WO2017204822A1 - Firmware module encryption - Google Patents

Firmware module encryption Download PDF

Info

Publication number
WO2017204822A1
WO2017204822A1 PCT/US2016/034631 US2016034631W WO2017204822A1 WO 2017204822 A1 WO2017204822 A1 WO 2017204822A1 US 2016034631 W US2016034631 W US 2016034631W WO 2017204822 A1 WO2017204822 A1 WO 2017204822A1
Authority
WO
WIPO (PCT)
Prior art keywords
encrypted
firmware
module
decryption
function
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/US2016/034631
Other languages
French (fr)
Inventor
Marvin D NELSON
Honee L MESA
Paul Jeran
Chris R GUNNING
Erik D NESS
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hewlett Packard Development Co LP
Original Assignee
Hewlett Packard Development Co LP
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hewlett Packard Development Co LP filed Critical Hewlett Packard Development Co LP
Priority to CN201680085761.9A priority Critical patent/CN109196506B/en
Priority to EP16903344.6A priority patent/EP3465521A4/en
Priority to US16/073,022 priority patent/US11126724B2/en
Priority to PCT/US2016/034631 priority patent/WO2017204822A1/en
Publication of WO2017204822A1 publication Critical patent/WO2017204822A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/572Secure firmware programming, e.g. of basic input output system [BIOS]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/106Enforcing content protection by specific content processing
    • G06F21/1063Personalisation
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • G06F21/608Secure printing
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/629Protecting access to data via a platform, e.g. using keys or access control rules to features or functions of an application
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/73Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates

Definitions

  • PRINTER FIRMWARE ENCRYPTION (Aity. Docket No. 84460072) and assigned to a common assignee. The disclosure of application Ser. No. is incorporated herein by reference.
  • a device firmware is a set of instructions embedded in the device that facilitate controlling, monitoring, and so forth, the device and/or or components of the device.
  • the device firmware may be held in a non-voIatiie memory and may rarely, if ever, be changed during the life cycle of the device ⁇ depending on the type of device).
  • the firmware may be the primary enabier of device functionality.
  • the firmware may act as an interface between device hardware and applications installed on the device.
  • Devices that inciude various types of firmware may include, for example, personal computers, printers, other peripherals, appliances, remote controls, digital watches, cellular phones, digital cameras, and so forth.
  • FIG. 1 illustrates an example device firmware associated with firmware encryption.
  • FIG. 2 illustrates an example device associated with firmware encryption.
  • FIG. 3 illustrates another example device associated with firmware encryption
  • FiG. 4 illustrates a flowchart of example operations associated with firmware encryption
  • FIG. 5 illustrates another flowchart of example operations associated with firmware encryption.
  • FIG. 6 illustrates another flowchart of example operations associated with firmware encryption.
  • FIG. 7 illustrates an example computing device in which example systems, and methods, and equivalents, may operate.
  • device firmware facilitates control, monitoring, and so forth of device functionality.
  • firmware may be difficult (e.g., if firmware is embedded in read only memory), it may be desirable to embed the specialized firmware in the device in a manner that allows later activation of the firmware, in other examples, device security may depend in part on security of the device firmware, and changing the device firmware periodically may make it more difficulty to attack the device.
  • encrypting modules may also facilitate reducing the number of persons with the ability to access the modules prior to the production and/or release of the devices into which the modules are embedded,
  • device firmware may include firmware that controls base device functionality, as well as a series of encrypted firmware modules that otherwise update, modify, enhance, disable, replace, add to, and so forth, the base device functionality.
  • the different encrypted firmware modules may be encrypted using different encryption keys.
  • a decryption module also embedded In the device firmware, receives encryption keys, respective encrypted firmware modules may be decrypted and activated. This may allow updating device functionality, activating device functionality, updating device security, and so forth.
  • Figure 1 illustrates an example device firmware 100 associated with firmware encryption, St should be appreciated that the items depicted in figure 1 are illustrative examples, and many different systems, devices, and so forth, may operate in accordance with various examples.
  • FIG. 1 illustrates an example device firmware 100 associated with firmware encryption.
  • Device firmware 100 includes a base module 110, Base firmware moduie 110 may control a variety of device functions 180 associated with a device into which device firmware 100 is embedded.
  • the device into which device firmware 100 is embedded may be, for example, a computer, a printer, an appliance, manufacturing equipment, a mobile device, and so forth. Consequently, device functions 180 may vary depending on what type of device into which device firmware 100 is embedded.
  • a printer may have device functions 180 that relate to printing, scanning, copying, dialing fax numbers, emailing, performing device maintenance, connecting to other devices, communicating information to and receiving information from users, and so forth.
  • a printing function may use software instructions to convert a fiie into a printable format.
  • the printable format may be interpreted and an interface in firmware may be used to control the printer hardware to physically cause a hard copy of the file to be generated by transferring print material ⁇ e.g., ink) from a print container to a print media (e.g., paper).
  • base module 110 may be firmware that controls operations of a device into which device firmware 100 is inserted, in some examples, for less sophisticated devices, the firmware may be all that is used to control operation of a device into which device firmware 100 is inserted.
  • a remote control may primariiy operate based on firmware that causes specific signals to be transmitted by the remote upon certain presses of buttons on the remote.
  • a device receiving the signals may do more work, possibly involving firmware, hardware, software, and so forth, to accomplish a task based on the signal received from the remote.
  • base modules 1 10 may operate as an interface between applications and device functions 180.
  • device Firmware 100 is embedded in a more sophisticated device such as a personal computer or mobile device
  • many of the applications interfacing with base module 110 may be executing on the device in which device firmware 100 resides.
  • base module 110 may interface with applications external to the device in which device firmware 100 is embedded.
  • Other examples of roles performed by base module 110 in controlling device functions 180 may also be possible.
  • Device firmware 100 also contains a set of encrypted modules including a first encrypted module 120 and a second encrypted module 130. Though two encrypted modules are illustrated, device firmware 100 may include numerous encrypted modules that perform a variety of functions when activated. The encrypted modules may be embedded into device firmware 100 at the same time as base module 110 with the intent that the encrypted modules be activated independent from base module 110. in various examples described herein, the encrypted modules may be configured such that they do not operate without being decrypted independently. By way of illustration, some devices employ firmware encryption techniques to hinder malicious attacks against the device, in examples described herein, the encrypted modules may operate differently than these firmware encryption techniques because they are decrypted separately than the remainder of the firmware (e.g., base moduie 110). This allows the decrypted modules to, for example, reside inactive in firmware until activated by being decrypted. This may, for example, facilitate device security, allow late delivery of functionality to the device, and so forth.
  • firmware encryption techniques to hinder malicious attacks against the device
  • the encrypted modules may operate differently than these firmware encryption techniques because they
  • device firmware 100 may contain a decryption module 140 for the purpose of decrypting the encrypted modules.
  • Decryption moduie 140 upon obtaining a decryption key from a key provider 199, may decrypt an encrypted moduie to which the decryption key corresponds. Upon decryption of this encrypted moduie, the encrypted moduie may activate.
  • Key provider 199 may be, for example, built into a device into which device firmware 100 is embedded. In this example, key provider 199 may be a secure application specific integrated circuit. In other examples, key provider 199 may be external to the device into which device firmware 100 is embedded.
  • key provider 199 may be a manufacturer or other type of service provider for the device, Other key providers may include, for example, users, other devices similar to and/or connected to the device in which device firmware 100 is embedded, trusted third parties, and so forth. Whether key provider 199 is internal or external to the device may depend on, for example, security concerns, a likelihood device firmware 100 will have access to a network connection, how critical the encrypted modules will be to device functionality, and so forth. By way of illustration, for certain products, it may be undesirable to mandate that the product be periodically connected to a network. In these examples, the key provider may reside within products. For other devices, where device security is important, it may be possible to remotely provide decryption keys for encrypted modules via a network.
  • decrypted modules may modify existing device functions 180.
  • first encrypted module 120 is indicated as being affecting an existing device function 180, in various examples, first encrypted module 120 may modify, upgrade, replace, deactivate, and so forth an existing device function 180 when first encrypted module 120 is decrypted and activated.
  • a printer may use a variety of print consumables. Some of the print consumables may be containers of print materiaI (e.g., ink. toner, a 3D print material). To hinder consumption of counterfeit print containers by the printer, the printer may authenticate print containers.
  • encrypted modules may be embedded in the firmware of the printer that use a variety of authentication techniques over time.
  • Embedding the encrypted modules in the firmware of the printer may allow the printer to automatically adjust authentication techniques over time, without requiring a firmware update to be received over a network connection or installed by a user. That the encrypted modules are not received or installed after product distribution may be additionally valuable because their activation can be made non- optional. While a user could opt not to install a firmware update, firmware modules that are capable of being automatically decrypted upon receiving a decryption key may facilitate managing future behavior of a product to that controls behavior of the device without user interaction. This may include for example, disabling features no longer under contract enhancing security, and so forth.
  • decrypted modules may add additional functionality 185 to a device into which device firmware 100 is embedded.
  • a fitness wearable may be designed with a GPS functionality that is not quite ready at the release of the wearable.
  • the firmware may be ready, but the applications thai use the firmware may be finished after users have begun using the wearable. Consequently, firmware associated with the GPS functionality may be disabled by encrypting the firmware until an appropriate decryption key is received by the wearable. This may allow the GPS functionality to be added without updating the firmware after release of the wearable.
  • Using an encrypted module instead of merely disabling the feature may allow the code to remain undiscoverable, thereby hindering undesired activation by an enterprising user. This may allow the device manufacturer to control when the additional functionality is activated and ensure they have an initial opportunity to provide the functionality to the customer,
  • decryption keys may be provided by key provider 199 to decryption module 140 on a set schedule.
  • the schedule may be defined prior to release of the device into which device firmware 100 is embedded, in some examples, the set schedule may be based on specific dates, passage of time following activation of the device into which device firmware 100 is embedded, and so forth. In other examples, the set schedule may be based on usage of the device into which device firmware 100 is embedded, consumption of components or supplies by the device, and so forth. Releasing a key based on a usage or consumption based scenario may facilitate, for example, maintaining a device into which device firmware 100 is embedded, rewarding a user of the device, and so forth.
  • the criteria and/or schedule for releasing decryption keys may be protected from discovery or alteration using embedded security hardware, encryption and/or signing technologies, and so forth,
  • the decryption keys may be provided without a set schedule.
  • key provider 199 may provide a decryption key to decryption module 140 to decrypt second encrypted module to modify a device function 180 or activate additional functionality 185 after key provider 199 receives a payment from a user.
  • a user may act as key provider 199 themselves after obtaining a key. Examples where keys are provided without a known schedule may be appropriate to encourage behavior from a user, allow trial functionality of device features, release functionality to a user on a subscription basis, and so forth.
  • firmware encryption may facilitate enhanced organizational control over information reiated to development of devices.
  • many individuate may have access to device firmware including developers, manufacturers, device testers, and so forth.
  • Each additional person with access to device firmware may pose an additional risk of leaking important information to competitors, counterfeiters, and/or other individuals with malicious intent (e.g., hackers).
  • printer manufacturers often begin seeing counterfeit supplies appear on the market within weeks of a product release, a feat that may only be achievable with aid of leaked information.
  • Encrypting firmware may allow an organization to restrict knowledge regarding device behaviors to a limited number of individuals, thereby reducing a risk of leaking valuable corporate information.
