WO2023124245A1 - Verification method, consumable chip, consumable and image forming apparatus - Google Patents

Verification method, consumable chip, consumable and image forming apparatus Download PDF

Info

Publication number
WO2023124245A1
WO2023124245A1 PCT/CN2022/118896 CN2022118896W WO2023124245A1 WO 2023124245 A1 WO2023124245 A1 WO 2023124245A1 CN 2022118896 W CN2022118896 W CN 2022118896W WO 2023124245 A1 WO2023124245 A1 WO 2023124245A1
Authority
WO
WIPO (PCT)
Prior art keywords
consumable
image forming
consumable chip
random number
chip
Prior art date
Application number
PCT/CN2022/118896
Other languages
French (fr)
Chinese (zh)
Inventor
梁嘉俊
Original Assignee
珠海奔图电子有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 珠海奔图电子有限公司 filed Critical 珠海奔图电子有限公司
Publication of WO2023124245A1 publication Critical patent/WO2023124245A1/en

Links

Images

Classifications

    • GPHYSICS
    • G03PHOTOGRAPHY; CINEMATOGRAPHY; ANALOGOUS TECHNIQUES USING WAVES OTHER THAN OPTICAL WAVES; ELECTROGRAPHY; HOLOGRAPHY
    • G03GELECTROGRAPHY; ELECTROPHOTOGRAPHY; MAGNETOGRAPHY
    • G03G15/00Apparatus for electrographic processes using a charge pattern
    • G03G15/06Apparatus for electrographic processes using a charge pattern for developing
    • G03G15/08Apparatus for electrographic processes using a charge pattern for developing using a solid developer, e.g. powder developer
    • G03G15/0822Arrangements for preparing, mixing, supplying or dispensing developer
    • G03G15/0863Arrangements for preparing, mixing, supplying or dispensing developer provided with identifying means or means for storing process- or use parameters, e.g. an electronic memory
    • GPHYSICS
    • G03PHOTOGRAPHY; CINEMATOGRAPHY; ANALOGOUS TECHNIQUES USING WAVES OTHER THAN OPTICAL WAVES; ELECTROGRAPHY; HOLOGRAPHY
    • G03GELECTROGRAPHY; ELECTROPHOTOGRAPHY; MAGNETOGRAPHY
    • G03G21/00Arrangements not provided for by groups G03G13/00 - G03G19/00, e.g. cleaning, elimination of residual charge
    • G03G21/16Mechanical means for facilitating the maintenance of the apparatus, e.g. modular arrangements
    • G03G21/18Mechanical means for facilitating the maintenance of the apparatus, e.g. modular arrangements using a processing cartridge, whereby the process cartridge comprises at least two image processing means in a single unit
    • G03G21/1875Mechanical means for facilitating the maintenance of the apparatus, e.g. modular arrangements using a processing cartridge, whereby the process cartridge comprises at least two image processing means in a single unit provided with identifying means or means for storing process- or use parameters, e.g. lifetime of the cartridge
    • G03G21/1878Electronically readable memory
    • GPHYSICS
    • G03PHOTOGRAPHY; CINEMATOGRAPHY; ANALOGOUS TECHNIQUES USING WAVES OTHER THAN OPTICAL WAVES; ELECTROGRAPHY; HOLOGRAPHY
    • G03GELECTROGRAPHY; ELECTROPHOTOGRAPHY; MAGNETOGRAPHY
    • G03G21/00Arrangements not provided for by groups G03G13/00 - G03G19/00, e.g. cleaning, elimination of residual charge
    • G03G21/16Mechanical means for facilitating the maintenance of the apparatus, e.g. modular arrangements
    • G03G21/18Mechanical means for facilitating the maintenance of the apparatus, e.g. modular arrangements using a processing cartridge, whereby the process cartridge comprises at least two image processing means in a single unit
    • G03G21/1875Mechanical means for facilitating the maintenance of the apparatus, e.g. modular arrangements using a processing cartridge, whereby the process cartridge comprises at least two image processing means in a single unit provided with identifying means or means for storing process- or use parameters, e.g. lifetime of the cartridge
    • G03G21/1878Electronically readable memory
    • G03G21/1892Electronically readable memory for presence detection, authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Definitions

  • the present application relates to the technical field of image formation, in particular to a verification method, a consumable chip, a consumable and an image forming device.
  • consumables such as toner cartridges, ink cartridges, and toner cartridges are generally detachably installed in image forming devices such as printers as consumable products.
  • a consumable chip is installed on the consumable.
  • the image forming device will detect the consumable chip before using the consumable to perform imaging operations such as printing or copying, so as to determine whether the consumable is a legitimate consumable, such as whether it is an original consumable. Or whether it is a legal compatible consumable, etc., the consumable will start to use the consumable for imaging after passing the test.
  • the conventional method of detection is that the controller in the image forming device (such as the image forming control unit) sends an inquiry signal to the consumable chip, and when the response signal returned by the consumable chip matches the information stored in the memory of the image forming device, And when the time of the response signal returned by the consumable chip meets the predetermined requirement, the consumable is considered as legal consumable.
  • the controller in the image forming device such as the image forming control unit
  • the inventor found that due to the influence of the electrostatic field in the image forming device and the contact conditions (such as the size, shape, material) between the image forming device and the consumable chip, the image forming The communication between the device and consumables is often disturbed, making the reliability of the response signal returned by the consumable chip less reliable.
  • the time of the response signal returned by the consumable chip may be delayed, resulting in image formation
  • the device mistakenly identifies legitimate consumable chips as illegal, or recognizes illegal consumable chips as legitimate; on the other hand, the protection measures for communication between the consumable chip and the image forming device are relatively weak, and the response signal is easily intercepted by imitators , imitating the original chip to send a response signal, so that the non-original consumables are recognized as original.
  • the use of illegal consumables such as non-original consumables may damage the image forming device or reduce the image quality, affecting user experience.
  • the embodiment of the present application provides a verification method, a consumable chip, a consumable and an image forming device, which can improve the accuracy of the validity verification of the consumable chip and prevent misjudgment; and can also improve the communication between the consumable chip and the image forming device body Safety.
  • the embodiment of the present application provides a verification method, which is applied to a consumable chip, the consumable chip is installed on the consumable, the consumable is detachably installed in the image forming device, and digital certificate information is stored in the consumable chip; the method includes: consumable The chip sends a first feedback message to the image forming device in response to the first request; wherein, the first feedback message carries digital certificate information, and the digital certificate information includes at least a first public key; the first public key is based on the unique hardware of the consumable chip
  • the identifier PUF ID is generated; the first request is a request sent by the image forming device for obtaining a digital certificate; the consumable chip receives the identity challenge message sent by the image forming device; the identity challenge message includes the first encryption result, and the first encryption result is obtained by using The first public key is used to encrypt the first random number; the first random number is generated by the image forming device; the consumable chip uses the first private key to decrypt the first encrypted result to obtain the second random
  • the embodiment of the present application provides a chip for consumables.
  • the chip for consumables is used to be installed on consumables.
  • the consumables are used to be detachably installed in an image forming device.
  • Digital certificate information is stored in the consumables chip; the digital certificate information includes at least The first public key; the first public key is generated based on the unique hardware identifier PUF ID of the consumable chip; the chip control unit is also used to obtain the unique hardware identifier PUF ID of the consumable chip, and generate the first private key based on the PUF ID.
  • a private key and the first public key belong to the same key pair; the first private key is used to decrypt the first encrypted result to obtain a second random number; The random number is obtained by encryption; the second random number is used to obtain the verification result of the consumable chip.
  • an embodiment of the present application provides a consumable, including: a housing; a developer container located in the housing for accommodating the developer; and the consumable chip according to any one of the above-mentioned second aspects.
  • an embodiment of the present application provides a consumable, which includes: a photosensitive drum; a charging roller for charging the photosensitive drum; and the consumable chip according to any one of the above-mentioned second aspects.
  • the embodiment of the present application provides an image forming apparatus, including: consumables, on which the consumables chip according to any one of the above-mentioned second aspects is installed; an image forming control unit, configured to: send the consumables chip To obtain the first request for a digital certificate; receive the first feedback message sent by the consumable chip, and generate a first random number, use the first public key carried in the first feedback message to encrypt the first random number, and obtain the first An encryption result; sending an identity challenge message to the consumable chip, where the identity challenge message includes the first encryption result.
  • a digital certificate is stored in the consumable chip, and the digital certificate includes a first public key, and the first public key is generated based on the unique hardware identifier of the consumable chip, and also That is, the first public key is a public key associated with the unique hardware identifier of the consumable chip; after the consumable is installed in the image forming device, the consumable chip responds to the request (first request) for obtaining a digital certificate sent by the image forming device, Return the feedback message carrying the digital certificate information.
  • the image forming device After the image forming device obtains the first public key, it will use the first public key to encrypt the generated first random number, and then send the encrypted data (first encryption result) to The consumable chip, if the consumable chip is a legal chip, the consumable chip will hold the first private key, the first private key is generated based on the unique hardware identifier, that is, the first private key is the private key associated with the unique hardware identifier of the consumable chip key, the first private key can decrypt the first encryption result, and the decrypted second random number is the same as the first random number.
  • the consumable chip is an illegal chip, the consumable chip will not hold the first private key , so the first encryption result cannot be decrypted or the decrypted random number is different from the first random number, so when the image forming device sends an identity challenge message to the consumable chip, the image forming device decrypts the first random number If the response information is correct, you can know whether the consumable chip is legal. This scheme does not depend on the feedback time of the response signal, so it is not affected by the communication environment between the consumable chip and the image forming device, and in this scheme, only the legal consumable chip can generate the first private key, and the first private key The key is generated based on the unique hardware identifier PUF ID, which is non-replicable and cannot be imitated. Therefore, even if the exchange information between the consumable chip and the image forming device is intercepted, it will not affect the verification of the consumable chip, so the verification result is reliable. Sex is higher.
  • FIG. 1 is a schematic flow diagram of an embodiment of a verification method provided in an embodiment of the present application
  • FIG. 2 is a system architecture diagram of a verification method provided in an embodiment of the present application.
  • Fig. 3 is an interactive flowchart of a verification method provided by the embodiment of the present application.
  • FIG. 4 is an interactive flowchart for generating a digital certificate in the embodiment of the present application.
  • FIG. 5 is a structural cross-sectional view of an image forming device provided by an embodiment of the present application.
  • Fig. 6 is a schematic structural diagram of an embodiment of consumables provided by the embodiment of the present application.
  • FIG. 7 is a schematic structural diagram of an image forming apparatus provided by an embodiment of the present application.
  • the embodiment of the present application provides a verification method, which can be applied to the scene of verifying consumable chips based on various image forming devices. Detachable connection.
  • An image forming device refers to various devices used to perform image forming operations.
  • An image forming job may be at least one of operations such as generation, printing, copying, and scanning.
  • An image forming device may also be used to receive and send image data, for example Specifically, the image forming apparatus may be an inkjet printer, a laser printer, an LED (Light Emitting Diode, light emitting diode) printer, a copier, a scanner, or a multifunctional facsimile machine, and a multifunctional peripheral performing the above functions in a single device.
  • Equipment MFP, Multi-Functional Peripheral
  • a complete image forming device mainly includes an image forming control unit, an image forming part, consumables, and a memory, wherein the consumables include consumable chips, the image forming control unit is used to control the entire image forming device, and the image forming part is used for Based on the image data, an image is formed on the conveyed paper under the control of the image forming control unit.
  • the image forming control unit may be a SoC (System on Chip, system on a chip).
  • SoC is a miniature system composed of multiple system components configured to control the imaging processing operations of the image forming device, such as processing image data Perform linear correction, noise reduction, bad point removal, detail enhancement and other processing to improve the quality of image output.
  • the image formation control unit is also used to perform engine control related processing operations such as data transmission and reception, command transmission and printing, and image printing, for example, through the interface unit (including but not limited to USB port, wired network port, wireless network port or other interfaces, etc.) to send and receive data, print engine control commands, status, etc.
  • the interface unit including but not limited to USB port, wired network port, wireless network port or other interfaces, etc.
  • the image forming control unit is responsible for verifying the consumable chip, reading and writing characteristic information on the consumable chip, and controlling the image forming unit.
  • the image forming control unit obtains specified image forming parameters, such as high voltage parameters, etc., and coordinates each image forming mechanism according to the image forming parameters, so that the correct image content is displayed on the medium.
  • Consumables can be toner cartridges, ink cartridges, toner cartridges, laser toner cartridges, organic photoconductors (Organic Photo Conductor, OPC, referred to as photosensitive drums), etc.
  • the consumable chip refers to the chip installed on the consumable, which is used to store the characteristic parameters in image formation, the remaining quantity of the consumable and other parameters.
  • the consumable chip in the embodiment of the present application also stores information such as digital certificates.
  • the non-volatile storage unit is used to store the digital certificate of the CA server and other information that needs to be saved when the power is turned off.
  • a complete image forming device includes consumables, and in the embodiment of this application, unless otherwise specified, in the following description of the verification method, the image forming device refers to the body structure of the image forming device that does not contain consumables, and the body of the image forming device Specifically, the structure may include an image forming control unit, for example, sending a message to an image forming device, specifically, sending a message to an image forming control unit. In other embodiments, it may also be other components with communication functions in the image forming device, for example, a message may also be sent to the wireless communication module of the image forming device, and the image forming control unit on the side of the image forming device communicates with the Consumable chip communication.
  • an image forming control unit for example, sending a message to an image forming device, specifically, sending a message to an image forming control unit.
  • it may also be other components with communication functions in the image forming device, for example, a message may also be sent to the wireless communication module of the image forming device, and
  • the complete image forming device is divided into consumables and the main body structure of the image forming device for description, and in the process of interaction between the consumable chip and the image forming device, the image forming device refers The body structure of consumables.
  • the body or body structure of the image forming apparatus refers to at least one of other hardware components in the image forming apparatus except consumables.
  • the embodiment of the present application provides a verification method.
  • the execution subject is a consumable chip.
  • the consumable chip is a chip manufactured based on PUF-Physically Unclonable Function (PUF).
  • PUF ID the unique hardware identifier
  • the PUFID is an electrical and electrical fingerprint.
  • the electronic fingerprint is related to the naturally occurring physical characteristics of semiconductor devices during the wafer manufacturing process and is used to distinguish other same Semiconductor equipment (such as consumable chips).
  • the method may include the following processes:
  • a digital certificate is stored in the consumable chip, and the digital certificate information includes at least a first public key, and the first public key is generated based on the unique hardware identifier PUF ID of the consumable chip. For example, an asymmetric encryption algorithm is implemented on the unique hardware identifier, and the generated public key is the first public key. The first public key is associated with the PUF ID.
  • the digital certificate is stored in the consumable chip, which may be stored in the chip control unit, or stored in a storage unit external to the chip control unit.
  • the consumable chip After receiving the first request sent by the image forming device, the consumable chip will send a first feedback message to the image forming device, and the first feedback message carries digital certificate information.
  • the first request is a request issued by the image forming apparatus for obtaining a digital certificate.
  • the identity challenge message carries a first encryption result, and the first encryption result is obtained by encrypting the first random number with the first public key; the first random number is generated by the image forming device.
  • the image forming device verifies the digital certificate sent by the consumable chip, and generates a random number after passing the verification, and the random number is the first random number.
  • the digital certificate not only includes the first public key generated based on the PUF ID of the consumable chip, but also includes the signature value of the digital certificate, which can be understood as a key used to identify the identity of the digital certificate Uniquely identifying information.
  • the signature value of the digital certificate can be calculated and generated based on the first public key and digital certificate attribute information according to a preset algorithm, where the attribute information can include digital certificate ID, digital certificate version, issuer, user, issuer At least one item of information such as date, validity period, and signature algorithm.
  • the image forming device After receiving the digital certificate, the image forming device verifies the signature value of the digital certificate, and generates a random number as the first random number if the verification is passed. How to generate a signature value and how to verify the signature value will be explained in detail later.
  • the image forming device encrypts the first random number with the first public key, and then sends the encrypted data (first encryption result) to the consumable chip.
  • the consumable chip uses the first private key to decrypt the first encryption result to obtain a second random number.
  • the first private key is also generated based on the PUF ID, and the first private key and the first public key are respectively the private key and the public key in a key pair generated based on an asymmetric encryption algorithm.
  • the first private key may also be generated by the consumable chip in real time after receiving the identity challenge message.
  • the consumable chip obtains its own PUF ID, performs an asymmetric encryption operation based on the PUF ID, and generates the same private key as the first private key.
  • a public key is paired with a first private key.
  • the first private key can be pre-stored in the consumable chip, that is, before the consumable chip leaves the factory, the corresponding first private key and the first public key are generated in advance according to the PUF ID of the consumable chip. The key is stored as a part of the digital certificate, and then the first private key is encrypted and stored.
  • the data encrypted with the first public key (the first encryption result) can be encrypted using the first A private key is used for decryption, and only the first private key can be decrypted. If the consumable chip can decrypt the first encryption result and the decrypted random number is correct, so when the image forming device sends a query message to the consumable chip, the response information obtained by the image forming device by decrypting the first random number is correct , the consumable chip is considered legal, otherwise it is illegal.
  • Legal in this embodiment of the application refers to meeting predetermined requirements, for example, an original chip or a chip that is authorized to be produced.
  • a legal chip is a chip that meets predetermined requirements.
  • the second random number is used as the symmetric key to encrypt the response content used to respond to the identity challenge message to obtain a second feedback message and send it to the image forming device.
  • the image forming device After receiving the second feedback message, the image forming device will use the first random number to decrypt the encrypted response content. If it can be decrypted correctly, it means that the password is symmetrical, that is, the decrypted password is the encrypted password, and the second The random number is the same as the first random number, so the response information of the identity challenge message obtained by decrypting the first random number is correct, then the verification is passed, and the consumable chip is a legal chip, and the verification is passed. If the first random number held by the image forming apparatus cannot decrypt the response content, for example, the decrypted content is garbled, then the consumable chip is considered to be an illegal chip.
  • the subsequent communication between the consumable chip and the image forming device can use the second random number (equal to the first random number) as the symmetric key for various communication messages Perform encryption processing.
  • the first random number is a number randomly generated by the image forming device during use, different devices may randomly generate different numbers, so it is meaningless to copy the random number, which can also prevent imitators from knowing the encryption in advance
  • a password is used to intercept a communication message or to send an encrypted message to an image forming device in imitation of a legitimate consumable chip.
  • the verification method provided by the embodiment of the present application can be implemented based on the system architecture shown in FIG. 2 .
  • a complete verification example is listed below in combination with Figure 2 and Figure 3.
  • the verification method provided by the embodiment of the present application can be implemented based on the following process:
  • the image forming control unit on the side of the image forming apparatus sends a request for acquiring a digital certificate (a first request).
  • the request message may be a message encrypted by the first encryption algorithm.
  • the first encryption algorithm may be a symmetric encryption algorithm, such as any one of the following symmetric encryption algorithms: Data Encryption Standard (Data Encryption Standard, DES), Advanced Encryption Standard (Advanced Encryption Standard , AES), Blowfish, RC2, RC4, RC5, IDEA (International Data Encryption Algorithm), SKIPJACK and other algorithms.
  • Data Encryption Standard Data Encryption Standard, DES
  • Advanced Encryption Standard Advanced Encryption Standard
  • Blowfish Blowfish
  • RC2, RC4, RC5 Blowfish
  • IDEA International Data Encryption Algorithm
  • SKIPJACK International Data Encryption Algorithm
  • the consumable chip After receiving the first request, the consumable chip first decrypts the first request through a first encryption algorithm to obtain request content, and then reads the digital certificate stored in the consumable chip according to the request content.
  • the digital certificate stored in the consumable chip is compressed information after encryption and compression processing, and the algorithm for encrypting and compressing the original plaintext information of the digital certificate is defined as the first compression algorithm, the first compression
  • the algorithm should use an encryption algorithm that supports restoration after compression, that is, an encryption algorithm that can restore the original plaintext data after compression.
  • the consumable chip sends a message including the compressed information of the digital certificate to the image forming device, specifically to the image forming control unit on the side of the image forming device.
  • the message sent in step 303 may also be encrypted using the first encryption algorithm.
  • the image forming control unit on the side of the image forming device decrypts the compressed information of the digital certificate obtained through the first encryption algorithm. Since the compressed information of the digital certificate is encrypted and stored, after reading it, it needs to be decrypted by the decryption algorithm corresponding to the first compression algorithm, that is, the plaintext file of the digital certificate is restored according to the first encryption compression algorithm. In addition to the first public key, the restored digital certificate also includes a signature value.
  • the memory on the side of the image forming apparatus may be a non-volatile storage unit in which verification information for verifying the signature value in the digital certificate is stored.
  • the verification information may be a CA server certificate.
  • the image forming control unit reads the CA server certificate in the non-volatile storage unit, verifies the signature value in the digital certificate sent by the consumable chip, and generates a random number A locally after the verification is passed, and save.
  • the image forming control unit uses the first public key in the digital certificate sent by the consumable chip to encrypt the random number A to obtain encrypted data (the first encryption result), and sends an identity carrying the first encryption result to the consumable chip. Challenge message.
  • the consumable chip After the consumable chip receives the identity challenge message, as an implementable method, it will read its own PUF ID and other information, and calculate the private key custom-generated from the PUF ID and other information through an asymmetric encryption algorithm (section A private key), the private key and the public key (the first public key) in the digital certificate of the consumable chip belong to the same public-private key pair, that is, the data encrypted by the first public key can only be decrypted by the first private key. Therefore, the consumable chip holding the first private key can decrypt the first encrypted result in the identity challenge message through the private key, and obtain the random number B.
  • section A private key asymmetric encryption algorithm
  • the consumable chip does not respond (it may not be decrypted), or the content of the identity challenge response is incorrect, it is determined to be a counterfeit consumable.
  • the consumable may be produced by copying the flash content of the original consumable, which may cause damage to the image of the original printer. damage to the device.
  • the first private key may also be pre-stored in the storage unit of the consumable chip, but it should be stored encrypted to prevent the first private key from leaking.
  • the consumable chip uses the random number B to symmetrically encrypt the response content used to respond to the identity challenge message, obtains the response message and sends it to the image forming control unit of the image forming device.
  • the image forming control unit of the image forming device uses the random number A as a decryption password to symmetrically decrypt the response message sent by the consumable chip.
  • the random number B on one side is equal, and the consumable chip is a legal chip, such as an original genuine consumable, and the verification is passed. If it cannot be decrypted or the decrypted response content is garbled, that is, the response content is incorrect, it is determined to be a counterfeit consumable.
  • the random number A (that is, the random number B) can be used as a symmetric key between the image forming device and the consumable chip to encrypt subsequent communication content.
  • the generation process of the digital certificate of the consumable chip is described below.
  • the digital certificate can be written into the consumable chip before leaving the factory.
  • the system architecture involved in the digital certificate generation process includes three parts, namely consumable chip, consumable chip production tooling equipment and certificate authority (Certificate Authority, CA) server.
  • the consumable chip is equivalent to a processor.
  • the processor has a hardware unique identifier PUF ID.
  • the PUF ID has been permanently written in the chip manufacturing factory and cannot be changed.
  • the CA server receives the certificate issuance request (second request) sent by the consumable chip production tooling equipment.
  • the second request includes but is not limited to the first public key generated based on the PUF ID and the attribute information of the digital certificate.
  • the attribute information of the digital certificate can include at least one of the issuance time, digital certificate version, signature algorithm, hash algorithm and other information.
  • the attribute information can include the digital certificate ID, digital certificate version, issuer, user, issue date, Validity period, signature algorithm and other information.
  • the CA server calculates a hash value through a hash algorithm for the second request information, and uses the private key (second private key) of the CA server to asymmetrically encrypt the hash value to generate a signature value, and sends the signature
  • the value is stored in a digital certificate, which is then stored in the consumable chip.
  • the digital certificate stored in the consumable chip can be compressed information encrypted by a specific compression encryption algorithm (the first compression algorithm), that is, Store digital certificates in encrypted compressed form.
  • the first compression algorithm the first compression algorithm
  • the key content in the digital certificate is extracted and compressed, the purpose is to reduce the size of the digital certificate file, and at the same time better protect the plain text content of the digital certificate.
  • Obtain the PUF ID of the consumable chip generate the first public key, then obtain the attribute information of the digital certificate, combine the attribute information with the first public key, and then perform a hash algorithm on the combined data to obtain a hash value; for example, hash
  • the column algorithm may be a hash operation to obtain a corresponding hash value; then, the second private key is used to sign the hash value to obtain the signature value of the digital certificate.
  • the issued digital certificate includes the first public key and the signature value.
  • a second public key will be written in the memory (such as a non-volatile storage unit) in the image forming apparatus before leaving the factory, and the second public key is the same as the first public key.
  • the two private keys belong to the same key pair, that is, the signature value signed by the second private key, and only the second public key can pass the signature verification. That is to say, during the manufacturing process of the original consumable chip, the signature value of its digital certificate, only the manufacturer of the image forming device such as the original printer can master the public key for verifying the signature, that is to say, only the original The consumable chip can pass the signature verification.
  • encryption algorithms such as the first encryption algorithm (excluding asymmetric encryption algorithms) can also be the following algorithm process: before or after the text content of the message, a large random number is embedded, such as: 2345774356, the encryption algorithm Then extract the 2nd, 3rd, 5th, and 6th bits of the large random number as the symmetric key, and encrypt and decrypt the data. When decrypting, read the large random number and extract the 2nd, 3rd, 5th, and 6th bits As a decryption key, decryption is realized. The specific number of digits to be extracted can be agreed upon in advance.
  • encryption algorithms such as the first encryption algorithm can also be in the form of a password book. This application aims to protect the technical ideas of information interaction and information storage, and the specific encryption algorithms are not listed one by one.
  • the embodiment of the present application also provides a consumable chip, the consumable chip stores digital certificate information; the digital certificate information includes at least a first public key; the first public key is based on the unique hardware identifier PUF of the consumable chip ID generation.
  • the chip control unit is also used to obtain the unique hardware identifier PUF ID of the consumable chip, and generate the first private key based on the PUF ID.
  • the first private key and the first public key belong to the same key pair; the first private key is used for
  • the first encryption result is decrypted to obtain a second random number; wherein, the first encryption result is obtained by encrypting the first random number with a first public key; the first random number is generated by the image forming device; the second random number, Validation results used to determine consumable chips.
  • the second random number can be used as the symmetric key to encrypt the data
  • the first random number can be used as the decryption key to decrypt the data. If the decryption is possible and the decrypted content is correct, the verification is considered to be passed, otherwise the verification is not passed.
  • the chip control unit further includes an encryption unit and a decryption unit, wherein the encryption unit is configured to encrypt data to be sent to the image forming device, and the decryption unit is configured to receive the encrypted data sent by the image forming device and encrypt the encrypted data. The data is decrypted.
  • the encryption unit or the decryption unit may be an algorithm module supporting an algorithm such as an asymmetric encryption algorithm and/or a first encryption algorithm.
  • the above digital certificate information also includes a signature value
  • the signature value is generated based on the first public key and the attribute information of the digital certificate, and the signature value is used for comparison with a preset signature value to The validity of the signature value is determined.
  • the attribute information of the digital certificate includes at least one of the following information: digital certificate ID, digital certificate version, issuer, user, issue date, validity period, and signature algorithm.
  • the chip control unit is configured to receive an identity challenge message and determine response information corresponding to the above identity challenge message, where the above identity challenge message includes the above first encryption result, and uses the above second random number as a symmetric key, for the above Encrypting the response content to obtain a second feedback message, and sending it to the above-mentioned image forming device; the above-mentioned second feedback message is used to obtain the above-mentioned Verification result of the consumable chip.
  • the above-mentioned second feedback message is specifically used to obtain the verification result of the above-mentioned consumable chip as verification passed when the above-mentioned second feedback message can be decrypted by using the first random number and the obtained response content is correct.
  • the chip control unit is configured to use the second random number as a symmetric key to encrypt various communication messages sent to the image forming device when the verification result of the consumable chip is passed.
  • the consumable chip can be mounted on the circuit substrate of the consumable.
  • the circuit substrate includes a memory and contacts connected to the memory. Foot connection.
  • the embodiment of the present application also provides a consumable chip, the consumable chip is used to be installed on the consumable, the consumable is used to be detachably installed in the image forming device, the consumable chip stores digital certificate information, and is used to execute the The verification method in the example.
  • the embodiment of the present application also provides a consumable.
  • the overall hardware structure of the image forming apparatus is described first.
  • FIG. 4 shows a schematic structural diagram of an image forming apparatus involved in an embodiment of the present application.
  • the image forming part of the image forming device may include:
  • the developer container 11 is used for containing the developer, which may be materials such as toner, carbon powder, etc.;
  • the developing component 12 for example, includes components such as a developing roller;
  • the developer conveying element 13 includes components such as a powder feeding roller;
  • the transfer member 15, the fixing unit 5, and the like are the transfer member 15, the fixing unit 5, and the like.
  • the paper to be printed moves in the direction of paper feeding, and after successively passing through the powder feeding operation of the developer feeding member 13 and the developing operation of the developing unit 12, it reaches the nip area between the photosensitive unit 14 and the transfer unit 15 for transfer. Afterwards, it is fixed through the fixing assembly 5 to complete the image forming operation.
  • At least one consumable is installed in the image forming device, and the consumable is detachably connected to the body of the image forming device.
  • the image forming device is detachably installed with four consumables, which are consumables 1, 2, 3 and 4 shown in FIG.
  • the image forming apparatus supplies developers of four colors: black K, cyan C, magenta M, and yellow Y.
  • the number of consumables installed in the image forming apparatus may be increased or decreased, for example, 5 or 6 or even more or less, etc., which is not limited in the present application.
  • the method provided in the embodiment of the present application may be applied to a scenario where the number of consumables installed in the image forming apparatus is greater than or equal to two.
  • the consumable may only include the developer container 11 .
  • the embodiment of the present application also provides a consumable, including: a housing 51 , a developer accommodating part 11 and a consumable chip 52 , the developer accommodating part 11 is located in the housing 51 for Contains developer.
  • the consumables further include a developer conveying part for conveying the developer.
  • the developer conveying part may be a developing member, may be a developer conveying member, or may include a developing member and a developer conveying member, which is not limited here.
  • the consumables may further include a photosensitive drum and a charging roller for charging the photosensitive drum.
  • the consumable provided in the embodiment of the present application only includes a photosensitive drum 61 , a charging roller 62 and any consumable chip 52 described in the above embodiments.
  • the charging roller 62 is used to charge the photosensitive drum 61 .
  • the consumables may be developing cartridges.
  • the consumable can be a drum cartridge.
  • the consumables may have a split structure, for example, the consumables (1, 2, 3 or 4) respectively include a developing cartridge and a drum cartridge which are detachable from each other, wherein the developing cartridge includes a housing, a developer container 11, The developing member 12 and/or the developer conveying member 13; the drum cartridge includes a photosensitive member 14, that is, a photosensitive drum and a charging roller.
  • the developer conveying member 13 is used to convey the developer to the developing member 12, and the developing member 13 is used to convey the developer to the photosensitive drum.
  • the developer conveying element can also be other conveying components, such as powder pushing screw and other components.
  • the developer accommodating portion 11 is located in the casing for accommodating the developer.
  • the consumables are in an integrated structure, and the consumables (1, 2, 3, or 4) include a developer container 11, a developing member 12, a developer conveying member 13, a photosensitive member 14, etc., and the components are integrated into an integrated structure .
  • the verification scheme provided by the embodiment of the present application involves the communication between the main body of the image forming device and the consumable chip of the consumable.
  • Both the main body side of the image forming device and the consumable chip side include electrical contacts. When the part is in good contact with the electrical contact part on the side of the consumable chip, data can be stably transmitted between the image forming apparatus and the consumable chip.
  • the electrical contact may be a conductive plane, a conductive probe, a conductive coil, or the like.
  • the consumable chip sends a message to the image forming device, which may be through the electrical contact part on the chip side to the electrical contact part on the image forming device body side, and the image forming device sends a request or message to the consumable chip through
  • the electrical contacts on the body side of the image forming apparatus transmit messages to the electrical contacts on the chip side.
  • the embodiment of the present application also provides an image forming device, as shown in FIG. 7 , including:
  • a consumable 72, the consumable 72 is equipped with a consumable chip as described in any one of the above-mentioned embodiments;
  • the image forming control unit 71 is configured to implement the following operations: sending a first request for obtaining a digital certificate to the consumable chip; receiving a first feedback message sent by the consumable chip, and generating a first random number, using the The first public key carried in the first feedback message encrypts the first random number to obtain a first encryption result; sends an identity challenge message to the consumable chip, and the identity challenge message includes the first encryption result.
  • the image forming control unit on the side of the image forming apparatus is further configured to verify the validity of the signature value, and generate a first random number after the verification is passed.
  • the processor reads the verification information used to verify the signature from the non-volatile storage unit, and verifies the signature value in the digital certificate.
  • the image forming apparatus further includes a memory, and the memory may include a non-volatile storage unit 73, which stores a CA server digital certificate, and the CA server digital certificate stores information for verifying the signature value of the digital certificate of the consumable chip. verify message.
  • the number of the above-mentioned units, chips or processors can be one or more, and optionally, a memory is also provided, and the processor and the memory can be connected through a bus or in other ways.
  • the memory can be used to store non-transitory software programs, non-transitory computer-executable programs and modules, such as program instructions/modules corresponding to the devices in the embodiments of the present application.
  • the processor executes various functional applications and data processing by running non-transitory software programs, instructions and modules stored in the memory, that is, implements the anti-cracking method in any of the above method embodiments.
  • the memory may include a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program required by at least one function; and necessary data and the like.
  • the memory may include high-speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid-state storage devices.
  • An embodiment of the present application further provides a storage medium, and an executable program is stored in the storage medium, and when the executable program is run on the electronic device, the electronic device is made to execute the verification method in any of the foregoing embodiments.
  • all or part of them may be implemented by software, hardware, firmware or any combination thereof.
  • software When implemented using software, it may be implemented in whole or in part in the form of a computer program product.
  • the computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on the computer, the processes or functions according to the present application will be generated in whole or in part.
  • the computer can be a general purpose computer, a special purpose computer, a computer network, or other programmable devices.
  • the computer instructions may be stored in or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from a website, computer, server or data center Transmission to another website site, computer, server, or data center by wired (eg, coaxial cable, optical fiber, DSL) or wireless (eg, infrared, wireless, microwave, etc.) means.
  • the computer-readable storage medium may be any available medium that can be accessed by a computer, or a data storage device such as a server or a data center integrated with one or more available media.
  • the available medium may be a magnetic medium (for example, a floppy disk, a hard disk, a magnetic tape), an optical medium (for example, DVD), or a semiconductor medium (for example, a Solid State Disk).
  • "at least one” means one or more, and “multiple” means two or more.
  • “And/or” describes the association relationship of associated objects, indicating that there may be three kinds of relationships, for example, A and/or B may indicate that A exists alone, A and B exist simultaneously, or B exists alone. Among them, A and B can be singular or plural.
  • the character “/” generally indicates that the contextual objects are an “or” relationship.
  • “At least one of the following" and similar expressions refer to any combination of these items, including any combination of single or plural items.
  • At least one of a, b, and c may represent: a, b, c, a-b, a-c, b-c, or a-b-c, wherein a, b, and c may be single or multiple.

