Method and system for determining component trustworthiness
By introducing a supply item follower and an imaging device leader component into the imaging device, and utilizing iterative calculations of the seed and cryptographic function, the problem of identifying untrusted components in the printing system is solved, ensuring the system's reliability and stability.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- LEXMARK INTERNATIONAL INC
- Filing Date
- 2021-10-11
- Publication Date
- 2026-06-23
AI Technical Summary
Existing technologies struggle to effectively distinguish and prevent the use of untrusted components in electronic systems, especially in printing systems. Untrusted components may mimic the behavior of trusted components to replicate authentication algorithms or encrypted communications, leading to system instability.
By introducing a feed follower component and an imaging device leader component into the imaging device, the credibility of the feed is determined by iterative calculation of the seed and cryptographic functions, storing the output and comparing it. This includes using cryptographic functions such as hash functions, salted hash functions, key hash message authentication codes, and encryption functions, combined with non-volatile memory blocks for authentication.
It enables the verification of the credibility of supplied items, ensures the credibility of components in imaging equipment, prevents the use of untrusted components, and improves the security and stability of the system.
Smart Images

Figure CN117580714B_ABST
Abstract
Description
[0001] Cross-references to related applications
[0002] none. background 1. Technical Field
[0004] This disclosure generally relates to methods and systems for determining the authenticity of components, and more specifically, to methods and systems for determining the authenticity of components supplying articles within an imaging apparatus.
[0005] 2. Relevant Technical Descriptions
[0006] In electronic systems, it is often desirable to verify the trustworthiness of components to ensure the entire system functions as designed. Untrusted components use various techniques to mimic the behavior of trusted components. This can include copying the circuitry and memory contents of trusted components to replicate authentication algorithms or to facilitate encrypted communication between the component and the rest of the electronic system. This is particularly important in printing systems where verifying the trustworthiness of supply components is crucial to ensure proper operation.
[0007] Untrusted components can perform similar behaviors using different resources than trusted components. For example, an encryption scheme implemented on a trusted component via hardware circuitry can be implemented on an untrusted component via firmware running on a programmable microcontroller. This makes it easier to generate untrusted components that are passed as trusted components.
[0008] Therefore, improved systems and methods are needed to determine the trustworthiness of components in order to prevent the use of untrusted components.
[0009] Overview
[0010] This disclosure provides example methods and systems that can be implemented in any general electronic system or specifically in an imaging / printing device / system to prevent the use of untrusted components.
[0011] A method is provided for determining the trustworthiness of a supply item in an imaging apparatus, the method comprising: receiving a seed by a supply item follower component communicatively connected to an imaging apparatus leader component in the supply item; storing the seed in a non-volatile memory block in the supply item follower component; computing an output of a cryptographic function by the supply item follower component using inputs based on the seed, and storing the output in the non-volatile memory block; iteratively computing the output of the cryptographic function by the supply item follower component, wherein for each iteration, the input of the cryptographic function is based on the seed and all previous outputs, and for each iteration, the output is stored in the non-volatile memory block; and determining the trustworthiness of the supply item based on a selected output of the cryptographic function of the supply item follower component, the selected output being one of the outputs stored in the non-volatile memory block.
[0012] In some implementations, the input for iterative computation of the cryptographic function is a concatenation of the seed and all previous outputs, or a concatenation based on the seed and all previous outputs. Optionally, the concatenation can be in the reverse order of the outputs and end with the seed (e.g., D). i ||D i-1 ||…D0|| seed, where i represents the iteration, i=0 is the first iteration, and i is the last iteration, D i =F(D) i-1 ||D i-2 ||…D0||seed), where || represents splicing).
[0013] In some implementations, the step of the supply item follower component calculating the output of the cryptographic function using seed-based input includes calculating one or more loops of the cryptographic function, wherein for each loop, the input of the cryptographic function is its previous output.
[0014] In some implementations, the step of iteratively calculating the output of the cryptographic function by the supply item follower component includes, for each iteration, calculating one or more loops of the cryptographic function, wherein for each loop, the input of the cryptographic function is its previous output.
[0015] In some embodiments, the method further includes having an imaging device component in the imaging device compute the output of a cryptographic function based on a seed in the same manner as computed by a supply item follower component, and storing the output in a non-volatile memory block in the imaging device component; and having the imaging device component iteratively compute the output of the cryptographic function, wherein for each iteration, the input of the cryptographic function is based on a seed and all previous outputs in the same manner as computed by the supply item follower component, and for each iteration, the output is stored in a non-volatile memory block of the imaging device component, wherein the number of iterations for computed by the cryptographic function performed by the supply item follower component is the same as the number of iterations for computed by the cryptographic function performed by the imaging device component, and wherein determining the trustworthiness of the supply item includes comparing a selected output of the cryptographic function of the supply item follower component with a corresponding output of the cryptographic function of the imaging device component to determine whether they are identical.
[0016] In some implementations, the imaging device component is an imaging device follower component that is communicatively connected to the imaging device leader component in the imaging device.
[0017] In some implementations, the imaging device component is the imaging device leader component.
[0018] In some implementations, a supply item is identified as a trusted supply item when the selected output of the cryptographic function of the supply item follower component is the same as the corresponding output of the cryptographic function of the imaging device component; and wherein, the supply item is identified as an untrusted supply item when the selected output of the cryptographic function of the supply item follower component is different from the corresponding output of the cryptographic function of the imaging device component. Optionally, when an untrusted supply item is identified, the imaging device is configured to take action, such as preventing further use of the imaging device's functions and / or displaying a notification that a verification error has occurred. Optionally, the user may be advised to obtain an authorized supply device via a display on the user interface, or to contact a system administrator or technical support for assistance in resolving the issue.
[0019] In some implementations, determining the trustworthiness of a supply item includes comparing a threshold time with the total time spent determining all iterations up to and including selected iterations of the computation of a cryptographic function performed by the supply item follower component, wherein a supply item is identified as a trustworthy supply item when the total time is determined to be less than or equal to the threshold time, and wherein a supply item is identified as an untrustworthy supply item when the total time is determined to be greater than the threshold time.
[0020] In some implementations, determining the reliability of a supply item includes: an imaging device component requesting a selected output from a supply item follower component; upon receiving the request from the imaging device component, the supply item follower component transmitting the selected output to the imaging device component; and the imaging device component comparing a threshold time with the total time spent receiving the selected output from the supply item follower component after the request from the imaging device component, wherein the supply item is identified as a reliable supply item when the total time is determined to be less than or equal to the threshold time, and wherein the supply item is identified as an unreliable supply item when the total time is determined to be greater than the threshold time.
[0021] In some implementations, when the supply article follower component receives a request from the imaging device component, the supply article follower component retrieves the selected output from existing storage stored in the non-volatile memory block of the supply article follower component.
[0022] In some implementations, when the supply article follower component receives a request from the imaging device component, the supply article follower component retrieves the selected output from existing storage in the non-volatile memory block of the supply article follower component, without calculating the selected output.
[0023] In some implementations, the output of the cryptographic function is stopped by the iterative calculation of the cryptographic function by the supply item follower component when the non-volatile memory block in the supply item follower component is full.
[0024] In some implementations, the output of the cryptographic function, which is iteratively computed by the supply item follower component, includes looping to start a new chain when the non-volatile memory block in the supply item follower component is full.
[0025] In some implementations, the cryptographic function is one of a hash function, a salted hash function, a key hash message authentication code, and an encryption function.
[0026] In some implementations, the imaging device leader component sends an authentication request to the feed item follower component, triggering it to perform calculations. Optionally, the authentication request may be sent during a power-on reset (POR). Optionally, the authentication request may be sent when the feed item is installed in the imaging device.
[0027] In some implementations, the supply article follower component sends an encrypted copy of the selected output of the cryptographic function to the imaging device leader component. In some implementations, the supply article follower component sends a hash (e.g., a key hash) of the selected output of the cryptographic function to the imaging device leader component.
[0028] In some implementations, the method further includes changing the size of a non-volatile memory block in the supply article follower component.
[0029] In some implementations, the imaging device components periodically generate new seeds.
[0030] In some implementations, when a supply item is detected in the imaging device, a new seed is generated by the imaging device components.
[0031] In some implementations, the imaging device leader component periodically generates new seeds.
[0032] In some implementations, when a supply item is detected in the imaging device, the imaging device leader component generates a new seed.
[0033] In some implementations, the computation of the cryptographic function is hardware-accelerated in the supply item follower component.
[0034] An imaging system is also provided, comprising: an imaging device having an imaging device leader component; and a supply item having a supply item follower component communicatively connected to the imaging device leader component, the supply item follower component being configured to: receive a seed; store the seed in a non-volatile memory block in the supply item follower component; compute an output of a cryptographic function using the seed as input, and store the output in the non-volatile memory block; and iteratively compute the output of the cryptographic function, wherein for each iteration, the input of the cryptographic function is the seed and all previous outputs, and for each iteration, the output is stored in the non-volatile memory block, wherein the imaging device is configured to determine the trustworthiness of the supply item based on a selected output of the cryptographic function of the supply item follower component, the selected output being one of the outputs stored in the non-volatile memory block.
[0035] In some embodiments, the imaging apparatus further includes an imaging apparatus component configured to: compute the output of a cryptographic function using an input of a seed, and store the output in a non-volatile memory block within the imaging apparatus component; and iteratively compute the output of the cryptographic function, wherein for each iteration, the input of the cryptographic function is the seed and all previous outputs, and for each iteration, store the output in a block of the non-volatile memory of the imaging apparatus component, wherein the number of iterations for computing the cryptographic function performed by the supply article follower component is the same as the number of iterations for computing the cryptographic function performed by the imaging apparatus component, and wherein determining the trustworthiness of the supply article includes comparing a selected output of the cryptographic function of the supply article follower component with a corresponding output of the cryptographic function of the imaging apparatus component to determine whether they are identical.
[0036] In some embodiments, the imaging device component is an imaging device follower component that is communicatively connected to the imaging device leader component in the imaging device.
[0037] In some embodiments, the imaging device component is the imaging device leader component.
[0038] A method for determining the trustworthiness of a component in an electronic device is also provided, the method comprising: receiving a seed by the component in the electronic device; storing the seed in a non-volatile memory block in the component; computing an output of a cryptographic function by the component using an input based on the seed, and storing the output in the non-volatile memory block; iteratively computing the output of the cryptographic function by the component, wherein for each iteration, the input of the cryptographic function is based on the seed and all previous outputs, and for each iteration, the output is stored in the non-volatile memory block; and determining the trustworthiness of the component based on a selected output of the cryptographic function F, the selected output being one of the outputs stored in the non-volatile memory block.
[0039] In some embodiments, the method further includes having a second component compute the output of a cryptographic function using seed-based input in the same manner as the computation performed by the component; and having the second component iteratively compute the output of the cryptographic function, wherein for each iteration, the input of the cryptographic function is based on the seed and all previous outputs in the same manner as the computation performed by the component, wherein the number of iterations for the computation of the cryptographic function performed by the component is the same as the number of iterations for the computation of the cryptographic function performed by the second component, and wherein determining the trustworthiness of the component includes comparing a selected output of the component's cryptographic function with a corresponding output of the second component's cryptographic function to determine whether they are identical.
[0040] In some implementations, a component is identified as a trusted component when the selected output of the cryptographic function of the component is the same as the corresponding output of the cryptographic function of the second component, and a component is identified as an untrusted component when the selected output of the cryptographic function of the component is different from the corresponding output of the cryptographic function of the second component.
[0041] In some implementations, the output of a cryptographic function utilizing seed-based input is stored in a non-volatile memory block in a second component.
[0042] In some implementations, with input based on a seed and all previous outputs, each iterative output of the cryptographic function is stored in a non-volatile memory block in a second component.
[0043] In some implementations, the component transmits the selected output to a second component, and the step of determining the reliability of the component is performed by the second component.
[0044] In some implementations, determining the trustworthiness of a component includes a second component requesting a selected output from the component; upon receiving the request from the second component, the component transmitting the selected output to the second component; and the second component comparing a threshold time with the total time spent receiving the selected output from the component after the request from the second component, wherein the component is identified as a trustworthy supply item when the total time is determined to be less than or equal to the threshold time, and wherein the component is identified as an untrustworthy supply item when the total time is determined to be greater than the threshold time.
[0045] In some implementations, when the component receives a request from the second component, the component retrieves the selected output from existing storage stored in the component's non-volatile memory block.
[0046] In some implementations, the electronic device is an imaging / printing device.
[0047] In some implementations, the component is a supply article component, such as a supply article follower component.
[0048] In some implementations, the second component is an imaging device component, such as an imaging device leader component or an imaging device follower component.
[0049] An electronic device is also provided, comprising a component configured to: receive a seed; store the seed in a non-volatile memory block within the component; compute the output of a cryptographic function using an input based on the seed, and store the output in the non-volatile memory block; and iteratively compute the output of the cryptographic function, wherein for each iteration, the input of the cryptographic function is based on the seed and all previous outputs, and for each iteration, the output is stored in the non-volatile memory block, wherein the electronic device is configured to determine the trustworthiness of the component based on a selected output of the cryptographic function F, the selected output being one of the outputs stored in the non-volatile memory block.
[0050] In some embodiments, the electronic device further includes a second component configured to: compute the output of a cryptographic function using seed-based input in the same manner as the computation of the component; and iteratively compute the output of the cryptographic function, wherein for each iteration, the input of the cryptographic function is based on the seed and all previous outputs in the same manner as the computation of the component, wherein the number of iterations of the computation of the cryptographic function performed by the component is the same as the number of iterations of the computation of the cryptographic function performed by the second component, and wherein determining the trustworthiness of the component includes comparing a selected output of the cryptographic function of the component with the corresponding output of the cryptographic function of the second component to determine whether they are the same.
[0051] In some embodiments, the second component is configured to store the output of a cryptographic function utilizing a seed-based input in a non-volatile memory block within the second component.
[0052] In some embodiments, the second component is configured to store the output of each iteration of a cryptographic function that utilizes the input based on the seed and all previous outputs in a non-volatile memory block within the second component.
[0053] In some embodiments, the component is configured to transmit the selected output to a second component, and the step of determining the trustworthiness of the component is performed by the second component.
[0054] In some embodiments, the second component is configured to request the selected output from the component; the component is configured to transmit the selected output to the second component upon receiving the request from the second component; and the second component is configured to compare a threshold time with the total time spent receiving the selected output from the component after the request from the second component.
[0055] In some embodiments, the component is configured to retrieve a selected output of existing storage stored in a non-volatile memory block of the component when a request is received from the second component.
[0056] Another method is provided for determining the trustworthiness of a component in an electronic device using a second component of the electronic device. The method includes: the second component iteratively computes a series of outputs of a cryptographic function, wherein for each iteration, the input of the cryptographic function is based on all previous outputs of the cryptographic function; the second component requests a selected output from the component, the selected output corresponding to the output of the iterative computation of the cryptographic function performed by the second component; upon receiving the request from the second component, the component transmits the selected output to the second component; and the second component compares the selected output received from the component with a corresponding selected output computed through the iterative computation of the cryptographic function performed by the second component.
[0057] In some implementations, the second component stores each output of the cryptographic function in a non-volatile memory block of the second component.
[0058] In some implementations, the method includes iteratively computing a series of outputs of a cryptographic function by a component, wherein for each iteration, the input of the cryptographic function is based on all previous outputs of the cryptographic function, and wherein, for each iteration, the component stores each output of the cryptographic function in a non-volatile memory block of the component.
[0059] In some implementations, when a component receives a request from a second component, the component retrieves the selected output from existing storage stored in the component's non-volatile memory block.
[0060] In some implementations, the method further includes a second component comparing a threshold time with the total time spent receiving the selected output from the component after a request from the second component, wherein the component is identified as a trusted component when the total time is determined to be less than or equal to the threshold time, and wherein the component is identified as an untrusted component when the total time is determined to be greater than the threshold time.
[0061] A method for determining the trustworthiness of a component in an electronic device is also provided, the method comprising: iteratively computing a series of outputs of a cryptographic function by the component, wherein for each iteration, the input of the cryptographic function is based on all previous outputs of the cryptographic function, and for each iteration, storing the outputs in a non-volatile memory block of the component.
[0062] An electronic device is also provided, comprising a component configured to iteratively compute a series of outputs of a cryptographic function, wherein for each iteration, the input to the cryptographic function is based on all previous outputs of the cryptographic function, and for each iteration, the output is stored in a non-volatile memory block of the component.
[0063] In any of the implementations / embodiments described herein, components (e.g., various leader / follower components) may be connected via any shared bus (e.g., I2C).
[0064] Based on the foregoing disclosure and the following detailed description of various examples, it will be apparent to those skilled in the art that this disclosure provides significant progress in the field of determining the reliability of components of an electronic system. Additional features and advantages of the various examples will be better understood in light of the detailed description provided below.
[0065] As used herein, the term "leader" is equivalent to the term "master" and can be used interchangeably throughout the text without changing its meaning. Similarly, the term "follower" is equivalent to the term "slave" and can be used interchangeably throughout the text without changing its meaning. Both the terms "master" and "slave" are used in their common sense in the art, for example, as they are used in the official I2C specification. Brief description of the attached diagram
[0067] The above and other features and advantages of this disclosure, and how they are obtained, will become clearer and better understood from the following description, taken in conjunction with the accompanying drawings. Throughout the specification, the same reference numerals are used to indicate the same elements.
[0068] Figure 1 This is a schematic diagram of the imaging system.
[0069] Figure 2 It is a description Figure 1 A block diagram of part of the imaging device.
[0070] Figure 3 It is shown that... Figure 1 A flowchart of a method associated with an imaging device.
[0071] Detailed description of the attached figures
[0072] It should be understood that this disclosure is not limited to the details of the structure and arrangement of the components set forth in the following description or shown in the accompanying drawings. This disclosure is applicable to other examples and can be practiced or performed in various ways. For example, other examples may combine structural, temporal, procedural, and other variations. The examples merely represent possible variations. Individual components and functions are optional unless explicitly required, and the order of operation may vary. Parts and features of certain examples may be included in or replace parts and features of other examples. The scope of this disclosure includes the appended claims and all available equivalents. Therefore, the following description is not to be considered limiting, and the scope of this disclosure is defined by the appended claims.
[0073] Furthermore, it should be understood that the wording and terminology used herein are for descriptive purposes and should not be considered restrictive. The use of “comprising,” “including,” or “having,” and variations thereof, herein is intended to include the items listed thereafter and their equivalents, as well as any additional items. Moreover, the use of the terms “a” and “an” herein does not imply a limitation on quantity, but rather indicates the presence of at least one of the mentioned items.
[0074] Furthermore, it should be understood that the examples in this disclosure include hardware and electronic components or modules, which, for the purposes of discussion, may be shown and described as if most of the components were implemented only in hardware.
[0075] It will also be understood that each block in the diagram, as well as combinations of blocks in the diagram, can be implemented individually by computer program instructions. These computer program instructions can be loaded onto a general-purpose computer, a special-purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute on the computer or other programmable data processing apparatus, can create means for implementing the functions of each block or combination of blocks in the diagram, which are discussed in detail in the description below.
[0076] These computer program instructions may also be stored in a non-transitory computer-readable medium that can direct a computer or other programmable data processing apparatus to operate in a particular manner, such that the instructions stored in the computer-readable medium can produce an article of writing, including instruction means that implement the functions specified in one or more blocks. The computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus, thereby producing a computer-implemented process, such that the instructions executing on the computer or other programmable apparatus implement the functions specified in one or more blocks.
[0077] Therefore, the blocks in the diagram support combinations of means for performing a specified function, combinations of steps for performing a specified function, and program instruction means for performing a specified function. It will also be understood that each block in the diagram and combinations of blocks in the diagram can be implemented by a dedicated hardware-based computer system or a combination of dedicated hardware and computer instructions for performing the specified function or steps.
[0078] Example systems and methods for determining the reliability of components in electronic systems such as imaging / printer systems are disclosed.
[0079] refer to Figure 1 The diagram illustrates an imaging system 100 used in connection with this disclosure. The imaging system 100 includes an imaging device 105 for printing images on a media sheet. Image data for printing images on the media sheet can be provided to the imaging device 105 from various sources such as a computer 110, a laptop 115, a mobile device 120, a scanner 125 of the imaging device 105, or similar computing devices. These sources communicate directly or indirectly with the imaging device 105 via wired and / or wireless connections.
[0080] Imaging device 105 includes imaging device leader component 130 and user interface 135. Imaging device leader component 130 may include a processor and associated memory. In some examples, imaging device leader component 130 may be formed as one or more application-specific integrated circuits (ASICs) or system-on-a-chip (SoCs). The memory may be any memory device for storing data and may be used with or able to communicate with the processor. For example, the memory may be any volatile or non-volatile memory or a combination thereof, such as, for example, random access memory (RAM), read-only memory (ROM), flash memory and / or non-volatile RAM (NVRAM) for storing data. Optionally, imaging device leader component 130 may control the processing of print data. Optionally, imaging device leader component 130 may also control the operation of the print engine during the printing of an image onto a media sheet.
[0081] In one example, imaging device 105 may employ an electronic authentication scheme to authenticate consumable supplies and / or replaceable units installed within imaging device 105. Figure 1 The image shows representative consumable / replaceable supply items, such as toner cartridge 150 (other consumable / replaceable supply items, such as imaging units and fusers, can also be used in the same way). Supply item 150 can be installed in a corresponding storage area within imaging device 105. To perform authentication of supply item 150, imaging device 105 can utilize imaging device follower component 160 and supply item follower component 165 of supply item 150, which are integrated into imaging device 105.
[0082] Both the imaging device follower component 160 in imaging device 105 and the supply item follower component 165 in supply item 150 can be configured as follower devices connected to the imaging device leader component 130, which is configured to act as a leader device. In one example, the imaging device follower component 160 in imaging device 105 may be similar to or the same as the supply item follower component 165 in consumable supply item 150. Alternatively, the imaging device follower component 160 may be programmed differently from the supply item follower component 165. The imaging device follower component 160 and the supply item follower component 165 can operate in conjunction with the imaging device leader component 130 to perform authentication functions, which will be explained in more detail below.
[0083] Figure 2 This is a block diagram depicting imaging device 105 and supply item 150. In this example, a shared bus system 200 can be used to control various sub-components and parts (e.g., supply item 150) and / or obtain their status reports. The shared bus system 200 can be an inter-integrated circuit (I2C) interface including a serial clock line (SCL) and a serial data line (SDA). Various components (e.g., imaging unit, toner cartridge 150, and other followers or supply devices and / or addressable components and sub-components capable of receiving and / or processing data, such as fuser, laser scanning unit, and media feed mechanism) can be connected to the shared bus system 200 (for simplicity, ...). Figure 2 Only the supply item 150 connected to the shared bus system 200 is shown. The imaging device leader component 130 can typically be configured to control the bus leader, which acts as the leader of the shared bus system 200. The bus leader can be implemented as firmware of the imaging device leader component 130.
[0084] The imaging device follower component 160 can operate in conjunction with the bus leader to facilitate the establishment of connections between the imaging device leader component 130 and various components and sub-components (e.g., supply items 150) connected to the shared bus system 200. For example, the imaging device follower component 160 can be configured to provide authentication functions, security and operational interlocks, and / or address change functions associated with the supply items 150 and other addressable components.
[0085] Typically, the imaging device follower component 160 and the supply item follower component 165 are configured to execute the same cryptographic function F, and the results of the calculation of the cryptographic function F are compared to determine the credibility of the supply item follower component 165 and thus the supply item 150. This will be described further below.
[0086] The supply item follower component 165 may include non-volatile memory (NVM). The non-volatile memory may include memory blocks allocated to computation of the cryptographic function F.
[0087] The imaging device follower component 160 may also include non-volatile memory (NVM). The non-volatile memory may include memory blocks allocated to computation of the cryptographic function F.
[0088] The NVM of the supply item follower component 165 and the NVM of the imaging device follower component 160 can have the same total size. Additionally / alternatively, the NVM block of the supply item follower component 165 and the NVM block of the imaging device follower component 160 can have the same total size.
[0089] Imaging device 105 may attempt to authenticate supply item 150 at any point, such as at fixed time intervals. Additionally / alternatively, imaging device 105 may attempt to authenticate supply item 150 shortly after a power-on reset (POR) or shortly after supply item 150 is installed in the imaging device. A method / system for verifying the trustworthiness of supply item 150 upon request from imaging device 105 is described below.
[0090] Specifically, see the following reference. Figure 3 Detailed description of the method 300 for verifying the credibility of supplied item 150. This can be done using methods related to... Figure 1 and / or Figure 2 The described layout / configuration implements method 300.
[0091] In block 310, the supply item follower component 165 receives a seed. The seed can be stored in the imaging device follower component 160 and / or dynamically generated by the imaging device follower component 160. The seed can be received by the supply item follower component 165 from the imaging device follower component 160.
[0092] In block 320, the supply item follower component 165 can store a seed in the NVM block to which it is assigned to compute the cryptographic function F. The seed can be stored at the top / bottom of the NVM block, or at any other location. An NVM block is representatively shown below, where, in this example, the block is filled starting from the top:
[0093] Memory address Memory data 0 … <![CDATA[A 种子 ]]> seed
[0094] In block 330, the supply item follower component 165 calculates the output of the cryptographic function F using the seed as input, and in block 340, the calculated output is stored in the NVM block along with the stored seed (e.g., the stored seed is not overwritten / deleted from the NVM block). The NVM block following this step is representatively shown below, where D0 = F (seed) and L is the output length of the cryptographic function F:
[0095] Memory address Memory data 0 … <![CDATA[A 种子 -L]]> <![CDATA[D0]]> <![CDATA[A 种子 ]]> seed
[0096] In block 350, the supply item follower component 165 iteratively computes further outputs of the cryptographic function F. For each iteration, the output of the cryptographic function F, along with the stored seed and all previously stored outputs of the cryptographic function F, is stored in the NVM block (e.g., the stored seed / previously stored outputs are not overwritten / deleted from the NVM block). For each iteration of the computation of the cryptographic function F, the input is based on the seed, the cryptographic function F, and all previously stored outputs. The NVM block after the i-th iteration is representatively shown below, where, in this example, Di = F(Di-1||Di-2||…D0||seed), and where || denotes concatenation:
[0097] Memory address Memory data 0 … <![CDATA[A 种子 -(i+1)L]]> <![CDATA[D i ]]> … … <![CDATA[A 种子 -3L]]> <![CDATA[D2]]> <![CDATA[A 种子 -2L]]> <![CDATA[D1]]> <![CDATA[A 种子 -L]]> <![CDATA[D0]]> <![CDATA[A 种子 ]]> seed
[0098] In this example, the seed and previous outputs are concatenated in reverse order (i.e., the latest output is the first part of the concatenation, and the seed is the last part). Using this reverse order makes replicating the expected result more difficult for non-genuine components, as each iteration involves a completely new input string, rather than simply an extension of the previous string. This ultimately leads to non-genuine components requiring higher processing power and larger memory (both volatile and non-volatile).
[0099] Iterative computation in block 350 can continue until the NVM block is full, or for a predetermined amount of time.
[0100] In block 360, the trustworthiness of the supply item follower component 165 is determined based on one or more selected outputs of the cryptographic function F of the supply item follower component 165, the selected outputs being those stored in the NVM block. Authentication of the supply item follower component 165 based on the outputs of the cryptographic function F can be performed in different ways. For example, the stored selected outputs of the supply item follower component 165 can be compared with corresponding outputs from the imaging device leader component 130 and / or the imaging device follower component 160. These corresponding outputs can be stored at manufacturing time (e.g., when using a fixed seed) or can be calculated by the imaging device follower component 160 upon request (e.g., when using a changing seed).
[0101] Specifically, when calculating the corresponding output, the imaging device follower component 160 may include the same or similar hardware and software as the supply item follower component 165, and may be configured to generally follow the same steps as the supply item follower component 165. Specifically, the imaging device follower component 160 may: store a seed in an NVM block that is assigned to the computation of the cryptographic function F; compute the output of the cryptographic function F using the input of the seed; store the computed output together with the stored seed in the NVM block (e.g., where the stored seed is not overwritten / deleted from the NVM block); iteratively compute the output of the cryptographic function F, wherein for each iteration, the output of the cryptographic function F is stored in the NVM block together with the stored seed and all previously stored outputs of the cryptographic function F (e.g., where the stored seed / previously stored outputs are not overwritten / deleted from the NVM block), and for each iteration of the computation of the cryptographic function F, the input is based on the seed and all previously stored outputs of the cryptographic function F.
[0102] In this way, the supply item follower component 165 and the imaging device follower component 160 perform the same set of calculations using the same cryptographic function F. The result of the imaging device follower component 160 is assumed to be genuine (because this component is part of the imaging device 105), and therefore the stored output of the supply item follower component 165 can be compared with the corresponding output of the imaging device follower component 160 to determine if they match. If the compared outputs match, the supply item follower component 165 (and therefore the supply item 150) can be considered trustworthy. If the compared outputs do not match, the supply item follower component 165 (and therefore the supply item 150) can be considered untrustworthy.
[0103] In addition to / alternative to the output selected for the match comparison, in block 360, the method may compare a predetermined threshold time (e.g., stored within the imaging device leader component 130 and / or the imaging device follower component 160) with the total time taken to determine all iterations up to and including the computation of the cryptographic function F performed by the supply item follower component 165. If the total time is determined to be less than or equal to the threshold time, the supply item follower component 165 may be identified as a trusted component. If the total time is determined to be greater than the threshold time, the supply item follower component 165 may be identified as an untrusted component.
[0104] In addition to / alternative to the output selected for the match comparison, in block 360, the method may compare a predetermined threshold time (e.g., stored in the imaging device leader component 130 and / or the imaging device follower component 160) with the total time spent retrieving one or more selected stored outputs from the NVM of the supply item follower component 165. For example, block 360 may include the supply item follower component 165 receiving a request to transmit the selected output (or multiple outputs), the supply item follower component 165 transmitting the requested selected output, and the imaging device follower component 160 measuring the time spent receiving the result from the supply item follower component 165.
[0105] When the total time is determined to be less than or equal to a threshold time, the supply item follower component 165 can be identified as a trusted component. When the total time is determined to be greater than the threshold time, the supply item follower component 165 can be identified as an untrusted component.
[0106] In the case where the imaging device follower component 160 checks the time taken for the supply item follower component 165 to return the requested selected output, the threshold time can be set such that calculating the selected output would mean the threshold time will be exceeded (and therefore the supply item follower component 165 is identified as untrustworthy), while if the selected output is retrieved from the NVM of the supply item follower component 165, the threshold time can be met (and therefore the supply item follower component 165 can be identified as trustworthy). In this way, if a forger wants to replicate the time threshold, they must include a large NVM, which increases the complexity (and cost) of the forgery component.
[0107] With this configuration / implementation, the cryptographic function F is computed on an increasing basis of input data, because each successive computation / iteration has inputs based on all previous outputs of the cryptographic function F. Therefore, the supply item follower component 165 (and the imaging device follower component 160) requires significantly more processing power and writable memory (both volatile and non-volatile). These characteristics make the production of counterfeit components more complex (and expensive).
[0108] The above description has been provided with respect to specific embodiments / examples. However, modifications can be made within the scope of this application, some of which will be detailed below.
[0109] For example, as described above, imaging device 105 includes imaging device leader component 130 and imaging device follower component 160, wherein imaging device follower component 160 is configured to perform the same calculations as supply item follower component 165. In a modified form, imaging device follower component 160 may be omitted, and imaging device leader component 130 may instead perform all authentication steps (i.e., perform the same calculations as supply item follower component 165 and compare the calculations of supply item follower component 165 with its own calculations to determine the credibility of supply item follower component 165).
[0110] In the above implementation / example, the various components are configured as leader / follower components. This is entirely optional, and other communication buses can be used.
[0111] The relatively obvious advantages of many embodiments include, but are not limited to, providing an authentication system / method that is more difficult to satisfy / copy due to the increased processing power and writable memory (volatile and non-volatile).
[0112] It should be understood that the example applications described herein are illustrative and should not be considered restrictive. It will be appreciated that the actions described and shown in the example flowcharts can be performed or executed in any suitable order. It should also be recognized that... Figure 3 Not all actions described herein need to be performed according to the exemplary embodiments of this disclosure, and / or additional actions may be performed according to other exemplary embodiments of this disclosure.
[0113] Those skilled in the art to which these disclosures pertain will conceive of numerous modifications and other embodiments of the disclosures set forth herein, benefiting from the teachings presented in the foregoing description and associated drawings. Therefore, it should be understood that this disclosure is not limited to the specific embodiments disclosed, and that modifications and other embodiments are considered to be included within the scope of the appended claims. Although specific terminology is used herein, it is used only in a general and descriptive sense and not for limiting purposes.
[0114] Further disclosures are provided below.
[0115] Statement 1: A method for determining the trustworthiness of a component in an electronic device, the method comprising: receiving a seed by the component in the electronic device; storing the seed in a non-volatile memory block in the component; computing an output of a cryptographic function by the component using inputs based on the seed, and storing the output in the non-volatile memory block; iteratively computing the output of the cryptographic function by the component, wherein for each iteration, the inputs of the cryptographic function are based on the seed and all previous outputs, and for each iteration, the output is stored in the non-volatile memory block; and determining the trustworthiness of the component based on a selected output of the cryptographic function F, the selected output being one of the outputs stored in the non-volatile memory block.
[0116] Statement 2: The method according to Statement 1 further includes: the second component computing the output of a cryptographic function using seed-based input in the same manner as the computation performed by the component; and the second component iteratively computing the output of the cryptographic function, wherein, for each iteration, the input of the cryptographic function is based on the seed and all previous outputs in the same manner as the computation performed by the component, wherein the number of iterations of the cryptographic function computation performed by the component is the same as the number of iterations of the cryptographic function computation performed by the second component, and wherein determining the trustworthiness of the component includes comparing a selected output of the cryptographic function of the component with a corresponding output of the cryptographic function of the second component to determine whether they are the same.
[0117] Statement 3: According to the method described in Statement 2, wherein when the selected output of the cryptographic function of the determined component is the same as the corresponding output of the cryptographic function of the second component, the component is identified as a trusted component, and wherein when the selected output of the cryptographic function of the determined component is different from the corresponding output of the cryptographic function of the second component, the component is identified as an untrusted component.
[0118] Statement 4: According to the method described in Statement 2, the output of the cryptographic function utilizing the seed-based input is stored in a non-volatile memory block in the second component.
[0119] Statement 5: According to the method described in Statement 2, each iterative output of the cryptographic function based on the seed and all previous outputs is stored in a non-volatile memory block in the second component.
[0120] Statement 6: According to the method described in Statement 2, the component transmits the selected output to the second component, and the step of determining the trustworthiness of the component is performed by the second component.
[0121] Statement 7: According to the method of Statement 2, determining the trustworthiness of a component includes: a second component requesting a selected output from the component; upon receiving the request from the second component, the component transmitting the selected output to the second component; and the second component comparing a threshold time with the total time spent receiving the selected output from the component after the request from the second component, wherein the component is identified as a trustworthy supply item when the total time is determined to be less than or equal to the threshold time, and wherein the component is identified as an untrustworthy supply item when the total time is determined to be greater than the threshold time.
[0122] Statement 8: According to the method of Statement 7, wherein when a component receives a request from a second component, the component retrieves the selected output of existing storage stored in the component's non-volatile memory block.
[0123] Statement 9: An electronic device includes a component configured to: receive a seed; store the seed in a non-volatile memory block of the component; compute an output of a cryptographic function using an input based on the seed, and store the output in the non-volatile memory block; and iteratively compute the output of the cryptographic function, wherein for each iteration, the input of the cryptographic function is based on the seed and all previous outputs, and for each iteration, the output is stored in the non-volatile memory block, wherein the electronic device is configured to determine the trustworthiness of the component based on a selected output of the cryptographic function F, the selected output being one of the outputs stored in the non-volatile memory block.
[0124] Statement 10: The electronic device according to Statement 9 further includes a second component configured to: compute the output of a cryptographic function using seed-based input in the same manner as the computation of the component; and iteratively compute the output of the cryptographic function, wherein for each iteration, the input of the cryptographic function is based on the seed and all previous outputs in the same manner as the computation of the component, wherein the number of iterations of the computation of the cryptographic function performed by the component is the same as the number of iterations of the computation of the cryptographic function performed by the second component, and wherein determining the trustworthiness of the component includes comparing a selected output of the cryptographic function of the component with a corresponding output of the cryptographic function of the second component to determine whether they are the same.
[0125] Statement 11: The electronic device according to Statement 10, wherein the second component is configured to store the output of a cryptographic function utilizing a seed-based input in a non-volatile memory block within the second component.
[0126] Statement 12: The electronic device according to Statement 10, wherein the second component is configured to store each iterative output of a cryptographic function utilizing inputs based on a seed and all previous outputs in a non-volatile memory block within the second component.
[0127] Statement 13: In the electronic device according to Statement 10, a component is configured to transmit a selected output to a second component, and wherein the step of determining the trustworthiness of the component is performed by the second component.
[0128] Statement 14: The electronic device according to Statement 10, wherein the second component is configured to request a selected output from the component; the component is configured to transmit the selected output to the second component upon receiving the request from the second component; and the second component is configured to compare a threshold time with the total time spent receiving the selected output from the component after the request from the second component.
[0129] Statement 15: The electronic device according to Statement 14, wherein the component is configured to, upon receiving a request from a second component, retrieve a selected output of existing storage stored in a non-volatile memory block of the component.
[0130] Statement 16: A method for determining the trustworthiness of a component in an electronic device using a second component, the method comprising: iteratively computing a series of outputs of a cryptographic function by the second component, wherein, for each iteration, the input of the cryptographic function is based on all previous outputs of the cryptographic function; requesting a selected output from the second component, the selected output corresponding to the output of the iterative computation of the cryptographic function performed by the second component; upon receiving the request from the second component, transmitting the selected output to the second component; and comparing the selected output received from the second component by the second component with a corresponding selected output computed by the iterative computation of the cryptographic function performed by the second component.
[0131] Statement 17: According to the method described in Statement 16, the second component stores each output of the cryptographic function in a non-volatile memory block of the second component.
[0132] Statement 18: The method according to Statement 16 includes iteratively computing a series of outputs of a cryptographic function by a component, wherein, for each iteration, the input of the cryptographic function is based on all previous outputs of the cryptographic function, and wherein, for each iteration, the component stores each output of the cryptographic function in a non-volatile memory block of the component.
[0133] Statement 19: According to the method of Statement 18, wherein, when the component receives a request from the second component, the component retrieves the selection output of existing storage stored in the component's non-volatile memory block.
[0134] Statement 20: The method according to Statement 16 further includes a second component comparing a threshold time with the total time spent receiving a selected output from a component after a request from the second component, wherein the component is identified as a trusted component when the total time is determined to be less than or equal to the threshold time, and wherein the component is identified as an untrusted component when the total time is determined to be greater than the threshold time.
Claims
1. A method for determining the reliability of a supply article in an imaging device, the method comprising: The seed is received by a supply item follower component that is communicatively connected to an imaging device leader component in the imaging device; The seeds are stored in a non-volatile memory block in the supply item follower component; The supply item follower component uses the input based on the seed to calculate the output of the cryptographic function and stores the output in the non-volatile memory block; The output of the cryptographic function is iteratively calculated by the supply item follower component, wherein, for each iteration, the input of the cryptographic function is based on the seed and all previous outputs, and for each iteration, the output is stored in the non-volatile memory block; and The trustworthiness of the supplied item is determined based on the output of the cryptographic function selected by the supplied item follower component, wherein the selected output is one of the outputs stored in the non-volatile memory block; The method further includes: The imaging device component in the imaging device calculates the output of the cryptographic function based on the seed in the same manner as the calculation by the supply item follower component, and stores the output in a non-volatile memory block in the imaging device component; and The output of the cryptographic function is iteratively calculated by the imaging device component, wherein, for each iteration, the input of the cryptographic function is based on the seed and all previous outputs in the same manner as the calculation by the supply item follower component, and for each iteration, the output is stored in the non-volatile memory block of the imaging device component. Wherein, the number of iterations for calculating the cryptographic function performed by the supply item follower component is the same as the number of iterations for calculating the cryptographic function performed by the imaging device component, and Determining the credibility of the supply item includes comparing the selected output of the cryptographic function of the supply item follower component with the corresponding output of the cryptographic function of the imaging device component to determine whether they are the same.
2. The method according to claim 1, wherein, The imaging device component is an imaging device follower component that is communicatively connected to the imaging device leader component in the imaging device.
3. The method according to claim 1, wherein, The imaging device component is the imaging device leader component.
4. The method according to claim 1, wherein, The supply item is identified as a trusted supply item when the output of the selected cryptographic function of the supply item follower component is the same as the corresponding output of the cryptographic function of the imaging device component; and the supply item is identified as an untrusted supply item when the output of the selected cryptographic function of the supply item follower component is different from the corresponding output of the cryptographic function of the imaging device component.
5. The method according to claim 1, wherein, Determining the credibility of the supplied items includes: The imaging device component requests the selected output from the supply item follower component; Upon receiving the request from the imaging device component, the supply article follower component transmits the selected output to the imaging device component; and The imaging device component compares a threshold time with the total time spent receiving the selected output from the supply item follower component after the request from the imaging device component, wherein the supply item is identified as a trusted supply item when the total time is determined to be less than or equal to the threshold time, and wherein the supply item is identified as an untrusted supply item when the total time is determined to be greater than the threshold time.
6. The method according to claim 5, wherein, When the supply item follower component receives the request from the imaging device component, the supply item follower component retrieves the output of the selection of existing storage in the non-volatile memory block of the supply item follower component.
7. The method according to claim 1, wherein, When the non-volatile memory block in the supply item follower component is full, the output of the cryptographic function calculated iteratively by the supply item follower component stops.
8. The method according to claim 1, wherein, The output of the cryptographic function is iteratively calculated by the supply item follower component, including looping to start a new chain when the non-volatile memory block in the supply item follower component is full.
9. The method according to claim 1, wherein, The cryptographic function is one of the following: hash function, salted hash function, key hash message authentication code, and encryption function.
10. The method according to claim 1, wherein, The imaging device leader component sends an authentication request to the supply item follower component, triggering the supply item follower component to perform calculations.
11. The method according to claim 1, wherein, The supply item follower component sends the encrypted output of the selected cryptographic function to the imaging device leader component.
12. The method of claim 1, further comprising the supply item follower component changing the size of the non-volatile memory block in the supply item follower component.
13. The method according to claim 1, wherein, The imaging device components periodically generate new seeds.
14. The method according to claim 1, wherein, When the supplied item is detected in the imaging device, the imaging device component generates a new seed.
15. The method according to claim 1, wherein, The imaging device leader component periodically generates new seeds.
16. The method according to claim 1, wherein, When the supply item is detected in the imaging device, the imaging device leader component generates a new seed.
17. The method according to claim 1, wherein, The computation of the cryptographic function is hardware-accelerated in the supply item follower component.
18. An imaging system, comprising: Imaging equipment, which has imaging equipment leader components; and A supply item having a supply item follower component communicatively connected to the imaging device leader component, the supply item follower component being configured to: Receive seeds; The seeds are stored in a non-volatile memory block in the supply item follower component; The output of the cryptographic function is calculated using the input of the seed, and the output is stored in the non-volatile memory block; and The output of the cryptographic function is computed iteratively, wherein for each iteration, the input of the cryptographic function is the seed and all previous outputs, and for each iteration, the output is stored in the non-volatile memory block. The imaging device is configured to determine the trustworthiness of the supplied item based on the output of the selected cryptographic function of the supplied item follower component, wherein the selected output is one of the outputs stored in the non-volatile memory block. The imaging device further includes an imaging device component, which is configured as follows: The output of the cryptographic function is calculated using the input of the seed, and the output is stored in a non-volatile memory block in the imaging device component; and The output of the cryptographic function is iteratively computed, wherein for each iteration, the input of the cryptographic function is the seed and all previous outputs, and for each iteration, the output is stored in the non-volatile memory block of the imaging device component. Wherein, the number of iterations for calculating the cryptographic function performed by the supply item follower component is the same as the number of iterations for calculating the cryptographic function performed by the imaging device component, and Determining the credibility of the supply item includes comparing the selected output of the cryptographic function of the supply item follower component with the corresponding output of the cryptographic function of the imaging device component to determine whether they are the same.