KR20140082543A - CRUM chip and image forming device for authenticating and communicating mutually, and methods thereof - Google Patents

Abstract

Disclosed is an image forming device. The device comprises a main body which comprises a main controller which controls an operation of the image forming device; a consumable unit installed in the main body to communicate with the main controller; and a customer replaceable unit monitoring (CRUM) chip installed in the consumable unit and stores the use information and the feature information of the consumable unit. The main controller transmits and receives signals comprising data and integrity check data to the CRUM chip. The integrity check data is generated by storing the integrity check data of the previous signals, thereby performing safe communications.

Description

Technical Field [0001] The present invention relates to a CRUM chip and an image forming apparatus, an authentication method thereof, and a communication method therefor.

The present invention relates to a CRUM chip and an image forming apparatus, an authentication method thereof, and a communication method thereof, and more particularly, to a CRUM chip and an image forming apparatus, an authentication method thereof, Communication method.

With the spread of computers, the penetration rate of computer peripherals is increasing day by day. As a representative example of a computer peripheral device, there are an image forming apparatus such as a printer, a facsimile, a scanner, a copying machine, a multifunction peripheral, and the like.

Image forming apparatuses use ink or toner to print an image on a paper. The ink or toner is used every time the image forming operation proceeds, and becomes exhausted when it is used for a predetermined time or more. In this case, the unit for storing the ink or toner needs to be newly replaced. The parts or components that can be replaced during the use of the image forming apparatus are referred to as a consumable unit or a replaceable unit. For convenience of description, the term " consumable unit " is used in this specification.

As described above, in the consumable unit, in addition to the units to be replaced due to the depletion of ink or toner, there are units which are replaced for reasons that the characteristics are changed and the good print quality can not be expected. That is, in addition to the color-by-color developing device, parts such as an intermediate transfer belt may correspond to a consumable unit.

Specifically, in the case of a laser image forming apparatus, a charging unit, a transferring unit, a fixing unit, or the like is used, and various kinds of rollers, belts and the like used in each unit may be worn or deteriorated if used for a limited life. As a result, the image quality can be remarkably reduced. The user must replace each constituent unit, that is, the consumable unit, at a proper replacement time so that the printing operation can be performed with a clean image.

Recently, in order to properly manage the consumable unit, a memory is attached to the consumable unit itself so that information can be exchanged with the main body of the image forming apparatus.

That is, various usage information such as the number of prints of the image forming apparatus, the number of output dots, the expiration date, and the like can be recorded in the memory of the consumable unit itself, and the replacement time of the consumable unit can be accurately managed.

In particular, in a large-scale environment such as a government office, a university, an enterprise, and the like, a large number of image forming apparatuses are easily managed by the MPS (Managed Printing Services) method. The integrated solution service using MPS includes a billing function of calculating consumption charges for each group or individual and accordingly billing, and a function of automatically confirming the life of consumables and automatically ordering them before the end of life. These functions are provided based on accurate consumption information.

For this information management, the main controller provided in the main body of the image forming apparatus and the memory unit provided in the consumable unit communicate with each other. However, there are many variables in the communication process. For example, there may be a hacker attack that attempts to control the main controller or memory portion for malicious purposes.

Or, there may be noise interference generated by an electronic circuit or motor provided in the image forming apparatus. Specifically, unexpected situations such as the case where foreign substances enter the connection portion between the main body of the image forming apparatus and the consumable unit, the communication is frequently disconnected due to the vibration during the operation, the electrical interference signal is applied through the connection portion Lt; / RTI >

Due to these variables, the communication data can be changed. For example, when the job is completed, information such as the number of printed pages, the number of dots, the amount of remaining toner, and the like is transferred to the main controller and copied to the nonvolatile memory of the main controller. In this case, if the data is read with an incorrect value such as 0xFFFFFFFF, the main controller is at risk of recognizing that the consumable unit has reached its end of life. In this case, the consumable unit is no longer usable.

Further, the consumable unit of the image forming apparatus is a structure that can be attached or detached at any time. In the printing operation of the image forming apparatus, since the motor is driven to generate a lot of vibration and noise may occur in the circuit, generally, the memory of the consumable unit is not accessed during printing but operates only in the memory of the image forming apparatus. Therefore, communication between the memory of the consumable unit and the image forming apparatus is performed only in a limited case. For example, when the consumable unit is mounted to the image forming apparatus to synchronize the consumable unit memory and the image forming apparatus memory, when the printing operation is finished and when the motor stops, the communication is performed in the case of storing the change in the consumable unit.

On the other hand, there are many data to be stored and managed in the consumable unit, and the communication time may become longer due to various supplementary functions. Therefore, problems arise when the consumable unit is replaced in the middle of communication. For example, when consumable item usage information of the consumable unit 1 is 100, the number of output dots is 200, the motor drive time is 300, the consumption information of the consumable unit 2 is 200, the number of output dots is 300, I suppose. In this case, when the consumable unit 1 is mounted on the image forming apparatus, data is synchronized with the memory of the image forming apparatus. When the number of prints 100 and the number of output dots 200 are stored in the memory of the image forming apparatus and the consumable unit 2 is replaced in the synchronization process, the authentication can be performed again. Then, the motor driving time 400 is copied according to the following steps. Then, the memory of the image forming apparatus is stored such as the number of prints 100, the number of output dots 200, and the motor drive time 400, which is not a normal value. Assuming that the print job is performed and the changes are stored again in the consumable unit 2, the consumable unit 2 can print the number of prints 100, which is the data stored in the image forming apparatus memory, regardless of the number of prints 200 and the number of output dots 300, The value corresponding to 200 is stored. The number of prints is reduced from 200 to 100, causing the consumable unit to have an abnormal value.

In addition, the image forming apparatus can use a plurality of consumable units on one I2C channel. If the slave address is modulated by the ID of the other consumable unit, it stores the wrong data in the memory of the other consumables.

In addition, for consumable units that have reached the end of their useful life, the hacker may reset the consumable usage information to zero for malicious purposes to make the consumable unit reproducible. As a result, the consumable unit having a shortened life span may be used, which may cause troubles such as failure of the image forming apparatus and deterioration of image quality, and it is impossible to provide accurate information of the consumable unit to the user. Further, A problem occurs in the integrated solution service based on the problem occurs.

Accordingly, a need has arisen for a technique capable of effectively checking the communication error between the consumable unit and the image forming apparatus and ensuring the data stability.

An object of the present invention is to provide a CRUM chip, an image forming apparatus, and a communication method thereof, which can achieve communication safety using integrity check data.

According to an aspect of the present invention, there is provided an image forming apparatus including a main body including a main controller for controlling an operation of the image forming apparatus, a consumable unit mounted on the main body for communicating with the main controller, The information on the consumable unit is provided to the consumable unit, and includes a CRUM (Customer Replaceable Unit Monitoring) chip. Here, the main controller and the CRUM chip perform data communication when a final authentication is performed by performing a plurality of authentication processes, and authentication data including integrity check data in at least two authentication processes among the plurality of authentication processes It can transmit and receive.

The main controller and the CRUM chip generate integrity check data by cumulatively reflecting previous integrity check data. In the final authentication process among the plurality of authentication processes, all the integrity check data transmitted or received in the previous authentication process is accumulated The final integrity check data can be generated.

In addition, the main controller and the CRUM chip may transmit / receive a signal including the integrity check data in an authentication process for generating a session key and an authentication process for conformity checking, among the plurality of authentication processes.

The main controller and the CRUM chip may perform at least one authentication process between the authentication process for generating the session key and the authentication process for checking conformity.

In this case, the main controller transmits a signal including the first data and the first integrity check data to the CRUM chip, and the CRUM chip performs a second integrity check using the second data and the first integrity check data And transmits a signal including the second data and the second integrity check data to the main controller, wherein each of the first data and the second data includes session key related data for generating a session key .

The main controller may generate third integrity check data using the third data, the first integrity check data, and the second integrity check data, and the third controller may generate the third integrity check data using the third data, Signal to the CRUM chip, the CRUM chip generates fourth integrity check data using fourth data, the first through third integrity check data, and transmits the fourth data and the fourth integrity check data And the third data includes index information in a table previously stored in the image forming apparatus, and the fourth data may include a value corresponding to the index information.

Wherein each of the main controller and the CRUM chip separates the integrity check data from the received signal when the signal to which the integrity check data is added is received from the counterpart, And the integrity of the signal can be checked by comparing the integrity check data.

Alternatively, the image forming apparatus may include an interface unit connected to a CRUM chip mounted on a consumable unit mounted on the image forming apparatus, and a controller for controlling the CRUM chip and a plurality of authentication processes when an event to perform authentication with the CRUM chip occurs And a main controller for performing the authentication by authenticating the CRUM chip. Here, the main controller can transmit and receive a signal including integrity check data in the authentication process for generating a session key and the authentication process for conformity checking, among the plurality of authentication processes. The integrity check data may be generated by cumulatively reflecting at least one integrity check data included in the previously received signal.

According to an embodiment of the present invention, a CRUM chip that can be mounted on a consumable unit of an image forming apparatus includes first data for authentication and first integrity check data for the first data from the main body of the image forming apparatus An inspection unit for separating the first integrity check data from the received signal to check the integrity of the signal, second data for authentication with the main body of the image forming apparatus, A generation unit for generating second integrity check data using the first integrity check data, a signal including the second data and the second integrity check data to the main body of the image forming apparatus through the interface unit And a control unit for performing the control.

Here, each of the first data and the second data includes session key-related data for generating a session key, and the controller generates the session key using the first data and the second data, A plurality of subsequent authentication processes can be performed.

In addition, the control unit may be configured to perform, during the plurality of subsequent authentication processes, the third integrity check data generated using the third data, the first integrity check data, and the second integrity check data, Controls the generation unit to generate fourth integrity check data using the fourth data and the first to third integrity check data when the fourth data and the fourth integrity check data are received from the main body of the image forming apparatus, A signal including inspection data can be transmitted to the main body of the image forming apparatus. Here, the third data may include index information in a table previously stored in the image forming apparatus, and the fourth data may include a value corresponding to the index information.

Also, in the final authentication process among the plurality of subsequent authentication processes, the controller may generate and transmit final integrity check data by cumulatively reflecting all the integrity check data transmitted or received in the previous authentication process.

According to another aspect of the present invention, there is provided an authentication method of an image forming apparatus, comprising the steps of: determining whether an event requiring authentication has occurred with respect to a consumable unit mounted on the image forming apparatus; And the main controller of the image forming apparatus performs a plurality of authentication processes with the CRUM chip mounted on the consumable unit to authenticate the CRUM chip. In at least two authentication processes among the plurality of authentication processes, a signal including integrity check data may be transmitted and received.

The integrity check data may be generated by cumulatively reflecting previous integrity check data. Among the plurality of authentication processes, the integrity check data transmitted and received in the final authentication process may be generated by cumulatively reflecting all the integrity check data transmitted or received in the previous authentication process.

The authenticating may further include transmitting the signal including the first data and the first integrity check data to the CRUM chip, wherein the CRUM chip uses the second data and the first integrity check data A first authentication step of generating second integrity check data and transmitting a signal including the second data and the second integrity check data to the main controller; And generating third integrity check data using the second integrity check data and transmitting a signal including the third data and the third integrity check data to the CRUM chip, Generates fourth integrity check data using the first through third integrity check data, and generates the fourth integrity check data using the fourth data and the fourth integrity check And a second authentication step of transmitting a signal including data to the main controller. Here, each of the first data and the second data includes session key-related data for generating a session key, the third data includes index information in a table previously stored in the image forming apparatus, The data may include a value corresponding to the index information.

