(1) Field of the Invention
The present invention relates to an art of updating software operating inside an apparatus, and particularly to an art of causing the apparatus to securely update the software in accordance with an instruction issued by a server.
(2) Description of the Related Art
Conventionally, in order to update software included in an apparatus, there has been used a method in which an install module periodically checks whether there is a correction file is on a server. Then, in the case where the correction file is on the server, the install module downloads the correction file, and updates the software with the downloaded correction file.
However, if the install module is tampered with by a malicious third person, the software might not be surely updated.
In view of this, there has been proposed an art in which a plurality of install modules (an install module group) are included in the apparatus, and each of the install modules verifies whether at least another one of the install modules has been tampered with, and invalidates an install module verified as having been tampered with. According to this art, even if one of the install modules has been tampered with, it is possible to use a remaining available one of the install modules to surely update software that needs to be updated.
By the way, there is a problem that when judgment on whether to invalidate an install module or determination of a processing procedure is performed only within the apparatus, the security is decreased.
[Patent Document 1] Japanese Patent Application No. 3056732 (pp. 4-6 and FIG. 2)
[Patent Document 2] WO2008/099682
[Non-Patent Document 1] Tatsuaki OKAMOTO, Hirosuke YAMAMOTO “Gendai Ango” (Modern Cryptography), Sangyotosho (1997)
[Non-Patent Document 2] ITU-T Recommendation X.509 (1997 E): Information Technology-Open Systems Interconnection-The Directory: Authentication Framework, 1997