system-on-a-chip, image-forming device, and method of initializing an image-forming device

专利摘要:
SYSTEM-IN-A-CHIP, IMAGE FORMATING APPLIANCE, AND INITIALIZATION METHOD OF AN IMAGE FORMATING APPLIANCE. A system-on-a-chip is provided. The system-on-a-chip includes a first memory for storing a plurality of encryption keys, a second memory, a third memory for storing an encryption key setting value, and a CPU for decoding encrypted data, which is stored in an external non-volatile memory using an encryption key corresponding to the encryption key setting value, from the plurality of encryption keys, to store the decoded data in the second memory, and to perform an initialization using data stored in the second memory. Therefore, the security of a boot operation can be improved.
公开号:BR102013031549B1
申请号:R102013031549-4
申请日:2013-12-06
公开日:2021-01-26
发明作者:Tae-hong JANG；Jong-seung LEE；Jin-Hwi Jun
申请人:Hewlett-Packard Development Company, L.P.；
IPC主号:

专利说明:

[0001] Methods and apparatus of the exemplary embodiments of the present general inventive concept concern a system-on-a-chip, an image forming apparatus using the same, and its method and, more particularly, a system-on-chip. a chip that performs secure initialization using encrypted data, an image-forming device using the same, and its method. 2. Description of Related Art
[0002] With the development of electronic technologies, various types of electronic products have been developed. In particular, when computers came into use, computer peripherals are being used more and more. Computer peripherals refer to a device, which improves the use of a computer. Printers, scanners, copiers and multifunctional peripherals are representative examples of these computer peripherals.
[0003] An image-forming device refers to a device that performs an image-forming task, that is, it forms an image on paper or other media. In order to perform the image-forming task, a developer, such as ink or toner, can be used. The image forming apparatus, which uses a laser method using toner, can include a charge unit, a developing unit, a transfer unit, a laser scanning unit, and a fusing unit. These units, which are consumed when the task is performed, including the units above, can be referred to as consumption units. If the unit of consumption is used for a predetermined time, its characteristic can be changed and, therefore, there will not be a good print quality. In particular, a toner cartridge, which contains toner, must be replaced with a new one when the toner has run out. Therefore, product manufacturers sell consumer units separately from complete products, in the event of such a situation.
[0004] In recent years, the consumer unit may have a built-in memory to determine exactly when the consumer unit should be replaced. A variety of information about the use of the consumer unit can be stored in memory. However, there is a problem that it is easy for an unauthorized person to access the memory built into the consumer unit. In this way, information stored in memory can be changed and, thus, it may be difficult to use and manage the consumption unit. Consequently, there has been an attempt to strengthen the memory unit's memory security.
[0005] However, the unauthorized person can invade the device, communicating with the consumer unit, instead of the memory. In particular, an expedient to violate the security technology applied to the consumer unit, by altering a process for initializing a main memory incorporated in a body of the device, can be developed. Summary of the Invention
[0006] Therefore, there is a demand for a method to improve the security of a boot process. One or more exemplary embodiments can overcome the above mentioned disadvantages and other disadvantages not described above. However, it is understood that one or more exemplary embodiments are not required to overcome the disadvantages described above, and may not solve any of the problems described above.
[0007] One or more exemplary embodiments of the present general inventive concept provide a system-on-a-chip, which performs secure initialization using a non-volatile memory, in which encrypted data is stored, an apparatus and an image forming method with the same .
[0008] Additional features and utilities of the present general inventive concept will be presented, in part, in the description that follows and, in part, will be evident from the description, or can be learned through the practice of the general inventive concept.
[0009] In accordance with an exemplary embodiment of the present general inventive concept, a system-on-a-chip is provided including a first memory for storing a plurality of encryption keys, a second memory, a third memory for storing a value of adjustment of the encryption key, and a Central Processing Unit (CPU) to decode encrypted data, which is stored in an external non-volatile memory using an encryption key corresponding to the adjustment value of the encryption key among the plurality of encryption keys, to store the decoded data in the second memory, and perform an initialization using the data stored in the second memory.
[0010] Initialization data can be stored in the first memory separately from the plurality of encryption keys, and the CPU can perform initialization using the initialization data and can decode the encrypted data.
[0011] The system-on-a-chip may also include a first circuit to restrict access to the CPU through an external port for a predetermined time.
[0012] When the power is turned on, the first circuit can generate a deactivation signal to deactivate access to the GPU, and when at least the decoding and authentication of the decoded data is complete, the first circuit can emit an enabling signal to allow access to the CPU.
[0013] The first circuit can include a first record, and when the decryption and authentication of the decoded data is complete, the CPU can change a storage value for the first record.
[0014] The system-on-a-chip can include a second circuit and a third circuit to control access to the first memory.
[0015] The second circuit can include a second register, and the third circuit can include a third register. When decoding and authentication of the decoded data is complete, the CPU can store a control value to disable access to the first memory in the second register, and it can store a control value to change access to the first memory, to access the second memory in the third record.
[0016] The CPU can run an infinite circuit when decoding fails.
[0017] When the power supply is turned on, the CPU can identify a memory, which is designated by a configuration value stored in the third memory or on an external pin, and when the first memory is assigned, the CPU can perform secure initialization using the encoded data , and when the second memory is assigned, the CPU can perform normal initialization using unencrypted data that is stored in non-volatile memory.
[0018] The first memory 18 can be a Mask Read Only Memory (ROM) or a one-time programmable ROM (OTP), and the second memory can be a static random access memory (SRAM). The third memory can be an electrically programmable fuse memory (EFUSE).
[0019] The system-on-a-chip may include a memory controller communicatively coupled to the CPU, including at least one switch to select a link state with the external memory, where the memory controller selectively transmits a recording signal received from the CPU to external memory, according to a result of a comparison between a first key value and a second key value.
[0020] The system-on-a-chip may include, when the memory controller controls at least one switch to select the link state, in order to output the recording signal to the external memory, when the first key value and the second key values are the same.
[0021] The system-on-a-chip may include, when the memory controller controls at least one switch, in order to disable the connection to the external memory, in order to prevent the recording signal from being transmitted to the external memory.
[0022] The system-on-a-chip may include, when the memory controller controls a read operation from the external memory, even when the memory controller is preventing the write signal from being transmitted to the external memory.
[0023] The system-on-a-chip may include, when at least one switch includes a first switch and a second switch, with the memory controller to control the first switch, in order to control an external memory read operation, and the second switch to control a connection with the second switch, in order to control the transmission of the recording signal to the external memory.
[0024] The system-on-a-chip may include that when a first key value and a second pre-stored key value are different from one another, a memory controller blocks a write operation to the external non-volatile memory.
[0025] Examples of embodiments of the present general inventive concept may also provide an image forming apparatus, which includes a consumer unit, on which a Customer Replaceable Unit Monitoring (CRUM) chip is mounted, and a controller to perform a task of image formation using the consumption unit and to update data recorded on the CRUM chip, according to the image-forming task. The controller may include a non-volatile memory for recording encrypted data, and a system-on-a-chip for safe initialization using the encrypted data, when the image forming device is turned on, and for controlling the image forming device, according to a user command, when secure boot is complete.
[0026] The system-on-a-chip may include a first memory for storing a plurality of encryption keys, a second memory, a third memory for storing an encryption key setting value, and a CPU for decoding data stored in non-memory. volatile, using an encryption key corresponding to the setting value of the encryption key among the plurality of encryption keys, to store the decoded data in the second memory, and to perform initialization using the data stored in the second memory.
[0027] Initialization data can be stored in the first memory separately from the plurality of encryption keys, and the CPU can perform initialization using the initialization data and can then decode the encrypted data.
[0028] When a boot event has occurred, the system-on-a-chip can restrict access to the CPU through an external port for a predetermined time.
[0029] The system-on-a-chip can also include a first circuit which, when the image-forming device is turned on, emits a deactivation signal to deactivate access to the CPU and, when at least the decryption and authentication of the decoded data is completed , emits an enabling signal to enable access to the CPU.
[0030] The first circuit can include a first record, and when at least the decryption and authentication of the decoded data is complete, the CPU can change a storage value for the first record.
[0031] When at least the decryption and authentication of the decoded data is complete, the CPU can perform a registry setting task to disable access to the first memory and change access to the first memory to access the second memory.
[0032] When the image forming device is turned on, the CPU can identify a memory, which is designated by a configuration value stored in the third memory or on an external pin, and when the first memory is designated, the CPU can perform secure initialization using data encoded and, when the second memory is assigned, the CPU can perform normal initialization using unencrypted data, which is stored in external non-volatile memory.
[0033] The first memory can be a mask ROM or an OTP ROM, and the second memory can be an SRAM. The third memory can be an EFUSE memory.
[0034] Examples of embodiments of the present general inventive concept also provide a method of initializing an image forming apparatus including non-volatile memory and a system-on-a-chip, the method including initialization, using initialization data, which is stored in a first system-on-a-chip memory, when initialization is performed, decoding of encrypted data, which is stored in non-volatile memory using one of a plurality of encryption keys, which are stored in the first memory, data storage decoded in a second system-on-a-chip memory and initialized using data, which is stored in the second memory.
[0035] The method may also include, when the image-forming apparatus is turned on, the identification of a memory which is designated according to an input value inserted by means of a third system-on-a-chip memory or an external pin and , when the designated memory is the first memory, disabling access to a system-on-a-chip CPU.
[0036] The method may also include, when at least the decryption and authentication of the decoded data is completed, permission to access the CPU.
[0037] The process can include, at least when the decryption and authentication of the decoded data is complete, disable access to the first memory, and perform registry adjustment to change access to the first memory to access the second memory.
[0038] Examples of embodiments of the present general inventive concept can also provide an electronic device that has a memory device and a system-on-a-chip including a central processing unit (CPU), and a memory controller communicatively coupled to the CPU and to the memory device, the memory controller for selectively outputting a recording signal received from the CPU to the memory device, according to a result of a comparison between a first key value and a second key value.
[0039] The electronic device may include, when the memory controller controls at least one switch to select a link state, in order to output the recording signal to the memory device, when the first key value and the second key value are the same.
[0040] The electronic device may include, when the memory controller controls at least one switch, in order to disable the connection to the memory device, in order to prevent the recording signal from being output to the memory device.
[0041] The electronic device may include, when the memory controller controls a read operation from the memory device, even when the memory controller is preventing the recording signal from being output to the memory device.
[0042] Examples of embodiments of the present general inventive concept may also provide a host device, including a storage device for storing a plurality of ciphertext corresponding to each of a plurality of versions, a communication unit for receiving a ciphertext stored in an image-forming device, when a predetermined event occurs, a controller to control the image-forming device, to be in a waiting state for printing, when the ciphertext corresponding to the firmware version of the image-forming device is the same as the received ciphertext, and when the ciphertext and the firmware version are different from each other, the controller blocks the use of the image-forming device.
[0043] According to the exemplary embodiments described above, the security of a boot process can be improved and, thus, the damage caused by malicious invasion by an unauthorized person can be minimized and / or prevented. Brief Description of Drawings
[0044] These and / or other characteristics and uses of the present general inventive concept will be evident and more easily perceived, from the following description of the embodiments, made in conjunction with the attached drawings, where: FIG. 1 is a block diagram illustrating a system-on-a-chip, according to an exemplary embodiment of the present general inventive concept; FIG. 2 is a flow chart illustrating a safe boot method, according to an exemplary embodiment of the present general inventive concept; FIG. 3 is a block diagram illustrating a system-on-a-chip, according to an exemplary embodiment of the present general inventive concept; FIG. 4 is a block diagram illustrating a main board, on which a system-on-a-chip is assembled, according to an exemplary embodiment of the present general inventive concept; FIG. 5 is a flow chart illustrating a method of safe initialization, according to an exemplary embodiment of the present general inventive concept; FIG. 6 is a flow chart to illustrate a method of safe initialization, according to an exemplary embodiment of the present general inventive concept; FIG. 7 is a circuit diagram illustrating an example of the system-on-a-chip of FIG. 4 in detail; FIG. 8 is a view illustrating an example of a secure firmware arrangement; FIG. 9 is a view illustrating an example of a memory map for performing secure boot; FIG. 10 is a block diagram illustrating an example of an image forming apparatus, on which a system-on-a-chip is assembled; FIG. 11 is a block diagram illustrating an example of a CRUM chip, which can be assembled in a consumer unit; FIG. 12 is a flow chart illustrating a method of using a system-on-a-chip memory, in accordance with an exemplary embodiment of the present general inventive concept; FIG. 13 is a block diagram illustrating an example of a system-on-a-chip, according to the exemplary embodiment of the present general inventive concept of FIG. 12; FIG. 14 and FIG. 15 are block diagrams illustrating an example of a system-on-a-chip, according to an exemplary embodiment of the present general inventive concept; Fig. 16 is a view illustrating an example of a code generating unit, which is useful in exemplary embodiments of the present general inventive concept illustrated in FIGS. 14 and 15; FIG. 17 is a view illustrating an exemplary embodiment of a code generating unit of FIG. 16; FIG. 18 and FIG. 19 are seen illustrating exemplary embodiments of the present general inventive concept, of a software code, which is generated in the code generating unit of FIG. 19; FIGS. 20-22 are exemplary embodiments of the present general inventive concept, of various non-volatile memories, which are usable with a system-on-a-chip; FIG. 23 is a view illustrating a method of processing a recording pin for a volatile memory to be deactivated, according to an exemplary embodiment of the present general inventive concept; FIG. 24 is a flow chart illustrating a method of controlling a memory, in accordance with an exemplary embodiment of the present general inventive concept; FIG. 25 is a view illustrating an exemplary embodiment of a memory controller for carrying out a method of controlling a memory of the exemplary embodiment of the present general inventive concept, illustrated in FIG. 24; FIG. 26 is a timing diagram illustrating a method of controlling printing, according to an exemplary embodiment of the present general inventive concept; FIG. 27 is a view illustrating an exemplary embodiment of a host device for performing the method of controlling printing, according to an exemplary embodiment of the present general inventive concept illustrated in FIG. 26; FIG. 28 and FIG. 29 are views that illustrate an exemplary embodiment of several cipher texts; FIG. 30 is a view illustrating an exemplary embodiment of a violated ciphertext; and FIG. 31 is a flow chart illustrating a method of controlling an image-forming apparatus, in accordance with an exemplary embodiment of the present general inventive concept. Detailed Description of Preferred Forms of Realization
[0045] In the following, exemplary embodiments will be described in greater detail with reference to the accompanying drawings.
[0046] Reference will now be made in detail to the embodiments of the present general inventive concept, examples of which are illustrated in the accompanying drawings, where similar reference numbers refer to similar elements throughout. The embodiments are described below, in order to explain the present general inventive concept, referring to the figures.
[0047] In the following description, the same reference numbers are used for the same elements, when they are represented in different drawings. The materials defined in the description, such as the detailed construction and elements, are provided to assist in a comprehensive understanding of exemplary embodiments. Thus, it is evident that exemplary embodiments can be realized without these elements specifically defined. Furthermore, functions or elements known in the related art are not described in detail, as they would obscure exemplary embodiments in unnecessary detail.
[0048] It is common for an electronic device to perform a startup process to function normally when it is turned on. The electronic device performs initialization, and loads and executes a program through the initialization process. The initialization process, which determines the initial state of the electronic device, can affect an operating parameter (for example, an important operating parameter) of the electronic device and, therefore, can practically affect the electronic device when it is used. Therefore, if the startup process is accessible, so that anyone can change it, there is a risk that a program that is not intended by a user can be loaded. That is, a hacker may be able to change a startup process in order to load a program he wants, but that a user does not request to be loaded. Therefore, there is a demand for a safe boot method, so that a boot process cannot be changed arbitrarily, that is, a safe boot method. To achieve secure initialization, the initialization data can be stored in a non-volatile memory of the electronic device in an encrypted state. A system-on-a-chip 100 controls the operation of the electronic device, accesses non-volatile memory, decodes the encrypted data, and performs a secure initialization process. In the following, a system-on-a-chip and its secure boot method, according to various exemplary embodiments of the present general inventive concept, will be explained.
[0049] FIG. 1 is a block diagram illustrating a system-on-a-chip, according to an exemplary embodiment of the present general inventive concept. Referring to FIG. 1, a system-on-a-chip 100 performs a secure initialization using a non-volatile memory 200, in which the encrypted data is stored. The system-on-a-chip 100 and the non-volatile memory 200 of FIG. 1 can be incorporated in an electronic device (for example, in a single electronic device). For example, the system-on-a-chip 100 can be incorporated into an image forming apparatus, such as an image forming apparatus 1000 illustrated and described in connection with FIG. 10. The system-on-a-chip 100 can be incorporated into any suitable electronic device. The system-on-a-chip can be an integrated circuit, a programmable logic device, an array of programmable field gates, and / or any device suitable for safe initialization, in accordance with the exemplary embodiments of the present general inventive concept, revealed here.
[0050] The system-on-a-chip 100 performs an initialization process using the encoded data, which is stored in non-volatile memory 200. Specifically, various data, such as a boot block-initiated symbol (BSS), a kernel, a boot program, an operating system (OS), the other OS (wireless stack), an engine, emulation, a fixed segment, a stack, an authentication key, an encrypted operating system, and a device driver encoded and stored in non-volatile memory 200.
[0051] The data can be encoded by several methods. For example, a standard data encoding method (DES), a triple DES method (TDES), an advanced standard encoding method (AES), a SEED algorithm, a Rivest Shamir Adleman (RSA) method, and a gym algorithm , research institute - agency (ARIA) can be used.
[0052] The DES method refers to a method, which encodes and decodes data using a symmetric key encoding algorithm using a 56-bit key. The TDES method refers to a method that repeats DES three times. The AES method refers to a method that encodes and decodes a block with a size of 128 bits using a key of any multiple of 32 bits, such as 128, 160, 192, 224 or 256 bits. The SEED method, which is similar to the AES method, refers to a 128-bit block encryption method, which encrypts and decrypts data using a 128-bit or 256-bit encryption key. The RSA method is a kind of public key encryption system that uses a unidirectional function, and the ARIA algorithm is a block encryption method that encrypts and decrypts a 128-bit block using a 128, 192 or 256 bit key.
[0053] Various data, which are encoded in the various encoding methods described above, can be stored in non-volatile memory 200. The stored data, or the encoding method, can be selectively applied, according to a characteristic of a product, in which the system-on-a-chip 100 and the non-volatile memory 200 of FIG. 1 are mounted, or other environmental conditions.
[0054] Referring to FIG. 1, the system-on-a-chip 100 includes a first memory 110, a second memory 120, and a central processing unit (CPU) 130. CPU 130 can be a processor and / or any suitable device for making shapes exemplary embodiments of this general inventive concept. An encryption key can be stored in the first memory 110. The first memory 110 can be implemented using either a read-only mask (ROM) memory or a one-time programmable memory (OTP).
[0055] The mask ROM is a memory that stores data in advance at the time of manufacture and does not allow the user to modify the data. OTP memory can be used in system programming, but it is a type of programmable ROM that does not allow data to be modified after being programmed.
[0056] The encryption key is a key for decoding the data, which is stored in non-volatile memory 200, in particular, an initialization code. The non-volatile memory 200 can store data encrypted by one of the methods described above, and an encryption key corresponding to the encrypted data can be stored in the first memory 110.
[0057] The first memory 110 can store information on a boot loader. The boot loader refers to a program that runs in advance before an OS is started, terminates all operations necessary to start a kernel, and finally starts the OS. That is, the operating system is divided into a kernel, in which real commands are triggered, a structure that transmits commands included in a program to the kernel, and a user interface (UI) that is activated to the kernel and the structure. The boot loader refers to a program that prepares hardware before starting the kernel. Specifically, private information from the boot loader can be stored in the first memory 110. Private information from the boot loader can include the information needed to boot the system.
[0058] The second memory 120 is an internal memory that is used to perform an initialization operation. Second memory 120 may be an SRAM, which does not require initialization. However, this should not be considered as limiting, and the second memory 120 may be any memory suitable for carrying out the exemplary embodiments of the present general inventive concept, as disclosed herein.
[0059] CPU 130 decodes encrypted data that is stored in non-volatile memory 200 located outside the system-on-a-chip 100, using an encryption key stored in the first memory 110, and stores the decoded data in the second memory 120. CPU 130 it can perform initialization using the data stored in the second memory 120. The decryption method can correspond to the data encryption method.
[0060] For example, if the AES method is applied, the data is encrypted by repeating an AddRoundKey process that performs the XOR operation with respect to the data to be encrypted and an encrypted key initially inserted, a SubBytes process that replaces an XOR operation result, according to a specific rule, a ShiftRows process that changes a data line, and a MixColumn process that mixes the data line 10 times. Non-volatile memory 200 can store data, which is encoded in the method described above. CPU 130 can decode the encoded data by inverse repetition of the processes corresponding to the encoding processes described above. The decoded data is stored in the second memory 120 and the CPU 130 performs a subsequent initialization process using the stored data.
[0061] If the RSA method is applied, the data is encrypted and decoded using a public key {N, E} and a private key {N, d}. Specifically, two large prime numbers 'p' and 'q' (that is, prime numbers greater than a predetermined value) are selected and Modules N = p * q and PI (N) are calculated. In addition, E is selected arbitrarily, so that E is relatively close to PI (N) = (p-a) (q-1). D, which has an E * D mod PI (N) -1 ratio, is calculated using an extended Euclid's algorithm. As a result, RSA encryption can be performed using the public key {n, e} and the private key {N, d}. RSA coding can be performed using the equation of E (M) = M⌃E mod N = C. M denotes data to be encoded. Non-volatile memory 200 can store an initialization code, which is encoded according to that equation. In this case, CPU 130 can perform RSA decoding using the equation D (C) = C⌃D mod N = ((M⌃E) ⌃D) mod N = M. The decoded data is stored in the second memory 120 and the CPU 130 performs a subsequent initialization process using the stored data.
[0062] According to the method described above, the system-on-a-chip 100 loads the data stored in the external memory 200 inside it, in the encrypted state, decodes the data and performs an initialization operation. Thus, even if an unauthorized person breaches the data exchanged between external memory 200 and system-on-a-chip 100, the boot process cannot be changed and boot security can be improved.
[0063] FIG. 2 is a flow chart illustrating a safe initialization method in detail, in accordance with an exemplary embodiment of the present general inventive concept. Referring to FIG. 2, if the electronic device, on which the system-on-a-chip (for example, on the system-on-a-chip 100) is mounted, is switched on in operation S210, the system-on-a-chip accesses first memory 110 and reads the data stored in the first memory 110, in operation S220. Specifically, CPU 130 proceeds to a reset vector, to which a specific address is assigned, and obtains an instruction. In the present exemplary embodiment, the address of the reset vector can be designated as the first memory 110.
[0064] If the first memory 110 is assigned, CPU 130 performs a secure boot using the data stored in the first memory 110. The first memory 110 can store various data, such as a code to boot the system (for example, system-in-one- chip 100) and an encoding code or key for decoding an encoded external program code.
[0065] CPU 130 detects the code to boot the system from the first memory 110 and performs a boot task with respect to the hardware of the electronic device in operation S230. The initialization task can include advancing a clock used in the 110-on-a-chip system, using an internal phase lock (PLL) circuit, or initializing a dual data rate controller (DDR) to use a DDR memory . The initialization task can also include several initialization operations, such as initial activation of various applications, initialization of a configuration to form a communication channel with internal or external devices of the electronic device, initialize a memory value, define an internal registry value , input / output (I / O) definition, serial definition, obtaining a MAC address, and configuring the Ethernet port. The initialization task may include the preparation of other hardware mounted on the electronic device together with the system-on-a-chip 100. Such initialization operations can be implemented in several ways, according to a type of electronic device, in which the system-on-a-chip 100 is mounted. The code stored in the first memory 110 can be used for other operations. For example, data CPU 130 reads a boot option pin definition value (SPI / NAND / SD), and conducts (that is, writes) data to the second memory 120, according to the corresponding boot option. .
[0066] CPU 130 decodes the encrypted data that is loaded into the system-on-a-chip 100, in operation S240. CPU 130 can decode the data using an encryption key stored in the first memory 110. CPU 130 stores the decoded data in the second memory 120 or in DDR memory, in operation S250. CPU 130 performs initialization using data decoded in operation S260.
[0067] That is, CPU 130 can perform initialization using data, such as a symbol initiated by decoded initialization block (BSS), a kernel code, a startup program, an operating system, the other OS (wireless stack), an engine , emulation, a fixed segment, and a stack. Initialization refers to operations for loading a kernel, executing a structure, executing a user interface, and starting an operating system.
[0068] According to the exemplary embodiment described above, a secure initialization can be performed using the first memory 110 and the second memory 120 of the system-on-a-chip 100, which are not encrypted, where the encrypted data is stored in memory external non-volatile 200.
[0069] FIG. 3 is a block diagram illustrating a system-on-a-chip, according to an exemplary embodiment of the present general inventive concept. Referring to FIG. 3, the system-on-a-chip 100 may include a third memory 140, in addition to the first memory 110, the second memory 120, and the CPU 130.
[0070] According to an exemplary embodiment of the present general inventive concept, a plurality of encryption keys can be stored in the first memory 110. An adjustment value for selecting one of a plurality of encryption keys can be stored in the third memory 140. Such an adjustment value is referred to as an encryption key adjustment value. The third memory 140 can be an electrically programmable fuse memory (EFUSE), which is a kind of OPT memory. However, this should not be considered as limiting, and the third memory 140 may be any suitable memory, in order to realize the exemplary embodiments of the present general inventive concept, as disclosed herein.
[0071] CPU 130 determines which of the plurality of encryption keys stored in the first memory 110 will be chosen, according to the setting value (i.e., an encryption key definition value) stored in the third memory 140. If a key in use is exposed, the manufacturer of the system-on-a-chip 100 or electronic device, on which the system-on-a-chip 100 is mounted, changes the key, changing the setting value of the encryption key of the third memory 140.
[0072] According to the present exemplary embodiment, even if an encryption key is exposed, there is no need to replace the entire system-on-a-chip and CPU 130 can deal with this problem by changing the setting value programmed in the third memory 140.
[0073] The other operations of the second memory 120 and the CPU 130 are the same, as described in the first exemplary embodiment above and, therefore, a redundant explanation is omitted.
[0074] FIG. 4 is a block diagram illustrating a mainboard 300, on which the system-on-a-chip 100 and the non-volatile memory 200 are mounted. The main board 300 can be arranged, for example, in an electronic device. Referring to FIG. 4, the system-on-a-chip 100 and the non-volatile memory 200 can be mounted on a single motherboard 300. In addition to the system-on-a-chip 100 and the non-volatile memory 200, several parts (for example, the hardware components of the electronic device, such as, for example, a communications interface, a user interface, an image processor, an image sensor, an audio processor, etc.) can be mounted on the main board 300, but are not illustrated, for the sake of convenience of explanation.
[0075] System-on-a-chip 100 includes the first memory 110, the second memory 120, the CPU 130, the third memory 140, and a bus 150. Referring to FIG. 4, CPU 130 can be connected to various elements, including the first to third memories 110, 120 and 140 via bus 150. Bus 150 can include various types of buses, such as an address bus, a data bus, and a control bus.
[0076] The system-on-a-chip 100 illustrated in FIGS. 3 and 4 can properly select an encoding method using the third memory 140 (eg DES, TDES, SEED, RSA, ARIA etc.).
[0077] FIG. 5 is a flow chart illustrating a method of securely booting the system-on-a-chip illustrated in FIGS. 3 or 4. Referring to FIG. 5, if the electronic device, on which the system-on-a-chip 100 is mounted, is turned on in operation S510, CPU 130 of the system-on-a-chip 100 accesses the first memory 110 in operation S520 and identifies data boot. Access to the first memory 110 can be performed according to an instruction, which is obtained from a reset vector. CPU 130 initializes hardware (for example, the hardware components of the electronic device, such as one or more memory devices, a communication interface, etc.), according to the initialization data identified in operation S53Ó. An example of the. initialization was described above with reference to FIG. 2 and a redundant explanation is omitted. CPU 130 can prohibit access to itself via an external port, while a secure boot is performed.
[0078] If initialization is completed, CPU 130 identifies an adjustment value, which is stored in the third memory 140, in operation S540, and selects an encryption key corresponding to the adjustment value from the plurality of encryption keys stored in the first memory 110 , in operation S550. If the encryption key is selected, CPU 130 decodes the encrypted data, which is stored in non-volatile memory 200 using the encryption key and performs authentication in the S560 operation. The decoded data is copied to the second 120 memory or the DDR memory.
[0079] As described above, the data is decoded, according to various coding algorithms, such as a DES method, a TDES method, an AES method, a SEED algorithm, an RSA method and an ARIA method.
[0080] Authentication is a process of verifying the effectiveness of a data authentication code. To achieve authentication, an authentication algorithm, such as HMAC - SHA256, HMAC - SHA1 and HMAC - MD5, and / or any suitable authentication algorithm to carry out the exemplary embodiment of the present general inventive concept, can be used. These algorithms are key-based, which share a single secret key. In particular, HMAC is defined in RFC 204 (key hash for a message authentication code). The encryption key value for decryption and the key value for authentication can be stored in the first memory 110, as described above.
[0081] If the authentication code is not effective, or decryption fails in the S570 operation, CPU 130 stops running the secure boot program and / or enters an infinite cycle in the S595 operation.
[0082] If decryption and authentication are successful, and all system preparations are completed, CPU 130 changes an address map in operation S580. Thus, when an attempt is made to access the first memory 110, access is forcibly changed to access to the second memory 120.
[0083] CPU 130 performs an initialization using the decoded data, which is copied to the second memory 120 in operation S590. The initialization process has been described above and, therefore, a redundant explanation is omitted.
[0084] In the exemplary embodiment above, the system-on-a-chip, which performs a secure boot and its operations, have been described. However, according to an exemplary embodiment, secure boot or normal boot can be performed selectively, according to an environment, in which the system-on-a-chip is used.
[0085] FIG. 6 is a flow chart illustrating a system-on-a-chip initialization process, in accordance with an exemplary embodiment of the present general inventive concept. According to the exemplary embodiment, the non-volatile memory 200 can store encrypted data and non-encrypted data together.
[0086] In this state, if the electronic device is switched on in operation S610, CPU 130 determines whether to perform safe initialization or normal initialization in operation S615. That is, if the power is turned on, CPU 130 goes to a readjustment vector and seeks an instruction. The first memory 110 or the second memory 120 can be designated as the reset vector. That is, the first memory 110 and the second memory 120 are mapped to the same address (for example, 0xffff0000) via bus 150. If CPU 130 identifies address 0xffff0000 of the readjustment vector, CPU 130 accesses one of the first memory 110 and the second memory 120, which is designated. The memory can be designated by a designation value, which is entered via an external pin connected to CPU 130, or a designation value, which is stored in the third memory 140.
[0087] If the second memory 120 is assigned, it is determined that a normal initialization, instead of a safe initialization, is performed in operation S615: N. In this case, CPU 130 accesses non-volatile memory 200 and performs normal initialization using the data. non-encrypted.
[0088] If the first memory 110 is assigned, it is determined that secure initialization was performed in operation S615: Y. If secure initialization is performed, CPU 130 accesses the first memory 110 in operation S625 and detects the initialization data in operation S630. Prior to that, CPU 130 may prohibit access to itself via an external port.
[0089] CPU 130 initializes basic hardware using the initialization data in the S630 operation. The CPU 130 loads the encoded data that is stored in the non-volatile memory 200 to the second memory 120.
[0090] CPU 130 determines whether or not a safe boot mode has been set in operation S635. That is, CPU 130 can determine whether to perform a secure boot, regardless of whether the first memory 110 is designated or not, using the external pin (or a first external pin) or the third memory 140. For example, even if the Uncoded data is stored in non-volatile memory 200, CPU 130 can perform an initialization using the first memory 110. In this case, decoding is omitted. It is determined whether or not the mode is a safe boot mode, based on another designation value stored in third memory 140, or another external pin (hereinafter, a second external pin).
[0091] If the secure boot mode is set, CPU 130 performs decryption and authentication using an encryption key that is stored in the first memory 110, in operation S640. Decryption and authentication can be performed, according to the various algorithms described above (for example, DES, TDES, AES, SEED, RSA, ARIA etc.).
[0092] If at least one of the decryption and authentication fails in the S645: N operation, CPU 130 falls in an infinite cycle in the S660 operation. That is, CPU 130 for executing the safe boot mode. If decryption and authentication is successful in operation S645: Y, CPU 130 changes the address map in operation S650, CPU 130 can control the second memory 120, to be used instead of the first memory 110. Thus, it is access to the code stored in the first memory 110 is not possible after the address map has been changed. At this point, it is impossible to trace a code and key value with a JTAG and the address is set to be read Oxffffff, when it is being accessed.
[0093] When the address map is changed, CPU 130 'jumps to the data copied to the second memory 120 (for example, a first boot loader) and performs a boot operation using that data in operation S655. The first boot loader refers to a boot loader for loading a second boot loader into memory. The main functions of the boot loader to provide a user interface and load a kernel are performed by the second boot loader. The boot loader can be divided into the first and second boot loaders, considering insufficient space.
[0094] As described above, the system-on-a-chip 100 can be implemented in a variety of ways and perform secure boot. The exemplary embodiments described above can be changed, in combination with at least one of the other exemplary embodiments. Figures and descriptions related to these exemplary embodiments are omitted.
[0095] FIG. 7 is a view illustrating an example of a system-on-a-chip in detail. Referring to FIG. 7, the system-on-a-chip 100 may include a DDR controller 185 and several circuits 155, 160, 165, 170, 175, 180, in addition to the first memory 110, the second memory 120, the CPU 130, the third memory 140, and bus 150. In FIG. 7, the first memory 110 is implemented by means of a mask ROM and the second memory 120 is implemented by means of an SRAM. The third memory 140 is implemented via an EFUSE memory. The third memory 140 can store an adjustment value (keys 1, 2 and 3) for the selection of an encryption key and a designation value (mask ROM) to define whether to perform secure initialization.
[0096] Each of the circuits 155, 160, 165, 170, 175, and 180 can be, for example, a register, a logic circuit and a multiplexer. The first circuit 155 includes a first register 155-1. CPU 130 can control access to the CPU via an external port using the first circuit 155. Specifically, the first circuit 155 inserts a JTAG_EN signal corresponding to a value recorded in the first register 155-1 for CPU 130.
[0097] That is, if an initialization event is generated, the fourth circuit 170 generates a result of an OR operation performed according to a value, which is entered via an external pin, and a denomination value which is entered via the third memory 140. The initialization event includes a case, in which the system-on-a-chip 100 or the device (for example, the electronic device), in which the system-on-a-chip is mounted, is turned on. If secure initialization is to be carried out, a '1' can be written to the third memory 140. Therefore, the fourth circuit 170 generates '1'. The value generated from the fourth circuit 170 is inserted into the second circuit 160 and the third circuit 165.
[0098] The second circuit 160 and the third circuit 165 include second and third registers 160-1 and 165-1, respectively, to control access to the first memory 110. The generated value '1' of the fourth circuit 170, to be inserted in the second circuit 160, is inverted. Therefore, '0' is inserted into the second circuit 160. The second circuit 160 generates an OR operation value performed according to the entered value '0' and a storage value of the second register 160-1 using an OR gate. Since '0' can be written to the second register 160-1 in an initial state, the second circuit 160 eventually issues '0' to the first circuit 155.
[0099] The first circuit 155 includes the first register 155-1. The first circuit 155 includes a multiplexer to selectively output a value stored in the first register 155-1 or an external value. If '0' is entered from the second circuit 160, the first circuit 155 generates a signal to disable CPU access for CPU 130. Therefore, access to the CPU via an external port can be restricted for a time predetermined time, that is, the time during which a safe initialization is carried out after a device with the SOC 100 is switched on.
[0100] If the device is switched on, CPU 130 identifies a memory that is assigned according to a configuration value stored in third memory 140, or a value inserted via an external pin. If the designated memory is the first memory 110, the CPU 130 stores a first value (for example, ’1 ') to disable access to the CPU in the first register 155-1.
[0101] If the system preparation (for example, at least the decryption and authentication of the decoded data) is completed, CPU 130 stores a second value (for example, '0'), to enable access to the CPU in the first record 155-1 , The storage value of the second register 160-1 of the second circuit 160 can also be changed.
[0102] More specifically, if system preparation is complete, CPU 130 writes a control value (for example, '1') to disable access to the first memory 110 in the second register 160-1, and blocks data from all regions of the first memory 110 to be read. If the storage value of the second register 160-1 is changed to '1', the value issued from the second circuit 160 is changed to '1'.
[0103] CPU 130 writes a control value (for example, '1') to change access to first memory 110 to access to second memory 120 in third register 165-1. In this case, access to the first memory 110 is automatically switched to access to the second memory 120, when CPU 130 accesses the first memory 110. Once a decoded code is copied to the second memory 120 in advance, CPU 130 can use the same.
[0104] The fourth circuit 170 may include an OR gate to provide a denomination value, which is entered via an external pin or the third memory 140. CPU 130 can determine whether or not to perform secure initialization, according to the designation value. , which is introduced through the fourth circuit 170.
[0105] A multiplexer 175 selectively inserts a value emitted from the second memory 120 or the second circuit 160 to the bus 150.
[0106] A flash boot loader 180 refers to a flash memory for storing a boot loader. The flash boot loader 180 loads a private boot loader stored in non-volatile memory 200 when normal boot is performed. CPU 130 performs normal boot using flash boot loader 180.
[0107] The DDR 185 controller is a controller that controls read / write (R / W) data on an external DDR 400 memory. As described above, the system-on-a-chip 100 can be implemented in several ways and can be used together with non-volatile memory 200 and DDR memory 300. The detailed configuration of a system-on-a-chip 100 is not limited to that illustrated in FIG. 7, and can be accomplished in other diverse ways. Another exemplary embodiment of a 100-in-a-chip system will be explained in detail with reference to the accompanying drawings.
[0108] FIG. 8 is a view illustrating an example of an array of data, which is stored in the first memory 110. Referring to FIG. 8, the first memory 110 stores an authentication code 910, a secure boot loader header 920, and a first boot loader 930.
[0109] The 910 authentication code can be encrypted and stored, according to various encryption algorithms (for example, DES, TDES, AES, SEED, RSA, ARIA etc.). For example, authentication code 910 can be encrypted (for example, encrypted using an encryption method, such as DES, TDES, AES, SEED, RSA, ARIA etc.) and stored, according to an authentication algorithm, such as HMAC -SHA256, HMAC - SHA1 and HMAC - MD5, as described above.
[0110] The header of the 920 secure boot loader can include electronic signature information, an offset value, a size, time information, and a user ID. The header of the 920 secure boot loader can be encoded and stored in one of several encryption algorithms, such as a DES method, a TDES method, an AES method, a SEED algorithm, an RSA method, and an ARIA algorithm.
[0111] The first 930 boot loader can be encrypted and stored in an encrypted state for the sake of internal security.
[0112] In FIG. 8, the boot loader 930 can be configured to start, according to a plurality of NOP instructions (i.e., no operation), for the sake of internal security.
[0113] FIG. 9 is a view illustrating an example of a memory map 940 of the system-on-a-chip 100. Referring to FIG. 9, a private boot loader is stored at a specific address in the first memory 110. The private boot loader can be used for normal boot.
[0114] If secure initialization is performed, CPU 130 can load the first boot loader stored in nonvolatile memory 200 to a region 191 of a record (of the second memory 120), or to a particular region 192 of the second memory 120. The CPU 130 decodes the first boot loader using an encryption key, and copies the first decoded boot loader to a specific region 121 of the second memory 120. The second memory 120 can be supplied with one or more regions, such as an RW section 122 for reading / writing, so that data can be read or written, and a general purpose region 123.
[0115] As described above, the system-on-a-chip 100 can process the encoded data from the external non-volatile memory 200 using various internal memories.
[0116] The manufacturer of the electronic device, or a service provider that uses the electronic device, may wish to securely store their own secret key in the electronic device. The secret key can be used for various purposes. For example, the secret key can be used to encrypt some or all of the core regions or to create a secure communication channel between the electronic device and the manufacturer, or between the electronic device and the service provider. The first memory 110 or the third memory 140 of the system-on-a-chip 100 can be implemented, using an OTP memory, and can store the secret key described above.
[0117] The system-on-a-chip 100, according to the various exemplary embodiments described above, can be used in various types of electronic devices. For example, the system-on-a-chip can be used in an image-forming device, such as a printer, a multifunctional peripheral, a fax machine, or a scanner.
[0118] According to an exemplary embodiment, an image forming apparatus may include a variety of consumer units (for example, a paper feeder, a loading unit, a laser scanning unit, a developing unit, a transfer unit, a fusing unit, a paper unloading unit, a scanning unit, and a scan engine) and a controller. The controller performs an image-forming task using the consumption units. If a CRUM chip (customer replaceable unit monitoring) is mounted on the consumer unit, the controller can update the data that is recorded on the CRUM chip, according to the image-forming task.
[0119] The controller can include a non-volatile memory (for example, a non-volatile memory 200) and a system-on-a-chip (for example, the system-on-a-chip 100). Non-volatile memory can write data encoded to it. If the imaging device is turned on, the system-on-a-chip performs secure initialization using the encrypted data, which is stored in non-volatile memory, and, if secure initialization is completed, controls the imaging device according to a user command.
[0120] FIG. 10 is a block diagram illustrating an example of an image forming apparatus. Referring to FIG. 10, an image forming apparatus 1000 includes a controller 1100, a storage device 1200, a user interface 1300, a communication unit 1400, a power source 1500, and a plurality of consumer units 1600-1 to 1600- n.
[0121] Storage 1200 can include a hard disk drive (HDD) or other storage (for example, a solid state drive (SSD), a memory device, etc.). The 1200 storage is not necessarily implemented using an internal memory and can be implemented via an external memory, which is removably mounted on the image-forming device 1000.
[0122] The 1300 user interface can receive various user selection commands. The 1300 user interface can include a display panel and at least one button. In this case, the display panel can be implemented using a touch screen. At least one button can be implemented as an integral part of the touch screen. The 1300 user interface can provide multiple user interface screens, and the user can enter multiple user commands, either by tapping the user interface screen directly or by manipulating the 1300 user interface button.
[0123] The communication unit 1400 can be connected to an external device, via a network or a local area network (LAN), and can receive data and commands. That is, the communications unit 1400 can be connected to a PC (personal computer), via a local interface, or it can be connected to a plurality of external devices, either wired or wirelessly over a network. US IEEE, 802.11 standard, European hyper LAN standard, or Japan's MMAC-PC standard can be used as a wireless communication standard. In addition to these, various communication methods, such as Wi-Fi, Bluetooth, Zigbee, or near field frequency communication (NFC), can be used for communication.
[0124] The power supply 1500 supplies power to each of the elements of the image forming apparatus 1000 (for example, the controller 1100 and the plurality of consumption units 1600-1 to 1600-n). Specifically, the power supply 1500 receives common AC energy from an external source (AC_IN), converts it into DC energy of an appropriate electrical potential for each element, using elements such as a transformer, an inverter, and a rectifier, and produces DC power (DC_OUT).
[0125] Controller 1100 includes a system-on-a-chip 100 and a non-volatile memory 200. Thus, if the imaging device 1000 is turned on, controller 1100 performs secure initialization. Safe initialization can be carried out in various methods, as described above (for example, as described above with respect to FIGS. 5-6). The system-on-a-chip 100, which performs secure boot, and its operations, have been described above and, therefore, a redundant explanation is omitted.
[0126] If initialization is completed, controller 1100 controls the overall operation of the image forming device, according to the data and a command from an external device, which is connected to the image forming device via the communication unit 1400, or a command user selection, which is introduced via the 1300 user interface.
[0127] Specifically, if a print command is run on a printer driver, which is installed on a host PG or in an application, the printer driver on the host PC generates the print data by converting a corresponding document into a default printer language. The controller 1100 receives such print data through the communication unit 1400. The controller 1100 converts the print data into a bitmap image composed of "0" and "1", using a cross-linking table, and controls the plurality of consumer units 1600-1 to 1600-n to print the bitmap image on paper.
[0128] Various types of consumer units 1600-1 to 1600-n can be supplied, according to one type of the image forming device 100. If the image forming device is a multifunctional laser peripheral, the 1600-1 consumption units a 1600-n can be a paper feeder, a loading unit, a laser scanning unit, a developing unit, a transfer unit, a fusing unit, a paper unloading unit, a scanning unit, and a scan engine. At least some of the 1600-1 to 1600-n consumer units may include CRUM 1610-1 to 1610-n chips.
[0129] CRUM 1610-1 to 1610-n chips can be implemented using memories only, or can be implemented, by including a memory and a CPU. CRUM 1.610-1 to 1610-n chips can have an OS (operating system) separately from the 1100 controller, and can perform bootstrapping themselves, using the OS. CRUM 1.610-1 to 1610-n chips perform authentication against controller 1100 and, if authentication is successful, can perform encrypted data communication. CRUM 1610-1 to 1610-n chips can be executed in different ways.
[0130] FIG. 11 is a block diagram illustrating an example of a CRUM chip in detail. Referring to FIG. 11, a CRUM 1610 chip includes an OS 1611 memory, a non-volatile memory 1612, a volatile memory 1613, a CPU 1614, an encoding (crypto) unit 1615, a tamper detector 1616, and a 1617 interface. illustrated, the CRUM 1610 chip may include a clock unit for generating a clock signal and a random value generator for generating a random value for authentication. However, some of the elements can be eliminated and can be included in another element. The 1615 encoding unit may be an integrated circuit, a processor, an array of programmable field gates, a programmable logic unit, and / or any device suitable for performing encoding (for example, encoding data and / or decoding data), from in accordance with exemplary embodiments of the present general inventive concept, disclosed herein, The 1616 tamper detector may be an integrated circuit, a sensor, a processor, an array of programmable field gates, a programmable logic unit, and / or any device suitable for detecting counterfeits with a consumer unit (for example, first consumer unit 1600-1, second consumer unit 1600-2 etc.), in accordance with exemplary embodiments of the present general inventive concept, as disclosed herein. Interface 1617 can be any communications interface suitable for transmitting data and receiving data from, for example, main controller 1100 (for example, as illustrated in FIG. 10), which includes the system-on-a-chip 100.
[0131] The OS 1611 memory stores an operating system (OS) to activate the 1600-1 to 1600-n consumer unit. The non-volatile memory 1612 can store one or more programs and data with respect to the consumer unit (for example, any of the consumer units 1600-1 to 1600-n) and the CRUM chip (for example, any one or more of the first CRUM 1610-1 to 1610-n chip). Specifically, the 1612 non-volatile memory can store electronic signature information, one or more encoding program codes, status information for the consumption units (for example, information on toner consumption, information on replacement time, number of copies remaining to be printed), unique information (for example, manufacturer information, information about the date of manufacture, serial number, product model name), and service information. CPU 1614 can load the program and data that is stored in non-volatile memory 1612 to volatile memory 1613, and can use them.
[0132] The encryption unit 1615 supports an encryption algorithm and can cause the CPU 1614 to authenticate against the controller 1100 provided in the image forming apparatus, or to carry out encrypted communication (for example, through the 1617 interface). Specifically, the 1615 encryption unit can perform encryption or authentication data communication using the various encryption algorithms described above.
[0133] The 1616 tamper detector serves to protect and / or prevent various physical attempts at tampering. That is, the 1616 tamper detector detects and protects a consumer unit (for example, any of the consumer units 1600-1 to 1600-n) from tampering. Specifically, the 1616 tamper detector monitors an operating environment, such as voltage, temperature, pressure, light, and frequency and, if attempted like Decap (ie, uncapping the CRUM 1610 chip to determine its operation), or any other tampering activity, the tamper detector 1616 physically deletes or blocks data (for example, data stored in volatile memory 1613, non-volatile memory 1612, and / or O / S memory 1611). In this case, the 1616 tamper detector may include a separate power source.
[0134] By supplying the 1615 encryption unit and the 1616 tamper detector, as described above, systematic data security using hardware and software is possible.
[0135] Interface 1617 connects CPU 1614 and controller 1100 to each other via a wired and / or wireless communication link. Specifically, the 1617 interface can be implemented using a serial interface, or a wired and / or wireless interface.
[0136] As described above, the system-on-a-chip 100 can be mounted on the image forming apparatus and can perform a secure boot. Therefore, the system-on-a-chip can minimize and / or prevent an unauthorized person from altering the startup process or tampering with the consumption unit data (for example, any of the 1600-1 to 1600 consumer units -n). The system-on-a-chip 100 can be assembled and used in several electronic devices, in addition to the image forming device.
[0137] As described above, a system-on-a-chip 100 initially uses a first memory 110 and subsequently performs an operation using a second memory 120. Important information, such as various data related to initialization, an encryption key for decoding codes , and initialization codes etc., can be stored in the first memory 110. Thus, when the use of the first memory 110 is completed, it is necessary to minimize and / or prevent data from the first memory 110 from being changed, or data from the first memory 110 are leaked, disabling access to the first memory 110. For this, as described with reference to FIG. 7, a second circuit 160 and a third circuit 165 can be prepared, additionally, within the system-on-a-chip 100. However, the configuration of the system-on-a-chip 110 is not limited to this, and several modifications can be applied.
[0138] FIG. 12 is a flow chart illustrating a method of using a memory in a system-on-a-chip, according to an exemplary embodiment of the present general inventive concept. According to Fig. 12, when a power from an image forming device is switched on in operation S1210, CPU 130 accesses the first memory 110 in operation S1220. Therefore, CPU 130 performs various operations using a program and data that is stored in the first memory, in operation S1230. For example, when initialization data is stored in the first memory 110, CPU 130 performs the initialization of an image forming device, using the initialization data. When initialization is complete, CPU 130 reads the data encoded in non-volatile memory 200, and decodes the data using an encryption key stored in the first memory 110. CPU 130 stores the decoded data in the second memory 120.
[0139] An initialization operation is performed through the second memory 120, not through the first memory 110. Thus, CPU 130 no longer needs to use the first memory 110. Therefore, CPU 130 disables access to the first memory 110 in the operation S1240. CPU 130 performs the next operation, accessing the second memory of 120 in operation S1250.
[0140] Since the initialization operation and the decoding operation are described specifically in the various exemplary embodiments, as shown above, the repetitive descriptions are omitted.
[0141] Fig. 13 is a view illustrating an exemplary embodiment of the present general inventive concept of the system-on-a-chip. As illustrated in Fig. 13, the system-on-a-chip 100 may include a first memory controller 1310, a second memory controller 1320, and a switching unit 1330. The system-on-a-chip 100 may include the first memory 110, the second memory 120, the CPU 130, a third memory 140, a bus 150, a DDR controller 185, and circuits 155, 160, 165, 170, 175, and 180. Other elements, in addition to the controller first memory 1310, second memory controller 1320, and switching unit 1330, are specifically described with reference to FIG. 7 above and thus repetitive descriptions are omitted.
[0142] The first memory controller 1310 is an element and / or device for controlling access to the first memory 110. The first memory controller 1310 can be an integrated circuit, a processor, a programmable logic device, a programmable port network in the field, and / or any suitable device for controlling access to the first memory 110, according to exemplary embodiments of the present general inventive concept. When a read signal is received from CPU 130, the first memory controller 1310 reads the data in an area designated by the read signal inside the first memory 110, and outputs the data to CPU 130. The second controller memory 1320 can control access to second memory 120. The second memory controller 1320 can perform reading and writing, in the same way as the first memory controller 1310. The second memory controller 1320 can be an integrated circuit, a processor, a programmable logic device, a network of programmable ports in the field, and / or any device suitable for controlling access to the first memory 110, according to exemplary embodiments of the present general inventive concept.
[0143] The switching unit 1330 is an element and / or electronic device for connecting one of the first memory controller 1310 and the second memory controller 1320 with the bus 150, selectively. That is, as described above, CPU 130 uses the first memory 110, until the data in a non-volatile memory 200 is decoded, after the device (for example, an image-forming device, an electronic device, etc.) is turned on. and then CPU 130 uses second memory 120. Switching unit 1330 connects first memory controller 1310 to bus 150, when CPU 130 is in an operating state, to use the first memory 110, and turns on second memory controller 1320 to bus 150, when the use of the first memory 110 is completed.
[0144] As illustrated in FIG. 13, the first memory controller 1310 includes a 1311 register. An access control value in the first memory 110 is stored in register 1311. The access control value is a value to enable or disable access to the first memory 110. The access control value can include one or more bit values.
[0145] As illustrated in FIG. 13, the data in register 1311 incorporated into the first memory controller 1310 are inserted into a third circuit 165. In contrast to the exemplary embodiment of the present general inventive concept illustrated in FIG. 7, the third circuit 165 does not include an inverter and a QR port. Instead, the third circuit 165 can include an AND gate 165-2. The AND gate 165-2 emits '1', when all of the storage values stored in the third register 165-1, the storage value stored in register 1311, and the output value issued from a fourth circuit 170 are '1' . Thus, when CPU 130 stores an access control value, which has a value of '0' in register 1311, third circuit 165 emits '0', regardless of a storage value stored in third register 165-1 and an output value emitted by the fourth circuit 170.
[0146] When the system-on-a-chip 100 is turned on and / or receives power from a power source, an access control value, for example, '1', is stored in register 1311. Thus, the third circuit 160 generates '1' for switching unit 1330. Switching unit 1330 includes a first multiplexer 1331, a second multiplexer 1332, and a third multiplexer 1333. The first multiplexer 1331 selectively outputs one of the values, which are output from the controller. first memory 1310 and from second memory controller 1320 to bus 150, according to a value that is output from a third circuit 160. FIG. 13 illustrates a circuit structure, where, when '1' is generated from the third circuit 165, a value, which is output from the first memory controller 1310, is transmitted to bus 150, and when '0' is emitted by the third circuit 165, a value, which is emitted from the second memory controller 1320, is transmitted to the bus 150. The second multiplexer 1332 and the third multiplexer 1333 emit a value, which is inserted from a bus 150 , according to a value emitted from a third circuit 165, for the first memory controller 1310 or the second memory controller 1320.
[0147] According to exemplary embodiments of the present general inventive concept, illustrated and described in connection with FIGS. 12 and 13, the first memory 110, that is, as a MASKROM, and the second memory 120, that is, as an internal memory, can be allocated to the same address area, and used selectively according to the initialization order . That is, after a code stored in the first memory 110 is used first, in the final phase, only the bus command '1' and the data input '1' can be effective within the switching unit 1330, by definition from register 1311. Even if CPU 130 accesses the same address, the second memory 120 is switched on and, thus, the security of the first memory 110 is increased and / or reinforced. Although Fig. 13 illustrates that register 1311 is disposed inside the first memory controller 1310, it is certainly not limited to this case. For example, register 1311 can be arranged outside the first memory controller 1310, and several logic circuits, which can be defined in the initial phase (ie, defined only once and cannot be changed later), can be incorporated into the first memory controller 1310, instead of register 1311.
[0148] When switching unit 1330 is prepared (for example, by setting register 1311, and / or according to the outputs from the second memory controller 1320 and / or the second circuit 160), the one-in-one system -chip 100 does not need to connect directly to slaves, such as the first memory controller 1310 and the second memory controller 1320 with bus 150, so the size of the logic can be reduced.
[0149] In the exemplary embodiments of the present general inventive concept, as discussed above, the system-on-a-chip 100 performs initialization or a secure initialization, using different software codes stored in the first memory 110, in the third memory 140 etc. However, there is a risk that a malicious person could perform adulteration directly on the ROM, inside the system-on-a-chip 100, for example, in the first memory 110, through a process of decapsulation. Thus, in an exemplary embodiment of the present general inventive concept, a software code can be generated on the system-on-a-chip 100, autonomously, and can be used, as discussed in detail below.
[0150] Fig. 14 is a block diagram illustrating the system-on-a-chip 100, according to an exemplary embodiment of the present general inventive concept. As illustrated in Fig. 14, the system-on-a-chip 100 includes the first memory 110, the second memory 120, the CPU 130, the third memory 140, the bus 150, and a code generating unit 1400. The first memory 110, second memory 120, CPU 130, third memory 140, and bus 150 are described in detail above.
[0151] The code generating unit 1400 generates one or more software codes. CPU 130 can use not only the data stored in the first to third memories 110, 120 and 140, but also a software code generated in the code generating unit 1400.
[0152] As described above, various data, such as a code to initialize a system, a code to decode an external coded program code, and an encryption key, etc., can be stored in the first memory 110. The code generating unit 1400 can generate at least at least a portion of the data, which is stored in the first memory 110, and supply the data to CPU 130.
[0153] CPU 130 can perform initialization using a software code generated on code generating unit 1400, along with data stored in first memory 110. For example, not all initialization codes are stored in first memory 110, and in some cases exemplary embodiments of the present general inventive concept, some unsaved codes are generated by the code generating unit 1400. Here, the CPU 130 can perform initialization, receiving some software codes from the code generating unit 1400, when approaching of a reset vector and reads an initialization code in the first memory 110. In an exemplary embodiment of the present general inventive concept, the CPU 130 can perform various operations, using a value stored in the first memory 110 and data output from the code-generating unit 1400. So even if the first memory 110 is breached, the third person (ie, the 'hac ker ') may not know the full boot code.
[0154] Fig. 15 illustrates the system-on-a-chip, according to an exemplary embodiment of the present general inventive concept. As illustrated in Fig. 15, the system-on-a-chip 100 excludes the first memory 110, and includes the code generating unit 1400. The system-on-a-chip 100 includes the second memory 120, the CPU 130 , the third memory 140, and the bus 150, which are described in detail above. The code generating unit 1400 can generate various data, such as a system initialization code, a decoded code, an encryption key, etc. The CPU 130 inserts an address into the code generating unit 1400, and receives a software code, which is generated according to the address. Thus, in the exemplary embodiment illustrated in FIG. 15, which does not include the first memory 110, the CPU 130 can perform initialization using codes generated by the code generating unit 1400 (for example, as opposed to those stored in a memory, such as the first memory 110).
[0155] Fig. 16 illustrates an exemplary embodiment of the code generating unit 1400, which is used in the exemplary embodiments of the present general inventive concept, illustrated in Fig. 14 and / or Fig. 15. As illustrated in Fig. 16, the code generating unit 1400 includes an address decoder 1410, a plurality of registers 1420-1, 1420-2, and 1420-n, and a multiplexer 1430. Address decoder 1410 can be a circuit, an integrated circuit, a network of programmable ports in the field, a programmable logic device, and / or any suitable device to decode an address. Registers 1420-1, 1420-2, and 1420-n can be registers on one or more memory devices.
[0156] Address decoder 1410 receives an address from CPU 130, and decodes the address. The multiplexer 1430 receives the decoded address in the decoder. addresses 1410 and accesses one or more of the plurality of records 1420-1 through 1420-n, according to the address.
[0157] Specifically, the multiplexer 1430 selectively reads register values (for example, data values in one or more registers) stored in the register designated by the address decoded in an address decoder 1410, among the plurality of registers 1420-1 to 1420- n, and generates a software code, combining the registry values.
[0158] Fig. 17 illustrates an exemplary embodiment of a code generating unit, in accordance with the present general inventive concept. The code generating unit 1700 illustrated in FIG. 17 can take the place of the code generating unit 1400 illustrated in FIGS. 14 and / or 15. As shown in FIG. 17, the code generating unit 1700 includes an address decoder 1710, a first generating unit 1720, a plurality of instruction records 1730-1 to 1730-n and 1750-1 to 1750-m, a plurality of instruction multiplexers 1740 and 1760, a code formatter 1770, a second generating unit 1780, a plurality of data records 1790-1 to 1790-x, a data multiplexer 1800 and a multiplexer 1810.
[0159] An address decoder 1710 receives an address from CPU 130 and decodes the address, and provides the decoded address to the first generating unit 1720 and the second generating unit 1780. The first generating unit 1720 reads an instruction address from the address decoded in the address decoder 1710, and generates the instruction address. The instruction address generated on the first generating unit 1720 is provided to the plurality of instruction multiplexers (for example, to the instruction multiplexers 1740 and 1760, respectively).
[0160] Although Fig.17 illustrates only two instruction multiplexers 1740 and 1760, the number of instruction multiplexers can be modified, according to the group number, which distinguishes the instruction record. That is, instruction records can be grouped, according to the number of outputs of the first generating unit 1720, which generates instruction addresses, and a multiplexer can be provided for each group of instruction records.
[0161] Instruction records 1730-1 to 1730-n and 1750-1 to 1750-m can be grouped, according to the field constituting a software code, and differentiated into a plurality of groups. Instruction registers 1730-1 to 1730-n and 1750-1 to 1750-m can store a specific code to constitute a software code, or at least bit data. Fig. 17 illustrates an instruction record distinguished in a total of n groups (for example, records 1730-1, 1730-2, and 1730-n).
[0162] A plurality of instruction multiplexers 1740 and 1760 selectively reads a register value (for example, a data value in a register) from an instruction register (for example, instruction registers 1730-1 to 1730-n and 1750-1 at 1750-m), which is combined, according to an instruction address. For example, when a first, a third, a fourth and a fifth record within a first group, and a second, a third, a fifth, and a sixth record within a nth group are designated by an instruction address, the first 1740 multiplexer, which is combined with a first group, reads a register value from a first, a third, a fourth and a fifth register 1740-1, 3, 4 and 5. The first 1760 multiplexer, which is, in Then, combined with the group, it reads a register value of one second, a third, a fifth, and a sixth 17502, 3, 5, and 6 records. The reading values are transmitted to a 1770 code formatter.
[0163] The 1770 code formatter combines the values, which are read by the plurality of instruction multiplexers 1740 and 1760, and generates the code (that is, the instructions). The 1770 code formatter can be, for example, a circuit and / or any suitable device for combining values and generating the code and / or instructions.
[0164] A second generating unit 1780 generates a data address based on the address, which is decoded into a 1710 address decoder. The second generating unit 1780 supplies the generated data address to a data multiplexer 1800.
[0165] The data multiplexer 1800 selectively reads a register value (for example, a data value in a register) from a plurality of data registers 1790-1 to 1790-x, according to the data address. Various data are partially divided, and can be stored in one or more of the plurality of data records 1790-1 to 1790-x. One or more of the register values (for example, data values stored in the 1790-1 to 1790-x registers), which are received by the data multiplexer 1800, are multiplexed by the multiplexer 1800 and are supplied to the multiplexer 1810.
[0166] The 1810 multiplexer can combine a code generated in the 1770 code formatter and the data generated in the 1800 data multiplexer, and generate a software code. The generated software code can be supplied to CPU 130, or it can be copied to second memory 120.
[0167] CPU 130 can perform not only one initialization operation, but also various operations, using a software code generated on the code generating unit 1400.
[0168] FIGS. 18 and 19 are views illustrating several exemplary embodiments of the present general inventive concept, of a software code generated in the code generating unit (for example, in the code generating unit 1400 illustrated in FIGS. 14 and 15, and / or in the code generating unit 1700 illustrated in FIG. 17).
[0169] According to Fig, 18, a software code can include a plurality of fields 1910 to 1950, Various data, such as a condition (illustrated as field 1910 in Figure 18), an opcode (ie, an operation code, which specifies the operation to be performed; illustrated as field 1920 in Figure 18), and a record value (for example, values in any of the 0, 1, or 2 records illustrated in fields 1930, 1940, and 1950, respectively, in FIG. 18) can be stored in one or more of the fields 1910 to 1950. The code generating unit 1400 or the code generating unit 1700 can generate a software code, as illustrated in Fig. 18, by reading register values , respectively, from a register of a group corresponding to each field, and combining the values (for example, through the use of a multiplexer).
[0170] FIG. 19 illustrates an exemplary embodiment of the present general inventive concept, of a software code. Although a software code in Fig. 18 can include fields, which are the same size, a software code in Fig. 19 can include fields, whose dimensions are different from each other. As illustrated in Fig. 19, a condition field 1960 and an opcode field (ie operation code) 1970 are prepared, and the other data can be stored in a separate field 1980. That is, condition field 1960 and the 1970 opcode field can be of the same size, and separate 1980 field can be of a different size (that is, larger). Alternatively, the condition field 1960, the opcode field 1970, and the separate field 1980 can each be given a different size.
[0171] A software code can be configured in several ways. Generally, a software code is divided according to a certain section, such as a command part, an operator part, etc. These commands are generally similar according to the section, and therefore, if the code is optimized, and a hardware device is created in consideration of the optimized code, it is possible to reduce the size of a hardware device. That is, the code can be optimized so that it runs faster, or in such a way that it operates with less memory storage or other resources, or consumes less power. The hardware device, such as the system-on-a-chip 100, can be reduced in size, for example, by reducing the amount and / or size of the memory (for example, the first memory 110, the second memory 120, and / or third memory 140). The hardware device (for example, the system-on-a-chip 100) can also consume less energy when the optimized code is executed.
[0172] As described above in the various exemplary embodiments of the present general inventive concept, an encoding program or encoding data is stored in external memory 200 (illustrated, for example, in FIGS. 1, 3, 4, 7 and 13-15) , which is not incorporated into the system-on-a-chip 100. External memory 200 can be a non-volatile flash memory, in which data can be read or written.
[0173] Flash memory (i.e., non-volatile memory 200) can be of various types, according to an interface specification and an internal structure. Specifically, the flash memory can be a serial and / or parallel flash memory based on CPU 130 and interface specification, and it can be a NAND or NOR flash, based on the internal structure of the flash memory.
[0174] FIG. 20 illustrates a pin structure of a NOR 2000 flash memory. The NOR 2000 flash memory can be used as the non-volatile flash memory 200 illustrated in FIGS, 1, 3, 4, 7 and 13-15. As illustrated in FIG. 20, the NOR 2000 flash memory can include multiple pins, such as a WE # 2010 pin. The WE # 2010 pin is used to control a bus recording operation from a command interface. That is, when a signal is received by the WE # 2010 pin, a recording operation can be performed on the NOR 2000 flash memory.
[0175] FIG. 21 illustrates a pin structure of a NAND 2100 flash memory. The NAND 2100 flash memory can be used as the non-volatile flash memory 200 illustrated in FIGS. 1, 3, 4, 7 and 13-15. As illustrated in FIG. 21, the NAND 2100 flash memory can include several pins, such as the WE # 2110 pin. The WE # 2110 pin is used to receive a recording signal for the NAND 2100 flash memory.
[0176] FIG. 22 illustrates a pin structure of a flash memory with serial peripheral interface (SPI) 2200. The flash memory SPI 2200 can be used as the non-volatile flash memory 200 illustrated in FIGS. 1, 3, 4, 7 and 13-15. According to FIG. 22, the SPI 2200 flash memory includes a W # 2210 pin for a write operation.
[0177] CPU 130 can perform a write operation, using a pin fitted to each flash memory (for example, non-volatile memory 200, which can be NOR 2000 flash memory, NAND 2100 flash memory, and / or SPI flash memory 2200), As described above, the flash memory is encrypted, but the encryption key value of the system-on-a-chip 100 can be exposed. When the encryption key value is exposed, there is a risk that the firmware stored in the flash memory may be changed. Thus, it is necessary to minimize and / or prevent the flash memory from being changed in advance. According to an exemplary embodiment of the present general inventive concept, an external memory recording pin can be disabled. That is, the pin WE # 2010 of the NOR 2000 flash memory, the pin WE # 2110 of the NAND 2100 flash memory, and / or the pin W # 2210 of the SPI 2200 flash memory can be deactivated, in order to minimize and / or avoid that the flash memory is altered by an unauthorized operation (that is, a tamper operation).
[0178] FIG. 23 is a view illustrating the system-on-a-chip 100 and an external memory structure, according to an exemplary embodiment of the present general inventive concept. FIG. 23 illustrates a case, in which a NOR flash memory (such as the NOR 2000 flash memory illustrated in FIG. 20) is used as an external memory (for example, the non-volatile memory 200). Here, the system-on-a-chip 100 can further include a NOR 2310 flash controller to control a NOR 2000 flash memory. The NOR 2310 flash controller can be, for example, a circuit and / or integrated circuit to control the NOR 2000 flash memory operations, such as a read operation and / or a write operation.
[0179] CPU 130 can read various data and software, which are stored in the NOR 2000 flash memory, via the NOR 2310 flash controller. CPU 130 can output a recording signal to the NOR 2000 flash memory, via the NOR 2310 flash controller. .
[0180] However, as illustrated in FIG. 23, the recording pin 2010 of the NOR 2000 flash memory can be disabled. The deactivation process can be performed using several methods. FIG. 23 illustrates a state, in which a recording pin is connected to a disabled terminal 2320, which is prepared on a motherboard incorporated into the system-on-a-chip 100 and the NOR 2000 flash memory. Here, even if a signal from recording is output on the NOR 2310 flash controller, the recording signal cannot be inserted into the recording pin 2010 and, therefore, it is not possible to change the data in the NOR 2000 flash memory when the recording pin 2010 is disabled.
[0181] FIG. 23 illustrates only the NOR 2000 flash memory, but, as described above, the non-volatile memory, that is, an external memory (for example, the non-volatile memory 200) can be configured in various ways, such as the NAND flash memory 2100 or SPI 2200 flash memory etc., and a 100 system-on-a-chip can be connected with various types of flash memories. The recording pin can be disabled in these flash memories 2100 and 2200, thus blocking a data change operation.
[0182] According to an exemplary embodiment of the present general inventive concept, when the system-on-a-chip satisfies a specific condition, recording to an external memory can be performed.
[0183] FIG. 24 is a flow chart illustrating a method of controlling a memory, according to an exemplary embodiment of the present general inventive concept. According to the exemplary embodiment, the system-on-a-chip 100 may include a memory controller for controlling access to an external non-volatile memory.
[0184] When a recording event occurs in operation S2410, the memory controller receives a recording signal and a first key value from CPU 130 in operation S2420. A user can enter a first key value, which is received by the system-on-a-chip 100 via a user interface (for example, the user interface 1300 illustrated in FIG. 10), or the first key value can be entered automatically from CPU 130. CPU 130 can randomly select one of the pre-stored plurality of key values, and can enter the number of the selected key value into a memory controller, or it can enter itself key value.
[0185] When a first key value is received in the S2420 operation, the memory controller (for example, the NOR 2310 flash controller illustrated in Figure 23) compares the first key value received with the second key value pre-stored in the S2430 operation . When it is determined in operation S2440 that the two key values are the same, the memory controller (for example, the NOR 2310 flash controller shown in FIG. 23) performs a write operation to an external memory (for example, example, the NOR 2000 flash illustrated in FIG. 23) in operation S2450. When the first key value received is not the same as the second key value pre-stored in the S2430 operation, the memory controller blocks and / or prevents a write operation to the external memory.
[0186] FIG. 25 is a view illustrating an exemplary embodiment of the memory controller, which performs a method of controlling a memory, as illustrated in FIG. 24. According to FIG. 25, the memory controller 2500 includes a signal transfer unit 2510, a key value store 2520, a comparison unit 2530, a memory access controller 2540, a signal processor 2550, and a signal generating unit 2560. In exemplary embodiments of the present general inventive concept, the memory controller 2500 can be replaced by the NOR flash controller 2310 illustrated in FIG. 23, The signal transfer unit 2510 can be a circuit, and the integrated circuit, and / or any suitable device for comparing and transferring the signals, according to the exemplary embodiments of the present general inventive concept, disclosed herein. The key value storage 2520 can be a memory device. The comparison unit 2530 can be a circuit, an integrated circuit, a programmable logic unit, or a network of programmable ports in the field and / or any suitable device for comparing signals.
[0187] The signal generating unit 2 560 can be a circuit, an integrated circuit, a programmable logic unit, or a network of programmable ports in the field and / or any suitable device for generating a signal (for example, a clock signal, a signal slave selector and / or chip selector etc.), in accordance with exemplary embodiments of the present general inventive concept. The signal generating unit 2560 can receive and generate signals in order to communicate with one or more devices communicatively coupled to an interface, for example, a Peripheral Serial Interface (SPI). The signal generating unit 2560 can communicate, for example, with sensors, control devices, communication interfaces, memory and / or a display, which can be mounted, for example, on the main board 300 illustrated in FIG, 4 and above described. The finite state machine 2561 can generate and emit one or more operating states of the signal generating unit, while communicating with one or more devices.
[0188] As illustrated in FIG. 25, a signal transfer unit 2510 receives several signals across the bus (for example, bus 150 shown in FIGS. 4 and 13-15), such as ADP (the Advanced Peripheral Bus), and transfers the signals to the unit comparison 2530 or signal processor 2550 etc. Specifically, when a first key value is transmitted by CPU 130, signal transfer unit 2510 stores a first key value within register 2511, and provides the first key value stored in comparison unit 2530.
[0189] At least a second key value can be stored in the key value 2520 store.
[0190] When a first key value is transferred via signal transfer unit 2510, comparison unit 2530 compares a second key value stored in the storage of key value 2520 with a second received key value.
[0191] A comparison unit 2530 can emit a signal, such as '0' or '1', according to the compared result. That is, the comparison unit 2530 can compare the first key value and the second key value, and output a signal, according to the fact that the first key value is the same as the second key value (for example, one can be generated by the comparison unit 2530), and emit a different signal, when the first key value is different from the second key signal (for example, a '0' can be produced by the comparison unit 2530).
[0192] A signal processor 2550 can selectively output a recording signal transmitted by CPU 130 to an external non-volatile memory (for example, the non-volatile memory 200 illustrated in FIGS. 1, 3, 4, 7 and 13-15, and / or the NOR 2000 flash memory illustrated in FIG. 23), according to the compared result, as determined by the comparison unit 2530. The signal processor 2550 can transfer a signal, which is read in an external non-volatile memory 200, to the controller access memory 2540.
[0193] A signal processor 2550 may include a first switch 2551-1 to control a write operation, a second switch 2551-2 to control a read operation, a converter 2552 to convert a sent or received signal into a predetermined data format, and a 2553 filter unit, etc. The first switch 2551-1 or the second switch 2551-2 can be one or more logic circuits. The 2552 converter and the filter unit can be circuits, integrated circuits and / or any suitable device for converting a signal or filtering a signal, respectively, according to the exemplary embodiments described herein. Thus, the memory access controller 2540 and the converter 2552 can be connected or blocked, according to an emission value of the compared result, from the comparison unit 2530.
[0194] For example, when a first key value, which is stored in register 2511, is different from a second key value, which is stored in the storage of key value 2520, comparison unit 2530 issues '0', and when a first key value is the same as a second key value, comparison unit 2530 can produce '1'. When the comparison unit 2530 generates '0', the first switch 2551-1 can deactivate the connection with the converter 2552. Therefore, when the first switch 2551-1, which controls a recording operation, deactivate the connection with the converter 2552, nothing can be issued. That is, a connection between the memory access controller 2540 and the converter 2552 of the signal processor 2550 is deactivated by the first switch 2551-1. Alternatively, a fixed value, for example, only '0', can be produced, even if any value is entered in the memory access controller 2540. When '1' is output by the comparison unit 2530, the first switch 2551- 1 transfers a signal emitted by the 2540 memory access controller to the 2552 converter.
[0195] The converter 2552 converts a recording signal emitted by the memory access controller 2540 into memory data, and transmits the data to an external non-volatile memory 200 (for example, as illustrated in FIGS. 1, 3, 4, 7 and 13-15) or, alternatively, to the NOR 2000 flash memory illustrated in FIG. 23.
[0196] The filter unit 2553 filters data, which is read by the non-volatile memory 200 (for example, as illustrated in FIGS. 1, 3, 4, 7 and 13-15, or, alternatively, by the NOR 2000 flash memory illustrated in Figure 23), and transfers the data to the 2552 converter. The 2552 converter provides the data transferred to the second switch 2551-2. The second switch 2551-2 is configured to transfer a value entered by the 2552 converter to the 2540 memory access controller. When '0' is entered by the comparison unit 2530, the second switch 2555-2 also disables the connection between the converter 2552 and the memory access controller 2540, and when '1' is introduced by the comparison unit 2530, the second switch 2555-2 connects the converter 2552 and the memory access controller 2540. Fig. 25 illustrates the second switch 2551-2, together with the first switch 2551-1, but, according to an exemplary embodiment of the present general inventive concept, the second switch 2551-2 can be omitted, so that a read operation is always available. That is, in the exemplary embodiments of the present general inventive concept, the second switch 2551-2 can be omitted, so that data can be read from the non-volatile memory 200 or the NOR 2000 flash memory, and the data read is converter 2552 and memory access controller 2540, so that read data can be provided to CPU 130.
[0197] The memory access controller 2540 performs a write operation or a read operation in relation to an external memory 200 (for example, as illustrated in FIGS. 1, 3, 4, 7 and 13-15, or, alternatively , the NOR 2000 flash memory illustrated in FIG. 23), according to a recording signal or a reading signal, which is inserted via APB or AHB (the advanced high performance bus). As described above, when a first key value inserted by CPU 130 (and, for example, stored in register 2511 of signal transfer unit 2510) is the same as a second pre-stored key value (for example, as stored in the key value storage unit 2520), the memory access controller 2540 can write various data to the non-volatile memory 200 (or, alternatively, to the NOR 2000 flash illustrated in FIG. 23). Otherwise, the memory access controller 2540 cannot write data to the non-volatile memory 200, even if the memory access controller 2540 emits a recording signal.
[0198] As described above, according to various exemplary embodiments of the present general inventive concept, the attempt to alter a program or data, which is stored in a non-volatile memory, can be minimized and / or prevented.
[0199] As with the exemplary embodiments of the present general inventive concept described above, an encoded code can be stored in a non-volatile memory. When a key value does not exist, that code cannot be decoded. However, when a key value is exposed, an encoded code stored in a non-volatile memory can be used because it is decoded, and can be used by generating a firmware code, which has been modified at random. Even if a key value cannot be read by an image forming device, the key value can be leaked by the manufacturer of the image forming device. Examples disclosed herein of embodiments of the present general inventive concept minimize and / or prevent a firmware code from being changed at random by a hacker when a key value is exposed.
[0200] FIG. 26 is a flow chart illustrating a method for controlling printing, according to an exemplary embodiment of the present general inventive concept. As illustrated in FIG. 26, a host device 2600 communicates with an image-forming device 1000, and controls the operations of the image-forming device 1000. Communication between the host device 2600 and the image-forming device 1000 can be via a communication link with and / or wireless. The 2600 host device can be a server, a personal computer, a laptop, a tablet, a smartphone, a portable media player, a digital camera, and / or any other electronic device.
[0201] As described above, when a key value stored in an image-forming device 1000 is exposed, it is possible to change a firmware. Thus, a hacker can encode or decode at random, or perform encoding and / or decoding, according to the hacker's commands, and therefore it is difficult to control an image-forming device. In this exemplary embodiment of the present general inventive concept, the host device 2600 compares a ciphertext, used by an image-forming device 1000, with a pre-stored ciphertext, and can determine whether the image-forming device 1000 is in the state normal or in the violated state.
[0202] Specifically, the host device 2600 stores a ciphertext in the S2610 operation. A ciphertext includes a program, such as firmware, that is encoded as a predetermined key value. A firmware can be updated (for example, updated frequently, updated periodically, etc.) in order to improve the capacity (s) of the image-forming device 1000, and is generated to be a new version. Thus, the ciphertext changes, according to the firmware version, but a ciphertext of the same firmware version is the same at all times. When a key value is exposed and a firmware is tampered with, the modified firmware performs the operation normally, but the ciphertext of the modified firmware is changed to another version, which is different from the normally issued version. The 2600 host device can combine a normally encoded firmware ciphertext with information about the firmware version, and store it. Ciphertext and version information can be stored together with a printer driver for the 2600 host device.
[0203] When an event occurs (for example, an event occurred at random), the host device 2600 can request a ciphertext and version information for the image-forming device 1000 in operation S2615. In this, the event can include several events, such as an event, whose predetermined time interval is short, an event where a print command is entered, an event where a printer driver is established, an event where communication between the host device 2600 and the imaging device 1000 is established, and an event in which the imaging device 1000 is turned on and initialization is complete. In addition to these events, an event can include several situations, such as checking whether a ciphertext has been manufactured or not.
[0204] When a request for ciphertext and version information is received from host device 2600 in operation S2615, while initialization is completed in operation S2620, the image forming device 1000 transmits pre-stored cipher text and version information to host device 2600 in S2625 operation.
[0205] The host device 2600 can receive cipher text and version information from the image forming device 1000. The host device 2600 can store various version information and a cipher text combined with the version information. The host device 2600 compares a ciphertext, combined with the version information received, with a ciphertext, received from the version information pre-stored in operation S2630.
[0206] After comparing the cipher text, combined with the version information received, with the cipher text, received from the version information pre-stored in operation S2630, when the two cipher texts are not the same, it is determined that the ciphertext was manufactured in operation S2635. When it is determined that the ciphertext has been manufactured, the host device 2600 registers the image-forming device 1000 in a list of printers in operation S2645. The printers in the list of printers can be prevented from performing a printing operation, making the apa unavailable. .image-forming mirror 1000.
[0207] When it is determined that the ciphertext has not been manufactured, the host device 2600 is operated in a state of waiting for printing in the S2640 operation. When a print command is entered by a user (for example, host device 2600 receives the print command from the user), host device 2600 transmits print and command data from the print job to the image forming device 1000, and performs the impression.
[0208] FIG. 27 is a block diagram illustrating an exemplary embodiment of the present general inventive concept of a host device for carrying out a print control method illustrated in FIG. 26. As illustrated in FIG. 27, the 2600 host device includes a 2610 storage, a 2620 controller, and a 2630 communications unit. The 2600 host device can be a PC, a laptop, a cell phone, a PDA, a tablet, and a server etc. Storage 2610 can be a memory device, and the controller can be a CPU, processor, integrated circuit, programmable logic device, network of programmable ports in the field, and / or any suitable controller device. The communication unit can be any device for receiving and transmitting data over a wired and / or wireless communication link.
[0209] Storage 2610 can store ciphertext. The ciphertext can be stored in storage 2610 individually (that is, separately from the other data stored in storage 2610) according to a version of several firmwares. When storage 2610 is connected to one or more devices (that is, host device 2600, including storage 2610 is communicatively connected to one or more devices via the 2630 communication unit), ciphertext, including identification information, such as such as a model name, manufacturer name, serial number, firmware name, firmware version, etc. of each device, can be stored separately.
[0210] When a predetermined event occurs, the communications unit 2630 can receive a ciphertext stored in an image forming apparatus. As described above, the predetermined event may include checking whether a ciphertext is manufactured, or not, a communication unit requesting ciphertext from an image-forming device, and receiving the ciphertext. Here, version information and identification information, together with a ciphertext, can be received.
[0211] The 2620 controller reads a cipher text, which corresponds to a firmware version of the image-forming device 1000, among the cipher texts stored in storage 2610, using version information and identification information, etc., which are received from a forming device 1000 images. The 2620 controller compares the ciphertext read with the ciphertext received. When both ciphertext are the same, controller 2620 determines that the ciphertext has not been manufactured, and controller 2620 controls the image forming apparatus 1000 to be in the waiting state for printing. When both ciphertext are different from each other, controller 2620 determines that the ciphertext has been manufactured, and controller 2620 blocks the use of the image-forming device 1000.
[0212] FIGS. 28 and 29 are seen illustrating exemplary embodiments of the present general inventive concept of a simple text and a cipher text corresponding to the versions, which are different from each other. In FIG. 28, when a plain text (version 1) 2820 is encoded by a key value 2810, according to version 1 in operation S2830, the cipher text (version 1) 2840 is generated. The ciphertext (version 1) 2840 can be stored in a non-volatile memory. As with the various exemplary embodiments of the present general inventive concept described above, when an initialization is performed, or when several operations are to be performed, CPU 1.30 reads an encoding code stored in a non-volatile memory (for example, non-volatile memory). volatile 200) or, that is, the ciphertext (version 1) 2840. CPU 130 decodes the ciphertext (version 1) 2840 using key value 2810 in operation S2850, which is the same as a key value (for example example, key 2810) used in coding in operation S2830, and generates plain text (version 1) 2820, and uses plain text (version 1) 2820.
[0213] FIG. 29 is an exemplary embodiment of a plain text and a cipher text, according to a version 2. Even if it is assumed that the key value 2810 in FIG. 29 is the same as the key value 2810 of version 1, the plain text 2920, according to version 2, is different from the plain text 2820 of version 1 and thus the cipher text 2940 after encoding in operation S2930 is also different from version 1. In operation S2950, ciphertext 2940 is decoded by CPU 130 in operation S2950 using key value 2810, in order to generate version 2 of plain text 2920, so that CPU 130 can use the plain text (version 2) 2920.
[0214] As such, a ciphertext, according to the version of the apparatus, is stored in each image forming apparatus and used, but a plurality of ciphertext corresponding to each of a plurality of versions may be stored in the host device 2600.
[0215] FIG. 30 illustrates a state, in which a key value is leaked and a code is violated. The 3020 ciphertext of the violated code is not an officially issued version, but it is a 3020 ciphertext, which was done by modifying an original text by a hacker, in order to generate a new plain text 3010 and then apply the key value 2810 (which has been exposed and / or leaked) to plain text 3010 during the S2930 and S2950 encoding and decoding operations, respectively. That is, the new plain text (that is, the violated code) 3010 is encoded in operation S2930 using key 2810 to form cipher text 3020. Cipher text 3020 is decoded in operation S2950 using key 2810 to form new text simple 3010 (ie, the violated code). When that ciphertext 3020 is stored in a non-volatile memory, CPU 130 must perform an initialization, as intended by a hacker, and therefore it is difficult to normally manage an image forming apparatus. However, here, the ciphertext is not registered on the host device 2600 and thus the host device 2600 can determine whether an image forming device 1000 is in the normal state or in the violated state by checking the cipher text.
[0216] Specifically, when information about the version of the image-forming device 1000 is not pre-stored version information, or even if it is information about the pre-stored version, when a cipher text corresponding to the version information is different from a cipher text from the image-forming apparatus 1000, controller 2620 determines that the information is in a violated state. Therefore, controller 2620 locks, using the corresponding image-forming apparatus 1000.
[0217] According to this exemplary embodiment, even when a key value is exposed, a firmware can be minimized and / or prevented from being modified by a hacker.
[0218] When an image-forming device initiates initialization, a master controller that includes the system-on-a-chip 100 can perform a task requested by a user, by controlling the operation of the various consumer units (for example, consumer units in an image-forming device 1000). As described in Fig. 10, the consumption units 1600-1 to 1600-n can be prepared in different ways, according to the type of the image-forming device 1000. One or more of the consumption units 1600-1 to 1600- cannot include CRUM 1610-1 to 1610-n chips.
[0219] CRUM 1610-1 to 1610-n chips can perform authentication between main controller 1100 (ie, which includes system-on-a-chip 100), and when authentication is complete, communication of encryption data can to be fulfilled. Authentication can be performed using several methods.
[0220] As an exemplary embodiment of the authentication process, if a main controller (for example, the main controller 1100) is to perform authentication, a request for authentication can be transmitted to a CRUM chip (for example, at least one of the CRUM 1610-1 to 1610-n chips). In that case, a main controller can transmit a first value to at least one CRUM chip. The main controller can generate a first value at random, or it can be a pre-stored fixed value. When an authentication request is received, a CRUM chip generates a second value (for example, the value can be generated at random), and the CRUM chip generates a session key, using a first value and a second value, then it generates a first MAC (Message Authentication Code). The CRUM chip can transmit ο the first generated MAC, together with the second value, to a main controller. A second value, as well as a first value, can be a random value and / or a fixed, random value. When the second value is received, the main controller generates a session key, using the first value and the second value, which are generated by the main controller, and generates a second MAC, using the session key. The main controller compares the second MAC with the first MAC and when they are the same, it determines that the authentication for the CRUM chip has been completed. In this process, the main controller checks the electronic signature information stored on the CRUM chip, and performs authentication.
[0221] When the first MAC is different from the second MAC, the main controller (for example, main controller 1100 illustrated in FIG. 10) determines that authentication has failed, and performs authentication again. In this, the frequency of performing authentication can be limited. Alternatively, authentication can be performed periodically by the main controller.
[0222] FIG. 31 is a flow chart illustrating a control method, according to the exemplary embodiment. As illustrated in FIG. 31, operation S3110 determines whether authentication of a CRUM chip was successful. When the authentication of the CRUM chip fails, an image-forming device stores the frequency of failures, by counting the number of failures in the S3120 operation. That is, in operation S3120, the number of times that a CRUM chip authentication is performed (and the number of authentication failures) can be counted and stored. The main controller (for example, the main controller 1100 shown in FIG. 10) or the system-on-a-chip (for example, the system-on-a-chip 100) of the image forming apparatus (for example, the image forming device 1000) determines whether the frequency of failures is greater than a predetermined threshold frequency in operation S3130.
[0223] When it is determined that the failure frequency is greater than the limit frequency in the S3130 operation, a penalty function is performed in the S3140 operation. Specifically, a voice message or a visual message indicating that authentication has failed can be issued, or the image forming device can be turned on, or changed to be in a state where printing is not possible. The connection between the corresponding CRUM chip and the main controller can be blocked, and an external host device or other server devices can be notified that authentication has failed.
[0224] When it is determined that the frequency is less than the limit frequency in the S3130 operation, the main controller consults a user, if the user wants to perform authentication again in the S3150 operation. Thus, when a user requests authentication again, the main controller performs authentication with the method described above in operation S3160.
[0225] When authentication is determined to be successful in the S3110 operation, the main controller performs encryption communication with the corresponding CRUM chip in the S3170 operation. For example, the main controller can transmit an encrypted communication message, encoding various data and commands, and the CRUM chip can respond with an encrypted communication message. The MAC can be used in the encrypted communication message. For example, when a communication message to be transmitted to the CRUM chip is generated, the main controller generates a third MAC through the application of a key and an encryption algorithm for the data. The communication message can be added by the third MAC, and can be transmitted to the CRUM chip.
[0226] A CRUM chip extracts pieces of data from the received communication message, and generates a fourth MAC by applying the key and encryption algorithm described above. The CRUM chip compares the third MAC read from the transmitted communication message and the fourth generated MAC. When it is determined that the third and fourth MAC are the same, it is considered a legitimate communication message, and an operation corresponding to the message is performed. When it is determined that the third and fourth MAC are different from each other, it is considered as an illegitimate communication message and, therefore, can be canceled.
[0227] As described above, according to various exemplary embodiments of the present general inventive concept, the violation of the image-forming apparatus can be minimized and / or prevented. In the various exemplary embodiments described above, this is explained on the basis of an image-forming apparatus for convenience, but the exemplary embodiments of the present general inventive concept are not limited to an operation of an image-forming apparatus. That is, for various types of electronic devices in addition to an image-forming device, the methods of the various exemplary embodiments described above can be applied.
[0228] The various previous methods or operations can be performed by a program, which is stored on a permanent computer-readable medium. Computer readable media refers to a medium, which stores semipermanent data, instead of storing data for a very short time, such as a record, a cache, and a memory, and can be read by a device. Specifically, the various applications or programs described above can be stored on a computer-readable medium, such as a compact disc (CD), a Digital Versatile Disc (DVD), a hard drive, a Blu-ray disc, a Universal Serial Bus (USB), a memory card, and a read-only memory (ROM), and can be provided.
[0229] Specifically, a computer-readable medium, which stores a program code, can perform initialization using initialization data, which is stored in the first memory of a system-on-a-chip. When initialization is performed, decoding of encrypted data, which is stored in a non-volatile memory using one of a plurality of encryption keys, which are stored in the first memory, can be performed. The decoded data can be in a second system-on-a-chip memory, and an initialization operation can be performed using data, which is stored in sequence in the second memory.
[0230] Although some embodiments of the present general inventive concept have been shown and described, it should be appreciated by those skilled in the art, that changes to these embodiments can be made, without departing from the principles and spirit of the general inventive concept, the scope of which is defined in the appended claims and their equivalents.

权利要求:
Claims (14)
[0001]
SYSTEM-IN-A-CHIP (100), characterized by the fact of understanding: a first memory (110) arranged to store a plurality of encryption keys; a second memory (120); a third memory (140) arranged to store an encryption key setting value; and a CPU (130) for decoding encrypted data, which is stored in an external non-volatile memory (200) using one of the plurality of encryption keys corresponding to the setting value of the encryption key, to authenticate the decoded data, to store the decoded data in the second memory, and to perform an initialization using said decoded data stored in the second memory, where the CPU is willing to change an address map of the first memory, if decryption and authentication are successful, so that the second memory is controlled to be accessed instead of the first memory.
[0002]
SYSTEM-IN-A-CHIP, according to claim 1, characterized in that the initialization data is stored in the first memory (110) separately from the plurality of encryption keys.
[0003]
SYSTEM-IN-A-CHIP, according to claim 2, characterized by the fact that it also comprises a first circuit (155) to restrict access to the CPU (130), through an external port for a predetermined time.
[0004]
SYSTEM-IN-A-CHIP, according to claim 3, characterized by the fact that, when the device is turned on, the first circuit (155) emits a deactivation signal to deactivate access to the CPU (130), and, when at least the decoding and authentication of the decoded data is completed, the first circuit generating an enabling signal to enable access to the CPU.
[0005]
SYSTEM-IN-A-CHIP, according to claim 4, characterized by the fact that the first circuit (155) comprises a first register (155-1), wherein, when the decryption and authentication of the decoded data is completed, the CPU (130) changes a storage value of the first record.
[0006]
SYSTEM-IN-A-CHIP, according to any one of claims 3 to 5, characterized in that it also comprises a second circuit (160) and a third circuit (165) to control access to the first memory (110).
[0007]
SYSTEM-IN-A-CHIP, according to claim 6 when it is dependent on claim 5, characterized in that the second circuit (160) comprises a second register (160-1), and the third circuit (165) comprises a third record (165-1), wherein, when the decryption and authentication of the decoded data is complete, the CPU (130) is arranged to store a control value to disable access to the first memory (110) in the second register, and stores a control value to change the access to the first memory, to access the second memory in the third register (120).
[0008]
SYSTEM-IN-A-CHIP according to any one of claims 1 to 7, characterized in that the CPU (130) is arranged to perform an infinite cycle when the decoding fails.
[0009]
SYSTEM-IN-A-CHIP according to any one of claims 1 to 8, characterized in that, when the device is switched on, the CPU (130) is arranged to identify a memory, which is designated by an adjustment value stored in the third memory (140) or on an external pin and, when the first memory (110) is designated, the CPU is arranged to perform secure initialization using the encrypted data and, when the second memory (120) is designated, the CPU will execute normal startup using unencrypted data, which is stored in non-volatile memory.
[0010]
SYSTEM-IN-A-CHIP, according to any one of claims 1 to 9, characterized in that the first memory (110) is a Read Only Memory (ROM) of a mask or ROM programmable only once (OTP), where the second memory (120) is a static random access memory (SRAM), where the third memory (140) is an electrically programmable fuse memory (EFUSE).
[0011]
IMAGE FORMATING DEVICE (1000) including a system-on-a-chip (100) as defined in claim 1, characterized by the fact that it comprises: consumer unit (1600-1), on which a customer replaceable unit monitoring chip (CRUM) (1610-1) is mounted; and controller (1100) to perform an image-forming task using the consumption unit and to update data recorded on the CRUM chip, according to the image-forming task, where the controller comprises: non-volatile memory (200) for recording encrypted data; and a system-on-a-chip as defined in claim 1.
[0012]
IMAGE FORMATING APPLIANCE, according to claim 11, characterized by the fact that, when an initialization event occurs, the system-on-a-chip (100) is arranged to restrict access to the CPU (130) through a port external for a predetermined time.
[0013]
METHOD OF INITIALIZING AN IMAGE FORMATING DEVICE (1000), comprising a non-volatile memory and a system-on-a-chip (100) as defined in claim 1, the method characterized by the fact that it comprises: initialize the image forming apparatus using initialization data, which is stored in a first memory (110) of the system-on-a-chip; when initialization is carried out, decode encrypted data, which is stored in non-volatile memory (200), using one of a plurality of encryption keys, which are stored in the first memory; authenticate the decoded data; storing the decoded data in a second memory (120) of the system-on-a-chip; perform an initialization operation using said decoded data, which is stored in the second memory; and change an address map of the first memory, if decryption and authentication are successful, so that the second memory is controlled to be accessed instead of the first memory.
[0014]
METHOD, according to claim 13, characterized by the fact that it still comprises: when the image-forming apparatus is switched on, identify a memory that is designated according to an input value inserted via a third memory (140) of the system-on-a-chip or an external pin; and when the designated memory is the first memory (110), disable access to a system-on-a-chip CPU (130).

类似技术:

---

公开号 | 公开日 | 专利标题

---

BR102013031549B1|2021-01-26|system-on-a-chip, image-forming device, and method of initializing an image-forming device

---

US10878098B2|2020-12-29|System on chip to perform a secure boot, an image forming apparatus using the same, and method thereof

---

US20140164753A1|2014-06-12|System on chip for performing secure boot, image forming apparatus using the same, and method thereof

---

BRPI0909781B1|2020-12-01|apparatus and method for performing cryptographic data communication

---

JP4982825B2|2012-07-25|Computer and shared password management methods

---

US9436812B2|2016-09-06|Platform-hardened digital rights management key provisioning

---

KR20140019599A|2014-02-17|Method of managing key for secure storage of data, and and apparatus there-of

---

KR20190063264A|2019-06-07|Method and Apparatus for Device Security Verification Utilizing a Virtual Trusted Computing Base

---

TW200405963A|2004-04-16|Sleep protection

---

ES2710437T3|2019-04-25|CRUM chip and image formation device for authentication and communication, and methods thereof

---

Meijer et al.2019|Self-encrypting deception: weaknesses in the encryption of solid state drives

---

US20210266183A1|2021-08-26|Dynamic certificate management as part of a distributed authentication system

---

BR112015010401B1|2021-10-19|SYSTEM ON A CHIP TO PERFORM A SAFE BOOT.

---

CN112789574A|2021-05-11|Secure boot via system and power management microcontroller

---

US10798108B2|2020-10-06|Apparatus and method for a multi-entity secure software transfer

---

CN109583196B|2021-01-08|Key generation method

---

CN109598150B|2021-01-08|Key using method

---

Holoubková2018|Rešerše a ukázka zabezpečení platformy |

---

CN112384922A|2021-02-19|Encryption key distribution

---

BR102013021326B1|2021-12-21|IMAGE FORMING DEVICE, CRUM CHIP COMMUNICABLE WITH AN IMAGE FORMING DEVICE, AUTHENTICATION METHOD OF AN IMAGE FORMING DEVICE, AND AUTHENTICATION METHOD OF A CRUM CHIP COMMUNICABLE WITH AN IMAGE FORMING DEVICE

---

BRPI0909684B1|2019-07-23|IMAGE TRAINING APPARATUS, CRUM UNIT, REPLACABLE UNIT AND METHOD FOR REPORTING ENCRYPTED DATA

同族专利:

---

公开号 | 公开日

---

CN103853983A|2014-06-11|

---

CN104871169B|2018-02-06|

---

WO2014088239A1|2014-06-12|

---

CN104871169A|2015-08-26|

---

EP2741228B1|2020-03-18|

---

RU2013154083A|2015-06-10|

---

AU2013355648B2|2018-12-06|

---

KR20140073384A|2014-06-16|

---

JP2016510444A|2016-04-07|

---

KR20140073397A|2014-06-16|

---

AU2013355576A1|2015-04-09|

---

AU2013355648A1|2015-04-16|

---

BR102013031549A2|2016-02-16|

---

CN103853983B|2019-04-12|

---

RU2628325C2|2017-08-15|

---

BR112015010401A2|2017-07-11|

---

EP2741228A3|2014-08-13|

---

JP2016511848A|2016-04-21|

---

EP2907068A4|2016-12-21|

---

EP2907068B1|2019-01-09|

---

RU2651213C2|2018-04-18|

---

RU2015126874A|2017-01-13|

---

EP2741228A2|2014-06-11|

---

KR101915005B1|2019-01-07|

---

EP2907068A1|2015-08-19|

---

ZA201504606B|2016-06-29|

引用文献:

---

公开号 | 申请日 | 公开日 | 申请人 | 专利标题

---

---

US7249108B1|1997-07-15|2007-07-24|Silverbrook Research Pty Ltd|Validation protocol and system|

---

US6141756A|1998-04-27|2000-10-31|Motorola, Inc.|Apparatus and method of reading a program into a processor|

---

CN1132333C|1998-08-04|2003-12-24|日本电气株式会社|Radio communication system having rolling display control function|

---

US7814337B2|2000-01-06|2010-10-12|Super Talent Electronics, Inc.|Secure flash-memory card reader with host-encrypted data on a flash-controller-mastered bus parallel to a local CPU bus carrying encrypted hashed password and user ID|

---

US6986052B1|2000-06-30|2006-01-10|Intel Corporation|Method and apparatus for secure execution using a secure memory partition|

---

DE10108487A1|2001-02-22|2002-09-12|Giesecke & Devrient Gmbh|Method and system for the distributed creation of a program for a programmable, portable data carrier|

---

JP4349788B2|2002-10-31|2009-10-21|パナソニック株式会社|Semiconductor integrated circuit device|

---

CN1836251A|2003-06-19|2006-09-20|高通股份有限公司|Apparatus and method for multiple function authentication device|

---

US9547623B2|2003-07-02|2017-01-17|Sigmatel, Inc.|Flexible memory interface system for independently processing different portions of an instruction|

---

JP2005227995A|2004-02-12|2005-08-25|Sony Corp|Information processor, information processing method and computer program|

---

US20070083491A1|2004-05-27|2007-04-12|Silverbrook Research Pty Ltd|Storage of key in non-volatile memory|

---

US8725123B2|2008-06-05|2014-05-13|Headwater Partners I Llc|Communications device with secure data path processing agents|

---

JP4447977B2|2004-06-30|2010-04-07|富士通マイクロエレクトロニクス株式会社|Secure processor and program for secure processor.|

---

US8332653B2|2004-10-22|2012-12-11|Broadcom Corporation|Secure processing environment|

---

US20070288761A1|2006-06-09|2007-12-13|Dale Jason N|System and method for booting a multiprocessor device based on selection of encryption keys to be provided to processors|

---

US8467528B2|2006-08-31|2013-06-18|Advanced Micro Devices, Inc.|Multimedia content protection|

---

US7636816B2|2006-09-29|2009-12-22|Broadcom Corporation|Global address space management|

---

US7809934B2|2006-10-13|2010-10-05|Texas Instruments Incorporated|Security measures for preventing attacks that use test mechanisms|

---

US20080294838A1|2007-05-25|2008-11-27|Agere Systems Inc.|Universal boot loader using programmable on-chip non-volatile memory|

---

JP4865694B2|2007-12-28|2012-02-01|ラピスセミコンダクタ株式会社|Processor device|

---

US20090172420A1|2007-12-31|2009-07-02|Kabushiki Kaisha Toshiba|Tamper resistant method and apparatus for a storage device|

---

US20090204823A1|2008-02-07|2009-08-13|Analog Devices, Inc.|Method and apparatus for controlling system access during protected modes of operation|

---

KR101484110B1|2008-02-29|2015-01-28|삼성전자주식회사|Memory controller and memory device thereof|

---

KR101012398B1|2008-03-03|2011-02-11|삼성전자주식회사|Module for using O/S and image forming device for using it|

---

US8156317B2|2008-05-16|2012-04-10|Ati Technologies Ulc|Integrated circuit with secure boot from a debug access port and method therefor|

---

US8954804B2|2008-07-15|2015-02-10|Ati Technologies Ulc|Secure boot circuit and method|

---

KR101460665B1|2008-07-16|2014-11-12|삼성전자주식회사|SoC DEVICE VERIFICATION MODEL USING MEMORY INTERFACE|

---

KR101244795B1|2008-07-23|2013-03-18|마이크로 모우션, 인코포레이티드|Processing system with external memory access control|

---

US8594333B2|2008-09-05|2013-11-26|Vixs Systems, Inc|Secure key access with one-time programmable memory and applications thereof|

---

US8589700B2|2009-03-04|2013-11-19|Apple Inc.|Data whitening for writing and reading data to and from a non-volatile memory|

---

US8484451B2|2010-03-11|2013-07-09|St-Ericsson Sa|Method and apparatus for software boot revocation|US11013408B2|2014-03-19|2021-05-25|Ascensia Diabetes Care Holdings Ag|Clinical data obfuscation and enhancement systems and methods for wireless medical devices|

---

CN104065668A|2014-07-04|2014-09-24|福州大学|Method for improving security of user management system by adopting layering defense mode|

---

KR102208072B1|2014-09-01|2021-01-27|삼성전자주식회사|Data processing system|

---

JP6430847B2|2015-02-05|2018-11-28|株式会社メガチップス|Semiconductor memory device|

---

DE102015001801A1|2015-02-16|2016-08-18|IAD Gesellschaft für Informatik, Automatisierung und Datenverarbeitung mbH|Autonomous booting system with encryption of the entire data memory and method therefor|

---

KR101711926B1|2015-07-07|2017-03-06|이더블유비엠|SoC having security features, and security method for SoC|

---

US10025600B2|2015-10-02|2018-07-17|Google Llc|NAND-based verified boot|

---

US9864879B2|2015-10-06|2018-01-09|Micron Technology, Inc.|Secure subsystem|

---

CN105760750B|2016-02-01|2019-06-14|北京华胜天成科技股份有限公司|Software tamper Detection method and system|

---

EP3465521A4|2016-05-27|2020-01-22|Hewlett-Packard Development Company, L.P.|Firmware module encryption|

---

US10855462B2|2016-06-14|2020-12-01|Honeywell International Inc.|Secure in-band upgrade using key revocation lists and certificate-less asymmetric tertiary key pairs|

---

KR101954439B1|2016-07-13|2019-03-06|이더블유비엠|Soc having double security features, and double security method for soc|

---

CN108229196B|2016-12-09|2021-09-07|上海新微技术研发中心有限公司|SOC chip with physical protection mechanism of storage unit and method|

---

US10587421B2|2017-01-12|2020-03-10|Honeywell International Inc.|Techniques for genuine device assurance by establishing identity and trust using certificates|

---

US10503892B2|2017-06-25|2019-12-10|Microsoft Technology Licensing, Llc|Remote attestation for multi-core processor|

---

US10402567B2|2017-06-25|2019-09-03|Microsoft Technology Licensing, Llc|Secure boot for multi-core processor|

---

US10708061B2|2017-06-25|2020-07-07|Microsoft Technology Licensing, Llc|Secure key storage for multi-core processor|

---

KR20190036779A|2017-09-28|2019-04-05|경희대학교 산학협력단|Method and system for secure firmware update|

---

TWI666556B|2018-03-27|2019-07-21|緯創資通股份有限公司|Electronic device and operating method thereof|

---

CN108595981B|2018-05-09|2021-07-20|深圳市桑格尔科技股份有限公司|Method for encrypting android system|

---

CN109491712B|2018-11-01|2021-09-10|北京京航计算通讯研究所|Trusted boot method suitable for VxWorks environment|

---

CN109376550A|2018-11-01|2019-02-22|郑州云海信息技术有限公司|A kind of starting control method, device and the equipment of target component|

---

CN109672521A|2018-12-26|2019-04-23|贵州华芯通半导体技术有限公司|Safe storage system and method based on encription algorithms approved by the State Password Administration Committee Office engine implementation|

---

US10833929B2|2018-12-27|2020-11-10|Juniper Networks, Inc.|Secure remote bootstrapping of network device|

---

KR20210041932A|2019-10-08|2021-04-16|한화테크윈 주식회사|Secure booting apparatus and operation method thereof|

---

CN111290977B|2020-01-16|2021-11-16|芯创智（北京）微电子有限公司|Register access system and method based on DDR multi-data unit|

---

KR102266163B1|2021-04-06|2021-06-17|주식회사 틴텍|Method for setting configuration parameters in printing apparatus|

法律状态:
2016-02-16| B03A| Publication of a patent application or of a certificate of addition of invention [chapter 3.1 patent gazette]|

---

2017-06-13| B25A| Requested transfer of rights approved|Owner name: S-PRINTING SOLUTION CO., LTD. (KR) |

---

2018-11-21| B06F| Objections, documents and/or translations needed after an examination request according [chapter 6.6 patent gazette]|

---

2018-12-04| B25D| Requested change of name of applicant approved|Owner name: HP PRINTING KOREA CO., LTD. (KR) |

---

2020-01-28| B25A| Requested transfer of rights approved|Owner name: HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P. (US) |

---

2020-06-02| B06U| Preliminary requirement: requests with searches performed by other patent offices: procedure suspended [chapter 6.21 patent gazette]|

---

2020-12-22| B09A| Decision: intention to grant [chapter 9.1 patent gazette]|

---

2021-01-26| B16A| Patent or certificate of addition of invention granted|Free format text: PRAZO DE VALIDADE: 20 (VINTE) ANOS CONTADOS A PARTIR DE 06/12/2013, OBSERVADAS AS CONDICOES LEGAIS. |

优先权:

---

申请号 | 申请日 | 专利标题

---

US201261734158P| true| 2012-12-06|2012-12-06|

---

US61/734,158|2012-12-06|

---

KR1020130029218A|KR20140073384A|2012-12-06|2013-03-19| system on chip for performing secure boot, image forming apparatus comprising it, and methods thereof |

---

KR10-2013-0029218|2013-03-19|

---

KR1020130091667A|KR101915005B1|2012-12-06|2013-08-01|System on chip for performing secure boot, image forming apparatus comprising it, and methods thereof|

---

KR10-2013-0091667|2013-08-01|

---