The present invention relates to classification or authentication of electronic components.
Electronic components are widely counterfeited. It is estimated that between 5% and 25% of all electronic components include at least one counterfeit component. Some have estimated that counterfeit electronic components cost the industry as much as one-hundred billion dollars every year.
A counterfeit electrical component generally refers to a component that imitates a genuine electrical component. Counterfeit components can include components created from substandard or cheaper components. For example, counterfeit components may substitute an integrated circuit harvested from an electronic trash dump or utilize a die from a substandard new part in an authentic looking package. Counterfeit components can also include older model components or used components that are packaged to imitate a newer model or new component.
Some different categories of counterfeits are described in Table 1.
TABLE 1Counterfeit Electronic Component CategoriesType of Counterfeit ElectronicComponentDescriptionTrivial Packaging MimicryThese are empty plastic packages with topmarks appearing to beauthentic, or remarked parts that share only external visual traits withthe authentic part and are trivial to detect. One problem is when asmall number of counterfeits are present in each reel or tube so thattesting a sampling makes it unlikely the counterfeits are detected.Salvaged and RefurbishedThese are authentic parts that may even have the original markingsbut have been recovered from electronic waste dumps where theymay have been subjected to excessive heat or exposed to harshchemicals. These components are de-soldered from discarded PCboards and reprocessed to appear new. The chip may in factauthentic, but have degraded performance due to environmentalexposure and having been used well into or past their service life.Non-functional parts may also be recovered from salvaged electronicswaste.Re-binned and RemarkedThis type of counterfeit device may contain the wrong die internallyand a remarked or newly manufactured package. In other cases theseare parts that were authentic, and perhaps have never been used (socan be classified as “new”), but have their markings changed to reflecta higher specification of an identical function.Factory Rejects and ScrapFactory rejects and pilot runs can be recovered from the scrap heapfor a small bribe, and given authentic markings and resold as new. Inorder to avoid detection, workers often replace the salvaged scrapwith physically identical surrogate packages, thus foiling attempts toaudit the scrap trail. Manufacturing rejects are often nearlyfunctional, and with the true manufacturer marking they have theappearance of authentic components.Illegitimate Second-SourcingSecond-sourcing is a standard industry practice to create pin-compatible replacements for popular products in order to encourageprice competition and increase sourcing options. The practice becomeillegitimate when inferior parts are remarked with the logos ofpremium brands.Ghost-Shift PartsThese parts are manufactured from new but illegally acquired die andmay come from the legitimate manufacturers rejects. The parts arecreated on the exact same fabrication facility as authentic parts, butrun by employees without authorization of the manufacturer andnever logged on the books. These parts may be assigned a lot codeidentical to a legitimate manufacturing run, but will not haveundergone the entire testing process.
Conventional electronic component authentication and authentication methods are either ineffective or impractical because of their time to complete or cost to execute. Among the emerging electronic component authentication and authentication technologies there are essentially three broad categories of electronic component authentication methods: 1) authentication based on difficult-to-reproduce physical features, 2) verification of products with unique identifiers, and 3) direct authentication.
Modifying a component to include a difficult-to-reproduce physical feature (e.g., holograms on credit cards) can impede counterfeit component construction. However, difficult-to-reproduce physical features historically have eventually become “easy-to-reproduce” when the financial incentives have justified the effort.
Unique identifiers can be used to serialize and track electronic components using a database for verification. However, mimicking a unique identifier of a known genuine component is not a significant impediment to counterfeit construction. Further, serializing and tracking unique identifiers can become ineffective if the supply chain is flooded with multiple counterfeits that carry the so-called unique identifiers.
Direct authentication relies on intrinsic deterministically random properties of the component, instead of an artificial feature added to the product. Mimicking an intrinsic deterministically random but random property of a component is much more difficult than mimicking an artificial feature that is added to the product for authentication. Although direct authentication can be more difficult to circumvent for this reason, it has its own set of issues (for example, if the intrinsic property is not truly random and can be cloned then it will provide little protection from counterfeiters).
Some direct authentication techniques are destructive. That is, the act of determining the intrinsic deterministically random properties of the component, in some cases, destroys the component. This can still be useful in some situations where it may be possible to destructively authenticate a subset of components from a group in order to authenticate the group as a whole. However, depending on the context, authenticating a statistically appropriate sample size may not be possible or may be cost prohibitive. For example, it may be impractical to destructively authenticate a statistically appropriate sample size of a group of components for use in a national security or public safety context.
Some emerging direct authentication methods of electronic component authentication are not destructive, but instead use intrinsic deterministically random or physically unclonable characteristics to create a “fingerprint” or tag for each component that is recorded, serialized, and tracked through a database. This method can be effective provided that sources and supply chain logistics for the components are trusted and the database is immune from attacks and corruption. Depending on the specific “fingerprint” employed (e.g., package properties) this type of direct authentication may not detect components that contain hardware Trojans or have been weaponized in some other fashion.