TARGET DEVICE, METHOD AND SYSTEM FOR MANAGING DEVICE, AND EXTERNAL DEVICE

Abstract

A device management system is configured with a target device including at least one unit that includes a tamper-resistant chip, a management apparatus that manages or uses the target device, and an authentication apparatus including a database for authentication, connected via a network in a communicable manner. In the target device, each unit is equipped with the tamper-resistant chip that collects device information specific to a unit, stores collected device information, and stores a confidential-key.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a schematic diagram for explaining a fundamental principle of the present invention;

FIG. 2 is a block diagram of an example of an image reading device to which the present invention is applied;

FIG. 3 is a block diagram of an example of a TPM chip to which the present invention is applied;

FIG. 4 is a block diagram of an example of a management apparatus and an authentication apparatus to which the present invention is applied;

FIG. 5 is a block diagram of an example of a database stored in a storage device of the authentication apparatus;

FIG. 6 is a flowchart of a processing procedure for a unit-information confirmation process of a system according to an embodiment of the present invention;

FIG. 7 is a flowchart of a processing procedure for a unit-program confirmation process of the system according to the present embodiment;

FIG. 8 is a block diagram for explaining an example of an inter-unit authentication process of the system according to the present embodiment; and

FIG. 9 is a block diagram for explaining an example of a management process of an expendable part of the system according to the present embodiment.

Claims

1. A target device comprising: at least one unit that includes a tamper-resistant chip, whereinthe tamper-resistant chip includes a first device-information storing unit that stores first device information specific to the unit; anda confidential-key storing unit that stores a confidential key.

2. The target device according to claim 1, wherein the device information includes information relating to at least one of unit information that includes a unit identification number;expendable-part information relating to an expendable part;program-version information relating to a version of a program that is executed by the unit;measurement-value information relating to an environment of the unit including temperature, humidity, and altitude;setting information during an operation of the unit; andoperation-result information relating to a result of operation of the unit.

3. The target device according to claim 1, wherein the unit further includes a second device-information storing unit that stores second device information of other unit;an encrypting unit that encrypts the first device information using the confidential key;a transmitting unit that transmits encrypted device information to other unit;a decrypting unit that decrypts the device information transmitted by the transmitting unit using the confidential key; andan authentication unit that authenticates whether decrypted device information corresponds to the second device information.

4. The target device according to claim 1, wherein the unit further includes an encrypting unit that encrypts the first device information using the confidential key; anda first transmitting unit that transmits encrypted device information to an external device connected to the target device.

5. The target device according to claim 4, wherein the external device includes a device-information receiving unit that receives transmitted device information; andan evaluating unit that decrypts received device information, and evaluates whether decrypted device information corresponds to device information that is stored in a database in advance.

6. The target device according to claim 5, wherein the external device further includes a second transmitting unit that transmits a result of evaluation by the evaluating unit to the target device.

7. The target device according to claim 4, wherein the external device further includes an operation-information storing unit that stores operation information corresponding to each piece of information included in the device information;a device-information receiving unit that receives transmitted device information;an operation extracting unit that decrypts received device information, and extracts the operation information corresponding to decrypted device information from the operation-information storing unit; anda second transmitting unit that transmits extracted operation information to either one of the target device and other external device.

8. The target device according to claim 1, wherein the target device is an image reading device.

9. A device management system in which a target device configured with at least one unit that includes a tamper-resistant chip, a management apparatus that manages or uses the target device, and an authentication apparatus are connected via a network in a communicable manner, wherein the management apparatus includes a requesting unit that transmits a unit-information confirmation request to the target device,the target device includes a request receiving unit that receives transmitted unit-information confirmation request; anda transmitting unit that encrypts device information including unit information that includes a unit identification number stored in the tamper-resistant chip with a confidential key stored in the tamper-resistant chip, and transmits encrypted device information to the authentication apparatus, for each unit, andthe authentication apparatus includes a device-information receiving unit that receives the device information; andan evaluation unit that decrypts received device information, evaluates whether decrypted device information corresponds to device information that is stored in a database of the authentication apparatus in advance, and transmits a result of evaluation to the target device and the management apparatus.

10. A device management system in which a target device configured with at least one unit that includes a tamper-resistant chip, a management apparatus that manages or uses the target device, and an authentication apparatus are connected via a network in a communicable manner, wherein the management apparatus includes a requesting unit that transmits a unit-program confirmation request to the target device,the target device includes a request receiving unit that receives transmitted unit-program confirmation request; anda first transmitting unit that encrypts device information including unit information that includes a unit identification number stored in the tamper-resistant chip and program-version information relating to a version of a program that is executed by the unit with a confidential key stored in the tamper-resistant chip, and transmits encrypted device information to the authentication apparatus, for each unit, andthe authentication apparatus includes a device-information receiving unit that receives the device information; anda second transmitting unit that decrypts received device information, evaluates whether a correspondence relationship between the unit identification number and the program-version information included in the device information matches with a correspondence relationship between unit identification number and program-version information stored in a database of the authentication apparatus in advance, when the relationships do not match, acquires a program file corresponding to a correct program version from the database, and transmits acquired program file to the target device.

11. A device management system in which a target device configured with at least one unit that includes a tamper-resistant chip including a device-information storing unit that stores device information specific to a unit and a confidential-key storing unit that stores a confidential key, and an external device that manages or uses the target device are connected via a network in a communicable manner, wherein the target device includes an encrypting unit that encrypts stored device information using the confidential key; anda first transmitting unit that transmits encrypted device information to the external device connected to the target device, andthe external device includes a device-information receiving unit that receives transmitted device information;an evaluating unit that decrypts received device information, and evaluates whether the device information corresponds to device information that is stored in a database in advance; anda second transmitting unit that transmits a result of evaluation by the evaluating unit to the target device.

12. The device management system according to claim 11, wherein the external device further includes an operation-information storing unit that stores operation information corresponding to each piece of information included in the device information;an operation extracting unit that decrypts the received device information, and extracts the operation information corresponding to decrypted device information from the operation-information storing unit; anda third transmitting unit that transmits extracted operation information to the target device or other external device.

13. A device management method for a device management system in which a target device configured with at least one unit that includes a tamper-resistant chip including a device-information storing unit that stores device information specific to a unit and a confidential-key storing unit that stores a confidential key, and an external device that manages or uses the target device are connected via a network in a communicable manner, the device management method comprising: encrypting including the target device encrypting the device information using the confidential key;transmitting including the target device transmitting encrypted device information to the external device connected to the target device;receiving including the external device receiving transmitted device information;evaluating including the external device decrypting received device information;the external device evaluating whether the device information corresponds to device information that is stored in a database in advance; andthe external device transmitting a result of evaluation the target device.

14. The device management method according to claim 13, further comprising: storing including the external device storing operation information corresponding to each piece of information included in the device information;extracting including the external device decrypting the received device information; andthe external device extracting the operation information corresponding to decrypted device information; andtransmitting including the external device transmitting extracted operation information to the target device or other external device.

15. An external device that manages or uses a target device that is configured with at least one unit that includes a tamper-resistant chip including a device-information storing unit that stores device information specific to a unit and a confidential-key storing unit that stores a confidential key, the external device being connected to the target device via a network in a communicable manner, the external device comprising: a device-information receiving unit that receives, upon the target device encrypting stored device information using the confidential key and transmitting encrypted device information, transmitted device information;an evaluating unit that decrypts received device information, and evaluates whether the device information corresponds to device information that is stored in a database in advance; anda first transmitting unit that transmits a result of evaluation by the evaluating unit to the target device.

16. The external device according to claim 15, further comprising: an operation-information storing unit that stores operation information corresponding to each piece of information included in the device information;an operation extracting unit that decrypts the received device information, and extracts the operation information corresponding to decrypted device information from the operation-information storing unit; anda second transmitting unit that transmits extracted operation information to the target device or other external device.