The present invention relates to an information processing apparatus, and a method of controlling the information processing apparatus.
An image forming apparatus is known in which a semiconductor for processing image data obtained from a scanner or an external device is mounted on a controller board. For the purpose of reducing the price of such image forming apparatuses, a component capable of achieving a function matching the model is allowed to be mounted without fixing a part of functions of the controller board instead of creating the controller board for each model of the image forming apparatuses. Thus, multiple types of image forming apparatuses can be supported with a controller board of a single type. Such a component capable of achieving a function matching the model is typically mounted to a socket on a controller board, but the component can be replaced also after shipment. For example, Japanese Patent No. 5453324 discloses a technique for identifying and disabling a false module operating on an information processing apparatus.
On the other hand, there is an attack that utilizes a socket on a controller board, and, for example, it is possible to easily analyze the behavior of a device by mounting a debug tool to a debug socket of the controller board. Also, internal signals of the controller board can be obtained via such a socket. Consequently, when such information acquisition is continuously obtained via the socket, the signal patterns in the controller board can be analyzed, and the analysis results can be used to fraudulently obtain information from the device, or to alter the information in the controller board. A fraudulent module is identified by detecting alterations made by the fraudulent module in Japanese Patent No. 5453324; however, a technique capable of more easily detecting fraudulent hardware (attacking hardware) has been demanded.
An aspect of the present invention is to eliminate the above-mentioned problem with conventional technology.
The feature of the present invention is to provide a technique of detecting attacking hardware and then suppressing the activation of the attacking hardware.
According to a first aspect of the present invention, there is provided an information processing apparatus capable of mounting an optional hardware, the information processing apparatus comprising: an image processing circuit; a socket to which the optional hardware is to be mounted, wherein the optional hardware being connected to the socket communicates with the image processing circuit; a memory that stores instructions; and a processor that executes the instructions stored in the memory to: transmit a predetermined packet to the optional hardware mounted to the socket; receive a response packet to the predetermined packet from the image processing circuit; determine whether or not the received response packet is an expected response packet; and control supplying power to the optional hardware in accordance with a determination result of the received response packet.
According to a second aspect of the present invention, there is provided a method of controlling an information processing apparatus including an image processing circuit and a socket capable of mounting an optional hardware, wherein the optional hardware being connected to the socket communicates with the image processing circuit, the method comprising: transmitting a predetermined packet to the optional hardware connected to the socket; receiving a response packet to the predetermined packet from the image processing circuit; determining whether or not the response packet is an expected response packet; and controlling supplying power to the optional hardware in accordance with a determination result.
According to a third aspect of the present invention, there is provided An information processing apparatus, comprising: an image processing circuit; a socket that is capable of connecting an optional hardware, wherein the optional hardware being connected to the socket communicates with the image processing circuit; and a processor, wherein the processor transmits a predetermined packet to the optional hardware being connected to the socket, upon receiving a response packet produced by the optional hardware and the image processing circuit by processing the predetermined packet, the processor determines whether or not the response packet is an expected response packet, and the processor controls supplying power to the optional hardware in accordance with a determination result of the response packet.
Further features of the present invention will become apparent from the following description of exemplary embodiments with reference to the attached drawings.
The accompanying drawings, which are incorporated in and constitute a part of the specification, illustrate embodiments of the invention and, together with the description, serve to explain the principles of the invention.
Embodiments of the present invention will be described hereinafter in detail, with reference to the accompanying drawings. It is to be understood that the following embodiments are not intended to limit the claims of the present invention, and that not all of the combinations of the aspects that are described according to the following embodiments are necessarily required with respect to the means to solve the problems according to the present invention. An image forming apparatus that is an example of an information processing apparatus according to the present invention will now be described.
A scanner 102 optically reads an image of an original document and converts the image into a digital image data. A printer unit 104 prints an image on a sheet based on digital image data. A console unit 105 includes a display unit that receives user operations and presents various information to the user, the display unit provides a user interface (UI). Note that the display unit may have a touch panel function. A hard disk drive (HDD) 106 stores various data such as image data, control programs, and the like. A fax unit 107 transmits and/or receives facsimile signals via a telephone line. A controller (control unit) 103 is connected with the above-mentioned components, and transmits and/or receives control signals and the like to/from the above-mentioned components to perform a job in the image forming apparatus 100. Also, the controller 103 can perform input/output of digital image data, issuing of a job, an instruction to devices and/or the like to/from a computer 109 via a LAN 108.
The scanner 102 includes a document feeder 121 on which to load an original document bundle and a scanner unit 122. The document feeder 121 can sequentially supply the documents to the scanner unit 122. The scanner unit 122 outputs, to the controller 103, digital image data obtained by scanning the original document.
The printer unit 104 includes a sheet feeder unit 142 capable of supplying sheets one by one from the loaded sheet bundle, a marking unit 141 that prints images on the supplied sheet, and a discharge unit 143 that discharges the printed sheet. The computer 109 provides an instruction to the controller 103 via the LAN 108 to cause the controller 103 to perform a job.
The image forming apparatus 100 is capable of performing a wide variety of jobs. Exemplary jobs are as follows.
Copy Function
Image data obtained from the scanner 102 is recorded in an HDD 106 and printing is performed using the printer unit 104.
Image Sending Function
Image data obtained from the scanner 102 is transmitted to the computer 109 via the LAN 108.
Image Storing Function
Image data obtained from the scanner 102 is recorded in the HDD 106 and image transmission and/or image printing is performed as necessary.
Image Print Function
For example, a page description language transmitted from the computer 109 is analyzed and printed in the printer unit 104.
The controller 103 includes a main board 200 and a sub-board 220. The main board 200 is a so-called general-purpose CPU system including a main CPU 201 that controls the entire board, a boot ROM 202 including a boot program, and a memory 203 that serves as a work memory used by the CPU 201. Further, the main board 200 includes a bus controller 204 having a bridge function with an external bus, a non-volatile memory 205 in which the stored data is not lost even when the power source is turned off, and an RTC 211 having a clock function. In addition, there is provided a disk controller 206 that controls access to the HDD 106, a flash disk (such as an SSD) 207 that is a relatively small volume non-volatile storage device composed of a semiconductor device, and a USB controller 208 capable of controlling a USB. The USB memory 209, the console unit 105, the HDD 106, and the like are connected to the main board 200.
The sub-board 220 includes a relatively small general-purpose sub-CPU system and an image processing hardware. The sub-board 220 includes a sub-CPU 221 that controls the entire board, a memory 223 that serves as a work memory used by the CPU 221, a bus controller 224 having a bridge function with an external bus, and a non-volatile memory 225 in which the stored data is not lost even when the power source is turned off. The sub-board 220 further includes an image processing processor 227 that performs real-time digital image processing and an engine controller 226. The scanner 102 and the printer unit 104 exchanges digital image data via the engine controller 226. The sub-CPU 221 directly controls the FAX unit 107. Note that this drawing is a block diagram, and is simplified. For example, the main CPU 201, the sub-CPU 221, and the like include many pieces of CPU peripheral hardware such as a chip set, a bus bridge and a clock generator, but they are simplified in the drawing, and the present invention is not limited to this block configuration.
Next, the operation of the controller 103 is described with an exemplary copying of original documents.
When the user instructs to copy an original document from the console unit 105, the main CPU 201 sends a read command of the original document to the scanner 102 via the sub-CPU 221. The scanner 102 then optically scans the original document to obtain the digital image data corresponding to the image of the original document, and inputs the image data to the image processing processor 227 via the engine controller 226. The image processing processor 227 temporarily stores the digital image data in the memory 223 by DMA transfer. When confirming that all or a certain amount of the digital image data is stored in the memory 223, the main CPU 201 outputs a print instruction to the printer unit 104 via the sub-CPU 221. At this time, the sub-CPU 221 passes a read address of the image data of the memory 223 to the image processing processor 227. As a result, the image processing processor 227 outputs the image data of the memory 223 to the printer unit 104 via the engine controller 226 in synchronization with a synchronization signal from the printer unit 104. Thus, the printer unit 104 prints an image based on the image data of the original document.
When performing copying on multiple sheets, the main CPU 201 can store the image data of the memory 223 in the HDD 106, and copying of the image data on the second and succeeding sheets can be performed by the printer unit 104 without receiving the image data from the scanner 102.
For the sub-CPU 221 responsible for the image processing, an image processing CPU 301, an image processing CPU (image processing circuit) 302, an image processing CPU 303, and a short board 304 or an option CPU 305 required for an image formation operation are connected in series via an image processing bus.
As described in the description of the related art, image forming apparatuses of a plurality of types can be supported with a controller board of a single type for the purpose of cost reduction. For example, the short board 304 (through which electric signals pass without change) is provided to the sub-board 220 in the embodiment as illustrated in
Each of the image processing CPUs 301 to 303 and the option CPU 305 incorporate an image memory for storing temporary data. The image processing CPUs 301 to 303 may be implemented by an application specific integrated circuit (ASIC). Note that the memory 223, the bus controller 224, the non-volatile memory 225, the engine controller 226 and the like in the sub-board 220 are not related with the present disclosure, and therefore are omitted in
In the image processing block of the sub-board 220 illustrated in
Further, in accordance with a determination that the request packet is not addressed to itself as a result of analysis of the request packet, each image processing CPU directly transmits the request packet to the image processing bus as it is without change. This allows, in the later stages, the image processing CPUs to receive the request packet and then perform an analysis and a process on the request packet.
In this manner, the sub-CPU 221 transmits the request packet via the image processing bus, and the image processing CPU indicated by the request packet returns the response packet, thereby completing through the communication. In the image forming apparatus 100, in order to perform a single job (e.g., copying), the sub-CPU 221 communicates multiple times with each image processing CPU as described above.
As described above, the sub-CPU 221 controls each image processing CPU by using the packet via the image processing bus. Further, the existing short board 304 can be removed and the option CPU 305 can be mounted instead (see
In the product on the market, such controller board is incorporated. Accordingly, such attacks can be executed by removing a cover of the product to mount the attacking hardware 401 to the socket of the controller board.
The main CPU 201 transfers the program for the sub-CPU 221 to the memory 223. The sub-CPU 221 operates in accordance with the program stored in the memory 223. Further, here, a third CPU 502 capable of accessing the image processing bus in the same manner as the sub-CPU 221, in additions to the main CPU 201 and the sub-CPU 221, is provided. The third CPU 502 operates in accordance with a program for the third CPU stored in a ROM 501 for the third CPU. The third CPU 502 is capable of controlling on/off of a sub-board power source 503.
As described above, the third CPU 502 operates in accordance with the program stored in the ROM 501 for the third CPU. As with the sub-CPU 221, the third CPU 502 is capable of accessing the image processing bus, and is also capable of controlling the sub-board power source 503. Further, at the time of initialization of the image forming apparatus 100, the third CPU 502 transmits a request packet to each image processing CPU, and receives a response packet from each image processing CPU.
First, in step S701, to confirm whether the option CPU 305 is mounted or, depending on the models, whether the short board 304 is mounted, the third CPU 502 transmits the request packet via the image processing bus to a side of the short board 304. Then, if the option CPU 305 is mounted at the place of the short board 304, the third CPU 502 can receive a predetermined packet including a predetermined characteristic value, for example, from the whole image processing CPU. Accordingly, in this case, the third CPU 502 quits the control to the image processing bus, and the sub-CPU 221 performs initialization.
Next, the process proceeds to step S702, and the third CPU 502 determines whether or not the predetermined response packet has been received. At this time, if the attacking hardware 401 is mounted on the short-board 304 for example, the attacking hardware 401 cannot return the response packet unlike the option CPU 305. Accordingly, the third CPU 502 cannot receive the predetermined response packet, and therefore the process proceeds to step S703. In step S703, the third CPU 502 can stop the activation of the sub-board 220 by shutting off the power supply from the sub-board power source 503.
On the other hand, if the third CPU 502 receives the predetermined response packet in step S702, the process proceeds to step S704, and the third CPU 502 continues processing to perform the activation process of the sub-board 220 by turning on the power supply from the sub-board power source 503.
This packet includes a header 705 and a body 706. The header 705 describes destination device numbers, packet sizes, and the like. Responses from the image processing CPUs are contained in Byte1 to ByteN of the body 706. The third CPU 502 analyzes the packet and determines whether or not predetermined information is contained.
In this manner, the activation of the sub-board 220 is stopped if the attacking hardware is mounted, and thus attacks by the attacking hardware can be prevented. Since the sub-board 220 is not activated when the attacking hardware is mounted as described above, job-related request packets are not transmitted from the sub-CPU 221 when the attacking hardware is mounted, and therefore the information is not intercepted or altered.
The request packet transmitted by the third CPU 502 and the response packet information transmitted by each image processing CPU and the option CPU 305 are stored in the memory (not illustrated) of the third CPU 502.
While
As illustrated in
As a counter measure against such a communication detection function, the third CPU 502 generates a request packet including encrypted additional information based on the date, time, model, serial number of the machine and the like, and then transmits the generated request packet to each image processing CPU. Each image processing CPU having received the request packet including the additional information analyzes the received packet and then generates a response packet including individual additional information to transmit it to the third CPU 502.
For example, when the date and time of the transmission is “10:59, Aug. 9, 2017” and the model number is “001”, the following request packet is transmitted.
“1108-0908-9941-001”+(conventional request packet)
Here, “1108” is a character string obtained from the year “2017” by subtracting 1 from each even-numbered digit and by adding 1 to each odd-numbered digit. “0908” is a character string obtained by reversing the month and date “0809”. “8941” is a complement of the transmission time “1059”. Further, “001” is the model number “001” itself.
Each image processing CPU having received the request packet analyzes the received request packet, and then decrypts it to the original “2017-0809-1059” to transmits it in addition to the response packet.
On the other hand, the attacking hardware 401 does not know the creation logic of such a response packet, and therefore cannot generate the above-mentioned response packet including the additional information for the request packet.
When receiving a correct response packet, the third CPU 502 continues the activation of the sub-board 220. When the correct response packet cannot be received, it is determined that the attacking hardware 401 is connected, and then the activation of the sub-board 220 is stopped by shutting off the power supply from the sub-board the power source 503. In this manner, the addition of additional information to the request packet can significantly increase the difficulty of the communication analysis by the attacker and can protect it from the attack of the attacking hardware. Note that the addition of information is merely an example, and the present invention is not limited to this example.
As described above, according to the embodiments, even when a fraudulent attacking hardware is connected as an option, the activation of the hardware can be prevented.
Additionally, in the embodiment, when attacking hardware is mounted, the control board connecting it is not activated, thus providing an effect that the information is not intercepted or altered by the attacking hardware.
Also, for example, even when the information is intercepted by the attacking hardware, the information may not be used for other models since the information contains at least the model number. Thus, it is possible to prevent spread of the damage due to the fraudulent module based on information obtained by the attacking hardware.
Embodiments of the present invention can also be realized by a computer of a system or apparatus that reads out and executes computer executable instructions (e.g., one or more programs) recorded on a storage medium (which may also be referred to more fully as a ‘non-transitory computer-readable storage medium’) to perform the functions of one or more of the above-described embodiments and/or that includes one or more circuits (e.g., application specific integrated circuit (ASIC)) for performing the functions of one or more of the above-described embodiments, and by a method performed by the computer of the system or apparatus by, for example, reading out and executing the computer executable instructions from the storage medium to perform the functions of one or more of the above-described embodiments and/or controlling the one or more circuits to perform the functions of one or more of the above-described embodiments. The computer may comprise one or more processors (e.g., central processing unit (CPU), micro processing unit (MPU)) and may include a network of separate computers or separate processors to read out and execute the computer executable instructions. The computer executable instructions may be provided to the computer, for example, from a network or the storage medium. The storage medium may include, for example, one or more of a hard disk, a random-access memory (RAM), a read only memory (ROM), a storage of distributed computing systems, an optical disk (such as a compact disc (CD), digital versatile disc (DVD), or Blu-ray Disc (BD)™), a flash memory device, a memory card, and the like.
While the present invention has been described with reference to exemplary embodiments, it is to be understood that the invention is not limited to the disclosed exemplary embodiments. The scope of the following claims is to be accorded the broadest interpretation so as to encompass all such modifications and equivalent structures and functions.
This application claims the benefit of Japanese Patent Application No. 2018-135220, filed Jul. 18, 2018, which is hereby incorporated by reference herein in its entirety.
Number | Date | Country | Kind |
---|---|---|---|
JP2018-135220 | Jul 2018 | JP | national |
Number | Name | Date | Kind |
---|---|---|---|
8544093 | Unagami | Sep 2013 | B2 |
20060050308 | Wakana | Mar 2006 | A1 |
20060246866 | Nakagawa | Nov 2006 | A1 |
20060271588 | Tanaka | Nov 2006 | A1 |
20100309511 | Ito | Dec 2010 | A1 |
20110302448 | Okabe | Dec 2011 | A1 |
20160080599 | Sasadai | Mar 2016 | A1 |
20160212289 | Tomi | Jul 2016 | A1 |
20190286602 | Remis | Sep 2019 | A1 |
Number | Date | Country |
---|---|---|
5453324 | Jan 2014 | JP |
2010092832 | Aug 2010 | WO |
Number | Date | Country | |
---|---|---|---|
20200028975 A1 | Jan 2020 | US |