According to an embodiment of the present invention, there is provided an authentication method of a CRUM chip that can be mounted on a consumable unit of an image forming apparatus, the method comprising: receiving first data for authentication from the main body of the image forming apparatus; The method comprising the steps of: receiving a signal including inspection data; separating the first integrity check data from the received signal to check integrity of the signal; second data for authentication with the main body of the image forming apparatus; , Generating second integrity check data using the first integrity check data, transmitting a signal including the second data and the second integrity check data to the main body of the image forming apparatus to perform authentication Step < / RTI >

The method may further include performing a plurality of subsequent authentication processes after transmitting a signal including the second data and the second integrity check data to the main body of the image forming apparatus, The integrity check data transmitted and received during the final authentication process may be generated by cumulatively reflecting all the integrity check data transmitted or received in the previous authentication process.

The final authentication process may further include transmitting a signal including third integrity check data and third integrity data generated using the third data, the first integrity check data, and the second integrity check data and the third data to the image forming apparatus From the main body, generating fourth integrity check data using the fourth data, the first through third integrity check data, and outputting a signal including the fourth data and the fourth integrity check data to the image forming To the main body of the apparatus. Here, each of the first data and the second data includes session key-related data for generating a session key, the third data includes index information in a table previously stored in the image forming apparatus, The data may include a value corresponding to the index information.

INDUSTRIAL APPLICABILITY As described above, according to various embodiments of the present invention, the integrity check data used in previous communications can be cumulatively used to secure the safety of the entire communication. Thus, the information of the consumable unit and the image forming apparatus can be managed safely.

1 is a block diagram showing the configuration of an image forming apparatus according to an embodiment of the present invention;
2 is a timing diagram for explaining a communication process between a main controller and a CRUM chip in an image forming apparatus according to an embodiment of the present invention;
3 is a timing diagram for specifically explaining a process of checking the integrity of a signal using integrity check data,
4 is a timing diagram for explaining a communication process between a main controller and CRUM chips in an image forming apparatus according to another embodiment of the present invention;
5 is a block diagram showing a configuration of an image forming apparatus equipped with a consumable unit,
6 and 7 are block diagrams showing the configuration of an image forming apparatus according to various embodiments of the present invention,
8 is a block diagram showing a configuration of a CRUM chip according to an embodiment of the present invention,
9 and 10 are flowcharts for explaining a communication method according to various embodiments of the present invention.
11 to 18 are diagrams for explaining an authentication method of an image forming apparatus according to another embodiment of the present invention;
19 is a block diagram showing a configuration of a CRUM chip according to another embodiment of the present invention.
20 is a timing diagram for specifically explaining the entire authentication process,
21 to 24 are diagrams for specifically explaining a method of generating integrity check data used in each authentication process,
25 to 27 are views for explaining various examples of the manner in which the consumable unit is connected to the main body of the image forming apparatus,
28 is a diagram showing a waveform of a signal transmitted and received according to the I2C interface method,
FIG. 29 is an enlarged view of a part of the signal of FIG. 28; FIG.

Hereinafter, the present invention will be described in detail with reference to the accompanying drawings.

1 is a block diagram showing a configuration of an image forming apparatus according to an embodiment of the present invention. 1, the image forming apparatus includes a main body 100, a main controller 110 provided in the main body 100, and a consumable unit 200 that can be mounted on the main body 100. As shown in Fig. Here, the image forming apparatus may be implemented by various types of apparatuses capable of forming images on paper or various recording media such as a printer, a scanner, a multifunction apparatus, a facsimile, a copying machine,

The main controller 110 is mounted on the main body 100 of the image forming apparatus, and controls the overall functions of the image forming apparatus.

The consumable unit 200 may be various types of units mounted on the main body 100 of the image forming apparatus and directly or indirectly involved in the image forming job. For example, in the case of a laser image forming apparatus, a charging unit, an exposure unit, a developing unit, a transferring unit, a fixing unit, various rollers, a belt, an OPC drum and the like can be consumable units. In addition, Various types of units that are required to be replaced may be defined as the consumable unit 200.

As described above, the life span of each consumable unit 200 is determined. Accordingly, the consumable unit 200 includes a CRUM chip (Customer Replaceable Unit Monitoring chip) 210 so that replacement can be made at an appropriate time.

The CRUM chip 210 is mounted on the consumable unit 200 and records various information. The CRUM chip 210 includes a memory. Therefore, the CRUM chip 210 may be referred to as various names such as a memory unit, a CRUM memory (Customer Replaceable Unit Monitoring memory), and the like, but the CRUM chip 210 will be described herein as a CRUM chip 210 for convenience of explanation.

The memory provided in the CRUM chip 210 may store various characteristic information on the consumable unit 200, the CRUM chip 210 itself, the image forming apparatus, and the like, and usage information or programs related to the execution of the image forming job.

Specifically, various programs stored in the CRUM chip 210 may include an O / S (Operating System) program, an encryption program, and the like as well as general applications. The characteristic information includes information on the manufacturer of the consumable unit 200, information on the manufacturer of the image forming apparatus, apparatus name of the attachable image forming apparatus, information on the date and time of manufacture, serial number, model name, An encryption key, an encryption key index, and the like. In addition, the usage information may include information on how many sheets have been printed so far, how many remaining sheets can be printed, how much toner is remaining, and the like. The characteristic information may be otherwise named as unique information.

For example, information such as the following table may be stored in the CRUM chip 210.

General Information OS Version
SPL-C Version
Engine Version
USB Serial Number
Set Model
Service Start Date CLP300_V1.30.12.35 02-22-2007
5.24 06-28-2006
6.01.00 (55)
BH45BAIP914466B.
DOM
2007-09-29 Option RAM Size
EEPROM Size
USB Connected (High) 32 Mbytes
4096 bytes
Consumables Life Total Page Count
Fuser Life
Transfer Roller Life
Tray1 Roller Life
Total Image Count
Imaging Unit / Deve Roller Life
Transfer Belt Life
Toner Image Count 774/93 Pages (Color / mono)
1636 Pages
864 Pages
867 Pages
3251 Images
61 Images / 19 Pages
3251 Images
14/9/14/19 Images (C / M / Y / K) Toner Information Toner Remains Percent
Toner Average Coverage 99% / 91% / 92% / 100% (C / M / Y / K)
5% / 53% / 31% / 3% (C / M / Y / K) Consumables Information Cyan Toner
Magenta Toner
Yellow Toner
Black Toner
Imaging unit SAMSUNG (DOM)
SAMSUNG (DOM)
SAMSUNG (DOM)
SAMSUNG (DOM)
SAMSUNG (DOM) Color Menu Custom Color Manual Adjust (CMYK: 0,0,0,0) Setup Menu Power Save
Auto Continue
Altitude Adj. 20 Minutes
On
Plain

As shown in the above table, the memory of the CRUM chip 210 may store not only general information on the consumable unit 200 but also information on the life of the consumable, information, setup menu, and the like. Also, the memory may store an O / S provided for use in the consumable unit separately from the main body of the image forming apparatus.

In addition, the CRUM chip 210 may further include a CPU (not shown) capable of managing the memory, executing various programs stored in the memory, and communicating with the main body of the image forming apparatus or the controller of the other apparatus .

The CPU can drive the O / S stored in the memory of the CRUM chip 210 to perform the initialization of the consumable unit 200 itself, separately from the initialization of the image forming apparatus. Further, the CPU may perform authentication with the main body of the image forming apparatus during initialization is completed or initialized. Further, after the authentication is completed, encrypted data communication may be performed with the main body of the image forming apparatus. In this case, various commands and data transmitted from the image forming apparatus main body can be encrypted and transmitted according to an arbitrary encryption algorithm.

Specifically, the CPU determines whether or not the power of the image forming apparatus on which the consumable unit 200 is mounted is turned on, the consumable unit 200 is detached, and then the body 100 of the image forming apparatus is again It is possible to perform initialization by itself in addition to the initialization of the main controller 110. [ Initialization is performed by initializing various application programs used in the consumable unit 200, calculating confidential information required for data communication with the main controller 110 after initialization, setting up communication channels, initializing memory values, ) Internal register value setting, internal and external clock signal setting, and so on.

Here, the register value setting means setting the function register values in the consumable unit 200 so that the consumable unit 200 operates in accordance with various functional states previously set by the user. The internal and external clock signal setting means a task of adjusting the frequency of the external clock signal provided from the main controller 110 of the image forming apparatus to match the internal clock signal used by the CPU in the consumable unit 200.

In addition, the self-replacement timing check can be a work for grasping the remaining amount of toner or ink used up to this time and notifying the main controller 110 side of the timing of the final depletion. Accordingly, if it is determined that the toner remaining amount is already exhausted in the initialization process, the consumable unit 200 may be notified to the main controller 110 itself after the initialization is completed. In addition, since the consumable unit 200 has its own O / S, various types of initialization can be performed according to the type and characteristics of the consumable unit 200.

In this way, when the image forming apparatus is powered on, the main controller 110 is stored in the memory unit 210 before the main controller 110 requests the communication with the unit 200. In this case, You can check the remaining amount of consumables or the number of refills. As a result, the time for noticing the supply shortage can be much faster than the conventional one. For example, in the case of a toner shortage, the user can operate to turn on the toner-saving mode immediately after power-on to perform image formation. The same is true when only a specific toner is lacking.

The CPU does not respond to the command of the main controller 110 until the initialization is completed and completed. The main controller 110 waits for a response while periodically transmitting a command until a response is received.

Accordingly, when a response, i.e., an acknowledgment is received, authentication is performed between the main controller 110 and the CPU. In this case, authentication can be performed between the CRUM unit 210 and the main controller 110 through interaction with the CRUM chip 210 due to its own O / S installed in the CRUM chip 210.

Specifically, the main controller 110 encrypts data or commands for authentication and transmits them to the CRUM chip 210. The transmitted data may include an arbitrary value R1. Here, R1 may be a random value that changes every authentication, or may be a fixed value arbitrarily set. The CRUM chip 210 receiving the data generates a session key using a certain value R2 and the received R1, and generates a MAC (Message Authentication Code) using the generated session key. And transmits a signal including the generated MAC and R 2 to the main controller 110. The main controller 110 generates a session key using the received R2 and R1, generates a MAC using the generated session key, compares the generated MAC with the MAC included in the received signal, 210). Meanwhile, according to various embodiments, digital signature information, key information, and the like may be transmitted and received in the authentication process and used for authentication.

If the authentication is successful, the main controller 110 and the CRUM chip 210 perform encrypted data communication for data management. That is, when a user command is input, or when an image forming job is started or completed, the main controller 110 sends a command, data, or the like for performing operations such as data reading, writing, Encrypts it using an encryption algorithm, and transmits it to the CRUM chip 210. The CRUM chip 210 can decode the received command or data and perform operations such as data reading and writing corresponding to the command. The encryption algorithm used in the CRUM chip 210 or the main controller 110 may be a standard encryption algorithm. This encryption algorithm can be changed when the encryption key is disclosed or when security needs to be enhanced. Specifically, various encryption algorithms such as RSA, ECC asymmetric key algorithm, ARIA, TDES, SEED, AES symmetric key algorithm, and the like can be used.

As described above, communication between the CRUM chip 210 and the main controller 110 for authentication and data exchange can be performed several times. In each communication, signals are transmitted from the main controller 110 to the CRUM chip 210 or vice versa. In this case, the transmitted signal includes error detection data for checking the integrity of the data included in the signal. The integrity check data is generated by cumulatively reflecting the integrity check data included in the signal transmitted or received at the time of previous communication.

