JP6700241B2 - Supply device authentication by measuring challenge response time - Google Patents

Description

  Many systems have various replaceable components integrated with the functionality of the system. Replaceable parts often include consumables that are depleted with each use of the system. Such systems include, for example, mobile phones using replaceable batteries, medical systems that dispense medication from replaceable supply devices, printing that dispenses fluids (eg ink) or toner from replaceable supply cartridges. Examples include systems. Verifying that the replaceable supply device is a genuine device obtained from a legitimate manufacturer helps the system user avoid problems with defective devices and/or unintended use of counterfeit devices.

Various exemplary embodiments of the present invention will now be described with reference to the drawings.
FIG. 6 is a block diagram illustrating various components of an exemplary generic authentication system suitable for authenticating a replaceable dispenser. It is a figure which shows an example of the characteristic data memorize|stored on the exchange-type supply device. It is a figure which shows an example of the authentication system implement|achieved as an inkjet printing system. FIG. 3 is a perspective view of an exemplary inkjet print supply cartridge. FIG. 6 is a flow diagram illustrating an exemplary feeder authentication process.

  Throughout the drawings, identical reference numbers indicate similar, but not necessarily identical, elements.

DETAILED DESCRIPTION Overview As noted above, verifying the authenticity of a replaceable dispenser for use in a particular system allows system users to avoid problems with defective equipment and/or unintended use of counterfeit equipment. Help avoid. For example, in a printing system that employs consumable toner or ink cartridges, inadvertently replacing the cartridge with a counterfeit cartridge may result in prints of poor quality that may damage the printing system. Even a certain cartridge causes various problems.

  Conventional methods of authenticating a replaceable device include storing the authentication information, which may be stored on a smart card or a secure device on the replaceable device (eg, consumable ink/toner cartridge). The use of a private key known to the microcontroller and the host device (eg printer) is required. If the interchangeable device is able to provide a response to a challenge issued by the host, demonstrating that it has the proper key, the host It presumes that the replaceable device was manufactured by the original manufacturer, and authenticates (verifies that it is authentic) the replaceable device. One weakness of this authentication method is that it relies on the system's ability to store private keys. If the attacker can recover the key(s) from either the host or the exchangeable device, the attacker can store the stolen key(s) on the smart card or microcontroller, thus The attacker would be able to create a replaceable device that would respond to the challenge as if it were a genuine device provided by the original manufacturer. In general, if the key(s) are no longer useful, the challenge response and other functions of an improper (ie counterfeit) switch device are simulated using firmware running on an inexpensive standard microcontroller. It becomes possible.

  Disclosed herein is an authentication system and a supply device authentication process that generally enables robust authentication of a replaceable system device with a timing challenge response. A host, such as a printer, issues cryptographic timing challenges to a secure microcontroller attached to a replaceable device, such as a consumable ink or toner cartridge. This challenge requires the consumable device (ie, the microcontroller on the consumable device) to perform a number of mathematical operations based on the data supplied by the host/printer. The printer monitors the time it takes for the consumable device to complete a task and independently confirms the response provided by the consumable device. If both the response and the time elapsed between calculating the response match what the printer expected, the printer concludes that the consumable device is a genuine device. If either the response or the elapsed time between calculating the response (or both) does not match what the printer expected, then the printer concludes that the consumable device is not a genuine device. Make a conclusion.

  The challenge-based mathematical operation is performed in the consumable device microcontroller by dedicated hardware logic specifically designed for the operation. This dedicated logic has the ability to achieve a challenge response by performing mathematical calculations much faster than is normally achievable by standard microcontrollers running firmware. Thus, an improper/counterfeit interchangeable device with stolen key(s) stored in the microcontroller may have the ability to make a correct challenge response. However, such a counterfeit device does not have the function of achieving the challenge response within the time frame expected by the host device.

  In one exemplary embodiment, a print supply cartridge includes a microcontroller that receives a timing challenge and enables authentication of the cartridge by providing a challenge response at a challenge response time within an expected time window. .. In another embodiment, the cartridge further includes dedicated hardware logic on the microcontroller for performing mathematical calculations in response to the timing challenge. By performing mathematical calculations, the challenge response is generated within the expected time window.

  In another exemplary embodiment, the replaceable dispenser includes a microcontroller. The microcontroller is for deriving a session key with the host device and is also for receiving from the host device a random number seed, the session key, and a time dependent challenge specifying a calculation cycle. .. The switchable device further includes dedicated logic in the microcontroller to perform the challenge calculation a number of times equal to the calculation cycle, the first calculation generating a output using the random number seed and the session key, Each subsequent calculation uses the output of the preceding calculation.

  In another exemplary embodiment, an authentication system is a host device, a controller integrated with the host device, and an authentication algorithm executable on the controller, which issues an encryption timing challenge to the supplying device. , An authentication algorithm for authenticating the supply device when the challenge response is provided within the expected time response time within the expected time window.

  In another exemplary embodiment, the authentication system includes a printer having a controller and memory. The authentication system is a memory-executable authentication algorithm that is executable on the controller that issues an encryption timing challenge such that the print supply cartridge responds to the expected response within the expected time window. If the challenge response is provided, it further includes an authentication algorithm for authenticating the print supply cartridge.

  In another exemplary embodiment, a non-transitory processor-readable medium has instructions, when executed by a processor, that cause the processor to recognize a feeder and issue an encrypted timing challenge toward the feeder. It stores the code that represents it. The timing challenge requires that a mathematical calculation be performed on the data, including the session key, random number seed, and calculation count. The instructions further cause the processor to receive a challenge response from the supplier at the challenge response time, the challenge response matches the expected response, and the challenge response time is within the expected time window. , Authenticate the feeder.

Exemplary Embodiment FIG. 1 illustrates a block diagram illustrating various components of an exemplary generic authentication system 100 suitable for authenticating a replaceable dispenser. The authentication system 100 includes a host device 102 and a replaceable supply device 104. The host device 102 includes a controller 106, which typically controls general functions of the authentication system 100, as well as communicates with and controls the supply device 104, a processor (CPU) 108, a memory. It includes various components of a standard computing system, such as 110, firmware, and other electronic components. Memory 110 is a volatile storage element (ie, RAM) that provides storage of algorithms, program modules, data structures, computer/processor readable encoded instructions in the form of JDF, and/or data, and non-volatile. It may include both storage elements (eg, ROM, hard disk, floppy disk, CD-ROM, etc.). The supply device 104 includes a microcontroller 112 (ie, a smart card), which also includes a processor (CPU) 114 and memory 116.

  In general, the host device 102 and the supply device 104 establish a secure communication with standard encryption techniques using a standard encryption algorithm 118 when the host device 102 is powered on. For example, if the cryptographic algorithm 118 is executing (ie, on the processor 108), the host device 102 can request a unique ID 120 from the feeder 104, and through the cryptographic relationship, the "base of that feeder" -"Key" 122 can be determined. Using the base key 122, the host device and the supplier can derive a secret "session key" 124 that enables secure communication for the current exchange of information. The host device 102 determines the base key 122 in this manner each time the host device 102 is powered on and each time a new supply device 104 is installed. The base key 122 remains the same and does not change. However, each time information is exchanged between the host device 102 and the supplying device 104, a new different session key 124 is derived.

  In one embodiment, the memory 110 includes an authentication algorithm 126 that can be executed in the processor 108 of the controller 106 to determine the authenticity of the replaceable dispenser 104. If the supplying device 104 correctly responds to the encrypted timing challenge 128 issued by the authentication algorithm 126, and if the response 130 to the challenge is completed within the expected time window, then the supplying device 104. Is judged to be authentic. Therefore, the supply device 104 whose challenge-response value 130 is correct but whose challenge-response time 131 is not within the expected time window is not determined to be authentic. Similarly, the challenge response time 131 is within the expected time window, but the value of the challenge response 130 is inaccurate. The dispensing device 104 is also not considered authentic. Thus, the authenticity of the supplier 104 is that the supplier 104 produces the correct response 130 to the encrypted timing challenge 128, the challenge response time 131 within the expected time window (ie, the response 130). The time it takes) to decide whether to provide it.

  The cryptographic timing challenge 128 issued by the authentication algorithm 126 on the host device 102 includes a request to capture a particular challenge parameter to perform a particular mathematical calculation. This mathematical calculation must be performed a certain number of times. The cryptographic timing challenges 128 are those challenges that include the derived session key, a random seed value generated by the controller 106 on the host device 102, and a calculation count or cycle indicating the number of calculations to be performed. -Includes or accompanies parameters. The mathematical calculation begins with the operation on the random seed value using the session key. The result, or output, of each calculation is repeatedly fed back to the next calculation until the calculation count is reached. From the final result of the mathematical calculation, ie the output, a challenge response 130 is obtained, which will be completed or calculated within a specific challenge response time 131. The challenge response time 131 is measured by the authentication algorithm 126, for example, when a challenge is issued, a timing (timekeeping) sequence is started, and the supply device 104 completes the challenge response 130 and returns it to the host device 102. Sometimes it is measured by stopping that timing sequence. Challenge-response time 131 is a temporary value and, in some embodiments, may be volatile configuration of memory 110 on host device 102 prior to or during comparison with a host-determined time window. It may be present in the element and/or in the processor 108 for only a short time. The authentication algorithm 126 on the host 102 determines whether the challenge response 130 and the challenge response time 131 are correct (ie, expected) and authenticates the feeder 104 accordingly. To do.

  With continued reference to FIG. 1, the microcontroller 112 on the supply device 104 includes dedicated hardware challenge logic 132 to perform mathematical calculations based on the cryptographic timing challenge 128. The dedicated challenge logic 132 is specifically designed and implemented on the microcontroller 112 to optimally perform certain mathematical calculations. In one exemplary embodiment, the mathematical calculations include primitive functions that define a set of operations optimized to execute very quickly in dedicated logic 132. A mathematical calculation, or function, is repeated many times, with the output of each iteration being part of the input of the next iteration. That is, the operand (calculation target) changes with each iteration of the mathematical calculation, but the mathematical calculation itself does not change. Further, the challenge parameter value associated with the timing challenge 128 may change for each timing challenge 128. Each timing challenge 128 issued by the authentication algorithm 126 to the supplying device 104 has a different value depending on the session key, the random seed value generated by the controller 106 on the host device 102, and the calculation count or cycle. There are cases. Therefore, for each timing challenge 128, the challenge response 130 and challenge response time 131 are determined by their challenge parameter values. More specifically, the session key, the random number seed, and the calculation count all affect the challenge response value 130, but the calculation count further changes the number of iterations of the mathematical calculation by the dedicated challenge logic 132. By so doing, the challenge/response time 131 is also affected.

As described above, the authentication algorithm 126 determines whether the challenge response 130 and the challenge response time 131 are correct, that is, expected. This is done by comparing the challenge response 130 and the response time 131 with the correct value, ie the expected value. In different embodiments, the algorithm 126 determines the correct or expected value in different ways. In one embodiment, the algorithm 126 may be, for example, reads out the characteristic data 134 stored in the supply equipment 104, acquires. The characteristic data 134 can be secured with a digital signature and verified using standard cryptographic processing. The characterization data 134 provides an expected time window within which the challenge response time 131 must fall, depending on the computational count provided with the timing challenge 128. Thus, in one example, as shown in FIG. 2, the characteristic data 134 may include a table of data correlating various calculation count value for various time window. By way of example only, such an association is such that if the calculation count is 10000 (ie, the mathematical calculation has to be performed 10,000 times), the challenge response time 131 is within a time window of 50-55 milliseconds. It may indicate that something is expected. In another example, the characteristic data 134 may be obtained from a mathematical relationship such as the slope intercept type equation y=mx+b. That is, the expected time y can be determined for the required calculation count value x. Then, the authentication algorithm 126 on the host 102 can determine the time window by using the expected time y±5%, for example.

  In another exemplary embodiment, the authentication algorithm 126 issues an encrypted timing challenge 128 to the dedicated reference logic 136 on the controller 106 of the host device to cause the correct or expected value for the challenge response 130. To decide. The reference logic 136 on the controller 106 mirrors the dedicated hardware logic 132 on the supply device 104 so that it specifically optimizes the mathematical calculations based on the cryptographic timing challenge 128. Designed and created on controller 106. That is, when the authentication algorithm 126 issues a timing challenge 128 to the supplier 104, the authentication algorithm 126 also issues that timing challenge 128 to the reference logic 136. The reference logic 136 performs timing challenge-based mathematical calculations in a manner similar to that described above for the dedicated hardware logic 132 on the supply 104. In response to the timing challenge 128, the reference logic 136 completes the challenge and generates a reference response at the reference time. The reference response time window can be defined, for example, so that it falls within a specific percentage of the reference time (eg, ±5%, ±10%). The authentication algorithm 126 can then use the reference response and the reference response time window as an expected value for comparing the challenge response 130 and the challenge response time 131. If the challenge response 130 matches the reference response and the challenge response time 131 is within the reference response time window, the algorithm 126 determines that the delivery device 104 is a genuine device.

  FIG. 3 shows an example of an authentication system 100 implemented as an inkjet printing system 300. In general, printing system 300 includes various components that are the same or similar to general authentication system 100, and operates in the same or similar manner for authenticating replaceable inkjet supply cartridges. In one exemplary embodiment, an inkjet printing system 300 includes a print engine 302 with a controller 106, a mounting assembly 304, one or more replaceable supply devices 104 embodied as an ink supply cartridge 306, and an inkjet printing system. At least one power supply 308 for powering the various electrical components of 300. Printing system 300 further includes media transport assembly 310.

  FIG. 4 is a perspective view showing an exemplary inkjet supply cartridge 306 representing the replaceable supply device 104. Inkjet cartridge 306 includes, in addition to one or more printheads 312, a group of electrical contacts 400 and an ink (or other fluid) supply chamber 402. In some embodiments, the cartridge 306 may have a supply chamber 402 that stores one color of ink, and in other embodiments, the cartridge 306 includes multiple chambers that store different colors of ink in each chamber. It may have a chamber 402. The electrical contacts 400 carry electrical signals from the controller 106 to the nozzles 314 on the printhead 312, causing ejection of a fluid drop. The electrical contacts 400 also carry electrical signals between the controller 106 and the microcontroller 112 to facilitate authentication of the cartridge 306 within the inkjet printing system 300. In one exemplary embodiment, microcontroller 112 is located on a silicon substrate in common with printhead 312. In another exemplary embodiment, the microcontroller 112 is located somewhere on the cartridge 306 as a stand-alone smart card. The microcontroller 112 is similar to the microcontroller 112 shown in FIG. 1 and described above, and has the same general components as those of the microcontroller 112 of FIG. 1 (not all shown in FIG. 4). including. That is, the microcontroller 112 on the cartridge 306 includes a memory 116 and a dedicated challenge logic 132, which is the same general aspect described above with respect to the authentication system 100 of FIGS. 1 and 2. Works with.

  Referring to FIGS. 3 and 4, the printhead 312 ejects drops of ink or other fluid toward the print medium 316 through a plurality of orifices or nozzles 314 to print on the print medium 316. The print medium 316 may be any type of suitable sheet material or roll material such as paper, cardboard, transparent film, mylar, polyester, plywood, foam board, fabric, canvas and the like. The printhead 312 can be configured to eject ink through the nozzles 314 in various ways. For example, thermal inkjet printheads eject ink drops from nozzles by generating heat by passing an electric current through a heating element to vaporize a small portion of the ink within the ejection chamber. The bubbles push ink drops through the nozzles 314. In another example, a piezoelectric inkjet printhead uses piezoelectric material actuators to generate pressure pulses for ejecting drops of ink from nozzles. Nozzles 314 are typically configured in one or more rows, or arrays, to eject ink from nozzles 314 in the proper order as ink cartridge 306 and print medium 316 are moved relative to each other. Is configured to generate characters, symbols, and/or other graphics or images to be printed on the print medium 316.

  The mounting assembly 304 positions the inkjet cartridge 306 with respect to the media transport assembly 310, and the media transport assembly 310 positions the print media 316 with respect to the inkjet cartridge 306. Accordingly, print zone 318 is defined adjacent nozzle 314 in the area between inkjet cartridge 306 and print medium 316. In one embodiment, print engine 302 is a scanning print engine 302. Accordingly, mounting assembly 304 includes a carriage for moving inkjet cartridge 306 relative to media transport assembly 310 to scan print media 316. In another embodiment, print engine 302 is a non-scan print engine 302. Thus, the mounting assembly 302 locks the inkjet cartridge 306 in place with respect to the media transport assembly 310, while the media transport assembly 310 positions the print media 316 with respect to the inkjet cartridge 306.

  As described above with respect to the authentication system 100 of FIG. 1, the controller 106 typically comprises various components of a standard computing system such as a processor (CPU) 108, memory 110, firmware, and other electronic components. Including. In the inkjet printing system 300 of FIG. 3, the controller 106 also controls general functions of the printing system 300, and also communicates with and controls the inkjet cartridge 306, the mounting assembly 304, and the media transport assembly 310. Employs such components for. Accordingly, controller 106 receives data 320 from a host system, such as a computer, and temporarily stores data 320 in memory 110. The data 320 is typically transmitted to the inkjet printing system 300 via an electrical path, an infrared path, an optical path, or other information transmission path. The data 320 represents, for example, a document and/or file to be printed. As such, the data 320 forms a print job for the inkjet printing system 300 that includes one or more print job commands, and/or command parameters. The controller 106 uses the data 320 to control the inkjet cartridge 306 to eject ink drops from nozzles 314. As such, the controller 106 defines a pattern of ejected ink drops that form characters, symbols, and/or other graphics or images on the print medium 316. The pattern of ejected ink drops is determined by the print job command and/or command parameters obtained from the data 320.

  In addition to managing the general printing functions of the inkjet printing system 300, the controller 106 also executes an authentication algorithm 126 to determine if the inkjet supply cartridge 306 is a genuine device. This authentication process in printing system 300 is similar to the process described above with respect to generic authentication system 100 of FIG. FIG. 5 is a flow diagram illustrating an exemplary authentication process 500 in a printing system 300 or other authentication system 100 for determining whether a replaceable supply device 104, such as an inkjet supply cartridge 306, is an authentic device. Is. Process 500 is related to the various exemplary embodiments described above in connection with FIGS. 1-4, and thus details of the various steps in process 500 are related to such embodiments. Seen in the description. Various steps of process 500 may be implemented as an algorithm including programming instructions stored on a non-transitory computer/processor readable medium, such as memory 110 of FIGS. In another example, various steps of process 500 are accomplished by a processor, such as processor 108 of FIGS. 1 and 3, reading and executing such programming instructions. Process 500 may include more than one embodiment, and different embodiments of process 500 may not employ all the steps shown in the flow diagram of FIG. Thus, although the various steps of process 500 are shown in a particular order in the flow diagram, the order of steps shown may be the order in which the steps may be performed, or all steps may be performed. No limitation regarding whether or not it is intended. For example, one embodiment of process 500 may be accomplished by performing multiple initial steps without performing one or more subsequent steps, while other embodiments of process 500 perform all steps. It may be achieved by implementing.

  1, 3 and 5, the authentication process 500 begins at block 502, where the first step illustrated is to recognize a replaceable dispenser. Recognition of the replaceable supply device is usually performed when the host device is powered on or when a new supply device is inserted into the host device, for example when the printing system is powered on or ink or toner in the printing system. -This is done when the print supply cartridge is replaced. The replaceable feeder may be recognized when the feeder is turned on at the beginning of each print job. The authentication process 500 proceeds to block 504, where an encryption timing challenge is issued. This timing challenge is issued from a host device such as a printing device and sent to a supply device such as a print supply cartridge. A timing challenge is a specific challenge that includes a session key derived between the host device and the supplying device, a random seed value generated by the host device, and a calculation count or cycle indicating the number of calculations to be performed. Includes requirements to perform specific mathematical calculations with parameters. Upon issuance of the timing challenge, the host device may initiate a timing sequence to monitor the time taken to receive the challenge response, as indicated by block 506.

  In some embodiments, the timing challenge may also be sent to reference logic on the host device, as indicated at block 508. If the timing challenge is sent to the reference logic on the host device, a reference response is received from the reference logic at a particular elapsed reference time, as shown in block 510. At block 512, a reference time window may be determined by including a particular percentage range around this reference time. For example, the reference time window may be determined to be the reference time plus or minus 5% of the reference time. In some embodiments, as an alternative to sending the timing challenge to the reference logic on the host device, the host device reads and retrieves the characteristic data stored in the supply device, as shown in block 514. .. In other embodiments, the characteristic data may be hard-coded into the memory of the host device. The characteristic data comprises an expected time window for receiving a challenge response from the supply device, which is associated with different calculated count values.

  As shown in block 516, the authentication process 500 includes receiving a challenge response from the supplier. The challenge response is received at a specific challenge response time that can be determined by, for example, time measurement in the host device. The process 500 proceeds to block 518, where the challenge response is compared to the expected response. The expected response may be the reference response received from the reference logic on the host device. Further at block 520, the challenge response time is compared to the expected response time window to determine if the challenge response time is within the expected time window. The expected time window may be a reference time window or an expected time window read from the supply device or characteristic data stored somewhere.

  The authentication process 500 proceeds to block 522. At block 522, the host device authenticates the supplier if the challenge response from the supplier matches the expected value and the challenge response time is within the expected time window. At block 524 of process 500, if the challenge response does not match the expected value and/or the challenge response time is outside the expected time window, or both, then the host device determines that the supplying device is Judge that it is not authentic.

Exemplary embodiments of the invention are listed below.
1. A print supply cartridge, comprising a microcontroller that enables authentication of the print supply cartridge by receiving a timing challenge and providing a challenge response at a challenge response time within an expected time window, Print supply cartridge.
2. Further comprising on the microcontroller dedicated hardware logic for performing a mathematical calculation in response to the timing challenge, the mathematical calculation ensures that the challenge response is within the expected time window. The print supply cartridge according to 1, generated.
3. The print supply cartridge of claim 1, further comprising characteristic data stored in the microcontroller that includes expected time windows for completing the challenge response.
4. 4. The print supply cartridge according to 3, wherein a calculation count specifying a number of times to perform a mathematical calculation based on the timing challenge is associated with each expected time window.
5. 3. The print supply cartridge of 2, wherein the timing challenge includes a challenge parameter that includes a session key, a random number seed, and a calculation count that specifies the number of times to perform the mathematical calculation.
6. 6. The print supply cartridge of 5, wherein the mathematical calculation is performed on the session key, the random number seed, and the calculation count to determine the challenge response.
7. 6. The print supply cartridge according to 5, wherein the challenge response time is determined according to the calculated count.
8. 6. The print supply cartridge of 5, further comprising a unique ID and a base key from which the session key is derived.
9. The print supply cartridge of claim 1, further comprising a printing material selected from the group consisting of ink and toner.
10. A switchable delivery device for deriving a session key with a host device and receiving from the host device a random number seed, the session key, and a time-dependent challenge specifying a calculation cycle; Dedicated logic within the microcontroller for performing the challenge calculation a number of times equal to the calculation cycle, the first calculation generating an output using the random number seed and the session key, and A replaceable feeder in which the output of the preceding calculation is used in each calculation.
11. 11. The replaceable dispensing device according to 10, further comprising characteristic data stored in the memory of the microcontroller, including characteristic time windows for completing time-dependent challenges that depend on a specified calculation cycle.
12. 11. The replaceable feeder according to 10, further comprising print material to be deposited on a print medium by the host device.
13. 13. The replaceable supply device according to 12, wherein the printing material is selected from the group consisting of toner and ink.
14. 12. The replaceable dispensing device according to 11, wherein the challenge calculation includes multiple mathematical operations in a particular order.

Claims (11)

A replaceable feeder configured to receive a timing challenge from a host device and provide a challenge response to the host device,
Dedicated hardware logic configured to respond to the timing challenge and perform a calculation a number of times equal to a calculation count specified by the timing challenge , the calculation providing the challenge response , Dedicated hardware logic,
The time window in which the replaceable supply apparatus challenge response time required to provide the challenge response is expected should be within that range, look including the characteristic data provided in response to the calculation count,
A replaceable feeder, wherein the characteristic data is read and obtained by the host device to determine the expected time window . The replaceable feeder according to claim 1, wherein the expected time window is represented by a range of times having a lower limit and an upper limit. In the first calculation, the random number seed is designated by the timing challenge, and output using the session key is generated, in each subsequent calculation, the output of the preceding calculation is used, according to claim 1, wherein Item 3. The exchangeable supply device according to Item 2.   The replaceable feeder according to claim 3, wherein the challenge response is obtained from a final calculation. The replaceable dispenser of claim 1 , wherein the characteristic data includes a table of data that associates different calculation counts with different expected time windows. The characteristic data is provided by the equation y = mx + b slope intercept form, in the above formula, the relative calculation count (x), is determined expected time (y) is the expected time window, the expected The replaceable dispensing device of claim 1 , wherein the replaceable dispensing device is determined using time (y). The characteristic data using a digital signature has been in a safe condition, replaceable supply device according to any one of claims 1-6. Although the one or more operands of the computation change each time the calculation, the calculation itself is not changed, replaceable supply device according to any one of claims 1-7. The unique ID, and includes a base-key was the source of the session key is derived, according to claim 3, and any of claims 4-8 that directly or indirectly dependent on claim 3 The exchangeable feeding device according to the item 1. The calculation includes a basic function that defines a set of operations that is optimized to run in the dedicated hardware logic, replaceable supply device according to any one of claims 1-9. It said switching type supply device is a replaceable ink supply cartridges or replaceable toner supply cartridge, replaceable supply device according to any one of claims 1-10.

Images