The present invention relates to classification or authentication of electronic components.
Electronic components are widely counterfeited. It is estimated that between 5% and 25% of all electronic components include at least one counterfeit component. Some have estimated that counterfeit electronic components cost the industry as much as one-hundred billion dollars every year.
A counterfeit electrical component generally refers to a component that imitates a genuine electrical component. Counterfeit components can include components created from substandard or cheaper components. For example, counterfeit components may substitute an integrated circuit harvested from an electronic trash dump or utilize a die from a substandard new part in an authentic looking package. Counterfeit components can also include older model components or used components that are packaged to imitate a newer model or new component.
Some different categories of counterfeits are described in Table 1.
TABLE 1Counterfeit Electronic Component CategoriesType ofCounterfeitElectronicComponentDescriptionTrivialThese are empty plastic packages with topmarksPackagingappearing to be authentic, or remarked parts that shareMimicryonly external visual traits with the authentic part andare trivial to detect. One problem is when a smallnumber of counterfeits are present in each reel or tubeso that testing a sampling makes it unlikely thecounterfeits are detected.Salvaged andThese are authentic parts that may even have theRefurbishedoriginal markings but have been recovered fromelectronic waste dumps where they may have beensubjected to excessive heat or exposed to harshchemicals. These components are de-soldered fromdiscarded PC boards and reprocessed to appear new.The chip may in fact authentic, but have degradedperformance due to environmental exposure andhaving been used well into or past their service life.Non-functional parts may also be recovered fromsalvaged electronics waste.Re-binned andThis type of counterfeit device may contain the wrongRemarkeddie internally and a remarked or newly manufacturedpackage. In other cases these are parts that wereauthentic, and perhaps have never been used (so can beclassified as “new”), but have their markingschanged to reflect a higher specification of an identicalfunction.Factory RejectsFactory rejects and pilot runs can be recovered fromand Scrapthe scrap heap for a small bribe, and given authenticmarkings and resold as new. In order to avoiddetection, workers often replace the salvaged scrapwith physically identical surrogate packages, thusfoiling attempts to audit the scrap trail. Manufacturingrejects are often nearly functional, and with the truemanufacturer marking they have the appearance ofauthentic components.IllegitimateSecond-sourcing is a standard industry practice toSecond-Sourcingcreate pin-compatible replacements for popularproducts in order to encourage price competition andincrease sourcing options. The practice becomeillegitimate when inferior parts are remarked with thelogos of premium brands.Ghost-ShiftThese parts are manufactured from new but illegallyPartsacquired die and may come from the legitimatemanufacturers rejects. The parts are created on theexact same fabrication facility as authentic parts,but run by employees without authorization of themanufacturer and never logged on the books. Theseparts may be assigned a lot code identical to alegitimate manufacturing run, but will not haveundergone the entire testing process.
Conventional electronic component authentication and authentication methods are either ineffective or impractical because of their time to complete or cost to execute. Among the emerging electronic component authentication and authentication technologies there are essentially three broad categories of electronic component authentication methods: 1) authentication based on difficult-to-reproduce physical features, 2) verification of products with unique identifiers, and 3) direct authentication.
Modifying a component to include a difficult-to-reproduce physical feature (e.g., holograms on credit cards) can impede counterfeit component construction. However, difficult-to-reproduce physical features historically have eventually become “easy-to-reproduce” when the financial incentives have justified the effort.
Unique identifiers can be used to serialize and track electronic components using a database for verification. However, mimicking a unique identifier of a known genuine component is not a significant impediment to counterfeit construction. Further, serializing and tracking unique identifiers can become ineffective if the supply chain is flooded with multiple counterfeits that carry the so-called unique identifiers.
Direct authentication relies on intrinsic deterministically random properties of the component, instead of an artificial feature added to the product. Mimicking an intrinsic deterministically random but random property of a component is much more difficult than mimicking an artificial feature that is added to the product for authentication. Although direct authentication can be more difficult to circumvent for this reason, it has its own set of issues (for example, if the intrinsic property is not truly random and can be cloned then it will provide little protection from counterfeiters).
Some direct authentication techniques are destructive. That is, the act of determining the intrinsic deterministically random properties of the component, in some cases, destroys the component. This can still be useful in some situations where it may be possible to destructively authenticate a subset of components from a group in order to authenticate the group as a whole. However, depending on the context, authenticating a statistically appropriate sample size may not be possible or may be cost prohibitive. For example, it may be impractical to destructively authenticate a statistically appropriate sample size of a group of components for use in a national security or public safety context.
Some emerging direct authentication methods of electronic component authentication are not destructive, but instead use intrinsic deterministically random or physically unclonable characteristics to create a “fingerprint” or tag for each component that is recorded, serialized, and tracked through a database. This method can be effective provided that sources and supply chain logistics for the components are trusted and the database is immune from attacks and corruption. Depending on the specific “fingerprint” employed (e.g., package properties) this type of direct authentication may not detect components that contain hardware Trojans or have been weaponized in some other fashion.