None.
None.
The present disclosure generally relates to addressing schemes and, more particularly, to changing addresses of components in an imaging device to provide enhanced security.
Many computing systems, such as imaging systems, allow communication with peripheral devices using a shared bus to communicate data therebetween. Such a system is efficient in that a single bus is connected to each device. However, a set of rules or protocols is required in order to provide an orderly data flow so that more than one device does not attempt to use the shared bus at the same time. Often, a master or host device is the dominant device and controls the communications with the other devices, also known as slave devices. With this type of data communication system, the master device determines when to communicate with a slave device, and in response thereto, the slave device responds. The slave devices do not, on their own, initiate communications with the master device.
One well-known protocol for orderly data communications between the master device and one or more slave devices is the Inter-Integrated Circuit (I2C) protocol. In the I2C protocol, each slave device is uniquely identified with an address. When the master device, also known as a bus master, initiates communications with a specific slave device, the address of the slave device is transmitted with data and/or a command on the shared bus during the initiation of the communication. While all of the slave devices connected to the shared bus receive the data and/or command and the address from the bus master, only the slave device with the matching address responds to the data and/or command and sends back an acknowledgment to the bus master.
In some imaging devices, electronic authentication schemes associated with consumable supply items may be used. Consumable supply items may contain an integrated circuit chip or security device that communicates with a controller located in the imaging device. In such an arrangement, the imaging device includes a master device that initiates and controls passing of all communications including data, addresses, clock signals, and other control signals on a shared bus, and each supply item may be configured as a slave device. The master device may check the authenticity of each slave device by sending a verification challenge thereto and determining if the slave device correctly responds to the verification challenge. The authenticity is verified by the master device receiving from the slave device the correct response to the challenge. Otherwise, if the slave device does not respond correctly, the slave device may be detected as a clone or counterfeit and appropriate actions may be taken to protect against the use of unauthorized supply items in order to optimize performance of and/or prevent damage to the imaging device.
Some security devices in supply items communicate with the imaging device using 10-bit addressing on an I2C bus and use address changing as a security feature. In some address changing schemes, a certain number of bits of the supply item address are fixed based on a given supply type while the remaining bits are variable with an initial value of zero. Upon receiving an address change command, the security device of the supply item may change the variable portion of the address to a new value. The bus master in the imaging device may then communicate with that supply item using the new address. Periodically changing the addresses of supply items provides enhanced security since it increases the difficulty for unauthorized components to communicate with the bus master.
Support for 10-bit addressing mode, however, may not be as widespread with many I2C controllers supporting only 7-bit addressing. Unlike 10-bit addressing, 7-bit addressing generally results in higher data throughput because only one byte is required for an address compared to two bytes in 10-bit addressing. While offering certain advantages, such as higher data throughput, 7-bit addressing introduces disadvantages of its own when used in conjunction with the aforementioned address changing scheme utilizing fixed and variable address portions. More particularly, the number of possible addresses for supply items is reduced or limited since reducing the address size to 7 bits results in fewer bits available for use as variable address bits. For example, if 4 bits of the address were fixed, then the supply item would only have the 3 remaining bits as variable address bits, which translates to only eight possible addresses for supply items. Accordingly, an improved address-changing method for a shared bus system is desired.
Example embodiments of the present disclosure provide example systems and methods that may be implemented in an imaging device or system to set addresses of a plurality of components or slave devices, such as supply devices, to thwart the use of unauthorized components as replacements for authorized components.
In one example embodiment, there is disclosed component circuitry including an interface for coupling to a master device and an address generator coupled to the interface for generating a plurality of addresses for a plurality of components. When the interface receives a command from the master device, the address generator may update a pseudorandom number generator (PRNG) state and generate the plurality of addresses by retrieving different sets of bits from the PRNG state for each of the plurality of components. In one example aspect, each different set of bits may include successive bits from the PRNG state. In another example aspect, the different sets of bits may be retrieved from successive bytes from the PRNG state. In still another example aspect, the PRNG state may be a 256-bit PRNG state. For each of the plurality of components, the component circuitry may assign one of the plurality of addresses to one of the plurality of components based upon a value associated with the one component.
Each set of bits retrieved from the PRNG state may form a candidate address for a component of the plurality of components. In one example aspect, the component circuitry may determine that the candidate address is not a valid address if the candidate address is a reserved address. In another example aspect, the component circuitry may determine that the candidate address is not a valid address if the candidate address is a default address. In still another example aspect, the component circuitry may determine that the candidate address is not a valid address if the candidate address is an address that has been assigned to another component. The component circuitry may update the candidate address if the candidate address is not a valid address for assigning to the component.
The component circuitry may use a distinct address from the plurality of addresses as a new address for at least one subsequent communication with the master device. In one example aspect, the distinct address may be selected based upon a value associated with a component to which the component circuitry is associated. The component circuitry may be connectable to a consumable supply device. In one example aspect, the component circuitry may be associated with a replaceable printer component, such as a toner cartridge.
In another example embodiment, a supply item for installation in an imaging device having a master controller includes a housing and a chip connected to the housing. The chip may have an address generator coupled for generating a plurality of addresses for the supply item. When the chip receives a command from the master controller, the address generator may update a PRNG state and generate the plurality of addresses by retrieving different sets of bits from the PRNG state for the supply item. In one example aspect, each different set of bits may include successive bits from the PRNG state. In another example aspect, the different sets of bits may be retrieved from successive bytes from the PRNG state. The chip may use a distinct address from the plurality of addresses as a new address for at least one subsequent communication with the master controller. The chip may determine the distinct address based upon a value associated with the supply item.
In yet another example embodiment, a chip for installation with a supply item includes a memory for storing an address generator for generating a plurality of addresses for a plurality of supply items. When the chip receives a command from a master device, the address generator may update a PRNG state and generate the plurality of addresses by retrieving different sets of bits from the PRNG state for each of the plurality of supply items. In one example aspect, each different set of bits may include successive bits from the PRNG state. In another example aspect, the different sets of bits may be retrieved from successive bytes from the PRNG state. The chip may use a distinct address from the plurality of addresses as a new address for at least one subsequent communication with the master device.
From the foregoing disclosure and the following detailed description of various example embodiments, it will be apparent to those skilled in the art that the present disclosure provides a significant advance in the art of determining and setting addresses in slave devices. Additional features and advantages of various example embodiments will be better understood in view of the detailed description provided below.
The above-mentioned and other features and advantages of the present disclosure, and the manner of attaining them, will become more apparent and will be better understood by reference to the following description of example embodiments taken in conjunction with the accompanying drawings. Like reference numerals are used to indicate the same element throughout the specification.
It is to be understood that the disclosure is not limited to the details of construction and the arrangement of components set forth in the following description or illustrated in the drawings. The disclosure is capable of other example embodiments and of being practiced or of being carried out in various ways. For example, other example embodiments may incorporate structural, chronological, process, and other changes. Examples merely typify possible variations. Individual components and functions are optional unless explicitly required, and the sequence of operations may vary. Portions and features of some example embodiments may be included in or substituted for those of others. The scope of the disclosure encompasses the appended claims and all available equivalents. The following description is, therefore, not to be taken in a limited sense, and the scope of the present disclosure is defined by the appended claims.
Also, it is to be understood that the phraseology and terminology used herein is for the purpose of description and should not be regarded as limiting. The use herein of “including,” “comprising,” or “having” and variations thereof is meant to encompass the items listed thereafter and equivalents thereof as well as additional items. Further, the use of the terms “a” and “an” herein do not denote a limitation of quantity but rather denote the presence of at least one of the referenced item.
In addition, it should be understood that example embodiments of the disclosure include both hardware and electronic components or modules that, for purposes of discussion, may be illustrated and described as if the majority of the components were implemented solely in hardware.
It will be further understood that each block of the diagrams, and combinations of blocks in the diagrams, respectively, may be implemented by computer program instructions. These computer program instructions may be loaded onto a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions which execute on the computer or other programmable data processing apparatus may create means for implementing the functionality of each block or combinations of blocks in the diagrams discussed in detail in the description below.
These computer program instructions may also be stored in a non-transitory computer-readable medium that may direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable medium may produce an article of manufacture, including an instruction means that implements the function specified in the block or blocks. The computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions that execute on the computer or other programmable apparatus implement the functions specified in the block or blocks.
Accordingly, blocks of the diagrams support combinations of means for performing the specified functions, combinations of steps for performing the specified functions and program instruction means for performing the specified functions. It will also be understood that each block of the diagrams, and combinations of blocks in the diagrams, can be implemented by special purpose hardware-based computer systems that perform the specified functions or steps or combinations of special purpose hardware and computer instructions.
Disclosed are example systems and methods for changing addresses of components in a system, such as an imaging system. According to one example embodiment of the present disclosure, a controller may operate in conjunction with a bus master to initiate address change operations on components upon initialization or reset, such as after installation or at an instance when power is first supplied to the component, in order to change a default address of each component to a different address. In one example aspect, the bus master may send a command to a security module of the imaging system to retrieve new addresses for various components in the system. The security module may calculate new addresses for the components using a predetermined address change algorithm and return the new address values to the bus master. After receiving the new addresses from the security module, the bus master may send an address change command to each component. Each component may run the same address change algorithm performed by the security module in order for each component to derive the same addresses that the security module generated by way of the address change algorithm. Accordingly, addresses of all components in the imaging system may be known to each component. Each component may be assigned with an associated address index value based on a supply identifier from a configuration certificate. An address index value assigned to each component may be used to determine an address to be assigned to a particular component.
Referring now to the drawings, and particularly to
In one example embodiment, imaging device 105 may employ an electronic authentication scheme to authenticate consumable supply items and/or replaceable units installed in imaging device 105. In
Security module 160 may operate in conjunction with bus master 215 to facilitate establishing connections between controller 130 and various components and subassemblies 150, 205, 210 connected to shared bus system 200. For example, security module 160 may be configured to provide authentication functions, safety and operational interlocks, and/or address change functions related to imaging unit 205, toner cartridge 150, and other addressable components 210. In one example embodiment, security module 160 may be configured to generate new addresses for imaging unit 205, toner cartridge 150, and other addressable components 210 to facilitate establishing communication with controller 130.
Supply devices 300 may not be able to eavesdrop on the calculation of security module 160 of new addresses for supply devices 300, as will be discussed in further detail below. Security module 160 may be configured to communicate the new addresses to bus master 215. Bus master 215 may then communicate the new addresses to controller 130. In one example aspect, communication of the new addresses to bus master 215 and/or controller 130 may be kept private by using data encryption. While each of shared bus 305 and bus 310 is illustrated as a two-wire serial bus in this example embodiment, shared parallel bus structures or other wired structures may be utilized in other example embodiments. In some other alternative example aspects, security module 160 may communicate with bus master 215 over shared bus 305. In yet other example embodiments, structures that facilitate communication between bus master 215 and supply devices 300 and security module 160 may operate using wireless technology.
Shared bus system 200 may utilize the Inter-Integrated Circuit (“I2C”) protocol. It will also be appreciated by those of ordinary skill in the art that other bus communication protocols, such as System Management Bus (SMB) protocols, UNI/O bus protocols, or other protocols used in bus structures having master/slave configurations may be utilized in other example embodiments.
Bus master 215 may include a processor 315. Bus master 215 may also include a master I2C circuit 320 which may be controlled by processor 315. Controller 130 and supply devices 300 may communicate with each other over shared bus system 200 via master I2C circuit 320 of bus master 215. In some example embodiments, processor 142 of controller 130 may function as processor 315 of bus master 215.
Processor 315 may include an associated memory 325 for storing instructions, as well as addresses of controller 130, security module 160, and supply devices 300. In one example embodiment, bus master 215 may store addresses of supply devices 300 in an address array A 330 in memory 325. In some example embodiments, memory 325 of bus master 215 may form part of memory 145 of controller 130. In some alternative example embodiments, a single memory device may be used for memory 325 and memory 145.
Security module 160 may include an I2C interface circuit 335 for interfacing the I2C protocol commands with bus master 215. In one example embodiment, security module 160 may be equipped with an address generator 345 for determining new addresses for supply devices 300. In some example aspects, address generator 345 may be a software algorithm stored in a memory 340. In other sample aspects, an address generator circuit may form part of security module 160. Address generator 345 may include a PRNG for generating addresses according to a predefined algorithm. The PRNG may be capable of generating a significant number of addresses but in a highly irregular and unpredictable manner. Security module 160 may store addresses of one or more supply devices 300 in an address array A 350 in memory 340.
Each of supply devices 300a-300n may include component circuitry, such as respective security chips 165a-165n each having an I2C interface circuit 352a-352n for interfacing the I2C protocol commands with bus master 215. Each supply device 300a-300n may be equipped with a corresponding address generator 355a-355n for changing its respective address upon request by bus master 215. In some example aspects, address generator 355 may be a software algorithm stored in a memory or storage unit 360a-360n. In other sample aspects, an address generator circuit may form part of security chip 165. When embodied in a circuit form, linear feedback shift registers (LFSRs) may be employed, including the Galios type. In some example embodiments, other LFSRs, such as a Fibonacci type shift register or other pseudorandom types of shift registers, may be employed. Address generator 355 in each supply device 300 may implement the same pseudorandom number generation algorithm used by address generator 345 in security module 160 to derive the same address that security module 160 calculated for supply device 300 by way of the pseudorandom number generation algorithm. Each storage unit 360a-360n may store addresses of one or more supply devices 300 of imaging device 105 in an address array A 365. In one example embodiment, each supply device 300 may maintain an address array A of length n (where n represents the total number of supply devices 300) in storage unit 360 that contains addresses of all supply devices 300 in imaging device 105. A configuration certificate used to provide configuration settings and/or parameters for one or more components of imaging device 105 may be used to assign a supply identifier to each supply device 300, the supply identifier identifying an address index for each supply device 300 that may be used to determine an address of the supply device 300 from address array A.
In one example embodiment, imaging device 105 may employ a 7-bit addressing scheme. Each of the devices in imaging device 105 may have a default address based on its configured type. For example, using a 7-bit addressing scheme, the default address for security module 160 may be address 8 (0001000b), and the default address for a black toner bottle may be address 16 (0010000b). Security module 160 may not change its address and therefore always communicates with all the other devices in imaging device 105 using its default address. After a reset of imaging device 105, each supply device 300 may communicate over shared bus 305 using the default address of supply device 300 until supply device 300 receives a change address command from bus master 215. Once its address is changed, supply device 300 communicates with bus master 215 over shared bus 305 using its new address.
The format by which bus master 215 may transmit data on shared bus 305 may include a start bit, the address of the supply device 300 that is expected to respond, and a read or write bit. Bus master 215 may wait for addressed supply device 300 to acknowledge the receipt of the data transmitted by bus master 215. Once an acknowledgement is received, bus master 215 may then transmit a series of data to the addressed supply device 300. No other supply device 300 may interrupt the communication during the series of transmissions by bus master 215 or utilize shared bus 200 until bus master 215 releases the bus with a stop bit. After the transmission of each data word, the addressed supply device 300 may transmit an acknowledgment of receipt of the data word. If bus master 215 initially transmits a “read” bit, then in response thereto, supply device 300 may transmit data words to bus master 215, whereupon bus master 215 may acknowledge receipt of the data words after each transmission by the addressed supply device 300. When bus master 215 has received all of the data requested, it may transmit a “not-acknowledge” message to indicate end of the read transfer. Supply device 300 may then release shared bus 305. As is known with the I2C protocol, bus master 215 is in complete control of communications on shared bus 305.
To initiate communications with supply devices 300, bus master 215 facilitates establishing sessions between security module 160 and each of supply devices 300a-300n at block 410. Communications between security module 160 and each of supply devices 300 may be encrypted using session keys. Each session key may be calculated using data words exchanged between security module 160 and supply devices 300. Security module 160 may generate one address initialization vector (IV) and transmit the initialization vector to each supply device 300a-300n with session key data. The initialization vector may be a random bit string or a fixed arbitrary constant.
At block 415, each supply device 300a-300n may use the initialization vector with a key to calculate a seed for a pseudorandom number generation algorithm implemented by address generator 355. In one example embodiment, each address generator 355a-355n may use a 256-bit SHA-2 hash function which takes the seed and the initialization vector as inputs and generates a fixed size 256-bit output corresponding to the seed (e.g., seed=SHA256 (IV ∥key)). It will also be appreciated by those of ordinary skill in the art that other pseudorandom number generation algorithms may be used to calculate the seed in some example embodiments. Some pseudorandom number generation algorithms include, but are not limited to, a linear congruential generator, a linear feedback shift register, Mersenne Twister, or a cipher-based algorithm such as Advanced Encryption Standard (AES). While it has been described that the PRNG seed is calculated from a nonce and key using SHA-2, a different operation may be used in place of SHA-2 in some example aspects. For example, Hash Message Authentication Code (HMAC) or AES encryption may be used to calculate the PRNG seed. In other example aspects, instead of using a shared secret key, the seed may be established using a public key exchange, such as Diffie-Hellman which is based upon finite field cryptography or on elliptic curve cryptography. In yet other example aspects, security module 160 may generate and send the seed to supply devices 300 in encrypted form. The encryption may be symmetrical, such as AES, with a shared private key, or asymmetrical, such as RSA, with public keys.
At block 420, each supply device 300a-300n may initialize the PRNG state with the seed (e.g., state0=seed). Thereafter, the 256-bit PRNG state may be updated using 256-bit SHA-2 based upon the previous PRNG state (e.g., state1=SHA256(statei-1)) each time random data is needed, such as when new addresses for supply devices 300 are requested.
At block 425, each supply device 300 may initialize and fill address array A of storage unit 360 with the default addresses. As discussed above, the configuration certificate may be used to assign a supply identifier for each type of supply device 300, the supply identifier being used to determine an address index of a supply device 300 in address array A.
Bus master 215 may initiate address changes for supply devices 300 periodically. The time to change addresses for supply devices 300 may be based upon a random or fixed period of time in some example embodiments. In other example embodiments, the time to change addresses may be based upon the operational history of imaging device 105 such as when a certain number of transactions have transpired. To initiate an address change operation, bus master 215 may send a command to security module 160 over bus 310 to retrieve new addresses for supply devices 300 at block 430. In response, security module 160 may calculate new addresses for supply devices 300 using a predetermined algorithm and send the new addresses to bus master 215 over bus 310 at block 435. Bus master 215 needs no knowledge of the algorithm used by security module 160 to calculate the new addresses. In some example aspects, bus 310 may be isolated from shared bus 305, and any supply device 300a-300n connected to shared bus 305 may not be able to eavesdrop on the new addresses calculated and transmitted by security module 160 to bus master 215. In other example aspects, the new addresses may be encrypted before being transmitted by security module 160 to bus master 215.
Referring to
The start of the process is shown in block 505, where the PRNG state is updated to a new PRNG state. In the example pseudo code, the UpdatePRNG( ) function updates the PRNG state. In one example embodiment, the UpdatePRNG( ) function may update the PRNG state by calculating a new PRNG state using SHA256 with the previous PRNG state as an input. Address array A 350 containing addresses of supply devices 300 may then be copied to a previous address array P 375 in memory 340 at block 510.
For each supply device 300a-300n with an address index from i=0 to n−1, a candidate address is determined. At block 515, a candidate address for supply device 300 may be determined at the outset of the iterated calculation of candidate addresses for all supply devices 300. In this example, the first supply device 300a may correspond to the supply device associated with an address index i=0 and the last supply device 300n may correspond to supply device 300 associated with an address index i=n−1.
At block 520, a candidate address for supply device 300 may be generated by retrieving a group of seven bits from the new or updated PRNG state. In the example pseudo code, these seven bits of random data are retrieved using the Random7bits( ) function.
In one example embodiment, the candidate address for each supply device 300a-300n generated by the Random7bits( ) function may correspond to the bottom seven bits of each successive byte from the new PRNG state. As an example, a PRNG state 600 shown in
In another example embodiment, the candidate address for each supply device 300 generated by the Random7bits( ) function may correspond to successive bits 7i+6 down to 7i of the new PRNG state. As an example, a PRNG state 700 shown in
Although the above example embodiments show the use of successive bits from the PRNG state as address bits for supply devices 300, it will be appreciated that, in other example embodiments, each supply device 300a-300n may use any seven bits from the PRNG state as address bits, provided that the particular set of bits from different bit locations of the PRNG state used by each supply device 300a-300n is known to all supply devices 300 in imaging device 105 and security module 160. In addition, one or more bits (but not all) used to form the address bits for one supply device 300 may or may not overlap with bits used to form the address bits for another supply device 300. By knowing the particular set of bits used by each supply device 300a-300n in imaging device 105, each supply device 300a-300n can derive or arrive at the same addresses generated by security module 160 and each of other supply devices 300 in imaging device 106.
Referring back to
The determination in block 525 may be performed so that new addresses for supply devices 300 may not be any of the default addresses for any device or component in imaging device 105. The determination in block 525 may also be performed so that new addresses for supply devices 300 may prevent address conflicts. In particular, reserving the default addresses and not assigning any of the reserved addresses as new address may prevent address conflicts in the event that devices and/or components, including supply devices 300, in imaging device 105 are reset. For example, the broadcast address (address 0) may be a reserved address and cannot be used by any of supply devices 300. In one example embodiment, all other 7-bit addresses that are not default or reserved addresses may be used as new addresses. In another example aspect, such as in the I2C specification, some addresses are reserved for special purposes. For example, a special address (0000001b) is reserved for CBUS use in order for an I2C bus to connect to CBUS receivers. Addresses 11110XXb are also reserved in the I2C specification for use in 10-bit slave addressing. In one example embodiment of the present disclosure, these special and reserved addresses do not have any special meaning and may be used for addressing supply devices 300.
If the determination in decision block 525 is ‘true’ or affirmative, the process proceeds to block 530 where the candidate address may be updated to derive a new candidate address. The candidate address may be updated by adding a constant K to the candidate address and applying a modulus (MOD) function which keeps the next candidate address within a valid range. In the example pseudo code, the MOD function includes a “mod 128” operation, and a prime number, such as 13, may be used for K to cover all possible address values. In another example embodiment, K may be a co-prime with 128, such as 15. The candidate address may continue to be updated until each of IsReservedAddress( ) function and IsAddressInUse( ) function returns a ‘false’ value. If the decision in block 308 is ‘false’ or negative, the process proceeds to block 535.
At block 535, the candidate address may contain the next address for supply device 300 and may be written into address array A 350. At block 540, a determination is made as to whether or not new addresses for supply devices 300a-300n in imaging device 105 have been determined. Upon determining that not all addresses has been determined, example method 500 proceeds to block 545 where the address index i may be incremented to proceed with an address calculation for another supply device 300. Thereafter, the example method 500 loops back to block 515 to determine a candidate address for the next supply device 300. Thus, the process flow from block 515 to block 540 may be repeated until new addresses for all supply devices 300a-300n have been determined.
The candidate addresses for subsequent supply devices 300 may also be determined using the Random7bits( ) function. Accordingly, a candidate address for each subsequent supply device 300 may correspond to the next seven bits of random data retrieved using the Random7bits( ) function. In the example PRNG state 600 shown in
Referring to
Referring back to
When each supply device 300a-300n receives the change address command from bus master 215, each supply device 300a-300n performs or executes the same address change algorithm described in
Each supply device 300 may send an acknowledgment to bus master 215 using its old address after executing the address change algorithm. After sending the acknowledgement, each supply device 300a-300n may change its address to a respective new address from corresponding address array A 365a-365n at block 450. In this example, each supply device 300a-300n may change its address to an address value stored in element A[i] of address array A wherein i is the index value that is associated with the supply identifier in the configuration certificate assigned to supply device 300.
In one example embodiment, bus master 215 may test if addresses of supply devices 300 have successfully changed into new addresses as generated and stored in address array A 330.
At block 805, bus master 215 may communicate with a supply device 300 using the old address of supply device 300 in previous address array P 375. If, at block 810, supply device 300 responds using its old address in previous address array P 370, then bus master 215 may determine that supply device 300 has not changed its address. In response, bus master 215 may disable supply device 300 at block 815.
If, at block 810, supply device 300 does not respond on its old address as stored in previous address array P 375, bus master 215 may attempt to communicate with supply device 300 using the new address of supply device 300 stored in address array A 330 (at block 820).
At block 825, if supply device 300 does not respond on the new address (i.e., the new address of supply device 300 stored in address array A 330 does not match the new address stored in address array A 365), then supply device 300 may have incorrectly generated a new address. Bus master 215 may then disable the supply device (block 815). If, at block 825, supply device 300 responds on the new address, supply device 300 correctly calculated the new address, which matches with the new address stored in address array A 330. Bus master 215 may then continue to communicate with the supply device 300 using its new address at block 830.
Both bus master 215 and the addressed supply devices 300 may be updated with new supply device addresses without the supply devices transmitting their new addresses on shared bus 305 such that any device connected to shared bus 305 may not be able to gain knowledge of the new addresses. Thereafter, all subsequent transmissions by bus master 215 to addressed supply devices 300 may occur on the newly-assigned addresses. In the event that supply device 300 is disabled due to incorrect response to the challenge sent by bus master 215, such supply device 300 may be detected as a clone, counterfeit or otherwise unauthorized component, and appropriate actions may be taken or recommended. For example, a user may be advised to acquire an authorized supply device via a display of user interface 135 or to contact a system administrator or technical support for assistance in addressing the issue. Imaging device 105 may be configured to address such a situation to protect against the use of unauthorized components in order to optimize performance of and/or prevent damage to imaging device 105.
The description of the details of the example embodiments have been described in the context of using an I2C 7-bit addressing scheme. However, it will be appreciated that the teachings and concepts provided herein can be applied to other addressing schemes, such as 10-bit addressing schemes. Moreover, such teachings and concepts may be applied on any addressed bus, such as Modbus or USB.
Relatively apparent advantages of the many embodiments include, but are not limited to, providing a greater number of addresses available for supply device addressing compared to previous methods. In particular, by utilizing all bits of an address as variable bits and using any non-reserved or non-default addresses for each supply device 300a-300n, a greater number of possible addresses may be achieved. Moreover, having the entire length of an address as variable may make it more difficult for attackers to break or hack the shared bus system, thereby improving security. The address changing schemes described herein also introduce notions of a supply device generating addresses for all supply devices in the system with each new supply device address being derived from a common PRNG state, unlike conventional address changing schemes wherein individual components calculate only their own respective new addresses.
Advantages also introduce additional notions of address calculations being done by system security module 160 and each supply device 300a-300n, and not by bus master 215 facilitating communication between system security module 160 and supply devices 300a-300n, as in the case of conventional master/slave configurations. Instead, bus master 215 may read or retrieve the addresses from system security module 160 separate from bus master 215, and bus master 215 needs no knowledge of the algorithm used to determine supply device 300 addresses. Bus master 215 also communicates with security module 160 over bus 310 that is isolated from shared bus 305 that bus master 215 uses to communicate with supply devices 300. In this way, any device connected to shared bus 305 used by bus master 215 to communicate with supply devices 300 may not be able to eavesdrop on the address calculation by system security module 160 and the transmission of new addresses to bus master 215. Moreover, bus master 215 individually polls each supply device 300a-300n to change its address without supply device 300a-300n having to communicate its new address to bus master 215, thereby preventing attackers from gaining knowledge of the new address.
It will be understood that the example applications described herein are illustrative and should not be considered limiting. It will be appreciated that the actions described and shown in the example flowcharts may be carried out or performed in any suitable order. It will also be appreciated that not all of the actions described in
Many modifications and other embodiments of the disclosure set forth herein will come to mind to one skilled in the art to which these disclosures pertain having the benefit of the teachings presented in the foregoing descriptions and the associated drawings. Therefore, it is to be understood that the disclosure is not to be limited to the specific embodiments disclosed and that modifications and other embodiments are intended to be included within the scope of the appended claims. Although specific terms are employed herein, they are used in a generic and descriptive sense only and not for purposes of limitation.
Continuation of U.S. patent application Ser. No. 15/954,355 filed on Apr. 16, 2018.
Number | Date | Country | |
---|---|---|---|
Parent | 15954355 | Apr 2018 | US |
Child | 16567918 | US |