products   company   all

Building a Sound Strategy for Product Security

Ken Koldan, FLEXcon New Business Development Manager, Product Identification Business Team

Today’s rapidly changing economy and intensified worldwide competition make product security more critical than ever. Brand owners, manufacturers, and retailers place a premium on ensuring product authenticity and providing tamper-evidence. Even the U.S. Government has recognized the problem and in October 2004 launched the Strategy Targeting Organized Piracy (STOP!) initiative.

If a security program fails, the result can be lost sales and profits, reduced brand equity, increased warranty repair costs, as well as consumer safety and liability issues.

The development of a valuable and effective solution depends on discussing the four basic questions below with your security device provider. The answers will help ensure effective protection of consumers, brand owners, and manufacturers for virtually every at-risk item on the market – from CDs, to over-the-counter drugs, to airplane parts.

1. What must be protected?

Identify the problem. Are products being diverted from the intended branch of the supply chain? Is the security device or label unreliable because of how it is applied? Are environmental conditions disabling the product’s security measure? Do consumers send counterfeit products back for warranty repair? Fully understanding the threat will help determine the type of security device required as well as the expected performance in use.

2. From whom must it be protected?

The selection of an effective security device depends heavily on the sophistication of those trying to defeat it. The complexity required to replicate or circumvent the device should be targeted at a level beyond the capabilities of the criminals in question. Consumers, street criminals, organized crime, and emerging nation manufacturers possess very different capabilities. Understanding who the potential perpetrator is will determine the level of security required and the number and type of devices needed.

3. Who will police the system?

Even an optimal security device completely loses its value if no one verifies the system. Often, companies expect the consumer to do the policing. This approach fails when counterfeiters can produce a reasonable facsimile of the device that is good enough to fool the average consumer. Policing should take place at varying levels throughout the development, supply, distribution, and retail chains. It can even take place when products are returned for warranty repair. Just as the device must be more sophisticated than the criminals, the inspector(s) or inspection tool(s) must also be at least as sophisticated as the security device.

4. What is the cost of failure?

Understanding the cost of security system failure will help focus device development on appropriate options. Counterfeits resulting in lost profits and reduced brand equity carry very different weight than those that result in personal injury or loss of life, as is possible with the counterfeiting of pharmaceuticals. Sometimes a lack of a solid security program resulting in counterfeit goods on the market bears hidden costs as well. Consumers may file lawsuits against legitimate manufacturers for lack of appropriate counterfeit protection, resulting in added expense to the manufacturer. Understanding the overall cost and considerations of system failure will help ensure the development of an effective security system.

These questions must be discussed with the appropriate representatives of each company involved in the device development. If a security program lacks top-level support from the brand owner, it is crippled from the start. Designing a successful security program requires an understanding of the answers to the four questions above and commitment of the right players to make it happen.

Identifying the Players

What do we mean by “right players”? A hypothetical example would be a security measure designed by the product engineering team and passed through the process for product introduction without final end-user input (i.e., a key right player). In this hypothetical example, the security measure is overt and includes an encrypted software key for upgrading the device in the field. The product is designed to disable itself when an error in key loading occurs.

A problem arises in the field when field technicians try to upgrade the product. The cause? The field technicians have 70+ devices to attend to in one day at multiple sites. Since they do not always have Internet connectivity while in the field, they must preload all of the software keys. The program loaded all the keys into the single device they were attempting to upgrade, creating the error that disabled the product. The tamper-evident labels provided as backup were not encrypted, but the device had no manual entry interface to allow for this situation.

The “End Use” or “Concept of Operations” approach, which documents the characteristics of a system from the standpoint of an individual (e.g., field technician) who will use that system, would have helped avoid that problem. It is essential to include the end-user perspective when designing security methods.

A security solution is a continuous program and not a onetime event.

Product Security Strategy

Security, as it pertains to electronics and certain other products, generally centers on protecting company profits and ensuring customer safety. Security requirements can be classified as overt, covert, and forensic (traceability).

Product security strategy in the overt sense might take the form of a holographic label. For instance, the popular “Intel Inside” label found on some computers is very visible confirmation of the product’s authenticity, and it is designed so the consumer can clearly see it. If this security label is expected, but is not there, both the manufacturer and consumer lose.

An example of covert product security strategy can include the ability to have a label turn a certain color or otherwise change its appearance when it encounters a certain set of conditions. The actual label change is undetectable to the human eye, but under the appropriate detection equipment it becomes clear that the product is a counterfeit or has been damaged. This then gives the warranty provider and manufacturer legal grounds to void the warranty and reduce product lifecycle costs.

The third example of product security is product traceability, which is part of the product manufacturer’s forensic strategy. For example, an authenticated unique label identifying each contract manufacturer can help a forensic analysis team in the event of a compromise in security. This allows the product manager or owner to understand what has happened and then evaluate or otherwise limit liability.

How can this data be stored on the product? An example of such a mark is the UID Data Matrix from Siemens Energy and Automation group that was co-developed with the U.S. Dept. of Defense. It is a 2D matrix code designed to pack a lot of information in a very small space. A Data Matrix symbol can store between one and 500 characters. The symbol is also scalable between a 1-mil square and a 14-in. square. Therefore, a Data Matrix symbol has a maximum theoretical density of 500 million characters to the inch! Actual density will, of course, be limited by the resolution of the printing and reading technology used. With that much information available, product traceability data can easily be stored on the label affixed to the product.

Choosing the Security Method

In choosing the appropriate product security method -- overt, covert, or forensic – the manufacturer must factor in both the attributes of that method and the value of the product being protected. For instance, the authenticity value of audio CDs and designer jeans is not a big issue with consumers, but is critical to the brand integrity of the provider. On the other hand, electronic airplane parts are of crucial value to both the consumer and the manufacturer.

Pressure-sensitive film can provide product security, authenticity, and consumer protection. Choosing or developing the right pressure-sensitive film label solution to support and convey the desired authenticity state is key to the early design and long-term security and profitability of the product. Brand owners, manufacturers, integrators, and retailers can increase their chances of success by collaborating with a pressure-sensitive film supplier and label converter that have substantial security application expertise.

 

view allRelated Headlines