June 15, 2018
Packaging Security – Do not End-up Verifying Vendor’s Signature With Vendor’s APP & Eventually Losing Control – Part 1
In the modern world, product & packaging security remains primitive despite numerous stop-gaps technologies claiming the solutioning. Known traditional solutions have become irrelevant and new solutions are more of posturing rather than addressing problem fundamentally. While it may be understandable that one solution may not fit all the use-cases it is hard to believe that there is no broad professional guidance available today. Possibly, this situation has evolved gradually because of non-effectiveness of most of the known options and decision-making is more based on personal preferences out of various stop-gaps rather than the professional guidance. Many times technology fit for one use-case is overloaded for another. Example-sake – While it may be correct to use simple tracking technologies for geographical-diversion but deploying it for anti-counterfeit measures is certainly overloading.
Below write-up is an attempt to explore right use-case for a given technological Solution. In the first post of this series number-systems approach is being evaluated highlighting the context wherein it can be really effective. The reader should not assume and compare below-provided analysis with advanced non-clonable technologies. Smart non-cloneable technologies will be subject matter for future posts of this series.
Number-system is about extending unique ID for every pkg-unit. Typically, number-system is further randomized using encryption such as guessing next number in series becomes very very difficult. While encryption is a basic feature but this by itself does not guarantee any security of physical pkg, whether somebody claims one-step or multi-step encryption. Encryption is fundamentally strongest link in the chain. Some vendor claims stronger encryption in their sales-pitch which is good but making the fundamentally strong link again stronger easily diverts attention from the weaker link. No leakage of number-system has ever happened by breaking encryption rather this happens by leakage of the input file/algorithm possibly in connivance with vendor’s insider. Minimum requirement of the random number delivery system is that generation, transmission, and pkg-line print happens in one monolithic process in a secured manner. If random-numbers are being delivered in a label-roll format for offline application later, there is a problem awaiting due to the bulk-replication which can not even be traced due to the randomness unless product with label-applied is again scanned on pkg-line. However, these are only peripheral issues and real core issue come now.
Most important aspect here to understand that a couple of first authentications are always marked as original until it reaches over-verified count and thereafter every authentication is marked as fake. If one given original unique ID is replicated 99 times resulting in total assets with same unique ID becoming 100, then the probability of fake getting scanned first is 99% and original being authenticated first is just 1%. Ground probability is even higher as fakes are more likely to be pushed under local market connivance. Legal action on the ground on fake authentication is actually meaningless as more often it may end-up in original being investigated as fakes. Even in some corner cases if the legal team really gets fake, proving fake as fake is another challenge.
Let us see how this works mathematically. Assume a use-case has 8% authentication rate and after first 3 authentications which is typically called over-verified limit, it is marked as fake. Consider counterfeiter doing 99 copies of fakes for one given unique ID. Authentication rate of 8% means for every 100 packets, the total of 8 packets will be authenticated during the measurement period. The counterfeiter may have financial Risk in terms of fakes being marked as fake and hence stopped to be sold. The maximum financial risk in the example taken is limited to (8-3)/99*100 which is less than even 5% which means out of 99 packets only up-to 5 packets may not be passed to end-consumers. Some of the readers may get excited to use advanced mathematics but figures remain same hence a simplified mathematics is used to deliver a fundamental message quickly. A couple of Number-system vendors do agree on these as a limitation. The article in its chart below further reveals number-system being effective only when authentication-rate crosses 70%. It is considered that RoI for counterfeiter on each fake pkg is about 40-50% which is a very fair assumption. Counterfeiters hardly have any practical legal risk as proving fake as fake in legal arena remains challenge especially if authorized retailers having genuine documentation are also part of local-market-connivance which is actually true in most of the cases. A simple chart provided below (assuming over-verified count being 3) quickly showcases an interesting fact.
Now since the chart is seen, One can argue that with 70% authentication rate and high replication scale 1:999 with 7% packets being blocked will provide actionable intelligence. This argument may sound logical but misses an important aspect of intentional false alarms. With high authentication rate and high replication scale, Counterfeiter just does not physically replicate one unique number, they also arrange false authentication of other unique numbers without actually doing any counterfeiting. Since one can arrange false authentication without having physical product in-hand only to create false-alarm, results in meaningless ground action by brand-protection and eventually alarms become irrelevant when later actual fakes enter in supply-chain. Further, if replication is done 1:9 and for example authentication rate is around 20% counterfeiter may not need to raise false alarms. In yet another similar example on replication scale 1:99 and authentication rate being 2-3% counterfeiter even does not need to raise false authentications. On another side, brand-owner cannot expect end-customers to remain serious as they eventually become complacent once it is frequently observed that the same unit reports itself original for first few scans and fake thereafter upon repeat authentication. In some cases, end-customer can continue to authenticate if incentivized by loyalty rewards but then there is the cost of loyalty programme to be born and loyalty cannot remain long-term strategy component of brand-protection.
These obvious weaknesses are more relevant for unit pkg in isolation. Number-system can certainly promises better result with hierarchical packaging with parent-child relationship. False alarm by false authentication without having physical product/packaging in-hand exhausts all energy of brand-protection rendering alarms ineffective when real fakes enter in supply-chain. Success Receipe for counterfeiters is all about balancing authentication-rate, replication-scale and optionally raising false alarms to liquidate all intelligence on ground meaningless and rather counterproductive.
To workaround the above situations some vendors provide the scratch layer to hide the number until sold which is again a misguiding solution because counterfeiter needs just a few pieces for volume replication and/or false alarms with almost zero chance of getting really caught due to the low authentication rate. Another solution observed is a combination of unique number with hologram/overt/covert features, however, those are typically not per-piece unique. Ironically unique ID was proposed to protect those feature and now some vendors are arguing these features as the savior of number-system.
Regulatory guidance may not have mandated in all gerograhies, but those do insist on hierarchical parent-child relationship along-with other features. Number-system on unit-packaging in isolation reduces to counterproductive stop-gap measure.
To understand these gaps when vendors and their executives were interviewed, it was pointed out that real solution will be to combine number-system with some features that can guarantee fully-automated detection of photocopy protection with zero human intervention which is not feasible currently. Various tags proposed to brand-owners exhibited photocopy protection only if physical-original was directly replicated to physical-duplicate and this works well if verifier’s interest and job description mandates asserting originality. However, it was seen none of these worked when one does the digital capture of physical and then do replica by physical-print. What this means is that in order to create false alarms, all one needs to do is to circulate the digital image of the tags and false authentication can easily be executed under local-market-connivance. This is one area wherein definite improvements are required otherwise industry will keep suffering in the requirement of right professional guidance for brand-protection team.