US20110107079A1 - Target device, method and system for managing device, and external device - Google Patents

Target device, method and system for managing device, and external device Download PDF

Info

Publication number
US20110107079A1
US20110107079A1 US12/872,627 US87262710A US2011107079A1 US 20110107079 A1 US20110107079 A1 US 20110107079A1 US 87262710 A US87262710 A US 87262710A US 2011107079 A1 US2011107079 A1 US 2011107079A1
Authority
US
United States
Prior art keywords
information
unit
target device
canceled
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US12/872,627
Inventor
Kouichi Minami
Seigo Kotani
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fujitsu Ltd
PFU Ltd
Original Assignee
Fujitsu Ltd
PFU Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fujitsu Ltd, PFU Ltd filed Critical Fujitsu Ltd
Priority to US12/872,627 priority Critical patent/US20110107079A1/en
Assigned to PFU LIMITED, FUJITSU LIMITED reassignment PFU LIMITED ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: KOTANI, SEIGO, MINAMI, KOUICHI
Publication of US20110107079A1 publication Critical patent/US20110107079A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G03PHOTOGRAPHY; CINEMATOGRAPHY; ANALOGOUS TECHNIQUES USING WAVES OTHER THAN OPTICAL WAVES; ELECTROGRAPHY; HOLOGRAPHY
    • G03GELECTROGRAPHY; ELECTROPHOTOGRAPHY; MAGNETOGRAPHY
    • G03G15/00Apparatus for electrographic processes using a charge pattern
    • G03G15/50Machine control of apparatus for electrographic processes using a charge pattern, e.g. regulating differents parts of the machine, multimode copiers, microprocessor control
    • G03G15/5075Remote control machines, e.g. by a host
    • G03G15/5079Remote control machines, e.g. by a host for maintenance
    • GPHYSICS
    • G03PHOTOGRAPHY; CINEMATOGRAPHY; ANALOGOUS TECHNIQUES USING WAVES OTHER THAN OPTICAL WAVES; ELECTROGRAPHY; HOLOGRAPHY
    • G03GELECTROGRAPHY; ELECTROPHOTOGRAPHY; MAGNETOGRAPHY
    • G03G15/00Apparatus for electrographic processes using a charge pattern
    • G03G15/55Self-diagnostics; Malfunction or lifetime display
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2115Third party

Definitions

  • the present invention relates to a target device such as an image reading device, a device management system, a device management method, and an external device.
  • a remote maintenance system collectively conducting remote monitoring of target devices such as a plurality of types of terminal devices exists (see, e.g., Japanese Patent Application Laid-open No. 1995-210729).
  • a remote maintenance system that can remotely write latest programs to target devices also exists (see, e.g., Japanese Patent Application Laid-open No. 2000-267857).
  • TCG Trusted Computing Group
  • TPM Trusted Platform Module
  • the conventional arts had problems that validity and identity cannot be confirmed if a part of the units composing the target device is illicitly tampered or replaced when remotely using or managing (maintaining, etc) the target devices.
  • a target device includes at least one unit that includes a tamper-resistant chip.
  • the tamper-resistant chip includes a device-information storing unit that stores device information specific to the unit; and a confidential-key storing unit that stores a confidential key.
  • a device management system is configured with a target device including at least one unit that includes a tamper-resistant chip, a management apparatus that manages or uses the target device, and an authentication apparatus, connected via a network in a communicable manner.
  • the management apparatus includes a requesting unit that transmits a unit-information confirmation request to the target device.
  • the target device includes a request receiving unit that receives transmitted unit-information confirmation request; and a transmitting unit that encrypts device information including unit information that includes a unit identification number stored in the tamper-resistant chip with a confidential key stored in the tamper-resistant chip, and transmits encrypted device information to the authentication apparatus, for each unit.
  • the authentication apparatus includes a device-information receiving unit that receives the device information; and an evaluation unit that decrypts received device information, evaluates whether decrypted device information corresponds to device information that is stored in a database of the authentication apparatus in advance, and transmits a result of evaluation to the target device and the management apparatus.
  • a device management system is configured with a target device including at least one unit that includes a tamper-resistant chip, a management apparatus that manages or uses the target device, and an authentication apparatus, connected via a network in a communicable manner.
  • the management apparatus includes a requesting unit that transmits a unit-program confirmation request to the target device.
  • the target device includes a request receiving unit that receives transmitted unit-program confirmation request; and a first transmitting unit that encrypts device information including unit information that includes a unit identification number stored in the tamper-resistant chip and program-version information relating to a version of a program that is executed by the unit with a confidential key stored in the tamper-resistant chip, and transmits encrypted device information to the authentication apparatus, for each unit.
  • the authentication apparatus includes a device-information receiving unit that receives the device information; and a second transmitting unit that decrypts received device information, evaluates whether a correspondence relationship between the unit identification number and the program-version information included in the device information matches with a correspondence relationship between unit identification number and program-version information stored in a database of the authentication apparatus in advance, when the relationships do not match, acquires a program file corresponding to a correct program version from the database, and transmits acquired program file to the target device.
  • a device management system is configured with a target device configured with at least one unit that includes a tamper-resistant chip including a device-information storing unit that stores device information specific to a unit and a confidential-key storing unit that stores a confidential key, and an external device that manages or uses the target device, connected via a network in a communicable manner.
  • the target device includes an encrypting unit that encrypts stored device information using the confidential key; and a first transmitting unit that transmits encrypted device information to the external device connected to the target device.
  • the external device includes a device-information receiving unit that receives transmitted device information; an evaluating unit that decrypts received device information, and evaluates whether the device information corresponds to device information that is stored in a database in advance; and a second transmitting unit that transmits a result of evaluation by the evaluating unit to the target device.
  • a device management method is for a device management system in which a target device configured with at least one unit that includes a tamper-resistant chip including a device-information storing unit that stores device information specific to a unit and a confidential-key storing unit that stores a confidential key, and an external device that manages or uses the target device are connected via a network in a communicable manner.
  • the device management method includes encrypting including the target device encrypting the device information using the confidential key; transmitting including the target device transmitting encrypted device information to the external device connected to the target device; receiving including the external device receiving transmitted device information; evaluating including the external device decrypting received device information, the external device evaluating whether the device information corresponds to device information that is stored in a database in advance, and the external device transmitting a result of evaluation the target device.
  • An external device manages or uses a target device that is configured with at least one unit that includes a tamper-resistant chip including a device-information storing unit that stores device information specific to a unit and a confidential-key storing unit that stores a confidential key.
  • the external device is connected to the target device via a network in a communicable manner.
  • the external device includes a device-information receiving unit that receives, upon the target device encrypting stored device information using the confidential key and transmitting encrypted device information, transmitted device information; an evaluating unit that decrypts received device information, and evaluates whether the device information corresponds to device information that is stored in a database in advance; and a transmitting unit that transmits a result of evaluation by the evaluating unit to the target device.
  • FIG. 1 is a schematic diagram for explaining a fundamental principle of the present invention
  • FIG. 2 is a block diagram of an example of an image reading device to which the present invention is applied;
  • FIG. 3 is a block diagram of an example of a TPM chip to which the present invention is applied;
  • FIG. 4 is a block diagram of an example of a management apparatus and an authentication apparatus to which the present invention is applied;
  • FIG. 5 is a block diagram of an example of a database stored in a storage device of the authentication apparatus
  • FIG. 6 is a flowchart of a processing procedure for a unit-information confirmation process of a system according to an embodiment of the present invention
  • FIG. 7 is a flowchart of a processing procedure for a unit-program confirmation process of the system according to the present embodiment
  • FIG. 8 is a block diagram for explaining an example of an inter-unit authentication process of the system according to the present embodiment.
  • FIG. 9 is a block diagram for explaining an example of a management process of an expendable part of the system according to the present embodiment.
  • FIG. 1 is a schematic diagram for explaining a fundamental principle of the present invention.
  • the present invention has following fundamental features.
  • the system is roughly configured by communicably connecting through a network 400 , a target device (for example, image reading device 100 ) having one or more than two units at least including a chip having tamper resistance (for example, TPM chip 10 ), a management apparatus 200 that manages or uses the target device 100 , and an authentication apparatus having a DB 350 for authentication.
  • the management apparatus 200 and the authentication apparatus 300 conceptually function as external devices connected to the target device through the network 400 .
  • a chip (TPM chip 10 ) is installed in each unit, the chip that gathers, stores, and signs device information of each unit having tamper resistance at the target device 100 configured with one or a plurality of units (units A to C of FIG. 1 ).
  • TPM chip 10 is fixed in a housing of each unit so that the chip cannot be easily removed from outside, and the units can be configured so that the units cannot operate when the TPM chips 10 are removed.
  • the “device information” at least includes one of unit information at least including a unit identification number, expendable-part information relating to an expendable part, program-version information relating to a version of the program, measurement-value information relating to environment of the unit at least including a temperature, a humidity, and an altitude, setting information of the unit during operation, and operation-result information relating to an operation result of the unit.
  • the TPM chip 10 includes a device-information storing unit that stores device information specific to the unit and a confidential-key storing unit that stores a confidential key.
  • each unit includes an other-unit device-information storing unit that stores device information of another device, an encrypting unit that encrypts the device information stored in the device-information storing unit using the confidential key stored in the confidential-key storing unit, an inter-unit transmitting unit that transmits the device information encrypted by the encrypting unit to another unit, a decrypting unit that decrypts the device information transmitted by the inter-unit transmitting unit using the confidential key stored in the confidential-key storing unit, an inter-unit inspecting unit that inspects whether the device information decrypted by the decrypting unit corresponds to the device information stored in the other-unit device-information storing unit, and an external device transmitting unit that transmits the device information encrypted by the encrypting unit to the external device connected to the target device.
  • the external device (the management apparatus or the authentication apparatus) includes a device-information receiving unit that receives the device information transmitted from the external device transmitting unit, an evaluating unit that decrypts the device information received by the device-information receiving unit to evaluate whether the device information corresponds to device information preliminarily stored in the database, and an evaluation result transmitting unit that transmits the evaluation result of the evaluating unit to the target device.
  • the system configured as described above encrypts the device information using the confidential key stored in the TPM chip 10 , and then transmits the device information to the authentication apparatus 300 (step S- 2 ).
  • the authentication apparatus 300 After decrypting the device information with reference to registered contents of the DB 350 , the authentication apparatus 300 determines which device a destination of information transmitted from the target device and evaluates validity of the contents of each unit information, etc., (step S- 3 and step S- 4 ). The authentication apparatus 300 then transmits the evaluation result to the target device 100 or the management apparatus 200 (step S- 5 ).
  • the external device (management apparatus 200 or authentication apparatus 300 ) includes an operation-information storing unit that stores operation information corresponding to each information included in the device information, a device-information receiving unit that receives the transmitted device information, an operation extracting unit that decrypts the device information received by the device-information receiving unit to extract operation information stored in the operation-information storing unit corresponding to the device information, and a operation information transmitting unit that transmits the operation information extracted by the operation extracting unit to the target device or other external devices.
  • the target device 100 and the management apparatus 200 separate the target device 100 from the network when determined by the evaluation result to be unusable. 2) The target device 100 displays an alarm itself. 3) The target device 100 cuts off power supply itself. 4) The management apparatus 200 halts starting up the system. 5) The management apparatus 200 transmits to other external devices in the system that the target device 100 is unusable. 6) Transmit a message to the target device 100 or other external devices, the message that notifies a service unit of information of a unit that should be replaced. 7) Transmit a message to the target device 100 or other external devices, the message that notifies a supplier of information of an expendable part that should be replaced. 8) The target device 100 and the management apparatus 200 update a program.
  • a case of the target device 100 and the management apparatus 200 updating a program shown in 8 ) above will be described as one example of the operation information.
  • the system in response to a unit-program confirmation request (step S- 1 ), the system encrypts unit information at least including a unit identification number stored in a chip and device information including program-version information relating to a version of a program executed by a unit, using the confidential key stored in the TPM chip 10 , and the system transmits the encrypted information to the authentication apparatus 300 (step S- 2 ).
  • the authentication apparatus 300 After decrypting the device information with reference to the registered contents of the DB 350 , the authentication apparatus 300 determines from which target device 100 the device information is transmitted and evaluates whether the correspondence relationship between the unit identification number included in the device information and the program-version information corresponds to the correspondence relationship between the unit identification number preliminarily stored in the DB 350 of the authentication apparatus 300 and the program-version information (step S- 3 and step S- 4 ). When the relationships do not correspond, the authentication apparatus 300 acquires a program corresponding to the correct program version from the DB 350 , and the authentication apparatus 300 then extracts operation information from the operation-information storing unit (for example, DB 350 ) to transmit to the target device 100 and transmits the operation information (step S- 6 ).
  • the operation-information storing unit for example, DB 350
  • the system may be configured such that only predetermined individuals can execute processing.
  • FIG. 2 is a block diagram of an example of the image reading device 100 to which the present invention is applied, in which only parts of the configuration related to the present invention are conceptually illustrated.
  • the image reading device 100 is configured to at least roughly provide a mechanical unit 110 , an optical unit 130 , and a control unit.
  • a TPM chip 10 that is a chip having tamper resistance and that gathers information related to the units and stores the information is installed.
  • Device information, a confidential key required for signature and encryption, etc., are stored in the TPM chip 10 , and individual authentication functions such as a fingerprint may also be installed.
  • the TPM chip 10 is fixed in the housing of each unit in a manner that the chip cannot be easily removed from outside, and the unit is configured so that the unit cannot operate when the chip is removed.
  • an automatic paper feeding (APF) unit/flat bed unit including a motor, a sensor, etc., and a TPM chip 10 are interconnected through a unit interface.
  • APF automatic paper feeding
  • control unit 120 an MPU, a memory device storing a control program, an image processing unit, a fingerprint acquiring unit, an external interface, a RAM, and TPM chip 10 are interconnected through the unit interface.
  • a CCD In the optical unit 130 , a CCD, an optical system device including a light source, etc., and a TPM chip 10 are interconnected through the unit interface.
  • the environment of the unit may be measured at each unit ( 110 , 120 , and 130 ) and various sensors may also be provided.
  • FIG. 3 is a block diagram of an example of the TPM chip 10 to which the present invention is applied, in which only parts of the configuration related to the present invention are conceptually illustrated.
  • the TPM chip 10 is configured to at least include an MPU 11 , a control program 12 that controls a unit, a confidential-key file 13 that encrypts device information, a unit-information file 14 that stores unit information at least including a unit identification number, an individual-authentication-information file 15 that stores fingerprint information for individual authentication, etc., program-version information relating to a version executed by a unit, expendable-part information relating to an expendable part, a measurement value relating to the environment of a unit (temperature, humidity, altitude, etc), setting information of a unit during operation, and a RAM 16 that stores log information, etc., including the operation result.
  • FIG. 4 is a block diagram of an example of the management apparatus 200 and the authentication apparatus 300 to which the present invention is applied, in which only parts of the configurations related to the present invention are conceptually illustrated.
  • the management apparatus 200 and the authentication apparatus 300 may be configured with a commercially available information processing device such as a workstation and a personal computer or with an attached device thereof. Functions of the management apparatus 200 and the authentication apparatus 300 are realized by a control device such as a CPU configuring a hardware, a hard disk drive, a storage device such as a memory device (RAM, ROM, etc), an input device, an output device, an input/output controlling interface, a communication controlling interface, programs controlling the devices, etc.
  • a control device such as a CPU configuring a hardware, a hard disk drive, a storage device such as a memory device (RAM, ROM, etc), an input device, an output device, an input/output controlling interface, a communication controlling interface, programs controlling the devices, etc.
  • FIG. 5 is a block diagram of an example of the DB 350 stored in the authentication apparatus 300 , in which only parts of the configuration related to the present invention are conceptually illustrated.
  • the DB 350 is configured to at least provide a device-information DB 351 , an individual-authentication-information DB 352 , and a program DB 353 .
  • the device-information DB 351 stores by associating unit information including the unit identification number that constitutes the target device, information relating to the measurement values regarding the environment of the unit at least including a temperature, a humidity, and an altitude, log information including the device information and the operation results during unit operation, etc.
  • the “unit information” may include, in addition to the unit identification number, a product name, a name of the manufacturer, a version, etc.
  • the individual-authentication-information DB 352 stores by mutually associating the authentication information relating to an individual allowed to operate the object device (for example, a password and fingerprint information).
  • the program DB 353 stores by mutually associating a unit identification number, program-version information relating to a version of the program executed by the unit, and a program file corresponding to the version.
  • the program DB 353 is described as an example of the operation information database, other than this, an expendable part database that stores by mutually associating an expandable part, a durable number of uses and period, etc., may be used.
  • FIG. 6 is a flowchart of a processing procedure for the unit-information confirmation process according to the present embodiment.
  • the management apparatus 200 transmits a unit-information confirmation request to the target device 100 (unit-information confirmation requesting unit: step SA- 1 ).
  • the request may be conducted from the target device 100 .
  • the target device 100 then receives the unit-information confirmation request (unit-information confirmation requesting unit: SA- 2 ).
  • the target device 100 For each unit, the target device 100 encrypts the device information including the unit information that at least includes the unit identification number stored in the TPM chip 10 with the confidential key stored in the chip, and the target device 100 transmits the information to the authentication apparatus 300 (device information transmitting unit: SA- 3 ).
  • the object information 100 receives the request, and for example, the TPM chip 10 of the control unit 120 gathers unit information (unit identification number, etc.) of the TPM chip 10 of the units ( 110 , 120 , and 130 ), and
  • the authentication apparatus 300 then receives the device information (device-information receiving unit: step SA- 4 ).
  • the authentication apparatus 300 decrypts the received device information with a corresponding key (a public key, etc) and evaluates whether the device information corresponds to the registered contents of the device information preliminarily stored in the DB 350 (the device-information DB 351 ), and the authentication apparatus 300 transmits the evaluation result to the target device 100 and the management apparatus 200 (evaluating unit: step SA- 5 ).
  • a corresponding key a public key, etc
  • the authentication apparatus 300 By decrypting the transmitted device information with the public key, the authentication apparatus 300 identifies the target device 100 that transmitted the data, and the authentication apparatus 300 obtains the unit information (unit identification number, etc.) of the target device 100 preliminarily registered in the DB 350 and compares the unit information with the transmitted unit information. The authentication apparatus 300 then makes a report of evaluation results of whether the device information correspond or which part is different, etc., and transmits the report to the device that sent out the request.
  • the unit information unit identification number, etc.
  • the evaluation results may be encrypted with the public key. By encrypting with the public key, the apparatus that received the report of the evaluation results can confirm that the evaluation results are transmitted from a safe authentication apparatus.
  • the device information may include measurement values relating to the environment of the device such as a temperature, a humidity, and an altitude, or may include operation values of each unit (a light quantity, an image processing value, an operation value of a mechanism, a sensor level, etc.), or the device information may include log information such as an operation result of the unit (error information).
  • FIG. 7 is a flowchart of a processing procedure for the unit-program confirmation process of the system according to the present embodiment.
  • the management apparatus 200 transmits a unit-program confirmation request to the target device 100 (unit-program confirmation request unit: step SB- 1 ).
  • the request may be conducted from the target device 100 .
  • the target device 100 then receives the unit-program confirmation request (unit-program confirmation request receiving unit: step SB- 2 ).
  • the target device 100 For each unit, the target device 100 encrypts, with the public key stored in the TPM chip 10 , the unit information at least including the unit identification number stored in the TPM chip 10 and the device information including the program-version information relating to the version of the program executed by the unit, and the target device 100 then transmits the information to the authentication apparatus 300 (device information transmitting unit: step SB- 3 ).
  • the TPM chip 10 of the control unit 120 gathers device information including the unit information (unit identification number, etc.) of the units ( 110 , 120 , and 130 ), program-version information, etc., and the TPM chip 10 encrypts the information with the confidential key and transmits the information to the authentication apparatus 300 .
  • the authentication apparatus 300 then receives the device information (device-information receiving unit: step SB- 4 ).
  • the authentication apparatus 300 decrypts the received device information and evaluates whether the correspondence relationship of the unit identification number included in the device information and the program-version information corresponds to the correspondence relationship of the unit identification number preliminarily stored in the DB 350 (program DB 353 ) of the authentication apparatus 300 and the program-version information, and when the correspondence relationships do not correspond, the authentication apparatus 300 acquires a program file corresponding to the correct program version from the program DB 353 and transmits the program file to the target device (program transmitting unit: step SB- 5 ).
  • the authentication apparatus 300 acquires the unit information (unit identification number) of the target device 100 preliminarily registered in the program DB 353 and the corresponding program-version information and then compares the information with the transmitted device information. When the unit information (unit identification number) and the program version are different, the authentication apparatus 300 transmits the program file of the correct version.
  • the program file may be encrypted with the public key and transmitted to the target device 100 .
  • Receiving the program the target device 100 decrypts the program with the public key, and the target device 100 can confirm that the program is transmitted from the safe authentication apparatus 300 .
  • the program includes a program necessary to use the target device (for example, a driver software), etc.
  • FIG. 8 is a block diagram for explaining an example of the inter-unit authentication process of the system according to the present embodiment.
  • the image reading device 100 such as an image scanner consists of the mechanical unit 110 , the control unit 120 , and the optical unit 130 .
  • TPM chip 10 of each unit specific information such as a version of the unit and a program version is stored.
  • information of other units usable by the unit is also stored.
  • each unit encrypts (signs) the device information using the confidential key stored in the TPM chip 10 having tamper resistance and transmits the information to another unit.
  • the device information may be converted to a hash value and transmitted.
  • the unit that received the information then decrypts the device information and determines whether the information is transmitted from an authorized unit and from which unit the information is transmitted. The unit that received the information further determines, from the contents of the device information, whether the unit is usable.
  • the compliance determination is conducted, for example, when a version B and a version C of the mechanical unit 110 are usable for a version A of the control unit 120 and the version A is unusable.
  • the image reading device 100 switches to an operable state.
  • the image reading device 100 displays an alarm, and transmits an error signal through the control unit 120 .
  • FIG. 9 is a block diagram for explaining an example of the management process of an expendable part of the system according to the present embodiment.
  • the image reading device 100 such as an image scanner consists of the mechanical unit 110 , the control unit 120 , and the optical unit 130 .
  • the image reading device 100 includes expendable parts such as a roller, a pad, and a lamp.
  • An expendable part is a part that the characteristics deteriorate after certain time and certain operations and that requires to be replaced by a new part, such as a toner cartridge or a photosensitive drum in a printer.
  • the replacing timing of the roller and the pad can be recognized from the number of operations of a motor and the replacing timing of the lamp can be recognized from the lighting time.
  • This information is stored in an expendable-part-managing file of the control unit 120 .
  • the TPM chip 10 of the control unit 120 gathers information of the expendable parts and creates device information, and the TPM chip 10 then attaches a signature (encrypts with a confidential key) to the information and transmits the information to the authentication apparatus.
  • the authentication apparatus 300 can specify the image reading device 100 that transmitted the device information.
  • the authentication apparatus 300 then acquires preliminarily registered device information (expendable-part information) of the image reading device 100 from the DB 350 and compares (evaluates) the information with the transmitted expendable-part information.
  • the authentication apparatus 300 notifies the evaluation result to the scanner device or the management apparatus.
  • the authentication apparatus 300 notifies an evaluation result of a caution level when the lighting time exceeds 1800 hours and notifies an evaluation result of a warning level when the lighting time exceeds 2000 hours.
  • the present invention may be configured by installing an individual authentication device in the target device or in the management apparatus 200 for the processes described above so that only individuals (for example, a system administrator and a maintenance person) specified by the device can conduct the processes.
  • all or arbitrary parts of the processing functions provided by the units of the controlling device or by the devices can be realized by the CPU (Central Processing Unit) or by the programs interpreted and executed by the CPU, or the processing functions can be realized as a hardware with wired logic.
  • the programs are stored in a recording medium described below, and the controlling device mechanically reads the programs as necessary.
  • a computer program In a storage device such as a ROM or an HD, a computer program is stored that collaborates with an OS (Operating System) and gives a command to the CPU to conduct various processes.
  • the computer program is executed by being loaded to a RAM, etc., and the computer program collaborates with the CPU and configures the controlling apparatus.
  • the computer program may be recorded in an application program server connected through an arbitrary network, and all or a part of the computer program can be downloaded as necessary.
  • the programs of the present invention can be stored in computer readable recording media.
  • the “recording media” include arbitrary “portable physical media” such as a flexible disk, a magneto-optical disk, a ROM, an EPROM, an EEPROM, a CD-ROM, an MO, a DVD, arbitrary “fixed physical media” such as a ROM, a RAM, an HD that are mounted on various computer systems, and “communication media” that hold the programs for a short period such as a communication line and a carrier wave when transmitting the programs through the network represented by a LAN, a WAN, and Internet.
  • the “program” is a data processing method described with an arbitrary language or a description method, and the program can be any format such as in source code or in binary code.
  • the “program” is not necessarily limited to a single configuration, but includes the programs having dispersed configurations with a plurality of modules or libraries and the programs achieving functions by collaborating with other programs represented by an OS (Operating System).
  • OS Operating System
  • Known configurations and procedures can be used for, such as, specific configurations for reading the recording media at each unit according to the present embodiment, reading procedures, and installing procedures after reading.
  • each database may be independently configured as an independent database device, and a part of the processes may be realized by using the CGI (Common Gateway Interface).
  • CGI Common Gateway Interface
  • the target device, the device management system, the device management method, and the external device of the present invention accomplish successful outcomes of accurately figuring out current states of the apparatuses and of safely and surely determining whether the apparatuses are properly used and whether the apparatuses are set up in proper states.

Abstract

A device management system is configured with a target device including at least one unit that includes a tamper-resistant chip, a management apparatus that manages or uses the target device, and an authentication apparatus including a database for authentication, connected via a network in a communicable manner. In the target device, each unit is equipped with the tamper-resistant chip that collects device information specific to a unit, stores collected device information, and stores a confidential-key.

Description

    RELATED APPLICATIONS
  • The present application is a continuation of U.S. application Ser. No. 11/624,082, filed on Jan. 17, 2007, which is based on, and claims priority from, Japanese Application Number 2006-010354, filed Jan. 18, 2006 and Japanese Application number 2006-158718, filed Jun. 7, 2006, the disclosures of which are hereby incorporated by reference herein in their entirety.
  • BACKGROUND OF THE INVENTION
  • 1. Field of the Invention
  • The present invention relates to a target device such as an image reading device, a device management system, a device management method, and an external device.
  • 2. Description of the Related Art
  • Conventionally, a remote maintenance system collectively conducting remote monitoring of target devices such as a plurality of types of terminal devices exists (see, e.g., Japanese Patent Application Laid-open No. 1995-210729). A remote maintenance system that can remotely write latest programs to target devices also exists (see, e.g., Japanese Patent Application Laid-open No. 2000-267857).
  • In respect to the security enhancement that each enterprise individually pursued, enterprises with technology providing a PC platform assembled to form TCG (Trusted Computing Group), addressing to create new hardware/software having higher reliability and safety as an industry group. In the TCG, specifications of a TPM (Trusted Platform Module) chip pertaining to a security chip are stipulated for the computing platform (see Japanese Patent Application Laid-open No. 2005-317026).
  • However, conventional remote maintenance systems shown in Japanese Patent Application Laid-open Nos. 1995-210729 and 2000-267857 had problems that identity and validity of units composing the target devices cannot be ensured.
  • In other words, the conventional arts had problems that validity and identity cannot be confirmed if a part of the units composing the target device is illicitly tampered or replaced when remotely using or managing (maintaining, etc) the target devices.
  • SUMMARY OF THE INVENTION
  • It is an object of the present invention to at least partially solve the problems in the conventional technology.
  • A target device according to one aspect of the present invention includes at least one unit that includes a tamper-resistant chip. The tamper-resistant chip includes a device-information storing unit that stores device information specific to the unit; and a confidential-key storing unit that stores a confidential key.
  • A device management system according to another aspect of the present invention is configured with a target device including at least one unit that includes a tamper-resistant chip, a management apparatus that manages or uses the target device, and an authentication apparatus, connected via a network in a communicable manner. The management apparatus includes a requesting unit that transmits a unit-information confirmation request to the target device. The target device includes a request receiving unit that receives transmitted unit-information confirmation request; and a transmitting unit that encrypts device information including unit information that includes a unit identification number stored in the tamper-resistant chip with a confidential key stored in the tamper-resistant chip, and transmits encrypted device information to the authentication apparatus, for each unit. The authentication apparatus includes a device-information receiving unit that receives the device information; and an evaluation unit that decrypts received device information, evaluates whether decrypted device information corresponds to device information that is stored in a database of the authentication apparatus in advance, and transmits a result of evaluation to the target device and the management apparatus.
  • A device management system according to still another aspect of the present invention is configured with a target device including at least one unit that includes a tamper-resistant chip, a management apparatus that manages or uses the target device, and an authentication apparatus, connected via a network in a communicable manner. The management apparatus includes a requesting unit that transmits a unit-program confirmation request to the target device. The target device includes a request receiving unit that receives transmitted unit-program confirmation request; and a first transmitting unit that encrypts device information including unit information that includes a unit identification number stored in the tamper-resistant chip and program-version information relating to a version of a program that is executed by the unit with a confidential key stored in the tamper-resistant chip, and transmits encrypted device information to the authentication apparatus, for each unit. The authentication apparatus includes a device-information receiving unit that receives the device information; and a second transmitting unit that decrypts received device information, evaluates whether a correspondence relationship between the unit identification number and the program-version information included in the device information matches with a correspondence relationship between unit identification number and program-version information stored in a database of the authentication apparatus in advance, when the relationships do not match, acquires a program file corresponding to a correct program version from the database, and transmits acquired program file to the target device.
  • A device management system according to still another aspect of the present invention is configured with a target device configured with at least one unit that includes a tamper-resistant chip including a device-information storing unit that stores device information specific to a unit and a confidential-key storing unit that stores a confidential key, and an external device that manages or uses the target device, connected via a network in a communicable manner. The target device includes an encrypting unit that encrypts stored device information using the confidential key; and a first transmitting unit that transmits encrypted device information to the external device connected to the target device. The external device includes a device-information receiving unit that receives transmitted device information; an evaluating unit that decrypts received device information, and evaluates whether the device information corresponds to device information that is stored in a database in advance; and a second transmitting unit that transmits a result of evaluation by the evaluating unit to the target device.
  • A device management method according to still another aspect of the present invention is for a device management system in which a target device configured with at least one unit that includes a tamper-resistant chip including a device-information storing unit that stores device information specific to a unit and a confidential-key storing unit that stores a confidential key, and an external device that manages or uses the target device are connected via a network in a communicable manner. The device management method includes encrypting including the target device encrypting the device information using the confidential key; transmitting including the target device transmitting encrypted device information to the external device connected to the target device; receiving including the external device receiving transmitted device information; evaluating including the external device decrypting received device information, the external device evaluating whether the device information corresponds to device information that is stored in a database in advance, and the external device transmitting a result of evaluation the target device.
  • An external device according to still another aspect of the present invention manages or uses a target device that is configured with at least one unit that includes a tamper-resistant chip including a device-information storing unit that stores device information specific to a unit and a confidential-key storing unit that stores a confidential key. The external device is connected to the target device via a network in a communicable manner. The external device includes a device-information receiving unit that receives, upon the target device encrypting stored device information using the confidential key and transmitting encrypted device information, transmitted device information; an evaluating unit that decrypts received device information, and evaluates whether the device information corresponds to device information that is stored in a database in advance; and a transmitting unit that transmits a result of evaluation by the evaluating unit to the target device.
  • The above and other objects, features, advantages and technical and industrial significance of this invention will be better understood by reading the following detailed description of presently preferred embodiments of the invention, when considered in connection with the accompanying drawings.
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 1 is a schematic diagram for explaining a fundamental principle of the present invention;
  • FIG. 2 is a block diagram of an example of an image reading device to which the present invention is applied;
  • FIG. 3 is a block diagram of an example of a TPM chip to which the present invention is applied;
  • FIG. 4 is a block diagram of an example of a management apparatus and an authentication apparatus to which the present invention is applied;
  • FIG. 5 is a block diagram of an example of a database stored in a storage device of the authentication apparatus;
  • FIG. 6 is a flowchart of a processing procedure for a unit-information confirmation process of a system according to an embodiment of the present invention;
  • FIG. 7 is a flowchart of a processing procedure for a unit-program confirmation process of the system according to the present embodiment;
  • FIG. 8 is a block diagram for explaining an example of an inter-unit authentication process of the system according to the present embodiment; and
  • FIG. 9 is a block diagram for explaining an example of a management process of an expendable part of the system according to the present embodiment.
  • DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
  • Exemplary embodiments of the present invention will be described below in detail with reference to the accompanying drawings. However, the present invention is not limited to the present embodiments. Specifically, although an image reading device as a target device and a TPM chip as a chip having tamper resistance are cited as examples in the present embodiments, the present invention is not limited to the present embodiments.
  • FIG. 1 is a schematic diagram for explaining a fundamental principle of the present invention.
  • Briefly, the present invention has following fundamental features. The system is roughly configured by communicably connecting through a network 400, a target device (for example, image reading device 100) having one or more than two units at least including a chip having tamper resistance (for example, TPM chip 10), a management apparatus 200 that manages or uses the target device 100, and an authentication apparatus having a DB 350 for authentication. The management apparatus 200 and the authentication apparatus 300 conceptually function as external devices connected to the target device through the network 400.
  • In the system configured this way, a chip (TPM chip 10) is installed in each unit, the chip that gathers, stores, and signs device information of each unit having tamper resistance at the target device 100 configured with one or a plurality of units (units A to C of FIG. 1). TPM chip 10 is fixed in a housing of each unit so that the chip cannot be easily removed from outside, and the units can be configured so that the units cannot operate when the TPM chips 10 are removed.
  • The “device information” at least includes one of unit information at least including a unit identification number, expendable-part information relating to an expendable part, program-version information relating to a version of the program, measurement-value information relating to environment of the unit at least including a temperature, a humidity, and an altitude, setting information of the unit during operation, and operation-result information relating to an operation result of the unit.
  • In FIG. 1, the TPM chip 10 includes a device-information storing unit that stores device information specific to the unit and a confidential-key storing unit that stores a confidential key.
  • In FIG. 1, each unit includes an other-unit device-information storing unit that stores device information of another device, an encrypting unit that encrypts the device information stored in the device-information storing unit using the confidential key stored in the confidential-key storing unit, an inter-unit transmitting unit that transmits the device information encrypted by the encrypting unit to another unit, a decrypting unit that decrypts the device information transmitted by the inter-unit transmitting unit using the confidential key stored in the confidential-key storing unit, an inter-unit inspecting unit that inspects whether the device information decrypted by the decrypting unit corresponds to the device information stored in the other-unit device-information storing unit, and an external device transmitting unit that transmits the device information encrypted by the encrypting unit to the external device connected to the target device.
  • In FIG. 1, the external device (the management apparatus or the authentication apparatus) includes a device-information receiving unit that receives the device information transmitted from the external device transmitting unit, an evaluating unit that decrypts the device information received by the device-information receiving unit to evaluate whether the device information corresponds to device information preliminarily stored in the database, and an evaluation result transmitting unit that transmits the evaluation result of the evaluating unit to the target device.
  • As shown in FIG. 1, in response to a unit-information confirmation request from the management apparatus 200 that uses or manages the target device 100 (step S-1), the system configured as described above encrypts the device information using the confidential key stored in the TPM chip 10, and then transmits the device information to the authentication apparatus 300 (step S-2).
  • After decrypting the device information with reference to registered contents of the DB 350, the authentication apparatus 300 determines which device a destination of information transmitted from the target device and evaluates validity of the contents of each unit information, etc., (step S-3 and step S-4). The authentication apparatus 300 then transmits the evaluation result to the target device 100 or the management apparatus 200 (step S-5).
  • The external device (management apparatus 200 or authentication apparatus 300) includes an operation-information storing unit that stores operation information corresponding to each information included in the device information, a device-information receiving unit that receives the transmitted device information, an operation extracting unit that decrypts the device information received by the device-information receiving unit to extract operation information stored in the operation-information storing unit corresponding to the device information, and a operation information transmitting unit that transmits the operation information extracted by the operation extracting unit to the target device or other external devices.
  • One example of the contents of the operation information will now be shown below.
  • 1) The target device 100 and the management apparatus 200 separate the target device 100 from the network when determined by the evaluation result to be unusable.
    2) The target device 100 displays an alarm itself.
    3) The target device 100 cuts off power supply itself.
    4) The management apparatus 200 halts starting up the system.
    5) The management apparatus 200 transmits to other external devices in the system that the target device 100 is unusable.
    6) Transmit a message to the target device 100 or other external devices, the message that notifies a service unit of information of a unit that should be replaced.
    7) Transmit a message to the target device 100 or other external devices, the message that notifies a supplier of information of an expendable part that should be replaced.
    8) The target device 100 and the management apparatus 200 update a program.
  • A case of the target device 100 and the management apparatus 200 updating a program shown in 8) above will be described as one example of the operation information.
  • As shown in FIG. 1, in the target device 100, in response to a unit-program confirmation request (step S-1), the system encrypts unit information at least including a unit identification number stored in a chip and device information including program-version information relating to a version of a program executed by a unit, using the confidential key stored in the TPM chip 10, and the system transmits the encrypted information to the authentication apparatus 300 (step S-2).
  • After decrypting the device information with reference to the registered contents of the DB 350, the authentication apparatus 300 determines from which target device 100 the device information is transmitted and evaluates whether the correspondence relationship between the unit identification number included in the device information and the program-version information corresponds to the correspondence relationship between the unit identification number preliminarily stored in the DB 350 of the authentication apparatus 300 and the program-version information (step S-3 and step S-4). When the relationships do not correspond, the authentication apparatus 300 acquires a program corresponding to the correct program version from the DB 350, and the authentication apparatus 300 then extracts operation information from the operation-information storing unit (for example, DB 350) to transmit to the target device 100 and transmits the operation information (step S-6).
  • By installing an individual authentication device in the target device 100 or a management apparatus 200, the system may be configured such that only predetermined individuals can execute processing.
  • FIG. 2 is a block diagram of an example of the image reading device 100 to which the present invention is applied, in which only parts of the configuration related to the present invention are conceptually illustrated.
  • As shown in FIG. 2, the image reading device 100 is configured to at least roughly provide a mechanical unit 110, an optical unit 130, and a control unit. For each unit, a TPM chip 10 that is a chip having tamper resistance and that gathers information related to the units and stores the information is installed. Device information, a confidential key required for signature and encryption, etc., are stored in the TPM chip 10, and individual authentication functions such as a fingerprint may also be installed. The TPM chip 10 is fixed in the housing of each unit in a manner that the chip cannot be easily removed from outside, and the unit is configured so that the unit cannot operate when the chip is removed.
  • In the mechanical unit 110, an automatic paper feeding (APF) unit/flat bed unit including a motor, a sensor, etc., and a TPM chip 10 are interconnected through a unit interface.
  • In the control unit 120, an MPU, a memory device storing a control program, an image processing unit, a fingerprint acquiring unit, an external interface, a RAM, and TPM chip 10 are interconnected through the unit interface.
  • In the optical unit 130, a CCD, an optical system device including a light source, etc., and a TPM chip 10 are interconnected through the unit interface.
  • The environment of the unit (temperature, humidity, altitude, etc.) may be measured at each unit (110, 120, and 130) and various sensors may also be provided.
  • FIG. 3 is a block diagram of an example of the TPM chip 10 to which the present invention is applied, in which only parts of the configuration related to the present invention are conceptually illustrated.
  • As shown in FIG. 3, the TPM chip 10 is configured to at least include an MPU 11, a control program 12 that controls a unit, a confidential-key file 13 that encrypts device information, a unit-information file 14 that stores unit information at least including a unit identification number, an individual-authentication-information file 15 that stores fingerprint information for individual authentication, etc., program-version information relating to a version executed by a unit, expendable-part information relating to an expendable part, a measurement value relating to the environment of a unit (temperature, humidity, altitude, etc), setting information of a unit during operation, and a RAM 16 that stores log information, etc., including the operation result.
  • FIG. 4 is a block diagram of an example of the management apparatus 200 and the authentication apparatus 300 to which the present invention is applied, in which only parts of the configurations related to the present invention are conceptually illustrated.
  • The management apparatus 200 and the authentication apparatus 300 may be configured with a commercially available information processing device such as a workstation and a personal computer or with an attached device thereof. Functions of the management apparatus 200 and the authentication apparatus 300 are realized by a control device such as a CPU configuring a hardware, a hard disk drive, a storage device such as a memory device (RAM, ROM, etc), an input device, an output device, an input/output controlling interface, a communication controlling interface, programs controlling the devices, etc.
  • FIG. 5 is a block diagram of an example of the DB 350 stored in the authentication apparatus 300, in which only parts of the configuration related to the present invention are conceptually illustrated. As shown in FIG. 5, the DB 350 is configured to at least provide a device-information DB 351, an individual-authentication-information DB 352, and a program DB 353.
  • For each target device, the device-information DB 351 stores by associating unit information including the unit identification number that constitutes the target device, information relating to the measurement values regarding the environment of the unit at least including a temperature, a humidity, and an altitude, log information including the device information and the operation results during unit operation, etc.
  • The “unit information” may include, in addition to the unit identification number, a product name, a name of the manufacturer, a version, etc.
  • For each target device, the individual-authentication-information DB 352 stores by mutually associating the authentication information relating to an individual allowed to operate the object device (for example, a password and fingerprint information).
  • For each target device, the program DB 353 stores by mutually associating a unit identification number, program-version information relating to a version of the program executed by the unit, and a program file corresponding to the version. Although the program DB 353 is described as an example of the operation information database, other than this, an expendable part database that stores by mutually associating an expandable part, a durable number of uses and period, etc., may be used.
  • One example of the process of the system according to the present embodiment configured this way will then be described in detail with reference to FIG. 6, FIG. 7, etc.
  • FIG. 6 is a flowchart of a processing procedure for the unit-information confirmation process according to the present embodiment.
  • In FIG. 6, the management apparatus 200 transmits a unit-information confirmation request to the target device 100 (unit-information confirmation requesting unit: step SA-1). The request may be conducted from the target device 100.
  • The target device 100 then receives the unit-information confirmation request (unit-information confirmation requesting unit: SA-2).
  • For each unit, the target device 100 encrypts the device information including the unit information that at least includes the unit identification number stored in the TPM chip 10 with the confidential key stored in the chip, and the target device 100 transmits the information to the authentication apparatus 300 (device information transmitting unit: SA-3).
  • In other words, the object information 100 receives the request, and for example, the TPM chip 10 of the control unit 120 gathers unit information (unit identification number, etc.) of the TPM chip 10 of the units (110, 120, and 130), and
  • encrypts the information with the confidential key and transmits the information to the authentication apparatus 300.
  • The authentication apparatus 300 then receives the device information (device-information receiving unit: step SA-4).
  • The authentication apparatus 300 decrypts the received device information with a corresponding key (a public key, etc) and evaluates whether the device information corresponds to the registered contents of the device information preliminarily stored in the DB 350 (the device-information DB 351), and the authentication apparatus 300 transmits the evaluation result to the target device 100 and the management apparatus 200 (evaluating unit: step SA-5).
  • By decrypting the transmitted device information with the public key, the authentication apparatus 300 identifies the target device 100 that transmitted the data, and the authentication apparatus 300 obtains the unit information (unit identification number, etc.) of the target device 100 preliminarily registered in the DB 350 and compares the unit information with the transmitted unit information. The authentication apparatus 300 then makes a report of evaluation results of whether the device information correspond or which part is different, etc., and transmits the report to the device that sent out the request.
  • The evaluation results may be encrypted with the public key. By encrypting with the public key, the apparatus that received the report of the evaluation results can confirm that the evaluation results are transmitted from a safe authentication apparatus.
  • The device information may include measurement values relating to the environment of the device such as a temperature, a humidity, and an altitude, or may include operation values of each unit (a light quantity, an image processing value, an operation value of a mechanism, a sensor level, etc.), or the device information may include log information such as an operation result of the unit (error information).
  • A unit-program confirmation process conducted in the system will then be described with reference to FIGS. 2 to 5 and FIG. 7, etc. FIG. 7 is a flowchart of a processing procedure for the unit-program confirmation process of the system according to the present embodiment.
  • In FIG. 7, the management apparatus 200 transmits a unit-program confirmation request to the target device 100 (unit-program confirmation request unit: step SB-1). The request may be conducted from the target device 100.
  • The target device 100 then receives the unit-program confirmation request (unit-program confirmation request receiving unit: step SB-2).
  • For each unit, the target device 100 encrypts, with the public key stored in the TPM chip 10, the unit information at least including the unit identification number stored in the TPM chip 10 and the device information including the program-version information relating to the version of the program executed by the unit, and the target device 100 then transmits the information to the authentication apparatus 300 (device information transmitting unit: step SB-3).
  • In other words, after the target device 100 receiving a request, for example, the TPM chip 10 of the control unit 120 gathers device information including the unit information (unit identification number, etc.) of the units (110, 120, and 130), program-version information, etc., and the TPM chip 10 encrypts the information with the confidential key and transmits the information to the authentication apparatus 300.
  • The authentication apparatus 300 then receives the device information (device-information receiving unit: step SB-4).
  • The authentication apparatus 300 decrypts the received device information and evaluates whether the correspondence relationship of the unit identification number included in the device information and the program-version information corresponds to the correspondence relationship of the unit identification number preliminarily stored in the DB 350 (program DB 353) of the authentication apparatus 300 and the program-version information, and when the correspondence relationships do not correspond, the authentication apparatus 300 acquires a program file corresponding to the correct program version from the program DB 353 and transmits the program file to the target device (program transmitting unit: step SB-5).
  • In other words, the authentication apparatus 300 acquires the unit information (unit identification number) of the target device 100 preliminarily registered in the program DB 353 and the corresponding program-version information and then compares the information with the transmitted device information. When the unit information (unit identification number) and the program version are different, the authentication apparatus 300 transmits the program file of the correct version.
  • The program file may be encrypted with the public key and transmitted to the target device 100. Receiving the program, the target device 100 decrypts the program with the public key, and the target device 100 can confirm that the program is transmitted from the safe authentication apparatus 300.
  • In addition to a program used in the target device, the program includes a program necessary to use the target device (for example, a driver software), etc.
  • FIG. 8 is a block diagram for explaining an example of the inter-unit authentication process of the system according to the present embodiment.
  • As shown in FIG. 8, the image reading device 100 such as an image scanner consists of the mechanical unit 110, the control unit 120, and the optical unit 130.
  • In the TPM chip 10 of each unit, specific information such as a version of the unit and a program version is stored. In each unit, information of other units usable by the unit (other-unit device-information file 150) is also stored.
  • When necessary, each unit encrypts (signs) the device information using the confidential key stored in the TPM chip 10 having tamper resistance and transmits the information to another unit. The device information may be converted to a hash value and transmitted.
  • The unit that received the information then decrypts the device information and determines whether the information is transmitted from an authorized unit and from which unit the information is transmitted. The unit that received the information further determines, from the contents of the device information, whether the unit is usable.
  • The compliance determination is conducted, for example, when a version B and a version C of the mechanical unit 110 are usable for a version A of the control unit 120 and the version A is unusable.
  • Confirming all units are usable, the image reading device 100 switches to an operable state. When the units are unusable, the image reading device 100 displays an alarm, and transmits an error signal through the control unit 120.
  • FIG. 9 is a block diagram for explaining an example of the management process of an expendable part of the system according to the present embodiment.
  • As shown in FIG. 9, the image reading device 100 such as an image scanner consists of the mechanical unit 110, the control unit 120, and the optical unit 130. The image reading device 100 includes expendable parts such as a roller, a pad, and a lamp. An expendable part is a part that the characteristics deteriorate after certain time and certain operations and that requires to be replaced by a new part, such as a toner cartridge or a photosensitive drum in a printer.
  • The replacing timing of the roller and the pad can be recognized from the number of operations of a motor and the replacing timing of the lamp can be recognized from the lighting time. This information is stored in an expendable-part-managing file of the control unit 120.
  • The TPM chip 10 of the control unit 120 gathers information of the expendable parts and creates device information, and the TPM chip 10 then attaches a signature (encrypts with a confidential key) to the information and transmits the information to the authentication apparatus.
  • By decrypting the transmitted device information with the public key, the authentication apparatus 300 can specify the image reading device 100 that transmitted the device information.
  • The authentication apparatus 300 then acquires preliminarily registered device information (expendable-part information) of the image reading device 100 from the DB 350 and compares (evaluates) the information with the transmitted expendable-part information. The authentication apparatus 300 notifies the evaluation result to the scanner device or the management apparatus.
  • For example, in a case of the lamp, if 2000 hours is a reference value, the authentication apparatus 300 notifies an evaluation result of a caution level when the lighting time exceeds 1800 hours and notifies an evaluation result of a warning level when the lighting time exceeds 2000 hours.
  • Although an embodiment of the present invention has been described, other than the present embodiment described above, the present invention may be implemented in various other embodiments within the technical scope of the claims described above.
  • For example, the present invention may be configured by installing an individual authentication device in the target device or in the management apparatus 200 for the processes described above so that only individuals (for example, a system administrator and a maintenance person) specified by the device can conduct the processes.
  • Of the processes described in the present embodiment, all or parts of the processes that are described to be conducted automatically can be conducted manually and all or parts of the processes that are described to be conducted manually can be conducted automatically with known methods.
  • The information including the parameters of processing procedures, control procedures, specific names, various registration data, search conditions, etc., the image examples, and the database configurations described in the document and drawings above can be arbitrarily changed unless otherwise stated.
  • The components of the drawings are functional and conceptual and do not necessarily have to be physically configured as illustrated.
  • For example, all or arbitrary parts of the processing functions provided by the units of the controlling device or by the devices can be realized by the CPU (Central Processing Unit) or by the programs interpreted and executed by the CPU, or the processing functions can be realized as a hardware with wired logic. The programs are stored in a recording medium described below, and the controlling device mechanically reads the programs as necessary.
  • In a storage device such as a ROM or an HD, a computer program is stored that collaborates with an OS (Operating System) and gives a command to the CPU to conduct various processes. The computer program is executed by being loaded to a RAM, etc., and the computer program collaborates with the CPU and configures the controlling apparatus. The computer program may be recorded in an application program server connected through an arbitrary network, and all or a part of the computer program can be downloaded as necessary.
  • The programs of the present invention can be stored in computer readable recording media. The “recording media” include arbitrary “portable physical media” such as a flexible disk, a magneto-optical disk, a ROM, an EPROM, an EEPROM, a CD-ROM, an MO, a DVD, arbitrary “fixed physical media” such as a ROM, a RAM, an HD that are mounted on various computer systems, and “communication media” that hold the programs for a short period such as a communication line and a carrier wave when transmitting the programs through the network represented by a LAN, a WAN, and Internet.
  • The “program” is a data processing method described with an arbitrary language or a description method, and the program can be any format such as in source code or in binary code. The “program” is not necessarily limited to a single configuration, but includes the programs having dispersed configurations with a plurality of modules or libraries and the programs achieving functions by collaborating with other programs represented by an OS (Operating System). Known configurations and procedures can be used for, such as, specific configurations for reading the recording media at each unit according to the present embodiment, reading procedures, and installing procedures after reading.
  • Specific configurations of distribution and integration of the devices are not limited to the configurations in the drawings, and all or some of the configurations can be configured by functionally or physically distributing and integrating in arbitrary units in compliance with various loads, etc. For example, each database may be independently configured as an independent database device, and a part of the processes may be realized by using the CGI (Common Gateway Interface).
  • The target device, the device management system, the device management method, and the external device of the present invention accomplish successful outcomes of accurately figuring out current states of the apparatuses and of safely and surely determining whether the apparatuses are properly used and whether the apparatuses are set up in proper states.
  • Although the invention has been described with respect to a specific embodiment for a complete and clear disclosure, the appended claims are not to be thus limited but are to be construed as embodying all modifications and alternative constructions that may occur to one skilled in the art that fairly fall within the basic teaching herein set forth.

Claims (22)

1. (canceled)
2. (canceled)
3. (canceled)
4. (canceled)
5. (canceled)
6. (canceled)
7. (canceled)
8. (canceled)
9. (canceled)
10. (canceled)
11. (canceled)
12. (canceled)
13. (canceled)
14. (canceled)
15. (canceled)
16. (canceled)
17. A device management system in which a target device configured with plural units that include a tamper-resistant chip, a management apparatus that manages or uses the target device, and an authentication apparatus are connected via a network in a communicable manner, wherein
the management apparatus includes
a requesting unit that transmits a unit-information confirmation request to the target device,
the target device includes
a request receiving unit that receives transmitted unit-information confirmation request;
a transmitting unit that
gathers device information including unit information of the units that includes a unit identification number stored in the tamper-resistant chip, encrypts the device information with a confidential key stored in the tamper-resistant chip, and transmits encrypted device information to the authentication apparatus, and
the authentication apparatus includes
a device-information receiving unit that receives the device information; and
an evaluation unit that decrypts received device information, evaluates whether decrypted device information corresponds to device information that is stored in a database of the authentication apparatus in advance, and transmits a result of evaluation to the target device and the management apparatus.
18. A device management system in which a target device configured with plural units that include
a tamper-resistant chip, a management apparatus that manages or uses the target device, and an authentication apparatus, wherein the system is connected via a network in a communicable manner, wherein
the management apparatus includes
a requesting unit that transmits a unit-program confirmation request to the target device,
the target device includes
a request receiving unit that receives transmitted unit-program confirmation request; and a first transmitting unit that gathers device information including unit information of the units that includes a unit identification number stored in the tamper-resistant chip and a program-version information relating to a version of a program that is executed by the unit, encrypts the device information with a confidential key stored in the tamper-resistant chip, and transmits encrypted device information to the authentication apparatus, and
the authentication apparatus includes
a device-information receiving unit that receives the device information; and
a second transmitting unit that decrypts received device information, evaluates whether a correspondence relationship between the unit identification number and the program-version information included in the device information matches with a correspondence relationship between unit identification number and program-version information stored in a database of the authentication apparatus in advance, when the relationships do not match, acquires a program file corresponding to a correct program version from the database, and transmits acquired program file to the target device.
19. A device management system in which a target device configured with plural units that include a tamper-resistant chip including a device-information storing unit that stores device information specific to a unit and a confidential-key storing unit that stores a confidential key, and the system including an external device that manages or uses the target device, wherein the system is connected via a network in a communicable manner, wherein
the target device includes
an encrypting unit that gathers stored device information of the units, and encrypts the device information using the confidential key; and
a first transmitting unit that transmits encrypted device information to the external device connected to the target device, and
the external device includes
a device-information receiving unit that receives transmitted device information;
an evaluating unit that decrypts received device information, and evaluates whether the device information corresponds to device information that is stored in a database in advance; and
a second transmitting unit that transmits a result of evaluation by the evaluating unit to the target device.
20. The device management system according to claim 19, wherein
the external device further includes
an operation-information storing unit that stores operation information corresponding to each piece of information included in the device information;
an operation extracting unit that decrypts the received device information, and extracts the operation information corresponding to decrypted device information from the operation-information storing unit; and
a third transmitting unit that transmits extracted operation information to the target device or other external device.
21. A device management method for a device management system in which a target device configured with plural units that include a tamper-resistant chip including a device-information storing unit that stores device information specific to a unit and a confidential-key storing unit that stores a confidential key, and the device management system further including an external device that manages or uses the target device, wherein the system is connected via a network in a communicable manner,
the device management method comprising:
the target device
encrypting information, including the target device gathering the device information of the units, and encrypting the device information using the confidential key;
transmitting information, including the target device transmitting encrypted device information to the external device connected to the target device;
receiving information, including the external device receiving transmitted device information; and
the external device evaluating information, including decrypting received device information;
evaluating whether the device information corresponds to device information that is stored in a database in advance; and transmitting a result of evaluation the target device.
22. The device management method according to claim 21, further comprising:
storing information by the external device, including the external device, including storing operation information corresponding to each piece of information included in the device information;
extracting information by the external device, including decrypting the received device information; and extracting the operation information corresponding to decrypted device information; and
transmitting information by the external device, including
transmitting extracted operation information to the target device or other external device.
US12/872,627 2006-01-18 2010-08-31 Target device, method and system for managing device, and external device Abandoned US20110107079A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US12/872,627 US20110107079A1 (en) 2006-01-18 2010-08-31 Target device, method and system for managing device, and external device

Applications Claiming Priority (6)

Application Number Priority Date Filing Date Title
JP2006-010354 2006-01-18
JP2006010354 2006-01-18
JP2006-158718 2006-06-07
JP2006158718A JP5074709B2 (en) 2006-01-18 2006-06-07 Target device, device management system, device management method, and external device
US11/624,082 US8412958B2 (en) 2006-01-18 2007-01-17 Target device, method and system for managing device, and external device
US12/872,627 US20110107079A1 (en) 2006-01-18 2010-08-31 Target device, method and system for managing device, and external device

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US11/624,082 Continuation US8412958B2 (en) 2006-01-18 2007-01-17 Target device, method and system for managing device, and external device

Publications (1)

Publication Number Publication Date
US20110107079A1 true US20110107079A1 (en) 2011-05-05

Family

ID=38219852

Family Applications (2)

Application Number Title Priority Date Filing Date
US11/624,082 Expired - Fee Related US8412958B2 (en) 2006-01-18 2007-01-17 Target device, method and system for managing device, and external device
US12/872,627 Abandoned US20110107079A1 (en) 2006-01-18 2010-08-31 Target device, method and system for managing device, and external device

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US11/624,082 Expired - Fee Related US8412958B2 (en) 2006-01-18 2007-01-17 Target device, method and system for managing device, and external device

Country Status (3)

Country Link
US (2) US8412958B2 (en)
JP (1) JP5074709B2 (en)
DE (1) DE102006058789A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110320599A1 (en) * 2010-06-28 2011-12-29 Hitachi, Ltd. Management system and computer system management method
WO2012023050A2 (en) 2010-08-20 2012-02-23 Overtis Group Limited Secure cloud computing system and method
US20140068028A1 (en) * 2012-08-31 2014-03-06 Fujitsu Limited Network connecting method and electronic device
US8935373B2 (en) 2010-06-14 2015-01-13 Hitachi, Ltd. Management system and computer system management method
CN105718785A (en) * 2014-12-17 2016-06-29 广达电脑股份有限公司 Authentication-Free Configuration For Service Controllers

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4896595B2 (en) * 2006-01-18 2012-03-14 株式会社Pfu Image reading apparatus and program
US8064605B2 (en) * 2007-09-27 2011-11-22 Intel Corporation Methods and apparatus for providing upgradeable key bindings for trusted platform modules
JP4960896B2 (en) * 2008-01-28 2012-06-27 株式会社リコー Image forming apparatus and data management method
JP5183517B2 (en) * 2009-02-05 2013-04-17 三菱電機株式会社 Information processing apparatus and program
JP5946374B2 (en) * 2012-08-31 2016-07-06 株式会社富士通エフサス Network connection method and electronic device
CN104854820B (en) * 2012-12-12 2018-06-15 三菱电机株式会社 Monitor control device and monitoring control method
US11398906B2 (en) * 2016-11-10 2022-07-26 Brickell Cryptology Llc Confirming receipt of audit records for audited use of a cryptographic key
US10855465B2 (en) * 2016-11-10 2020-12-01 Ernest Brickell Audited use of a cryptographic key
US11405201B2 (en) * 2016-11-10 2022-08-02 Brickell Cryptology Llc Secure transfer of protected application storage keys with change of trusted computing base
US10652245B2 (en) 2017-05-04 2020-05-12 Ernest Brickell External accessibility for network devices
US11179208B2 (en) * 2017-12-28 2021-11-23 Cilag Gmbh International Cloud-based medical analytics for security and authentication trends and reactive measures
TWI662474B (en) * 2018-03-06 2019-06-11 智原科技股份有限公司 Method and apparatus for performing firmware programming on microcontroller chip, and associated microcontroller chip
JP7134764B2 (en) * 2018-07-24 2022-09-12 ヤンマーパワーテクノロジー株式会社 control terminal
JP7413845B2 (en) 2020-03-04 2024-01-16 富士フイルムビジネスイノベーション株式会社 Printing control device, printing device, printing control system and program
KR102607034B1 (en) * 2020-12-23 2023-11-27 순천향대학교 산학협력단 Blockchain based smart device remote management system and method thereof

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5966446A (en) * 1995-09-29 1999-10-12 Intel Corporation Time-bracketing infrastructure implementation
US20030097571A1 (en) * 2001-11-21 2003-05-22 Dave Hamilton System, device, and method for providing secure electronic commerce transactions
US20040143730A1 (en) * 2001-06-15 2004-07-22 Wu Wen Universal secure messaging for remote security tokens
US20050060561A1 (en) * 2003-07-31 2005-03-17 Pearson Siani Lynne Protection of data
US20050163317A1 (en) * 2004-01-26 2005-07-28 Angelo Michael F. Method and apparatus for initializing multiple security modules
US20050166024A1 (en) * 2004-01-26 2005-07-28 Angelo Michael F. Method and apparatus for operating multiple security modules
US20060005009A1 (en) * 2004-06-30 2006-01-05 International Business Machines Corporation Method, system and program product for verifying an attribute of a computing device
US20060026422A1 (en) * 2004-07-29 2006-02-02 International Business Machines Corporation Method, apparatus, and product for providing a backup hardware trusted platform module in a hypervisor environment
US20060107054A1 (en) * 2004-11-16 2006-05-18 Young David W Method, apparatus and system to authenticate chipset patches with cryptographic signatures
US7058807B2 (en) * 2002-04-15 2006-06-06 Intel Corporation Validation of inclusion of a platform within a data center
US7490070B2 (en) * 2004-06-10 2009-02-10 Intel Corporation Apparatus and method for proving the denial of a direct proof signature

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH07210729A (en) 1994-01-10 1995-08-11 Omron Corp Remote maintenance system
DE4406602C2 (en) 1994-03-01 2000-06-29 Deutsche Telekom Ag Security system for identifying and authenticating communication partners
DE19600771A1 (en) 1996-01-11 1997-04-03 Ibm Security module for electronic cash security components
JP2000267857A (en) 1999-03-17 2000-09-29 Oki Data Corp Facsimile maintenance system
JP2004282391A (en) * 2003-03-14 2004-10-07 Fujitsu Ltd Information processor having authentication function and method for applying authentication function
JP2004359036A (en) * 2003-06-03 2004-12-24 Mazda Motor Corp Anti-theft system for vehicle
US7484091B2 (en) 2004-04-29 2009-01-27 International Business Machines Corporation Method and system for providing a trusted platform module in a hypervisor environment
WO2005106620A1 (en) * 2004-04-30 2005-11-10 Fujitsu Limited Information management device and information management method

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5966446A (en) * 1995-09-29 1999-10-12 Intel Corporation Time-bracketing infrastructure implementation
US20040143730A1 (en) * 2001-06-15 2004-07-22 Wu Wen Universal secure messaging for remote security tokens
US20030097571A1 (en) * 2001-11-21 2003-05-22 Dave Hamilton System, device, and method for providing secure electronic commerce transactions
US7058807B2 (en) * 2002-04-15 2006-06-06 Intel Corporation Validation of inclusion of a platform within a data center
US20050060561A1 (en) * 2003-07-31 2005-03-17 Pearson Siani Lynne Protection of data
US20050163317A1 (en) * 2004-01-26 2005-07-28 Angelo Michael F. Method and apparatus for initializing multiple security modules
US20050166024A1 (en) * 2004-01-26 2005-07-28 Angelo Michael F. Method and apparatus for operating multiple security modules
US7382880B2 (en) * 2004-01-26 2008-06-03 Hewlett-Packard Development Company, L.P. Method and apparatus for initializing multiple security modules
US7490070B2 (en) * 2004-06-10 2009-02-10 Intel Corporation Apparatus and method for proving the denial of a direct proof signature
US20060005009A1 (en) * 2004-06-30 2006-01-05 International Business Machines Corporation Method, system and program product for verifying an attribute of a computing device
US20060026422A1 (en) * 2004-07-29 2006-02-02 International Business Machines Corporation Method, apparatus, and product for providing a backup hardware trusted platform module in a hypervisor environment
US20060107054A1 (en) * 2004-11-16 2006-05-18 Young David W Method, apparatus and system to authenticate chipset patches with cryptographic signatures

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8935373B2 (en) 2010-06-14 2015-01-13 Hitachi, Ltd. Management system and computer system management method
US20110320599A1 (en) * 2010-06-28 2011-12-29 Hitachi, Ltd. Management system and computer system management method
US8553564B2 (en) * 2010-06-28 2013-10-08 Hitachi, Ltd. Management system and computer system management method
WO2012023050A2 (en) 2010-08-20 2012-02-23 Overtis Group Limited Secure cloud computing system and method
US20140068028A1 (en) * 2012-08-31 2014-03-06 Fujitsu Limited Network connecting method and electronic device
US9660863B2 (en) * 2012-08-31 2017-05-23 Fujitsu Fsas Inc. Network connecting method and electronic device
CN105718785A (en) * 2014-12-17 2016-06-29 广达电脑股份有限公司 Authentication-Free Configuration For Service Controllers
TWI595377B (en) * 2014-12-17 2017-08-11 廣達電腦股份有限公司 Computer-implemented method and system for authentication-free configuration and related non-transitory computer-readable storage medium
US9866548B2 (en) 2014-12-17 2018-01-09 Quanta Computer Inc. Authentication-free configuration for service controllers
US10404690B2 (en) 2014-12-17 2019-09-03 Quanta Computer Inc. Authentication-free configuration for service controllers

Also Published As

Publication number Publication date
US8412958B2 (en) 2013-04-02
JP5074709B2 (en) 2012-11-14
JP2007220070A (en) 2007-08-30
US20070165264A1 (en) 2007-07-19
DE102006058789A1 (en) 2007-07-26

Similar Documents

Publication Publication Date Title
US8412958B2 (en) Target device, method and system for managing device, and external device
US8555074B2 (en) Method and apparatus for processing information, and computer program product
US10229547B2 (en) In-vehicle gateway device, storage control method, and computer program product
JP5369502B2 (en) Device, management device, device management system, and program
US20050172118A1 (en) Electronic apparatus, image forming apparatus, method for controlling electronic apparatus, and system for managing image forming apparatus
CN101611391A (en) The protection cross platform auditing
US20050160259A1 (en) Digital certificate management system, apparatus and software program
US9985783B2 (en) Information processing apparatus and information processing method for restoring apparatus when encryption key is changed
US7916328B2 (en) Image reading apparatus and computer program product
JP5227474B2 (en) Device management system, device management method, and external device
US8302181B2 (en) Image reading apparatus, authentication method, evaluation system, method, and computer program product
EP3537318A1 (en) A system for secure provisioning and enforcement of system-on-chip (soc) features
JP2006209286A (en) Document management system, information processing apparatus and method, and computer program
US9357102B2 (en) Systems and methods of securing operational information associated with an imaging device
CN101206700B (en) Information processing apparatus, system and device
US8667599B2 (en) Image forming apparatus having a function that is validated by installing a license and method therefor
JP5617981B2 (en) Device, management device, device management system, and program
US9218235B2 (en) Systems and methods of verifying operational information associated with an imaging device
JP3809495B1 (en) Software management system
CN103425118A (en) Methods and apparatus to identify a degradation of integrity of a process control system
JP2017173893A (en) Information processing system, update method, information device, and program
CN100476848C (en) Image reading apparatus, authentication method, evaluation system, evaluation method, and computer program product
CN1708002B (en) Image processing system
US20240028731A1 (en) Method for modifying software in a motor vehicle
US20220311906A1 (en) Image forming apparatus, image forming method, and non-transitory computer-readable recording medium on which image forming program is recorded

Legal Events

Date Code Title Description
AS Assignment

Owner name: FUJITSU LIMITED, JAPAN

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:MINAMI, KOUICHI;KOTANI, SEIGO;SIGNING DATES FROM 20061121 TO 20061219;REEL/FRAME:024918/0849

Owner name: PFU LIMITED, JAPAN

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:MINAMI, KOUICHI;KOTANI, SEIGO;SIGNING DATES FROM 20061121 TO 20061219;REEL/FRAME:024918/0849

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION