US20110107079A1 - Target device, method and system for managing device, and external device - Google Patents
Target device, method and system for managing device, and external device Download PDFInfo
- Publication number
- US20110107079A1 US20110107079A1 US12/872,627 US87262710A US2011107079A1 US 20110107079 A1 US20110107079 A1 US 20110107079A1 US 87262710 A US87262710 A US 87262710A US 2011107079 A1 US2011107079 A1 US 2011107079A1
- Authority
- US
- United States
- Prior art keywords
- information
- unit
- target device
- canceled
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
- 238000000034 method Methods 0.000 title description 29
- 238000007726 management method Methods 0.000 claims description 52
- 238000011156 evaluation Methods 0.000 claims description 21
- 238000012790 confirmation Methods 0.000 claims description 11
- 239000000284 extract Substances 0.000 claims description 2
- 230000008569 process Effects 0.000 description 17
- 238000010586 diagram Methods 0.000 description 14
- 238000012545 processing Methods 0.000 description 11
- 230000006870 function Effects 0.000 description 6
- 238000004590 computer program Methods 0.000 description 5
- 230000003287 optical effect Effects 0.000 description 5
- 238000012423 maintenance Methods 0.000 description 4
- 238000005259 measurement Methods 0.000 description 4
- 238000004891 communication Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 238000010276 construction Methods 0.000 description 1
- 238000007519 figuring Methods 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000003672 processing method Methods 0.000 description 1
- 238000010977 unit operation Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G03—PHOTOGRAPHY; CINEMATOGRAPHY; ANALOGOUS TECHNIQUES USING WAVES OTHER THAN OPTICAL WAVES; ELECTROGRAPHY; HOLOGRAPHY
- G03G—ELECTROGRAPHY; ELECTROPHOTOGRAPHY; MAGNETOGRAPHY
- G03G15/00—Apparatus for electrographic processes using a charge pattern
- G03G15/50—Machine control of apparatus for electrographic processes using a charge pattern, e.g. regulating differents parts of the machine, multimode copiers, microprocessor control
- G03G15/5075—Remote control machines, e.g. by a host
- G03G15/5079—Remote control machines, e.g. by a host for maintenance
-
- G—PHYSICS
- G03—PHOTOGRAPHY; CINEMATOGRAPHY; ANALOGOUS TECHNIQUES USING WAVES OTHER THAN OPTICAL WAVES; ELECTROGRAPHY; HOLOGRAPHY
- G03G—ELECTROGRAPHY; ELECTROPHOTOGRAPHY; MAGNETOGRAPHY
- G03G15/00—Apparatus for electrographic processes using a charge pattern
- G03G15/55—Self-diagnostics; Malfunction or lifetime display
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2115—Third party
Definitions
- the present invention relates to a target device such as an image reading device, a device management system, a device management method, and an external device.
- a remote maintenance system collectively conducting remote monitoring of target devices such as a plurality of types of terminal devices exists (see, e.g., Japanese Patent Application Laid-open No. 1995-210729).
- a remote maintenance system that can remotely write latest programs to target devices also exists (see, e.g., Japanese Patent Application Laid-open No. 2000-267857).
- TCG Trusted Computing Group
- TPM Trusted Platform Module
- the conventional arts had problems that validity and identity cannot be confirmed if a part of the units composing the target device is illicitly tampered or replaced when remotely using or managing (maintaining, etc) the target devices.
- a target device includes at least one unit that includes a tamper-resistant chip.
- the tamper-resistant chip includes a device-information storing unit that stores device information specific to the unit; and a confidential-key storing unit that stores a confidential key.
- a device management system is configured with a target device including at least one unit that includes a tamper-resistant chip, a management apparatus that manages or uses the target device, and an authentication apparatus, connected via a network in a communicable manner.
- the management apparatus includes a requesting unit that transmits a unit-information confirmation request to the target device.
- the target device includes a request receiving unit that receives transmitted unit-information confirmation request; and a transmitting unit that encrypts device information including unit information that includes a unit identification number stored in the tamper-resistant chip with a confidential key stored in the tamper-resistant chip, and transmits encrypted device information to the authentication apparatus, for each unit.
- the authentication apparatus includes a device-information receiving unit that receives the device information; and an evaluation unit that decrypts received device information, evaluates whether decrypted device information corresponds to device information that is stored in a database of the authentication apparatus in advance, and transmits a result of evaluation to the target device and the management apparatus.
- a device management system is configured with a target device including at least one unit that includes a tamper-resistant chip, a management apparatus that manages or uses the target device, and an authentication apparatus, connected via a network in a communicable manner.
- the management apparatus includes a requesting unit that transmits a unit-program confirmation request to the target device.
- the target device includes a request receiving unit that receives transmitted unit-program confirmation request; and a first transmitting unit that encrypts device information including unit information that includes a unit identification number stored in the tamper-resistant chip and program-version information relating to a version of a program that is executed by the unit with a confidential key stored in the tamper-resistant chip, and transmits encrypted device information to the authentication apparatus, for each unit.
- the authentication apparatus includes a device-information receiving unit that receives the device information; and a second transmitting unit that decrypts received device information, evaluates whether a correspondence relationship between the unit identification number and the program-version information included in the device information matches with a correspondence relationship between unit identification number and program-version information stored in a database of the authentication apparatus in advance, when the relationships do not match, acquires a program file corresponding to a correct program version from the database, and transmits acquired program file to the target device.
- a device management system is configured with a target device configured with at least one unit that includes a tamper-resistant chip including a device-information storing unit that stores device information specific to a unit and a confidential-key storing unit that stores a confidential key, and an external device that manages or uses the target device, connected via a network in a communicable manner.
- the target device includes an encrypting unit that encrypts stored device information using the confidential key; and a first transmitting unit that transmits encrypted device information to the external device connected to the target device.
- the external device includes a device-information receiving unit that receives transmitted device information; an evaluating unit that decrypts received device information, and evaluates whether the device information corresponds to device information that is stored in a database in advance; and a second transmitting unit that transmits a result of evaluation by the evaluating unit to the target device.
- a device management method is for a device management system in which a target device configured with at least one unit that includes a tamper-resistant chip including a device-information storing unit that stores device information specific to a unit and a confidential-key storing unit that stores a confidential key, and an external device that manages or uses the target device are connected via a network in a communicable manner.
- the device management method includes encrypting including the target device encrypting the device information using the confidential key; transmitting including the target device transmitting encrypted device information to the external device connected to the target device; receiving including the external device receiving transmitted device information; evaluating including the external device decrypting received device information, the external device evaluating whether the device information corresponds to device information that is stored in a database in advance, and the external device transmitting a result of evaluation the target device.
- An external device manages or uses a target device that is configured with at least one unit that includes a tamper-resistant chip including a device-information storing unit that stores device information specific to a unit and a confidential-key storing unit that stores a confidential key.
- the external device is connected to the target device via a network in a communicable manner.
- the external device includes a device-information receiving unit that receives, upon the target device encrypting stored device information using the confidential key and transmitting encrypted device information, transmitted device information; an evaluating unit that decrypts received device information, and evaluates whether the device information corresponds to device information that is stored in a database in advance; and a transmitting unit that transmits a result of evaluation by the evaluating unit to the target device.
- FIG. 1 is a schematic diagram for explaining a fundamental principle of the present invention
- FIG. 2 is a block diagram of an example of an image reading device to which the present invention is applied;
- FIG. 3 is a block diagram of an example of a TPM chip to which the present invention is applied;
- FIG. 4 is a block diagram of an example of a management apparatus and an authentication apparatus to which the present invention is applied;
- FIG. 5 is a block diagram of an example of a database stored in a storage device of the authentication apparatus
- FIG. 6 is a flowchart of a processing procedure for a unit-information confirmation process of a system according to an embodiment of the present invention
- FIG. 7 is a flowchart of a processing procedure for a unit-program confirmation process of the system according to the present embodiment
- FIG. 8 is a block diagram for explaining an example of an inter-unit authentication process of the system according to the present embodiment.
- FIG. 9 is a block diagram for explaining an example of a management process of an expendable part of the system according to the present embodiment.
- FIG. 1 is a schematic diagram for explaining a fundamental principle of the present invention.
- the present invention has following fundamental features.
- the system is roughly configured by communicably connecting through a network 400 , a target device (for example, image reading device 100 ) having one or more than two units at least including a chip having tamper resistance (for example, TPM chip 10 ), a management apparatus 200 that manages or uses the target device 100 , and an authentication apparatus having a DB 350 for authentication.
- the management apparatus 200 and the authentication apparatus 300 conceptually function as external devices connected to the target device through the network 400 .
- a chip (TPM chip 10 ) is installed in each unit, the chip that gathers, stores, and signs device information of each unit having tamper resistance at the target device 100 configured with one or a plurality of units (units A to C of FIG. 1 ).
- TPM chip 10 is fixed in a housing of each unit so that the chip cannot be easily removed from outside, and the units can be configured so that the units cannot operate when the TPM chips 10 are removed.
- the “device information” at least includes one of unit information at least including a unit identification number, expendable-part information relating to an expendable part, program-version information relating to a version of the program, measurement-value information relating to environment of the unit at least including a temperature, a humidity, and an altitude, setting information of the unit during operation, and operation-result information relating to an operation result of the unit.
- the TPM chip 10 includes a device-information storing unit that stores device information specific to the unit and a confidential-key storing unit that stores a confidential key.
- each unit includes an other-unit device-information storing unit that stores device information of another device, an encrypting unit that encrypts the device information stored in the device-information storing unit using the confidential key stored in the confidential-key storing unit, an inter-unit transmitting unit that transmits the device information encrypted by the encrypting unit to another unit, a decrypting unit that decrypts the device information transmitted by the inter-unit transmitting unit using the confidential key stored in the confidential-key storing unit, an inter-unit inspecting unit that inspects whether the device information decrypted by the decrypting unit corresponds to the device information stored in the other-unit device-information storing unit, and an external device transmitting unit that transmits the device information encrypted by the encrypting unit to the external device connected to the target device.
- the external device (the management apparatus or the authentication apparatus) includes a device-information receiving unit that receives the device information transmitted from the external device transmitting unit, an evaluating unit that decrypts the device information received by the device-information receiving unit to evaluate whether the device information corresponds to device information preliminarily stored in the database, and an evaluation result transmitting unit that transmits the evaluation result of the evaluating unit to the target device.
- the system configured as described above encrypts the device information using the confidential key stored in the TPM chip 10 , and then transmits the device information to the authentication apparatus 300 (step S- 2 ).
- the authentication apparatus 300 After decrypting the device information with reference to registered contents of the DB 350 , the authentication apparatus 300 determines which device a destination of information transmitted from the target device and evaluates validity of the contents of each unit information, etc., (step S- 3 and step S- 4 ). The authentication apparatus 300 then transmits the evaluation result to the target device 100 or the management apparatus 200 (step S- 5 ).
- the external device (management apparatus 200 or authentication apparatus 300 ) includes an operation-information storing unit that stores operation information corresponding to each information included in the device information, a device-information receiving unit that receives the transmitted device information, an operation extracting unit that decrypts the device information received by the device-information receiving unit to extract operation information stored in the operation-information storing unit corresponding to the device information, and a operation information transmitting unit that transmits the operation information extracted by the operation extracting unit to the target device or other external devices.
- the target device 100 and the management apparatus 200 separate the target device 100 from the network when determined by the evaluation result to be unusable. 2) The target device 100 displays an alarm itself. 3) The target device 100 cuts off power supply itself. 4) The management apparatus 200 halts starting up the system. 5) The management apparatus 200 transmits to other external devices in the system that the target device 100 is unusable. 6) Transmit a message to the target device 100 or other external devices, the message that notifies a service unit of information of a unit that should be replaced. 7) Transmit a message to the target device 100 or other external devices, the message that notifies a supplier of information of an expendable part that should be replaced. 8) The target device 100 and the management apparatus 200 update a program.
- a case of the target device 100 and the management apparatus 200 updating a program shown in 8 ) above will be described as one example of the operation information.
- the system in response to a unit-program confirmation request (step S- 1 ), the system encrypts unit information at least including a unit identification number stored in a chip and device information including program-version information relating to a version of a program executed by a unit, using the confidential key stored in the TPM chip 10 , and the system transmits the encrypted information to the authentication apparatus 300 (step S- 2 ).
- the authentication apparatus 300 After decrypting the device information with reference to the registered contents of the DB 350 , the authentication apparatus 300 determines from which target device 100 the device information is transmitted and evaluates whether the correspondence relationship between the unit identification number included in the device information and the program-version information corresponds to the correspondence relationship between the unit identification number preliminarily stored in the DB 350 of the authentication apparatus 300 and the program-version information (step S- 3 and step S- 4 ). When the relationships do not correspond, the authentication apparatus 300 acquires a program corresponding to the correct program version from the DB 350 , and the authentication apparatus 300 then extracts operation information from the operation-information storing unit (for example, DB 350 ) to transmit to the target device 100 and transmits the operation information (step S- 6 ).
- the operation-information storing unit for example, DB 350
- the system may be configured such that only predetermined individuals can execute processing.
- FIG. 2 is a block diagram of an example of the image reading device 100 to which the present invention is applied, in which only parts of the configuration related to the present invention are conceptually illustrated.
- the image reading device 100 is configured to at least roughly provide a mechanical unit 110 , an optical unit 130 , and a control unit.
- a TPM chip 10 that is a chip having tamper resistance and that gathers information related to the units and stores the information is installed.
- Device information, a confidential key required for signature and encryption, etc., are stored in the TPM chip 10 , and individual authentication functions such as a fingerprint may also be installed.
- the TPM chip 10 is fixed in the housing of each unit in a manner that the chip cannot be easily removed from outside, and the unit is configured so that the unit cannot operate when the chip is removed.
- an automatic paper feeding (APF) unit/flat bed unit including a motor, a sensor, etc., and a TPM chip 10 are interconnected through a unit interface.
- APF automatic paper feeding
- control unit 120 an MPU, a memory device storing a control program, an image processing unit, a fingerprint acquiring unit, an external interface, a RAM, and TPM chip 10 are interconnected through the unit interface.
- a CCD In the optical unit 130 , a CCD, an optical system device including a light source, etc., and a TPM chip 10 are interconnected through the unit interface.
- the environment of the unit may be measured at each unit ( 110 , 120 , and 130 ) and various sensors may also be provided.
- FIG. 3 is a block diagram of an example of the TPM chip 10 to which the present invention is applied, in which only parts of the configuration related to the present invention are conceptually illustrated.
- the TPM chip 10 is configured to at least include an MPU 11 , a control program 12 that controls a unit, a confidential-key file 13 that encrypts device information, a unit-information file 14 that stores unit information at least including a unit identification number, an individual-authentication-information file 15 that stores fingerprint information for individual authentication, etc., program-version information relating to a version executed by a unit, expendable-part information relating to an expendable part, a measurement value relating to the environment of a unit (temperature, humidity, altitude, etc), setting information of a unit during operation, and a RAM 16 that stores log information, etc., including the operation result.
- FIG. 4 is a block diagram of an example of the management apparatus 200 and the authentication apparatus 300 to which the present invention is applied, in which only parts of the configurations related to the present invention are conceptually illustrated.
- the management apparatus 200 and the authentication apparatus 300 may be configured with a commercially available information processing device such as a workstation and a personal computer or with an attached device thereof. Functions of the management apparatus 200 and the authentication apparatus 300 are realized by a control device such as a CPU configuring a hardware, a hard disk drive, a storage device such as a memory device (RAM, ROM, etc), an input device, an output device, an input/output controlling interface, a communication controlling interface, programs controlling the devices, etc.
- a control device such as a CPU configuring a hardware, a hard disk drive, a storage device such as a memory device (RAM, ROM, etc), an input device, an output device, an input/output controlling interface, a communication controlling interface, programs controlling the devices, etc.
- FIG. 5 is a block diagram of an example of the DB 350 stored in the authentication apparatus 300 , in which only parts of the configuration related to the present invention are conceptually illustrated.
- the DB 350 is configured to at least provide a device-information DB 351 , an individual-authentication-information DB 352 , and a program DB 353 .
- the device-information DB 351 stores by associating unit information including the unit identification number that constitutes the target device, information relating to the measurement values regarding the environment of the unit at least including a temperature, a humidity, and an altitude, log information including the device information and the operation results during unit operation, etc.
- the “unit information” may include, in addition to the unit identification number, a product name, a name of the manufacturer, a version, etc.
- the individual-authentication-information DB 352 stores by mutually associating the authentication information relating to an individual allowed to operate the object device (for example, a password and fingerprint information).
- the program DB 353 stores by mutually associating a unit identification number, program-version information relating to a version of the program executed by the unit, and a program file corresponding to the version.
- the program DB 353 is described as an example of the operation information database, other than this, an expendable part database that stores by mutually associating an expandable part, a durable number of uses and period, etc., may be used.
- FIG. 6 is a flowchart of a processing procedure for the unit-information confirmation process according to the present embodiment.
- the management apparatus 200 transmits a unit-information confirmation request to the target device 100 (unit-information confirmation requesting unit: step SA- 1 ).
- the request may be conducted from the target device 100 .
- the target device 100 then receives the unit-information confirmation request (unit-information confirmation requesting unit: SA- 2 ).
- the target device 100 For each unit, the target device 100 encrypts the device information including the unit information that at least includes the unit identification number stored in the TPM chip 10 with the confidential key stored in the chip, and the target device 100 transmits the information to the authentication apparatus 300 (device information transmitting unit: SA- 3 ).
- the object information 100 receives the request, and for example, the TPM chip 10 of the control unit 120 gathers unit information (unit identification number, etc.) of the TPM chip 10 of the units ( 110 , 120 , and 130 ), and
- the authentication apparatus 300 then receives the device information (device-information receiving unit: step SA- 4 ).
- the authentication apparatus 300 decrypts the received device information with a corresponding key (a public key, etc) and evaluates whether the device information corresponds to the registered contents of the device information preliminarily stored in the DB 350 (the device-information DB 351 ), and the authentication apparatus 300 transmits the evaluation result to the target device 100 and the management apparatus 200 (evaluating unit: step SA- 5 ).
- a corresponding key a public key, etc
- the authentication apparatus 300 By decrypting the transmitted device information with the public key, the authentication apparatus 300 identifies the target device 100 that transmitted the data, and the authentication apparatus 300 obtains the unit information (unit identification number, etc.) of the target device 100 preliminarily registered in the DB 350 and compares the unit information with the transmitted unit information. The authentication apparatus 300 then makes a report of evaluation results of whether the device information correspond or which part is different, etc., and transmits the report to the device that sent out the request.
- the unit information unit identification number, etc.
- the evaluation results may be encrypted with the public key. By encrypting with the public key, the apparatus that received the report of the evaluation results can confirm that the evaluation results are transmitted from a safe authentication apparatus.
- the device information may include measurement values relating to the environment of the device such as a temperature, a humidity, and an altitude, or may include operation values of each unit (a light quantity, an image processing value, an operation value of a mechanism, a sensor level, etc.), or the device information may include log information such as an operation result of the unit (error information).
- FIG. 7 is a flowchart of a processing procedure for the unit-program confirmation process of the system according to the present embodiment.
- the management apparatus 200 transmits a unit-program confirmation request to the target device 100 (unit-program confirmation request unit: step SB- 1 ).
- the request may be conducted from the target device 100 .
- the target device 100 then receives the unit-program confirmation request (unit-program confirmation request receiving unit: step SB- 2 ).
- the target device 100 For each unit, the target device 100 encrypts, with the public key stored in the TPM chip 10 , the unit information at least including the unit identification number stored in the TPM chip 10 and the device information including the program-version information relating to the version of the program executed by the unit, and the target device 100 then transmits the information to the authentication apparatus 300 (device information transmitting unit: step SB- 3 ).
- the TPM chip 10 of the control unit 120 gathers device information including the unit information (unit identification number, etc.) of the units ( 110 , 120 , and 130 ), program-version information, etc., and the TPM chip 10 encrypts the information with the confidential key and transmits the information to the authentication apparatus 300 .
- the authentication apparatus 300 then receives the device information (device-information receiving unit: step SB- 4 ).
- the authentication apparatus 300 decrypts the received device information and evaluates whether the correspondence relationship of the unit identification number included in the device information and the program-version information corresponds to the correspondence relationship of the unit identification number preliminarily stored in the DB 350 (program DB 353 ) of the authentication apparatus 300 and the program-version information, and when the correspondence relationships do not correspond, the authentication apparatus 300 acquires a program file corresponding to the correct program version from the program DB 353 and transmits the program file to the target device (program transmitting unit: step SB- 5 ).
- the authentication apparatus 300 acquires the unit information (unit identification number) of the target device 100 preliminarily registered in the program DB 353 and the corresponding program-version information and then compares the information with the transmitted device information. When the unit information (unit identification number) and the program version are different, the authentication apparatus 300 transmits the program file of the correct version.
- the program file may be encrypted with the public key and transmitted to the target device 100 .
- Receiving the program the target device 100 decrypts the program with the public key, and the target device 100 can confirm that the program is transmitted from the safe authentication apparatus 300 .
- the program includes a program necessary to use the target device (for example, a driver software), etc.
- FIG. 8 is a block diagram for explaining an example of the inter-unit authentication process of the system according to the present embodiment.
- the image reading device 100 such as an image scanner consists of the mechanical unit 110 , the control unit 120 , and the optical unit 130 .
- TPM chip 10 of each unit specific information such as a version of the unit and a program version is stored.
- information of other units usable by the unit is also stored.
- each unit encrypts (signs) the device information using the confidential key stored in the TPM chip 10 having tamper resistance and transmits the information to another unit.
- the device information may be converted to a hash value and transmitted.
- the unit that received the information then decrypts the device information and determines whether the information is transmitted from an authorized unit and from which unit the information is transmitted. The unit that received the information further determines, from the contents of the device information, whether the unit is usable.
- the compliance determination is conducted, for example, when a version B and a version C of the mechanical unit 110 are usable for a version A of the control unit 120 and the version A is unusable.
- the image reading device 100 switches to an operable state.
- the image reading device 100 displays an alarm, and transmits an error signal through the control unit 120 .
- FIG. 9 is a block diagram for explaining an example of the management process of an expendable part of the system according to the present embodiment.
- the image reading device 100 such as an image scanner consists of the mechanical unit 110 , the control unit 120 , and the optical unit 130 .
- the image reading device 100 includes expendable parts such as a roller, a pad, and a lamp.
- An expendable part is a part that the characteristics deteriorate after certain time and certain operations and that requires to be replaced by a new part, such as a toner cartridge or a photosensitive drum in a printer.
- the replacing timing of the roller and the pad can be recognized from the number of operations of a motor and the replacing timing of the lamp can be recognized from the lighting time.
- This information is stored in an expendable-part-managing file of the control unit 120 .
- the TPM chip 10 of the control unit 120 gathers information of the expendable parts and creates device information, and the TPM chip 10 then attaches a signature (encrypts with a confidential key) to the information and transmits the information to the authentication apparatus.
- the authentication apparatus 300 can specify the image reading device 100 that transmitted the device information.
- the authentication apparatus 300 then acquires preliminarily registered device information (expendable-part information) of the image reading device 100 from the DB 350 and compares (evaluates) the information with the transmitted expendable-part information.
- the authentication apparatus 300 notifies the evaluation result to the scanner device or the management apparatus.
- the authentication apparatus 300 notifies an evaluation result of a caution level when the lighting time exceeds 1800 hours and notifies an evaluation result of a warning level when the lighting time exceeds 2000 hours.
- the present invention may be configured by installing an individual authentication device in the target device or in the management apparatus 200 for the processes described above so that only individuals (for example, a system administrator and a maintenance person) specified by the device can conduct the processes.
- all or arbitrary parts of the processing functions provided by the units of the controlling device or by the devices can be realized by the CPU (Central Processing Unit) or by the programs interpreted and executed by the CPU, or the processing functions can be realized as a hardware with wired logic.
- the programs are stored in a recording medium described below, and the controlling device mechanically reads the programs as necessary.
- a computer program In a storage device such as a ROM or an HD, a computer program is stored that collaborates with an OS (Operating System) and gives a command to the CPU to conduct various processes.
- the computer program is executed by being loaded to a RAM, etc., and the computer program collaborates with the CPU and configures the controlling apparatus.
- the computer program may be recorded in an application program server connected through an arbitrary network, and all or a part of the computer program can be downloaded as necessary.
- the programs of the present invention can be stored in computer readable recording media.
- the “recording media” include arbitrary “portable physical media” such as a flexible disk, a magneto-optical disk, a ROM, an EPROM, an EEPROM, a CD-ROM, an MO, a DVD, arbitrary “fixed physical media” such as a ROM, a RAM, an HD that are mounted on various computer systems, and “communication media” that hold the programs for a short period such as a communication line and a carrier wave when transmitting the programs through the network represented by a LAN, a WAN, and Internet.
- the “program” is a data processing method described with an arbitrary language or a description method, and the program can be any format such as in source code or in binary code.
- the “program” is not necessarily limited to a single configuration, but includes the programs having dispersed configurations with a plurality of modules or libraries and the programs achieving functions by collaborating with other programs represented by an OS (Operating System).
- OS Operating System
- Known configurations and procedures can be used for, such as, specific configurations for reading the recording media at each unit according to the present embodiment, reading procedures, and installing procedures after reading.
- each database may be independently configured as an independent database device, and a part of the processes may be realized by using the CGI (Common Gateway Interface).
- CGI Common Gateway Interface
- the target device, the device management system, the device management method, and the external device of the present invention accomplish successful outcomes of accurately figuring out current states of the apparatuses and of safely and surely determining whether the apparatuses are properly used and whether the apparatuses are set up in proper states.
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Storage Device Security (AREA)
Abstract
A device management system is configured with a target device including at least one unit that includes a tamper-resistant chip, a management apparatus that manages or uses the target device, and an authentication apparatus including a database for authentication, connected via a network in a communicable manner. In the target device, each unit is equipped with the tamper-resistant chip that collects device information specific to a unit, stores collected device information, and stores a confidential-key.
Description
- The present application is a continuation of U.S. application Ser. No. 11/624,082, filed on Jan. 17, 2007, which is based on, and claims priority from, Japanese Application Number 2006-010354, filed Jan. 18, 2006 and Japanese Application number 2006-158718, filed Jun. 7, 2006, the disclosures of which are hereby incorporated by reference herein in their entirety.
- 1. Field of the Invention
- The present invention relates to a target device such as an image reading device, a device management system, a device management method, and an external device.
- 2. Description of the Related Art
- Conventionally, a remote maintenance system collectively conducting remote monitoring of target devices such as a plurality of types of terminal devices exists (see, e.g., Japanese Patent Application Laid-open No. 1995-210729). A remote maintenance system that can remotely write latest programs to target devices also exists (see, e.g., Japanese Patent Application Laid-open No. 2000-267857).
- In respect to the security enhancement that each enterprise individually pursued, enterprises with technology providing a PC platform assembled to form TCG (Trusted Computing Group), addressing to create new hardware/software having higher reliability and safety as an industry group. In the TCG, specifications of a TPM (Trusted Platform Module) chip pertaining to a security chip are stipulated for the computing platform (see Japanese Patent Application Laid-open No. 2005-317026).
- However, conventional remote maintenance systems shown in Japanese Patent Application Laid-open Nos. 1995-210729 and 2000-267857 had problems that identity and validity of units composing the target devices cannot be ensured.
- In other words, the conventional arts had problems that validity and identity cannot be confirmed if a part of the units composing the target device is illicitly tampered or replaced when remotely using or managing (maintaining, etc) the target devices.
- It is an object of the present invention to at least partially solve the problems in the conventional technology.
- A target device according to one aspect of the present invention includes at least one unit that includes a tamper-resistant chip. The tamper-resistant chip includes a device-information storing unit that stores device information specific to the unit; and a confidential-key storing unit that stores a confidential key.
- A device management system according to another aspect of the present invention is configured with a target device including at least one unit that includes a tamper-resistant chip, a management apparatus that manages or uses the target device, and an authentication apparatus, connected via a network in a communicable manner. The management apparatus includes a requesting unit that transmits a unit-information confirmation request to the target device. The target device includes a request receiving unit that receives transmitted unit-information confirmation request; and a transmitting unit that encrypts device information including unit information that includes a unit identification number stored in the tamper-resistant chip with a confidential key stored in the tamper-resistant chip, and transmits encrypted device information to the authentication apparatus, for each unit. The authentication apparatus includes a device-information receiving unit that receives the device information; and an evaluation unit that decrypts received device information, evaluates whether decrypted device information corresponds to device information that is stored in a database of the authentication apparatus in advance, and transmits a result of evaluation to the target device and the management apparatus.
- A device management system according to still another aspect of the present invention is configured with a target device including at least one unit that includes a tamper-resistant chip, a management apparatus that manages or uses the target device, and an authentication apparatus, connected via a network in a communicable manner. The management apparatus includes a requesting unit that transmits a unit-program confirmation request to the target device. The target device includes a request receiving unit that receives transmitted unit-program confirmation request; and a first transmitting unit that encrypts device information including unit information that includes a unit identification number stored in the tamper-resistant chip and program-version information relating to a version of a program that is executed by the unit with a confidential key stored in the tamper-resistant chip, and transmits encrypted device information to the authentication apparatus, for each unit. The authentication apparatus includes a device-information receiving unit that receives the device information; and a second transmitting unit that decrypts received device information, evaluates whether a correspondence relationship between the unit identification number and the program-version information included in the device information matches with a correspondence relationship between unit identification number and program-version information stored in a database of the authentication apparatus in advance, when the relationships do not match, acquires a program file corresponding to a correct program version from the database, and transmits acquired program file to the target device.
- A device management system according to still another aspect of the present invention is configured with a target device configured with at least one unit that includes a tamper-resistant chip including a device-information storing unit that stores device information specific to a unit and a confidential-key storing unit that stores a confidential key, and an external device that manages or uses the target device, connected via a network in a communicable manner. The target device includes an encrypting unit that encrypts stored device information using the confidential key; and a first transmitting unit that transmits encrypted device information to the external device connected to the target device. The external device includes a device-information receiving unit that receives transmitted device information; an evaluating unit that decrypts received device information, and evaluates whether the device information corresponds to device information that is stored in a database in advance; and a second transmitting unit that transmits a result of evaluation by the evaluating unit to the target device.
- A device management method according to still another aspect of the present invention is for a device management system in which a target device configured with at least one unit that includes a tamper-resistant chip including a device-information storing unit that stores device information specific to a unit and a confidential-key storing unit that stores a confidential key, and an external device that manages or uses the target device are connected via a network in a communicable manner. The device management method includes encrypting including the target device encrypting the device information using the confidential key; transmitting including the target device transmitting encrypted device information to the external device connected to the target device; receiving including the external device receiving transmitted device information; evaluating including the external device decrypting received device information, the external device evaluating whether the device information corresponds to device information that is stored in a database in advance, and the external device transmitting a result of evaluation the target device.
- An external device according to still another aspect of the present invention manages or uses a target device that is configured with at least one unit that includes a tamper-resistant chip including a device-information storing unit that stores device information specific to a unit and a confidential-key storing unit that stores a confidential key. The external device is connected to the target device via a network in a communicable manner. The external device includes a device-information receiving unit that receives, upon the target device encrypting stored device information using the confidential key and transmitting encrypted device information, transmitted device information; an evaluating unit that decrypts received device information, and evaluates whether the device information corresponds to device information that is stored in a database in advance; and a transmitting unit that transmits a result of evaluation by the evaluating unit to the target device.
- The above and other objects, features, advantages and technical and industrial significance of this invention will be better understood by reading the following detailed description of presently preferred embodiments of the invention, when considered in connection with the accompanying drawings.
-
FIG. 1 is a schematic diagram for explaining a fundamental principle of the present invention; -
FIG. 2 is a block diagram of an example of an image reading device to which the present invention is applied; -
FIG. 3 is a block diagram of an example of a TPM chip to which the present invention is applied; -
FIG. 4 is a block diagram of an example of a management apparatus and an authentication apparatus to which the present invention is applied; -
FIG. 5 is a block diagram of an example of a database stored in a storage device of the authentication apparatus; -
FIG. 6 is a flowchart of a processing procedure for a unit-information confirmation process of a system according to an embodiment of the present invention; -
FIG. 7 is a flowchart of a processing procedure for a unit-program confirmation process of the system according to the present embodiment; -
FIG. 8 is a block diagram for explaining an example of an inter-unit authentication process of the system according to the present embodiment; and -
FIG. 9 is a block diagram for explaining an example of a management process of an expendable part of the system according to the present embodiment. - Exemplary embodiments of the present invention will be described below in detail with reference to the accompanying drawings. However, the present invention is not limited to the present embodiments. Specifically, although an image reading device as a target device and a TPM chip as a chip having tamper resistance are cited as examples in the present embodiments, the present invention is not limited to the present embodiments.
-
FIG. 1 is a schematic diagram for explaining a fundamental principle of the present invention. - Briefly, the present invention has following fundamental features. The system is roughly configured by communicably connecting through a
network 400, a target device (for example, image reading device 100) having one or more than two units at least including a chip having tamper resistance (for example, TPM chip 10), amanagement apparatus 200 that manages or uses thetarget device 100, and an authentication apparatus having aDB 350 for authentication. Themanagement apparatus 200 and theauthentication apparatus 300 conceptually function as external devices connected to the target device through thenetwork 400. - In the system configured this way, a chip (TPM chip 10) is installed in each unit, the chip that gathers, stores, and signs device information of each unit having tamper resistance at the
target device 100 configured with one or a plurality of units (units A to C ofFIG. 1 ).TPM chip 10 is fixed in a housing of each unit so that the chip cannot be easily removed from outside, and the units can be configured so that the units cannot operate when theTPM chips 10 are removed. - The “device information” at least includes one of unit information at least including a unit identification number, expendable-part information relating to an expendable part, program-version information relating to a version of the program, measurement-value information relating to environment of the unit at least including a temperature, a humidity, and an altitude, setting information of the unit during operation, and operation-result information relating to an operation result of the unit.
- In
FIG. 1 , the TPMchip 10 includes a device-information storing unit that stores device information specific to the unit and a confidential-key storing unit that stores a confidential key. - In
FIG. 1 , each unit includes an other-unit device-information storing unit that stores device information of another device, an encrypting unit that encrypts the device information stored in the device-information storing unit using the confidential key stored in the confidential-key storing unit, an inter-unit transmitting unit that transmits the device information encrypted by the encrypting unit to another unit, a decrypting unit that decrypts the device information transmitted by the inter-unit transmitting unit using the confidential key stored in the confidential-key storing unit, an inter-unit inspecting unit that inspects whether the device information decrypted by the decrypting unit corresponds to the device information stored in the other-unit device-information storing unit, and an external device transmitting unit that transmits the device information encrypted by the encrypting unit to the external device connected to the target device. - In
FIG. 1 , the external device (the management apparatus or the authentication apparatus) includes a device-information receiving unit that receives the device information transmitted from the external device transmitting unit, an evaluating unit that decrypts the device information received by the device-information receiving unit to evaluate whether the device information corresponds to device information preliminarily stored in the database, and an evaluation result transmitting unit that transmits the evaluation result of the evaluating unit to the target device. - As shown in
FIG. 1 , in response to a unit-information confirmation request from themanagement apparatus 200 that uses or manages the target device 100 (step S-1), the system configured as described above encrypts the device information using the confidential key stored in theTPM chip 10, and then transmits the device information to the authentication apparatus 300 (step S-2). - After decrypting the device information with reference to registered contents of the
DB 350, theauthentication apparatus 300 determines which device a destination of information transmitted from the target device and evaluates validity of the contents of each unit information, etc., (step S-3 and step S-4). Theauthentication apparatus 300 then transmits the evaluation result to thetarget device 100 or the management apparatus 200 (step S-5). - The external device (
management apparatus 200 or authentication apparatus 300) includes an operation-information storing unit that stores operation information corresponding to each information included in the device information, a device-information receiving unit that receives the transmitted device information, an operation extracting unit that decrypts the device information received by the device-information receiving unit to extract operation information stored in the operation-information storing unit corresponding to the device information, and a operation information transmitting unit that transmits the operation information extracted by the operation extracting unit to the target device or other external devices. - One example of the contents of the operation information will now be shown below.
- 1) The
target device 100 and themanagement apparatus 200 separate thetarget device 100 from the network when determined by the evaluation result to be unusable.
2) Thetarget device 100 displays an alarm itself.
3) Thetarget device 100 cuts off power supply itself.
4) Themanagement apparatus 200 halts starting up the system.
5) Themanagement apparatus 200 transmits to other external devices in the system that thetarget device 100 is unusable.
6) Transmit a message to thetarget device 100 or other external devices, the message that notifies a service unit of information of a unit that should be replaced.
7) Transmit a message to thetarget device 100 or other external devices, the message that notifies a supplier of information of an expendable part that should be replaced.
8) Thetarget device 100 and themanagement apparatus 200 update a program. - A case of the
target device 100 and themanagement apparatus 200 updating a program shown in 8) above will be described as one example of the operation information. - As shown in
FIG. 1 , in thetarget device 100, in response to a unit-program confirmation request (step S-1), the system encrypts unit information at least including a unit identification number stored in a chip and device information including program-version information relating to a version of a program executed by a unit, using the confidential key stored in theTPM chip 10, and the system transmits the encrypted information to the authentication apparatus 300 (step S-2). - After decrypting the device information with reference to the registered contents of the
DB 350, theauthentication apparatus 300 determines from whichtarget device 100 the device information is transmitted and evaluates whether the correspondence relationship between the unit identification number included in the device information and the program-version information corresponds to the correspondence relationship between the unit identification number preliminarily stored in theDB 350 of theauthentication apparatus 300 and the program-version information (step S-3 and step S-4). When the relationships do not correspond, theauthentication apparatus 300 acquires a program corresponding to the correct program version from theDB 350, and theauthentication apparatus 300 then extracts operation information from the operation-information storing unit (for example, DB 350) to transmit to thetarget device 100 and transmits the operation information (step S-6). - By installing an individual authentication device in the
target device 100 or amanagement apparatus 200, the system may be configured such that only predetermined individuals can execute processing. -
FIG. 2 is a block diagram of an example of theimage reading device 100 to which the present invention is applied, in which only parts of the configuration related to the present invention are conceptually illustrated. - As shown in
FIG. 2 , theimage reading device 100 is configured to at least roughly provide amechanical unit 110, anoptical unit 130, and a control unit. For each unit, aTPM chip 10 that is a chip having tamper resistance and that gathers information related to the units and stores the information is installed. Device information, a confidential key required for signature and encryption, etc., are stored in theTPM chip 10, and individual authentication functions such as a fingerprint may also be installed. TheTPM chip 10 is fixed in the housing of each unit in a manner that the chip cannot be easily removed from outside, and the unit is configured so that the unit cannot operate when the chip is removed. - In the
mechanical unit 110, an automatic paper feeding (APF) unit/flat bed unit including a motor, a sensor, etc., and aTPM chip 10 are interconnected through a unit interface. - In the
control unit 120, an MPU, a memory device storing a control program, an image processing unit, a fingerprint acquiring unit, an external interface, a RAM, andTPM chip 10 are interconnected through the unit interface. - In the
optical unit 130, a CCD, an optical system device including a light source, etc., and aTPM chip 10 are interconnected through the unit interface. - The environment of the unit (temperature, humidity, altitude, etc.) may be measured at each unit (110, 120, and 130) and various sensors may also be provided.
-
FIG. 3 is a block diagram of an example of theTPM chip 10 to which the present invention is applied, in which only parts of the configuration related to the present invention are conceptually illustrated. - As shown in
FIG. 3 , theTPM chip 10 is configured to at least include anMPU 11, acontrol program 12 that controls a unit, a confidential-key file 13 that encrypts device information, a unit-information file 14 that stores unit information at least including a unit identification number, an individual-authentication-information file 15 that stores fingerprint information for individual authentication, etc., program-version information relating to a version executed by a unit, expendable-part information relating to an expendable part, a measurement value relating to the environment of a unit (temperature, humidity, altitude, etc), setting information of a unit during operation, and aRAM 16 that stores log information, etc., including the operation result. -
FIG. 4 is a block diagram of an example of themanagement apparatus 200 and theauthentication apparatus 300 to which the present invention is applied, in which only parts of the configurations related to the present invention are conceptually illustrated. - The
management apparatus 200 and theauthentication apparatus 300 may be configured with a commercially available information processing device such as a workstation and a personal computer or with an attached device thereof. Functions of themanagement apparatus 200 and theauthentication apparatus 300 are realized by a control device such as a CPU configuring a hardware, a hard disk drive, a storage device such as a memory device (RAM, ROM, etc), an input device, an output device, an input/output controlling interface, a communication controlling interface, programs controlling the devices, etc. -
FIG. 5 is a block diagram of an example of theDB 350 stored in theauthentication apparatus 300, in which only parts of the configuration related to the present invention are conceptually illustrated. As shown inFIG. 5 , theDB 350 is configured to at least provide a device-information DB 351, an individual-authentication-information DB 352, and aprogram DB 353. - For each target device, the device-
information DB 351 stores by associating unit information including the unit identification number that constitutes the target device, information relating to the measurement values regarding the environment of the unit at least including a temperature, a humidity, and an altitude, log information including the device information and the operation results during unit operation, etc. - The “unit information” may include, in addition to the unit identification number, a product name, a name of the manufacturer, a version, etc.
- For each target device, the individual-authentication-
information DB 352 stores by mutually associating the authentication information relating to an individual allowed to operate the object device (for example, a password and fingerprint information). - For each target device, the
program DB 353 stores by mutually associating a unit identification number, program-version information relating to a version of the program executed by the unit, and a program file corresponding to the version. Although theprogram DB 353 is described as an example of the operation information database, other than this, an expendable part database that stores by mutually associating an expandable part, a durable number of uses and period, etc., may be used. - One example of the process of the system according to the present embodiment configured this way will then be described in detail with reference to
FIG. 6 ,FIG. 7 , etc. -
FIG. 6 is a flowchart of a processing procedure for the unit-information confirmation process according to the present embodiment. - In
FIG. 6 , themanagement apparatus 200 transmits a unit-information confirmation request to the target device 100 (unit-information confirmation requesting unit: step SA-1). The request may be conducted from thetarget device 100. - The
target device 100 then receives the unit-information confirmation request (unit-information confirmation requesting unit: SA-2). - For each unit, the
target device 100 encrypts the device information including the unit information that at least includes the unit identification number stored in theTPM chip 10 with the confidential key stored in the chip, and thetarget device 100 transmits the information to the authentication apparatus 300 (device information transmitting unit: SA-3). - In other words, the
object information 100 receives the request, and for example, theTPM chip 10 of thecontrol unit 120 gathers unit information (unit identification number, etc.) of theTPM chip 10 of the units (110, 120, and 130), and - encrypts the information with the confidential key and transmits the information to the
authentication apparatus 300. - The
authentication apparatus 300 then receives the device information (device-information receiving unit: step SA-4). - The
authentication apparatus 300 decrypts the received device information with a corresponding key (a public key, etc) and evaluates whether the device information corresponds to the registered contents of the device information preliminarily stored in the DB 350 (the device-information DB 351), and theauthentication apparatus 300 transmits the evaluation result to thetarget device 100 and the management apparatus 200 (evaluating unit: step SA-5). - By decrypting the transmitted device information with the public key, the
authentication apparatus 300 identifies thetarget device 100 that transmitted the data, and theauthentication apparatus 300 obtains the unit information (unit identification number, etc.) of thetarget device 100 preliminarily registered in theDB 350 and compares the unit information with the transmitted unit information. Theauthentication apparatus 300 then makes a report of evaluation results of whether the device information correspond or which part is different, etc., and transmits the report to the device that sent out the request. - The evaluation results may be encrypted with the public key. By encrypting with the public key, the apparatus that received the report of the evaluation results can confirm that the evaluation results are transmitted from a safe authentication apparatus.
