CN110536042B - Image forming apparatus, control method thereof, and storage medium - Google Patents

Image forming apparatus, control method thereof, and storage medium Download PDF

Info

Publication number
CN110536042B
CN110536042B CN201910832398.8A CN201910832398A CN110536042B CN 110536042 B CN110536042 B CN 110536042B CN 201910832398 A CN201910832398 A CN 201910832398A CN 110536042 B CN110536042 B CN 110536042B
Authority
CN
China
Prior art keywords
program
verified
imaging controller
image forming
security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910832398.8A
Other languages
Chinese (zh)
Other versions
CN110536042A (en
Inventor
尹爱国
覃祖料
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhuhai Pantum Electronics Co Ltd
Original Assignee
Zhuhai Pantum Electronics Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhuhai Pantum Electronics Co Ltd filed Critical Zhuhai Pantum Electronics Co Ltd
Priority to CN201910832398.8A priority Critical patent/CN110536042B/en
Publication of CN110536042A publication Critical patent/CN110536042A/en
Priority to PCT/CN2020/095310 priority patent/WO2020259285A1/en
Application granted granted Critical
Publication of CN110536042B publication Critical patent/CN110536042B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N1/00Scanning, transmission or reproduction of documents or the like, e.g. facsimile transmission; Details thereof
    • H04N1/00002Diagnosis, testing or measuring; Detecting, analysing or monitoring not otherwise provided for
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N1/00Scanning, transmission or reproduction of documents or the like, e.g. facsimile transmission; Details thereof
    • H04N1/00002Diagnosis, testing or measuring; Detecting, analysing or monitoring not otherwise provided for
    • H04N1/00026Methods therefor
    • H04N1/00042Monitoring, i.e. observation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N1/00Scanning, transmission or reproduction of documents or the like, e.g. facsimile transmission; Details thereof
    • H04N1/00002Diagnosis, testing or measuring; Detecting, analysing or monitoring not otherwise provided for
    • H04N1/00071Diagnosis, testing or measuring; Detecting, analysing or monitoring not otherwise provided for characterised by the action taken
    • H04N1/00082Adjusting or controlling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N1/00Scanning, transmission or reproduction of documents or the like, e.g. facsimile transmission; Details thereof
    • H04N1/44Secrecy systems

Landscapes

  • Engineering & Computer Science (AREA)
  • Multimedia (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Facsimiles In General (AREA)

Abstract

The invention relates to an image forming apparatus, a control method thereof, and a storage medium, the image forming apparatus including an imaging controller configured to control the image forming apparatus to perform an imaging operation; a nonvolatile memory configured to store a program to be verified; the safety chip is configured to read a program to be verified stored in the nonvolatile memory, perform safety verification on the program to be verified and send the program to be verified to a program loader to be verified corresponding to the imaging controller, and the program loader to be verified starts to execute the program to be verified after receiving the program to be verified; in the process of carrying out safety verification on the program to be verified by the safety chip, if the safety chip determines that the program to be verified does not meet the safety requirement and the current imaging controller is executing the program to be verified, the safety chip controls the imaging controller to stop executing the program to be verified. The image forming device can well ensure the safety of information processing of the image forming device.

