CN111614859B - Image forming apparatus, security control method thereof, and storage medium - Google Patents
Image forming apparatus, security control method thereof, and storage medium Download PDFInfo
- Publication number
- CN111614859B CN111614859B CN202010418515.9A CN202010418515A CN111614859B CN 111614859 B CN111614859 B CN 111614859B CN 202010418515 A CN202010418515 A CN 202010418515A CN 111614859 B CN111614859 B CN 111614859B
- Authority
- CN
- China
- Prior art keywords
- control system
- image forming
- security
- forming apparatus
- switch
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N1/00—Scanning, transmission or reproduction of documents or the like, e.g. facsimile transmission; Details thereof
- H04N1/00838—Preventing unauthorised reproduction
- H04N1/00856—Preventive measures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N1/00—Scanning, transmission or reproduction of documents or the like, e.g. facsimile transmission; Details thereof
- H04N1/00912—Arrangements for controlling a still picture apparatus or components thereof not otherwise provided for
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N1/00—Scanning, transmission or reproduction of documents or the like, e.g. facsimile transmission; Details thereof
- H04N1/00912—Arrangements for controlling a still picture apparatus or components thereof not otherwise provided for
- H04N1/00938—Software related arrangements, e.g. loading applications
Landscapes
- Engineering & Computer Science (AREA)
- Multimedia (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Facsimiles In General (AREA)
Abstract
The invention relates to an image forming apparatus, a security control method thereof and a storage medium, wherein the image forming apparatus comprises a first control system and a second control system; the first control system includes a security module configured to perform security supervision on information of the image forming apparatus; the second control system is configured to control the image forming apparatus to perform an image forming operation, wherein the first control system is connected with the terminal device through the interface unit, and the second control system is connected with the first control system. The image forming apparatus can solve the problems of long product development period and increased complexity of a control system caused by the need of redeveloping the control system which supports security monitoring and can well match an engine mechanism of the image forming apparatus.
Description
Technical Field
The present invention relates to the field of image forming technologies, and in particular, to an image forming apparatus, a security control method thereof, and a storage medium.
Background
With the development of image forming technology, image forming apparatuses are increasingly used in offices and daily life, and common image forming apparatuses include, but are not limited to, printers, copiers, scanners, facsimile machines, or multi-function machines integrating one or more functions of printing, copying, scanning, and faxing. In the related art, security of print information has become important, and therefore, an image forming apparatus is supporting security-related functions, such as development of a control System (for example, a System on Chip (SoC) loaded with firmware) capable of coordinating with security monitoring to control data input and output of the image forming apparatus, but the control System in the related art needs to control an engine mechanism of the image forming apparatus in addition to data input and output of the image forming apparatus; if a control system that supports both security monitoring and that is well matched to the engine mechanism of an image forming apparatus is newly developed, it will inevitably increase the product development period, and also increase the complexity of the control system.
Disclosure of Invention
Embodiments of the present invention provide an image forming apparatus, a security control method thereof, and a storage medium, which can solve the problems of a long product development period and an increased complexity of a control system caused by a need to redevelop the control system that supports security monitoring and can be well matched with an engine mechanism of the image forming apparatus.
In a first aspect, an embodiment of the present invention provides an image forming apparatus including a first control system and a second control system;
the first control system includes a security module configured to securely supervise information of the image forming apparatus;
the second control system is configured to control the image forming apparatus to perform an image forming operation, wherein the first control system is connected with the terminal device through an interface unit, and the second control system is connected with the first control system.
With reference to the first aspect, in an optional implementation manner, the information of the image forming apparatus includes any one or more of a firmware upgrade package, a scan command, print data, a start-up program corresponding to an operating system of the image forming apparatus, and firmware when the second control system runs.
With reference to the first aspect, in an optional implementation manner, the image forming apparatus further includes a first memory configured to store a boot program and security check information corresponding to an operating system of the image forming apparatus;
when the image forming device is powered on, the first control system and the security module are started, the first control system controls the security module to read the starting program and the security verification information stored in the first memory, static measurement is carried out on the starting program according to the security verification information, and after the static measurement is passed, the first control system controls the second control system to read the starting program stored in the first memory and load the starting program.
With reference to the first aspect, in an optional implementation manner, the image forming apparatus further includes a first switch, a second switch, and a third switch, wherein the security module is connected to the first memory through the first switch, the second control system is connected to the first memory through the second switch, the second control system is connected to a power supply of the image forming apparatus through the third switch, and the first control system is connected to enable terminals of the first switch, the second switch, and the third switch;
when the image forming device is powered on, the first control system and the security module are started, the first control system controls the first switch to be connected and the second switch and the third switch to be disconnected, the security module reads the starting program and the security verification information stored in the first memory and carries out static measurement on the starting program according to the security verification information, when the static measurement passes, the first control system controls the first switch to be disconnected again and the second switch and the third switch to be connected, and the second control system reads the starting program stored in the first memory and loads the starting program.
With reference to the first aspect, in an optional implementation, the image forming apparatus further comprises a second memory configured to store firmware when the second control system is running;
and after the second control system finishes loading the starting program, the second control system reads and loads the firmware stored in the second memory when the second control system runs, and the security module performs dynamic measurement on the firmware when the second control system runs.
With reference to the first aspect, in an optional implementation manner, when firmware upgrade is required to be performed on the first control system, the security module receives a firmware upgrade package corresponding to the first control system, performs security verification on the firmware upgrade package corresponding to the first control system, and after the security verification is passed, performs firmware upgrade on the first control system according to the firmware upgrade package corresponding to the first control system.
When the second control system needs to be upgraded, the safety module receives a firmware upgrade package corresponding to the second control system, carries out safety verification on the firmware upgrade package corresponding to the second control system, and sends the firmware upgrade package corresponding to the second control system after the safety verification is passed, so that the second control system carries out firmware upgrade according to the firmware upgrade package corresponding to the second control system.
With reference to the first aspect, in an optional implementation manner, the security module is specifically configured to receive the print data, perform security verification on the print data, and send the print data to the second control system after the security verification is passed, so that the second control system controls a print engine mechanism of the image forming apparatus to complete print processing on the print data according to the print data.
With reference to the first aspect, in an optional implementation manner, the security module is specifically configured to receive the scan command, perform security verification on the scan command, send the scan command to the second control system after the security verification is passed, the second control system controls a scan engine mechanism of the image forming apparatus to scan a document to be scanned according to the scan command, obtain scan data, and send the scan data to the security module, the security module performs security verification on the scan data, and sends the scan data to a terminal device after the security verification is passed.
In a second aspect, an embodiment of the present invention provides a security control method of an image forming apparatus, the method including:
the image forming apparatus includes a first control system including a security module and a second control system, the method including:
the safety module carries out safety supervision on information of the image forming device;
the second control system controls the image forming device to execute imaging operation, wherein the first control system is connected with the terminal equipment through an interface unit, and the second control system is connected with the first control system.
With reference to the second aspect, in an optional implementation manner, the information of the image forming apparatus includes any one or more of a firmware upgrade package, a scan command, print data, a start-up program corresponding to an operating system of the image forming apparatus, and firmware when the second control system runs.
With reference to the second aspect, in an optional implementation manner, the image forming apparatus further includes a first memory configured to store a boot program corresponding to an operating system of the image forming apparatus and security check information;
the security module performs security supervision on information of the image forming apparatus, and includes:
when the image forming device is powered on, the first control system and the security module are started, the first control system controls the security module to read the starting program and the security verification information stored in the first memory, static measurement is carried out on the starting program according to the security verification information, and after the static measurement is passed, the first control system controls the second control system to read the starting program stored in the first memory and load the starting program.
With reference to the second aspect, in an optional implementation, the image forming apparatus further comprises a second memory configured to store firmware when the second control system is running;
the security module carries out security supervision on the information of the image forming device, and further comprises:
and after the second control system finishes loading the starting program, the second control system reads and loads the firmware stored in the second memory and used for the second control system to run, and the security module performs dynamic measurement on the firmware used for the second control system to run.
With reference to the second aspect, in an optional implementation manner, the security module performs security supervision on information of the image forming apparatus, and includes:
when the first control system needs to be upgraded, the security module receives a firmware upgrade package corresponding to the first control system, carries out security verification on the firmware upgrade package corresponding to the first control system, and when the security verification is passed, the first control system carries out firmware upgrade according to the firmware upgrade package corresponding to the first control system.
When the second control system needs to be upgraded, the safety module receives a firmware upgrade package corresponding to the second control system, carries out safety verification on the firmware upgrade package corresponding to the second control system, and sends the firmware upgrade package corresponding to the second control system after the safety verification is passed, so that the second control system carries out firmware upgrade according to the firmware upgrade package corresponding to the second control system.
With reference to the second aspect, in an optional implementation manner, the security module performs security supervision on information of the image forming apparatus, and includes:
the safety module receives the printing data, carries out safety verification on the printing data, and sends the printing data to the second control system after the safety verification is passed;
correspondingly, the second control system controls the image forming apparatus to perform an image forming operation, including:
and the second control system controls a printing engine mechanism of the image forming device to complete printing processing of the printing data according to the printing data.
With reference to the second aspect, in an optional implementation manner, the security module performs security supervision on information of the image forming apparatus, and includes:
receiving the scanning command, performing security verification on the scanning command, and sending the scanning command to the second control system after the security verification is passed;
correspondingly, the second control system controls the image forming apparatus to perform an image forming operation, including:
the second control system controls a scanning engine mechanism of the image forming device to scan a file to be scanned according to the scanning command to obtain scanning data, and sends the scanning data to the security module;
correspondingly, the security module performs security supervision on the information of the image forming apparatus, and further comprises:
and the safety module carries out safety verification on the scanning data, and sends the scanning data to the terminal equipment after the safety verification is passed.
In a third aspect, an embodiment of the present invention provides a storage medium, where the storage medium includes a stored program, and when the program runs, a device in which the storage medium is located is controlled to execute the method.
It can be understood that, in the embodiment of the present invention, by providing two control systems (a first control system and a second control system), security monitoring of each information of the image forming apparatus is realized by the first control system, and control of the imaging operation of the image forming apparatus is realized by the second control system, so that it is not necessary to newly develop a control system that supports security monitoring and can match with an engine mechanism of the image forming apparatus to realize imaging control, and a development cycle of a product is shortened without increasing complexity of the control system.
Compared with the scheme of only providing the connection between the security chip and one control system, the scheme still needs to rely on the original control system to be directly connected with the interface unit of the image forming apparatus under the condition that the security chip cannot directly control data transmission, and cannot meet the requirement on security control. Because the first control system provided by the embodiment comprises the security module, the first control system is authenticated by the security chip, so that the behavior of the first control system is more credible; therefore, the input and output of the data and the control parameters transmitted by the interface unit of the image forming device are transmitted to the second control system through the first control system, and the control of the whole image forming device is safer and more reliable based on the credibility of the behavior of the first control system.
Drawings
The invention is further illustrated with reference to the following figures and examples.
FIG. 1 is a schematic block diagram of an image forming system provided by an embodiment of the present invention;
FIG. 2 is still another schematic block diagram of an image forming apparatus provided by an embodiment of the present invention;
FIG. 3 is still another schematic block diagram of an image forming system provided by an embodiment of the present invention;
fig. 4 is a flowchart of a security control method of an image forming apparatus according to an embodiment of the present invention.
