Manufacturers of systems that require consumables (such as laser printers that require toner cartridges) have addressed the problem of authenticating consumables with varying levels of success. Most have resorted to specialized packaging that involves a patent. However this does not stop home refill operations or clone manufacture in countries with weak industrial property protection. The prevention of copying is important to prevent poorly manufactured substitute consumables from damaging the base system. For example, poorly filtered ink may clog print nozzles in an ink jet printer, causing the consumer to blame the system manufacturer and not admit the use of non-authorized consumables.
In addition, some systems have operating parameters that may be governed by a license. For example, while a specific printer hardware setup might be capable of printing continuously, the license for use may only authorize a particular print rate. The printing system would ideally be able to access and update the operating parameters in a secure, authenticated way, knowing that the user could not subvert the license agreement.
Furthermore, legislation in certain countries requires consumables to be reusable. This slightly complicates matters in that refilling must be possible, but not via unauthorized home refill or clone refill means. To authenticate ‘genuine’ consumables, communications between the consumable and the printer can be authenticated with digital signatures. To create a digital signature, the data to be signed (d) is passed together with a secret key (k) through a key dependent one-way hash function (SIG). i.e. signature=SIGk(d). One of the most popular key dependent one-way hash function used today is HMAC-SHA1 (Hash Message Authentication Code—Secure Hash Algorithm No. 1), although any key dependent one-way hash function could be used.
Consumables such as ink cartridges can have quality assurance integrated circuit devices, or QA chips as they are known, which authenticate the ink cartridge to a corresponding QA chip in the printer before the ink is accepted. The cartridge QA chip stores a secret key and generates a digital signature that the printer QA chip validates before accepting the cartridge.
A comprehensive description of digital encryption, and the use of encryption keys within the Memjet printing system, is provided in U.S. Pat. No. 7,557,941 entitled “Use of Base and Variant Keys with Three or more Entities”. The entire content of U.S. Pat. No. 7,557,941 is incorporated herein by cross reference.
To manufacture clone consumables, the authentication process must be subverted. The clone consumable must generate a digital signature that the printer will validate. This requires the secret key stored in the cartridge. The QA chip may be ‘attacked’ in an effort to decrypt the key. One category of attacks is known as side channel attacks. These attacks exploit information ‘leaked’ from the chip during operation. The power consumption, the emitted electro-magnetic radiation and other externally observable fluctuations can provide information about the operations of the chip.
One particular type of side-channel attack is the differential power analysis attack (or DPA attack) which focuses on the power consumption of the chip. The power consumption is easily measurable and indicates the number of changes in state for the various logic components. Typically, correct bits within the signature cause many logic states to change and so the power spikes. Recording and analysing many (say 100 to 1000) traces of the power consumption in response to messages sent by the attacker can reveal the secret key. In light of this, DPA attacks are particularly inexpensive and practical.
Once in possession of the secret key, clone cartridges are indistinguishable from the attacked authorized cartridge. All printers that accept the authorized cartridge will now also accept the clones. It is desirable to have a QA device with a DPA defence that frustrates an attacker or reduces the harm caused encryption keys are successfully acquired.