Authentication 1, authentication 2, authentication 3, ..., authentication n, data communication 1, data communication 2, ..., data communication m between the main controller 110 and the CRUM chip 210, A plurality of communications can be performed together. Depending on the embodiment, the integrity test data is included in the signal transmitted at each communication or part of the communication. The integrity check data used in the previous communication is cumulatively reflected in the integrity check data. Specifically, it will be described later in the drawings.

On the side receiving the signal, the integrity check of the signal is checked using the integrity check data included in the signal. Accordingly, if it is determined that the signal is integrity, the next operation and subsequent communication proceeds. When it is necessary to record the received data, it temporarily stores the data included in the signal and the integrity check data. Then, new integrity check data is generated using the subsequent data to be transmitted to the transmitter side and the integrity check data stored in the immediately preceding communication and temporarily stored. Accordingly, a signal obtained by adding new integrity check data to subsequent data is transmitted. Communication including the integrity check data is performed a plurality of times between the main controller 110 and the CRUM chip 210. [ When the communication including the last integrity check data is performed, the final check is performed using the integrity check data included in the last received signal. As a result of the final inspection, if there is no abnormality, the entire data temporarily stored until then is recorded.

2 is a timing chart for explaining a communication process between the main controller 110 and the CRUM chip 210 according to an embodiment of the present invention. 2, the main controller 110 transmits a first signal 10 including data 1 and integrity check data 1. The CRUM chip 210 receiving the first signal 10 generates the integrity check data 2 using the integrity check data 1 and the data 2 included in the first signal 10. Then, a second signal including data 2 and integrity check data 2 is transmitted to the main controller 110. In this manner, the signals 30, ..., N including the integrity check data generated using the integrity check data in the previous communication are performed a plurality of times.

As the integrity check data, a result value obtained by performing logical operation on data to be transmitted, a result value generated by applying a predetermined mathematical expression to data or an encryption result value obtained by encrypting data may be used.

3 is a diagram for explaining an inspection method using integrity check data. Referring to FIG. 3, when a signal including the data a and the integrity check data a is received from the main controller 110 at step S310, the CRUM chip 210 separates the integrity check data a at step S320.

Then, the integrity check data a 'is generated using the remaining data and the integrity check data transmitted at the time of the previous communication (S330). The integrity check data a 'thus generated is compared with the integrity check data a (S340). If they are identical, the integrity check data a is determined to be integrity (S350). On the other hand, if the mismatch occurs, it is determined that an error has occurred and communication is interrupted (S360). For convenience of explanation, the integrity check data a 'is hereinafter referred to as comparison target data.

If it is determined to be integrity, the integrity check data b is generated using the data b to be transmitted and the integrity check data a (S370). Accordingly, the signal including the data b and the integrity check data b is transmitted to the main controller 110 (S380).

3, the inspection process performed in the CRUM chip 210 has been described. However, the same process may be performed in the main controller 110 as well. That is, upon receiving the signal including the data b and the integrity check data b, the main controller 110 separates the integrity check data b and performs the check. Since the inspection method is the same as that of S330 to S370, redundant description and illustration are omitted.

Meanwhile, the structure of signals transmitted and received between the main controller 110 and the CRUM chip 210 can be variously designed. That is, the data included in the signal may include at least one of command, recording object information, operation result information according to the command, integrity check result information on the previous received signal, and indicator information for indicating the location of the integrity check data . Here, the integrity check result information may be excluded from the signal initially transmitted between the main controller 110 and the CRUM chip 210. [ In the communication process, a method of checking integrity data may be used for all communications, and if necessary, an integrity data checking method may be applied to only some or important communications during a communication process.

4 is a diagram for explaining a process of checking integrity using a signal of a format different from that of FIG. Referring to FIG. 4, the main controller 110 transmits a signal including data and integrity check data 1 (S410). Here, the read command data 1 (Read Command (CMD) data 1) and the indicator U1 are included in the data. The read command data 1 includes not only commands but also read targets or memory addresses. U1 means indicator information following read command data 1. [ The indicator information U1 indicates a symbol for informing the parsing position of the integrity check data in the signal. The indicator information may be represented by a fixed number of bytes. For example, five bytes may be used for the indicator information. On the other hand, the size of the read command data 1 is variable according to the content of the data, and accordingly, the size of the integrity check data 1 is also variable.

When the signal is received, the CRUM chip 210 performs an integrity check using the integrity check data 1 included in the signal (S415). Then, integrity check data 2 is generated using the data to be transmitted and the integrity check data 1, and a signal including the integrity check data 2 is transmitted (S420). 4, the transmitted signal includes read data 1, which is data read from the memory provided in the consumable unit 100 in accordance with the read command data 1, Result data 2 indicating the result, indicator U2, and integrity check data 2 are included.

The main controller 110 separates the integrity check data 2 from the received signal and performs an integrity check (S425). If there is a subsequent read command data 3, the integrity check data 3 is generated using the read command data 3 and the integrity check data 2, and then the signal including the read command data 3, the indicator U3, and the integrity check data 3 is To the CRUM chip 210 (S430). 4, communication using the plurality of integrity check data 4, 5, 6, T1, and T2 is performed (S440, S450, S460, S470, and S485), and the integrity check is performed (S435, S445, S455, S465). On the other hand, when the CRUM chip 210 receives the last communication signal (S470), the CRUM chip 210 transmits the integrity check data T1 included in the last communication signal, The integrity is finally checked (S475). If it is determined as a result of the final inspection, the temporarily stored data is stored in a non-volatile memory (S480). Likewise, when the last communication signal is transmitted from the CRUM chip 210 (S485), the main controller 110 performs the entire integrity check using the integrity check data T2 included in the last communication signal (S490). Accordingly, if it is determined to be integrity, the temporarily stored data is stored in the nonvolatile memory (S495).

On the other hand, the integrity check data used in this communication process is generated by cumulatively reflecting the integrity check data used in the previous communication.

In one example, the integrity check data can be processed as follows.

Integrity check data 1 = E (Read CMD Data 1 | U1)

Integrity check data 2 = E (Read CMD Data 2 | Result Data 2 | U2 | integrity check data 1)

Integrity check data 3 = E (Read CMD Data 3 | U3 | integrity check data 2)

Integrity check data 4 = E (Read CMD Data 4 | Result Data 4 | U4 | integrity check data 3)

Integrity check data 5 = E (Write CMD Data 5 | U5 | integrity check data 4)

Integrity check data 6 = E (Result data 6 | U6 | integrity check data 5)

Integrity check data T1 = E (Write CMD Data L1 | U-T1 | Integrity check data T1-1)

Integrity check data T2 = E (Result Data L2 | U-T2 | Integrity check data T1)

In the above equations, E () denotes a function for obtaining a result value by applying a preset formula. The integrity check data may be obtained by applying various logical operations such as summing, XOR (eXclusive OR), etc. to the previous integrity check data and the entire data to be transmitted, or by applying data to the other main controller 110 and the CRUM chip 210 , A result value calculated by substituting the above-mentioned various encryption algorithms, and the like.

5 shows a configuration of an image forming apparatus in which a plurality of consumable units 200-1, 200-2, ..., 200-n are mounted in a main body 100 according to an embodiment of the present invention.

5, the image forming apparatus includes a main controller 110, a user interface unit 120, an interface unit 130, a memory unit 140, a plurality of consumable units 200-1, 200-2, 200-n.

The user interface unit 120 receives various commands from the user or displays various information to inform the user. The user interface unit 120 may include an LCD or LED display, at least one button, a speaker, etc., and may also include a touch screen.

The interface unit 130 is connected to a host PC or various external devices through wired or wireless communication. The interface unit 130 may include various types of interfaces such as a local interface, a Universal Serial Bus (USB) interface, and a wireless network interface.

The memory unit 140 stores various programs, data, and the like necessary for driving the image forming apparatus.

The main controller 110 serves to control the overall operation of the image forming apparatus. Specifically, the main controller 110 processes data received through the interface unit 130 and converts the processed data into a format capable of image formation.

Then, the main controller 110 performs an image forming job on the converted data using the plurality of consumable units 200-1, 200-2, ..., 200-n. Here, the consumable unit may be variously provided according to the type of the image forming apparatus. As described above, in the case of a laser printer, a charging unit, an exposure unit, a developing unit, a transferring unit, a fixing unit, various rollers, a belt, an OPC drum, or the like can be a consumable unit.

On the other hand, the first CRUM chip to the n-th CRUM chips 210-1, 210-2, ..., 210-n are connected to the respective consumable units 200-1, 200-2, Respectively.

Each CRUM chip may include a memory and a CPU. Alternatively, depending on the embodiment, a crypto module, a temper detector, an interface, a clock unit (not shown) for outputting a clock signal, a random value generator for generating a random value for authentication, (Not shown) may be further included.

A crypto unit (not shown) supports an encryption algorithm so that a CPU (not shown) can perform authentication or encrypted communication with the main controller 110. Specifically, the crypto unit may support an algorithm set among a plurality of encryption algorithms such as an asymmetric key algorithm such as RSA, ECC, ARIA, TDES, SEED, AES symmetric key algorithm, and the like. In this case, the main controller 110 can also support a corresponding algorithm among a plurality of encryption algorithms. Accordingly, the main controller 110 can recognize what kind of encryption algorithm is used in the consumable unit 200, perform authentication using the encryption algorithm, and then perform encrypted communication. As a result, even if a key (KEY) to which the encryption algorithm is applied to the consumable unit 200 is issued, it can be easily mounted to the main body 100 of the image forming apparatus and can perform encrypted communication.

A temper detector (not shown) is a unit for defending various physical hacking attempts, i.e., tempering. Specifically, it monitors the operating environment such as voltage, temperature, pressure, light, and frequency, and erases or physically disconnects data when there is an attempt such as Decap. In this case, the temper detector may have a separate power source.

Meanwhile, the memory provided in the CRUM chip 210 may include an O / S memory, a nonvolatile memory, a volatile memory, and the like. The O / S memory (not shown) stores O / S for driving the consumables unit 200. In the nonvolatile memory (not shown), various data are stored nonvolatilely. The nonvolatile memory includes electronic signature information, various encryption algorithm information, state information of the consumables unit 200 (e.g., toner remaining amount information, replacement timing information, remaining print count information, etc.), unique information Information on manufacture date, serial number, product model name, etc.), A / S information, and the like can be stored. In particular, data received in the course of communication with the main controller 110 may be stored in the nonvolatile memory.

A volatile memory (not shown) can be used as a temporary storage space required for operation. In the volatile memory, data judged to be complete at every communication and integrity check data used for the judgment can be temporarily stored.

The interface unit (not shown) serves to connect the CPU and the main controller 110. Specifically, it can be implemented by a serial interface or a wireless interface. Particularly, since the serial interface uses a smaller number of signals than the parallel interface, it has a cost reduction effect, and is particularly suitable for a noise-prone operation environment such as a printer.

As described above, each consumable unit may be provided with a CRUM chip. Each CRUM chip can communicate with the main controller and other CRUM chips. At the time of communication, the integrity check data used in the previous communication is cumulatively reflected and new integrity check data generated is transmitted.

6 is a block diagram showing a detailed configuration example of an image forming apparatus according to an embodiment of the present invention. 6, the image forming apparatus includes a main controller 110 and an interface unit 130. The main controller 110 includes a data processor 111, a generator 112, an examiner 113, a controller 114 ).

The data processing unit 111 generates data to be transmitted to a CRUM chip mounted on a consumable unit that can be mounted on the image forming apparatus. Here, the data includes at least one of a command and information to be processed by the command. That is, in the case of the read command, the memory address to be read or the information on the read object can be transmitted together. Also, in the case of a write command, information to be recorded can be transmitted together. The data processing unit 111 can directly output or encrypt the data. In addition, various commands such as a command for authentication and information related to the command can be generated in the data processing unit 111. [ These commands and information may be generated from time to time before, during, or after the execution of the image forming job. For example, when the image forming apparatus is turned on, the consumable unit 200 is detached and then re-mounted, or when a start command for an image forming job is input, the main controller 110 controls the consumable unit 200, It is possible to transmit an authentication command or a read command. Accordingly, various information managed in the consumable unit 200 can be checked and authenticated or stored in the memory unit 140 of the main body of the image forming apparatus 100.

During or after completion of the image forming job, the data processing section 111 obtains the consumables consumed in the image forming job, that is, the information about the ink or toner, the number of printed pages, the number of printed dots, History information and the like in the consumable unit 200, the write command and the corresponding information can be generated.

The generation unit 112 generates integrity check data using the data output from the data processing unit 111. Specifically, the data output from the data processing unit 111 may be simply summed, a logic operation such as XOR may be performed, a substitution may be made in a predetermined mathematical expression, or an encryption algorithm may be used to encrypt the data, . In this case, if the integrity check data used in the previous communication exists, the existing integrity check data is cumulatively reflected together to generate integrity check data.

The integrity check data generated by the generation unit 112 is added to the data generated by the data processing unit 111 and transmitted to the interface unit 130. 6, the output of the data processing unit 111 may be provided directly to the interface unit 130 or may be provided to the multiplexer (not shown) have. When the multiplexer is provided, the output of the generating unit 112 may also be provided to the multiplexer, and may be transmitted to the interface unit 130 in the form of a signal including data and integrity check data.

The interface unit 130 transmits a signal including the data and the first integrity check data to the CRUM chip 210.

Also, the interface unit 130 can receive a response signal from the CRUM chip 210. [ A signal transmitted from the interface unit 130 is referred to as a first signal and a signal received from the CRUM chip is referred to as a second signal. The second integrity check data included in the second signal is data generated by cumulatively reflecting the first integrity check data.

The checking unit 113 separates the second integrity check data included in the second signal received through the interface unit 130 and checks the integrity of the data included in the second signal. More specifically, the checking unit 113 checks whether the second integrity check data has been separated from the remaining data and the integrity check data previously transmitted from the main controller 110 to the CRUM chip 210, Method is applied to generate integrity check data.

The integrity check data thus generated is compared with the second integrity check data separated from the second signal to check whether or not they match. If the check result is found to match, the checking unit 113 determines that the data is integrity, and if the data is inconsistent, determines that the corresponding data is in an error state.

The control unit 114 performs the subsequent communication according to the inspection result of the inspection unit 114. That is, if it is determined that the second signal includes data in the error state, the subsequent communication can be interrupted or retried. On the other hand, if it is determined that the second signal is in the normal state, that is, the integrity state, the subsequent communication is performed.

According to the embodiment, when it is determined that the integrity state is established, the control unit 114 can directly store the corresponding data in the memory unit 140. [

According to another embodiment, the acquired data and the integrity check data may be temporarily stored in each communication and the temporarily stored data may be stored in the memory unit 140 when the final communication is completed.

Fig. 7 shows a configuration of an image forming apparatus according to this embodiment. 7, a memory unit 140 is further included in addition to the main controller 110 and the interface unit 130 including the data processing unit 111, the generating unit 112, the checking unit 113, and the controlling unit 114 . The memory unit 140 includes a temporary storage unit 141 and a storage unit 142.

Accordingly, the data and the integrity check data determined to be integrity can be temporarily stored in the temporary storage unit 141. Temporarily stored integrity check data can be used in the integrity check of the data in the subsequent communication process.

That is, as described above, when the first signal including the first integrity check data is transmitted to the CRUM chip 210 and the second signal for the first signal is transmitted, the checking unit 113 extracts the second integrity check data from the second signal 2 integrity check data, and generates new integrity check data, that is, comparison target data, using the remaining data and the integrity check data stored in the temporary storage unit 141. [ Then, the checking unit 113 compares the generated new integrity check data with the second integrity check data to the temporary storage unit 141 to determine the integrity of the data included in the second signal or the second signal.

On the other hand, if there is subsequent data to be transmitted to the CRUM chip 210 in a state where the second signal is integrity, the generation unit 112 generates the third integrity check data based on the subsequent data and the second integrity check data. Accordingly, the interface unit 130 transmits a third signal including the third integrity check data and the subsequent data to the CRUM chip 210. That is, as described in FIGS. 2 to 4, the main controller 110 and the CRUM chip 210 perform a plurality of communications.

On the other hand, the checking unit 113 can finally check the integrity of the entire signal received in the communication process, using the final integrity check data included in the last received signal in the communication process. That is, as described above, the integrity check data transmitted / received during the communication is generated by cumulatively reflecting the previous integrity check data. Therefore, the final integrity check data includes all of the first integrity check data to the previous integrity check data. Accordingly, when it is determined that the data is integrity using the final integrity check data, it is determined that the entire communication contents are reliable. When the communication requiring the recording is performed, the entire data temporarily stored is stored in the memory unit 140 (142).

Meanwhile, the main controller 110 and the CRUM chip 210 transmit a signal indicating that the initial communication is included in the signal and transmits the signal including the indication of final communication at the time of final communication. Accordingly, the main controller 110 and the CRUM chip 210 store the data in the storage unit 142 by performing the above-mentioned final inspection when the final communication indication is confirmed on the signal received from the counterpart.

This final inspection may be performed when one image forming job is completed, or may be performed in a predetermined time period unit depending on the embodiment. Also, when a user command for storing data is input, or when a turn-off command is inputted to the image forming apparatus, the authentication process between the image forming apparatus and the consumable unit can also be performed.

6 and 7, the data processing unit 111, the generating unit 112, the checking unit 113, and the controlling unit 114 are included in the main controller 110, but the present invention is not limited thereto. That is, at least one of the data processing unit 111, the generating unit 112, the checking unit 113, and the controlling unit 114 may be provided separately from the main controller 110. 1 to 4, the main controller 110 performs only the original function and the communication with the CRUM chip 210 is performed by the data processing unit 111, the generating unit 112, the checking unit 113, Or may be performed by the control unit 114 or the like.

8 is a block diagram showing a configuration of a CRUM chip 210 according to an embodiment of the present invention. 8, the CRUM chip 210 includes an interface 211, an inspection unit 212, a generation unit 213, a data processing unit 214, a control unit 215, a temporary storage unit 216, a storage unit 217 ).

The interface unit 211 receives the first signal including the first data and the first integrity check data for the first data from the main body of the image forming apparatus, particularly, the main controller 110 mounted on the main body of the image forming apparatus.

The checking unit 212 separates the first integrity check data from the first signal and checks the integrity of the first signal. Since the inspection method of the inspection unit 212 has been described in the above section, a duplicate description will be omitted.

The temporary storage unit 216 temporarily stores the first data and the first integrity check data if the first signal is determined to be integrity.

The data processing unit 214 generates second data when there is second data to be transmitted to the main body of the image forming apparatus.

The generation unit 213 generates the second integrity check data using the generated second data and the first integrity check data.

The control unit 215 controls the interface unit to transmit the second signal including the second data and the second integrity check data to the main body of the image forming apparatus. In addition, the control unit 215 controls the operation of the entire CRUM chip 215. That is, when the CRUM chip itself has the O / S as described above, the control unit 215 can drive the CRUM chip using the O / S. In particular, if the initialization program is stored, the initialization may be performed separately from the main body of the image forming apparatus.

In addition, the control unit 215 performs operations corresponding to various commands received from the main body of the image forming apparatus. That is, when a read command is received, the data stored in the storage unit 217 is read according to the read command, and is transmitted to the image forming apparatus through the interface unit 211. In this process, integrity check data can be added.

On the other hand, if the third signal including the third integrity check data generated by cumulatively reflecting the second integrity check data is received through the interface unit 211, the checking unit 212 checks the integrity of the third signal .

When the communication is completed, the final integrity check data included in the last received signal in the communication process is used to finally check the integrity of the entire signal received in the image forming job performing process.

If the communication is completed in the integrity state, the data temporarily stored in the temporary storage unit 216 is stored in the storage unit 217 if necessary.

That is, when the communication ends, the control unit 215 controls the checking unit 212 to perform the final check using the last integrity check data. As a result, the controller 215 determines that the data is integrity check result of the checking unit 212, and if necessary, the controller 215 stores the data temporarily stored in the temporary storage unit 216 in the storage unit 217.

The operation of the CRUM chip 210 of FIG. 8 is also similar to that of the image forming apparatus of FIG. That is, the main controller 110 of the image forming apparatus and the CRUM chip 210 of the consumable unit 200 perform operations corresponding to each other as described with reference to FIG. 1 to FIG. Accordingly, algorithms for generating integrity check data and inspecting the integrity check data on both sides should be provided in common.

9 is a flowchart illustrating a communication method according to an embodiment of the present invention. The communication method described with reference to FIG. 9 may be performed in the main controller 110 provided in the main body of the image forming apparatus or in the CRUM chip 210 provided in the consumable unit 200.

Referring to FIG. 9, when data to be transmitted is generated (S910), integrity check data is generated using the data (S920). The generation of the integrity check data is the same as described above, so a detailed description thereof will be omitted.

Then, a signal including the generated integrity check data and data is transmitted (S930).

Accordingly, a response signal corresponding to the transmitted signal is received from the other party (S940). The response signal includes new integrity check data generated by cumulatively reflecting the integrity check data transmitted in S930.

Accordingly, the integrity check is performed using the integrity check data included in the response signal (S950).

As described above, according to the simple application of the present invention, integrity of each communication can be judged by cumulatively using previous integrity check data.

10 is a flowchart for explaining a communication method according to a more specific embodiment. Referring to FIG. 10, when data to be transmitted is generated (S1010), integrity check data is generated based on the data (S1020). Then, a signal including data and integrity check data is transmitted (S1030), and a response signal to the signal is received (S1040). Accordingly, the integrity check data is separated from the response signal (S1050).

Then, it is determined whether the integrity check data is integrity using the separated data and the existing integrity check data (S1060).

If it is determined to be integrity, it is temporarily stored (S1070), and if it is an error state, communication is interrupted (S1100) and retry is performed.

On the other hand, if there is subsequent data in the temporarily stored state (S1080), the above-described steps are repeatedly performed. On the other hand, if there is no subsequent data, the temporarily stored data is stored according to the integrity check result of the finally received signal (S1090).

In the above-described various embodiments, the integrity check data is generated by accumulating the integrity check data at the time of previous communication, except for the integrity check data transmitted from the main controller of the image forming apparatus at the time of starting the data communication for the first time. As a result, the integrity check data at the time of the final communication includes all of the integrity check data used in some important communication processes. Therefore, accurate data can be recorded.

As a result, it is possible to safely protect the information of the main controller and the CRUM chip from external factors such as noise or contact failure, abnormal change of consumables, deliberate modulation, hacking, etc. occurring during communication.

In the above-described embodiments, the image forming apparatus and the CRUM chip mounted on the consumable unit used in the apparatus have been described. However, the communication method described above can be applied to other types of apparatuses. For example, in the case of communication between a device manufactured for communication with a CRUM chip rather than an image forming apparatus and a CRUM chip, in the case of communication between a general electronic device and a memory mounted on a part used in the device, The present invention is not limited thereto.

Meanwhile, as described above, the integrity check data may be used only in a part of the authentication process. That is, when various events occur such as when a consumable unit equipped with a CRUM chip is replaced, when the image forming apparatus is booted, when data update is to be performed, when a preset time period or the like comes, The main controller provided in the main body performs authentication with the CRUM chip of the consumable unit.