DETAILED DESCRIPTION OF EMBODIMENT (S) OF INVENTION
For better understanding of the technical solutions of the present invention, the following detailed descriptions of the embodiments of the present invention are provided with reference to the accompanying drawings.
It should be understood that the described embodiments are only some embodiments of the invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The terminology used in the embodiments of the invention is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in the examples of the present invention and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should be understood that the term "and/or" as used herein is merely one type of association that describes an associated object, meaning that three relationships may exist, e.g., a and/or B may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" herein generally indicates that the former and latter related objects are in an "or" relationship.
Referring to fig. 1, an embodiment of the present invention provides an image forming system including an image forming apparatus and a terminal device (e.g., a PC (Personal Computer) shown in fig. 1), the image forming apparatus representing an apparatus for printing print data generated by a Computer, for example, on a recording medium such as printing paper. Examples of the image forming apparatus include a copying machine, a printer, a facsimile, a scanner, and a multi-function peripheral that performs the above functions in a single device. The image forming apparatus includes a first control system and a second control system.
Wherein the first control system includes a security module configured to perform security supervision on information of the image forming apparatus;
the second control system is configured to control the image forming apparatus to execute an imaging operation, the first control system is connected with the terminal device through the interface unit, the second control system is connected with the first control system, information is input to the security module through an IO port of the first control system, and after safety verification of the security module, the information is input to the second control system connected with the first control system, so that the imaging operation is executed.
It can be understood that, in the embodiment of the present invention, by providing two control systems (a first control system and a second control system), security monitoring of each information of the image forming apparatus is realized by the first control system, and control of the imaging operation of the image forming apparatus is realized by the second control system, so that it is not necessary to redevelop the control system which supports security monitoring and can match with an engine mechanism of the image forming apparatus to realize imaging control, and a development cycle of a product is shortened without increasing complexity of the control system.
The image forming apparatus provided by the present invention, its components and operation principle will be described in detail below.
A first control System, such as SoC (System on Chip), in an embodiment of the present invention, configured to perform processing operations related to data transceiving, command transceiving, and the like, wherein the interface unit is further capable of receiving print job data and print, scan, and fax commands from a terminal device (such as a PC shown in fig. 1 and a control panel of the image forming apparatus), or transmitting scan, fax data, print, scan, and fax status information, and the like, and the internal security module is configured to monitor operation activities corresponding to a second control System in the image forming apparatus; trusted Computing (Trusted Computing) in security modules is used for security of behaviors, and is widely used in computers and communication systems to improve the security of the whole system. Information security includes four aspects: equipment safety, data safety, content safety and behavior safety; in order to further improve the behavior safety characteristic of the image forming apparatus, the trusted computing function is introduced in the embodiment; the functional modules corresponding to the trusted computing supervision module mentioned in this embodiment include four functions: a program (or module) starts/runs a monitoring function (such as a white list strategy), a registration function, an auditing function and an upgrade monitoring function; the specific implementation manner of the trusted computing supervision module may be hardware (e.g., a security module), software (e.g., program code with the functions of the above four modules), or a combination of hardware and software (e.g., a security module and a security code); taking the implementation manner of the program code as an example: the security module comprises a driving layer supervisory program and an application layer supervisory program; the image forming device comprises a driver layer supervisor, an application layer supervisor, a trusted computing supervisor and a white list management module, wherein the driver layer supervisor is responsible for supervising driver layer modules of an image forming device operating system (such as a Linux system), the application layer supervisor is responsible for supervising application layer programs of the image forming device, and the trusted computing supervisor only allows drivers and programs in the white list range to run; drivers and programs in the range of the non-white list are not allowed to run; the trusted computing supervisor can record or report the security event behavior generated on the image forming device; therefore, the trusted computing monitoring program can comprehensively monitor the driving layer and the application layer of the image forming device, and can effectively prevent unsafe behaviors of the application program and the equipment driving.
In some embodiments of the invention, the first control system is further configured to power manage the second control system and control the second control system to read and write the boot program. In some embodiments of the present invention, the security module supports Encryption/decryption using a DES (Data Encryption Standard)/TDEA (Triple Data Encryption Algorithm) Algorithm, ensures secure transmission of Data between the image forming apparatus and a specified user terminal, prevents secret information from being leaked, and supports DMA (Direct Memory Access) operation using an APB (advanced Peripheral Bus) interface, allows hardware devices of different speeds to communicate without depending on a large amount of interrupt load of a CPU (Central Processing Unit), and performs security supervision on the startup and running states of the image forming apparatus and print/scan Data.
The second control System, for example, soC (System on Chip), is configured to execute processing operations related to engine control, such as obtaining print data through the first control System, and analyzing the print data to generate an instruction for controlling the print engine mechanism to execute a specific function, where the instruction for executing the specific function of the print engine mechanism includes, for example, LSU (Laser Scanning Unit) exposure parameters, pickup roller rotation parameters, and the like. For another example, the first control system obtains the scan command, and generates a scan command for controlling the scan engine mechanism to execute a specific function according to the scan command.
In some implementations of the invention, the information of the image forming apparatus includes, but is not limited to, any one or more of a firmware upgrade package, scan data, print data, a boot program corresponding to an operating system of the image forming apparatus, and firmware on which the second control system is running. The safety module of the first control system can monitor the information safely, so that the running safety of the image forming device is guaranteed.
As shown in fig. 1, in some implementations of the invention, the image forming apparatus further includes a first memory, which may be a non-volatile memory such as a NOR flash, a NAND flash, an EEPROM (erasable programmable read only memory), a FRAM (ferroelectric memory), an MRAM (magnetic RAM), an NVSRAM (non-volatile static memory), and the like. The first memory is configured to store a start-up program and security verification information corresponding to an operating system of the image forming apparatus;
when the image forming device is powered on, the first control system and the safety module are started, the first control system controls the safety module to read the starting program and the safety verification information stored in the first memory, static measurement is carried out on the starting program according to the safety verification information, and when the static measurement passes, the first control system controls the second control system to read the starting program stored in the first memory and load the starting program.
