Print Controller Design Guide for Information Security
Page 17 of 86
1-4 Protection of MFP/LP Firmware
1-4-1 Firmware Installation/Update
It is possible to update the firmware stored on the MFP/LP using an SD card or via a remote connection.
The following process is used to verify the validity of all firmware introduced into the MFP/LP in the field.
This applies to firmware updates as well as to new installations of MFP/LP options.
Firmware Installation/Update Using an SD Card
Since SD cards themselves are generic items that are widely available for purchase in the field, the
following process is used to prevent the illegal introduction of firmware into the MFP/LP via this storage
media. Briefly stated, a license server assigns a digital signature to the firmware, which the MFP/LP
then uses to authenticate the firmware when it is introduced in the field.
1. The Ricoh license server applies the SHA-1 algorithm (Secure Hash Algorithm 1) to the program to
generate the value MD1. A private key is used to encrypt this value, which is then used as the
firmware’s digital signature.
2. The firmware in the SD card is introduced into the MFP/LP via the SD card slot.
3. The MFP/LP checks the firmware to identify the type (e.g. System, Printer, FAX, LCD). It then
verifies that the model name is the same as its own, and in the case of a firmware update, that the
firmware version is newer that the one already installed.
4. The MFP/LP then applies SHA-1 to the program to generate MD1, after which it uses a public key
to decrypt the digital signature to generate MD2.
5. If MD1 = MD2, the firmware update process begins.
Using a public key to decrypt the digital signature allows the MFP/LP to verify that the firmware has not
been altered since it was assigned the digital signature by the license server.
The basic identifying information of the firmware (version, type, etc.) is stored in the MFP/LP as the
update is being performed. Therefore, the update can be reinitiated using the same SD card in the
event that it is interrupted by a sudden loss of power or other cause. After recovery is initiated, the
MFP/LP checks to see that the data in the SD card has not been altered, and then resumes the
update.
Digital
signature
Program
3. Generate MD1
using SHA-1
MD1
MD2
Public key
4. Decryption
5. Compare MD1
and MD2
If MD1 ≠ MD2
Update process is cancelled
and new firmware is not
installed
If MD1 = MD2
2. Verification of firmware version
6. Firmware is overwritten
with new files
1. Verification of model and target
machine functions (Copier, Printer,
etc.)
Ricoh License Server
Digital signature
2. Generate
digital signature
Program
1. Generate MD
using SHA-1
MD
3. Files are sent
Private key
SDSD
6464 MBMB
SDSD
6464 MBMB
SD card
"MD": Message Digest
Firmware Update Using an SD Card
To Next Page
Loading...
Need help?
General