The Crum chip is designed to perform reading and writing of data from the Crum chip only when the image forming apparatus is authenticated and the Crum chip is determined to be suitable for the image forming apparatus. The types of authentication can be various and can be selected according to the situation. For example, if it is not possible to utilize the information of the Crum chip used before, such as booting or replacing a consumable unit, it takes a relatively long time but uses a method of high encryption strength, and authentication , A faster and simpler authentication can be performed. An example of authentication in the middle of printing is a relatively simple authentication, but it is not a weaker one because it authenticates based on data previously generated by a stronger password.

11 is a diagram for explaining an authentication process between the main body of the image forming apparatus and the CRUM chips mounted on the consumable unit. Referring to FIG. 11, the main body 100 of the image forming apparatus and the CRUM chip 210 perform final authentication through a plurality of authentication processes (Auth-1 to Auth-4). The number and order of the authentication processes (Auth-1 to Auth-4) can be variously changed according to the embodiment. Particularly, the main body 100 and the CRUM chip 210 of the image forming apparatus can perform an authentication process for generating a session key and an authentication process for verifying the suitability of the CRUM chip. More than one authentication process may be performed.

Referring to FIG. 11, the entire authentication process can be roughly divided into basic authentication and additional authentication. The basic authentication consists of a first authentication process (Auth-1) for performing internal authentication and the additional authentication is a multi-step authentication process such as Auth-2, Auth-3 and Auth-4 .

In the first authentication process (Auth-1), mutual authentication is performed between the image forming apparatus 100 and the CRUM chip 210, and a work for creating a common session key is performed. The image forming apparatus 100 and the CRUM chip 210 encrypt all or a part of data exchanged during communication using a symmetric key or the same encryption algorithm so that they can not be seen from the outside.

The image forming apparatus 100 and the CRUM chip 210 create a common session key using the data exchanged during the first authentication process (Auth-1), and then use it to encrypt communication process data.

The second authentication process (Auth-2) is a process for making the C-table (Combination Table) of the image forming apparatus 100 and the CRUM chip 210 the same. C table refers to a table in which a value for computing the value is recorded when the image forming apparatus 100 and the CRUM chip 210 transmit information for confirmation, that is, a query code. The C table can be described as the first table (check that there is nothing wrong with the contents).

When the image forming apparatus 100 is booted or it is determined that the C-tables of the image forming apparatus 100 and the CRUM chip 210 do not coincide with each other, Match the C-Table. The image forming apparatus 100 can determine whether or not the C-tables of the image forming apparatus 100 and the CRUM chip 210 coincide with each other. 12 is a timing chart for explaining the second authentication process in more detail. Referring to FIG. 12, the image forming apparatus 100 generates PRT data and a REQUST_CMD (request command) (S1110) and transmits the generated request to the CRUM chip 210 (S1220). REQUST_CMD can be configured in various formats. For example, REQUST_CMD may be implemented as CMD∥E (PRT data) ∥MAC∥CRC (Cyclic Redundancy Check) or EDC (Error Detection and Correction bits). Here, E () means an encryption algorithm (Cryptography Algorithm). And ∥ denotes a predetermined operation code. For example, it may be an addition sign.

When the REQUST_CMD is received, the CRUM chip 210 generates CRUM data (S1230), and generates a C table using the generated CRUM data and the received PRT data (S1240). The CRUM chip 210 may generate a C table by applying a configuring function to the CRUM data and the PRT data.

Also, the CRUM chip 210 generates a RESPONSE including the generated CRUM data (S1250), and transmits the RESPONSE to the image forming apparatus 100 (S1260). RESPONSE can be generated as E (CRUM data) ∥MAC ∥CMD Result ∥CRC or EDC.

The image forming apparatus 100 generates a C table using the received CRUM data and PRT data (S1270). The image forming apparatus 100 can also generate a C table by applying a predetermined configuring function. As a result, the image forming apparatus 100 and the CRUM chip 210 can each hold the same C table.

When the second authentication process (Auth-2) is completed, the third authentication process (Auth-3) is performed. The third authentication process (Auth-3) may be a process for matching the Q table with the image forming apparatus 100 and the CRUM chip 210 in the same manner. The Q table is a table in which data for mutual confirmation such as a query code is recorded. The name Q table may also be described as a second table.

13 is a flowchart illustrating a third authentication process. 13, when the second authentication process is completed, the main body 100 of the image forming apparatus determines whether the version of the Q table (i.e., PRT Ver.) Held by the main body is the version of the Q table held by the CRUM chip 210 (I.e., CRUM Ver.) (S1310). If it is determined that the PRT version is larger than the CRUM version, the main body 100 of the image forming apparatus provides information on the Q table to the CRUM chip 210. Accordingly, the CRUM chip 210 performs an update to match the Q table of the version of the main body 100 of the image forming apparatus (S1320).

On the other hand, if the PRT version is smaller than the CRUM version (S1330), the CRUM chip 210 provides information on the Q table to the main body 100 of the image forming apparatus. Accordingly, the image forming apparatus 100 performs an update to match the Q table of the version of the CRUM chip 210 (S1340).

In this manner, if the Q tables on both sides match due to the update of the Q table or if the versions coincide with each other, a value recorded in the Q table, that is, a query code is checked (S1350). The task of verifying the queried code can be the fourth authentication process, which will be described later in detail.

14 is a timing chart for explaining a process of synchronizing to the Q table of the main body of the image forming apparatus. Referring to FIG. 14, the image forming apparatus 100 generates REQUST_CMD1 for requesting CRUM data (S1410) and transmits the REQUST_CMD1 to the CRUM chip 210 (S1415). The CRUM chip 210 generates a response RESPONSE1 for REQUST_CMD1 (S1420) and transmits it to the image forming apparatus 100 (S1425). RESPONSE1 can be generated in the same manner as E1 (E2 (PRT Q DATA INDEX) ∥CRUM Data) ∥MAC∥CMD1 Result ∥CRC or EDC. Here, E1 denotes an encryption algorithm, E2 (PRT QDATA Index) refers to a Q table index with a Q table index to obtain corresponding Q data, and encrypts the Q data using an arbitrary first encryption algorithm .

When RESPONSE1 is received, the image forming apparatus 100 compares the Q data (S1430). That is, the image forming apparatus 100 detects Q data corresponding to the index transmitted to the CRUM chip 210 in the stored Q table, compares the Q data with the Q data transmitted from the CRUM chip 210, Make sure it is the same value. If they do not match, the image forming apparatus 100 generates a REQUST_CMD2 (S1435) and transmits the REQUST_CMD2 to the CRUM chip 210 (S1440). REQUST_CMD2 may be generated as E1 (E5 (PRT Q TBL) ∥MAC∥CRC or EDC, where E5 means a second encryption algorithm different from E1 and E2.

When the REQUST_CMD2 is received, the CRUM chip 210 compares the version of the Q table of the image forming apparatus with the version of the Q table of the CRUM chip 210 (S1445). If it is determined that a rule different from the rule of the Q table of the CRUM chip 210 is applied (S1450), an error response is generated. Accordingly, the CRUM chip 210 updates its Q table in accordance with the PRT Q table (S1455), generates RESPONSE2 (S1460), and transmits it to the image forming apparatus 100 (S1465). RESPONSE2 can be generated as CMD2 Result? CRC or EDC.

15 is a timing chart for explaining the process of synchronizing the CRUM chip 210 with the Q table. Referring to FIG. 15, the image forming apparatus 100 generates REQUST_CMD (S1510) and transmits it to the CRUM chip 210 (S1520). The CRUM chip 210 generates a RESPONSE according to the received command (S1530), and transmits the RESPONSE to the image forming apparatus 100 (S1540). RESPONSE can be generated in the form of E1 (E2 (CRUM Q DATA) E E5 (CRUM Q TBL) ∥MAC ∥CMD Result ∥CRC or EDC. When the RESPONSE is received, the image forming apparatus 100 checks the CRUM Q DATA in the received RESPONSE and compares the CRUM Q DATA with the response CRUM Q Data (S1550). If the comparison result does not match, it is judged as an error state. In step S1560, the image forming apparatus 100 determines whether the received CRUM Q table conforms to a rule for creating a Q table, and determines that the received CRUM Q table is in an error state if the table is an invalid Q table.

If the Q tables do not match as a result of the determination, the image forming apparatus 100 updates the Q table according to the data received from the CRUM chip 210 (S1570). As a result, the Q tables on both sides are synchronized.

As described above, the second and third authentication processes (Auth-2 and Auth-3) are performed by the image forming apparatus 100 and the consumable unit 200 in order to analyze data exchanged in the fourth authentication process (Auth-4) This is a process for making the information having the same. If the existing data are the same, the third authentication process (Auth-3) may not be performed.

The fourth authentication process (Auth-4) is an authentication process for conformity verification. In the fourth authentication process, the image forming apparatus 100 and the consumable unit 200 can receive the session key generated through the first authentication process (Auth-1) and the session key generated through the second and third authentication processes (Auth-2 and 3) And confirms whether the consumable unit 200 or the CRUM chip 210 mounted on the consumable unit 200 is a CRUM chip suitable for the image forming apparatus 100 with the shared information.

16 is a timing chart for explaining a method of performing the fourth authentication process (Auth-4). Referring to FIG. 16, the image forming apparatus 100 selects a Q index, a C index, and the like, generates REQUST_CMD including selected indexes (S1610), and transmits the REQUST_CMD to the CRUM chip 210 (S1620). The CRUM chip 210 generates CRUM data using the received REQUST_CMD, generates a RESPONSE including the CRUM data, and transmits the generated RESPONSE to the image forming apparatus 100 (S1640).

When the RESPONSE is received, the image forming apparatus 100 generates PRT Q data (S1650), and compares PRT Q data with CRUM data included in RESPONSE (S1660). If the result of the comparison is a match, it is determined that the CRUM chip 210 is valid, and authentication is completed.

The image forming apparatus 100 and the consumable unit 200 can perform the authentication process in the first authentication process (Auth-1) for creating the session key and the fourth authentication process (Auth-4) It is possible to transmit and receive signals including inspection data. The integrity check data means data generated by cumulatively reflecting the integrity check data included in the previously received signal. When no signal including the integrity check data has been received previously, that is, when the integrity check data must be generated first, integrity check data can be generated using only the data to be transmitted.

The second and third authentication processes (Auth-2 and Auth-3) affect the fourth authentication process (Auth-4), in which the communication data to be exchanged is the next communication. Therefore, even if the integrity check data is not used, the fourth authentication process (Auth-4) fails if there is a problem in the second and third authentication processes (Auth-2 and Auth-3) Authentication will fail. Therefore, it is not necessary to include the integrity check data in the entire authentication process, and the integrity check data can be applied only to Auth-1 and Auth-4, which are important processes of authentication. However, this is merely an example, and integrity check data may be transmitted / received at every authentication process or may be transmitted / received at least one authentication process during the second and third authentication processes, if necessary.

Although the authentication between the main body 100 of the image forming apparatus and the CRUM chip 200 has been described above, the authentication operation may be performed between the main controller 110 mounted on the main body 100 and the CRUM chip 210 have.

17 and 18, detailed authentication processes performed between the main controller 110 and the CRUM chip 210 will be described in detail.

17 shows a first authentication process (Auth-1) for generating a session key during authentication of the number of tags. For convenience of explanation, the authentication process for generating the session key is defined as the first authentication process, but it goes without saying that another authentication process may be performed before the authentication process for generating the session key in the actual authentication process.

Referring to FIG. 17, the first authentication process (Auth-1) may be divided into com-1 and com-2 processes. com-1 is a process in which the main controller 110 sends data to the Crum chip 210 for authentication. Signals transmitted from Com-1 include CMD1, DATA1, CRC1, Symbol, VC1, and the like. CMD1 means a command. CMD1 can contain authentication related options or size information of sending data. DATA1 is composed of Random Data, which is data required for authentication, a password-related data value for authentication, and specific information stored in the image forming apparatus. In the case of the first authentication process, in addition to the above-mentioned random data R1, DATA1 includes key-size information, session key-related data such as various key-related information used in the asymmetric key algorithm, Information or the like can be transmitted. In some cases, some of these information may be omitted or replaced with other information.

The random data may be a value generated randomly by the main controller 110 for authentication. Accordingly, the random data may be changed at every authentication, but in some cases, it may be implemented as a method of fixedly transmitting one value arbitrarily set in place of the random data. CRC1 denotes an error detection code. CRC1 transmits to check the errors of CMD1 and DATA1. In addition to CRC1, methods such as Checksum and MAC, which are other error detection methods, may be additionally used. Alternatively, CRC1 may be used instead of CRC1.

In com-1, symbol is a part that designates the integrity check data. Referring to FIG. 17, a symbol such as SECU1 is used. symbol can be used to distinguish between the integrity check data and the rest of the data, and can also indicate the type of integrity data operation. SECU1 used in FIG. 17 is a symbol indicating that the first communication is performed using the integrity check data function. VC1 is the integrity check data that is initially generated. VC1 generates contents composed of CMD1, DATA1, CRC1, and SECU1 String according to a specific formula. Since VC1 is integrity check data but is generated for the first time, it does not accumulate previously received integrity check data, but generates only the remaining data. The method of generating VC1 will be described later in detail.

When the CRUM chip 210 receives Com-1, it transmits Com-2 in response. Com-2 includes DATA2, SW2, CRC2, SECU2, VC2, and the like. As described above, if the first authentication process is an authentication process for generating a session key, the Com-2 DATA includes first random data R1, second random data R2, a chip serial number (CSN) Key related information used in the asymmetric key algorithm, a part of the internal information of the CRUM chip, and the like. The first random data R1 is a value received from the Com-1 and the second random data R2 is a value generated by the CRUM chip 210 itself. The information contained in Com-2 may be omitted in some cases or replaced with other information.

In addition, SW2 means result data indicating the result of the operation performed on the CRUM chip 210 according to the command of Com-1. Since CRC2 and SECU2 have the same function as CRC1 and SECU1 of com-1, their description will be omitted. VC2 is integrity check data generated by cumulatively reflecting VC1, which is the integrity check data of Com-1. The CRUM chip 210 can generate VC2 by combining DATA2, SW2, CRC2, SECU2, and VC1 to be transmitted to Com-2 in a predetermined manner. The generation method will be described in detail later.

17, when the first authentication process is performed, the first random data R1 generated by the main controller 110 and the second random data R2 generated by the CRUM chip 210 are mutually shared . The main controller 110 and the CRUM chip 210 can generate session keys using the received R1 and R2, respectively.

As shown in FIG. 11, the authentication process is performed a plurality of times to complete the final authentication. The fourth authentication process is an authentication process for checking the suitability of the consumable unit 200 on which the CRUM chip 210 or the CRUM chip 210 is mounted. Between the first authentication process and the fourth authentication process, at least one authentication process for preparing the fourth authentication process may be performed.

18 is a diagram for explaining an authentication procedure for confirming conformity. In FIG. 11, the authentication process for confirming the conformance, that is, the fourth authentication process is performed at the end of the plurality of authentication processes, but the order is not limited.

According to Fig. 18, the fourth authentication process (Auth-4) consists of com-3 and com-4. Com-3 denotes a process in which the main controller 110 transmits a signal to the CRUM chip 210, and Com-4 denotes a process in which the CRUM chip 210 transmits a signal to the main controller 110. In Com-3, CMD3, DATA3, CRC3, SECT1 and VC3 are transmitted. CMD3 is a command indicating com-3, and DATA3 is data necessary for the operation of Auth-4. The main controller 110 may store a table for checking the conformity of the CRUM chip 210 or the consumable unit 200 in advance. For example, when a plurality of tables are stored, DATA3 may include arbitrary first index information (index 1) of Table 1, arbitrary second index information (index 2) of Table 2, and the like. The main controller 110 can encrypt DATA3 using the session key generated through the first authentication process. SECT1 is a symbol string for notifying that the communication using the integrity check data is the end of communication, and VC3 is integrity check data. The main controller 110 can generate VC3 using CMD3, DATA3, CRC3, SECT1 String and all the integrity check data VC1 and VC2 generated so far. The CRUM chip 210 receiving the Com-3 transmits the Com-4 to the main controller 110. Com-4 includes DATA4, SW4, CRC4, SECT2, VC4, and the like. DATA4 may include a third value generated using a first value (value 1) and a second value (value 2) corresponding to the first and second index information received from Com-3. The main controller 110 can check whether the CRUM chip 210 or the consumable unit 200 is suitable for the image forming apparatus 100 by comparing the first, second, and third values obtained through the Com-4 with the table. The roles of SW4, CRC4 and SECT2 are as described above, and redundant description will be omitted. VC4 is integrity check data generated by cumulatively reflecting VC1, VC2, and VC3.

As described above, the integrity check data can be transmitted / received during at least a part of the authentication processes among the plurality of authentication processes. In this case, if the previously used integrity check data exists, the integrity check data can be accumulated and generated. That is, the integrity check data can be summarized as follows.

[Equation 1]

VCn (n) = SEC (n) = CMD (+) DATA (+) SW (+) CRC (+

VC (n) = SECT (n) = CMD (+) DATA (+) SW (+) CRC (+) Symbol (+) VC (1) -2) (+) VC (n-1)

In Equation (1), (+) may mean a logical operation expression such as XOR, or other encryption algorithm expression. According to Equation (1), the integrity check data VCn of SECU (n) used in the authentication process except for the final authentication process is obtained by combining each of data to be transmitted and VC (n-1) Lt; / RTI > On the other hand, the integrity check data VCn of SECT (n) used in the final authentication process can be generated by combining each of the data to be transmitted and the entire integrity check data transmitted or received in the previous authentication process. For example, in the case of the n-th integrity check data, the integrity check data up to 1, 2, ..., N-1 can be all reflected. Accordingly, when an error occurs during the authentication process, it can be determined in the final authentication process to complete the authentication or to determine that the authentication has failed.

19 is a block diagram illustrating a configuration of a CRUM chip using integrity check data in an authentication process according to another embodiment of the present invention. The CRUM chip 1400 can be used in various consumable units as described above. 19, the CRUM chip 1400 includes an interface unit 1410, an inspection unit 1420, a generation unit 1430, and a control unit 1440. The interface unit 1410 is a component for being connected to the main body 100 of the image forming apparatus. The interface unit 1410 may employ various interface schemes. For example, an I2C interface (Inter-Integrated Circuit (I2C) Interface) may be used.

When an event requiring authentication is generated, the interface unit 1410 can receive various signals. For example, the interface unit 1410 may receive a signal including the first data for authentication and the first integrity check data for the first data from the main body 100. Here, the first data means the remainder of the received signals excluding the first integrity check data. For example, in the case of FIG. 17, the first data means CMD1, DATA1, CRC1, and SECU1. Here, DATA1 may include various data such as first random data and the like.

The checking unit 1420 can check the integrity of the signal by separating the first integrity check data, i.e., VC1, from the received signal. Concretely, according to the first authentication process of FIG. 17, the checking unit 1420 can calculate VC1 by calculating CMD1 (+) DATA1 (+) CRC1 (+) SECU1. The checking unit 1420 compares the VC1 separated from the Com-1 and the VC1 directly calculated, and if it is the same, it can judge that the com-1 is the integrity.

The controller 1440 may temporarily store some data necessary for the VC1 and the like if it is determined to be integrity. The control unit 1430 controls the generation unit 1430 to perform the first authentication process.

The generation unit 1430 generates second integrity check data using the second data for authentication with the main body of the image forming apparatus and the first integrity check data. In this case, the generator 1430 may generate the second random data using the random value generation algorithm. According to the embodiment using Equation 1, the second integrity check data can be calculated as a result value of DATA2 (+) SW2 (+) CRC2 (+) SECU2 (+) VC1.

The control unit 1440 can perform the first authentication operation using the data received from the main body 100. [ Specifically, the session key can be generated by using the first random data R1 received from the main body 100 and the second random data R2 generated by the generating unit 1430 and the like.

The control unit 1440 outputs a signal including the calculated second integrity check data together with the second data, that is, DATA2, SW2, CRC2, and SECU2, to the main body 100 of the image forming apparatus via the interface unit 1410, Lt; / RTI > The main body 100 of the image forming apparatus can also detect the first and second random data from the received signal and use it to generate a session key.

On the other hand, authentication is performed through a plurality of authentication processes. That is, the controller 1440 may perform a plurality of subsequent authentication processes after generating the session key using the first data and the second data.

During a plurality of subsequent authentication processes, an authentication process for conformance checking as in the fourth authentication process described above may be included. In this authentication process, new integrity check data in which integrity check data previously transmitted or received before is accumulated can be transmitted or received.

Specifically, the interface section 1410 can receive a signal including the third data and the third integrity check data from the main body 100 of the image forming apparatus. The third integrity check data refers to data generated using the integrity check data and the third data that have been used by the main controller 110 of the main body 100 of the image forming apparatus 100 before. If the fourth authentication process is the final authentication process, the first and second integrity check data may be all reflected to generate the third integrity check data.

When the third data and the third integrity data are received, the control unit 1440 controls and inspects the inspection unit 1420. Since the inspection method is as described above, a duplicate description will be omitted.

If it is determined that there is no problem with the third data, the controller 1440 controls the generator 1430 to generate the fourth integrity check data. The generation unit 1430 may generate the fourth integrity check data by reflecting the first, second, and third integrity check data together with the fourth data in the above-described Equation (1).

When the fourth integrity check data is generated, the controller 1440 transmits a signal including the fourth data and the fourth integrity check data to the main body 100 of the image forming apparatus.

If the fourth authentication process is an authentication process for checking compliance, the third data includes index information in a table previously stored in the image forming apparatus, and the fourth data includes a value corresponding to the index information As shown in FIG.

Meanwhile, the interface unit 1410 may be implemented as a contact type or a connector type. The contact form and the communication method of the interface unit 1410 will be described in detail later.

As described above, the integrity check data can be used in part or in whole of the authentication or data communication process according to the embodiment.

FIG. 20 is a diagram for explaining a method of utilizing integrity check data in a communication environment in which writing is not required in a pictorial growth value or a consumable unit. FIG. Specifically, the integrity check data can be utilized in a part of the authentication process.

Referring to FIG. 20, the main controller 110 and the CRUM chip 210 perform a total of eight communications for authentication and confirm integrity check data about four times of the communications.

The final integrity check ends at the eighth time, which is the last authentication process, and the integrity check data is not used in the subsequent Read Write process of the subsequent data. That is, the integrity checking process is performed only for the new authentication 1, the authentication 2, the authentication 7, and the authentication 8, and the integrity check is performed for the authentication 7 and the authentication 8. In FIG. 20, a single signal transmission / reception process may be bundled to be referred to as a single authentication process. For example, steps S1510 and S1530 may be the first authentication process, steps S1550 and S1560 may be the second authentication process, steps S1570 and S1580 may be the third authentication process, and steps S1590 and S1620 may be the fourth authentication process.

20, the main controller 110 transmits a signal com-1 including data integrity check data 1 (S1510). The data includes authentication start data 1 (authentication data 1), authentication data 1 and an indicator SEC U1 . The authentication start data 1 includes not only commands but also data required for authentication. SEC U1 indicates indicator information following authentication start data 1. The indicator information SEC U1 denotes a symbol for informing the parsing position of the integrity check data in the signal. The indicator information may be represented by a fixed number of bytes. For example, five bytes may be used for the indicator information. On the other hand, the size of the authentication data 1 is variable according to the content of the data, and accordingly, the size of the integrity check data 1 is also variable.

When the com-1 is received, the CRUM chip 210 performs an integrity check using the integrity check data 1 included in the signal (S1520). Then, the integrity check data 2 is generated using the data to be transmitted and the integrity check data 1, and then the signal com-2 including them is transmitted (S1530). Specifically, the CRUM chip 210 performs the functions provided in the consumable unit according to the authentication start data 1, and collects the data required for the random data or other functions generated thereby to form the authentication data 2. Result data 2 indicating the result of the operation performed according to the authentication start data 1 is configured. The CRUM chip 210 transmits the signal com-2 included in the authentication data 2, the result data 2, the indicator SEC U2, and the integrity check data 2 (S1530).

When the main controller 110 receives the com-2, the main controller 110 separates the integrity check data 2 from the received com-2 and performs an integrity check (S1540).

If it is determined that there is a defect in at least one of the integrity checking steps S1520 and S1540, the main controller 110 or the CRUM chip 210 may stop the authentication process and determine the authentication failure. In this case, the main controller 110 may notify the authentication failure through the user interface unit 120 provided in the main body 100.

On the other hand, if the integrity is determined, the main controller 110 and the CRUM chip 210 sequentially perform the subsequent authentication processes.

It is described in FIG. 20 that the integrity check data is not used in the second and third authentication processes. In this case, even if the subsequent authentication 3 exists, the main controller 110 does not generate the integrity check data 3 and transmits the signal com-3 including the authentication command 3 and the authentication data 3 to the CRUM chip 210 (S1550 ).

The CRUM chip 210 performs the job without integrity check when it is received. More specifically, the CRUM chip 210 transmits the signal com-4 including the authentication data 4 and the authentication result data 4 to the main controller 110 (S1560).

The main controller 110 also transmits the signal com-5 including the authentication command 5 and the authentication data 5 without integrity check (S1570), and the CRUM chip 210 transmits the signal com-5 including the authentication data 6 and the authentication result data 6, 6 (S1580). As described above, the second and third authentication processes can be performed without integrity check data.

The main controller 110 performs integrity check data again in the final authentication process. That is, the main controller 110 generates the integrity check data 7 using the integrity check data 1 and 2, which are all the existing integrity check data, together with the authentication command 7, the authentication data 7, and the SECT7. Then, the signal com-7 including these is transmitted to the CRUM chip 210 (S1590).

In operation S1600, the CRUM chip 210 finally checks the integrity of the data temporarily stored in the communication process using the integrity check data 7. If it is determined as a result of the final inspection, the CRUM chip 210 determines that the authentication is successful (S1610), and performs the following process such as generating data to be sent to the image forming apparatus. If there is no data to be written to the memory during the authentication process, the process of storing the data in the memory (not shown) may be omitted because there is no data temporarily stored.

The CRUM chip 210 transmits the signal com-8 including the authentication data 8, the authentication result data 8, the SEC T8, and the integrity check data 8 to the main controller 110 (S1620). In the generation of the integrity check data 8, all the integrity check data 1, 2, and 7 that have been transmitted and received before are used.

The main controller 110 also performs the integrity check using the integrity check data SEC T8 included in the authentication 8 communication signal received from the CRUM chip (S1630). Accordingly, if it is determined to be integrity (S1640), the authentication is successful. When the authentication is successful, the main controller 110 creates a session key or performs a next operation. Likewise, if there is no data to be written to the memory during the authentication process, the process of storing the data in the memory may be omitted since there is no data temporarily stored.

Meanwhile, the integrity check data used in the communication process is generated by accumulating previously used integrity check data.

In one example, the integrity check data can be processed as follows.

Integrity check data 1 = E (authentication CMD | authentication data 1 | SEC U1)

Integrity check data 2 = E (authentication data 2 | authentication result 2 | SEC U2 | integrity check data 1)

Integrity check data T1 = E (Authentication CMD 7 | Authentication data 7 | Integrity check data 1 | Integrity check data 2)

Integrity check data T2 = E (authentication data 8 | authentication result 8 | SEC T2 | integrity check data 1 | integrity check data 2 | integrity check data T1)

In the above equations, E () denotes a function for obtaining a result value by applying a preset formula. 17 and 18, the data represented by the authentication data or the authentication result may include verification data such as a checksum and a MAC that are used for individual communication stabilization.

Specifically, the integrity check data used in some authentication processes can be configured as shown in FIGS. 21 to 24. FIG.

21 shows the first integrity check data that the main controller 110 transmits to the CRUM chip 210 during the first authentication process. Referring to FIG. 21, the main controller 110 generates a new 8-byte value by applying the first 8 bytes and the next 8 bytes of the communication data to a specific formula or encryption algorithm. The generated value is then computed with the next 8 bytes to produce the next value. In this way, you can create the integrity check data by generating a value with the same formula or algorithm up to SECU1. The generated integrity check data is stored temporarily. If the number of data in the last 8 bytes does not reach 8 bytes, 8 bytes can be set by putting a padding having a specific value such as 0x00. On the other hand, a deficient byte portion can be omitted.

When the integrity check data (VC) is created, the integrity check data used immediately before is used, but since the integrity check data of FIG. 21 is transmitted first, there is no previous integrity check data. In this case, it is possible to use integrity initial data initialized to a specific value such as 0x00, or to calculate without including previous integrity data. The above condition does not cause a problem in operation when the image forming apparatus and the CRUM chip generate integrity data in the same manner.

As described above, in the CRUM Chip, when com-1 is received during the first authentication process, the values of CMD and DATA are checked with the CRC to confirm that there is no problem. Then, using the previous communication data including the SECU1 String, a value is generated according to the integrity check data generation method described with reference to FIG. Then, it is compared with the VC1 included in the signal received in the first authentication process to confirm whether they are the same. That is, the CRUM chip 210 generates and compares integrity check data in the same manner as the main controller 110 of the image forming apparatus.

If there is a problem with integrity data verification, the CRUM does not perform the next authentication operation. At this time, the image forming apparatus can check the error of the CRUM chip, and can perform the operation to interrupt or retry the operation. If there is no abnormality of integrity data verification, temporarily store VC1 and perform the following operation.

Specifically, the CRUM chip 210 performs an operation for password authentication according to the contents of DATA, and stores the cipher related data to be used in the image forming apparatus, the specific data stored in the CRUM chip 210, the serial number of the CRUM chip, Generates com-2 with random data as DATA. At this time, the CRUM chip 210 may encrypt all or a part of the data with a cipher scheme such as a symmetric key or an asymmetric key. The contents of com-2 are DATA, SW indicating the operation success failure result according to the received command, CRC2, error detection code, symbol, VC1 and VC2. The symbol in case is set to SECU2 String. Integrity check data 2, that is, VC2, may be generated in the manner shown in FIG.

That is, according to FIG. 22, DATA2, SW2, CRC2, SECU2, and VC1 are divided into 8 bytes, and each divided data is sequentially applied to a specific formula or encryption algorithm. Padding may be used depending on the data length as described above. As a result, VC2 is generated. The generated VC 2 is temporarily stored in the CRUM Chip 210.

23 and 24 show a method and configuration for generating integrity check data used in the fourth authentication process.

In the case of FIG. 20, for example, the main controller 110 uses integrity check data when transmitting com-7, and the CRUM chip 210 uses integrity check data when transmitting com-8.

The configuration of com-7 is CMD indicating com-7, Symbol String and VC3 indicating the end of communication using DATA, CRC and integrity check data for Auth-4 operation. At this time, DATA is encrypted with the session key generated by Auth-1. The symbol string of com-7 is SECT1.

According to FIG. 23, VC3 is generated by CMD3, DATA3, CRC3, SECT1 String and all integrity check data VC1, VC2 generated so far. The main controller 110 temporarily stores the generated VC3. When the com-7 is received in the CRUM chip 210, the integrity check data is generated in the same manner as that shown in Fig. Since VC1 and VC2 are temporarily stored in the CRUM chip 110 in the process of Auth-1, it is possible to generate the same integrity check data as the VC3. If there is a problem with integrity data verification, the CRUM does not perform the next authentication operation. At this time, the image forming apparatus can check the error of the CRUM chip, and can perform the operation to interrupt or retry the operation.

If there is no problem, the CRUM chip 210 decodes the DATA into a Session Key to perform a work required for the Auth-4, and generates com-8 data to be responded to the image forming apparatus. com-8 consists of DATA, SW, CRC, SECT2 String, and final integrity data VC4 required for Auth-4. DATA is encrypted with Session Key.

24 shows a method of generating VC4 and a configuration thereof. As shown in FIG. 24, the CRUM chip 210 can generate VC4 by sequentially performing operations on DATA4, SW4, CRC4, SECT2 String, and VC1, VC2, and VC3 sequentially by 8 bytes.

When the com-8 is received, the main controller 110 of the image forming apparatus generates VC4 using the DATA4, SW4, CRC4, SECT2 String, and VC1, VC2, and VC3 temporarily stored in the image forming apparatus main body 100 The integrity is checked by comparing. If there is no abnormality in the integrity check, the data is decrypted with the session key and the final authentication is performed. Accordingly, if it is determined that the consumable unit 200 loaded with the CRUM chip 210 or the CRUM chip 210 is suitable for the image forming apparatus 100, it is determined that the final authentication is successful, and the subsequent communication operation is performed can do.

Meanwhile, as described above, the consumable unit 200 can be detached from the main body 100 of the image forming apparatus. And should be electrically connected to the main body 100 when the consumable unit 200 is mounted. Such connection may be realized by a contact type or a connector type, and communication between the consumable unit 200 and the main body 100 may be performed by the I2C method.

Fig. 25 shows an example of the appearance of the interface unit 1410 made in a contact manner. 25, the consumable unit 200 includes a contact portion 2010 for communication. The main body 100 of the image forming apparatus also has a contact portion. When the consumable unit 100 is mounted on the main body 100, the interface portion 1410 is in contact with and electrically connected to the contact portion provided in the main body 100 of the image forming apparatus through the contact portion 2010. [

26 is a view showing a state in which the consumable unit 200 implemented in a contact manner and the main body 100 of the image forming apparatus are connected. 26, the main body 100 of the image forming apparatus includes a main board 2040 having a contact portion 2020, various components such as a main controller 110, a main board 2040, a contact portion 2020, A connection cable 2030 for connecting the connection cable 2030, and the like. When the consumable unit 200 is mounted in the main body 100 as shown in FIG. 26, the contact portion 2010 provided in the consumable unit 200 and the contact portion 2020 of the main body 100 are in natural contact with each other, do.

25 and Fig. 26, there is no portion for fixing the contact surface. Therefore, when vibration occurs in the image forming apparatus, the contact portions 2010 and 2020 may temporarily fall, which may cause problems in communication. That is, if the contact point of the consumable unit mounted on the image forming apparatus is dropped, erroneous data can be exchanged. However, if authentication or data communication is performed using the integrity check data as described above, such a problem can be solved. That is, the main controller 110 or the CRUM chip 210 checks the integrity data of the previous data received in a state where the contact is normally attached and the data received in a situation where the contact is unstable, . Thus, operations such as data read and data can be prevented from being performed, and erroneous information can be prevented from being recorded in the consumables unit 200.

27 is a view showing an example of the external configuration of the interface unit 1410 made of a connector type. 27, the consumable unit 200 includes a connector 2210 for communication. The connector 2210 is connected to a port 2220 provided in the main assembly 100 of the image forming apparatus. 27, contact failure may occur when foreign matter enters between the connector 2210 and the port 2220, or when the fixing portion is broken. Therefore, even in such a case, authentication or data communication can be performed using integrity check data according to various embodiments of the present invention, thereby preventing malfunction.

Meanwhile, a serial communication method can be used for communication between the consumable unit 200 and the main body 100 of the image forming apparatus. As an example, an I2C communication method can be used.

28 shows various signal waveforms transmitted and received between the consumable unit 200 and the main body 100 of the image forming apparatus according to the I2C communication method. The I2C communication system includes a VCC and a GND for supplying power to the slave, an SCL for supplying a clock for synchronization between the main controller 110 and the CRUM chip 210, and an SDA which is a data line of an I2C interface. The I2C communication method has such a simple structure that it is advantageous to connect several nodes to one bus.

On the other hand, the I2C communication method is a method for communication between ICs in a circuit composed of one original board, and does not have a configuration for communication error verification. However, as described above, various communication error causes may occur in the process of communication between the consumable unit and the image forming apparatus.

Specifically, there may be an unexpected resistance that electric noise interference occurs on the contact surfaces connected to each other, communication is influenced by dust or toner powder, or contact of the contact surface falls due to vibration. have. In addition, in the I2C communication method, a phenomenon may occur in which the clock (SCL) becomes unstable or the transmission data (SDA) is released from the authentication between the image forming apparatus and the consumable unit and the erroneous communication data is transmitted.

29 is an enlarged view of SDA and SCL in the I2C signal of Fig. Referring to FIG. 29, there is SCL signal having 8 constant high / low signals at a time, and a high / low signal is generated by SDA in accordance with the SCL signal to express 1 byte of data. That is, 1 high / low signal in SCL or SDA represents 1 bit.

In this I2C method, if a problem occurs during communication, even if a signal is distorted by only one bit, normal data may not be transmitted. For example, if there is a communication problem in transmitting 4-byte data 00000000 00000000 00000000 00000000 (0 in decimal) expressed by a binary number, even if only the first bit of 1 bit is changed, 10000000 000000 00000000 00000000 (2147483648 in decimal) You can fly.

However, according to various embodiments of the present invention described above, even if such a communication error occurs, it is possible to perform an immediate inspection using the integrity check data previously transmitted or received. In the final step, Can be finally confirmed. Therefore, even if the interface unit 1410 is connected to the main body through a contact or connector method, and communication is performed between the main body 100 and the consumable unit 200 according to the I2C communication system, It is possible to prevent the erroneous data from being recorded.

The authentication method or communication method according to the various embodiments of the present invention described above can be each coded in software and recorded in a non-volatile readable medium. The non-transitory readable medium can be installed in various types of apparatuses as well as an image forming apparatus, a consumable unit, and a CRUM chip, so that the above-described authentication method or communication method can be implemented in various apparatuses.

A non-transitory readable medium is a medium that stores data for a short period of time, such as a register, cache, memory, etc., but semi-permanently stores data and is readable by the apparatus. In particular, the various applications or programs described above may be stored on non-volatile readable media such as CD, DVD, hard disk, Blu-ray disk, USB, memory card, ROM,

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed exemplary embodiments, but, on the contrary, It will be understood by those skilled in the art that various changes in form and detail may be made therein without departing from the spirit and scope of the present invention.

100: main body 110: main controller
200: Consumable unit 210: CRUM chip

Claims (21)

In the image forming apparatus,
A main body including a main controller for controlling the operation of the image forming apparatus;
A consumable unit mounted on the main body so as to be able to communicate with the main controller; And
And a CRUM (Customer Replaceable Unit Monitoring) chip provided in the consumable unit, the information on the consumable unit,
The main controller and the CRUM chip perform data communication when authentication is successful,
The authentication is performed through a plurality of authentication processes,
Wherein the integrity check data generated by reflecting the previous integrity check data is used in at least two authentication processes among the plurality of authentication processes. The method according to claim 1,
The main controller and the CRUM chip,
Wherein in the final authentication process among the plurality of authentication processes, all the integrity check data transmitted or received in the previous authentication process is cumulatively reflected to generate final integrity check data. 3. The method of claim 2,
The main controller and the CRUM chip
And transmits and receives a signal including the integrity check data to an authentication process for generating a session key and an authentication process for conformity checking among the plurality of authentication processes. The method of claim 3,
The main controller and the CRUM chip
Wherein the at least one authentication process is performed between the authentication process for generating the session key and the authentication process for confirming the conformity. 5. The method of claim 4,
The main controller includes:
When the authentication process for generating the session key is started, transmits a signal including the first data and the first integrity check data to the CRUM chip,
The CRUM chip generates second integrity check data using the second data and the first integrity check data and transmits a signal including the second data and the second integrity check data to the main controller,
Wherein each of the first data and the second data includes session key-related data for generating a session key. 6. The method of claim 5,
The main controller includes:
Generates third integrity check data using the third data, the first integrity check data, and the second integrity check data when the authentication process for confirming the conformity is started, and the third data and the third integrity check Transmitting a signal including data to the CRUM chip,
The CRUM chip generates fourth integrity check data using the fourth data, the first through third integrity check data, and transmits a signal including the fourth data and the fourth integrity check data to the main controller In addition,
Wherein the third data includes index information in a table previously stored in the image forming apparatus, and the fourth data includes a value corresponding to the index information. 7. The method according to any one of claims 1 to 6,
Wherein each of the main controller and the CRUM chip includes:
Separates the integrity check data from the received signal and compares the integrity check data generated from the remaining data with the integrity check data and outputs the integrity check data, Of the image forming apparatus. 7. The method according to any one of claims 1 to 6,
Wherein the plurality of authentication processes include:
A first authentication process for generating a session key, a second authentication process for matching the main body of the image forming apparatus and the first table stored in each of the CRUM chips, a second authentication process for matching the main body of the image forming apparatus and the second A third authentication process for matching the table, and a fourth authentication process for determining mutual suitability between the image forming apparatus and the CRUM chip based on at least one of the first and second tables,
Wherein the integrity check data is used in the first authentication process and the fourth authentication process, respectively. In the image forming apparatus,
An interface unit connected to a CRUM chip mounted on a consumable unit mounted on the image forming apparatus;
And a controller for performing a plurality of authentication processes with the CRUM chip to authenticate the CRUM chip when an event requiring authentication with the CRUM chip occurs,
Wherein the control unit transmits and receives a signal including integrity check data in an authentication process for generating a session key and an authentication process for conformity checking among the plurality of authentication processes,
Wherein the integrity check data is generated using at least one integrity check data included in a previously received signal. A CRUM chip mountable on a consumable unit of an image forming apparatus,
An interface for receiving a signal including first data for authentication and first integrity check data for the first data from the main body of the image forming apparatus;
An inspection unit for separating the first integrity check data from the received signal and checking the integrity of the signal;
A generating unit for generating second integrity check data using second data for authentication with the main body of the image forming apparatus and the first integrity check data;
And a controller for transmitting a signal including the second data and the second integrity check data to the main body of the image forming apparatus through the interface to perform a first authentication process. 11. The method of claim 10,
Wherein each of the first data and the second data includes session key related data for generating a session key,
Wherein the control unit generates the session key using the first data and the second data, and performs a plurality of subsequent authentication processes. 12. The method according to claim 11,
A second authentication process for matching the main body of the image forming apparatus and the first table stored in each of the CRUM chips, a third authentication process for matching the main body of the image forming apparatus and the second table stored in each of the CRUM chips, And a fourth authentication process for determining mutual suitability between the image forming apparatus and the CRUM chip based on at least one of the first and second tables. 13. The method of claim 12,
Wherein,
Wherein the fourth authentication process accumulates and reflects all the integrity check data transmitted or received in the previous authentication process to generate and transmit the final integrity check data. An authentication method of an image forming apparatus,
Determining whether an event to perform authentication has occurred with respect to a consumable unit mounted on the image forming apparatus;
And when the event occurs, performing authentication between the main controller of the image forming apparatus and a CRUM chip mounted on the consumable unit,
The authentication is performed through a plurality of authentication processes,
Wherein integrity check data generated by reflecting previous integrity check data is used in at least two authentication processes among the plurality of authentication processes. 15. The method of claim 14,
Wherein the integrity check data transmitted and received in the final authentication process among the plurality of authentication processes is generated by cumulatively reflecting all the integrity check data transmitted or received in the previous authentication process. 15. The method of claim 14,
Wherein the authenticating comprises:
The main controller transmits a signal including the first data and the first integrity check data to the CRUM chip and the CRUM chip generates second integrity check data using the second data and the first integrity check data A first authentication step of transmitting a signal including the second data and the second integrity check data to the main controller;
The main controller generates third integrity check data using the third data, the first integrity check data, and the second integrity check data, and outputs a signal including the third data and the third integrity check data The CRUM chip generates fourth integrity check data using the fourth data, the first through third integrity check data, and transmits the fourth integrity check data using the fourth data and the fourth integrity check data And a second authentication step of transmitting, to the main controller,
Wherein each of the first data and the second data includes session key related data for generating a session key,
Wherein the third data includes index information in a table previously stored in the image forming apparatus, and the fourth data includes a value corresponding to the index information. A method of authenticating a CRUM chip that can be mounted on a consumable unit of an image forming apparatus,
Receiving from the main body of the image forming apparatus a signal including first data for authentication and first integrity check data for the first data;
Separating the first integrity check data from the received signal to check the integrity of the signal;
Generating second integrity check data using second data for authentication with the main body of the image forming apparatus and the first integrity check data;
And transmitting the signal including the second data and the second integrity check data to the main body of the image forming apparatus to perform authentication. 18. The method of claim 17,
Performing a plurality of subsequent authentication processes after transmitting a signal including the second data and the second integrity check data to the main body of the image forming apparatus,
Wherein the integrity check data transmitted and received in the final authentication process among the plurality of subsequent authentication processes is generated by cumulatively reflecting all the integrity check data transmitted or received in the previous authentication process. 19. The method of claim 18,
In the final authentication process,
Receiving from the main body of the image forming apparatus a signal including third integrity check data generated using third data, the first integrity check data, and the second integrity check data and the third data;
Fourth integrity check data using the fourth data, the first through third integrity check data, and transmits a signal including the fourth data and the fourth integrity check data to the main body of the image forming apparatus Further comprising:
Wherein each of the first data and the second data includes session key related data for generating a session key,
Wherein the third data includes index information in a table previously stored in the image forming apparatus, and the fourth data includes a value corresponding to the index information. In the image forming apparatus,
A main body including a main controller for controlling the operation of the image forming apparatus;
A consumable unit provided with a CRUM (Customer Replaceable Unit Monitoring) chip,
Wherein the main controller transmits a first signal including first data and first integrity check data to the CRUM chip when an event to perform authentication is generated and the CRUM chip transmits the second data and the first integrity check data And a second signal including the second data and the second integrity check data to the main controller to perform an authentication process for generating a session key,
The main controller transmits to the CRUM chip a third integrity check data generated using the third data, the first integrity check data, and the second integrity check data, and a third signal including the third data, The CRUM chip generates fourth integrity check data using the fourth data, the first through third integrity check data, and outputs a fourth signal including the fourth data and the fourth integrity check data to the main controller To perform an authentication process for determining conformity. 21. The method of claim 20,
Wherein the first data includes a first specifier for designating a first command, first authentication data, and first integrity check data,
Wherein the second data includes second authentication data, a processing result according to the first command, and a second designator for designating the second integrity check data,
The third data includes a third designator for designating the second command, the third authentication data, and the third integrity check data,
Wherein the fourth data includes fourth authentication data, a processing result according to the second command, and a fourth designator for designating the fourth integrity check data.

Images