Referring to fig. 2, in a specific implementation, the image forming apparatus further includes a power supply, a first switch, a second switch, and a third switch, wherein the security module is connected to the first memory through the first switch, the second control system is connected to the first memory through the second switch, the second control system is connected to the power supply of the image forming apparatus through the third switch, and the first control system is connected to the enable terminals of the first switch, the second switch, and the third switch.
Specifically, as shown in fig. 2, the security module is connected to a first end (a) of the first switch, a second end (Y) of the first switch is connected to the first memory, and a first port (GPIO) of the first control system is connected to an enable End (EN) of the first switch; the second control system is connected with a first end (A) of the second switch, a second end (Y) of the second switch is connected with the first memory, and a first port (GPIO) of the first control system is connected with an enabling End (EN) of the second switch; and a second port (GPIO) of the first control system is connected with an enable End (EN) of the third switch, and the first control system is connected with the power supply.
The security module is connected with a first end (A) of the first switch, a second end (Y) of the first switch and the first memory, a first port (GPIO) of the first control system and an enable End (EN) of the first switch, a second control system and a first end (A) of the second switch, a second end (Y) of the second switch and the first memory, a first port (GPIO) of the first control system and an enable End (EN) of the second switch, and a second port (GPIO) of the first control system and an enable End (EN) of the third switch through SPI (Serial Peripheral Interface) buses.
In one or more embodiments of the present invention, the first switch, the second switch, and the third switch may be a switch circuit using a metal-oxide-semiconductor (MOS) transistor as a switch.
When the image forming device is powered on, the first control system and the safety module are started, the first control system controls the first switch to be connected through generating an enabling effective signal, the second switch and the third switch are disconnected through generating an enabling ineffective signal, the safety module reads a starting program and safety check information stored in the first storage, static measurement is conducted on the starting program according to the safety check information, after the static measurement is passed, the first control system controls the first switch to be disconnected through generating the enabling ineffective signal, the enabling effective signal is generated to control the second switch and the third switch to be connected, the second control system reads the starting program stored in the first storage, and the starting program is loaded.
The enable invalid signal may be a high level signal, and the enable valid signal may be a low level signal; alternatively, the enable disable signal may be a low level signal and the enable signal may be a high level signal.
The starting program includes but is not limited to a Boot program, an Uboot program, an operating system program, and the like, wherein the operating system program includes initializing a DDR (Double Data Rate SDRAM ), initializing a cache, initializing a serial port, initializing a network card, and the like.
The security check information may include a check code, and the process of the security module performing static measurement on the start program according to the security check information may be: the safety module reads the starting program and the safety check information, generates operation check information according to the starting program, and outputs information whether the static measurement of the starting program passes or not by comparing whether the operation check information and the safety check information meet a preset relation or not; for example, the security module performs logical operation on the start program through its own operation circuit or operation code to obtain operation check information, the security module further compares the operation check information and the security check information through a logical comparison circuit or a logical comparison code to determine whether the operation check information and the security check information satisfy a predetermined relationship (e.g., equal), and if so, outputs information that the static metric of the start program passes, and if not, outputs information that the static metric of the start program does not pass.
The check code in the security check information in the embodiment of the present invention may be directly stored in advance, or may be a check code obtained by checking a complete start program in advance (for example, before shipping) according to a preset rule, and storing the obtained check result as the security check information. When static measurement is needed (for example, after sale, when the use process needs to be started), the safety module reads the starting program and the safety check information according to the requirements, performs logic operation on the starting program to obtain operation check information, then compares the operation check information with the safety check information, if the operation check information and the safety check information are consistent, the starting program is complete and is not modified, if the operation check information and the safety check information are inconsistent, the starting program is modified, at the moment, if the second control system reads and executes the starting program, potential safety hazards exist, and therefore the safety module does not allow the second control system to be started so as to guarantee safe operation of the second control system.
As shown in fig. 2, the image forming apparatus further includes a second memory configured to store firmware for the second control system to operate, the second memory is connected to the second control system, and may be connected via an SPI bus, and the second memory may be a non-volatile memory, such as a NOR flash, a NAND flash, an EEPROM (erasable programmable read only memory), a FRAM (ferroelectric memory), an MRAM (magnetic RAM), an NVSRAM (non-volatile static memory), and the like.
And after the second control system finishes loading the starting program, the second control system reads and loads the firmware stored in the second memory and used when the second control system runs, and the security module is used for dynamically measuring the firmware used when the second control system runs.
The process of the second control system performing dynamic measurement on the firmware of the second control system running through the security module may be: when the second control system runs to the appointed position of the firmware, the password corresponding to the appointed position is obtained, the security module is asked for the reference password corresponding to the appointed position, then the password corresponding to the appointed position is compared with the reference password corresponding to the appointed position, when the password corresponding to the appointed position and the reference password corresponding to the appointed position meet a preset relation (for example, equal), the second control system continues to execute the firmware, and when the password corresponding to the appointed position and the reference password corresponding to the appointed position do not meet the preset relation (for example, equal), the execution of the firmware is stopped, so that whether the firmware operated by the second control system is tampered or not is judged, and the security of the second control system is ensured. The first control system and the second control system can realize information interaction in the dynamic measurement process through the SPI bus.
As shown in fig. 2, in some embodiments of the present invention, the image forming apparatus further includes a third memory configured to store firmware when the first control system is running, the third memory is connected to the first control system, and may be specifically connected through an SPI bus, and the third memory may be a non-volatile memory, such as a NOR flash, a NAND flash, an EEPROM (erasable programmable read only memory), a FRAM (ferroelectric memory), an MRAM (magnetic RAM), and an NVSRAM (non-volatile static memory).
In one or more realizable modes, when firmware upgrading is needed to be performed on the first control system, the security module receives a firmware upgrading package corresponding to the first control system, performs security verification on the firmware upgrading package corresponding to the first control system, and after the security verification is passed, the first control system performs firmware upgrading according to the firmware upgrading package corresponding to the first control system.
Specifically, the security module may obtain a firmware upgrade package corresponding to the first control system from the terminal device, and then generate an enable disable signal to an enable End (EN) of the third switch 104 through a second port (GPIO) of the first control system, so that the second control system disconnects the power supply, the security module receives the firmware upgrade package corresponding to the first control system, and performs security verification on the firmware upgrade package corresponding to the first control system, after the security verification passes, the first control system performs firmware upgrade according to the firmware upgrade package corresponding to the first control system, after the firmware upgrade is completed, the second port (GPIO) of the first control system generates an enable valid signal to the enable End (EN) of the third switch, so that the second control system is connected to the power supply and restarted.
The enable invalid signal may be a high level signal, and the enable valid signal may be a low level signal; alternatively, the enable disable signal may be a low signal and the enable signal may be a high signal.
In one or more realizable modes, when firmware upgrading is needed to be performed on the second control system, the security module receives a firmware upgrading packet corresponding to the second control system, performs security verification on the firmware upgrading packet corresponding to the second control system, and sends the firmware upgrading packet corresponding to the second control system after the security verification is passed, so that the second control system performs firmware upgrading according to the firmware upgrading packet corresponding to the second control system.
Specifically, the security module may obtain a firmware upgrade package corresponding to the first control system from the terminal device, perform security verification on the firmware upgrade package corresponding to the second control system, and send the firmware upgrade package corresponding to the second control system after the security verification is passed; the first control system further performs state interaction with the second control system, for example, the second control system reports firmware upgrade state information to the first control system in real time, and the first control system is further connected with a reset terminal of the second control system, when the second control system finishes firmware upgrade, the second control system reports firmware upgrade completion information to the first control system, the first control system sends a reset valid signal (for example, a high level signal or a low level signal) to the reset terminal of the second control system, and after the second control system is reset, the start program and the firmware are reloaded.
In the embodiment of the present invention, the state interaction between the first control system and the second control system may be implemented by a UART (Universal Asynchronous Receiver/Transmitter).
As shown in fig. 1, in one or more implementable manners, the security module may be further configured to receive the print data, perform security verification on the print data, and transmit the print data to the second control system after the security verification is passed, so that the second control system controls the print engine mechanism of the image forming apparatus to complete the print processing on the print data according to the print data.
Specifically, a user can send a print job to the image forming apparatus through the terminal device, where the print job includes print data, the security module receives the print data and performs security verification on the print data, and after the security verification passes, the print data is sent to the second control system, and specifically, the print data can be encrypted and then sent to the second control system, and the second control system decrypts the print data and then generates a print instruction according to the print data, and then sends the print data and the print instruction to a print engine mechanism of the image forming apparatus, so as to control the print engine mechanism of the image forming apparatus to complete a print operation on the print job.
Continuing with fig. 1, in one or more implementable manners, the security module may be further configured to receive the scan command and perform security verification on the scan command, and when the security verification passes, send the scan command to the second control system, and the second control system generates a scan instruction according to the scan command to control the scan engine mechanism of the image forming apparatus to scan a document to be scanned, obtain scan data, and send the scan data to the security module, and the security module performs security verification on the scan data, and when the security verification passes, sends the scan data to the terminal device.
Continuing as shown in fig. 1, specifically, a user may send a scan command to the image forming apparatus through the terminal device or a control panel of the image forming apparatus, where the scan command is used to instruct the image forming apparatus to scan a document to be scanned, the security module may be further configured to receive the scan command and perform security verification on the scan command, after the security verification passes, the scan command is generated to the second control system, the second control system controls a scan engine mechanism of the image forming apparatus to scan the document to be scanned according to the scan command to obtain scan data, and sends the scan data to the security module, the security module performs security verification on the scan data, and after the security verification passes, the scan data may be encrypted, and then the encrypted scan data is sent to the driving end of the terminal device.
As shown in fig. 3, the terminal device (e.g., PC) and the first control system may be connected through a USB (Universal Serial Bus) interface or may be connected through a network port.
The terminal device according to the embodiment of the present invention may be a PC, a tablet computer, a mobile phone, or other devices having a function of receiving and sending information.
Continuing with FIG. 3, in one or more implementable forms, the image forming device includes a control panel for enabling interaction of the image forming device with a user, the control panel typically being a display screen with touch functionality and/or with physical keys.
The control panel is connected with the first control system, the second control system performs state interaction with the first control system, the second control system reports the state information of the second control system to the first control system in real time through the UART, and the first control system displays the state information of the second control system through the control panel.
Illustratively, when the first control system performs a static measurement on the startup procedure, the control panel may display, for example: image forming apparatus/printer initialization.
Illustratively, when the second control system dynamically measures the firmware, the control panel may display, for example: image forming apparatus/printer dynamics metrics.
Illustratively, when the second control system completes the dynamic measurement of the firmware, the control panel may display, for example: the image forming apparatus/printer is ready.
Illustratively, when the second control system controls the print engine mechanism to perform the print processing, the control panel may display, for example: image forming apparatus/printer printing.
Illustratively, when the second control system controls the scan engine mechanism to perform the scanning process, the control panel may display, for example: image forming apparatus/printer scanning.
Illustratively, when the first control system/the second control system performs firmware upgrade, the control panel may display, for example: image forming apparatus/printer firmware upgrade.
It can be understood that, in the embodiment of the present invention, the first control system is used to implement the security supervision on the start-up and running states and the print/scan data of the image forming apparatus, and the first control system is used to interact with the control panel and the terminal device of the image forming apparatus, so that the User terminal can only perform UI (User Interface) interaction and data interaction with the image forming apparatus through the first control system, thereby ensuring the information security of the User terminal.
Referring to fig. 4, an embodiment of the present invention provides a security management method for an image forming apparatus, the image forming apparatus including a first control system and a second control system, wherein the first control system includes a security module, the method including:
step S01: the security module performs security supervision on information of the image forming apparatus.
Step S02: and the second control system controls the image forming device to execute imaging operation, wherein the first control system is connected with the terminal equipment through the interface unit, the second control system is connected with the first control system, information is input into the safety module through an IO port of the first control system, and is input into the second control system connected with the first control system after safety verification of the safety module, so that the imaging operation is executed.
It can be understood that, in the embodiment of the present invention, by providing two control systems (a first control system and a second control system), security monitoring of each information of the image forming apparatus is realized by the first control system, and control of the imaging operation of the image forming apparatus is realized by the second control system, so that it is not necessary to redevelop the control system which supports security monitoring and can match with an engine mechanism of the image forming apparatus to realize imaging control, and a development cycle of a product is shortened without increasing complexity of the control system.
In an alternative embodiment, the image forming apparatus includes a first control system and a second control system, wherein the first control system includes a security module, and the security control method may further include:
the safety module carries out safety supervision on the information of the image forming device;
the second control system controls the image forming apparatus to perform an image forming operation.
In an alternative embodiment, the information of the image forming apparatus includes any one or more of a firmware upgrade package, a scan command, print data, a start-up program corresponding to an operating system of the image forming apparatus, and firmware when the second control system runs.
In an optional embodiment, the image forming apparatus further comprises a first memory configured to store a boot program corresponding to an operating system of the image forming apparatus and security verification information;
the safety module carries out safety supervision on information of the image forming device and comprises:
when the image forming device is powered on, the first control system and the safety module are started, the first control system controls the safety module to read the starting program and the safety verification information stored in the first storage, static measurement is carried out on the starting program according to the safety verification information, and when the static measurement passes, the first control system controls the second control system to read the starting program stored in the first storage and load the starting program.
In an alternative embodiment, the image forming apparatus further comprises a second memory configured to store firmware on which the second control system operates;
the security module performs security supervision on information of the image forming apparatus, and may include:
and after the second control system finishes loading the starting program, the second control system reads and loads the firmware stored in the second memory and used for the second control system to run, and the firmware used for the second control system to run is dynamically measured through the safety module.
In an alternative embodiment, the security module performs security supervision on information of the image forming apparatus, and may include:
when the first control system needs to be upgraded, the safety module receives a firmware upgrading package corresponding to the first control system, carries out safety verification on the firmware upgrading package corresponding to the first control system, and carries out firmware upgrading on the first control system according to the firmware upgrading package corresponding to the first control system after the safety verification is passed.
In an alternative embodiment, the security module performs security supervision on information of the image forming apparatus, and may include:
when the second control system needs to be upgraded, the safety module receives a firmware upgrading packet corresponding to the second control system, carries out safety verification on the firmware upgrading packet corresponding to the second control system, and sends the firmware upgrading packet corresponding to the second control system after the safety verification is passed, so that the second control system carries out firmware upgrading according to the firmware upgrading packet corresponding to the second control system.
In an optional embodiment, the security module performs security supervision on information of the image forming apparatus, and may include:
the safety module receives the printing data, carries out safety verification on the printing data, and sends the printing data to the second control system after the safety verification is passed;
correspondingly, the second control system controls the image forming apparatus to perform an image forming operation, and may include:
the second control system controls a print engine mechanism of the image forming apparatus to complete print processing of the print data according to the print data.
In an optional embodiment, the security module performs security supervision on information of the image forming apparatus, and includes:
receiving a scanning command, carrying out safety verification on the scanning command, and sending the scanning command to the second control system after the safety verification is passed;
correspondingly, the second control system controls the image forming apparatus to perform an image forming operation, and may include:
the second control system controls a scanning engine mechanism of the image forming device to scan the file to be scanned according to the scanning command to obtain scanning data, and sends the scanning data to the safety module;
correspondingly, the security module performs security supervision on the information of the image forming apparatus, and may further include:
and the safety module carries out safety verification on the scanned data, and sends the scanned data to the terminal equipment after the safety verification is passed.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working process of the safety control method of the image forming apparatus described above may refer to the corresponding content in the foregoing embodiment of the apparatus (i.e. the image forming apparatus), and is not described herein again.
The present embodiment provides a computer-readable storage medium, in which a computer program is stored, and when the computer program is executed by a processor, the method for controlling security of an image forming apparatus according to the embodiments is implemented, which is not repeated herein. Alternatively, the computer program is executed by the processor to implement the functions of each module/system/device in the image forming apparatus in the embodiments, which are not described herein in detail to avoid redundancy.
The present invention is not limited to the above preferred embodiments, and any modifications, equivalent substitutions, improvements, etc. within the spirit and principle of the present invention should be included in the scope of the present invention.
Claims (16)
1. An image forming apparatus includes a first control system and a second control system;
the first control system includes a security module configured to securely supervise information of the image forming apparatus;
the second control system is configured to control the image forming apparatus to perform an image forming operation, wherein the first control system is connected with a terminal device through an interface unit, and the second control system is connected with the first control system;
the first control system is further used for executing processing operations of data transceiving and command transceiving, and the second control system is further used for executing processing operations controlled by an engine;
the image forming apparatus further includes: a switch;
the switch is connected with the first control system, the second control system and a power supply;
the firmware upgrading of the first control system comprises the following steps:
the safety module acquires a firmware upgrading packet corresponding to a first control system from the terminal equipment and controls the switch to disconnect the power supply from the second control system;
and after the firmware is upgraded, controlling the switch to recover the connection between the power supply and the second control system.
2. The image forming apparatus according to claim 1, wherein the information of the image forming apparatus includes any one or more of a firmware upgrade package, a scan command, print data, a boot program corresponding to an operating system of the image forming apparatus, and firmware when the second control system is running.
3. The image forming apparatus according to claim 2, further comprising a first memory configured to store a boot program corresponding to an operating system of the image forming apparatus and security check information;
when the image forming device is powered on, the first control system and the safety module are started, the first control system controls the safety module to read the starting program and the safety verification information stored in the first storage, static measurement is carried out on the starting program according to the safety verification information, and when the static measurement passes, the first control system controls the second control system to read the starting program stored in the first storage and load the starting program.
4. The image forming apparatus according to claim 3, further comprising a first switch, a second switch, and a third switch, wherein the security module is connected to the first memory through the first switch, the second control system is connected to the first memory through the second switch, the second control system is connected to a power supply of the image forming apparatus through the third switch, and the first control system is connected to enable terminals of the first switch, the second switch, and the third switch;
when the image forming apparatus is powered on, the first control system and the security module are started, the first control system controls the first switch to be connected, the second switch and the third switch to be disconnected, the security module reads the starting program and the security check information stored in the first memory and carries out static measurement on the starting program according to the security check information, when the static measurement passes, the first control system controls the first switch to be disconnected again, the second switch and the third switch to be connected, and the second control system reads the starting program stored in the first memory and loads the starting program.
5. The image forming apparatus according to claim 3, further comprising a second memory configured to store firmware upon which the second control system operates;
and after the second control system finishes loading the starting program, the second control system reads and loads the firmware stored in the second memory and used for the second control system to run, and the security module performs dynamic measurement on the firmware used for the second control system to run.
6. The image forming apparatus according to claim 2, wherein when firmware upgrade is required for the first control system, the security module receives a firmware upgrade package corresponding to the first control system, performs security verification on the firmware upgrade package corresponding to the first control system, and when the security verification is passed, performs firmware upgrade according to the firmware upgrade package corresponding to the first control system;
when the second control system needs to be upgraded, the safety module receives a firmware upgrade package corresponding to the second control system, carries out safety verification on the firmware upgrade package corresponding to the second control system, and sends the firmware upgrade package corresponding to the second control system after the safety verification is passed, so that the second control system carries out firmware upgrade according to the firmware upgrade package corresponding to the second control system.
7. The image forming apparatus according to claim 2, wherein the security module is specifically configured to receive the print data, perform security verification on the print data, and after the security verification is passed, send the print data to the second control system, so that the second control system controls a print engine mechanism of the image forming apparatus to complete print processing on the print data according to the print data.
8. The image forming apparatus according to claim 2, wherein the security module is specifically configured to receive the scan command, perform security verification on the scan command, send the scan command to the second control system after the security verification is passed, the second control system controls a scan engine mechanism of the image forming apparatus to scan a document to be scanned according to the scan command to obtain scan data, and send the scan data to the security module, the security module performs security verification on the scan data, and sends the scan data to a terminal device after the security verification is passed.
9. A method for controlling security of an image forming apparatus, the image forming apparatus including a first control system and a second control system, wherein the first control system includes a security module, the method comprising:
the safety module carries out safety supervision on the information of the image forming device;
the second control system controls the image forming device to execute imaging operation, wherein the first control system is connected with a terminal device through an interface unit, and the second control system is connected with the first control system;
wherein, the first control system is also used for executing the processing operation of data transceiving and command transceiving, and the second control system is also used for executing the processing operation controlled by an engine;
the image forming apparatus further includes: a switch;
the switch is connected with the first control system, the second control system and a power supply;
the firmware upgrading of the first control system comprises the following steps:
the safety module acquires a firmware upgrading packet corresponding to a first control system from the terminal equipment and controls the switch to disconnect the power supply from the second control system;
and after the firmware is upgraded, controlling the switch to recover the connection between the power supply and the second control system.
10. The security control method according to claim 9, wherein the information of the image forming apparatus includes any one or more of a firmware upgrade package, a scan command, print data, a boot program corresponding to an operating system of the image forming apparatus, and firmware when the second control system is running.
11. The security control method according to claim 10, wherein the image forming apparatus further comprises a first memory configured to store a boot program corresponding to an operating system of the image forming apparatus and security check information;
the security module performs security supervision on information of the image forming apparatus, and includes:
when the image forming device is powered on, the first control system and the security module are started, the first control system controls the security module to read the starting program and the security verification information stored in the first memory, static measurement is carried out on the starting program according to the security verification information, and after the static measurement passes, the first control system controls the second control system to read the starting program stored in the first memory and load the starting program.
12. The security control method according to claim 11, wherein the image forming apparatus further includes a second memory configured to store firmware on which the second control system operates;
the security module performs security supervision on information of the image forming apparatus, and further includes:
and after the second control system finishes loading the starting program, the second control system reads and loads the firmware stored in the second memory and used for the second control system to run, and the security module performs dynamic measurement on the firmware used for the second control system to run.
13. The security control method according to claim 10, wherein the security module performs security supervision on information of the image forming apparatus, including:
when the first control system needs to be upgraded, the security module receives a firmware upgrade package corresponding to the first control system, carries out security verification on the firmware upgrade package corresponding to the first control system, and when the security verification is passed, the first control system carries out firmware upgrade according to the firmware upgrade package corresponding to the first control system;
when the second control system needs to be upgraded, the security module receives a firmware upgrade package corresponding to the second control system, carries out security verification on the firmware upgrade package corresponding to the second control system, and sends the firmware upgrade package corresponding to the second control system after the security verification is passed, so that the second control system carries out firmware upgrade according to the firmware upgrade package corresponding to the second control system.
