Security Printing and Imaging

Colorcon On-Dose ID Anti-Counterfeiting Technology

StevenSimske — Tue, 17 Nov 2009 16:42:00 GMT

In July, the US Food and Drug Administration (FDA) provided "guidance advocating greater use of physical chemical identifiers (PCIDs) in drug formulations as a cost-effective way of authenticating genuine products from fakes."

Colorcon has responded with its "On-Dose ID tagging technology", for labeling individual drug tablets (although I didn't at time of writing see mention of it at http://www.colorcon.com/home ).

"The microscopic tags, which are incorporated into immediate-release film coatings for oral solid dose forms, can hold encrypted information ranging from lot and batch numbers to logos, text and other brand identification symbols. Tablets labelled with the 75 – 110 micron sized tags can be read using the portable “Vision” optical viewing system developed by Colorcon’s partner ARmark Authentication Technologies."

Please see the full article on in-Pharma's site here:

http://www.in-pharmatechnologist.com/Materials-Formulation/Colorcon-rolls-out-On-Dose-ID-anti-counterfeiting-tech/?c=JiBz%2FX6W8971ORXdDDv0AQ%3D%3D&utm_source=newsletter_daily&utm_medium=email&utm_campaign=Newsletter%2BDaily

File this under "special approach, special reader needed."

Cheers,

Steve

Security--another offshoring risk

StevenSimske — Tue, 17 Nov 2009 16:29:00 GMT

A terse but excellent article on IEEE's USA Today's Engineer site today focuses on the often forgotten--or at least ignored--risk of offshoring. National security.

The full article is at: http://www.todaysengineer.org/2009/Nov/backscatter.asp. The most salient quote is:

"One area the [National Academy of Engineering] study gave relatively less attention to, listing it last in a series of ten findings, was offshoring’s impact on national security. In that regard, its main concern seemed to center on the possibility of detailed plans and other information about U.S. buildings and infrastructure falling into “the wrong hands,” and that maliciously placed code might compromise the security of DOD networks. Yet back in 1988, the Defense Science Board called the dependence of the U.S. military on foreign parts dangerously high."

I have argued in several previous blogs that it is not just national security--but any product security--that may suffer with offshoring. Offshoring is a bandage, not a cure. Always temporary in nature, it is founded on the assumption that labor will be cheaper elsewhere. Cheaper than the differential cost of transportation, shipping, inefficiencies of distributed teams, etc. Guess what? As many are seeing now, the cycle lasts less than ten years, and the first (and second) wave of offshorers are now offshoring themselves. Does this increase product security? Statistics argue otherwise (ref. WEF estimate of counterfeiting as 8% of world trade).

Offshoring makes a lot of sense when those remote, skilled professionals are invested in your company and strategy. Otherwise, it's a short-term fix to a problem that goes unaddressed.

Cheers,

Steve

GS1 Announcement of the Food Recall Portal

StevenSimske — Wed, 04 Nov 2009 15:45:00 GMT

Yes, this is an HP blog, and so you forgive me when occasionally (and inevitably) I take an HP line on an announcement, event or trend. Out of interest of serving the broader anti-counterfeiting/anti-fraud/anti-tamper/customer safety community, I point you to our partner, GS1's, announcement on the HP/GS1 Product Recall program:

http://www.gs1ca.org/Page.asp?LSM=0&intNodeID=6&intPageID=1396

I couldn't agree more with their opening statement:

"November 3, 2009 – GS1 Canada, as part of a coalition of leading Canadian industry associations representing over 65,000 manufacturers, distributors and retailers, today launched a national product recall program that will enhance consumer safety and reduce the administrative burden for business. With the increasing complexities of a global supply chain, this launch could not have come at a more important time."

Further down, you find the statement:

"The Program is founded on a standardized process created by GS1 Canada, the neutral, non-profit supply chain standards organization most well-known for creation and management of the universal product code (bar code), used by millions of businesses worldwide. This global online platform uses robust HP cloud-computing technology and is based on global GS1 standards."

This is a good approach. GS1 provides accepted and well-considered global standards through GTIN, GDSN, etc., as noted in past posts here. Who wants to spend time dickering over competing standards? Not I. A better use of time is working with the industry experts to create a single standard that is simultaneously useful, fair and globally available, and then spend time differentiating applications built atop these standards.

Cheers,

Steve

Looking for that lost waffle?

StevenSimske — Sat, 31 Oct 2009 03:20:00 GMT

Many of you are aware that 2D barcodes--which look like waffles--are becoming ubiquitous for location-based services, mobile commerce, and increasingly point-of-sale and track and trace applications.

Did you know that there are many more you cannot see? They're covert 2D barcodes. And the master at providing reading equipment to find these hidden waffles is John Hattersley of InData Systems. I've had the pleasure to work with him on "ink-specific handheld readers". The concept is simple. The barcode reader has LEDs (or other light source) built-in that are tuned to the excitation bandgap of the covert ink (usually in the UV band), and bandpass filters tuned to the (higher-wavelength) reflected light.

See InData System's brochure (attached below) on John's presentation at the upcoming ITI Security Printing Conference (see http://www.communities.hp.com/online/blogs/securityprinting/archive/2009/09/12/imi-s-security-printing-conference-nov-16-18-2009-baltimore-usa.aspx) for more details. And enjoy the waffles.

Cheers,

Steve

EFPIA Announcment, HP Hosting Services

StevenSimske — Mon, 26 Oct 2009 17:31:00 GMT

Remember the 24 August announcement on the HP/GS1 food recall service? If not, please enjoy as if new the following article:

http://www.communities.hp.com/online/blogs/securityprinting/archive/2009/08/25/big-news-hp-develops-cloud-service-with-gs1-canada-to-enhance-product-recall-process.aspx

This announcement introduced the HP Cloud Computing Platform for Manufacturing, as described here:

http://www.hp.com/hpinfo/newsroom/press/2009/090824xb.html

More on the overall solution, including the roles of partners Siemens, SAP and HP, is provided at:

http://www.controlglobal.com/industrynews/2009/278.html#

"In the EFPIA pilot project, Siemens IT Solutions and Services is the general contractor in cooperation with Hewlett Packard (HP) and SAP. The IT service provider is responsible for the project management and integration of the information interfaces between the pharmacies and the manufacturers. Siemens IT Solutions and Services is also responsible for operating and maintaining the IT infrastructure, including the technology and information systems, data integration, system security and system development. SAP Belgium will be in charge of the SAP object event repository (SAP OER) and the implementation services. Hewlett Packard (HP) will provide hosting services and SAP solutions testing."

The hosting services are through the HP Cloud Computing Platform for Manufacturing, as described earlier. Feel free to contact me for details.

Cheers,

Steve

EFPIA Announcements

StevenSimske — Mon, 26 Oct 2009 17:12:00 GMT

Hi, all

The next few blogs will point you to information on the recent announcement of the EFPIA 2D labelling scheme. The EFPIA is the European Federation of Pharmaceutical and Industries Association.

In-Pharma's article on this announcement is:

http://www.in-pharmatechnologist.com/Packaging/2D-barcodes-make-faking-less-attractive-says-EFPIA/?c=JiBz%2FX6W8967KGa2Liah%2FA%3D%3D&utm_source=newsletter_daily&utm_medium=email&utm_campaign=Newsletter%2BDaily

Importantly, as our partner Siemens notes,

[Siemens] "will provide connectivity for pharmacies and manufacturers to the EFPIA database, which is hosted by Hewlett Packard (HP). Manufacturers will populate the EFPIA database with the serial numbers of the saleable units shipped, and pharmacies will read those serial numbers at the point of sale (via 2D barcode) and authenticate the unit sold against the EFPIA database."

In other words, the cloud enables the crowd. 2D barcode readers are not just in the hands of the pharmacists. Look for us all--corporations, enterprises, brand owners, shippers, retailers, consumers, environmentalists--to embrace this approach. It helps level the playing field for everyone, except--one hopes--the counterfeiters.

Cheers,

Steve

In Blacksburg on November 12th? Gimme a Holler!

StevenSimske — Tue, 20 Oct 2009 22:40:00 GMT

Growing up, I lived in Eastern Kentucky "for a spell". Rural Rowan (pronounced like "round" without the "d') County, in fact, where the valley I lived in was called "Quail Hollow". As in, a snake bit me and I had to "holler". I lived right next to a "crick" (creek). I only lived there a little over a year, but the accent can come back on demand.

Another beautiful Appalachian spot to give me a holler is Blacksburg, Virginia (http://www.blacksburg.va.us/) if you're on the road in November. A nice little city where the student population is on a par with the town's population. OK, I guess you can get that in Manhattan, Kansas, too, but you might have to drive farther. And you won't have those Appalachians.

So, if you are in the neighborhood, please drop by to catch my talk at Virginia Tech's ICTAS, or Institute for Critical Technology and Applied Science (http://www.ictas.vt.edu/index.shtml). Here's the brief:

ICTAS Seminar Series – Fall 2009

Date: November 12, 2009

Time: 3:00-4:30pm

Place: 310 ICTAS

Speaker: Steven Simske, Hewlett-Packard Labs

Title: “Consumer Safety in a Rapidly Changing World: Security, Identity and Anti-Counterfeiting”

Bio & Abstract: http://www.ictas.vt.edu/pdf/seminarseries_simske.pdf

Cheers,

Steve

Variable Data Printing and Improved Pharma Product Protection and Brand/Customer Interaction

StevenSimske — Wed, 14 Oct 2009 04:18:00 GMT

My previous post was a link to the excellent In-Pharma Technologist blog edited by Nick Taylor. Nick solicited a posting from me back in April, but I could not find it on In-Pharma, so given a 1/2 year grace period, I think its time to post here:

Variable Data Printing and Improved Pharma Product Protection and Brand/Customer Interaction

Pharma brands are concerned with the integrity of their product. All successful pharmaceuticals have one thing in common: they improve the quality of life of the customer. Counterfeit pharmaceuticals, on the other hand, are harmful to both the customer and to the manufacturer; that is, they can simultaneously destroy lives and jobs. Brands pay many times over for counterfeits: loss of original sale, loss of future sales due to erosion of consumer confidence, loss of market capitalization due to perceived non-efficacy of the product, and potential legal recourse as a consequence of the consumer receiving phony goods.

All pharmaceuticals share another important thing in common. Information about the product must accompany the product. From packaging to labels to inserts, this information is conveyed by printing. Therein lies the solution to the problem.

Printing is pre-adapted for its use in security. Useful already in product identification, the variability printing provides is a natural fit for security. Variable Data Printing, or VDP, is the technology enabling the varying of every aspect of a print job. This is advantageous for individually tagging an item—a process called mass serialization. Mass serialization is a means of ensuring that each label, package or document contains a different identifier that can be read (which means interrogated and the data encoded successfully interpreted).

However, VDP can be used for far more than mass serialization in protecting a product. With security VDP, or SVDP, the different printed regions—be they text, image or graphics—contain not just variable data, but usually uniquely variable data. Also, this variable data can be (but isn’t always) read by some type of inspection, authentication or forensic device. That is, every variably printed region contains not just data, but security information. Thus, every region is novel, or unique identified, and so capable of being interrogated for its information.

To prevent counterfeiting, brand owners need to provide a moving target for the would-be counterfeiters, staying one step ahead of them in the deployment of security features. However, this is a tedious game, and often expensive, as brand owners continually research and purchase new deterrents. SVDP offers, however, an innate moving target—the ability to change the very nature of the variability on the fly. With SVDP, a moving target of deterrents is obtained without having to change the technology.

Linking or hybridization is how the set of variable features relate to one other. Examples of deterrent relationships include replication, hashing, sequence fragmentation [sharing the mass serialization data between two or more variable regions], and other techniques for making the multiple variable regions “cooperate” with each other. One particularly powerful method is to use one deterrent—usually one already used for track and trace or point-of-sale—as the registry “look up” sequence from which the signed-in user may then obtain information on one or more other variable regions. The method of hybridization can be changed from one print job to the next, meaning that the would-be counterfeiter must replicate all of the variable features which are monitored to be able to pass the phony product as authentic. Which “extra” features are actually monitored can be varied from day to day, making compliance both simple and thorough.

Monitoring information-containing printed images is getting easier every day. The near-ubiquity of camera-enabled mobile devices, therefore, strengthens the value of SVDP. Already, bar code interpreting software is native or readily downloaded to most internet-enabled mobile devices. Piggybacking image authentication services for other printed patterns is straightforward to implement.

Different variably printed regions can be used for track and trace, authentication, forensics, recall and other contingencies, or just to decoy the would-be counterfeiters. The way in which deterrents relate can be tied to pragmatic product details. For example, if the shelf life of a product is six months, it makes sense to change the relationship between deterrents every six months, so that expired products also exhibit “expired” security strategies. In the meantime, if certain deterrents are being successfully attacked, then adding new variability to the printed material is another way of gathering information on who the counterfeiters might be—insidious insiders, for example, may quickly incorporate these new variable regions, even if they are not tracked by your authenticators, and so tip their hand to you.

Incorporation of SVDP into the printing is straightforward, as there are only three rules: (1) meet compliance standards first, (2) vary several additional regions, and (3) change the relationship between the variable regions (hybridization plan) frequently.

Counterfeiters know all about SVDP, and they’re reading this and other related articles. Recall that there is no security through obscurity—counterfeiters reading this will know what they’re up against, but will not easily be able to spoof SVDP, except one item at a time (which makes the cost of counterfeiting higher). Thus, SVDP offers a means of staying one step ahead of the counterfeiters without running yourself ragged.

Cheers,

Steve

Are you willing to take a placebo 1/5 of the time?

StevenSimske — Wed, 14 Oct 2009 03:46:00 GMT

According to the World Health Organization (WHO), 10-30% of the medicines in the developing world are counterfeits. I assume this means addressable counterfeiting--counterfeiting to which the buyer is oblivious.

http://www.in-pharmatechnologist.com/Materials-Formulation/USP-targets-counterfeits-in-Cambodia/?c=ZS6DWN3IZ%2FJ7P5ONPLFYaw%3D%3D&utm_source=newsletter_daily&utm_medium=email&utm_campaign=Newsletter%2BDaily

Different, caring organizations around the world (see previous blog postings on NAFDAC, for example) are addressing local problems. In the case of the article linked above, the USP and USAID are messaging counterfeiting as a crime "against humanity, against you". A fair assessment. Cambodia and other developing countries will also reasonably address anti-counterfeiting since it is also a huge economic hit for their countries, even if their country is a "net counterfeiter" (i.e. their country makes more money exporting counterfeit goods than they lose on sales of counterfeit goods within their country--this may be true, for example, of China).

Why? Because counterfeiters by definition target monetized transactions. And people with money to pay for what they feel are legitimate pharmaceutics are more likely to be tied into the legitimate economy of the country, and thus adding to the GDP (and thus actually developing these developing countries).

Countering counterfeiting, then, protects those who are bringing progress to the developing world. Want to prevent terrorism? Then stop counterfeiting! What better way to nurture a democracy than to support legitimate purchasing. The alternative is loss of faith in the processes of the "free" market. There are, of course, legitimate reasons to lose this faith (look at the current financial crisis caused in large part by the creed of greed in the US financial sector and other locations--obviously some limitations/safeguards are needed), but counterfeit pharmaceuticals should not be one of them.

Cheers,

Steve

Thanks to my friend and colleague, Martina Trucco, for the link

Conference Time Part IV: New Findings in Security Printing and Imaging

StevenSimske — Thu, 24 Sep 2009 03:07:00 GMT

If there is no rest for the wicked, then I have been very evil these past two weeks indeed. But, I hope some of the findings are wickedly cool. This post is for the paper on new findings in security printing and imaging, and my co-authors are that talented trio of Guy Adams, Jason Aronoff and Margaret Sturgill. Though a bit of a grab bag, this paper focuses on three primary tracks of research:

(1) Does error correcting code always make sense for barcodes? We found out that for 2D and 3D barcodes, the answer is, not usually.

(2) Can classification of authentic and counterfeit samples actually improve with increased compression? Interestingly, the answer appears to be yes in many cases, especially when color is involved (I've reviewed a paper recently that showed the same controversial results--increased accuracy with compression--for forest classification).

(3) Does color help forensic image analysis? Again, the answer is yes.

