Information equipment and its startup program
The information device addresses the risk of using outdated software by incorporating a tampering inspection and area switching mechanism to check for tampering and vulnerabilities, ensuring secure startup by updating to the latest software version.
Patent Information
- Authority / Receiving Office
- JP · JP
- Patent Type
- Patents
- Current Assignee / Owner
- TOSHIBA TEC KK
- Filing Date
- 2023-03-08
- Publication Date
- 2026-07-01
AI Technical Summary
The risk of using a vulnerable version of software without security patches when switching to a backup area in a storage device compliant with the TCG Opal SSC standard, as the backup area contains software as it was at the time of the device's release, potentially leading to security vulnerabilities.
An information device with a storage device having normal and backup areas, a communication unit, and a control unit that includes a tampering inspection unit and an area switching unit. The control unit checks for tampering and queries a server for vulnerability information, downloads and updates the software to the latest version if vulnerabilities are detected, and restricts communication functions to minimize risks.
Ensures the information device starts up using the latest, secure software version by checking for tampering and vulnerabilities, updating if necessary, and restricting communication functions to download and install the latest software, thereby avoiding the use of vulnerable software.
Smart Images

Figure 0007883457000001 
Figure 0007883457000002
Abstract
Description
Technical Field
[0001] Embodiments of the present invention relate to information devices and their startup programs.
Background Art
[0002] In storage devices installed in a PC or the like, there are hard disk drives (HDDs) and solid state drives (SSDs). Among these storage devices, there is a storage device that divides a storage area into a plurality of parts, stores data while automatically encrypting the divided areas, and protects the data so that users without proper authority cannot read or write it. Such a storage device has been standardized as the Trusted Computing Group Opal Security Subsystem Class (TCG Opal SSC) by the Trusted Computing Group (TCG), an industry group that formulates standard technologies for improving the reliability and security of computers.
[0003] Hereinafter, a storage device compliant with the TCG Opal SSC standard is referred to as an Opal specification SED. Note that SED is an abbreviation for Self Encrypting Drive (self-encrypting drive). In the Opal specification SED, its interior can be logically divided into a plurality of storage areas, and data (digital data such as software, text, images, audio, etc.) can be stored in each of them.
[0004] One of the areas for storing software is used as an area for storing the software normally used, and one of the other areas is used as an area for storing a backup in case of damage or tampering of the software. When the area normally used is damaged or illegally tampered with (rewritten), the TCG shows a usage method of switching to the backup area and starting up.
Prior Art Documents
Patent Documents
[0005] [Patent Document 1] Japanese Patent Publication No. 2011-210129 [Overview of the project] [Problems that the invention aims to solve]
[0006] The area used for normal operation is regularly updated, including the application of security patches. In contrast, the area where backups are stored typically contains the software as it was at the time of the information device's release. Therefore, when switching to the backup area and starting up, there is a risk that a vulnerable version of the software without security patches may be used.
[0007] The problem that this invention aims to solve is to provide an information device and its startup program that can be started while avoiding the use of vulnerable versions of software. [Means for solving the problem]
[0008] The information device according to this embodiment includes a storage device, a communication unit, and a control unit. The storage device has a normal area and a backup area. The normal area stores the software that is normally used. The backup area stores backups of the software. The communication unit has a communication function to communicate with a server. The server holds the latest version of the software and information on vulnerabilities in each version of the software. The control unit controls the storage device and the communication unit. The control unit includes a tampering inspection unit and an area switching unit. When the software stored in the normal area is started, the tampering inspection unit checks whether the software stored in the normal area has been tampered with. If the tampering inspection unit detects that the software in the normal area has been tampered with, the area switching unit queries the server via the communication unit to check whether there are any known vulnerabilities in the backup version of the software. If the response is that there are no vulnerabilities, the area switching unit starts the backup software. If the response is that there are vulnerabilities, the area switching unit uses the communication function of the communication unit to download the latest version of the software. Function to do The system is restricted to only certain users, and after downloading the latest version of the software via the communication unit and updating the backup software to the latest version, the restrictions on the communication unit's communication functions will be lifted. [Brief explanation of the drawing]
[0009] [Figure 1] A block diagram showing the configuration of an information device according to this embodiment. [Figure 2] A flowchart illustrating the startup operation of an information device according to this embodiment. [Modes for carrying out the invention]
[0010] [composition] Referring to Figure 1, the configuration of the information device 10 according to the embodiment will be described. Figure 1 is a diagram showing the configuration of the information device 10 according to the embodiment. The information device 10 is, for example, a computer, a tablet, a mobile terminal, etc.
[0011] The information device 10 includes a storage device 20, a control unit 30, and a communication unit 40. Although not shown in Figure 1, the information device 10 may further include an input / output interface, a display device, an input device, a touch panel, etc.
[0012] The storage device 20 is a storage device that conforms to the TCG Opal SSC (Trusted Computing Group Opal Security Subsystem Class) standard, which was standardized by the TCG (Trusted Computing Group). In other words, the storage device 20 is an Opal-compliant SED. The storage device 20 is, for example, a hard disk drive (HDD), a solid state drive (SSD), etc.
[0013] As mentioned above, the Opal-compliant SED (System-Encrypted Data Device) 20 has multiple storage areas for encrypting and storing data. Data includes not only program code and information such as operating systems and applications, but also data representing information such as text, images, and audio. In other words, data refers to all digital data.
[0014] The storage device 20 has a normal area 21 and a backup area 22. The normal area 21 stores the software that is normally used. The backup area 22 stores backups of the software.
[0015] The software normally used and stored in the normal area 21 consists of data representing the code and information of programs such as the OS and applications, which are regularly patched with security patches, as well as data representing user input information. This data is updated as needed.
[0016] The backup software stored in the backup area 22 is data representing the codes and information of programs such as the OS and applications at the time of release of the information device 10, and is digital data that is not updated. For example, the data representing the program information is data representing the version information of the backup program.
[0017] The normal area 21 is set to a readable and writable state by the control unit 30 under normal circumstances. Also, the backup area 22 is set to a non-readable and non-writable state by the control unit 30 under normal circumstances.
[0018] The communication unit 40 has a communication function for communicating with a server via a network. The server holds the latest version of the software and information on the vulnerabilities of each version of the software. The software mentioned here is data representing the codes and information of programs such as the OS and applications.
[0019] The control unit 30 controls the storage device 20 and the communication unit 40. Functionally, the control unit 30 has a tampering inspection unit 31 and an area switching unit 32.
[0020] The tampering inspection unit 31 inspects whether the software (OS) stored in the normal area 21 has been illegally tampered with when the software stored in the normal area 21 is started. For example, the tampering inspection is performed by a method using a hash function.
[0021] When the area switching unit 32 detects that the tampering inspection unit 31 has detected that the software in the normal area 21 has been illegally tampered with, it changes the normal area 21 to a non-readable and non-writable state and the backup area 22 to a readable and writable state, respectively. The change of the normal area 21 to a non-readable and non-writable state is for the post-analysis of illegal tampering (illegal rewriting) of the normal area 21.
[0022] The area switching unit 32 inquires the server via the communication unit 40 whether there are any known vulnerabilities in the software of the backup version stored in the backup area 22.
[0023] In response to the answer that there are no vulnerabilities, the area switching unit 32 activates the backup software.
[0024] In response to the answer that there are vulnerabilities, the area switching unit 32 restricts the communication function of the communication unit 40 to only the functions that are minimally necessary for downloading the latest version of the software. Specifically, the area switching unit 32 limits the connection destination to the program distribution server and closes all ports other than the ports necessary for downloading.
[0025] Subsequently, the area switching unit 32 downloads the latest version of the software with no problem in terms of vulnerabilities via the communication unit 40 and updates the backup software to the latest version of the software. Here, the update includes not only reinstalling the software but also restarting the information device 10 if necessary.
[0026] After that, the area switching unit 32 releases the restriction on the communication function of the communication unit 40. Specifically, the area switching unit 32 releases the limitation on the connection destination and opens all ports.
[0027] Also, the control unit 30 hardware-wise has a hardware processor and a main memory. For example, the hardware processor is a CPU (Central Processing Unit). The main memory has a ROM (Read Only Memory) and a RAM (Random Access Memory).
[0028] The control unit 30 reads programs and the like stored in the ROM and the storage device into the RAM, and by the hardware processor executing the program, the functions of the control unit 30, for example, the functions of the tampering inspection unit 31 and the area switching unit 32 are executed.
[0029] For example, the program that causes the hardware processor to execute the functions of the tamper-proofing unit 31 is stored in ROM. Similarly, the program that causes the hardware processor to execute the functions of the area switching unit 32 may also be stored in ROM. In addition, the program that causes the hardware processor to execute some of the functions of the area switching unit 32, such as the function to control (restrict / unrestrict) the communication functions of the communication unit 40, or the function to download and update to the latest version of the software, may be stored in the backup area 22 of the storage device 20.
[0030] [Operation] Next, the startup operation of the information device 10 will be described with reference to Figure 2. Figure 2 is a flowchart showing the startup operation of the information device 10 according to this embodiment. The startup operation is performed by the hardware processor of the control unit 30 executing the startup program loaded into RAM. At the time of startup of the information device 10, the storage device 20 is set by the control unit 30 so that the normal area 21 is readable and writable, and the backup area 22 is not readable and writable.
[0031] In Act 1, the tampering inspection unit 31 checks whether the software (OS) stored in the normal area 21 has been illegally tampered with when the software stored in the normal area 21 is started.
[0032] If, as a result of the determination in Act 2, the tampering inspection unit 31 does not detect that the software in the normal area 21 has been illegally tampered with (No in Act 2), then in Act 3, the control unit 30 starts the software stored in the normal area 21.
[0033] If, as a result of the determination in Act 2, the tampering inspection unit 31 detects that the software in the normal area 21 has been illegally tampered with (Yes in Act 2), then in Act 4, the area switching unit 32 of the control unit 30 changes the normal area 21 to a state where it cannot be read or written, and the backup area 22 to a state where it can be read or written.
[0034] Next, in Act 5, the area switching unit 32 queries the server via the communication unit 40 to check whether there are any known vulnerabilities in the backup software stored in the backup area 22. That is, the area switching unit 32 sends information about the backup version to the server and receives information from the server about whether or not there are vulnerabilities in that version of the software.
[0035] If the result of the assessment in Act 6 indicates that there are no vulnerabilities (No in Act 6), then in Act 7, the area switching unit 32 starts the backup software stored in the backup area 22.
[0036] If the result of the assessment in Act 6 indicates that there is a vulnerability (Yes in Act 6), then in Act 8, the area switching unit 32 restricts the communication functions of the communication unit 40 to only the minimum functions necessary to download the latest version of the software.
[0037] Next, in Act 9, the area switching unit 32 downloads the latest version of the software from the server via the communication unit 40.
[0038] Next, in Act 10, the area switching unit 32 updates the backup software stored in the backup area 22 to the latest version. In other words, the area switching unit 32 reinstalls the software stored in the backup area 22.
[0039] Subsequently, in Act 11, the area switching unit 32 starts the reinstalled software stored in the backup area 22. When starting the reinstalled software, the area switching unit 32 restarts the information device 10 if necessary.
[0040] Next, in Act 12, the region switching unit 32 releases the restriction on the communication function of the communication unit 40 that was performed in Act 8.
[0041] [effect] In this embodiment, when the normally used software stored in the normal area 21 is started, the information device 10 checks whether the normally used software has been tampered with. If the normally used software has been tampered with, it queries the server to check if there are any vulnerabilities in the backup software. If the server responds that there are no vulnerabilities, it starts the backup software. If the server responds that there are vulnerabilities, it updates the backup software to the latest version while restricting the communication functions of the communication unit to only the minimum necessary functions, and then removes the restrictions on the communication functions of the communication unit. This allows the information device 10 to start up without using a vulnerable version of the software.
[0042] The program according to this embodiment may be transferred while stored on an electronic device, or it may be transferred while not stored on an electronic device. In the latter case, the program may be transferred via a network, or it may be transferred while stored on a storage medium. The storage medium is a non-temporary tangible medium. The storage medium is a computer-readable medium. The storage medium can be any medium that is capable of storing a program and is readable by a computer, such as a CD-ROM or memory card, and its form is not limited.
[0043] While several embodiments of the present invention have been described, these embodiments are presented as examples only and are not intended to limit the scope of the invention. These novel embodiments can be carried out in a variety of other forms, and various omissions, substitutions, and modifications can be made without departing from the spirit of the invention. These embodiments and their variations are included in the scope and spirit of the invention, as well as in the claims of the invention and its equivalents. The invention described in the original claims of this application is listed below. [1] A storage device having a normal area for storing commonly used software and a backup area for storing backups of said software, A communication unit having a communication function that communicates with a server that holds the latest version of the software and information on vulnerabilities in each version of the software, The storage device and the control unit that controls the communication unit, It has, The control unit, A tampering inspection unit checks whether the software stored in the normal area has been tampered with when the software stored in the normal area is started. If the tampering inspection unit detects that the software in the normal area has been tampered with, the area switching unit queries the server via the communication unit to check for known vulnerabilities in the backup version of the software. If the server responds that there are no vulnerabilities, the server starts the backup software. If the server responds that there are vulnerabilities, the server restricts the communication functions of the communication unit to only those necessary to download the latest version of the software. The server then downloads the latest version of the software via the communication unit, updates the backup software to the latest version, and then removes the restriction on the communication functions of the communication unit. Information equipment. [2] The control unit has a hardware processor, The aforementioned backup area stores a program in the hardware processor that restricts the communication functions of the communication unit. Information equipment as described in [1]. [3] A computer in an information device comprising: a storage device having a normal area for storing commonly used software and a backup area for storing backups of the software; and a communication unit having a communication function for communicating with a server that holds the latest version of the software and information on vulnerabilities in each version of the software; A function to check whether the software stored in the normal area has been tampered with when the software stored in the normal area is started. If the inspection detects that the software in the normal area has been tampered with, the communication unit has a function to query the server whether the backup version of the software has any known vulnerabilities. In response to the aforementioned inquiry, the answer was that there are no vulnerabilities, and the function to launch the backup software, In response to the aforementioned inquiry, the answer given was that there is a vulnerability, and the communication functions of the communication unit are restricted to only the minimum functions necessary to download the latest version of the software, and after the latest version of the software is downloaded via the communication unit and the backup software is updated to the latest version of the software, the restriction on the communication functions of the communication unit is lifted. A startup program to achieve this. [Explanation of symbols]
[0044] 10... Information equipment, 20... Storage device, 21... Normal area, 22... Backup area, 30... Control unit, 31... Tampering inspection unit, 32... Area switching unit, 40... Communication unit.
Claims
1. A storage device having a normal area for storing commonly used software and a backup area for storing backups of said software, A communication unit having a communication function that communicates with a server that holds the latest version of the software and information on vulnerabilities in each version of the software, The storage device and the control unit that controls the communication unit, It has, The control unit, A tampering inspection unit checks whether the software stored in the normal area has been tampered with when the software stored in the normal area is started. If the tampering inspection unit detects that the software in the normal area has been tampered with, the area switching unit queries the server via the communication unit to check if there are any known vulnerabilities in the backup version of the software. If the server responds that there are no vulnerabilities, the unit starts the backup software. If the server responds that there are vulnerabilities, the unit restricts the communication function of the communication unit to only the function of downloading the latest version of the software. The unit then downloads the latest version of the software via the communication unit, updates the backup software to the latest version, and then removes the restriction on the communication function of the communication unit. Information equipment.
2. The control unit has a hardware processor, The aforementioned backup area stores a program in the hardware processor that restricts the communication functions of the communication unit. The information device according to claim 1.
3. A computer in an information device comprising: a storage device having a normal area for storing commonly used software and a backup area for storing backups of the software; and a communication unit having a communication function for communicating with a server that holds the latest version of the software and information on vulnerabilities in each version of the software; A function to check whether the software stored in the normal area has been tampered with when the software stored in the normal area is started. If the inspection detects that the software in the normal area has been tampered with, the communication unit has a function to query the server whether the backup version of the software has any known vulnerabilities. In response to the aforementioned inquiry, the answer was that there are no vulnerabilities, and the function to launch the backup software, In response to the aforementioned inquiry, the response was that there was a vulnerability, and the communication function of the communication unit was restricted to only the function of downloading the latest version of the software, and after downloading the latest version of the software via the communication unit and updating the backup software to the latest version of the software, the restriction on the communication function of the communication unit was lifted. A startup program to achieve this.