14. The security control method according to claim 9, wherein the security module performs security supervision on information of the image forming apparatus, and includes:
the safety module receives the printing data, carries out safety verification on the printing data, and sends the printing data to the second control system after the safety verification is passed;
correspondingly, the second control system controls the image forming apparatus to perform an image forming operation, including:
and the second control system controls a printing engine mechanism of the image forming device to complete printing processing of the printing data according to the printing data.
15. The security control method according to claim 9, wherein the security module performs security supervision on information of the image forming apparatus, including:
receiving the scanning command, performing security verification on the scanning command, and sending the scanning command to the second control system after the security verification is passed;
correspondingly, the second control system controls the image forming apparatus to perform an image forming operation, including:
the second control system controls a scanning engine mechanism of the image forming device to scan a file to be scanned according to the scanning command to obtain scanning data, and sends the scanning data to the security module;
correspondingly, the security module performs security supervision on the information of the image forming apparatus, and further comprises:
and the safety module carries out safety verification on the scanning data, and sends the scanning data to the terminal equipment after the safety verification is passed.
16. A storage medium comprising a stored program, wherein the program is executed by a processor to implement the method of any one of claims 9 to 15.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010418515.9A CN111614859B (en) | 2020-05-18 | 2020-05-18 | Image forming apparatus, security control method thereof, and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010418515.9A CN111614859B (en) | 2020-05-18 | 2020-05-18 | Image forming apparatus, security control method thereof, and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111614859A CN111614859A (en) | 2020-09-01 |
| CN111614859B true CN111614859B (en) | 2023-01-31 |
Family
ID=72202025
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010418515.9A Active CN111614859B (en) | 2020-05-18 | 2020-05-18 | Image forming apparatus, security control method thereof, and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111614859B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112445444A (en) * | 2020-11-27 | 2021-03-05 | 珠海奔图电子有限公司 | Image forming apparatus and security control system |
| CN112904992A (en) * | 2021-01-28 | 2021-06-04 | 珠海奔图电子有限公司 | Image forming apparatus and control method thereof |
| CN113645366A (en) * | 2021-07-06 | 2021-11-12 | 珠海奔图电子有限公司 | Image forming apparatus, image forming control method thereof, and storage medium |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7424398B2 (en) * | 2006-06-22 | 2008-09-09 | Lexmark International, Inc. | Boot validation system and method |
| JP2008194999A (en) * | 2007-02-15 | 2008-08-28 | Murata Mach Ltd | Print management device |
| JP6226709B2 (en) * | 2013-11-15 | 2017-11-08 | キヤノン株式会社 | Image forming apparatus, control method therefor, and program |
| CN109426461A (en) * | 2017-09-05 | 2019-03-05 | 北京立思辰计算机技术有限公司 | A kind of printer security control chip |
| CN210007764U (en) * | 2019-06-28 | 2020-01-31 | 珠海奔图电子有限公司 | kinds of image forming apparatus, start control system for image forming apparatus |
| CN110536042B (en) * | 2019-09-04 | 2021-09-28 | 珠海奔图电子有限公司 | Image forming apparatus, control method thereof, and storage medium |
-
2020
- 2020-05-18 CN CN202010418515.9A patent/CN111614859B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN111614859A (en) | 2020-09-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111614859B (en) | Image forming apparatus, security control method thereof, and storage medium | |
| CN110536042B (en) | Image forming apparatus, control method thereof, and storage medium | |
| US10225426B2 (en) | Image forming apparatus having firmware update function, method of controlling the same, program for executing the method, and storage medium | |
| US7929706B2 (en) | Encryption key restoring method, information processing apparatus, and encryption key restoring program | |
| EP2741228B1 (en) | System on chip to perform a secure boot, an image forming apparatus using the same, and method thereof | |
| US10209980B2 (en) | Image forming apparatus and control method for image forming apparatus | |
| CN102063591B (en) | Methods for updating PCR (Platform Configuration Register) reference values based on trusted platform | |
| CN111343352B (en) | Image forming apparatus, start control method thereof, and storage medium | |
| CN210007764U (en) | kinds of image forming apparatus, start control system for image forming apparatus | |
| JP5268694B2 (en) | License management system, image forming apparatus, and license management method | |
| CN110737897A (en) | Trusted card based boot metrics | |
| JP5493946B2 (en) | Complex system, security method, security program, and recording medium | |
| CN101799792B (en) | Information processing apparatus, program control method, and computer program product | |
| CN112445444A (en) | Image forming apparatus and security control system | |
| EP3299981B1 (en) | Image forming apparatus, method for controlling image forming apparatus, and storage medium | |
| CN212727133U (en) | Image forming apparatus and security control system | |
| CN210804374U (en) | Image forming apparatus and security control system for image forming apparatus | |
| US8705065B2 (en) | System, device and storage device storing a program for selectively preventing scanned images from being displayed | |
| CN111783120A (en) | Data interaction method, computing device, BMC chip and electronic device | |
| JP7105640B2 (en) | IMAGE PROCESSING DEVICE, CONTROL METHOD THEREOF, AND PROGRAM | |
| CN110287707B (en) | Image forming apparatus and firmware upgrading method of security management module thereof | |
| US11330129B2 (en) | Image forming system, image forming apparatus, and storing medium storing application control program | |
| WO2020259285A1 (en) | Image forming apparatus and securty control system for image forming apparatus | |
| JP2008067248A (en) | Data processor | |
| CN112104791B (en) | Image forming control method, image forming apparatus, and electronic device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |