and the hash value, and an updater program to be executed by the CPU, wherein the updater program causes the CPU to;
manage a current version number and a current hash value of the software having been installed in the information processing apparatus by the counter value held in the counter included in the security chip;
verify validity of the delivered software, the version number of the delivered software, and the hash value of the delivered software and, if verification has failed, interrupt updating of the software;
if verification succeeds, determine, by comparing the version number of the delivered software with the current version number of the software held in the counter included in the security chip, whether the version number of the delivered software is newer than the current version number of the software, and,if it is determined that the version number of the delivered software is not newer than the current version number, interrupt updating of the software;
update the software using the delivered software if it is determined that the version number of the delivered software is newer than the current version number;
verify whether the software has successfully updated, and, if the software has not successfully updated, restore the software having the current version number prior to updating; and
if it is verified that the software has been successfully updated, increase the version number held in the counter included in the security chip until the version number matches the version number of the delivered software.
1 Assignment
0 Petitions
Accused Products
Abstract
This invention prevents rollback of firmware of an information processing apparatus. The apparatus including a security chip includes a counter which holds a value which monotonically increases, a version management unit which manages a current version number of software in the apparatus, a first verification unit which verifies validity of update software of the software and a version number of the update software, a rollback detection unit which detects whether a version of the update software is newer than a version of the current software, an update unit which updates the software using the update software, and a second verification unit which verifies whether the update unit has successfully updated the software. If the software has been successfully updated, the version management unit increases the value held in the counter until the value matches the version number of the update software.
23 Citations
7 Claims
-
1. An information processing apparatus, comprising:
-
a security chip including a counter which monotonically increases a counter value; a central processing unit (CPU); and a memory storing a version number and a hash value, delivered software having the version number and the hash value, and an updater program to be executed by the CPU, wherein the updater program causes the CPU to; manage a current version number and a current hash value of the software having been installed in the information processing apparatus by the counter value held in the counter included in the security chip; verify validity of the delivered software, the version number of the delivered software, and the hash value of the delivered software and, if verification has failed, interrupt updating of the software; if verification succeeds, determine, by comparing the version number of the delivered software with the current version number of the software held in the counter included in the security chip, whether the version number of the delivered software is newer than the current version number of the software, and, if it is determined that the version number of the delivered software is not newer than the current version number, interrupt updating of the software; update the software using the delivered software if it is determined that the version number of the delivered software is newer than the current version number; verify whether the software has successfully updated, and, if the software has not successfully updated, restore the software having the current version number prior to updating; and if it is verified that the software has been successfully updated, increase the version number held in the counter included in the security chip until the version number matches the version number of the delivered software. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A control method for an information processing apparatus, comprising:
-
holding a counter value in a security chip including a counter which monotonically increases the counter value; managing a current version number and a current hash value of software stored in a memory of the information processing apparatus by the counter value held in the counter included in the security chip; verifying validity of the delivered software, the version number of the delivered software, and the hash value of the delivered software and, if verification has failed, interrupting updating of the software; if verification succeeds, determining, by comparing the version number of the delivered software with the current version number of the software held in the counter included in the security chip, whether the current version number of the software is newer than the current version number of the software, and, if it is determined that the version number of the delivered software is not newer than the current version number, interrupting updating of the software; updating the software using the delivered software if it is determined that the version number of the delivered software is newer than the current version number; verifying whether the software has been successfully updated, and if the software has not successfully updated, restore the software having the current version number prior to updating and if it is verified that the software has been successfully updated, increasing, in the managing, the version number held by the counter included in the security chip until the version number matches the version number of the delivered software.
-
-
7. A non-transitory computer-readable storage medium storing a program to be executed by a processor of an information processing apparatus, wherein the processor:
-
holds a counter value in a security chip including a counter which monotonically increases the counter value, manages a current version number and a current hash value of software stored in a memory of the information processing apparatus by the counter value held in the counter included in the security chip, verifies validity of the delivered software, the version number of the delivered software, and the hash value of the delivered software and, if verification has failed, interrupts updating of the software, if verification succeeds, determines, by comparing the version number of the delivered software with the current version number of the software held in the counter included in the security chip, whether the current version number of the software is newer than the current version number of the software, and if it is determined that the version number of the delivered software is not newer than the current version number, interrupts updating of the software, updates the software using the delivered software if it is determined that the version number of the delivered software is newer than the current version number, verifies whether the software has been successfully updated, and if the software has not successfully updated, restores the software having the current version number prior to updating, and if it is verified that the software has been successfully updated, increasing, in the management, the version number held by the counter included in the security chip until the version number matches the version number of the delivered software.
-
Specification