Method and apparatus for preventing software version rollback

US 9,965,268 B2
Filed: 07/05/2016
Issued: 05/08/2018
Est. Priority Date: 07/07/2015
Status: Active Grant

First Claim

Patent Images

1. An information processing apparatus, comprising:

a security chip including a counter which monotonically increases a counter value;

a central processing unit (CPU); and

a memory storing a version number and a hash value, delivered software having the version number and the hash value, and an updater program to be executed by the CPU, wherein the updater program causes the CPU to;

manage a current version number and a current hash value of the software having been installed in the information processing apparatus by the counter value held in the counter included in the security chip;

verify validity of the delivered software, the version number of the delivered software, and the hash value of the delivered software and, if verification has failed, interrupt updating of the software;

if verification succeeds, determine, by comparing the version number of the delivered software with the current version number of the software held in the counter included in the security chip, whether the version number of the delivered software is newer than the current version number of the software, and,if it is determined that the version number of the delivered software is not newer than the current version number, interrupt updating of the software;

update the software using the delivered software if it is determined that the version number of the delivered software is newer than the current version number;

verify whether the software has successfully updated, and, if the software has not successfully updated, restore the software having the current version number prior to updating; and

if it is verified that the software has been successfully updated, increase the version number held in the counter included in the security chip until the version number matches the version number of the delivered software.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This invention prevents rollback of firmware of an information processing apparatus. The apparatus including a security chip includes a counter which holds a value which monotonically increases, a version management unit which manages a current version number of software in the apparatus, a first verification unit which verifies validity of update software of the software and a version number of the update software, a rollback detection unit which detects whether a version of the update software is newer than a version of the current software, an update unit which updates the software using the update software, and a second verification unit which verifies whether the update unit has successfully updated the software. If the software has been successfully updated, the version management unit increases the value held in the counter until the value matches the version number of the update software.

23 Citations

View as Search Results

7 Claims

1. An information processing apparatus, comprising:
- a security chip including a counter which monotonically increases a counter value;
  
  a central processing unit (CPU); and
  
  a memory storing a version number and a hash value, delivered software having the version number and the hash value, and an updater program to be executed by the CPU, wherein the updater program causes the CPU to;
  
  manage a current version number and a current hash value of the software having been installed in the information processing apparatus by the counter value held in the counter included in the security chip;
  
  verify validity of the delivered software, the version number of the delivered software, and the hash value of the delivered software and, if verification has failed, interrupt updating of the software;
  
  if verification succeeds, determine, by comparing the version number of the delivered software with the current version number of the software held in the counter included in the security chip, whether the version number of the delivered software is newer than the current version number of the software, and,if it is determined that the version number of the delivered software is not newer than the current version number, interrupt updating of the software;
  
  update the software using the delivered software if it is determined that the version number of the delivered software is newer than the current version number;
  
  verify whether the software has successfully updated, and, if the software has not successfully updated, restore the software having the current version number prior to updating; and
  
  if it is verified that the software has been successfully updated, increase the version number held in the counter included in the security chip until the version number matches the version number of the delivered software.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The apparatus according to claim 1,wherein the security chip includes an access controllable nonvolatile memory,wherein when the counter, in response to receiving a request of increasing the version number, requests an authorization secret as a password, and if the authorization secret is correct, increases the version number, andthe authorization secret is saved in the access controllable nonvolatile memory when no software activated in the information processing apparatus is altered.
  - 3. The apparatus according to claim 2, wherein the authorization secret is saved in the access controllable nonvolatile memory which undergoes access control to be accessible when an OS of the information processing apparatus is inactive.
  - 4. The apparatus according to claim 2, whereinthe updater program causes the CPU to verify validity of the delivered software and the version number of the delivered software, using a root certificate as a public key certificate, andthe root certificate is saved in the access controllable nonvolatile memory which undergoes access control to be accessible when no software activated in the information processing apparatus is altered.
  - 5. The apparatus according to claim 2, wherein the authorization secret is encrypted using the security chip so as to be decrypted when no software activated in the information processing apparatus is altered.

6. A control method for an information processing apparatus, comprising:
- holding a counter value in a security chip including a counter which monotonically increases the counter value;
  
  managing a current version number and a current hash value of software stored in a memory of the information processing apparatus by the counter value held in the counter included in the security chip;
  
  verifying validity of the delivered software, the version number of the delivered software, and the hash value of the delivered software and, if verification has failed, interrupting updating of the software;
  
  if verification succeeds, determining, by comparing the version number of the delivered software with the current version number of the software held in the counter included in the security chip, whether the current version number of the software is newer than the current version number of the software, and,if it is determined that the version number of the delivered software is not newer than the current version number, interrupting updating of the software;
  
  updating the software using the delivered software if it is determined that the version number of the delivered software is newer than the current version number;
  
  verifying whether the software has been successfully updated, and if the software has not successfully updated, restore the software having the current version number prior to updating andif it is verified that the software has been successfully updated, increasing, in the managing, the version number held by the counter included in the security chip until the version number matches the version number of the delivered software.

7. A non-transitory computer-readable storage medium storing a program to be executed by a processor of an information processing apparatus, wherein the processor:
- holds a counter value in a security chip including a counter which monotonically increases the counter value,manages a current version number and a current hash value of software stored in a memory of the information processing apparatus by the counter value held in the counter included in the security chip,verifies validity of the delivered software, the version number of the delivered software, and the hash value of the delivered software and, if verification has failed, interrupts updating of the software,if verification succeeds, determines, by comparing the version number of the delivered software with the current version number of the software held in the counter included in the security chip, whether the current version number of the software is newer than the current version number of the software, andif it is determined that the version number of the delivered software is not newer than the current version number, interrupts updating of the software,updates the software using the delivered software if it is determined that the version number of the delivered software is newer than the current version number,verifies whether the software has been successfully updated, and if the software has not successfully updated, restores the software having the current version number prior to updating, andif it is verified that the software has been successfully updated, increasing, in the management, the version number held by the counter included in the security chip until the version number matches the version number of the delivered software.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Canon Kabushiki Kaisha (Canon Inc.)
Original Assignee
Canon Kabushiki Kaisha (Canon Inc.)
Inventors
Kawazu, Ayuta
Primary Examiner(s)
Khatri, Anil

Application Number

US15/201,757
Publication Number

US 20170010881A1
Time in Patent Office

672 Days
Field of Search

717168-177, 709203
US Class Current
CPC Class Codes

G06F 11/14   Error detection or correcti...

G06F 11/1433   during software upgrading

G06F 8/65   Updates security arrangemen...

G06F 8/654   using techniques specially ...

G06F 8/71   Version control security ar...

Method and apparatus for preventing software version rollback

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

23 Citations

7 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for preventing software version rollback

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

7 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links