  • device behavior couid be changed on launch day of a product by triggering decryption of an encrypted firmware module, thereby reducing the value certain information obtained prior to the launch day.
  • various components of device firmware 100 and/or the device into which device firmware 100 is embedded may be generated and or installed into the device using secure manufacturing processes. These manufacturing processes may, for example, programmaticaily manipulate firmware moduies so that moduies in separate devices are made up of differing instructtons that cause similar results, In other examples, release schedules, authentication materials, and so forth may be manipulated and or otherwise securely embedded into the device via its components (e.g., a secure ASIC that releases encryption keys), components of device firmware 100, and so forth.
  • components e.g., a secure ASIC that releases encryption keys
  • Module includes but is not limited to instructions stored on a computer-readable medium or in execution on a machine that perform a function(s) or an action(s), and/or to cause a function or action from another module, method, and/or system. Where multiple logical moduies are described, it may be possible to incorporate the multiple logical modules into one logical module. Similarly, where a single logical module is described, it may be possible to distribute that singie logical module between multiple logical modules.
  • Figure 2 illustrates an example device 200 associated with firmware encryption.
  • Device 200 includes a device firmware 210
  • Device firmware 210 includes a base module 220.
  • Base module 220 may control a base function of device 200,
  • the base function of device 200 may be one of numerous functions 250 of device 200.
  • the base function, as well as other functions of device 200 may be performed by hardware, software, firmware, other components, and/or a combination of components of device 200. Activities associated with device functions 250 may depend in part on what functions device 200 is designed to perform.
  • device functions may relate to, for example, printing, scanning, copying, cleaning print heads, other maintenance tasks, managing components of the printer, managing supplies and/or containers of supplies consumed by the printer, communicating with external devices ⁇ e.g., personal computers), and so forth.
  • a fitness wearable may have firmware associated with, for example, communicating with nearby devices, motion tracking, displaying data to a user, heartrate monitoring, and so forth.
  • Firmware associated with a remote control may simply control what signal is transmitted (e.g., via an infrared medium) when certain buttons are pressed.
  • Device firmware 210 also includes a first encrypied module 230.
  • the first encrypted module may be inactive until decrypted. This may, for exampie, hinder undesired analysis of the first encrypted module prior to its activation, prevent early use of a functionality associated with the first encrypted module, and so forth.
  • the first encrypted module may modify a first function of device 200. As with the base function controSied by base module 220, the first function may be one of numerous device functions 250 performed by device 200. Modifying the first function may include, for example, activating the first function, replacing executable instructions associated with the first function, changing a way the first function is performed, changing a component of device 200 performing the first function, deactivating the first function, and so forth.
  • first encrypted module 230 may provide executable instructions to device 200 that cause device 200 to perform the first function, in various examples, decryption of first encrypted module 220 and modifications to the first function, including activation of the first function, may occur during operation of device 200. Thus, a reset or power cycle of device 200 may be unnecessary to decrypt and execute first encrypted module 230,
  • the base function and the first function may be the same function. Consequently, the first encrypted module may modify the base function. In some examples, once decrypted, first encrypted module 230 may prevent further operation of base module 220, thereby causing first encrypted module 230 to replace base module 220 during operation of device 200.
  • Device firmware 210 also includes a decryption module 240.
  • First decryption module 240 may decrypt first encrypted module 230 using a first encryption key.
  • the encryption key may be received from, for example, another component of device 200, an externaI device via a network connection, an external device over a direct connection, a user input to device 200, and so forth.
  • the encryption key may be obtained from multiple sources and assembled by decryption module 240.
  • Figure 3 illustrates a device 300 associated with firmware encryption.
  • Device 300 includes several items similar to those described above with reference to device 200 (figure 2).
  • device 300 includes a device firmware 310 containing a base module 320, a first encrypted module 330, and a decryption module 340.
  • the base module and the first encrypted module 330 may affect operation of a set of device functions 350,
  • Device firmware 310 also includes a second encrypted module 335, Second encrypted module 335 may modify a second function of device 300.
  • the second function of device 300 may be one of the numerous device functions 350 performed by device 300, and may be the same function as a base function controlled by base module 320 and/or a first function affected by first encrypted module 330.
  • Second encrypted module 335 may be inactive until decrypted by decryption module 340.
  • Decryption module 340 may use a second encryption key to decrypt second encrypted module 335.
  • Device 300 also includes an application specific integrated circuit ⁇ ASiC) 360.
  • ASIC 360 may securely store encryption keys inciuding a first encryption key used to decrypt first encrypted moduie 330 and the second encryption key,
  • the encryption keys stored in ASIC 360 may be periodicaiiy provided by ASIC 360 to decryption moduIe 340 causing decryption moduie 340 to decrypt corresponding encryption modules of device firmware 310.
  • device 300 may include numerous encrypted modules. Each encrypted moduie may have a corresponding decryption key that causes decryption module 340 to decrypt and activate respective encrypted moduies. These encrypted modules may be installed in device 300 to reduce scenarios requiring updating firmware of device 300, but still allowing updates to the device firmware. Further, as the updates are encrypted, it may be difficult for a person attempting to maliciously affect device 300 to identify countermeasures built into encrypted moduies before the encrypted moduies are activated.
  • Figure 4 illustrates an example method 400 associated with firmware encryption.
  • Method 400 may be embodied on a non-transitory processor-readable medium storing processor-executable instructions. The instructions, when executed by a processor, may cause the processor to perform method 400.
  • Method 400 includes receiving a first decryption key at 410.
  • the decryption key may be received in the firmware of a device.
  • the decryption key may be associated with a first encrypted module.
  • the first encrypted module may be embedded in the firmware of the device.
  • Method 400 also includes decrypting the first encrypted module at 420.
  • the first encrypted module may be decrypted using the first decryption key.
  • Method 400 also includes controlling execution of the first encrypted moduie at 430. Execution of the first encrypted module may occur after compieting decryption of the first encrypted module. Consequently, method 400 may illustrate how a device may activate an encrypted module embedded within the device. This may allow the device to, for example, securely update itself without an externaI source providing an updated firmware image.
  • Figure 5 illustrates a method 500 associated with firmware decryption
  • Method 600 includes severat actions simitar to those described above with reference to method 400 (figure 4).
  • method 500 includes receiving a first decryption key at 510, decrypting a first encrypted module at 520, and controlling execution of the first encrypted module at 530.
  • Method 500 aiso includes receiving a second decryption key at 540.
  • the second decryption key may be associated with a second encrypted module.
  • the second encrypted module may be embedded in the firmware of the device.
  • Method 500 also includes decrypting the second encrypted module using the second encryption key at 550.
  • the second encrypted module may be decrypted using the second decryption key.
  • Method 500 aIso includes controlling execution of the second encrypted module at 580, The second encrypted module may be executed upon completing decryption of the second encrypted module.
  • Figure 8 illustrates a method 600 associated with firmware encryption.
  • Method 600 includes embedding a series of encrypted modules in the firmware of a device at 610.
  • the series of encrypted modules may be scheduled to be decrypted on a set schedule.
  • the set schedule may be, for example, a temporal schedule, a usage based schedule, a maintenance schedule, and so forth.
  • a temporal schedule may be based on, for example, specific dates and times, passage of time after an initial activation of the device, and so forth
  • a usage based schedule may be based on, for example, how often the device is used, how much the device consumes a resource (e.g., a printer's consumption of ink), and so forth
  • a maintenance schedule may be based on, for example, when certain maintenance events have occurred, when certain maintenance events are expected to occur based on, device usage, and so forth.
  • a device may have certain wear and tear over time, and updating the device firmware to mitigate the wear and tear at specific points in time based on usage of the device may be desirable.
  • Method 600 also includes embedding a decryption, module in the firmware of the device at 820,
  • the decryption moduie may receive decryption keys associated with encrypted modules.
  • the decryption module may use the decryption keys to decrypt corresponding encrypted modules.
  • the decryption module may aiso control execution of the decrypted modules, in some examples, upon decryption of a member of the series of encrypted modules, a previous member of the series of encrypted modules may be deactivated. In other examples, decrypted modules may remain functional over the remaining life cycle of the device,
  • Method 600 also includes controlling delivery of the decryption keys to the decryption module at 830.
  • controlling delivery of the decryption keys may be achieved by embedding a secure delivery vector into the device. Consequently, the secure delivery vector may provide the decryption keys to the decryption module in association with the set schedule.
  • delivery of the decryption keys may occur by providing the keys to the device over a network, providing the keys to a user who inputs the keys into the device, and so forth.
  • components embedded into the device during their respective actions may be embedded during manufacturing of the device using a secure process.
  • the secure process may facilitate updating and/or modifying the components between their design and when the components are embedded into the device in a manner that facilitates reducing access to specific release details of the components.
  • a placeholder release date may be used that is modified prior to manufacturing of the device by an administrator based on a confidential planned release schedule for the feature.
  • embedding components into the device using a secure process may facilitate modifying authentication materials, and so forth.
  • Figure 7 illustrates an example device in which example systems and methods, and equivalents, may operate.
  • the example device may be a device 700 that includes a processor 710 and a memory 720 connected by a bus 730,
  • Device 700 includes a firmware encryption module 740.
  • Firmware encryption module 740 may perform, alone or in combination, various functions described above with reference to the example devices, methods, and so forth.
  • firmware encryption module 740 may be implemented as a non-transitory computer- readable medium storing processor-executable instructions,
  • the instructions may also be presented to device 700 as data 750 and/or process 760 thai are temporarily stored in memory 720 and then executed by processor 710.
  • the processor 710 may be a variety of processors including dual microprocessor and other multi-processor architectures.
  • Memory 720 may include non-volatile memory (e.g., read only memory) and/or volatile memory (e.g., random access memory).
  • Memory 720 may also be, for example, a magnetic disk drive, a solid state disk drive, a floppy disk drive, a tape drive, a flash memory card, an optical disk, and so on.
  • memory 720 may store process 760 and/or data 750.
  • Device 700 may also be associated with other devices including other computers, devices, peripherals, and so forth in numerous configurations (not shown).

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Mathematical Physics (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Stored Programmes (AREA)

Abstract

Examples associated with firmware encryption are described. One example device firmware includes a base module. The base module controls a base function of the device. The device firmware also includes a first encrypted module that modifies a first function of the device. The first encrypted module is inactive until decrypted. A decryption module decrypts the first module using a first encryption key and controls activation of the first encrypted module.

Description

FIRMWARE MODULE ENCRYPTION
CROSS REFERENCE TO RELATED APPLICATIONS
[0001] The subject matter of this appiication is related to that of copending patent appiication Ser. No, filed concurrently herewith by M. Nelson et al. for
PRINTER FIRMWARE ENCRYPTION (Aity. Docket No. 84460072) and assigned to a common assignee. The disclosure of application Ser. No. is incorporated herein by reference.
[0002] The matter of this application is related to that of copending patent appiication Ser. No. filed concurrently herewith by M. Nelson et ai. for
PRINTER AUTHENTICATION (Atty. Docket No. 84460078) and assigned to a common assignee. The disclosure of appiication Ser. No. is incorporated herein by reference.
BACKGROUND
[0003] A device firmware is a set of instructions embedded in the device that facilitate controlling, monitoring, and so forth, the device and/or or components of the device. In various examples, the device firmware may be held in a non-voIatiie memory and may rarely, if ever, be changed during the life cycle of the device {depending on the type of device). In some devices, the firmware may be the primary enabier of device functionality. In other devices, the firmware may act as an interface between device hardware and applications installed on the device. Devices that inciude various types of firmware may include, for example, personal computers, printers, other peripherals, appliances, remote controls, digital watches, cellular phones, digital cameras, and so forth.
BRIEF DESCRIPTION QF THE .DRAWINGS [0004] The present application may be more fuIiy appreciated in connection with the following detailed description taken in conjunction with the accompanying drawings,
[0005] FIG. 1 illustrates an example device firmware associated with firmware encryption. [0006] FIG. 2 illustrates an example device associated with firmware encryption.
[0007] FIG. 3 illustrates another example device associated with firmware encryption,
[0008] FiG. 4 illustrates a flowchart of example operations associated with firmware encryption,
[0009] FIG. 5 illustrates another flowchart of example operations associated with firmware encryption.
[0010] FIG. 6 illustrates another flowchart of example operations associated with firmware encryption.
[0011] FIG. 7 illustrates an example computing device in which example systems, and methods, and equivalents, may operate.
DETAILED DESCRIPTION
[0012] Devices, methods, and equivalents associated with firmware encryption are described. As discussed above, device firmware facilitates control, monitoring, and so forth of device functionality. In some cases, it may be desirable to activate, release, or otherwise modify a device functionality after a certain event in a life cycle of a device. By way of illustration, consider a device feature that is not ready to be activated at a release date of the device, but uses specialized firmware. Because updating firmware of the device may be difficult (e.g., if firmware is embedded in read only memory), it may be desirable to embed the specialized firmware in the device in a manner that allows later activation of the firmware, in other examples, device security may depend in part on security of the device firmware, and changing the device firmware periodically may make it more difficulty to attack the device. Instead of updating the firmware, it may be possible to embed updated security measures in the firmware that can be activated periodically over time, in some situations, it may be desirable to encrypt these modules to keep their behavior undiscoverable and/or unknown prior to their decryption. Additionally, encrypting modules may also facilitate reducing the number of persons with the ability to access the modules prior to the production and/or release of the devices into which the modules are embedded,
[0013] Consequently, device firmware may include firmware that controls base device functionality, as well as a series of encrypted firmware modules that otherwise update, modify, enhance, disable, replace, add to, and so forth, the base device functionality. The different encrypted firmware modules may be encrypted using different encryption keys. When a decryption module, also embedded In the device firmware, receives encryption keys, respective encrypted firmware modules may be decrypted and activated. This may allow updating device functionality, activating device functionality, updating device security, and so forth.
[0014] Figure 1 illustrates an example device firmware 100 associated with firmware encryption, St should be appreciated that the items depicted in figure 1 are illustrative examples, and many different systems, devices, and so forth, may operate in accordance with various examples.
[0015] Figure 1 illustrates an example device firmware 100 associated with firmware encryption. Device firmware 100 includes a base module 110, Base firmware moduie 110 may control a variety of device functions 180 associated with a device into which device firmware 100 is embedded. By way of illustration the device into which device firmware 100 is embedded may be, for example, a computer, a printer, an appliance, manufacturing equipment, a mobile device, and so forth. Consequently, device functions 180 may vary depending on what type of device into which device firmware 100 is embedded. By way of illustration, a printer may have device functions 180 that relate to printing, scanning, copying, dialing fax numbers, emailing, performing device maintenance, connecting to other devices, communicating information to and receiving information from users, and so forth. These device functions 180 may he implemented in software, hardware, firmware, and so forth, as weii as combinations thereof. For example, a printing function may use software instructions to convert a fiie into a printable format. The printable format may be interpreted and an interface in firmware may be used to control the printer hardware to physically cause a hard copy of the file to be generated by transferring print material {e.g., ink) from a print container to a print media (e.g., paper).
[0016] Thus, base module 110 may be firmware that controls operations of a device into which device firmware 100 is inserted, in some examples, for less sophisticated devices, the firmware may be all that is used to control operation of a device into which device firmware 100 is inserted. By way of illustration, a remote control may primariiy operate based on firmware that causes specific signals to be transmitted by the remote upon certain presses of buttons on the remote. A device receiving the signals may do more work, possibly involving firmware, hardware, software, and so forth, to accomplish a task based on the signal received from the remote.
[0017] In other examples, base modules 1 10 may operate as an interface between applications and device functions 180. In examples where device Firmware 100 is embedded in a more sophisticated device such as a personal computer or mobile device, many of the applications interfacing with base module 110 may be executing on the device in which device firmware 100 resides. In other examples, base module 110 may interface with applications external to the device in which device firmware 100 is embedded. Other examples of roles performed by base module 110 in controlling device functions 180 may also be possible.
[0018] Device firmware 100 also contains a set of encrypted modules including a first encrypted module 120 and a second encrypted module 130. Though two encrypted modules are illustrated, device firmware 100 may include numerous encrypted modules that perform a variety of functions when activated. The encrypted modules may be embedded into device firmware 100 at the same time as base module 110 with the intent that the encrypted modules be activated independent from base module 110. in various examples described herein, the encrypted modules may be configured such that they do not operate without being decrypted independently. By way of illustration, some devices employ firmware encryption techniques to hinder malicious attacks against the device, in examples described herein, the encrypted modules may operate differently than these firmware encryption techniques because they are decrypted separately than the remainder of the firmware (e.g., base moduie 110). This allows the decrypted modules to, for example, reside inactive in firmware until activated by being decrypted. This may, for example, facilitate device security, allow late delivery of functionality to the device, and so forth.
[0019] Consequently, device firmware 100 may contain a decryption module 140 for the purpose of decrypting the encrypted modules. Decryption moduie 140, upon obtaining a decryption key from a key provider 199, may decrypt an encrypted moduie to which the decryption key corresponds. Upon decryption of this encrypted moduie, the encrypted moduie may activate. Key provider 199 may be, for example, built into a device into which device firmware 100 is embedded. In this example, key provider 199 may be a secure application specific integrated circuit. In other examples, key provider 199 may be external to the device into which device firmware 100 is embedded. When this device is network connected, key provider 199 may be a manufacturer or other type of service provider for the device, Other key providers may include, for example, users, other devices similar to and/or connected to the device in which device firmware 100 is embedded, trusted third parties, and so forth. Whether key provider 199 is internal or external to the device may depend on, for example, security concerns, a likelihood device firmware 100 will have access to a network connection, how critical the encrypted modules will be to device functionality, and so forth. By way of illustration, for certain products, it may be undesirable to mandate that the product be periodically connected to a network. In these examples, the key provider may reside within products. For other devices, where device security is important, it may be possible to remotely provide decryption keys for encrypted modules via a network.
[0020] In some examples, decrypted modules may modify existing device functions 180. In this example first encrypted module 120 is indicated as being affecting an existing device function 180, in various examples,, first encrypted module 120 may modify, upgrade, replace, deactivate, and so forth an existing device function 180 when first encrypted module 120 is decrypted and activated. By way of illustration, a printer may use a variety of print consumables. Some of the print consumables may be containers of print materiaI (e.g., ink. toner, a 3D print material). To hinder consumption of counterfeit print containers by the printer, the printer may authenticate print containers. Thus, encrypted modules may be embedded in the firmware of the printer that use a variety of authentication techniques over time. This may cause the printer to obtain changing credentials from print containers over time, making it more difficult to manufacture counterfeit print containers thai keep up with the changing credentials. Embedding the encrypted modules in the firmware of the printer may allow the printer to automatically adjust authentication techniques over time, without requiring a firmware update to be received over a network connection or installed by a user. That the encrypted modules are not received or installed after product distribution may be additionally valuable because their activation can be made non- optional. While a user could opt not to install a firmware update, firmware modules that are capable of being automatically decrypted upon receiving a decryption key may facilitate managing future behavior of a product to that controls behavior of the device without user interaction. This may include for example, disabling features no longer under contract enhancing security, and so forth.
[0021] In other examples, decrypted modules may add additional functionality 185 to a device into which device firmware 100 is embedded. By way of illustration, a fitness wearable may be designed with a GPS functionality that is not quite ready at the release of the wearable. In this example, the firmware may be ready, but the applications thai use the firmware may be finished after users have begun using the wearable. Consequently, firmware associated with the GPS functionality may be disabled by encrypting the firmware until an appropriate decryption key is received by the wearable. This may allow the GPS functionality to be added without updating the firmware after release of the wearable. Using an encrypted module instead of merely disabling the feature may allow the code to remain undiscoverable, thereby hindering undesired activation by an enterprising user. This may allow the device manufacturer to control when the additional functionality is activated and ensure they have an initial opportunity to provide the functionality to the customer,
[0022] In various examples, decryption keys may be provided by key provider 199 to decryption module 140 on a set schedule. The schedule may be defined prior to release of the device into which device firmware 100 is embedded, in some examples, the set schedule may be based on specific dates, passage of time following activation of the device into which device firmware 100 is embedded, and so forth. In other examples, the set schedule may be based on usage of the device into which device firmware 100 is embedded, consumption of components or supplies by the device, and so forth. Releasing a key based on a usage or consumption based scenario may facilitate, for example, maintaining a device into which device firmware 100 is embedded, rewarding a user of the device, and so forth. In various examples, the criteria and/or schedule for releasing decryption keys may be protected from discovery or alteration using embedded security hardware, encryption and/or signing technologies, and so forth,
[0023] In other examples, the decryption keys may be provided without a set schedule. For example, key provider 199 may provide a decryption key to decryption module 140 to decrypt second encrypted module to modify a device function 180 or activate additional functionality 185 after key provider 199 receives a payment from a user. In a similar example, a user may act as key provider 199 themselves after obtaining a key. Examples where keys are provided without a known schedule may be appropriate to encourage behavior from a user, allow trial functionality of device features, release functionality to a user on a subscription basis, and so forth.
[0024] In addition to features discussed above, firmware encryption may facilitate enhanced organizational control over information reiated to development of devices. During the process of manufacturing devices, many individuate may have access to device firmware including developers, manufacturers, device testers, and so forth. Each additional person with access to device firmware may pose an additional risk of leaking important information to competitors, counterfeiters, and/or other individuals with malicious intent (e.g., hackers). By way of illustration, printer manufacturers often begin seeing counterfeit supplies appear on the market within weeks of a product release, a feat that may only be achievable with aid of leaked information. Encrypting firmware may allow an organization to restrict knowledge regarding device behaviors to a limited number of individuals, thereby reducing a risk of leaking valuable corporate information. To illustrate, device behavior couid be changed on launch day of a product by triggering decryption of an encrypted firmware module, thereby reducing the value certain information obtained prior to the launch day.
[0025] To further achieve the goal of reducing access to firmware and/or device functionality prior to its activation, various components of device firmware 100 and/or the device into which device firmware 100 is embedded may be generated and or installed into the device using secure manufacturing processes. These manufacturing processes may, for example, programmaticaily manipulate firmware moduies so that moduies in separate devices are made up of differing instructtons that cause similar results, In other examples, release schedules, authentication materials, and so forth may be manipulated and or otherwise securely embedded into the device via its components (e.g., a secure ASIC that releases encryption keys), components of device firmware 100, and so forth.
[0026] It is appreciated that, in the following description, numerous specific details are set forth to provide a thorough understanding of the examples. However, if is appreciated that the examples may be practiced without limitation to these specific details. Sn other instances, methods and structures may not be described in detail to avoid unnecessarily obscuring the description of the examples. Also, the examples may be used in combination with each other.
[0027] "Module", as used herein, includes but is not limited to instructions stored on a computer-readable medium or in execution on a machine that perform a function(s) or an action(s), and/or to cause a function or action from another module, method, and/or system. Where multiple logical moduies are described, it may be possible to incorporate the multiple logical modules into one logical module. Similarly, where a single logical module is described, it may be possible to distribute that singie logical module between multiple logical modules. [0028] Figure 2 illustrates an example device 200 associated with firmware encryption. Device 200 includes a device firmware 210, Device firmware 210 includes a base module 220. Base module 220 may control a base function of device 200, The base function of device 200 may be one of numerous functions 250 of device 200. The base function, as well as other functions of device 200 may be performed by hardware, software, firmware, other components, and/or a combination of components of device 200. Activities associated with device functions 250 may depend in part on what functions device 200 is designed to perform. By way of illustration, if device 200 is a printer, device functions may relate to, for example, printing, scanning, copying, cleaning print heads, other maintenance tasks, managing components of the printer, managing supplies and/or containers of supplies consumed by the printer, communicating with external devices {e.g., personal computers), and so forth. A fitness wearable may have firmware associated with, for example, communicating with nearby devices, motion tracking, displaying data to a user, heartrate monitoring, and so forth. Firmware associated with a remote control may simply control what signal is transmitted (e.g., via an infrared medium) when certain buttons are pressed.
[0029] Device firmware 210 also includes a first encrypied module 230. The first encrypted module may be inactive until decrypted. This may, for exampie, hinder undesired analysis of the first encrypted module prior to its activation, prevent early use of a functionality associated with the first encrypted module, and so forth. The first encrypted module may modify a first function of device 200. As with the base function controSied by base module 220, the first function may be one of numerous device functions 250 performed by device 200. Modifying the first function may include, for example, activating the first function, replacing executable instructions associated with the first function, changing a way the first function is performed, changing a component of device 200 performing the first function, deactivating the first function, and so forth. When activating a device function 250, first encrypted module 230 may provide executable instructions to device 200 that cause device 200 to perform the first function, in various examples, decryption of first encrypted module 220 and modifications to the first function, including activation of the first function, may occur during operation of device 200. Thus, a reset or power cycle of device 200 may be unnecessary to decrypt and execute first encrypted module 230,
[0030] in some examples, the base function and the first function may be the same function. Consequently, the first encrypted module may modify the base function. In some examples, once decrypted, first encrypted module 230 may prevent further operation of base module 220, thereby causing first encrypted module 230 to replace base module 220 during operation of device 200.
[0031] Device firmware 210 also includes a decryption module 240. First decryption module 240 may decrypt first encrypted module 230 using a first encryption key. The encryption key may be received from, for example, another component of device 200, an externaI device via a network connection, an external device over a direct connection, a user input to device 200, and so forth. In some examples, the encryption key may be obtained from multiple sources and assembled by decryption module 240.
[0032] Figure 3 illustrates a device 300 associated with firmware encryption. Device 300 includes several items similar to those described above with reference to device 200 (figure 2). For example, device 300 includes a device firmware 310 containing a base module 320, a first encrypted module 330, and a decryption module 340. The base module and the first encrypted module 330 may affect operation of a set of device functions 350,
[0033] Device firmware 310 also includes a second encrypted module 335, Second encrypted module 335 may modify a second function of device 300. In some examples, the second function of device 300 may be one of the numerous device functions 350 performed by device 300, and may be the same function as a base function controlled by base module 320 and/or a first function affected by first encrypted module 330. Second encrypted module 335 may be inactive until decrypted by decryption module 340. Decryption module 340 may use a second encryption key to decrypt second encrypted module 335. [0034] Device 300 also includes an application specific integrated circuit {ASiC) 360. ASIC 360 may securely store encryption keys inciuding a first encryption key used to decrypt first encrypted moduie 330 and the second encryption key, The encryption keys stored in ASIC 360 may be periodicaiiy provided by ASIC 360 to decryption moduIe 340 causing decryption moduie 340 to decrypt corresponding encryption modules of device firmware 310.
[0035] Though two encrypted modules are iIiustrated. device 300 may include numerous encrypted modules. Each encrypted moduie may have a corresponding decryption key that causes decryption module 340 to decrypt and activate respective encrypted moduies. These encrypted modules may be installed in device 300 to reduce scenarios requiring updating firmware of device 300, but still allowing updates to the device firmware. Further, as the updates are encrypted, it may be difficult for a person attempting to maliciously affect device 300 to identify countermeasures built into encrypted moduies before the encrypted moduies are activated.
[0036] Figure 4 illustrates an example method 400 associated with firmware encryption. Method 400 may be embodied on a non-transitory processor-readable medium storing processor-executable instructions. The instructions, when executed by a processor, may cause the processor to perform method 400.
[0037] Method 400 includes receiving a first decryption key at 410. The decryption key may be received in the firmware of a device. The decryption key may be associated with a first encrypted module. The first encrypted module may be embedded in the firmware of the device. The first encrypted moduie may modify a function of the device. Modifying a function of a device may include, for example, activating the function, disabling the function, changing how the function operates, and so forth.
[0038] Method 400 also includes decrypting the first encrypted module at 420. The first encrypted module may be decrypted using the first decryption key. Method 400 also includes controlling execution of the first encrypted moduie at 430. Execution of the first encrypted module may occur after compieting decryption of the first encrypted module. Consequently, method 400 may illustrate how a device may activate an encrypted module embedded within the device. This may allow the device to, for example, securely update itself without an externaI source providing an updated firmware image.
[0039] Figure 5 illustrates a method 500 associated with firmware decryption, Method 600 includes severat actions simitar to those described above with reference to method 400 (figure 4). For example, method 500 includes receiving a first decryption key at 510, decrypting a first encrypted module at 520, and controlling execution of the first encrypted module at 530.
[0040] Method 500 aiso includes receiving a second decryption key at 540. The second decryption key may be associated with a second encrypted module. The second encrypted module may be embedded in the firmware of the device.
[0041] Method 500 also includes decrypting the second encrypted module using the second encryption key at 550. The second encrypted module may be decrypted using the second decryption key. Method 500 aIso includes controlling execution of the second encrypted module at 580, The second encrypted module may be executed upon completing decryption of the second encrypted module.
[0042] Figure 8 illustrates a method 600 associated with firmware encryption. Method 600 includes embedding a series of encrypted modules in the firmware of a device at 610. The series of encrypted modules may be scheduled to be decrypted on a set schedule. The set schedule may be, for example, a temporal schedule, a usage based schedule, a maintenance schedule, and so forth. A temporal schedule may be based on, for example, specific dates and times, passage of time after an initial activation of the device, and so forth, A usage based schedule may be based on, for example, how often the device is used, how much the device consumes a resource (e.g., a printer's consumption of ink), and so forth, A maintenance schedule may be based on, for example, when certain maintenance events have occurred, when certain maintenance events are expected to occur based on, device usage, and so forth. By way of illustration, a device may have certain wear and tear over time, and updating the device firmware to mitigate the wear and tear at specific points in time based on usage of the device may be desirable. [0043] Method 600 also includes embedding a decryption, module in the firmware of the device at 820, The decryption moduie may receive decryption keys associated with encrypted modules. The decryption module may use the decryption keys to decrypt corresponding encrypted modules. The decryption module may aiso control execution of the decrypted modules, in some examples, upon decryption of a member of the series of encrypted modules, a previous member of the series of encrypted modules may be deactivated. In other examples, decrypted modules may remain functional over the remaining life cycle of the device,
[0044] Method 600 also includes controlling delivery of the decryption keys to the decryption module at 830, In some examples, controlling delivery of the decryption keys may be achieved by embedding a secure delivery vector into the device. Consequently, the secure delivery vector may provide the decryption keys to the decryption module in association with the set schedule. In other examples, delivery of the decryption keys may occur by providing the keys to the device over a network, providing the keys to a user who inputs the keys into the device, and so forth.
[0045] In various examples, components embedded into the device during their respective actions may be embedded during manufacturing of the device using a secure process. The secure process may facilitate updating and/or modifying the components between their design and when the components are embedded into the device in a manner that facilitates reducing access to specific release details of the components. By way of illustration, during design, a placeholder release date may be used that is modified prior to manufacturing of the device by an administrator based on a confidential planned release schedule for the feature. In other examples, embedding components into the device using a secure process may facilitate modifying authentication materials, and so forth.
[0046] Figure 7 illustrates an example device in which example systems and methods, and equivalents, may operate. The example device may be a device 700 that includes a processor 710 and a memory 720 connected by a bus 730, Device 700 includes a firmware encryption module 740. Firmware encryption module 740 may perform, alone or in combination, various functions described above with reference to the example devices, methods, and so forth. In different exampies, firmware encryption module 740 may be implemented as a non-transitory computer- readable medium storing processor-executable instructions,
[0047] The instructions may also be presented to device 700 as data 750 and/or process 760 thai are temporarily stored in memory 720 and then executed by processor 710. The processor 710 may be a variety of processors including dual microprocessor and other multi-processor architectures. Memory 720 may include non-volatile memory (e.g., read only memory) and/or volatile memory (e.g., random access memory). Memory 720 may also be, for example, a magnetic disk drive, a solid state disk drive, a floppy disk drive, a tape drive, a flash memory card, an optical disk, and so on. Thus, memory 720 may store process 760 and/or data 750. Device 700 may also be associated with other devices including other computers, devices, peripherals, and so forth in numerous configurations (not shown).
[0048] it is appreciated that the previous description of the disclosed examples is provided to enable any person skilled in the art to make or use the present disclosure. Various modifications to these exampies will be readily apparent to those skiiled in the art, and the generic principles defined herein may be applied to other examples without departing from the spirit or scope of the disclosure. Thus, the present disclosure is not intended to be limited to the exampies shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims

WHAT IS CLAIMED IS;
1. A device firmware, comprising:
a base module to control a base function of the device;
a first encrypted module to modify a first function of the device, where the first encrypted module is inactive until decrypted; and
a decryption module to decrypt the first encrypted module using a first encryption key and to control activation of the first encrypted module.
2. The device firmware of claim 1 , comprising a second encrypted module to modify a second function of the device, where the second encrypted moduie is inactive until decrypted, and where the decryption module decrypts the second encrypted module using a second encryption key.
3. The device firmware of claim 1 , where the base function and the first function are the same function.
4. The device firmware of claim 1 , where the first encryption key is received from one of an application specific integrated circuit built into the device, another component of the device, an external device over a network connection, an external device over a direct connection, and a user input.
5. The device firmware of claim 1 , where the decryption module assembles the encryption key from pieces of the encryption key obtained from multiple sources,
6. The device firmware of claim 1 , where the first encrypted module replaces the base module during operation of the device.
7. The device firmware of claim 1 , where the first encrypted module affects how the device interacts with a consumable supply container.
8. The device firmware of claim 1, where modifying the first function of the device inciudes activating the first function of the device, and where activating the first function of the device includes providing executable instructions to the device that cause the device to perform the first function.
9. The device firmware of claim 8, where the first function of the device is activated during operation of the device.
10. A method, comprising:
receiving, in the firmware of a device, a first decryption key associated with a first encrypted module embedded in the firmware of the device;
decrypting the first encrypted module using the first decryption key; and controlling execution of the first encrypted module upon completing decryption of the first encrypted moduie.
11. The method of claim 10, comprising;
receiving a second decryption key associated with a second encrypted module embedded in the firmware of the device;
decrypting the second encrypted moduie using the second decryption key; and
controlling execution of the second encrypted moduie upon completing decryption of the second encrypted module.
12. A method, comprising:
embedding, in the firmware of a device, a series of encrypted modules to be decrypted on a set schedule;
embedding, in the firmware of the device, a decryption moduie to receive decryption keys associated with the encrypted modules, to decrypt encrypted moduies using respective decryption keys, and to control execution of the encrypted modules; and controlling deiivery of the decryption keys to the decryption moduie.
13. The method of claim 11 , where, upon decryption of a member of the series of encrypted modules, a previous member of the series of encrypted modules is deactivated .
14. The method of claim 11 , where controlling delivery of the encryption keys to the decryption moduie includes embedding a secure delivery vector into the device, where the secure deiivery vector provides the decryption keys to the decryption module in association with the set schedule.
15. The method of claim 14, where at least one of a member of the series of encrypted modules, the decryption module, and the secure delivery vector are embedded during manufacturing of the device using a secure process.
PCT/US2016/034631 2016-05-27 2016-05-27 Firmware module encryption Ceased WO2017204822A1 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
CN201680085761.9A CN109196506B (en) 2016-05-27 2016-05-27 Firmware module encryption method and computer readable medium
EP16903344.6A EP3465521A4 (en) 2016-05-27 2016-05-27 FIRMWARE MODULE ENCRYPTION
US16/073,022 US11126724B2 (en) 2016-05-27 2016-05-27 Firmware module encryption
PCT/US2016/034631 WO2017204822A1 (en) 2016-05-27 2016-05-27 Firmware module encryption

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/US2016/034631 WO2017204822A1 (en) 2016-05-27 2016-05-27 Firmware module encryption

Publications (1)

Publication Number Publication Date
WO2017204822A1 true WO2017204822A1 (en) 2017-11-30

Family

ID=60412467

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2016/034631 Ceased WO2017204822A1 (en) 2016-05-27 2016-05-27 Firmware module encryption

Country Status (4)

Country Link
US (1) US11126724B2 (en)
EP (1) EP3465521A4 (en)
CN (1) CN109196506B (en)
WO (1) WO2017204822A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR3054763B1 (en) * 2016-07-29 2019-08-30 Dover Europe Sarl SYSTEM FOR ADVANCED PROTECTION OF CONSUMABLE OR DETACHABLE ELEMENTS OF INDUSTRIAL PRINTER
TWI898708B (en) * 2024-07-04 2025-09-21 華碩電腦股份有限公司 Firmware protecting method and firmware protecting device

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040034785A1 (en) * 2002-08-15 2004-02-19 Horng-Ming Tai Hardware and firmware encryption mechanism using unique chip die identification
US20070088613A1 (en) * 2005-10-14 2007-04-19 Lexmark International, Inc. Method for managing a plurality of imaging supply items for an organization
EP1892641A2 (en) * 2006-08-22 2008-02-27 STMicroelectronics, Inc Method to prevent cloning of electronic components using public key infrastructure secure hardware device
US20100174913A1 (en) * 2009-01-03 2010-07-08 Johnson Simon B Multi-factor authentication system for encryption key storage and method of operation therefor
US20140164725A1 (en) 2012-12-06 2014-06-12 Samsung Electronics Co., Ltd. System on chip to perform a secure boot, an image forming apparatus using the same, and method thereof
US20140169803A1 (en) * 2012-12-13 2014-06-19 Ike Seung Ho LEE Printer apparatus and security method used for the same

Family Cites Families (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7975147B1 (en) * 2003-03-31 2011-07-05 Hewlett-Packard Development Company, L.P. Electronic device network supporting enciphering and deciphering and update generation in electronic devices
KR100604828B1 (en) * 2004-01-09 2006-07-28 삼성전자주식회사 Firmware encryption method and decryption method and processing apparatus thereof
DE102005016381A1 (en) * 2005-03-01 2006-09-14 Wincor Nixdorf International Gmbh Method for secure function release of modules
US20060198515A1 (en) * 2005-03-03 2006-09-07 Seagate Technology Llc Secure disc drive electronics implementation
US8200985B2 (en) * 2007-09-20 2012-06-12 Broadcom Corporation Method and system for protecting data
JP2010086370A (en) * 2008-10-01 2010-04-15 Canon Inc Image forming apparatus, delivery server, and firmware updating method
US20110173457A1 (en) 2009-08-14 2011-07-14 Jeffrey Reh Enhanced security for over the air (ota) firmware changes
US8887144B1 (en) 2009-09-04 2014-11-11 Amazon Technologies, Inc. Firmware updates during limited time period
WO2011123561A1 (en) 2010-03-30 2011-10-06 Maxlinear, Inc. Control word obfuscation in secure tv receiver
JP5754204B2 (en) * 2011-03-29 2015-07-29 富士ゼロックス株式会社 Image forming system
US9665726B2 (en) * 2011-07-27 2017-05-30 Hewlett-Packard Development Company, L.P. Printing of encrypted print content
US9792439B2 (en) 2012-09-19 2017-10-17 Nxp B.V. Method and system for securely updating firmware in a computing device
KR20140073384A (en) * 2012-12-06 2014-06-16 삼성전자주식회사 system on chip for performing secure boot, image forming apparatus comprising it, and methods thereof
US9471511B2 (en) * 2013-11-24 2016-10-18 Truly Protect Oy System and methods for CPU copy protection of a computing device
KR20150074414A (en) * 2013-12-24 2015-07-02 현대자동차주식회사 Firmware upgrade method and system thereof

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040034785A1 (en) * 2002-08-15 2004-02-19 Horng-Ming Tai Hardware and firmware encryption mechanism using unique chip die identification
US20070088613A1 (en) * 2005-10-14 2007-04-19 Lexmark International, Inc. Method for managing a plurality of imaging supply items for an organization
EP1892641A2 (en) * 2006-08-22 2008-02-27 STMicroelectronics, Inc Method to prevent cloning of electronic components using public key infrastructure secure hardware device
US20100174913A1 (en) * 2009-01-03 2010-07-08 Johnson Simon B Multi-factor authentication system for encryption key storage and method of operation therefor
US20140164725A1 (en) 2012-12-06 2014-06-12 Samsung Electronics Co., Ltd. System on chip to perform a secure boot, an image forming apparatus using the same, and method thereof
US20140169803A1 (en) * 2012-12-13 2014-06-19 Ike Seung Ho LEE Printer apparatus and security method used for the same

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP3465521A4

Also Published As

Publication number Publication date
CN109196506B (en) 2022-06-03
US11126724B2 (en) 2021-09-21
CN109196506A (en) 2019-01-11
EP3465521A4 (en) 2020-01-22
EP3465521A1 (en) 2019-04-10
US20190042751A1 (en) 2019-02-07

Similar Documents

Publication Publication Date Title
AU2020315905B2 (en) Systems and methods for ransomware detection and mitigation
US10878098B2 (en) System on chip to perform a secure boot, an image forming apparatus using the same, and method thereof
US8561151B2 (en) Mobile software entitlements manager
EP2907068B1 (en) System on chip to perform a secure boot
CN106462438B (en) Attestation of the host containing the trusted execution environment
US9224011B2 (en) Embedded system, information processing unit, and image forming apparatus
JP6256228B2 (en) Image forming system
CN109416720A (en) Maintain OS Secrets Across Resets
KR20150033895A (en) crum chip mauntable in comsumable unit, image forming apparatus for authentificating the crum chip, and method thereof
EP3163494B1 (en) Cryptographic program diversification
CN103777912A (en) Imaging equipment as well as safe imaging method and imaging system thereof
US11126724B2 (en) Firmware module encryption
JP7003729B2 (en) Server equipment and programs
WO2019035825A1 (en) Storage monitoring
US10530966B2 (en) Printer firmware encryption
WO2018134945A1 (en) Information control program, information control system, and information control method
EP3449415A1 (en) Printer encryption
JP2015176501A (en) Information processing program, information processing apparatus, and image processing system
WO2017204824A1 (en) Printer authentication
CN116366241B (en) Decentralised Ethernet timing transaction privacy protection execution method
US9021545B2 (en) Method and system to secure a computing device
JP7379531B2 (en) Industrial equipment management system
CN118433708A (en) Key determination method, device, equipment and storage medium
JP2016139194A (en) Management server, image formation system mounted with the same and driver software
Plug-In FIPS 140-2 Non-Proprietary Security Policy

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16903344

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 2016903344

Country of ref document: EP

Effective date: 20190102