Semiconductors and other high technology items, pharmaceuticals, entertainment media and fabricated consumer goods such as handbags may be subject to high degrees of counterfeiting. Counterfeit items may incur billions of dollars in lost revenue to manufacturers, result in legal actions, and for critical systems may compromise communication security or result in loss of life.
In the field of electronics, counterfeit semiconductor devices may generally be less expensive substitutes, salvaged scrap parts, or even non-functional semiconductor devices that do not meet the performance and/or quality specifications of non-counterfeit semiconductor devices. For example, “standard” semiconductor devices may be substituted for higher reliability or performance “mil-spec” semiconductor devices. Semiconductor device counterfeiting may be a significant concern in supply chains where semiconductor devices are not shipped from the manufacturer through trusted intermediaries to customers in real time. This may often be the case with low-run or end-of-life semiconductor devices where products may enter the supply chain when semiconductor devices from a trusted source cannot be obtained in a timely manner, at an appropriate cost, or at all. This so-called “gray-market” for semiconductor devices is outside of traditional supply chain management practices and controls, and may represent significant risk to the producers of systems that incorporate such semiconductor devices. The Semiconductor Industry Association estimates that the total damage done by semiconductor device counterfeiting exceeds $7.5 billion annually, with the bulk of this economic damage done to the final product owners who must recall or repair integrated systems to repair the intrusion of sub-par semiconductor devices into their supply chain.
Multiple common methods exist for ensuring the authenticity and/or provenance of objects, for example: supply chain management, anti-counterfeit tagging, and inspection for determination of provenance. The method of secure supply chain management controls the flow of objects from factory to end user and is regimented by a quality system. Objects transferred under this method are often tracked using printed text and barcode labels or RFID tags. As long as the transfer of objects is as prescribed by the quality system, the objects are assumed to be securely transferred and therefore genuine. However, supply chains may be stressed by events such as natural disasters, may be breached by unscrupulous parties, and may be difficult to maintain for many lower volume manufactured objects; thus, this solution does not fully meet the needs of multiple industries requiring genuine objects or those of known provenance.
The method of anti-counterfeit tagging adds to objects, often at the time of manufacture, features, characteristics, and/or identifiers that are difficult or impossible to counterfeit. Multiple proprietary tagging systems exist today, including schemes that incorporate microparticles, holograms, specialized inks, microprinting, DNA marking, fluorescent particles and/or IR inks. These anti-counterfeiting tagging systems are considered secure since they are hard to duplicate because they require complex processes for both creation and verification. These anti-counterfeiting tagging systems often represent security codes with billions of possible combinations, where a counterfeiter may not be able to properly guess a specific secret value.
Many of these proprietary anti-counterfeit tagging methods have problems such as: 1) manufacturing processes must change to incorporate these features, and 2) many methods require special systems to test for the authentication features. Each of these problems incur increased costs and difficulty for users and integrators and therefore inhibit adoption. For example, in the case of recent paper currency design changes, automatic bill-changers had to shift from magnetic sensing technology to optical and/or other sensing technologies to permit identification and authentication of the new styles of paper currency. Such changes can be mandated by a sole supplier of an object, in the case of paper currency a government as the only valid producer of its currency, but are difficult to implement in an industry with many varied suppliers and users of an object.
The method of inspection for determination of provenance utilizes inspection of object coloration, weight, visual markings, and/or other observables to authenticate objects. Although such inspection methods can capture the products of unsophisticated counterfeiters who are not attempting to properly replicate an object in detail; their overall capability is limited and as counterfeiters become increasingly sophisticated this method is of decreasing value. Ultimately, the limits of visual inspection can be traced back to the limits of the human eye or typical machine vision inspection system. These systems lack significant resolving power compared to the resolution of the tools used to create the visual markings and as a result, visually inspected counterfeit objects may incorrectly be deemed genuine or of known provenance.
Recently, the problem of counterfeiting is being addressed for semiconductor devices with the advent of inspections for a Physically Unclonable Function (PUF). A PUF is a representation of one or more physical features of an object that are easy to evaluate but impossible to control, even with knowledge of the exact manufacturing process that produced the object. An ideal PUF may be fabricated by a manufacturing process that creates features so difficult to control that they serve the function of a random number generator, where the number is permanently associated with each individual object and no other. Each object is thus assigned an effective serialization without the need for an exogenous taggant. After inspection, at the time of manufacture, the unique feature of the inspected object is stored in a database for comparison by subsequent inspection at a later time. With a properly selected PUF, billions if not trillions of discrete objects can be uniquely identified, and are essentially impossible to spoof.
For example, in a defined location of a specific sheet of paper, the fibers of cellulose may be arranged in a unique pattern that differs from the pattern that may be at that location in any other sheet of paper. There is no aspect of paper-making which controls the exact distribution of fibers, and thus from a manufacturing process the exact arrangement of fibers observed in any specific sheet of paper can be considered random and therefore unclonable, a PUF. An inspection process for this PUF using high resolution imaging and image analysis therefore inspects this feature and determines the effective serialization for each individual sheet of paper, and this physical feature is constant over the paper's life and therefore can be used to authenticate it.
A PUF may therefore provide a high degree of security; however, use of a PUF comes with significant complexity. The requirement for 100% inspection of objects at their time of production places significant burden and cost on the manufacturer of an object. This burden is further amplified when inspection techniques with low throughput are used, as they can easily create a bottleneck in the manufacturing line which makes production of objects uneconomical. Further, the requirement for 100% inspection results in a system that is vulnerable to supply chain errors since each object must be individually recorded. Finally, true PUFs can be difficult to identify and implement, since they require very large numbers of possible combinations (to remove the chance of repetition of serialization) and require consistency of inspection over all environmental conditions, and throughout the object's life.
For many applications there is simply no need to record a serialization for each individual object. For example, in many cases it is desirable to determine the authenticity or provenance of an object as Boolean state (genuine or not), but not necessarily establish its exact unique identity out of a very large collection of nominally identical objects. For example, the integrator of a semiconductor chip package need not unique identify each semiconductor chip package but desires to confirm the authenticity or provenance of a lot of such semiconductor chip packages. Thus, for these applications, which represent the majority of authentication requests, the benefits of a PUF are not valued while the costs necessary for implementation are high.
Previous work has also suggested the use of neural network vision systems for analysis of the authenticity of an object, most notably currency. Neural networks have been heavily studied for the extraction of information from complex visual images, and are especially useful in instances where it may be uncertain where the information resides. For example, a neural network has been previously developed to aid in the discrimination of photocopied bank notes from authentic notes. In this work, the neural net was trained using several hundred samples of known authentic notes and known forgeries, and developed a “hidden” algorithm to discriminate the two.
A weakness of neural networks, however, may be that their variables are hidden, and as a result when they fail it can be difficult to discern why. Although neural networks are powerful tools for analysis of complex images, they can be fragile when exposed to data outside their training sets. Further, because they are naïve about the location of information in an image, they require training with hundreds or thousands of data sets, which can be prohibitively expensive in many applications. Finally, because they use hidden algorithms and lack an explicit reference that serves as the basis for differentiation of authentic versus counterfeit items, they are not auditable by customers or standards bodies that wish to validate their performance.
There thus remains a significant need for new anti-counterfeiting, authenticity and provenance determination techniques which provide a required degree of security for objects that are both simple to operate and low cost, so that authentication tracking and control can be performed throughout the supply chain of the object.