Give it a read, it's short!

http://www.hpl.hp.com/techreports/2009/HPL-2009-328.html

Cheers,

Steve

Conference Time Part III: Barcode Readability

StevenSimske — Thu, 24 Sep 2009 02:54:00 GMT

Printing and scanning change what you intended to print. This matters in variable data security printing, since there is information encoded there. My friend and colleague Marie Vans explores this issue in another NIP25 paper posted here:

http://www.hpl.hp.com/techreports/2009/HPL-2009-318.html

The approach, structural pre-compensation, is also known as "trimming" or "shaving". Interestingly, without it, not only are the barcodes harder to read, but the would-be counterfeiter gets a "free pass".

Cheers,

Steve

Conference Time Part II: Dynamic Biometrics

StevenSimske — Thu, 24 Sep 2009 02:32:00 GMT

Thanks to HP Distinguished Technologist (his research is distinguished, but actually he's pretty young!) Joe Pato for inviting me to the program committee for IEEE BIdS this year.

In addition to reading some excellent papers, mine was accepted. I presented it in Tampa yesterday, and got to stand on the shoulders of giants. Thanks to all the morning speakers who set up my topic beautifully with all your excellent research.

My paper is about how to use dynamic biometrics to repair the broken triangle of {possession, knowledge, identity} with a biometric "VPN" comprising {access control, privacy, security}. It's called "Dynamic Biometrics: the Case for a Real-Time Solution to the Problem of Access Control, Privacy and Security" and it is posted here:

http://www.hpl.hp.com/techreports/2009/HPL-2009-317.html

Cheers,

Steve

Conference Time Part I: Extended Packaging

StevenSimske — Thu, 24 Sep 2009 02:12:00 GMT

It's September. The month when most people's gas bills hit rock bottom. Kids are back in school, harvest is still just sweat and fury in the future. Closed are the pools, open are the schools, and life is good. Too good. So, those wonderful conference organizers have nothing better to do than make us travel. Last week and this, I had the pleasure to present at ACM Doc Eng 2009, IS&T NIP25, and IEEE BIdS. I've already posted the ACM DocEng paper and plugged it a few times on this, my blog, but just to complete the trifecta, it's here:

http://www.hpl.hp.com/techreports/2009/HPL-2009-177.html

This blog focuses, however, on one of the NIP25 papers. It's about how to extend the information you add to packaging by using "semi-covert" variable data printing (VDP) driven layout variability, and it's with my long-time friend and colleague Margaret Sturgill. You'll find the PDF here:

http://www.hpl.hp.com/techreports/2009/HPL-2009-316.html

Thanks to Omer Gila for the invitation to present this work,

Steve

More on Security Printing 09

StevenSimske — Wed, 23 Sep 2009 22:04:00 GMT

IMI’s 6th Annual Security Printing Conference is being held on November 16-18, 2009 at the Sheraton Baltimore City Center Hotel in Baltimore, Maryland, as noted in an earlier blog.

Al Keene has sent me the conference brochure (please see attachment below). A number of my colleagues and friends in the field are presenting, well worth the time if you can go.

Cheers,

Steve

ACM DocEng 2009 Conference (Munich)

StevenSimske — Thu, 17 Sep 2009 12:29:00 GMT

Today is the middle day of the 3-day DocEng 2009 ACM Symposium (not including the Workshop held before the Symposium, which was on document versioning). The website is http://doceng09.cs.unibw.de/, and the program is available at http://doceng09.cs.unibw.de/download/program.pdf. Please contact me on any questions/comments on the conference.

The conference focuses on the engineering of documents. Documents are intentionally crafted information items, such as the "traditional" paper or electronic word processing/form/record. Engineering involves innovation on performance, reliability, system efficiency, etc. Combined, this means working to build efficacious systems focused on the conveyance of information. Now, perhaps you can see how this relates to security printing for brand protection.

My presentation (just finished a couple of hours ago) is posted at: http://www.hpl.hp.com/techreports/2009/HPL-2009-177.html.

The conference is in Munich, and with the long days of talks and meetings, all I've seen of Munich is at night. With Oktoberfest coming this weekend, the streets have not been empty, even though the working day has ended around midnight.

Typical Street Scene

Rathaus

I won't get to stay for Oktoberfest, so these early morning images will have to suffice. Besides, the conference is quite good, regardless of location (it's actually on an Army base!). And, my legs are not the right kind for Lederhosen (http://www.oktoberfest.de/en/).

Cheers,

Steve