Abstract

The present application relates to the technical field of image forming, and in particular to a verification method, a consumable chip, a consumable and an image forming apparatus, by means of which the legitimacy of a consumable chip can be accurately verified. The method comprises: in response to a first request, a consumable chip sending a first feedback message to an image forming apparatus, wherein the first feedback message carries digital certificate information, the digital certificate information at least includes a first public key, and the first public key is generated on the basis of a unique hardware identifier PUF ID of the consumable chip; the consumable chip receiving an identity challenge message sent by the image forming apparatus, wherein the identity challenge message comprises a first encryption result, the first encryption result is obtained by means of encrypting a first random number by using the first public key, and the first random number is generated by the image forming apparatus; and the consumable chip decrypting the first encryption result by using a first private key, so as to obtain a second random number, wherein the second random number is used for obtaining a verification result of the consumable chip.

Description

验证方法、耗材芯片、耗材和图像形成装置Authentication method, consumable chip, consumable and image forming device
本申请要求于2021年12月30日提交中国专利局、申请号为202111649105.6、申请名称为“验证方法、耗材芯片、耗材和图像形成装置”的中国专利申请的优先权。This application claims the priority of the Chinese patent application with the application number 202111649105.6 and the application name "verification method, consumable chip, consumable and image forming device" submitted to the China Patent Office on December 30, 2021.
技术领域technical field
本申请涉及图像形成技术领域,特别涉及一种验证方法、耗材芯片、耗材和图像形成装置。The present application relates to the technical field of image formation, in particular to a verification method, a consumable chip, a consumable and an image forming device.
背景技术Background technique
目前,硒鼓、墨盒、粉盒等耗材作为一种消耗性产品,一般会可拆卸地安装到诸如打印机的图像形成装置中。耗材上安装有耗材芯片,耗材安装至图像形成装置之后,图像形成装置会在利用耗材执行打印或复印等成像作业之前,对耗材芯片进行检测,以确定耗材是否为合法耗材,例如是否为原装耗材或是否为合法的兼容耗材等,检测通过才会开始利用该耗材进行成像。进行检测的常规的做法是,图像形成装置中的控制器(例如图像形成控制单元),向耗材芯片发送一个质询信号,当耗材芯片回复的响应信号与图像形成装置中存储器里存储的信息匹配,且耗材芯片回复的响应信号的时间满足预定要求时,则认为该耗材为合法耗材。Currently, consumables such as toner cartridges, ink cartridges, and toner cartridges are generally detachably installed in image forming devices such as printers as consumable products. A consumable chip is installed on the consumable. After the consumable is installed in the image forming device, the image forming device will detect the consumable chip before using the consumable to perform imaging operations such as printing or copying, so as to determine whether the consumable is a legitimate consumable, such as whether it is an original consumable. Or whether it is a legal compatible consumable, etc., the consumable will start to use the consumable for imaging after passing the test. The conventional method of detection is that the controller in the image forming device (such as the image forming control unit) sends an inquiry signal to the consumable chip, and when the response signal returned by the consumable chip matches the information stored in the memory of the image forming device, And when the time of the response signal returned by the consumable chip meets the predetermined requirement, the consumable is considered as legal consumable.
在上述方案的实施过程中,发明人发现,由于图像形成装置内静电场的影响以及图像形成装置与耗材芯片之间的接触情况(例如接触面大小、形状、材质)等因素的影响,图像形成装置与耗材之间的通信常常会受到干扰,使得耗材芯片回复的响应信号的可靠性较差,例如,在通信受到干扰的情况下,耗材芯片回复的响应信号的时间可能会延迟,导致图像形成装置错误地将合法耗材芯片识别为不合法,或将不合法的耗材芯片识别为合法;另一方面,耗材芯片与图像形成装置之间进行通信的保护措施较为薄弱,响应信号容易被模仿者截获,模仿原装芯片发出响应信号,使得非原装耗材被识别为原装。非原装耗材等不合法耗材的使用,可能损害图像形成装置或者降低成像品质,影响用户体验。During the implementation of the above solution, the inventor found that due to the influence of the electrostatic field in the image forming device and the contact conditions (such as the size, shape, material) between the image forming device and the consumable chip, the image forming The communication between the device and consumables is often disturbed, making the reliability of the response signal returned by the consumable chip less reliable. For example, in the case of communication interference, the time of the response signal returned by the consumable chip may be delayed, resulting in image formation The device mistakenly identifies legitimate consumable chips as illegal, or recognizes illegal consumable chips as legitimate; on the other hand, the protection measures for communication between the consumable chip and the image forming device are relatively weak, and the response signal is easily intercepted by imitators , imitating the original chip to send a response signal, so that the non-original consumables are recognized as original. The use of illegal consumables such as non-original consumables may damage the image forming device or reduce the image quality, affecting user experience.
鉴于此,亟需一种方案以解决上述问题。In view of this, there is an urgent need for a solution to solve the above problems.
发明内容Contents of the invention
本申请实施例提供一种验证方法、耗材芯片、耗材和图像形成装置,能够提升对耗材芯片合法性校验的准确度,防止误判;还能够提升耗材芯片与图像形成装置本体之间的通信安全。The embodiment of the present application provides a verification method, a consumable chip, a consumable and an image forming device, which can improve the accuracy of the validity verification of the consumable chip and prevent misjudgment; and can also improve the communication between the consumable chip and the image forming device body Safety.
第一方面,本申请实施例提供一种验证方法,应用于耗材芯片,耗材芯片安装于耗材上,耗材可拆卸地安装于图像形成装置中,耗材芯片中存储有数字证书信息;方法包括:耗材芯片响应于第一请求,发送第一反馈消息至图像形成装置;其中,第一反馈消息中携带有数字证书信息,数字证书信息至少包含第一公钥;第一公钥基于耗材芯片的唯一硬件标识符PUF ID生成;第一请求为图像形成装置发出的用于获取数字证书的请求;耗材芯 片接收图像形成装置发送的身份质询消息;身份质询消息包括第一加密结果,第一加密结果通过采用第一公钥对第一随机数进行加密获得;第一随机数由图像形成装置生成;耗材芯片采用第一私钥对第一加密结果进行解密,得到第二随机数;其中,第一私钥基于PUF ID生成,且与第一公钥组成一个密钥对;第二随机数,用于获得耗材芯片的验证结果。In the first aspect, the embodiment of the present application provides a verification method, which is applied to a consumable chip, the consumable chip is installed on the consumable, the consumable is detachably installed in the image forming device, and digital certificate information is stored in the consumable chip; the method includes: consumable The chip sends a first feedback message to the image forming device in response to the first request; wherein, the first feedback message carries digital certificate information, and the digital certificate information includes at least a first public key; the first public key is based on the unique hardware of the consumable chip The identifier PUF ID is generated; the first request is a request sent by the image forming device for obtaining a digital certificate; the consumable chip receives the identity challenge message sent by the image forming device; the identity challenge message includes the first encryption result, and the first encryption result is obtained by using The first public key is used to encrypt the first random number; the first random number is generated by the image forming device; the consumable chip uses the first private key to decrypt the first encrypted result to obtain the second random number; wherein, the first private key It is generated based on the PUF ID and forms a key pair with the first public key; the second random number is used to obtain the verification result of the consumable chip.
第二方面,本申请实施例提供一种耗材芯片,耗材芯片用于安装到耗材上,耗材用于可拆卸地安装于图像形成装置中,耗材芯片中存储有数字证书信息;数字证书信息至少包含第一公钥;第一公钥基于耗材芯片的唯一硬件标识符PUF ID生成;芯片控制单元,还用于获取耗材芯片的唯一硬件标识符PUF ID,并基于PUF ID生成第一私钥,第一私钥与第一公钥属于同一密钥对;第一私钥用于对第一加密结果进行解密,以得到第二随机数;其中,第一加密结果通过采用第一公钥对第一随机数进行加密获得;第二随机数,用于获得耗材芯片的验证结果。In the second aspect, the embodiment of the present application provides a chip for consumables. The chip for consumables is used to be installed on consumables. The consumables are used to be detachably installed in an image forming device. Digital certificate information is stored in the consumables chip; the digital certificate information includes at least The first public key; the first public key is generated based on the unique hardware identifier PUF ID of the consumable chip; the chip control unit is also used to obtain the unique hardware identifier PUF ID of the consumable chip, and generate the first private key based on the PUF ID. A private key and the first public key belong to the same key pair; the first private key is used to decrypt the first encrypted result to obtain a second random number; The random number is obtained by encryption; the second random number is used to obtain the verification result of the consumable chip.
第三方面,本申请实施例提供一种耗材,包括:壳体;显影剂容纳部,位于壳体内,用于容纳显影剂;以及如上述第二方面中任一项所述的耗材芯片。In a third aspect, an embodiment of the present application provides a consumable, including: a housing; a developer container located in the housing for accommodating the developer; and the consumable chip according to any one of the above-mentioned second aspects.
第四方面,本申请实施例提供一种耗材,耗材包括:感光鼓;充电辊,用于对感光鼓充电;以及如上述第二方面中任一项所述的耗材芯片。In a fourth aspect, an embodiment of the present application provides a consumable, which includes: a photosensitive drum; a charging roller for charging the photosensitive drum; and the consumable chip according to any one of the above-mentioned second aspects.
第五方面,本申请实施例提供一种图像形成装置,包括:耗材,耗材上安装有如上述第二方面中任一项所述的耗材芯片;图像形成控制单元,用于:向耗材芯片发送用于获取数字证书的第一请求;接收耗材芯片发送的第一反馈消息,以及生成第一随机数,采用第一反馈消息中携带的第一公钥,对第一随机数进行加密,获得第一加密结果;向耗材芯片发送身份质询消息,身份质询消息中包含第一加密结果。In the fifth aspect, the embodiment of the present application provides an image forming apparatus, including: consumables, on which the consumables chip according to any one of the above-mentioned second aspects is installed; an image forming control unit, configured to: send the consumables chip To obtain the first request for a digital certificate; receive the first feedback message sent by the consumable chip, and generate a first random number, use the first public key carried in the first feedback message to encrypt the first random number, and obtain the first An encryption result; sending an identity challenge message to the consumable chip, where the identity challenge message includes the first encryption result.
本申请实施例中的验证方法、耗材芯片、耗材和图像形成装置,在耗材芯片中存储数字证书,数字证书中包含第一公钥,第一公钥基于耗材芯片的唯一硬件标识符生成,也就是第一公钥为与耗材芯片唯一硬件标识符关联的公开密钥;在耗材安装至图像形成装置中之后,耗材芯片响应于图像形成装置发送的获取数字证书的请求(第一请求),会返回携带有数字证书信息的反馈消息,图像形成装置得到第一公钥后,会采用第一公钥对产生的第一随机数进行加密,然后将加密后的数据(第一加密结果)发送至耗材芯片,若耗材芯片为合法芯片,则耗材芯片中会持有第一私钥,第一私钥基于唯一硬件标识符生成,也就是第一私钥为耗材芯片唯一硬件标识符关联的私有密钥,第一私钥能够对第一加密结果进行解密,解密出的第二随机数,与第一随机数相同,若耗材芯片为不合法芯片,则耗材芯片中不会持有第一私钥,因而也就无法对第一加密结果进行解密或者解密出的随机数与第一随机数不同,由此图像形成装置向耗材芯片发送身份质询消息时,图像形成装置通过第一随机数解密得到的响应信息是否正确,即可知耗材芯片是否合法。该方案不依赖于响应信号的反馈时间,因而不受耗材芯片与图像形成装置之间的通信环境的影响,且该方案中,只有合法的耗材芯片才能生成第一私钥,并且该第一私钥是基于唯一硬件标识符PUF ID生成,具有不可复制性,无法模仿,因而即便耗材芯片与图像形成装置之间的来往信息被截获,也不会影响对耗材芯片的验证,因而验证结果的可靠性更高。In the verification method, the consumable chip, the consumable and the image forming device in the embodiment of the present application, a digital certificate is stored in the consumable chip, and the digital certificate includes a first public key, and the first public key is generated based on the unique hardware identifier of the consumable chip, and also That is, the first public key is a public key associated with the unique hardware identifier of the consumable chip; after the consumable is installed in the image forming device, the consumable chip responds to the request (first request) for obtaining a digital certificate sent by the image forming device, Return the feedback message carrying the digital certificate information. After the image forming device obtains the first public key, it will use the first public key to encrypt the generated first random number, and then send the encrypted data (first encryption result) to The consumable chip, if the consumable chip is a legal chip, the consumable chip will hold the first private key, the first private key is generated based on the unique hardware identifier, that is, the first private key is the private key associated with the unique hardware identifier of the consumable chip key, the first private key can decrypt the first encryption result, and the decrypted second random number is the same as the first random number. If the consumable chip is an illegal chip, the consumable chip will not hold the first private key , so the first encryption result cannot be decrypted or the decrypted random number is different from the first random number, so when the image forming device sends an identity challenge message to the consumable chip, the image forming device decrypts the first random number If the response information is correct, you can know whether the consumable chip is legal. This scheme does not depend on the feedback time of the response signal, so it is not affected by the communication environment between the consumable chip and the image forming device, and in this scheme, only the legal consumable chip can generate the first private key, and the first private key The key is generated based on the unique hardware identifier PUF ID, which is non-replicable and cannot be imitated. Therefore, even if the exchange information between the consumable chip and the image forming device is intercepted, it will not affect the verification of the consumable chip, so the verification result is reliable. Sex is higher.
附图说明Description of drawings
图1为本申请实施例提供的一种验证方法的一个实施例的流程示意图;FIG. 1 is a schematic flow diagram of an embodiment of a verification method provided in an embodiment of the present application;
图2为本申请实施例提供的一种验证方法的系统架构图;FIG. 2 is a system architecture diagram of a verification method provided in an embodiment of the present application;
图3为本申请实施例提供的一种验证方法的交互流程图;Fig. 3 is an interactive flowchart of a verification method provided by the embodiment of the present application;
图4为本申请实施例中生成数字证书的交互流程图;FIG. 4 is an interactive flowchart for generating a digital certificate in the embodiment of the present application;
图5为本申请实施例提供的图像形成装置的结构剖面图;FIG. 5 is a structural cross-sectional view of an image forming device provided by an embodiment of the present application;
图6为本申请实施例提供的耗材的一个实施例的结构示意图;Fig. 6 is a schematic structural diagram of an embodiment of consumables provided by the embodiment of the present application;
图7为本申请实施例提供的图像形成装置的结构示意图。FIG. 7 is a schematic structural diagram of an image forming apparatus provided by an embodiment of the present application.
具体实施方式Detailed ways
本申请的实施方式部分使用的术语仅用于对本申请的具体实施例进行解释,而非旨在限定本申请。The terms used in the embodiments of the present application are only used to explain specific embodiments of the present application, and are not intended to limit the present application.
本申请实施例提供一种验证方法,可以应用于基于各种图像形成装置对耗材芯片进行验证的场景中,耗材与图像形成装置可拆卸连接,耗材芯片安装于耗材上,耗材芯片与耗材本体也是可拆卸连接。The embodiment of the present application provides a verification method, which can be applied to the scene of verifying consumable chips based on various image forming devices. Detachable connection.
图像形成装置是指用于执行图像形成作业的各种装置,图像形成作业可以是生成、打印、复印、扫描等作业中的至少一种,图像形成装置还可以用于接收和发送图像数据,示例性地,图像形成装置可以是喷墨打印机、激光打印机、LED(Light Emitting Diode,发光二极管)打印机、复印机、扫描仪或者多功能一体机传真机、以及在单个设备中执行以上功能的多功能外围设备(MFP,Multi-Functional Peripheral)。An image forming device refers to various devices used to perform image forming operations. An image forming job may be at least one of operations such as generation, printing, copying, and scanning. An image forming device may also be used to receive and send image data, for example Specifically, the image forming apparatus may be an inkjet printer, a laser printer, an LED (Light Emitting Diode, light emitting diode) printer, a copier, a scanner, or a multifunctional facsimile machine, and a multifunctional peripheral performing the above functions in a single device. Equipment (MFP, Multi-Functional Peripheral).
需要说明的是,完整的图像形成装置,主要包括图像形成控制单元图像形成部、耗材和存储器,其中,耗材包含耗材芯片,图像形成控制单元用于对图像形成装置整体进行控制,图像形成部用于基于图像数据,在图像形成控制单元的控制下在输送来的纸张上形成图像。It should be noted that a complete image forming device mainly includes an image forming control unit, an image forming part, consumables, and a memory, wherein the consumables include consumable chips, the image forming control unit is used to control the entire image forming device, and the image forming part is used for Based on the image data, an image is formed on the conveyed paper under the control of the image forming control unit.
具体地,图像形成控制单元可以为SoC(System on Chip,片上系统),SoC是一个微型的系统,由多个系统的部件组成,被配置为控制图像形成装置的成像处理操作,例如对图像数据进行线性纠正、降噪、坏点去除、细节增强等处理,从而提高图像输出的质量,图像形成控制单元还用于执行数据收发、命令收发、打印画像的引擎控制相关的处理操作,例如通过接口单元(包括但不限于USB端口、有线网络端口、无线网络端口或者其他接口等)来收发数据、打印引擎控制命令、状态等。具体地,图像形成控制单元,负责验证耗材芯片、读写耗材芯片上的特征信息及控制图像形成部。图像形成控制单元,取指定的图像形成参数,如高压参数等,并根据图像形成参数,协调各图像形成机构,使得在介质上显示出正确的图像内容。耗材,可以是硒鼓、墨盒、碳粉盒、激光碳粉盒、有机感光导体(Organic Photo Conductor,OPC,简称感光鼓)等。耗材芯片,指安装于耗材上的芯片,用于保存图像形成中的特征参数、耗材剩余量等参数,本申请实施例中的耗材芯片中,还保存数字证书等信息。非易失性存储单元,用于存放CA服务器数字证书及其它需掉电保存的信息。Specifically, the image forming control unit may be a SoC (System on Chip, system on a chip). SoC is a miniature system composed of multiple system components configured to control the imaging processing operations of the image forming device, such as processing image data Perform linear correction, noise reduction, bad point removal, detail enhancement and other processing to improve the quality of image output. The image formation control unit is also used to perform engine control related processing operations such as data transmission and reception, command transmission and printing, and image printing, for example, through the interface unit (including but not limited to USB port, wired network port, wireless network port or other interfaces, etc.) to send and receive data, print engine control commands, status, etc. Specifically, the image forming control unit is responsible for verifying the consumable chip, reading and writing characteristic information on the consumable chip, and controlling the image forming unit. The image forming control unit obtains specified image forming parameters, such as high voltage parameters, etc., and coordinates each image forming mechanism according to the image forming parameters, so that the correct image content is displayed on the medium. Consumables can be toner cartridges, ink cartridges, toner cartridges, laser toner cartridges, organic photoconductors (Organic Photo Conductor, OPC, referred to as photosensitive drums), etc. The consumable chip refers to the chip installed on the consumable, which is used to store the characteristic parameters in image formation, the remaining quantity of the consumable and other parameters. The consumable chip in the embodiment of the present application also stores information such as digital certificates. The non-volatile storage unit is used to store the digital certificate of the CA server and other information that needs to be saved when the power is turned off.
完整的图像形成装置是包含耗材的,而本申请实施例中,除特别限定以外,以下关于验证方法的描述中,图像形成装置均指不包含耗材的图像形成装置本体结构,图像形成装置的本体结构具体可以包括图像形成控制单元,例如,发送消息至图像形成装置,具体可 以是发送消息至图像形成控制单元。在其他实施例中,也可以是图像形成装置中的其他具有通信功能的部件,例如也可以发送消息至图像形成装置的无线通讯模块,图像形成装置一侧的图像形成控制单元通过无线通讯模块与耗材芯片通信。可以理解为,本申请实施例提供中,将完整的图像形成装置拆分为耗材和图像形成装置本体结构进行描述,在耗材芯片与图像形成装置进行交互的流程中,图像形成装置均指不包含耗材的本体结构。其中,图像形成装置的本体或者本体结构,指图像形成装置中除耗材以外的其他硬件部件中的至少一种。A complete image forming device includes consumables, and in the embodiment of this application, unless otherwise specified, in the following description of the verification method, the image forming device refers to the body structure of the image forming device that does not contain consumables, and the body of the image forming device Specifically, the structure may include an image forming control unit, for example, sending a message to an image forming device, specifically, sending a message to an image forming control unit. In other embodiments, it may also be other components with communication functions in the image forming device, for example, a message may also be sent to the wireless communication module of the image forming device, and the image forming control unit on the side of the image forming device communicates with the Consumable chip communication. It can be understood that, in the provision of the embodiment of the present application, the complete image forming device is divided into consumables and the main body structure of the image forming device for description, and in the process of interaction between the consumable chip and the image forming device, the image forming device refers The body structure of consumables. Wherein, the body or body structure of the image forming apparatus refers to at least one of other hardware components in the image forming apparatus except consumables.
本申请实施例提供一种验证方法,执行主体为耗材芯片,在一个实施例中,耗材芯片为基于物理不可克隆技术(PUF-Physically Unclonable Function,PUF)制造的芯片,每个耗材芯片具备一个唯一的ID,即唯一硬件标识符,可以简写为PUF ID,该PUFID是一种电电气指纹,该电子指纹与半导体器件在晶圆制造过程中的自然发生的物理特性有关,用作区分其他相同类型的半导体设备(如耗材芯片)。具体地,参阅图1所示,该方法可以包括如下流程:The embodiment of the present application provides a verification method. The execution subject is a consumable chip. In one embodiment, the consumable chip is a chip manufactured based on PUF-Physically Unclonable Function (PUF). Each consumable chip has a unique The ID, the unique hardware identifier, can be abbreviated as PUF ID. The PUFID is an electrical and electrical fingerprint. The electronic fingerprint is related to the naturally occurring physical characteristics of semiconductor devices during the wafer manufacturing process and is used to distinguish other same Semiconductor equipment (such as consumable chips). Specifically, referring to Figure 1, the method may include the following processes:
S101,响应于第一请求,发送第一反馈消息至图像形成装置。S101. Send a first feedback message to an image forming apparatus in response to a first request.
耗材芯片中存储有数字证书,数字证书信息至少包含第一公钥,第一公钥基于耗材芯片的唯一硬件标识符PUF ID生成。例如,对唯一硬件标识符实施非对称加密算法,生成的公开密钥即为第一公钥。第一公钥与PUF ID关联。A digital certificate is stored in the consumable chip, and the digital certificate information includes at least a first public key, and the first public key is generated based on the unique hardware identifier PUF ID of the consumable chip. For example, an asymmetric encryption algorithm is implemented on the unique hardware identifier, and the generated public key is the first public key. The first public key is associated with the PUF ID.
需要说明的是,数字证书存储在耗材芯片中,可以为存储在芯片控制单元中,或者存储在芯片控制单元外置的存储单元中。It should be noted that the digital certificate is stored in the consumable chip, which may be stored in the chip control unit, or stored in a storage unit external to the chip control unit.
耗材芯片在接收到图像形成装置发送的第一请求后,会向图像形成装置发送第一反馈消息,在第一反馈消息中携带有数字证书信息。第一请求,是图像形成装置发出的用于获取数字证书的请求。After receiving the first request sent by the image forming device, the consumable chip will send a first feedback message to the image forming device, and the first feedback message carries digital certificate information. The first request is a request issued by the image forming apparatus for obtaining a digital certificate.
S102,接收图像形成装置发送的身份质询消息。S102. Receive an identity challenge message sent by the image forming device.
身份质询消息中携带有第一加密结果,第一加密结果是采用第一公钥对第一随机数进行加密得到的;第一随机数是图像形成装置生成的。The identity challenge message carries a first encryption result, and the first encryption result is obtained by encrypting the first random number with the first public key; the first random number is generated by the image forming device.
具体地,作为一种可实施方式,图像形成装置会对耗材芯片发送的数字证书进行验证,验证通过后会生成一个随机数,该随机数即为第一随机数。Specifically, as an implementable manner, the image forming device verifies the digital certificate sent by the consumable chip, and generates a random number after passing the verification, and the random number is the first random number.
需要说明的是,在一个实施例中,数字证书中不仅包括基于耗材芯片的PUF ID生成的第一公钥,还包括数字证书的签名值,该签名值可以理解为用于标识数字证书身份的唯一标识信息。示例性地,数字证书的签名值,可以基于第一公钥和数字证书属性信息,按照预设算法计算生成的,其中属性信息可以包括数字证书ID、数字证书版本、颁发者、使用者、签发日期、有效期、签名算法等信息中的至少一项。It should be noted that, in one embodiment, the digital certificate not only includes the first public key generated based on the PUF ID of the consumable chip, but also includes the signature value of the digital certificate, which can be understood as a key used to identify the identity of the digital certificate Uniquely identifying information. Exemplarily, the signature value of the digital certificate can be calculated and generated based on the first public key and digital certificate attribute information according to a preset algorithm, where the attribute information can include digital certificate ID, digital certificate version, issuer, user, issuer At least one item of information such as date, validity period, and signature algorithm.
图像形成装置在接收到数字证书后,会对数字证书的签名值进行验证,验证通过的情况下,生成一个随机数作为第一随机数。后续会详细阐述如何生成签名值以及如何对该签名值进行验签。After receiving the digital certificate, the image forming device verifies the signature value of the digital certificate, and generates a random number as the first random number if the verification is passed. How to generate a signature value and how to verify the signature value will be explained in detail later.
然后,图像形成装置采用第一公钥对该第一随机数进行加密,然后将加密后的数据(第一加密结果)发送至耗材芯片。Then, the image forming device encrypts the first random number with the first public key, and then sends the encrypted data (first encryption result) to the consumable chip.
S103,耗材芯片采用第一私钥对第一加密结果进行解密,得到第二随机数。S103. The consumable chip uses the first private key to decrypt the first encryption result to obtain a second random number.
第一私钥也是基于PUF ID生成的,第一私钥与第一公钥分别为基于非对称加密算法 生成的一个密钥对中的私有秘钥和公开密钥。The first private key is also generated based on the PUF ID, and the first private key and the first public key are respectively the private key and the public key in a key pair generated based on an asymmetric encryption algorithm.
作为一种可实施方式,第一私钥也可以是耗材芯片在接收到身份质询消息之后实时生成的,具体地,耗材芯片获取自身的PUF ID,基于PUF ID进行非对称加密运算,生成与第一公钥相配对的第一私钥。在另外的实施方式中,第一私钥可以预先存储于耗材芯片中,也就是在耗材芯片出厂前,预先根据耗材芯片的PUF ID生成相应的第一私钥和第一公钥,第一公钥作为数字证书的一部分进行存储,然后将第一私钥进行加密存储。As an implementable manner, the first private key may also be generated by the consumable chip in real time after receiving the identity challenge message. Specifically, the consumable chip obtains its own PUF ID, performs an asymmetric encryption operation based on the PUF ID, and generates the same private key as the first private key. A public key is paired with a first private key. In another embodiment, the first private key can be pre-stored in the consumable chip, that is, before the consumable chip leaves the factory, the corresponding first private key and the first public key are generated in advance according to the PUF ID of the consumable chip. The key is stored as a part of the digital certificate, and then the first private key is encrypted and stored.
由于第一私钥和第一公钥为基于非对称加密算法生成的一个密钥对中的公开密钥和私有密钥,因而采用第一公钥加密的数据(第一加密结果)可以采用第一私钥进行解密,且只有第一私钥可以解密。如果耗材芯片能够对第一加密结果进行解密且解密得到的随机数也是正确的,因此在图像形成装置向耗材芯片发送质询消息时,图像形成装置通过第一随机数解密得到的响应信息是正确的,则认定耗材芯片为合法芯片,否则为不合法。Since the first private key and the first public key are the public key and the private key in a key pair generated based on an asymmetric encryption algorithm, the data encrypted with the first public key (the first encryption result) can be encrypted using the first A private key is used for decryption, and only the first private key can be decrypted. If the consumable chip can decrypt the first encryption result and the decrypted random number is correct, so when the image forming device sends a query message to the consumable chip, the response information obtained by the image forming device by decrypting the first random number is correct , the consumable chip is considered legal, otherwise it is illegal.
本申请实施例中的合法,指满足预定要求,例如为原装芯片或者经授权允许生产的芯片。合法芯片即为满足预定要求的芯片。Legal in this embodiment of the application refers to meeting predetermined requirements, for example, an original chip or a chip that is authorized to be produced. A legal chip is a chip that meets predetermined requirements.
具体地,一种可实施方式中:Specifically, in one possible implementation:
采用第二随机数作为对称密钥,对用于响应身份质询消息的响应内容进行加密,获得第二反馈消息,发送至图像形成装置。The second random number is used as the symmetric key to encrypt the response content used to respond to the identity challenge message to obtain a second feedback message and send it to the image forming device.
图像形成装置在接收到第二反馈消息后,会采用第一随机数对加密后的响应内容进行解密,如果能够正确解密,则说明密码对称,也就是解密的密码即为加密的密码,第二随机数与第一随机数相同,因而利用第一随机数解密得到的身份质询消息的响应信息是正确的,则验证通过,耗材芯片为合法芯片,验证通过。如果图像形成装置一侧持有的第一随机数无法对响应内容进行解密,例如解密出的内容为乱码,则认为耗材芯片为不合法芯片。After receiving the second feedback message, the image forming device will use the first random number to decrypt the encrypted response content. If it can be decrypted correctly, it means that the password is symmetrical, that is, the decrypted password is the encrypted password, and the second The random number is the same as the first random number, so the response information of the identity challenge message obtained by decrypting the first random number is correct, then the verification is passed, and the consumable chip is a legal chip, and the verification is passed. If the first random number held by the image forming apparatus cannot decrypt the response content, for example, the decrypted content is garbled, then the consumable chip is considered to be an illegal chip.
在耗材芯片的验证结果为验证通过的情况下,耗材芯片与图像形成装置之间的后续通信,就可以采用第二随机数(等同于第一随机数)作为对称密钥,对各种通信消息进行加密处理。In the case where the verification result of the consumable chip is verified as passed, the subsequent communication between the consumable chip and the image forming device can use the second random number (equal to the first random number) as the symmetric key for various communication messages Perform encryption processing.
由于第一随机数,是图像形成装置在使用过程中随机生成的一个数,不同的装置可能随机产生的数也不同,因而拷贝该随机数是没有意义的,这也能够防止模仿者提前获知加密密码来截获通信消息或者模仿合法耗材芯片向图像形成装置发出加密的消息。Since the first random number is a number randomly generated by the image forming device during use, different devices may randomly generate different numbers, so it is meaningless to copy the random number, which can also prevent imitators from knowing the encryption in advance A password is used to intercept a communication message or to send an encrypted message to an image forming device in imitation of a legitimate consumable chip.
参阅图2所示,本申请实施例提供验证方法可以基于图2所示的系统架构实施。为进一步理解本申请实施例提供的验证机制,下面结合图2和图3,列举一个完整的验证示例,该示例中,本申请实施例提供的验证方法可以基于如下流程实现:Referring to FIG. 2 , the verification method provided by the embodiment of the present application can be implemented based on the system architecture shown in FIG. 2 . In order to further understand the verification mechanism provided by the embodiment of the present application, a complete verification example is listed below in combination with Figure 2 and Figure 3. In this example, the verification method provided by the embodiment of the present application can be implemented based on the following process:
S301,图像形成装置中安装耗材后,图像形成装置一侧的图像形成控制单元,发出获取数字证书的请求(第一请求)。该请求消息可以是通过第一加密算法加密处理后的消息。S301. After the consumables are installed in the image forming apparatus, the image forming control unit on the side of the image forming apparatus sends a request for acquiring a digital certificate (a first request). The request message may be a message encrypted by the first encryption algorithm.
在一种可实施方式中,第一加密算法,可以是对称加密算法,例如可以是如下对称加密算法中的任意一种:数据加密标准(Data Encryption Standard,DES)、高级加密标准(Advanced Encryption Standard,AES)、Blowfish、RC2、RC4、RC5、IDEA(International Data Encryption Algorithm)、SKIPJACK等算法中的任意一种。In one possible implementation, the first encryption algorithm may be a symmetric encryption algorithm, such as any one of the following symmetric encryption algorithms: Data Encryption Standard (Data Encryption Standard, DES), Advanced Encryption Standard (Advanced Encryption Standard , AES), Blowfish, RC2, RC4, RC5, IDEA (International Data Encryption Algorithm), SKIPJACK and other algorithms.
S302,耗材芯片收到第一请求后,首先通过第一加密算法解密第一请求,获得请求内容,然后根据请求内容,读取耗材芯片中存储的数字证书。需要说明的是,在该示例中,存储于耗材芯片中的数字证书是经过加密压缩处理后的压缩信息,对数字证书的原始明文 信息进行加密压缩的算法定义为第一压缩算法,第一压缩算法应采用压缩后支持还原的加密算法,即压缩后能够还原出原始的明文数据的加密算法。S302. After receiving the first request, the consumable chip first decrypts the first request through a first encryption algorithm to obtain request content, and then reads the digital certificate stored in the consumable chip according to the request content. It should be noted that, in this example, the digital certificate stored in the consumable chip is compressed information after encryption and compression processing, and the algorithm for encrypting and compressing the original plaintext information of the digital certificate is defined as the first compression algorithm, the first compression The algorithm should use an encryption algorithm that supports restoration after compression, that is, an encryption algorithm that can restore the original plaintext data after compression.
S303,耗材芯片发送带有数字证书的压缩信息的消息至图像形成装置,具体可以是发送到图像形成装置一侧的图像形成控制单元。示例性地,该步骤303发送的消息也可以采用第一加密算法加密。S303. The consumable chip sends a message including the compressed information of the digital certificate to the image forming device, specifically to the image forming control unit on the side of the image forming device. Exemplarily, the message sent in step 303 may also be encrypted using the first encryption algorithm.
S304,图像形成装置一侧的图像形成控制单元,经过第一加密算法解密获得的数字证书的压缩信息。由于数字证书的压缩信息是加密保存的,所以读取出来后,需先通过第一压缩算法对应的解密算法进行解密,也就是根据第一加密压缩算法,还原出数字证书的明文文件。还原出的数字证书中,除包含第一公钥以外,还包含签名值。S304. The image forming control unit on the side of the image forming device decrypts the compressed information of the digital certificate obtained through the first encryption algorithm. Since the compressed information of the digital certificate is encrypted and stored, after reading it, it needs to be decrypted by the decryption algorithm corresponding to the first compression algorithm, that is, the plaintext file of the digital certificate is restored according to the first encryption compression algorithm. In addition to the first public key, the restored digital certificate also includes a signature value.
图像形成装置一侧的存储器可以是非易性存储单元,该非易性存储单元中存储有用于对数字证书中的签名值进行验证的验证信息。作为一种可实施方式,该验证信息可以是CA服务器证书。The memory on the side of the image forming apparatus may be a non-volatile storage unit in which verification information for verifying the signature value in the digital certificate is stored. As an implementable manner, the verification information may be a CA server certificate.
具体地,图像形成控制单元,读取非易性存储单元中的CA服务器证书,对耗材芯片发送过来的数字证书中的签名值进行验证,验证通过后,则在本地生成一个随机数A,并保存。Specifically, the image forming control unit reads the CA server certificate in the non-volatile storage unit, verifies the signature value in the digital certificate sent by the consumable chip, and generates a random number A locally after the verification is passed, and save.
S305,图像形成控制单元,使用耗材芯片发送过来的数字证书中的第一公钥加密随机数A,得到加密后的数据(第一加密结果),向耗材芯片发出携带有第一加密结果的身份质询消息。S305. The image forming control unit uses the first public key in the digital certificate sent by the consumable chip to encrypt the random number A to obtain encrypted data (the first encryption result), and sends an identity carrying the first encryption result to the consumable chip. Challenge message.
S306,耗材芯片接收到身份质询消息之后,作为一种可实施方式,会读取自身的PUF ID等信息,并通过非对称加密算法,计算出由PUF ID等信息自定义产生的私钥(第一私钥),该私钥和耗材芯片的数字证书中的公钥(第一公钥)属于同一对公私钥对,也就是第一公钥加密的数据,只有第一私钥才能解密。所以,持有第一私钥的耗材芯片能通过该私钥,解密身份质询消息中的第一加密结果,获取随机数B。S306. After the consumable chip receives the identity challenge message, as an implementable method, it will read its own PUF ID and other information, and calculate the private key custom-generated from the PUF ID and other information through an asymmetric encryption algorithm (section A private key), the private key and the public key (the first public key) in the digital certificate of the consumable chip belong to the same public-private key pair, that is, the data encrypted by the first public key can only be decrypted by the first private key. Therefore, the consumable chip holding the first private key can decrypt the first encrypted result in the identity challenge message through the private key, and obtain the random number B.
如果耗材芯片为合法芯片,那么能够基于PUF ID等信息计算出私钥,从而对第一加密结果进行解密,并且解密出的随机数B=随机数A时,由此图像形成装置可以利用随机数B解密耗材芯片反馈的信息,所以通过耗材芯片是否能够响应以及通过随机数A解密耗材芯片的反馈信息得到的响应信息是否正确,即可获得验证结果。If the consumable chip is a legitimate chip, then the private key can be calculated based on the PUF ID and other information to decrypt the first encrypted result, and when the decrypted random number B=random number A, the image forming device can use the random number B decrypts the information fed back by the consumable chip, so the verification result can be obtained by checking whether the consumable chip can respond and whether the response information obtained by decrypting the feedback information of the consumable chip through the random number A is correct.
如果耗材芯片无响应(可能无法解密),或者身份质询响应的内容不正确,则判定为赝品耗材,该耗材可能是通过拷贝复制原装耗材Flash内容而生产的,可能会对原装的打印机等图像形成装置造成损害。If the consumable chip does not respond (it may not be decrypted), or the content of the identity challenge response is incorrect, it is determined to be a counterfeit consumable. The consumable may be produced by copying the flash content of the original consumable, which may cause damage to the image of the original printer. damage to the device.
需要说明的是,在另外的实施方式中,第一私钥也可以预先存储到耗材芯片的储存单元中,但应进行加密保存,以防止第一私钥泄露。It should be noted that, in another implementation manner, the first private key may also be pre-stored in the storage unit of the consumable chip, but it should be stored encrypted to prevent the first private key from leaking.
S307,耗材芯片使用随机数B,对称加密用于响应身份质询消息的响应内容,获得响应消息发送到图像形成装置的图像形成控制单元。S307, the consumable chip uses the random number B to symmetrically encrypt the response content used to respond to the identity challenge message, obtains the response message and sends it to the image forming control unit of the image forming device.
S308,图像形成装置的图像形成控制单元,使用随机数A,作为解密的密码,对称解密耗材芯片发送的响应消息,如果能够解密,且解密出正确的响应内容,则认为随机数A与耗材芯片一侧的随机数B是相等的,耗材芯片为合法芯片,例如为原装正品耗材,验证通过。如果无法解密或者解密出的响应内容为乱码,也就是响应内容不正确,则判定为赝品耗材。S308. The image forming control unit of the image forming device uses the random number A as a decryption password to symmetrically decrypt the response message sent by the consumable chip. The random number B on one side is equal, and the consumable chip is a legal chip, such as an original genuine consumable, and the verification is passed. If it cannot be decrypted or the decrypted response content is garbled, that is, the response content is incorrect, it is determined to be a counterfeit consumable.
S309,进入安全通信阶段。在验证通过后,图像形成装置和耗材芯片之间,可以采用随机数A(也就是随机数B)作为对称密钥,加密后续通信内容。S309, entering the secure communication stage. After the verification is passed, the random number A (that is, the random number B) can be used as a symmetric key between the image forming device and the consumable chip to encrypt subsequent communication content.
下面对耗材芯片的数字证书的生成过程进行阐述。数字证书可以是耗材芯片在出厂前写入到耗材芯片中。数字证书的生成过程涉及的系统架构包括三部分,分别是耗材芯片、耗材芯片生产工装设备和证书颁发机构(Certificate Authority,CA)服务器。The generation process of the digital certificate of the consumable chip is described below. The digital certificate can be written into the consumable chip before leaving the factory. The system architecture involved in the digital certificate generation process includes three parts, namely consumable chip, consumable chip production tooling equipment and certificate authority (Certificate Authority, CA) server.
耗材芯片,相当于一颗处理器,该处理器拥有硬件唯一标识符PUF ID,该PUF ID在芯片制造厂时已永久写入,不可更改。The consumable chip is equivalent to a processor. The processor has a hardware unique identifier PUF ID. The PUF ID has been permanently written in the chip manufacturing factory and cannot be changed.
数字证书形成过程中,CA服务器接收到耗材芯片生产工装设备发送的证书签发请求(第二请求),该第二请求包含但不限于基于PUF ID生成的第一公钥以及数字证书的属性信息,数字证书的属性信息可以包括签发时长,数字证书版本、签名算法、散列算法等信息中的至少一种,例如属性信息可以包含数字证书ID、数字证书版本、颁发者、使用者、签发日期、有效期、签名算法等信息。CA服务器将该第二请求信息通过散列算法计算出一个散列值,并使用CA服务器的私钥(第二私钥)对该散列值进行非对称加密,生成签名值,并把该签名值存放在数字证书,然后该数字证书存放至耗材芯片中。During the formation of the digital certificate, the CA server receives the certificate issuance request (second request) sent by the consumable chip production tooling equipment. The second request includes but is not limited to the first public key generated based on the PUF ID and the attribute information of the digital certificate. The attribute information of the digital certificate can include at least one of the issuance time, digital certificate version, signature algorithm, hash algorithm and other information. For example, the attribute information can include the digital certificate ID, digital certificate version, issuer, user, issue date, Validity period, signature algorithm and other information. The CA server calculates a hash value through a hash algorithm for the second request information, and uses the private key (second private key) of the CA server to asymmetrically encrypt the hash value to generate a signature value, and sends the signature The value is stored in a digital certificate, which is then stored in the consumable chip.
需要说明的是,前面已经提及,作为一种可能的实施方式,耗材芯片中存储的数字证书,可以是采用特定的压缩加密算法(第一压缩算法)进行加密处理后的压缩信息,也就是以加密压缩的形式存储数字证书。It should be noted that, as mentioned above, as a possible implementation, the digital certificate stored in the consumable chip can be compressed information encrypted by a specific compression encryption algorithm (the first compression algorithm), that is, Store digital certificates in encrypted compressed form.
基于第一压缩算法,提取数字证书中的关键内容,并进行压缩,目的是为了减少数字证书文件的大小,同时也对数字证书的明文内容更好的保护。Based on the first compression algorithm, the key content in the digital certificate is extracted and compressed, the purpose is to reduce the size of the digital certificate file, and at the same time better protect the plain text content of the digital certificate.
需要说明的是,在一种可能的实施方式中,具体采用如下流程生成数字证书的签名值:It should be noted that, in a possible implementation manner, the following process is used to generate the signature value of the digital certificate:
获取耗材芯片的PUF ID,生成第一公钥,然后获取数字证书的属性信息,将属性信息和第一公钥进行组合,然后对组合后的数据实施散列算法,得到散列值;例如散列算法可以是哈希运算,得到相应的哈希值;然后,采用第二私钥,对该哈希值进行签名,得到数字证书的签名值。签发的数字证书中包含第一公钥和签名值。Obtain the PUF ID of the consumable chip, generate the first public key, then obtain the attribute information of the digital certificate, combine the attribute information with the first public key, and then perform a hash algorithm on the combined data to obtain a hash value; for example, hash The column algorithm may be a hash operation to obtain a corresponding hash value; then, the second private key is used to sign the hash value to obtain the signature value of the digital certificate. The issued digital certificate includes the first public key and the signature value.
需要说明的是,作为一种可能的实施方式,图像形成装置中的存储器中(例如非易失性存储单元)中,在出厂前,会写入一个第二公钥,第二公钥与第二私钥属于同一个密钥对,也就是采用第二私钥进行签名的签名值,只有第二公钥才能验签通过。也就是原装的耗材芯片在生产制造过程中,其数字证书的签名值,只有原装的打印机等图像形成装置的生产制造方,才能掌握对该签名进行验签的公钥,也就是说,只有原装的耗材芯片,才能够验签通过。It should be noted that, as a possible implementation manner, a second public key will be written in the memory (such as a non-volatile storage unit) in the image forming apparatus before leaving the factory, and the second public key is the same as the first public key. The two private keys belong to the same key pair, that is, the signature value signed by the second private key, and only the second public key can pass the signature verification. That is to say, during the manufacturing process of the original consumable chip, the signature value of its digital certificate, only the manufacturer of the image forming device such as the original printer can master the public key for verifying the signature, that is to say, only the original The consumable chip can pass the signature verification.
在一种实施方式中,第一加密算法等加密算法(不包括非对称加密算法)还可以是如下算法过程:在消息的正文内容之前或之后,嵌入一个大随机数,如:2345774356,加密算法则提取大随机数中的第2,3,5,6位作为对称密钥,对数据进行加解密,在解密时,则读取该大随机数,并且提取第2,3,5,6位作为解密的密钥,实现解密。具体提取的位数可以预先约定。此外,第一加密算法等加密算法还可以采用密码簿等形式,本申请旨在保护信息交互、信息存储的技术思路,具体加密算法不逐一列举。In one embodiment, encryption algorithms such as the first encryption algorithm (excluding asymmetric encryption algorithms) can also be the following algorithm process: before or after the text content of the message, a large random number is embedded, such as: 2345774356, the encryption algorithm Then extract the 2nd, 3rd, 5th, and 6th bits of the large random number as the symmetric key, and encrypt and decrypt the data. When decrypting, read the large random number and extract the 2nd, 3rd, 5th, and 6th bits As a decryption key, decryption is realized. The specific number of digits to be extracted can be agreed upon in advance. In addition, encryption algorithms such as the first encryption algorithm can also be in the form of a password book. This application aims to protect the technical ideas of information interaction and information storage, and the specific encryption algorithms are not listed one by one.
本申请实施例还提供一种耗材芯片,该耗材芯片中存储有数字证书信息;所述数字证书信息至少包含第一公钥;所述第一公钥基于所述耗材芯片的唯一硬件标识符PUF ID生成。The embodiment of the present application also provides a consumable chip, the consumable chip stores digital certificate information; the digital certificate information includes at least a first public key; the first public key is based on the unique hardware identifier PUF of the consumable chip ID generation.
芯片控制单元,还用于获取耗材芯片的唯一硬件标识符PUF ID,并基于PUF ID生成第一私钥,第一私钥与第一公钥属于同一密钥对;第一私钥用于对第一加密结果进行解密,以得到第二随机数;其中,第一加密结果通过采用第一公钥对第一随机数进行加密获得;第一随机数由图像形成装置生成;第二随机数,用于确定耗材芯片的验证结果。例如,可以将第二随机数作为对称密钥进行加密后的数据,以第一随机数作为解密密钥进行解密,如果能够解密且解密出的内容正确,则认为验证通过,否则验证不通过。The chip control unit is also used to obtain the unique hardware identifier PUF ID of the consumable chip, and generate the first private key based on the PUF ID. The first private key and the first public key belong to the same key pair; the first private key is used for The first encryption result is decrypted to obtain a second random number; wherein, the first encryption result is obtained by encrypting the first random number with a first public key; the first random number is generated by the image forming device; the second random number, Validation results used to determine consumable chips. For example, the second random number can be used as the symmetric key to encrypt the data, and the first random number can be used as the decryption key to decrypt the data. If the decryption is possible and the decrypted content is correct, the verification is considered to be passed, otherwise the verification is not passed.
可选的,芯片控制单元,还包括加密单元和解密单元,其中,加密单元被配置为对待发送给图像形成装置的数据进行加密,解密单元被配置为接收图像形成装置发送的加密数据并对加密数据进行解密。Optionally, the chip control unit further includes an encryption unit and a decryption unit, wherein the encryption unit is configured to encrypt data to be sent to the image forming device, and the decryption unit is configured to receive the encrypted data sent by the image forming device and encrypt the encrypted data. The data is decrypted.
具体地,加密单元或解密单元,可以是支持非对称加密算法和/或第一加密算法等算法的算法模块。Specifically, the encryption unit or the decryption unit may be an algorithm module supporting an algorithm such as an asymmetric encryption algorithm and/or a first encryption algorithm.
可选地,上述数字证书信息中还包括签名值,所述签名值基于所述第一公钥和所述数字证书的属性信息生成,所述签名值用于与预设签名值进行比较,以确定所述签名值的合法性。Optionally, the above digital certificate information also includes a signature value, the signature value is generated based on the first public key and the attribute information of the digital certificate, and the signature value is used for comparison with a preset signature value to The validity of the signature value is determined.
可选地,上述数字证书的属性信息包括如下各种信息中的至少一种:数字证书ID、数字证书版本、颁发者、使用者、签发日期、有效期、签名算法。Optionally, the attribute information of the digital certificate includes at least one of the following information: digital certificate ID, digital certificate version, issuer, user, issue date, validity period, and signature algorithm.
可选地,芯片控制单元,用于接收身份质询消息并确定上述身份质询消息对应的响应信息,上述身份质询消息包括上述第一加密结果,并采用上述第二随机数作为对称密钥,对上述响应内容进行加密,获得第二反馈消息,发送至上述图像形成装置;上述第二反馈消息,用于根据采用第一随机数对上述第二反馈消息进行解密获得的响应内容是否正确,来获得上述耗材芯片的验证结果。Optionally, the chip control unit is configured to receive an identity challenge message and determine response information corresponding to the above identity challenge message, where the above identity challenge message includes the above first encryption result, and uses the above second random number as a symmetric key, for the above Encrypting the response content to obtain a second feedback message, and sending it to the above-mentioned image forming device; the above-mentioned second feedback message is used to obtain the above-mentioned Verification result of the consumable chip.
可选地,上述第二反馈消息,具体用于在采用第一随机数对上述第二反馈消息能够解密,且获得的响应内容正确的情况下,获得上述耗材芯片的验证结果为验证通过。Optionally, the above-mentioned second feedback message is specifically used to obtain the verification result of the above-mentioned consumable chip as verification passed when the above-mentioned second feedback message can be decrypted by using the first random number and the obtained response content is correct.
可选地,上述芯片控制单元,用于在上述耗材芯片的验证结果为验证通过时,采用上述第二随机数作为对称密钥,对发送至上述图像形成装置的各种通信消息进行加密。Optionally, the chip control unit is configured to use the second random number as a symmetric key to encrypt various communication messages sent to the image forming device when the verification result of the consumable chip is passed.
从硬件实现角度而言,在一个实施例中,耗材芯片具体可以安装于耗材的电路基板上,该电路基板包括存储器和与存储器连接的触点,该触点用于与图像形成装置侧的引脚点连接。From the perspective of hardware implementation, in one embodiment, the consumable chip can be mounted on the circuit substrate of the consumable. The circuit substrate includes a memory and contacts connected to the memory. Foot connection.
本申请实施例还提供一种耗材芯片,耗材芯片用于安装到耗材上,耗材用于可拆卸地安装于图像形成装置中,耗材芯片中存储有数字证书信息,且用于执行如本申请实施例中的验证方法。The embodiment of the present application also provides a consumable chip, the consumable chip is used to be installed on the consumable, the consumable is used to be detachably installed in the image forming device, the consumable chip stores digital certificate information, and is used to execute the The verification method in the example.
本申请实施例还提供一种耗材,为便于理解本申请实施例提供的耗材的硬件结构,先对图像形成装置的整体硬件结构进行描述。The embodiment of the present application also provides a consumable. In order to facilitate understanding of the hardware structure of the consumable provided in the embodiment of the present application, the overall hardware structure of the image forming apparatus is described first.
参阅图4所示,图4示出了本申请一个实施例中涉及到的图像形成装置的结构示意图。Referring to FIG. 4 , FIG. 4 shows a schematic structural diagram of an image forming apparatus involved in an embodiment of the present application.
请参阅图4,作为一种图像形成装置的示例,图像形成装置的图像形成部可以包括:Please refer to FIG. 4, as an example of an image forming device, the image forming part of the image forming device may include:
显影剂容纳部11,用于容纳显影剂,该显影剂可以为诸如色粉、碳粉等材料;The developer container 11 is used for containing the developer, which may be materials such as toner, carbon powder, etc.;
显影部件12,例如包括显影辊等部件;The developing component 12, for example, includes components such as a developing roller;
显影剂输送元件13,例如包括送粉辊等部件;The developer conveying element 13, for example, includes components such as a powder feeding roller;
感光部件14,例如包括感光鼓OPC和充电辊等,充电辊用于对感光鼓充电;The photosensitive component 14, for example, includes a photosensitive drum OPC and a charging roller, etc., and the charging roller is used to charge the photosensitive drum;
转印部件15及定影组件5等。The transfer member 15, the fixing unit 5, and the like.
待打印的纸张按照走纸方向进行运动,依次经过显影剂输送元件13的送粉操作、显影部件12的显影操作之后,到达感光部件14与转印部件15之间的夹持区域进行转印,之后经过定影组件5进行定影,以完成图像形成操作。The paper to be printed moves in the direction of paper feeding, and after successively passing through the powder feeding operation of the developer feeding member 13 and the developing operation of the developing unit 12, it reaches the nip area between the photosensitive unit 14 and the transfer unit 15 for transfer. Afterwards, it is fixed through the fixing assembly 5 to complete the image forming operation.
通常图像形成装置内安装有至少一个耗材,耗材与图像形成装置的本体可拆卸连接。Generally, at least one consumable is installed in the image forming device, and the consumable is detachably connected to the body of the image forming device.
以图4所示的图像形成装置为例,图像形成装置可拆卸地安装有4个耗材,分别为图5所示的耗材1、耗材2、耗材3和耗材4,4个耗材分别用于为图像形成装置提供黑色K、青色C、品红色M、黄色Y四种颜色的显影剂。在另外的实施方式中,图像形成装置所安装的耗材的数量可以增加或者减少,例如为5个或者6个甚至更多或者更少等等,本申请对此不做限定。本申请实施例提供的方法可以应用于图像形成装置所安装的耗材的数量大于或等于2的场景。Taking the image forming device shown in FIG. 4 as an example, the image forming device is detachably installed with four consumables, which are consumables 1, 2, 3 and 4 shown in FIG. The image forming apparatus supplies developers of four colors: black K, cyan C, magenta M, and yellow Y. In another embodiment, the number of consumables installed in the image forming apparatus may be increased or decreased, for example, 5 or 6 or even more or less, etc., which is not limited in the present application. The method provided in the embodiment of the present application may be applied to a scenario where the number of consumables installed in the image forming apparatus is greater than or equal to two.
对于安装芯片的耗材而言,在一个实施例中,耗材可以仅包括显影剂容纳部11。For a chip-mounted consumable, in one embodiment, the consumable may only include the developer container 11 .
对应地,参阅图5所示,本申请实施例还提供一种耗材,包括:壳体51、显影剂容纳部11和耗材芯片52,显影剂容纳部11位于所述壳体51内,用于容纳显影剂。Correspondingly, as shown in FIG. 5 , the embodiment of the present application also provides a consumable, including: a housing 51 , a developer accommodating part 11 and a consumable chip 52 , the developer accommodating part 11 is located in the housing 51 for Contains developer.
在另一个实施例中,在图5所示结构基础上,耗材还包括显影剂输送部,用于输送所述显影剂。显影剂输送部可以为显影部件,也可以为显影剂输送元件,也可以包括显影部件和显影剂输送元件,在此不进行限定。In another embodiment, on the basis of the structure shown in FIG. 5 , the consumables further include a developer conveying part for conveying the developer. The developer conveying part may be a developing member, may be a developer conveying member, or may include a developing member and a developer conveying member, which is not limited here.
在又一个实施例中,耗材还可以进一步包括感光鼓和充电辊,充电辊用于对所述感光鼓充电。In yet another embodiment, the consumables may further include a photosensitive drum and a charging roller for charging the photosensitive drum.
或者,在参阅图6所示,在又一个实施例中,本申请实施例提供的耗材,仅包括感光鼓61、充电辊62以及上述实施例中阐述的任一种耗材芯片52。充电辊62用于对所述感光鼓61充电。Alternatively, as shown in FIG. 6 , in yet another embodiment, the consumable provided in the embodiment of the present application only includes a photosensitive drum 61 , a charging roller 62 and any consumable chip 52 described in the above embodiments. The charging roller 62 is used to charge the photosensitive drum 61 .
在其他一个实施例中,耗材可以为显影盒。或者,耗材可以为鼓盒。In another embodiment, the consumables may be developing cartridges. Alternatively, the consumable can be a drum cartridge.
示例性地,耗材可以是分体式结构,例如,耗材(1、2、3或4)分别包括可相互拆装的显影盒和鼓盒,其中,显影盒包括壳体、显影剂容纳部11、显影部件12和/或显影剂输送元件13;鼓盒包括感光部件14,即包括感光鼓和充电辊。在该实施方式中,显影剂输送元件13用于向显影部件12输送显影剂,显影部件13用于向感光鼓输送显影剂。其中,显影剂输送元件除了可以为送粉辊,还是为其他输送原件,例如推粉螺杆等部件。与上一实施方式相同,显影剂容纳部11位于壳体内,用于容纳显影剂。Exemplarily, the consumables may have a split structure, for example, the consumables (1, 2, 3 or 4) respectively include a developing cartridge and a drum cartridge which are detachable from each other, wherein the developing cartridge includes a housing, a developer container 11, The developing member 12 and/or the developer conveying member 13; the drum cartridge includes a photosensitive member 14, that is, a photosensitive drum and a charging roller. In this embodiment, the developer conveying member 13 is used to convey the developer to the developing member 12, and the developing member 13 is used to convey the developer to the photosensitive drum. Wherein, besides the powder feeding roller, the developer conveying element can also be other conveying components, such as powder pushing screw and other components. Same as the previous embodiment, the developer accommodating portion 11 is located in the casing for accommodating the developer.
示例性地,耗材为一体式结构,耗材(1、2、3或4)包括显影剂容纳部11、显影部件12、显影剂输送元件13、感光部件14等,且各部件集成为一体式结构。Exemplarily, the consumables are in an integrated structure, and the consumables (1, 2, 3, or 4) include a developer container 11, a developing member 12, a developer conveying member 13, a photosensitive member 14, etc., and the components are integrated into an integrated structure .
本申请实施例提供的验证方案,涉及图像形成装置的本体与耗材的耗材芯片之间的通信,图像形成装置的本体一侧与耗材芯片一侧均包含电接触部,图像形成装置本体的电接触部与耗材芯片侧的电接触部接触良好的情况下,在图像形成装置与耗材芯片之间可以稳定传输数据。电接触部可以是导电平面、导电探针、导电线圈等。The verification scheme provided by the embodiment of the present application involves the communication between the main body of the image forming device and the consumable chip of the consumable. Both the main body side of the image forming device and the consumable chip side include electrical contacts. When the part is in good contact with the electrical contact part on the side of the consumable chip, data can be stably transmitted between the image forming apparatus and the consumable chip. The electrical contact may be a conductive plane, a conductive probe, a conductive coil, or the like.
上述验证方法中,耗材芯片向图像形成装置发送消息,可以是通过芯片侧的电接触部传输消息至图像形成装置本体侧的电接触部,图像形成装置向耗材芯片发送请求或者消息,则是通过图像形成装置本体侧的电接触部传输消息至芯片侧的电接触部。In the above verification method, the consumable chip sends a message to the image forming device, which may be through the electrical contact part on the chip side to the electrical contact part on the image forming device body side, and the image forming device sends a request or message to the consumable chip through The electrical contacts on the body side of the image forming apparatus transmit messages to the electrical contacts on the chip side.
本申请实施例还提供一种图像形成装置,参阅图7所示,包括:The embodiment of the present application also provides an image forming device, as shown in FIG. 7 , including:
耗材72,所述耗材72上安装有如上述任一实施例所述的耗材芯片;A consumable 72, the consumable 72 is equipped with a consumable chip as described in any one of the above-mentioned embodiments;
图像形成控制单元71,用于实现如下操作:向所述耗材芯片发送用于获取数字证书的第一请求;接收所述耗材芯片发送的第一反馈消息,以及生成第一随机数,采用所述第一反馈消息中携带的第一公钥,对所述第一随机数进行加密,获得第一加密结果;向所述耗材芯片发送身份质询消息,所述身份质询消息中包含所述第一加密结果。The image forming control unit 71 is configured to implement the following operations: sending a first request for obtaining a digital certificate to the consumable chip; receiving a first feedback message sent by the consumable chip, and generating a first random number, using the The first public key carried in the first feedback message encrypts the first random number to obtain a first encryption result; sends an identity challenge message to the consumable chip, and the identity challenge message includes the first encryption result.
在数字证书信息还包含签名值的实施例中,图像形成装置一侧的图像形成控制单元,还用于对所述签名值的合法性进行验证,验证通过后生成第一随机数。例如处理器到非易失性存储单元中读取用于验证签名的验证信息,对数字证书中的签名值进行验证。示例性地,图像形成装置还包括存储器,存储器可以包括非易失性存储单元73,其存储有CA服务器数字证书,CA服务器数字证书中存储有用于对耗材芯片的数字证书的签名值进行验证的验证信息。In an embodiment where the digital certificate information further includes a signature value, the image forming control unit on the side of the image forming apparatus is further configured to verify the validity of the signature value, and generate a first random number after the verification is passed. For example, the processor reads the verification information used to verify the signature from the non-volatile storage unit, and verifies the signature value in the digital certificate. Exemplarily, the image forming apparatus further includes a memory, and the memory may include a non-volatile storage unit 73, which stores a CA server digital certificate, and the CA server digital certificate stores information for verifying the signature value of the digital certificate of the consumable chip. verify message.
上述单元、芯片或者处理器的数量可以为一个或多个,并且可选的,还设有存储器,处理器和存储器之间可以通过总线或者其他方式连接。存储器作为一种非暂态计算机可读存储介质,可用于存储非暂态软件程序、非暂态计算机可执行程序以及模块,如本申请实施例中的设备对应的程序指令/模块。处理器通过运行存储在存储器中的非暂态软件程序、指令以及模块,从而执行各种功能应用以及数据处理,即实现上述任意方法实施例中的防破解方法。存储器可以包括存储程序区和存储数据区,其中,存储程序区可存储操作系统、至少一个功能所需要的应用程序;以及必要数据等。此外,存储器可以包括高速随机存取存储器,还可以包括非暂态存储器,例如至少一个磁盘存储器件、闪存器件、或其他非暂态固态存储器件。The number of the above-mentioned units, chips or processors can be one or more, and optionally, a memory is also provided, and the processor and the memory can be connected through a bus or in other ways. As a non-transitory computer-readable storage medium, the memory can be used to store non-transitory software programs, non-transitory computer-executable programs and modules, such as program instructions/modules corresponding to the devices in the embodiments of the present application. The processor executes various functional applications and data processing by running non-transitory software programs, instructions and modules stored in the memory, that is, implements the anti-cracking method in any of the above method embodiments. The memory may include a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program required by at least one function; and necessary data and the like. In addition, the memory may include high-speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid-state storage devices.
本申请实施例还提供一种存储介质,存储介质中存储有可执行程序,当其在电子设备上运行时,使得电子设备执行上述任意实施例中的验证方法。An embodiment of the present application further provides a storage medium, and an executable program is stored in the storage medium, and when the executable program is run on the electronic device, the electronic device is made to execute the verification method in any of the foregoing embodiments.
在上述实施例中,可以全部或部分地通过软件、硬件、固件或者其任意组合来实现。当使用软件实现时,可以全部或部分地以计算机程序产品的形式实现。所述计算机程序产品包括一个或多个计算机指令。在计算机上加载和执行所述计算机程序指令时,全部或部分地产生按照本申请所述的流程或功能。所述计算机可以是通用计算机、专用计算机、计算机网络、或者其他可编程装置。所述计算机指令可以存储在计算机可读存储介质中,或者从一个计算机可读存储介质向另一个计算机可读存储介质传输,例如,所述计算机指令可以从一个网站站点、计算机、服务器或数据中心通过有线(例如同轴电缆、光纤、数字用户线)或无线(例如红外、无线、微波等)方式向另一个网站站点、计算机、服务器或数据中心进行传输。所述计算机可读存储介质可以是计算机能够存取的任何可用介质或者是包含一个或多个可用介质集成的服务器、数据中心等数据存储设备。所述可用介质可以是磁性介质,(例如,软盘、硬盘、磁带)、光介质(例如,DVD)、或者半导体介质(例如固态硬盘Solid State Disk)等。In the above embodiments, all or part of them may be implemented by software, hardware, firmware or any combination thereof. When implemented using software, it may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on the computer, the processes or functions according to the present application will be generated in whole or in part. The computer can be a general purpose computer, a special purpose computer, a computer network, or other programmable devices. The computer instructions may be stored in or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from a website, computer, server or data center Transmission to another website site, computer, server, or data center by wired (eg, coaxial cable, optical fiber, DSL) or wireless (eg, infrared, wireless, microwave, etc.) means. The computer-readable storage medium may be any available medium that can be accessed by a computer, or a data storage device such as a server or a data center integrated with one or more available media. The available medium may be a magnetic medium (for example, a floppy disk, a hard disk, a magnetic tape), an optical medium (for example, DVD), or a semiconductor medium (for example, a Solid State Disk).
本申请实施例中,“至少一个”是指一个或者多个,“多个”是指两个或两个以上。“和/或”,描述关联对象的关联关系,表示可以存在三种关系,例如,A和/或B,可以表示单独存在A、同时存在A和B、单独存在B的情况。其中A,B可以是单数或者复数。字符“/”一般表示前后关联对象是一种“或”的关系。“以下至少一项”及其类似表达,是指 的这些项中的任意组合,包括单项或复数项的任意组合。例如,a,b和c中的至少一项可以表示:a,b,c,a-b,a-c,b-c,或a-b-c,其中a,b,c可以是单个,也可以是多个。In the embodiments of the present application, "at least one" means one or more, and "multiple" means two or more. "And/or" describes the association relationship of associated objects, indicating that there may be three kinds of relationships, for example, A and/or B may indicate that A exists alone, A and B exist simultaneously, or B exists alone. Among them, A and B can be singular or plural. The character "/" generally indicates that the contextual objects are an "or" relationship. "At least one of the following" and similar expressions refer to any combination of these items, including any combination of single or plural items. For example, at least one of a, b, and c may represent: a, b, c, a-b, a-c, b-c, or a-b-c, wherein a, b, and c may be single or multiple.
以上仅为本申请的优选实施例而已,并不用于限制本申请,对于本领域的技术人员来说,本申请可以有各种更改和变化。凡在本申请的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本申请的保护范围之内。The above are only preferred embodiments of the present application, and are not intended to limit the present application. For those skilled in the art, there may be various modifications and changes in the present application. Any modifications, equivalent replacements, improvements, etc. made within the spirit and principles of this application shall be included within the protection scope of this application.

Claims (16)

  1. 一种验证方法,应用于耗材芯片,所述耗材芯片安装于耗材上,所述耗材可拆卸地安装于图像形成装置中,其特征在于,所述耗材芯片中存储有数字证书信息;所述方法包括:A verification method, applied to a consumable chip, the consumable chip is installed on the consumable, and the consumable is detachably installed in an image forming device, characterized in that digital certificate information is stored in the consumable chip; the method include:
    耗材芯片响应于第一请求,发送第一反馈消息至所述图像形成装置;其中,所述第一反馈消息中携带有所述数字证书信息,所述数字证书信息至少包含第一公钥;所述第一公钥基于所述耗材芯片的唯一硬件标识符PUF ID生成;所述第一请求为所述图像形成装置发出的用于获取数字证书的请求;The consumables chip sends a first feedback message to the image forming device in response to the first request; wherein, the first feedback message carries the digital certificate information, and the digital certificate information includes at least a first public key; The first public key is generated based on the unique hardware identifier PUF ID of the consumable chip; the first request is a request issued by the image forming device for obtaining a digital certificate;
    耗材芯片接收所述图像形成装置发送的身份质询消息;所述身份质询消息包括第一加密结果,所述第一加密结果通过采用所述第一公钥对第一随机数进行加密获得;所述第一随机数由所述图像形成装置生成;The consumable chip receives the identity challenge message sent by the image forming device; the identity challenge message includes a first encryption result obtained by encrypting a first random number with the first public key; the a first random number is generated by the image forming device;
    耗材芯片采用第一私钥对所述第一加密结果进行解密,得到第二随机数;其中,所述第一私钥基于所述PUF ID生成,且与所述第一公钥组成一个密钥对;所述第二随机数,用于获得所述耗材芯片的验证结果。The consumable chip uses the first private key to decrypt the first encryption result to obtain a second random number; wherein the first private key is generated based on the PUF ID and forms a key with the first public key Yes; the second random number is used to obtain the verification result of the consumable chip.
  2. 根据权利要求1所述的方法,其特征在于,The method according to claim 1, characterized in that,
    所述数字证书信息还包含签名值;所述签名值基于所述第一公钥和所述数字证书的属性信息生成;The digital certificate information also includes a signature value; the signature value is generated based on the first public key and attribute information of the digital certificate;
    所述第一随机数,在所述签名值的合法性通过验证后生成。The first random number is generated after the validity of the signature value is verified.
  3. 根据权利要求2所述的方法,其特征在于,所述数字证书的属性信息包括如下各种信息中的至少一种:The method according to claim 2, wherein the attribute information of the digital certificate includes at least one of the following information:
    数字证书ID、数字证书版本、颁发者、使用者、签发日期、有效期、签名算法。Digital certificate ID, digital certificate version, issuer, user, issue date, validity period, and signature algorithm.
  4. 根据权利要求1所述的方法,其特征在于,所述采用所述第一私钥对所述第一加密结果进行解密,得到第二随机数之后,所述方法还包括:The method according to claim 1, wherein after the first encrypted result is decrypted using the first private key to obtain the second random number, the method further comprises:
    采用所述第二随机数作为对称密钥,对用于响应所述身份质询消息的响应内容进行加密,获得第二反馈消息,发送至所述图像形成装置;所述第二反馈消息,用于根据采用第一随机数对所述第二反馈消息进行解密获得的响应内容是否正确,来获得所述耗材芯片的验证结果。Using the second random number as a symmetric key to encrypt the response content used to respond to the identity challenge message to obtain a second feedback message and send it to the image forming device; the second feedback message is used to The verification result of the consumable chip is obtained according to whether the response content obtained by decrypting the second feedback message by using the first random number is correct.
  5. 根据权利要求4所述的方法,其特征在于,The method according to claim 4, characterized in that,
    所述第二反馈消息,用于在采用第一随机数对所述第二反馈消息能够解密,且获得的响应内容正确的情况下,获得所述耗材芯片的验证结果为验证通过。The second feedback message is used to obtain a verification result of the consumable chip as verification passed if the second feedback message can be decrypted by using the first random number and the obtained response content is correct.
  6. 一种耗材芯片,所述耗材芯片用于安装到耗材上,所述耗材用于可拆卸地安装于图像形成装置中,其特征在于,所述耗材芯片中存储有数字证书信息;所述数字证书信息至少包含第一公钥;所述第一公钥基于所述耗材芯片的唯一硬件标识符PUF ID生成,所述耗材芯片包括:A chip for consumables, the chip for consumables is used to be installed on consumables, and the consumables are used to be detachably installed in an image forming device, characterized in that digital certificate information is stored in the chip for consumables; the digital certificate The information includes at least a first public key; the first public key is generated based on the unique hardware identifier PUF ID of the consumable chip, and the consumable chip includes:
    芯片控制单元,用于获取所述耗材芯片的唯一硬件标识符PUF ID,并基于所述PUFID生成第一私钥,所述第一私钥与所述第一公钥属于同一密钥对;并基于所述第一私钥对第一加密结果进行解密,以得到第二随机数;其中,所述第一加密结果通过采用所述第一公钥对第一随机数进行加密获得;所述第二随机数,用于获得所述耗材芯片的验证结果。A chip control unit, configured to obtain the unique hardware identifier PUF ID of the consumable chip, and generate a first private key based on the PUFID, where the first private key and the first public key belong to the same key pair; and Decrypt the first encryption result based on the first private key to obtain a second random number; wherein the first encryption result is obtained by encrypting the first random number with the first public key; the second random number is obtained by encrypting the first random number with the first public key; Two random numbers, used to obtain the verification result of the consumable chip.
  7. 根据权利要求6所述的耗材芯片,其特征在于,所述数字证书信息中还包括签名 值,所述签名值基于所述第一公钥和所述数字证书的属性信息生成,所述签名值用于与预设签名值进行比较,以确定所述签名值的合法性。The consumable chip according to claim 6, wherein the digital certificate information further includes a signature value, the signature value is generated based on the first public key and attribute information of the digital certificate, and the signature value It is used to compare with the preset signature value to determine the legitimacy of the signature value.
  8. 根据权利要求7所述的耗材芯片,其特征在于,所述数字证书的属性信息包括如下各种信息中的至少一种:The consumable chip according to claim 7, wherein the attribute information of the digital certificate includes at least one of the following information:
    数字证书ID、数字证书版本、颁发者、使用者、签发日期、有效期、签名算法。Digital certificate ID, digital certificate version, issuer, user, issue date, validity period, and signature algorithm.
  9. 根据权利要求6所述的耗材芯片,其特征在于,所述芯片控制单元,用于接收身份质询消息并确定所述身份质询消息对应的响应信息,所述身份质询消息包括所述第一加密结果,并采用所述第二随机数作为对称密钥,对所述响应内容进行加密,获得第二反馈消息,发送至所述图像形成装置;所述第二反馈消息,用于根据采用第一随机数对所述第二反馈消息进行解密获得的响应内容是否正确,来获得所述耗材芯片的验证结果。The consumable chip according to claim 6, wherein the chip control unit is configured to receive an identity challenge message and determine response information corresponding to the identity challenge message, the identity challenge message including the first encryption result , and use the second random number as a symmetric key to encrypt the response content to obtain a second feedback message and send it to the image forming device; the second feedback message is used to obtain a second feedback message based on the first random number Check whether the response content obtained by decrypting the second feedback message is correct to obtain the verification result of the consumable chip.
  10. 根据权利要求8所述的耗材芯片,其特征在于,所述第二反馈消息,具体用于在采用第一随机数对所述第二反馈消息能够解密,且获得的响应内容正确的情况下,获得所述耗材芯片的验证结果为验证通过。The consumable chip according to claim 8, wherein the second feedback message is specifically used to, when the first random number is used to decrypt the second feedback message and the obtained response content is correct, The verification result of obtaining the consumable chip is verification passed.
  11. 根据权利要求8所述的耗材芯片,其特征在于,所述芯片控制单元,用于在所述耗材芯片的验证结果为验证通过时,采用所述第二随机数作为对称密钥,对发送至所述图像形成装置的各种通信消息进行加密。The consumable chip according to claim 8, wherein the chip control unit is configured to use the second random number as a symmetric key when the verification result of the consumable chip is verified as a symmetric key, Various communication messages of the image forming apparatus are encrypted.
  12. 一种耗材,其特征在于,包括:A consumable, characterized in that, comprising:
    壳体;case;
    显影剂容纳部,位于所述壳体内,用于容纳显影剂;以及a developer accommodating portion, located in the housing, for accommodating developer; and
    如权利要求6-11中任一项所述的耗材芯片。The consumable chip according to any one of claims 6-11.
  13. 根据权利要求12所述的耗材,其特征在于,所述耗材还包括:The consumable according to claim 12, wherein the consumable further comprises:
    显影剂输送部,用于输送所述显影剂。The developer conveying part is used to convey the developer.
  14. 根据权利要求12所述的耗材,其特征在于,所述耗材还包括:The consumable according to claim 12, wherein the consumable further comprises:
    感光鼓;Photosensitive drum;
    充电辊,用于对所述感光鼓充电。a charging roller for charging the photosensitive drum.
  15. 一种耗材,其特征在于,所述耗材包括:A consumable, characterized in that the consumable comprises:
    感光鼓;Photosensitive drum;
    充电辊,用于对所述感光鼓充电;以及a charging roller for charging the photosensitive drum; and
    如权利要求6-11中任一项所述的耗材芯片。The consumable chip according to any one of claims 6-11.
  16. 一种图像形成装置,其特征在于,包括:An image forming device, comprising:
    耗材,所述耗材上安装有如权利要求6-11中任一项所述的耗材芯片;A consumable, on which the consumable chip according to any one of claims 6-11 is installed;
    图像形成控制单元,用于:image forming control unit for:
    向所述耗材芯片发送用于获取数字证书的第一请求;sending a first request for obtaining a digital certificate to the consumable chip;
    接收所述耗材芯片发送的第一反馈消息,以及生成第一随机数,采用所述第一反馈消息中携带的第一公钥,对所述第一随机数进行加密,获得第一加密结果;receiving a first feedback message sent by the consumable chip, and generating a first random number, and encrypting the first random number by using the first public key carried in the first feedback message to obtain a first encryption result;
    向所述耗材芯片发送身份质询消息,所述身份质询消息中包含所述第一加密结果。sending an identity challenge message to the consumable chip, where the identity challenge message includes the first encryption result.
PCT/CN2022/118896 2021-12-30 2022-09-15 Verification method, consumable chip, consumable and image forming apparatus WO2023124245A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202111649105.6 2021-12-30
CN202111649105.6A CN114236994B (en) 2021-12-30 2021-12-30 Verification method, consumable chip, consumable and image forming apparatus

Publications (1)

Publication Number Publication Date
WO2023124245A1 true WO2023124245A1 (en) 2023-07-06

Family

ID=80744629

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/118896 WO2023124245A1 (en) 2021-12-30 2022-09-15 Verification method, consumable chip, consumable and image forming apparatus

Country Status (2)

Country Link
CN (1) CN114236994B (en)
WO (1) WO2023124245A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117278330A (en) * 2023-11-21 2023-12-22 国网江西省电力有限公司电力科学研究院 Lightweight networking and secure communication method for electric power Internet of things equipment network

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200304322A1 (en) * 2019-03-22 2020-09-24 Lexmark International, Inc. Physical unclonable function encoder
CN114236994B (en) * 2021-12-30 2023-06-30 珠海奔图电子有限公司 Verification method, consumable chip, consumable and image forming apparatus

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7346586B1 (en) * 1997-07-15 2008-03-18 Silverbrook Research Pty Ltd Validation protocol and system
US20170005811A1 (en) * 2015-06-30 2017-01-05 Maxim Integrated Products, Inc. Systems and methods for authentication based on physically unclonable functions
CN109840433A (en) * 2017-11-29 2019-06-04 台湾积体电路制造股份有限公司 Method for being verified to device
CN113722698A (en) * 2020-05-26 2021-11-30 英飞凌科技股份有限公司 System, device, method for operating a system and computer program
CN114236994A (en) * 2021-12-30 2022-03-25 珠海奔图电子有限公司 Verification method, consumable chip, consumable and image forming apparatus

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110093714A1 (en) * 2009-10-20 2011-04-21 Infineon Technologies Ag Systems and methods for asymmetric cryptographic accessory authentication
CN104553384B (en) * 2014-12-25 2017-08-11 珠海艾派克微电子有限公司 The recognition methods of a kind of consumable chip and its sequence number and device
CN108804953B (en) * 2018-06-15 2020-03-27 杭州旗捷科技有限公司 Consumable chip and communication method thereof, and communication system and method of consumable chip and imaging device
CN109977656B (en) * 2019-04-08 2019-12-20 广州众诺电子技术有限公司 Identity verification method, consumable cartridge and storage medium
CN110481155B (en) * 2019-08-19 2021-04-13 佛山普瑞威尔科技有限公司 Safe printing method, chip, printing consumable and printer
CN112180699B (en) * 2020-09-29 2022-08-30 珠海奔图电子有限公司 Consumable chip, image forming apparatus, image forming control method, and consumable

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7346586B1 (en) * 1997-07-15 2008-03-18 Silverbrook Research Pty Ltd Validation protocol and system
US20170005811A1 (en) * 2015-06-30 2017-01-05 Maxim Integrated Products, Inc. Systems and methods for authentication based on physically unclonable functions
CN109840433A (en) * 2017-11-29 2019-06-04 台湾积体电路制造股份有限公司 Method for being verified to device
CN113722698A (en) * 2020-05-26 2021-11-30 英飞凌科技股份有限公司 System, device, method for operating a system and computer program
CN114236994A (en) * 2021-12-30 2022-03-25 珠海奔图电子有限公司 Verification method, consumable chip, consumable and image forming apparatus

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117278330A (en) * 2023-11-21 2023-12-22 国网江西省电力有限公司电力科学研究院 Lightweight networking and secure communication method for electric power Internet of things equipment network
CN117278330B (en) * 2023-11-21 2024-03-12 国网江西省电力有限公司电力科学研究院 Lightweight networking and secure communication method for electric power Internet of things equipment network

Also Published As

Publication number Publication date
CN114236994A (en) 2022-03-25
CN114236994B (en) 2023-06-30

Similar Documents

Publication Publication Date Title
WO2023124245A1 (en) Verification method, consumable chip, consumable and image forming apparatus
RU2598331C2 (en) Unit using operating system and an image forming device that uses it
US9973658B2 (en) CRUM chip and image forming device for authentication and communication, and methods thereof
US9594897B2 (en) Crum chip mountable in comsumable unit, image forming apparatus for authentificating the crum chip, and method thereof
CA2851587C (en) System and method for secured host-slave communication
US9336471B2 (en) CRUM chip, image forming apparatus, and communication method of CRUM chip
JP2017143437A (en) Image forming apparatus, and control method, program, and cartridge of the same
US9380050B2 (en) Scan image authentication
US20220317613A1 (en) Consumable chip, consumable and communication method
US11296896B2 (en) Method of authenticating authentication-target apparatus using challenge and response
JP2014143568A (en) Authentication system and authenticator conversion apparatus
US10177920B2 (en) Server apparatus and communication system comprising server apparatus
JP4572324B2 (en) Device identification information management system and device identification information management method
US10389913B2 (en) Information management control apparatus, image processing apparatus, and information management control system
US11782665B2 (en) Image forming control method, consumable chip, image forming apparatus, and consumable
US11528384B2 (en) Image forming system, image forming apparatus, and non-transitory computer-readable storage medium for exporting and importing configuration information via recording medium
JP2007174395A (en) Image processing apparatus and method thereof
CN108551535B (en) Image forming control system and control method
JP6139335B2 (en) Maintenance method and electronic device
KR20180055790A (en) Crum chip mauntable in comsumable unit, image forming apparatus for authentificating the crum chip, and method thereof
US20230122687A1 (en) Information processing apparatus and control method
US20210281556A1 (en) Authentication system for preventing replication of authentication target apparatus authenticated by authentication apparatus
JP7347135B2 (en) Signature system, image processing device and control method
US11726676B2 (en) Electronic apparatus
CN115859294A (en) Image forming control method and device, image forming device and electronic equipment

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22913514

Country of ref document: EP

Kind code of ref document: A1