- The device information may include measurement values relating to the environment of the device such as a temperature, a humidity, and an altitude, or may include operation values of each unit (a light quantity, an image processing value, an operation value of a mechanism, a sensor level, etc.), or the device information may include log information such as an operation result of the unit (error information).
- A unit-program confirmation process conducted in the system will then be described with reference to
FIGS. 2 to 5 andFIG. 7 , etc.FIG. 7 is a flowchart of a processing procedure for the unit-program confirmation process of the system according to the present embodiment. - In
FIG. 7 , themanagement apparatus 200 transmits a unit-program confirmation request to the target device 100 (unit-program confirmation request unit: step SB-1). The request may be conducted from thetarget device 100. - The
target device 100 then receives the unit-program confirmation request (unit-program confirmation request receiving unit: step SB-2). - For each unit, the
target device 100 encrypts, with the public key stored in theTPM chip 10, the unit information at least including the unit identification number stored in theTPM chip 10 and the device information including the program-version information relating to the version of the program executed by the unit, and thetarget device 100 then transmits the information to the authentication apparatus 300 (device information transmitting unit: step SB-3). - In other words, after the
target device 100 receiving a request, for example, theTPM chip 10 of thecontrol unit 120 gathers device information including the unit information (unit identification number, etc.) of the units (110, 120, and 130), program-version information, etc., and theTPM chip 10 encrypts the information with the confidential key and transmits the information to theauthentication apparatus 300. - The
authentication apparatus 300 then receives the device information (device-information receiving unit: step SB-4). - The
authentication apparatus 300 decrypts the received device information and evaluates whether the correspondence relationship of the unit identification number included in the device information and the program-version information corresponds to the correspondence relationship of the unit identification number preliminarily stored in the DB 350 (program DB 353) of theauthentication apparatus 300 and the program-version information, and when the correspondence relationships do not correspond, theauthentication apparatus 300 acquires a program file corresponding to the correct program version from theprogram DB 353 and transmits the program file to the target device (program transmitting unit: step SB-5). - In other words, the
authentication apparatus 300 acquires the unit information (unit identification number) of thetarget device 100 preliminarily registered in theprogram DB 353 and the corresponding program-version information and then compares the information with the transmitted device information. When the unit information (unit identification number) and the program version are different, theauthentication apparatus 300 transmits the program file of the correct version. - The program file may be encrypted with the public key and transmitted to the
target device 100. Receiving the program, thetarget device 100 decrypts the program with the public key, and thetarget device 100 can confirm that the program is transmitted from thesafe authentication apparatus 300. - In addition to a program used in the target device, the program includes a program necessary to use the target device (for example, a driver software), etc.
-
FIG. 8 is a block diagram for explaining an example of the inter-unit authentication process of the system according to the present embodiment. - As shown in
FIG. 8 , theimage reading device 100 such as an image scanner consists of themechanical unit 110, thecontrol unit 120, and theoptical unit 130. - In the
TPM chip 10 of each unit, specific information such as a version of the unit and a program version is stored. In each unit, information of other units usable by the unit (other-unit device-information file 150) is also stored. - When necessary, each unit encrypts (signs) the device information using the confidential key stored in the
TPM chip 10 having tamper resistance and transmits the information to another unit. The device information may be converted to a hash value and transmitted. - The unit that received the information then decrypts the device information and determines whether the information is transmitted from an authorized unit and from which unit the information is transmitted. The unit that received the information further determines, from the contents of the device information, whether the unit is usable.
- The compliance determination is conducted, for example, when a version B and a version C of the
mechanical unit 110 are usable for a version A of thecontrol unit 120 and the version A is unusable. - Confirming all units are usable, the
image reading device 100 switches to an operable state. When the units are unusable, theimage reading device 100 displays an alarm, and transmits an error signal through thecontrol unit 120. -
FIG. 9 is a block diagram for explaining an example of the management process of an expendable part of the system according to the present embodiment. - As shown in
FIG. 9 , theimage reading device 100 such as an image scanner consists of themechanical unit 110, thecontrol unit 120, and theoptical unit 130. Theimage reading device 100 includes expendable parts such as a roller, a pad, and a lamp. An expendable part is a part that the characteristics deteriorate after certain time and certain operations and that requires to be replaced by a new part, such as a toner cartridge or a photosensitive drum in a printer. - The replacing timing of the roller and the pad can be recognized from the number of operations of a motor and the replacing timing of the lamp can be recognized from the lighting time. This information is stored in an expendable-part-managing file of the
control unit 120. - The
TPM chip 10 of thecontrol unit 120 gathers information of the expendable parts and creates device information, and theTPM chip 10 then attaches a signature (encrypts with a confidential key) to the information and transmits the information to the authentication apparatus. - By decrypting the transmitted device information with the public key, the
authentication apparatus 300 can specify theimage reading device 100 that transmitted the device information. - The
authentication apparatus 300 then acquires preliminarily registered device information (expendable-part information) of theimage reading device 100 from theDB 350 and compares (evaluates) the information with the transmitted expendable-part information. Theauthentication apparatus 300 notifies the evaluation result to the scanner device or the management apparatus. - For example, in a case of the lamp, if 2000 hours is a reference value, the
authentication apparatus 300 notifies an evaluation result of a caution level when the lighting time exceeds 1800 hours and notifies an evaluation result of a warning level when the lighting time exceeds 2000 hours. - Although an embodiment of the present invention has been described, other than the present embodiment described above, the present invention may be implemented in various other embodiments within the technical scope of the claims described above.
- For example, the present invention may be configured by installing an individual authentication device in the target device or in the
management apparatus 200 for the processes described above so that only individuals (for example, a system administrator and a maintenance person) specified by the device can conduct the processes. - Of the processes described in the present embodiment, all or parts of the processes that are described to be conducted automatically can be conducted manually and all or parts of the processes that are described to be conducted manually can be conducted automatically with known methods.
- The information including the parameters of processing procedures, control procedures, specific names, various registration data, search conditions, etc., the image examples, and the database configurations described in the document and drawings above can be arbitrarily changed unless otherwise stated.
- The components of the drawings are functional and conceptual and do not necessarily have to be physically configured as illustrated.
- For example, all or arbitrary parts of the processing functions provided by the units of the controlling device or by the devices can be realized by the CPU (Central Processing Unit) or by the programs interpreted and executed by the CPU, or the processing functions can be realized as a hardware with wired logic. The programs are stored in a recording medium described below, and the controlling device mechanically reads the programs as necessary.
- In a storage device such as a ROM or an HD, a computer program is stored that collaborates with an OS (Operating System) and gives a command to the CPU to conduct various processes. The computer program is executed by being loaded to a RAM, etc., and the computer program collaborates with the CPU and configures the controlling apparatus. The computer program may be recorded in an application program server connected through an arbitrary network, and all or a part of the computer program can be downloaded as necessary.
- The programs of the present invention can be stored in computer readable recording media. The “recording media” include arbitrary “portable physical media” such as a flexible disk, a magneto-optical disk, a ROM, an EPROM, an EEPROM, a CD-ROM, an MO, a DVD, arbitrary “fixed physical media” such as a ROM, a RAM, an HD that are mounted on various computer systems, and “communication media” that hold the programs for a short period such as a communication line and a carrier wave when transmitting the programs through the network represented by a LAN, a WAN, and Internet.
- The “program” is a data processing method described with an arbitrary language or a description method, and the program can be any format such as in source code or in binary code. The “program” is not necessarily limited to a single configuration, but includes the programs having dispersed configurations with a plurality of modules or libraries and the programs achieving functions by collaborating with other programs represented by an OS (Operating System). Known configurations and procedures can be used for, such as, specific configurations for reading the recording media at each unit according to the present embodiment, reading procedures, and installing procedures after reading.
- Specific configurations of distribution and integration of the devices are not limited to the configurations in the drawings, and all or some of the configurations can be configured by functionally or physically distributing and integrating in arbitrary units in compliance with various loads, etc. For example, each database may be independently configured as an independent database device, and a part of the processes may be realized by using the CGI (Common Gateway Interface).
- The target device, the device management system, the device management method, and the external device of the present invention accomplish successful outcomes of accurately figuring out current states of the apparatuses and of safely and surely determining whether the apparatuses are properly used and whether the apparatuses are set up in proper states.
- Although the invention has been described with respect to a specific embodiment for a complete and clear disclosure, the appended claims are not to be thus limited but are to be construed as embodying all modifications and alternative constructions that may occur to one skilled in the art that fairly fall within the basic teaching herein set forth.
Claims (22)
1. (canceled)
2. (canceled)
3. (canceled)
4. (canceled)
5. (canceled)
6. (canceled)
7. (canceled)
8. (canceled)
9. (canceled)
10. (canceled)
11. (canceled)
12. (canceled)
13. (canceled)
14. (canceled)
15. (canceled)
16. (canceled)
17. A device management system in which a target device configured with plural units that include a tamper-resistant chip, a management apparatus that manages or uses the target device, and an authentication apparatus are connected via a network in a communicable manner, wherein
the management apparatus includes
a requesting unit that transmits a unit-information confirmation request to the target device,
the target device includes
a request receiving unit that receives transmitted unit-information confirmation request;
a transmitting unit that
gathers device information including unit information of the units that includes a unit identification number stored in the tamper-resistant chip, encrypts the device information with a confidential key stored in the tamper-resistant chip, and transmits encrypted device information to the authentication apparatus, and
the authentication apparatus includes
a device-information receiving unit that receives the device information; and
an evaluation unit that decrypts received device information, evaluates whether decrypted device information corresponds to device information that is stored in a database of the authentication apparatus in advance, and transmits a result of evaluation to the target device and the management apparatus.
18. A device management system in which a target device configured with plural units that include
a tamper-resistant chip, a management apparatus that manages or uses the target device, and an authentication apparatus, wherein the system is connected via a network in a communicable manner, wherein
the management apparatus includes
a requesting unit that transmits a unit-program confirmation request to the target device,
the target device includes
a request receiving unit that receives transmitted unit-program confirmation request; and a first transmitting unit that gathers device information including unit information of the units that includes a unit identification number stored in the tamper-resistant chip and a program-version information relating to a version of a program that is executed by the unit, encrypts the device information with a confidential key stored in the tamper-resistant chip, and transmits encrypted device information to the authentication apparatus, and
the authentication apparatus includes
a device-information receiving unit that receives the device information; and
a second transmitting unit that decrypts received device information, evaluates whether a correspondence relationship between the unit identification number and the program-version information included in the device information matches with a correspondence relationship between unit identification number and program-version information stored in a database of the authentication apparatus in advance, when the relationships do not match, acquires a program file corresponding to a correct program version from the database, and transmits acquired program file to the target device.
19. A device management system in which a target device configured with plural units that include a tamper-resistant chip including a device-information storing unit that stores device information specific to a unit and a confidential-key storing unit that stores a confidential key, and the system including an external device that manages or uses the target device, wherein the system is connected via a network in a communicable manner, wherein
the target device includes
an encrypting unit that gathers stored device information of the units, and encrypts the device information using the confidential key; and
a first transmitting unit that transmits encrypted device information to the external device connected to the target device, and
the external device includes
a device-information receiving unit that receives transmitted device information;
an evaluating unit that decrypts received device information, and evaluates whether the device information corresponds to device information that is stored in a database in advance; and
a second transmitting unit that transmits a result of evaluation by the evaluating unit to the target device.
20. The device management system according to claim 19 , wherein
the external device further includes
an operation-information storing unit that stores operation information corresponding to each piece of information included in the device information;
an operation extracting unit that decrypts the received device information, and extracts the operation information corresponding to decrypted device information from the operation-information storing unit; and
a third transmitting unit that transmits extracted operation information to the target device or other external device.
21. A device management method for a device management system in which a target device configured with plural units that include a tamper-resistant chip including a device-information storing unit that stores device information specific to a unit and a confidential-key storing unit that stores a confidential key, and the device management system further including an external device that manages or uses the target device, wherein the system is connected via a network in a communicable manner,
the device management method comprising:
the target device
encrypting information, including the target device gathering the device information of the units, and encrypting the device information using the confidential key;
transmitting information, including the target device transmitting encrypted device information to the external device connected to the target device;
receiving information, including the external device receiving transmitted device information; and
the external device evaluating information, including decrypting received device information;
evaluating whether the device information corresponds to device information that is stored in a database in advance; and transmitting a result of evaluation the target device.
22. The device management method according to claim 21 , further comprising:
storing information by the external device, including the external device, including storing operation information corresponding to each piece of information included in the device information;
extracting information by the external device, including decrypting the received device information; and extracting the operation information corresponding to decrypted device information; and
transmitting information by the external device, including
transmitting extracted operation information to the target device or other external device.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/872,627 US20110107079A1 (en) | 2006-01-18 | 2010-08-31 | Target device, method and system for managing device, and external device |
Applications Claiming Priority (6)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2006010354 | 2006-01-18 | ||
JP2006-010354 | 2006-01-18 | ||
JP2006158718A JP5074709B2 (en) | 2006-01-18 | 2006-06-07 | Target device, device management system, device management method, and external device |
JP2006-158718 | 2006-06-07 | ||
US11/624,082 US8412958B2 (en) | 2006-01-18 | 2007-01-17 | Target device, method and system for managing device, and external device |
US12/872,627 US20110107079A1 (en) | 2006-01-18 | 2010-08-31 | Target device, method and system for managing device, and external device |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/624,082 Continuation US8412958B2 (en) | 2006-01-18 | 2007-01-17 | Target device, method and system for managing device, and external device |
Publications (1)
Publication Number | Publication Date |
---|---|
US20110107079A1 true US20110107079A1 (en) | 2011-05-05 |
Family
ID=38219852
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/624,082 Expired - Fee Related US8412958B2 (en) | 2006-01-18 | 2007-01-17 | Target device, method and system for managing device, and external device |
US12/872,627 Abandoned US20110107079A1 (en) | 2006-01-18 | 2010-08-31 | Target device, method and system for managing device, and external device |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/624,082 Expired - Fee Related US8412958B2 (en) | 2006-01-18 | 2007-01-17 | Target device, method and system for managing device, and external device |
Country Status (3)
Country | Link |
---|---|
US (2) | US8412958B2 (en) |
JP (1) | JP5074709B2 (en) |
DE (1) | DE102006058789A1 (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110320599A1 (en) * | 2010-06-28 | 2011-12-29 | Hitachi, Ltd. | Management system and computer system management method |
WO2012023050A2 (en) | 2010-08-20 | 2012-02-23 | Overtis Group Limited | Secure cloud computing system and method |
US20140068028A1 (en) * | 2012-08-31 | 2014-03-06 | Fujitsu Limited | Network connecting method and electronic device |
US8935373B2 (en) | 2010-06-14 | 2015-01-13 | Hitachi, Ltd. | Management system and computer system management method |
CN105718785A (en) * | 2014-12-17 | 2016-06-29 | 广达电脑股份有限公司 | Authentication-Free Configuration For Service Controllers |
Families Citing this family (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4896595B2 (en) * | 2006-01-18 | 2012-03-14 | 株式会社Pfu | Image reading apparatus and program |
US8064605B2 (en) * | 2007-09-27 | 2011-11-22 | Intel Corporation | Methods and apparatus for providing upgradeable key bindings for trusted platform modules |
JP4960896B2 (en) * | 2008-01-28 | 2012-06-27 | 株式会社リコー | Image forming apparatus and data management method |
JP5183517B2 (en) * | 2009-02-05 | 2013-04-17 | 三菱電機株式会社 | Information processing apparatus and program |
JP5946374B2 (en) | 2012-08-31 | 2016-07-06 | 株式会社富士通エフサス | Network connection method and electronic device |
EP2933956B1 (en) * | 2012-12-12 | 2018-11-21 | Mitsubishi Electric Corporation | Monitor control device and monitor control method |
US11398906B2 (en) * | 2016-11-10 | 2022-07-26 | Brickell Cryptology Llc | Confirming receipt of audit records for audited use of a cryptographic key |
US10855465B2 (en) | 2016-11-10 | 2020-12-01 | Ernest Brickell | Audited use of a cryptographic key |
US11405201B2 (en) * | 2016-11-10 | 2022-08-02 | Brickell Cryptology Llc | Secure transfer of protected application storage keys with change of trusted computing base |
US10652245B2 (en) | 2017-05-04 | 2020-05-12 | Ernest Brickell | External accessibility for network devices |
US11179208B2 (en) * | 2017-12-28 | 2021-11-23 | Cilag Gmbh International | Cloud-based medical analytics for security and authentication trends and reactive measures |
TWI662474B (en) * | 2018-03-06 | 2019-06-11 | 智原科技股份有限公司 | Method and apparatus for performing firmware programming on microcontroller chip, and associated microcontroller chip |
JP7134764B2 (en) * | 2018-07-24 | 2022-09-12 | ヤンマーパワーテクノロジー株式会社 | control terminal |
JP7413845B2 (en) * | 2020-03-04 | 2024-01-16 | 富士フイルムビジネスイノベーション株式会社 | Printing control device, printing device, printing control system and program |
KR102607034B1 (en) * | 2020-12-23 | 2023-11-27 | 순천향대학교 산학협력단 | Blockchain based smart device remote management system and method thereof |
Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5966446A (en) * | 1995-09-29 | 1999-10-12 | Intel Corporation | Time-bracketing infrastructure implementation |
US20030097571A1 (en) * | 2001-11-21 | 2003-05-22 | Dave Hamilton | System, device, and method for providing secure electronic commerce transactions |
US20040143730A1 (en) * | 2001-06-15 | 2004-07-22 | Wu Wen | Universal secure messaging for remote security tokens |
US20050060561A1 (en) * | 2003-07-31 | 2005-03-17 | Pearson Siani Lynne | Protection of data |
US20050163317A1 (en) * | 2004-01-26 | 2005-07-28 | Angelo Michael F. | Method and apparatus for initializing multiple security modules |
US20050166024A1 (en) * | 2004-01-26 | 2005-07-28 | Angelo Michael F. | Method and apparatus for operating multiple security modules |
US20060005009A1 (en) * | 2004-06-30 | 2006-01-05 | International Business Machines Corporation | Method, system and program product for verifying an attribute of a computing device |
US20060026422A1 (en) * | 2004-07-29 | 2006-02-02 | International Business Machines Corporation | Method, apparatus, and product for providing a backup hardware trusted platform module in a hypervisor environment |
US20060107054A1 (en) * | 2004-11-16 | 2006-05-18 | Young David W | Method, apparatus and system to authenticate chipset patches with cryptographic signatures |
US7058807B2 (en) * | 2002-04-15 | 2006-06-06 | Intel Corporation | Validation of inclusion of a platform within a data center |
US7490070B2 (en) * | 2004-06-10 | 2009-02-10 | Intel Corporation | Apparatus and method for proving the denial of a direct proof signature |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH07210729A (en) | 1994-01-10 | 1995-08-11 | Omron Corp | Remote maintenance system |
DE4406602C2 (en) | 1994-03-01 | 2000-06-29 | Deutsche Telekom Ag | Security system for identifying and authenticating communication partners |
DE19600771A1 (en) | 1996-01-11 | 1997-04-03 | Ibm | Security module for electronic cash security components |
JP2000267857A (en) | 1999-03-17 | 2000-09-29 | Oki Data Corp | Facsimile maintenance system |
JP2004282391A (en) * | 2003-03-14 | 2004-10-07 | Fujitsu Ltd | Information processor having authentication function and method for applying authentication function |
JP2004359036A (en) * | 2003-06-03 | 2004-12-24 | Mazda Motor Corp | Anti-theft system for vehicle |
US7484091B2 (en) | 2004-04-29 | 2009-01-27 | International Business Machines Corporation | Method and system for providing a trusted platform module in a hypervisor environment |
WO2005106620A1 (en) * | 2004-04-30 | 2005-11-10 | Fujitsu Limited | Information management device and information management method |
-
2006
- 2006-06-07 JP JP2006158718A patent/JP5074709B2/en not_active Expired - Fee Related
- 2006-12-12 DE DE102006058789A patent/DE102006058789A1/en not_active Ceased
-
2007
- 2007-01-17 US US11/624,082 patent/US8412958B2/en not_active Expired - Fee Related
-
2010
- 2010-08-31 US US12/872,627 patent/US20110107079A1/en not_active Abandoned
Patent Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5966446A (en) * | 1995-09-29 | 1999-10-12 | Intel Corporation | Time-bracketing infrastructure implementation |
US20040143730A1 (en) * | 2001-06-15 | 2004-07-22 | Wu Wen | Universal secure messaging for remote security tokens |
US20030097571A1 (en) * | 2001-11-21 | 2003-05-22 | Dave Hamilton | System, device, and method for providing secure electronic commerce transactions |
US7058807B2 (en) * | 2002-04-15 | 2006-06-06 | Intel Corporation | Validation of inclusion of a platform within a data center |
US20050060561A1 (en) * | 2003-07-31 | 2005-03-17 | Pearson Siani Lynne | Protection of data |
US20050163317A1 (en) * | 2004-01-26 | 2005-07-28 | Angelo Michael F. | Method and apparatus for initializing multiple security modules |
US20050166024A1 (en) * | 2004-01-26 | 2005-07-28 | Angelo Michael F. | Method and apparatus for operating multiple security modules |
US7382880B2 (en) * | 2004-01-26 | 2008-06-03 | Hewlett-Packard Development Company, L.P. | Method and apparatus for initializing multiple security modules |
US7490070B2 (en) * | 2004-06-10 | 2009-02-10 | Intel Corporation | Apparatus and method for proving the denial of a direct proof signature |
US20060005009A1 (en) * | 2004-06-30 | 2006-01-05 | International Business Machines Corporation | Method, system and program product for verifying an attribute of a computing device |
US20060026422A1 (en) * | 2004-07-29 | 2006-02-02 | International Business Machines Corporation | Method, apparatus, and product for providing a backup hardware trusted platform module in a hypervisor environment |
US20060107054A1 (en) * | 2004-11-16 | 2006-05-18 | Young David W | Method, apparatus and system to authenticate chipset patches with cryptographic signatures |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8935373B2 (en) | 2010-06-14 | 2015-01-13 | Hitachi, Ltd. | Management system and computer system management method |
US20110320599A1 (en) * | 2010-06-28 | 2011-12-29 | Hitachi, Ltd. | Management system and computer system management method |
US8553564B2 (en) * | 2010-06-28 | 2013-10-08 | Hitachi, Ltd. | Management system and computer system management method |
WO2012023050A2 (en) | 2010-08-20 | 2012-02-23 | Overtis Group Limited | Secure cloud computing system and method |
US20140068028A1 (en) * | 2012-08-31 | 2014-03-06 | Fujitsu Limited | Network connecting method and electronic device |
US9660863B2 (en) * | 2012-08-31 | 2017-05-23 | Fujitsu Fsas Inc. | Network connecting method and electronic device |
CN105718785A (en) * | 2014-12-17 | 2016-06-29 | 广达电脑股份有限公司 | Authentication-Free Configuration For Service Controllers |
TWI595377B (en) * | 2014-12-17 | 2017-08-11 | 廣達電腦股份有限公司 | Computer-implemented method and system for authentication-free configuration and related non-transitory computer-readable storage medium |
US9866548B2 (en) | 2014-12-17 | 2018-01-09 | Quanta Computer Inc. | Authentication-free configuration for service controllers |
US10404690B2 (en) | 2014-12-17 | 2019-09-03 | Quanta Computer Inc. | Authentication-free configuration for service controllers |
Also Published As
Publication number | Publication date |
---|---|
US20070165264A1 (en) | 2007-07-19 |
US8412958B2 (en) | 2013-04-02 |
JP5074709B2 (en) | 2012-11-14 |
JP2007220070A (en) | 2007-08-30 |
DE102006058789A1 (en) | 2007-07-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8412958B2 (en) | Target device, method and system for managing device, and external device | |
US8555074B2 (en) | Method and apparatus for processing information, and computer program product | |
JP5369502B2 (en) | Device, management device, device management system, and program | |
US20050172118A1 (en) | Electronic apparatus, image forming apparatus, method for controlling electronic apparatus, and system for managing image forming apparatus | |
CN101611391A (en) | The protection cross platform auditing | |
US7916328B2 (en) | Image reading apparatus and computer program product | |
JP5227474B2 (en) | Device management system, device management method, and external device | |
GB2456862A (en) | Protecting patient data on removable media | |
US9357102B2 (en) | Systems and methods of securing operational information associated with an imaging device | |
JP4960023B2 (en) | Image reading apparatus, authentication method, evaluation system, evaluation method, and program | |
JP2006209286A (en) | Document management system, information processing apparatus and method, and computer program | |
US20050193200A1 (en) | Image processing apparatus and method, storage medium storing computer-readable program, and program | |
US20240028731A1 (en) | Method for modifying software in a motor vehicle | |
JP2005251156A (en) | Electronic device, image formation device, control method of electronic device, program, recording medium, image formation device management system, member with digital certificate stored, digital certificate acquisition method and digital certificate setting system | |
JPWO2008117554A1 (en) | Time information distribution system, time distribution station, terminal, time information distribution method and program | |
JP5617981B2 (en) | Device, management device, device management system, and program | |
CN101206700B (en) | Information processing apparatus, system and device | |
US8667599B2 (en) | Image forming apparatus having a function that is validated by installing a license and method therefor | |
JP2017173893A (en) | Information processing system, update method, information device, and program | |
US9218235B2 (en) | Systems and methods of verifying operational information associated with an imaging device | |
JP3809495B1 (en) | Software management system | |
CN103425118A (en) | Methods and apparatus to identify a degradation of integrity of a process control system | |
JP2023524972A (en) | Endpoints and protocols for trusted digital manufacturing | |
CN100476848C (en) | Image reading apparatus, authentication method, evaluation system, evaluation method, and computer program product | |
CN1708002B (en) | Image processing system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: FUJITSU LIMITED, JAPAN Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:MINAMI, KOUICHI;KOTANI, SEIGO;SIGNING DATES FROM 20061121 TO 20061219;REEL/FRAME:024918/0849 Owner name: PFU LIMITED, JAPAN Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:MINAMI, KOUICHI;KOTANI, SEIGO;SIGNING DATES FROM 20061121 TO 20061219;REEL/FRAME:024918/0849 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |