Method for selective software rollback
US-8978160-B2 · Mar 10, 2015 · US
Method and apparatus for preventing software version rollback
US9965268B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9965268-B2 |
| Application number | US-201615201757-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jul 5, 2016 |
| Priority date | Jul 7, 2015 |
| Publication date | May 8, 2018 |
| Grant date | May 8, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
This invention prevents rollback of firmware of an information processing apparatus. The apparatus including a security chip includes a counter which holds a value which monotonically increases, a version management unit which manages a current version number of software in the apparatus, a first verification unit which verifies validity of update software of the software and a version number of the update software, a rollback detection unit which detects whether a version of the update software is newer than a version of the current software, an update unit which updates the software using the update software, and a second verification unit which verifies whether the update unit has successfully updated the software. If the software has been successfully updated, the version management unit increases the value held in the counter until the value matches the version number of the update software.
First claim
Opening claim text (preview).
What is claimed is: 1. An information processing apparatus, comprising: a security chip including a counter which monotonically increases a counter value; a central processing unit (CPU); and a memory storing a version number and a hash value, delivered software having the version number and the hash value, and an updater program to be executed by the CPU, wherein the updater program causes the CPU to: manage a current version number and a current hash value of the software having been installed in the information processing apparatus by the counter value held in the counter included in the security chip; verify validity of the delivered software, the version number of the delivered software, and the hash value of the delivered software and, if verification has failed, interrupt updating of the software; if verification succeeds, determine, by comparing the version number of the delivered software with the current version number of the software held in the counter included in the security chip, whether the version number of the delivered software is newer than the current version number of the software, and, if it is determined that the version number of the delivered software is not newer than the current version number, interrupt updating of the software; update the software using the delivered software if it is determined that the version number of the delivered software is newer than the current version number; verify whether the software has successfully updated, and, if the software has not successfully updated, restore the software having the current version number prior to updating; and if it is verified that the software has been successfully updated, increase the version number held in the counter included in the security chip until the version number matches the version number of the delivered software. 2. The apparatus according to claim 1 , wherein the security chip includes an access controllable nonvolatile memory, wherein when the counter, in response to receiving a request of increasing the version number, requests an authorization secret as a password, and if the authorization secret is correct, increases the version number, and the authorization secret is saved in the access controllable nonvolatile memory when no software activated in the information processing apparatus is altered. 3. The apparatus according to claim 2 , wherein the authorization secret is saved in the access controllable nonvolatile memory which undergoes access control to be accessible when an OS of the information processing apparatus is inactive. 4. The apparatus according to claim 2 , wherein the updater program causes the CPU to verify validity of the delivered software and the version number of the delivered software, using a root certificate as a public key certificate, and the root certificate is saved in the access controllable nonvolatile memory which undergoes access control to be accessible when no software activated in the information processing apparatus is altered. 5. The apparatus according to claim 2 , wherein the authorization secret is encrypted using the security chip so as to be decrypted when no software activated in the information processing apparatus is altered. 6. A control method for an information processing apparatus, comprising: holding a counter value in a security chip including a counter which monotonically increases the counter value; managing a current version number and a current hash value of software stored in a memory of the information processing apparatus by the counter value held in the counter included in the security chip; verifying validity of the delivered software, the version number of the delivered software, and the hash value of the delivered software and, if verification has failed, interrupting updating of the software; if verification succeeds, determining, by comparing the version number of the delivered software with the current version number of the software held in the counter included in the security chip, whether the current version number of the software is newer than the current version number of the software, and, if it is determined that the version number of the delivered software is not newer than the current version number, interrupting updating of the software; updating the software using the delivered software if it is determined that the version number of the delivered software is newer than the current version number; verifying whether the software has been successfully updated, and if the software has not successfully updated, restore the software having the current version number prior to updating and if it is verified that the software has been successfully updated, increasing, in the managing, the version number held by the counter included in the security chip until the version number matches the version number of the delivered software. 7. A non-transitory computer-readable storage medium storing a program to be executed by a processor of an information processing apparatus, wherein the processor: holds a counter value in a security chip including a counter which monotonically increases the counter value, manages a current version number and a current hash value of software stored in a memory of the information processing apparatus by the counter value held in the counter included in the security chip, verifies validity of the delivered software, the version number of the delivered software, and the hash value of the delivered software and, if verification has failed, interrupts updating of the software, if verification succeeds, determines, by comparing the version number of the delivered software with the current version number of the software held in the counter included in the security chip, whether the current version number of the software is newer than the current version number of the software, and if it is determined that the version number of the delivered software is not newer than the current version number, interrupts updating of the software, updates the software using the delivered software if it is determined that the version number of the delivered software is newer than the current version number, verifies whether the software has been successfully updated, and if the software has not successfully updated, restores the software having the current version number prior to updating, and if it is verified that the software has been successfully updated, increasing, in the management, the version number held by the counter included in the security chip until the version number matches the version number of the delivered software.
Assignees
Inventors
Classifications
- G06F8/65Primary
Updates (security arrangements therefor G06F21/57) · CPC title
Error detection or correction of the data by redundancy in operations (error detection or correction of the data by redundancy in hardware G06F11/16) · CPC title
Version control (security arrangements therefor G06F21/57); Configuration management · CPC title
- G06F8/654Primary
using techniques specially adapted for alterable solid state memories, e.g. for EEPROM or flash memories · CPC title
during software upgrading · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9965268B2 cover?
- This invention prevents rollback of firmware of an information processing apparatus. The apparatus including a security chip includes a counter which holds a value which monotonically increases, a version management unit which manages a current version number of software in the apparatus, a first verification unit which verifies validity of update software of the software and a version number o…
- Who is the assignee on this patent?
- Canon Kk
- What technology area does this patent fall under?
- Primary CPC classification G06F8/65. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue May 08 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).