Description

Image forming apparatus, control method thereof, and storage medium
Technical Field
The present invention relates to the field of image forming technologies, and in particular, to an image forming apparatus, a control method thereof, and a storage medium.
Background
With the progress of electronic science and technology, the development of Image forming apparatuses (Image forming apparatuses) is more and more mature, but as a computer peripheral, the Image forming apparatuses are vulnerable to attack by lawless persons (e.g. hackers), and for example, a laser printer (one of various types of Image forming apparatuses) with scanning and/or facsimile functions, the data of scanning or facsimile may carry confidential data of a user, and even on a photosensitive drum of a core part in laser imaging, the confidential data to be printed by the user may be carried; once the data is leaked, unnecessary troubles are brought to users; if a company or government confidential department's office is involved, the company or government may also be compromised if confidential data carried by the image forming apparatus is compromised. At present, a security chip is usually arranged in the prior art to monitor the operation of a controller (imaging controller 1) of an image forming apparatus, but no reliable scheme is available at present to ensure the security of information processing of the image forming apparatus.
Disclosure of Invention
Embodiments of the present invention provide an image forming apparatus, a control method thereof, and a storage medium, which can solve a problem that a reliable scheme does not exist at present, and can well ensure security of information processing of the image forming apparatus.
In a first aspect, an embodiment of the present invention provides an image forming apparatus including: an imaging controller configured to control the image forming apparatus to perform an imaging operation;
a nonvolatile memory configured to store a program to be verified, the program to be verified being a program for the image forming apparatus to run;
the safety chip is configured to read the program to be verified stored in the nonvolatile memory after the image forming device is powered on, perform safety verification on the program to be verified and send the program to be verified to a program loader to be verified corresponding to the imaging controller, and the program loader to be verified starts to execute the program to be verified after receiving the program to be verified;
in the process of performing security check on the program to be checked by the security chip, if the security chip determines that the program to be checked does not meet the security requirement and the imaging controller is executing the program to be checked currently, the security chip controls the imaging controller to stop executing the program to be checked.
Optionally, during the process of reading the program to be verified or after the program to be verified is read, the security chip performs security verification on the read program to be verified, and sends the read program to be verified to the program loader to be verified.
Optionally, during reading the program to be verified or after reading the program to be verified, the security chip performs security verification on the read program to be verified, and sends the read program to be verified to the program loader to be verified only after it is determined that the read program to be verified meets the security requirement.
Optionally, the program to be verified includes a start program, and the start program is a program required by the imaging controller to complete start; if the safety chip determines that the starting program does not meet the safety requirement and the imaging controller is executing the starting program currently, the safety chip controls the imaging controller to stop executing the starting program firstly and then controls the imaging controller to reset so that the imaging controller returns to the initial state; or the safety chip controls the imaging controller to stop executing the starting program firstly, and then controls the imaging controller to power off.
Optionally, the security chip is connected to a reset terminal of the imaging controller, and the security chip resets the imaging controller by sending a reset enable signal to the reset terminal of the imaging controller.
Optionally, the image forming apparatus further includes a power module and a power switch, the power switch is connected between the power module and the imaging controller, and the security chip controls the power switch to be turned off and/or generates an enable disable signal to an enable end of the power module to power off the imaging controller.
Optionally, the to-be-verified program includes at least one application program, and if the security chip determines that a first application program in the at least one application program does not meet security requirements, the security chip prohibits the imaging controller from executing the first application program.
In a second aspect, an embodiment of the present invention provides a method for controlling an image forming apparatus, the image forming apparatus including an imaging controller, a nonvolatile memory, and a security chip, wherein the imaging controller is configured to control the image forming apparatus to perform an imaging operation, the nonvolatile memory is configured to store a program to be verified, and the program to be verified is a program for the image forming apparatus to run;
the method comprises the following steps:
after the image forming device is powered on, the safety chip reads the program to be verified stored in the nonvolatile memory, performs safety verification on the program to be verified and sends the program to be verified to a program loader to be verified corresponding to the imaging controller, and the program loader to be verified starts to execute the program to be verified after receiving the program to be verified;
in the process of performing security check on the program to be checked by the security chip, if the security chip determines that the program to be checked does not meet the security requirement and the imaging controller is executing the program to be checked currently, the security chip controls the imaging controller to stop executing the program to be checked.
The reading of the program to be verified stored in the nonvolatile memory, the security verification of the program to be verified, and the sending of the program to be verified to the program loader to be verified corresponding to the imaging controller specifically include:
and the safety chip performs safety verification on the read program to be verified in the process of reading the program to be verified or after the program to be verified is read, and simultaneously sends the read program to be verified to the loader of the program to be verified.
Optionally, the reading the program to be verified stored in the nonvolatile memory, performing security verification on the program to be verified, and sending the program to be verified to a program loader to be verified corresponding to the imaging controller specifically includes:
the safety chip firstly carries out safety verification on the read program to be verified in the process of reading the program to be verified or after the program to be verified is read, and only after the read program to be verified meets the safety requirement is determined, the read program to be verified is sent to the loader of the program to be verified.
Optionally, the program to be verified includes a start program, and the start program is a program required by the imaging controller to complete start;
if the security chip determines that the program to be verified does not meet the security requirement and the imaging controller is executing the program to be verified currently, the security chip controls the imaging controller to stop executing the program to be verified, and the method specifically includes:
if the safety chip determines that the starting program does not meet the safety requirement and the imaging controller is executing the starting program currently, the safety chip controls the imaging controller to stop executing the starting program firstly and then controls the imaging controller to reset so that the imaging controller returns to the initial state; or the safety chip controls the imaging controller to stop executing the starting program firstly, and then controls the imaging controller to power off.
Optionally, the security chip is connected to a reset terminal of the imaging controller, and the security chip resets the imaging controller by sending a reset enable signal to the reset terminal of the imaging controller.
In a third aspect, an embodiment of the present invention provides a storage medium, where the storage medium includes a stored program, and when the program runs, a device in which the storage medium is located is controlled to execute the method.
In a fourth aspect, embodiments of the present invention provide an image forming apparatus comprising a memory for storing information including program instructions and a processor for controlling the execution of the program instructions, which when loaded and executed by the processor implement the steps of the method described above.
The imaging controller and the safety chip can acquire the program to be verified from the nonvolatile memory at the same time without additionally configuring corresponding hardware circuits, so that the circuit structure is further simplified, and the cost is saved.
Drawings
The invention is further illustrated with reference to the following figures and examples.
Fig. 1 is a schematic block diagram of an image forming apparatus according to an embodiment of the present invention;
FIGS. 2 to 6 are hardware block diagrams of an image forming apparatus according to various embodiments of the present invention;
fig. 7 is a flowchart of a control method of an image forming apparatus according to still another embodiment of the present invention;
fig. 8 is a schematic block diagram of an image forming apparatus according to still another embodiment of the present invention.
DETAILED DESCRIPTION OF EMBODIMENT (S) OF INVENTION
For better understanding of the technical solutions of the present invention, the following detailed descriptions of the embodiments of the present invention are provided with reference to the accompanying drawings.
It should be understood that the described embodiments are only some embodiments of the invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The terminology used in the embodiments of the invention is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in the examples of the present invention and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should be understood that the term "and/or" as used herein is merely one type of association that describes an associated object, meaning that three relationships may exist, e.g., a and/or B may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" herein generally indicates that the former and latter related objects are in an "or" relationship.
Referring to fig. 1, an image forming apparatus according to an embodiment of the present invention includes:
an imaging controller 1 configured to control an image forming apparatus to perform an imaging operation;
a nonvolatile memory 3 configured to store a program to be verified, the program to be verified being a program for the image forming apparatus to run;
the safety chip 2 is configured to read a program to be verified stored in the nonvolatile memory 3 after the image forming apparatus is powered on, perform safety verification on the program to be verified and send the program to be verified to a program loader to be verified corresponding to the imaging controller 1, and the program loader to be verified starts to execute the program to be verified after receiving the program to be verified;
in the process of performing the security check on the program to be checked by the security chip 2, if the security chip 2 determines that the program to be checked does not meet the security requirement and the current imaging controller 1 is executing the program to be checked, the security chip 2 controls the imaging controller 1 to stop executing the program to be checked.
It should be noted that, the security chip 2 may perform security verification on the program to be verified statically and/or dynamically, for example, the security chip 2 reads the program to be verified stored in the nonvolatile memory 3 and prepares to send the program to be verified to the corresponding program loader to be verified of the imaging controller 1; for example, the imaging controller 1 may start executing the program to be verified after the program to be verified loader receives the program to be verified.
It can be understood that the security chip 2 is used for performing security verification on the program to be executed by the imaging controller 1, and when the program to be verified does not meet the security requirement, the security chip 2 controls the imaging controller 1 to stop executing the program to be verified, so that the imaging controller 1 is monitored by the security chip 2 in the whole process in the running process, the security of the image forming device can be well ensured, and the reliability is good. Meanwhile, the program to be executed by the imaging controller 1 is sent to the imaging controller 1 through the security chip 2, and the imaging controller 1 and the security chip 2 can simultaneously acquire the program to be verified from the nonvolatile memory 3 without additionally configuring corresponding hardware circuits, so that the circuit structure is further simplified, and the cost is saved.
Specifically, the image forming apparatus denotes an apparatus that prints print data generated by a computer, for example, on a recording medium such as printing paper. Examples of image forming apparatuses include, but are not limited to, copiers, printers, facsimile machines, scanners, and multi-function peripherals that perform the above functions in a single device.
Specifically, the imaging controller 1 is an SoC (System on Chip) configured to control an imaging processing operation of the image forming apparatus, and the SoC is used to perform processing operations related to data transceiving, command transceiving, and engine control, for example, how to transceive data, commands, statuses, and the like through an application program calling an interface unit (including, but not limited to, a USB port, a wired network port, a wireless network port, and the like), and may also obtain received printing parameters through the application program and resolve into commands for controlling an engine mechanism to execute specific functions, such as LSU exposure parameters, pickup roller rotation parameters, and the like; in addition, for an image forming apparatus having a user authority authentication or encryption/decryption processing function, the SoC is also configured to be able to execute the user authority authentication or encryption/decryption processing function, and the interface unit in the image forming apparatus is also able to receive print job data and print, scan, fax commands from the driving apparatus, or transmit scan, fax data, print, scan, fax status information, etc., and the security chip 2 exchanges predetermined security rules, logs, etc. with the security monitoring server.
Specifically, the secure chip 2 includes a trusted computing supervision module for monitoring operation activities corresponding to an imaging controller 1(SoC) in the image forming apparatus; trusted Computing (Trusted Computing) in the security chip 2 is generated for security of behaviors, and is widely used in computers and communication systems to improve security of the entire system. Information security includes four aspects: equipment safety, data safety, content safety and behavior safety; in order to further improve the behavior safety characteristic of the image forming apparatus, the embodiment introduces a trusted computing function; the functional module corresponding to the security chip 2 mentioned in this embodiment includes four functions: a program (or module) start/run monitoring function (such as a white list strategy), a registration function, an audit function and an upgrade monitoring function, wherein specifically, the security chip 2 is responsible for monitoring a driver layer module of an operating system (such as a Linux system) of the image forming device and for monitoring an application layer program of the image forming device, the security chip 2 only allows the driver and the program in a white list range to run, and the driver and the program in a non-white list range do not allow the driver and the program to run; the security chip 2 records or reports security event behaviors occurring on the image forming apparatus, so that the driving layer and the application layer of the image forming apparatus can be comprehensively monitored, and unsafe behaviors of an application program and a device driver of the imaging controller 1 can be effectively prevented.
And a nonvolatile memory 3 connected to the security chip 2, wherein the nonvolatile memory 3 may be a NOR flash, a NAND flash, an EEPROM (erasable programmable read only memory), a FRAM (ferroelectric memory), an MRAM (magnetic RAM), an NVSRAM (nonvolatile static memory), or the like.
The program loader to be verified may be, for example, a RAM (random access memory), an SRAM (static random access memory), a DDR (double data rate synchronous dynamic random access memory), or the like, and may be a loader inside the imaging controller 1 or an external loader connected to the imaging controller 1.
In one or more embodiments of the present invention, the program to be verified includes a Boot program, an Operating System (OS) program, and an application program, where the Boot program is a program required by the imaging controller 1 to complete booting, such as a Boot program and a Boot program, the Boot program and the Boot program are Boot programs that the imaging controller 1 needs to be loaded when the image forming apparatus is booted, and the number of the application programs is at least one. In other embodiments, the program to be verified may also include only the application program.
Referring to fig. 2, in the embodiment of the present invention, a security chip 2 is communicatively connected to a nonvolatile memory 3 through a first communication bus (for example, the SPI bus 1 shown in fig. 2) and is configured to read a program to be verified from the nonvolatile memory 3, and the security chip 2 is communicatively connected to an imaging controller 1 through a second communication bus (for example, the SPI bus 2 shown in fig. 2) and is configured to send the read program to be verified to a program loader to be verified, which is built in the imaging controller 1.
Further, in this embodiment, the security chip 2 performs security verification on the program to be verified and sends the program to be verified to the program loader to be verified corresponding to the imaging controller 1, which may specifically include:
the safety chip 2 performs safety check on the read program to be checked in the process of reading the program to be checked or after the program to be checked is read, and simultaneously sends the read program to be checked to the loader of the program to be checked.
Optionally, the security chip 2 may start to verify the program to be verified after reading all the programs to be verified, and send the program to be verified to the program loader to be verified while verifying; or, in the process of reading the program to be verified, the security chip 2 performs security verification on the currently read program to be verified, and sends the currently read program to be verified to the program loader to be executed, or, when the security chip 2 finishes reading a part of the program (for example, a Boot program) in the program to be verified, the security chip 2 performs security verification on the part of the program, and sends the part of the program to the program loader to be verified at the same time, and then performs verification and execution of other parts of programs (a Uboot program, an operating system program, and the like) in sequence.
Optionally, the security chip 2 may also perform security verification on the read program to be verified in the process of the program to be verified, and simultaneously send the read program to be verified to the program loader to be verified; further optionally, taking the Boot program as an example, dividing the Boot program into a plurality of small segments, respectively verifying each small segment, and simultaneously sending each small segment to the program loader, wherein the program loader cannot directly complete the corresponding starting of the current Boot program because the program loader receives the plurality of small segments and cannot directly complete the corresponding function of the current Boot program, and the safety of the whole system cannot be directly threatened; after the secure chip 2 completes verification of each small segment of program, the program loader almost receives the whole Boot program, and other programs to be verified are similar.
It can be understood that, in the invention, when the program to be verified which needs to be executed by the imaging controller 1 is read or verified, the execution and verification are synchronously performed, so that the running speed of the imaging controller 1 is increased, and when the program to be verified is a starting program, the starting speed of the image forming apparatus can be increased, and further the use experience of a user is improved.
In another embodiment, in a scenario where the requirement on the operating speed or the starting speed of the image forming apparatus is not high, the security chip 2 performs security verification on the program to be verified and sends the program to be verified to the program loader to be verified corresponding to the imaging controller 1, which may include:
the safety chip 2 firstly performs safety verification on the read program to be verified in the process of reading the program to be verified or after the program to be verified is read, and sends the read program to be verified to the loader of the program to be verified after the read program to be verified meets the safety requirement.
Optionally, the security chip 2 may read all the programs to be verified first, send all the programs to be verified to the program loader to be verified after all the programs to be verified pass verification, and if the program to be verified does not pass verification, no program to be verified is sent to the program loader to be verified. Or, the security chip 2 checks a part of programs to be checked (for example, checks a Boot program, a Uboot program, an operating system program, and an application program in sequence) in the programs to be checked, and after the part of programs to be checked passes the check, sends the part of programs to be checked to the loader of the programs to be checked to be executed, and then reads, checks, and executes the next part of programs to be checked.
Further, if the secure chip 2 determines that the start program or the operating system program in the program to be verified does not meet the security requirement during the security verification, considering the operating state of the imaging controller 1, the following conditions may be included:
if the imaging controller 1 is executing a start-up program or an operating system program or an application program, the security chip 2 controls the imaging controller 1 to stop executing the start-up program or the operating system program or the application program, and then controls the imaging controller 1 to reset, so that the imaging controller 1 returns to an initial state; or, the security chip 2 controls the imaging controller 1 to stop executing the start-up program or the operating system program, and then controls the imaging controller 1 to power off.
If the current imaging controller 1 does not execute a starting program or an operating system program or an application program, directly controlling the imaging controller 1 to reset so as to enable the imaging controller 1 to return to an initial state; or, the security chip 2 directly controls the imaging controller 1 to power off.
It is understood that when it is detected that the imaging controller 1 starts the start-up program to be executed or the operating system program does not meet the security requirements, the imaging controller 1 is controlled to be reset or powered off, and the security of the image forming apparatus can be ensured.
It should be further noted that, in one or more embodiments of the present invention, if the security chip 2 determines that a first application program in the at least one application program does not meet the security requirement and the current imaging controller 1 is executing the application program, the security chip 2 sends an error signal to control the imaging controller 1 to stop executing the first application program; if the security chip 2 determines that a first application program of the at least one application program does not meet the security requirement and the imaging controller 1 is not currently executing the boot program, the security chip 2 does not allow the imaging controller 1 to boot execution of the first application program.
Further, for the above-mentioned safety chip 2 controlling the imaging controller 1 to reset, correspondingly, the embodiment of the present invention provides the following hardware solutions:
with continued reference to fig. 2, the security chip 2 is connected to the reset terminal of the imaging controller 1, and the security chip 2 resets the imaging controller 1 by sending a reset enable signal to the reset terminal of the imaging controller 1.
Specifically, the pin (GPIO4) of the security chip 2 is connected to the Reset terminal (Reset) of the imaging controller 1 sequentially through the first terminal (Y) and the second terminal (Z) of the first switch 4, and when the image forming apparatus is powered on, the first switch 4 is in an on state.
In this embodiment, when the program to be verified does not meet the security requirement and the security chip 2 needs to control the imaging controller 1 to Reset, the security chip 2 outputs a Reset enable signal through the pin (GPIO4), and the Reset enable signal is sent to the Reset terminal (Reset) of the imaging controller 1 through the first terminal (Y) and the second terminal (Z) of the first switch 4 to control the imaging controller 1 to Reset, so that the imaging controller 1 returns to the initial state.
In this embodiment, the reset enable signal is a low-level signal, but in other embodiments, the reset enable signal may be a high-level signal.
Alternatively, the first switch 4 includes, but is not limited to, any one of an MOS (metal-oxide-semiconductor field effect Transistor), a triode, an IGBT (Insulated Gate Bipolar Transistor), and other electronic switches.
Further, for the above-mentioned manner in which the security chip 2 controls the imaging controller 1 to reset, correspondingly, the embodiment of the present invention provides the following hardware solutions:
referring to fig. 3, the image forming apparatus further includes a power module and a power switch 6, the power switch 6 is connected between the power module and the imaging controller 1 and configured to supply power to the imaging controller 1, and the security chip 2 controls the power switch 6 to be turned off and/or generates an enable disable signal to an enable terminal of the power module to power off the imaging controller 1.
It should be noted that the power module is used for outputting direct current, and the power module may be a single power unit or may be a combination of multiple independent power units. The power supply module may supply power not only to the imaging controller 1 but also to the security chip 2 or other hardware modules in the image forming apparatus.
In this embodiment, the power supply module includes a plurality of first power supply units (e.g., a1, a2, and A3.. An shown in fig. 3) configured to supply power to the security chip 2 and a plurality of second power supply units (e.g., B1, B2, and B3.. An shown in fig. 3) configured to supply power to the imaging controller 1.
Correspondingly, the power switch 6 is a multi-way switch, and includes a plurality of switch units (for convenience of description, each switch unit in the power switch 6 is hereinafter referred to as a first switch unit), a first terminal (Y) of each first switch unit is connected to a power output terminal of one second power unit, and a second terminal (Z) of each first switch unit is connected to a power pin (Powerin) of the imaging controller 1. In the present embodiment, the image forming apparatus further includes a second switch 5, the enable terminal (EN) of each first switch unit is connected to the first terminal (Y) of the second switch 5, and the pin (GPIOx) of the security chip 2 is connected to the second terminal (Z) of the second switch 5. When the image forming apparatus is powered on, the first terminal (Y) and the second terminal (Z) of the second switch 5 are turned on.
When the program to be checked does not meet the safety requirement and the safety chip 2 needs to control the imaging controller 1 to be powered off, the safety chip 2 can output an enable invalid signal through a pin (GPIOx), and the enable invalid signal is transmitted to an enable End (EN) of the power switch 6 through the second switch 5, so that a circuit between a first end (Y) and a second end (Z) of each first switch unit in the power switch 6 is disconnected, and then the imaging controller 1 is powered off by a plurality of second power units in the power module.
In the present embodiment, the power switch 6 and the second switch 5 are both configured to be enabled when the enable terminal receives a high level signal and disabled when the enable terminal receives a low level signal, and therefore, each switch unit in the power switch 6 and the second switch 5 may be switched by a PNP transistor or a PMOS transistor.
Referring to fig. 4, in another embodiment of the present invention, a plurality of second Power supply units (e.g., B1, B2, B3.. till shown in fig. 4) may be further connected to the Power supply pin (Power in) of the imaging controller 1 through the Power switch 6 in a portion, and directly connected to the Power supply pin (Power in) of the imaging controller 1 in another portion, and the Power enable terminal (EN) of the second Power supply unit directly connected to the Power pin (Power in) of the imaging controller 1 is connected to the first terminal (Y) of the second switch 5, and therefore, when the program to be verified does not meet the safety requirement and the safety chip 2 needs to control the imaging controller 1 to be powered off, the pin (GPIOx) of the security chip 2 can output an enable disable signal while controlling the power Enable (EN) of a portion of the second power supply units to be disabled and the power switch 6 to be turned off, so as to control the imaging controller 1 to be powered off.
Referring to fig. 5, in another embodiment of the present invention, the security chip 2 and the imaging controller 1 may share a part of the power supply (for example, AB1, AB2, and AB3.... ABn in fig. 5, for convenience of distinction, the shared part of the power supply is hereinafter referred to as a third power supply unit), wherein an output terminal of the third power supply unit is connected to both the power supply pin of the security chip 2 and the power supply pin of the imaging controller 1 through the power switch 6, and the second power supply unit is connected to the power supply pin (Powerin) of the imaging controller 1 through the power switch 6. Therefore, when the program to be checked does not meet the safety requirement and the security chip 2 needs to control the imaging controller 1 to power off, the security chip 2 may output an enable invalid signal through a pin (GPIOx), and the enable invalid signal is transmitted to the enable terminal (EN) of the power switch 6 through the second switch 5, so that a path between the first terminal (Y) and the second terminal (Z) of each first switch unit in the power switch 6 is disconnected, and then the plurality of second power units and the third power units in the power module stop supplying power to the imaging controller 1.
Referring to fig. 6, in another embodiment of the present invention, when the security chip 2 and the imaging controller 1 share a portion of the third Power unit, the output terminal of the third Power unit is connected to both the Power pin of the security chip 2 and the Power pin of the imaging controller 1 through the Power switch 6, while a portion of the second Power unit is connected to the Power pin (Power in) of the imaging controller 1 through the Power switch 6, and another portion is directly connected to the Power pin (Power in) of the imaging controller 1, and the Power enable terminal (EN) of the second Power unit, which is directly connected to the Power pin (Power in) of the imaging controller 1, is connected to the first terminal (Y) of the second switch 5; therefore, when the program to be verified does not meet the safety requirement and the security chip 2 needs to control the imaging controller 1 to power off, the security chip 2 may output an enable invalid signal through the pin (GPIOx), and the enable invalid signal is transmitted to the enable terminal (EN) of the power switch 6 and the enable terminals (EN) of a part of the second power units through the second switch 5, so that the path between the first terminal (Y) and the second terminal (Z) of each first switch unit in the power switch 6 is disconnected and the enable terminals of a part of the second power units are disabled, and then the second power units and the third power units in the power module stop supplying power to the imaging controller 1.
It should be noted that the above-mentioned embodiments are only examples, and the present invention may have other corresponding embodiments, which are not described herein.
Further, the process of the security chip 2 performing security check on the program to be checked may include: the safety chip 2 reads the program to be checked, generates operation checking information, and judges whether the program to be checked meets the safety requirement by comparing whether the operation checking information and the preset safety checking information meet a preset relation, for example, the safety chip 2 performs logic operation on the program to be checked through an own operation circuit or an operation code to obtain the operation checking information, the safety chip 2 further compares the operation checking information and the safety checking information through a logic comparison circuit or a logic comparison code to judge whether the operation checking information and the safety checking information meet the preset relation (for example, equal), if yes, the program to be checked is determined to be complete, not modified and meets the safety requirement, and if not, the program to be checked is determined to be modified and not meet the safety requirement.
The safety verification information includes, but is not limited to, a preset verification code, and the preset verification code in the safety verification information in the present invention may be directly stored in advance, or complete information to be verified may be verified in advance (for example, before shipment), and the obtained verification result is used as safety verification information and the safety verification information is stored. When security verification is required (for example, when a use process after sale needs to be started), the security chip 2 reads the program to be verified and the security verification information according to the requirements, performs logical operation on the program to be verified to obtain operation verification information, and then compares the operation verification information with the security verification information to obtain a verification result.
The embodiment of the invention also provides a control method of the image forming device, the image forming device comprises an imaging controller, a nonvolatile memory and a safety chip, wherein the imaging controller is configured to control the image forming device to execute imaging operation, the nonvolatile memory is configured to store a program to be verified, and the program to be verified is a program used by the image forming device for operation;
referring to fig. 7, a method of controlling an image forming apparatus includes:
step S01: after the image forming device is powered on, the safety chip reads a program to be verified stored in the nonvolatile memory.
Step S02: the method comprises the steps of carrying out safety verification on a program to be verified and sending the program to be verified to a program loader to be verified corresponding to an imaging controller;
step S03: the program loader to be verified starts to execute the program to be verified after receiving the program to be verified; in the process of carrying out safety verification on the program to be verified by the safety chip, if the safety chip determines that the program to be verified does not meet the safety requirement and the current imaging controller is executing the program to be verified, the safety chip controls the imaging controller to stop executing the program to be verified.
Further, reading a program to be verified stored in the nonvolatile memory, performing security verification on the program to be verified, and sending the program to be verified to a program loader to be verified corresponding to the imaging controller, specifically including:
and the safety chip performs safety verification on the read program to be verified in the process of reading the program to be verified or after the program to be verified is read, and simultaneously sends the read program to be verified to the loader of the program to be verified.
Further, reading a program to be verified stored in the nonvolatile memory, performing security verification on the program to be verified, and sending the program to be verified to a program loader to be verified corresponding to the imaging controller, specifically including:
the safety chip firstly carries out safety verification on the read program to be verified in the process of reading the program to be verified or after the program to be verified is read, and only after the read program to be verified meets the safety requirement is determined, the read program to be verified is sent to the loader of the program to be verified.
Further, the program to be verified comprises a starting program, and the starting program is a program required by the imaging controller to finish starting;
if the security chip determines that the program to be verified does not meet the security requirement and the current imaging controller is executing the program to be verified, the security chip controls the imaging controller to stop executing the program to be verified, and the method specifically includes:
if the safety chip determines that the starting program does not meet the safety requirement and the current imaging controller is executing the starting program, the safety chip controls the imaging controller to stop executing the starting program firstly and then controls the imaging controller to reset so as to enable the imaging controller to return to the initial state; or the safety chip controls the imaging controller to stop executing the starting program firstly and then controls the imaging controller to power off.
Further, the safety chip is connected with a reset end of the imaging controller, and the safety chip enables the imaging controller to reset by sending a reset enabling signal to the reset end of the imaging controller.
For a more specific description of the control method of the image forming apparatus provided in the embodiment of the present invention, reference may be made to corresponding contents of the image forming apparatus provided in the embodiment of the present invention, and in order to avoid repetition, a description thereof is omitted here.
The present embodiment provides a computer-readable storage medium, in which a computer program is stored, and when the computer program is executed by a processor, the control method of the image forming apparatus in the embodiments is implemented, which is not repeated herein to avoid repetition. Alternatively, the computer program is executed by the processor to implement the functions of each module/unit in the image forming apparatus in the embodiments, which are not described herein again to avoid redundancy.
Referring to fig. 8, an image forming apparatus 50 according to an embodiment of the present invention includes: the image forming apparatus includes a processor 51, a memory 52, and a program 53 stored in the memory 52 and capable of running on the processor 51, where the program 53 is executed by the processor 51 to implement the control method of the image forming apparatus in the embodiment, and for avoiding repetition, it is not described herein repeatedly.
The image forming device 50 may include, but is not limited to, a processor 51, a memory 52. Those skilled in the art will appreciate that fig. 8 is merely an example of the image forming apparatus 50, and does not constitute a limitation on the image forming apparatus 50, and may include more or less components than those shown, or combine some components, or different components, for example, the electronic device may further include an input-output device, a network access device, a bus, and the like.
The Processor 51 may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic device, discrete hardware component, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the embodiments provided in the present invention, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, a division of a unit is merely a logical division, and an actual implementation may have another division, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
Units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.
The integrated unit implemented in the form of a software functional unit may be stored in a computer readable storage medium. The software functional unit is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) or a Processor (Processor) to execute some steps of the methods according to the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The present invention is not limited to the above preferred embodiments, and any modifications, equivalent substitutions, improvements, etc. within the spirit and principle of the present invention should be included in the scope of the present invention.

Claims (16)

1. An image forming apparatus, comprising:
an imaging controller configured to control the image forming apparatus to perform an imaging operation;
a nonvolatile memory configured to store a program to be verified, the program to be verified being a program for the image forming apparatus to run;
the safety chip is configured to read the program to be verified stored in the nonvolatile memory after the image forming device is powered on, perform safety verification on the program to be verified and send the program to be verified to a program loader to be verified corresponding to the imaging controller, and the program loader to be verified starts to execute the program to be verified after receiving the program to be verified;
in the process of performing security check on the program to be checked by the security chip, if the security chip determines that the program to be checked does not meet the security requirement and the imaging controller is executing the program to be checked currently, the security chip controls the imaging controller to stop executing the program to be checked;
the security chip is disposed between the imaging controller and the non-volatile memory.
2. The image forming apparatus as claimed in claim 1, wherein the security chip performs security verification on the read program to be verified while reading the program to be verified or after reading the program to be verified is completed, and sends the read program to be verified to the program loader to be verified.
3. The image forming apparatus as claimed in claim 1, wherein the security chip performs security verification on the read program to be verified during reading of the program to be verified or after reading of the program to be verified is completed, and sends the read program to be verified to the program loader to be verified only when it is determined that the read program to be verified meets security requirements.
4. The image forming apparatus according to claim 1 or 2, wherein the program to be verified includes a startup program that is a program required for the imaging controller to complete startup;
if the safety chip determines that the starting program does not meet the safety requirement and the imaging controller is executing the starting program currently, the safety chip controls the imaging controller to stop executing the starting program firstly and then controls the imaging controller to reset so that the imaging controller returns to the initial state; or the safety chip controls the imaging controller to stop executing the starting program firstly, and then controls the imaging controller to power off.
5. The image forming apparatus according to claim 4, wherein the security chip is connected to a reset terminal of the imaging controller, the security chip causing the imaging controller to reset by sending a reset enable signal to the reset terminal of the imaging controller.
6. The image forming apparatus according to claim 4, further comprising a power module and a power switch, wherein the power switch is connected between the power module and the imaging controller, and the security chip powers down the imaging controller by controlling the power switch to be turned off or generating an enable disable signal to an enable terminal of the power module.
7. The image forming apparatus according to claim 1 or 2, wherein the program to be verified includes at least one application program, and if the security chip determines that a first application program of the at least one application program does not meet a security requirement, the security chip prohibits the imaging controller from executing the first application program.
8. The control method of the image forming apparatus is characterized in that the image forming apparatus comprises an imaging controller, a nonvolatile memory and a security chip, wherein the imaging controller is configured to control the image forming apparatus to execute imaging operation, the nonvolatile memory is configured to store a program to be verified, and the program to be verified is a program for running of the image forming apparatus;
the method comprises the following steps:
after the image forming device is powered on, the safety chip reads the program to be verified stored in the nonvolatile memory, performs safety verification on the program to be verified and sends the program to be verified to a program loader to be verified corresponding to the imaging controller, and the program loader to be verified starts to execute the program to be verified after receiving the program to be verified;
in the process of performing security check on the program to be checked by the security chip, if the security chip determines that the program to be checked does not meet the security requirement and the imaging controller is executing the program to be checked currently, the security chip controls the imaging controller to stop executing the program to be checked;
the security chip is disposed between the imaging controller and the non-volatile memory.
9. The method according to claim 8, wherein the reading the program to be verified stored in the nonvolatile memory, performing security verification on the program to be verified, and sending the program to be verified to a program loader to be verified corresponding to the imaging controller specifically includes:
and the safety chip performs safety verification on the read program to be verified in the process of reading the program to be verified or after the program to be verified is read, and simultaneously sends the read program to be verified to the loader of the program to be verified.
10. The method according to claim 8, wherein the reading the program to be verified stored in the nonvolatile memory, performing security verification on the program to be verified, and sending the program to be verified to a program loader to be verified corresponding to the imaging controller specifically includes:
the safety chip firstly carries out safety verification on the read program to be verified in the process of reading the program to be verified or after the program to be verified is read, and only after the read program to be verified meets the safety requirement is determined, the read program to be verified is sent to the loader of the program to be verified.
11. The control method according to claim 8 or 9, wherein the program to be verified includes a startup program, the startup program being a program required for the imaging controller to complete startup;
if the security chip determines that the program to be verified does not meet the security requirement and the imaging controller is executing the program to be verified currently, the security chip controls the imaging controller to stop executing the program to be verified, and the method specifically includes:
if the safety chip determines that the starting program does not meet the safety requirement and the imaging controller is executing the starting program currently, the safety chip controls the imaging controller to stop executing the starting program firstly and then controls the imaging controller to reset so that the imaging controller returns to an initial state, or the safety chip controls the imaging controller to stop executing the starting program firstly and then controls the imaging controller to power off.
12. The control method according to claim 11, wherein the security chip is connected to a reset terminal of the imaging controller, and the security chip resets the imaging controller by sending a reset enable signal to the reset terminal of the imaging controller.
13. The method according to claim 11, wherein the image forming apparatus further comprises a power module and a power switch, the power switch is connected between the power module and the imaging controller, and the security chip powers off the imaging controller by controlling the power switch to be turned off or generating an enable disable signal to an enable terminal of the power module.
14. The method according to claim 8 or 9, wherein the program to be verified includes at least one application program, and the reading of the program to be verified stored in the nonvolatile memory, the security verification of the program to be verified, and the sending of the program to be verified to a program loader to be verified corresponding to the imaging controller specifically include:
and if the security chip determines that a first application program in the at least one application program does not meet the security requirement, the security chip prohibits the imaging controller from executing the first application program.
15. A storage medium comprising a stored program, wherein a processor executes the program to implement the method of any one of claims 8 to 14.
16. An image forming apparatus comprising a memory for storing information including program instructions and a processor for controlling execution of the program instructions, characterized in that: the program instructions when loaded and executed by a processor implement the method of any one of claims 8 to 14.
CN201910832398.8A 2019-06-28 2019-09-04 Image forming apparatus, control method thereof, and storage medium Active CN110536042B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201910832398.8A CN110536042B (en) 2019-09-04 2019-09-04 Image forming apparatus, control method thereof, and storage medium
PCT/CN2020/095310 WO2020259285A1 (en) 2019-06-28 2020-06-10 Image forming apparatus and securty control system for image forming apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910832398.8A CN110536042B (en) 2019-09-04 2019-09-04 Image forming apparatus, control method thereof, and storage medium

Publications (2)

Publication Number Publication Date
CN110536042A CN110536042A (en) 2019-12-03
CN110536042B true CN110536042B (en) 2021-09-28

Family

ID=68666824

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910832398.8A Active CN110536042B (en) 2019-06-28 2019-09-04 Image forming apparatus, control method thereof, and storage medium

Country Status (1)

Country Link
CN (1) CN110536042B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020259285A1 (en) * 2019-06-28 2020-12-30 珠海奔图电子有限公司 Image forming apparatus and securty control system for image forming apparatus
CN111614859B (en) * 2020-05-18 2023-01-31 珠海奔图电子有限公司 Image forming apparatus, security control method thereof, and storage medium
CN112104791B (en) * 2020-09-10 2022-07-22 珠海奔图电子有限公司 Image forming control method, image forming apparatus, and electronic device
CN112445440B (en) * 2020-11-20 2023-02-17 珠海奔图电子有限公司 Image forming apparatus, start control method thereof and storage medium
CN112445444A (en) * 2020-11-27 2021-03-05 珠海奔图电子有限公司 Image forming apparatus and security control system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108227426A (en) * 2018-01-26 2018-06-29 珠海奔图电子有限公司 Safe and reliable image forming apparatus and its control method, imaging system and method
CN108399339A (en) * 2018-02-12 2018-08-14 广东为辰信息科技有限公司 A kind of credible startup method based on safety chip

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7424398B2 (en) * 2006-06-22 2008-09-09 Lexmark International, Inc. Boot validation system and method

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108227426A (en) * 2018-01-26 2018-06-29 珠海奔图电子有限公司 Safe and reliable image forming apparatus and its control method, imaging system and method
CN108399339A (en) * 2018-02-12 2018-08-14 广东为辰信息科技有限公司 A kind of credible startup method based on safety chip

Also Published As

Publication number Publication date
CN110536042A (en) 2019-12-03

Similar Documents

Publication Publication Date Title
CN110536042B (en) Image forming apparatus, control method thereof, and storage medium
US9881161B2 (en) System on chip to perform a secure boot, an image forming apparatus using the same, and method thereof
EP2741228B1 (en) System on chip to perform a secure boot, an image forming apparatus using the same, and method thereof
CN102063591B (en) Methods for updating PCR (Platform Configuration Register) reference values based on trusted platform
US7424398B2 (en) Boot validation system and method
US20150089630A1 (en) Crum chip mountable in comsumable unit, image forming apparatus for authentificating the crum chip, and method thereof
CN210007764U (en) kinds of image forming apparatus, start control system for image forming apparatus
CN101281570B (en) Credible computing system
CN111343352B (en) Image forming apparatus, start control method thereof, and storage medium
US20080226080A1 (en) Encryption key restoring method, information processing apparatus, and encryption key restoring program
CN111614859B (en) Image forming apparatus, security control method thereof, and storage medium
CN103810003B (en) Information processing apparatus, method of controlling the same, and storage medium
CN210804374U (en) Image forming apparatus and security control system for image forming apparatus
CN114329496A (en) Trusted starting method of operating system and electronic equipment
CN113190879A (en) Information processing apparatus and startup method thereof
CN112445444A (en) Image forming apparatus and security control system
JP7152920B2 (en) Information processing device, its control method, and program
JP7286381B2 (en) Information processing device and its control method
WO2020259285A1 (en) Image forming apparatus and securty control system for image forming apparatus
CN212727133U (en) Image forming apparatus and security control system
CN112445440B (en) Image forming apparatus, start control method thereof and storage medium
CN113642050B (en) Self-configuration encrypted hard disk, configuration method and system thereof, and starting method of system
JP5441984B2 (en) Electronic device system, electronic device and storage medium
CN110287707B (en) Image forming apparatus and firmware upgrading method of security management module thereof
EP1503268B1 (en) Machine post-launch configuration and option upgrade with master key

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant