Security Printing and Imaging : VDP

Variable Data Printing and Improved Pharma Product Protection and Brand/Customer Interaction

StevenSimske — Wed, 14 Oct 2009 04:18:00 GMT

My previous post was a link to the excellent In-Pharma Technologist blog edited by Nick Taylor. Nick solicited a posting from me back in April, but I could not find it on In-Pharma, so given a 1/2 year grace period, I think its time to post here:

Variable Data Printing and Improved Pharma Product Protection and Brand/Customer Interaction

Pharma brands are concerned with the integrity of their product. All successful pharmaceuticals have one thing in common: they improve the quality of life of the customer. Counterfeit pharmaceuticals, on the other hand, are harmful to both the customer and to the manufacturer; that is, they can simultaneously destroy lives and jobs. Brands pay many times over for counterfeits: loss of original sale, loss of future sales due to erosion of consumer confidence, loss of market capitalization due to perceived non-efficacy of the product, and potential legal recourse as a consequence of the consumer receiving phony goods.

All pharmaceuticals share another important thing in common. Information about the product must accompany the product. From packaging to labels to inserts, this information is conveyed by printing. Therein lies the solution to the problem.

Printing is pre-adapted for its use in security. Useful already in product identification, the variability printing provides is a natural fit for security. Variable Data Printing, or VDP, is the technology enabling the varying of every aspect of a print job. This is advantageous for individually tagging an item—a process called mass serialization. Mass serialization is a means of ensuring that each label, package or document contains a different identifier that can be read (which means interrogated and the data encoded successfully interpreted).

However, VDP can be used for far more than mass serialization in protecting a product. With security VDP, or SVDP, the different printed regions—be they text, image or graphics—contain not just variable data, but usually uniquely variable data. Also, this variable data can be (but isn’t always) read by some type of inspection, authentication or forensic device. That is, every variably printed region contains not just data, but security information. Thus, every region is novel, or unique identified, and so capable of being interrogated for its information.

To prevent counterfeiting, brand owners need to provide a moving target for the would-be counterfeiters, staying one step ahead of them in the deployment of security features. However, this is a tedious game, and often expensive, as brand owners continually research and purchase new deterrents. SVDP offers, however, an innate moving target—the ability to change the very nature of the variability on the fly. With SVDP, a moving target of deterrents is obtained without having to change the technology.

Linking or hybridization is how the set of variable features relate to one other. Examples of deterrent relationships include replication, hashing, sequence fragmentation [sharing the mass serialization data between two or more variable regions], and other techniques for making the multiple variable regions “cooperate” with each other. One particularly powerful method is to use one deterrent—usually one already used for track and trace or point-of-sale—as the registry “look up” sequence from which the signed-in user may then obtain information on one or more other variable regions. The method of hybridization can be changed from one print job to the next, meaning that the would-be counterfeiter must replicate all of the variable features which are monitored to be able to pass the phony product as authentic. Which “extra” features are actually monitored can be varied from day to day, making compliance both simple and thorough.

Monitoring information-containing printed images is getting easier every day. The near-ubiquity of camera-enabled mobile devices, therefore, strengthens the value of SVDP. Already, bar code interpreting software is native or readily downloaded to most internet-enabled mobile devices. Piggybacking image authentication services for other printed patterns is straightforward to implement.

Different variably printed regions can be used for track and trace, authentication, forensics, recall and other contingencies, or just to decoy the would-be counterfeiters. The way in which deterrents relate can be tied to pragmatic product details. For example, if the shelf life of a product is six months, it makes sense to change the relationship between deterrents every six months, so that expired products also exhibit “expired” security strategies. In the meantime, if certain deterrents are being successfully attacked, then adding new variability to the printed material is another way of gathering information on who the counterfeiters might be—insidious insiders, for example, may quickly incorporate these new variable regions, even if they are not tracked by your authenticators, and so tip their hand to you.

Incorporation of SVDP into the printing is straightforward, as there are only three rules: (1) meet compliance standards first, (2) vary several additional regions, and (3) change the relationship between the variable regions (hybridization plan) frequently.

Counterfeiters know all about SVDP, and they’re reading this and other related articles. Recall that there is no security through obscurity—counterfeiters reading this will know what they’re up against, but will not easily be able to spoof SVDP, except one item at a time (which makes the cost of counterfeiting higher). Thus, SVDP offers a means of staying one step ahead of the counterfeiters without running yourself ragged.

Cheers,

Steve

Conference Time Part I: Extended Packaging

StevenSimske — Thu, 24 Sep 2009 02:12:00 GMT

It's September. The month when most people's gas bills hit rock bottom. Kids are back in school, harvest is still just sweat and fury in the future. Closed are the pools, open are the schools, and life is good. Too good. So, those wonderful conference organizers have nothing better to do than make us travel. Last week and this, I had the pleasure to present at ACM Doc Eng 2009, IS&T NIP25, and IEEE BIdS. I've already posted the ACM DocEng paper and plugged it a few times on this, my blog, but just to complete the trifecta, it's here:

http://www.hpl.hp.com/techreports/2009/HPL-2009-177.html

This blog focuses, however, on one of the NIP25 papers. It's about how to extend the information you add to packaging by using "semi-covert" variable data printing (VDP) driven layout variability, and it's with my long-time friend and colleague Margaret Sturgill. You'll find the PDF here:

http://www.hpl.hp.com/techreports/2009/HPL-2009-316.html

Thanks to Omer Gila for the invitation to present this work,

Steve

Law of Power 4—Always Say Less Than Necessary

StevenSimske — Wed, 22 Jul 2009 04:44:00 GMT

Continuing a reinterpretation of Robert Greene’s 1998 landmark, “The 48 Laws of Power”, I turn his Law #4 sideways (applying the law to the fighting of counterfeiting and other forms of fraud) and then turn it upside down (using the laws to create better businesses).

Given the definition of Law #4, need I say more? Actually, the irony is that to argue for saying less, a relatively thorough post is needed. Saying less is an art. One must say enough, often provocatively, to obey the other Laws of Power (commanding attention, generating mystery, etc.), but not say too much to appear common. Not only is it an art, but it is also the secret of art. Why did Klein pick (and try to patent) the hue of blue known as Klein Blue? Why did Marcel Duchamp “pick” a urinal for his show? Certainly, neither of them was about to tell. What could be more common than a single element in a palette or a single stall in a men’s room? By saying less than necessary, Klein and Duchamp succeeded where many others fail.

What does it mean? Let the other person decide...

Robert Greene interprets the fourth Law of Power as the power to be vague, open-ended, and sphinx-like. Can such ambiguity be achieved through idiocy? Think of Peter Seller’s character in “Being There,” whose sagacity is certified by his oracle-like “I like to watch” and “I can’t read.” Far better to say less—“I like to sit on my fat derriere watching TV” and “I am illiterate” are unlikely to generate a dedicated followership.

My interpretation of Robert Greene’s sense of this law comes from the field of dietary restriction (I have done research in this area in a past life: see for example Ferguson VL, Greenberg AR, Bateman TA, Ayers RA, Simske SJ: Effect of age and dietary restriction without nutritional supplementation on whole bone structural properties in C57BL/6J mice. Biomed Sci Instrum 35:85-91, 1999). Essentially, food and words are death. The human body is designed to cycle only so many calories—say 80-100 million—in a lifetime. Caloric restriction—willingly reducing your caloric intake—will in general lead to a longer life. The same is true of words. Your power base will only survive so many words. The more apt you are to offer free advice and speak your mind, the shorter your lifespan of power will be. We all love to deliver a witty phrase—we’re light at ease after a litotes, literate through alliteration, happy through hyperbole—but few of us are as clever as we think. And each beautiful flower of true bon mot will be lost in the forest of cliché if we choose the road of sarcasm, cynicism and attack.

Greene cites Louis XIV as following Law #4 to the letter: “L’état, ç’est moi” and the smile of Buddha. So much more effective for a long and unchallenged reign than, for example, Coriolanus, whose spite and common complaining took him from hero to zero, from warrior to weary-er.

SIDEWAYS:

Law of Power #4 is important for anti-counterfeiting. Empower your agents in the field; but do not let them talk themselves into ineffectiveness. Focus your education and training costs to make your agents better able to provide the information you need, but not to digest it themselves. Does your agent need to understand everything she sees? Not unless you want to create a potentially powerful double agent. Do not allow any single agent in the field to collect too much information or know too much. Make her capable of conveying value with a credible degree of deniability of knowledge. It’s safer for your strategy and safer for your agents. The best agents, or “feet on the street”, are not just secret agents; they are to some extent uninformed agents. Make sure they are only capable of saying less than what is necessary to compromise your brand protection program. Otherwise, you will always be competing with the highest-paying counterfeiter for the agent’s services.

UPSIDE DOWN:

How can this Law be turned upside down? Isn’t purposely saying less duplicitous by nature? Not if you turn the art of saying less into the art of listening more. Listen to your partners. You and your partner have the following breakdown of problems: (1) Problems you can solve, (2) Problems the partner can solve, and (3) Problems neither can solve. Usually, (1) and (2) are not fully overlapping, but even if they are, you and the partner will solve them in different ways. Indeed, (1) + (2) = (3), and simply listening to how your partner solves a problem you “already know how to solve” may lead to solving set (3). When you talk, you will naturally address either (1) or (3) and so have 0% chance of solving new problems. When they talk, the focus is problems they can solve—and your chance to learn. This is really, really hard work--listening to someone explain how to solve a problem you already know how to solve. But it is the road to learning.

Ultimately, your “power” rests on what you know. Listening is a much harder skill than saying less than necessary. Listening is an active event—unlike hearing, which is passive. Learn to say less by listening. Let your partner finish her thought, and internalize what she says. If different than what you know, then why? Is it because what you had previously viewed as a single topic is actually two or more? What are the conditions to disambiguate these subtopics? Now you’re not just listening, you’re learning. And when you are likewise allowed to share your experiences, true collaboration has occurred. All by taking turns in saying less.

Cheers,

Steve

See Law #3 at: http://www.communities.hp.com/online/blogs/securityprinting/archive/2009/06/16/law-of-power-3-conceal-your-intentions.aspx

Law of Power 3: Conceal Your Intentions

StevenSimske — Tue, 16 Jun 2009 19:34:00 GMT

In a continuing interpretation of Robert Greene’s 1998 bestseller, “The 48 Laws of Power” (Penguin Books), I turn it sideways (using the laws to fight counterfeiting and other forms of fraud) and then turn it upside down (using the laws to create better businesses).

Today we address Law #3: Conceal Your Intentions. This is a law in two parts.

(1) Use decoyed objects of desire and red herrings to throw people off the scent. Greene suggests false sincerity, ambiguous signals and misleading objects of desire.

(2) Use smoke screens to conceal your actions. Always leave yourself contingency pathways.

Many of Greene’s anecdotes focus on warfare and negotiation, and specifically on the cunning of different strategists. Strategies, as can be seen, cannot be “universally recommended”—that is, they do depend on the individual. Kissinger’s prowess as a negotiator, for example, was fueled by his ostensible dullness. Greene portrays Kissinger as nearly lulling his adversaries to sleep and then just as the wave of ennui threatened to submerse them in torpor, he would make otherwise unreasonable demands and get buy-off.

Such a strategy, clearly, would not have worked for Napoleon. Instead, Napoleon’s path to success would have been to put more power in the hands of his competent students of the Laws of Power—Talleyrand and Fouché, for example. Napoleon, being Napoleon, was unable to work with such indirect, “cunning” personalities.

A key to concealing your intentions is to eschew the use of a pattern. This is not the same as foregoing a design. Without a design, you are quite liable to respond to any nuance, distraction, red herring, or ploy of your adversary. The design is essential, as it is nothing else but the pathway from the present to the future. Your design, however, should include decoyed objects of desire and smoke screens to prevent anyone else from determining your design. If your pattern is A, B, C, D, guess what? Your adversary can pick E, F, G, H, etc., to face you. And a smart adversary (you must assume your adversary is smart until proven otherwise) will pick the node in the sequence where she is relatively strongest in comparison to you.

What could be more fun? Combining creativity, design, thinking on your feet and secrecy—concealing your intentions gives you time to collect information on your adversary. And, when the reversal occurs, it should not be ambiguous. When you suddenly reveal your intentions, either because of a (well-earned) reputation for fraud or because it will no longer provide value to conceal your plans forward, do it in full.

Think of Hamlet. The play was indeed the thing to catch the conscience of the king, and Hamlet knew it. He concealed his intentions—was he brooding over Ophelia, going through existential angst, in deep anxiety over an inevitable confrontation with Fortinbras? Meticulously, Hamlet pieced together enough clues to formulate the last stage in his intelligence work. It was the play, with his uncle’s murder of his father echoed in the actions of the players, that would bring out the final, unequivocal reaction in Claudius. After that reaction, the rest of Hamlet’s “contingency plan”, always part of his design, would inexorably bring the bloody end to one of the world’s greatest works of literature. After the play, the rest was almost predestined.

Hidden intent. What am I looking at? What matters here?

SIDEWAYS:

Of the 48 Laws of Power, perhaps none is more central to security printing, anti-counterfeiting and brand protection than Law #3. Variable data printing (VDP) provides ease of printing decoys and smokescreens, while hiding the overall intention.

Since every printed region can be variable, the would-be counterfeiter can take one of three (at least) approaches. First, he may try to reverse-engineer every element of the print job. This is a time-consuming, mind-numbing approach, but the advantages are that the counterfeit samples will inevitably appear more real, and so get by more customers and more retailers and more inspectors undetected. Counterfeiters with substantial R&D budgets (and there are many) will occasionally attempt this approach. Other counterfeiters will do the minimum possible to get their products into the supply chain, and so the counterfeit products will be generally easy to distinguish. However, these counterfeiters may be more interested in replace-and-sell strategies, which are consistently seen for example with large systems (cars, servers, airplanes, appliances, etc.) where the parts are very expensive and the system behaves similarly with the counterfeit parts in place. Thirdly, other counterfeiters will simply move to the inside. It is much easier to spoof a product if you simply build the product. Insidious insiders, third-shifters (factory overruns), and false fronts (“fake” companies that work with all of your suppliers) are a significant threat.

Conceal your intentions with counterfeiters by using variable VDP—changing your VDP design is not much more difficult than printing using VDP. Your design is to change; your pattern of change is your own.

Security printing principles are in direct alignment with concealing one’s intents. Decoys are printed marks used to get a counterfeiter to respond, even though they may not be (normally, ever) tracked or investigated. Use decoyed objects of desire and red herrings to throw people off the scent. Printed marks can also be used as “bait” to get counterfeiters to respond to them—generally, these are overt marks, so the lack of response by the counterfeiter usually means that they will not be able to counterfeit for long. Your response may be about the data embedded, or it may be the appearance itself. Use smoke screens to conceal your actions. These decoys and bait can serve as “contingency” deterrents which can be tracked or investigated in cases of need (recall, change in auditing requirements, new regulatory concerns, change in branding, etc.).

Intentions stripped bare. Nothing to conceal. No future.

UPSIDE DOWN:

Concealing your intentions is obviously to your advantage when dealing with an adversary. Many would therefore conclude that to benefit from the obvious advantages of Law #3, you will treat your business partners as adversaries, concealing your long-term strategy. I argue for a different approach.

Consider your interaction with worthwhile business collaborators and partners the way you might consider your interaction with worthwhile life collaborators and partners at a social gathering. Start with the premise that your story is boring unless the other can share in the story. Get the other person/partner to speak. Be genuinely interested. Every conversation, every partnership, is a learning opportunity. “Conceal” your intentions by engaging in theirs.

“Ah!” you say, “but there is no security through obscurity.” Meaning the would-be collaborator will also know Law #3 and will be applying it on you, as well. And right you are! That’s the beauty of the approach. If each of you applies the “Upside Down” Law #3, then inevitably the conversation will lead to common ground. It takes active engagement, but it does not preclude concealment of your true long-term plans. Both parties benefit from finding a common, profitable area of engagement, without having to say “I’m not ready to share that with you yet.”

Let’s illustrate with a simple example. UBB (Unbelievably Big Business) has long-term plans to take over all fossil fuel surveying, production and distribution. USS (Unbelievably Sustainable Systems) has long-term plans to provide 100% of the world’s energy needs, where possible, with 100% renewable fuels. In drawing into the conversation discussion of sustainability, UBB comes to understand how “grow and sell local” approaches will significantly streamline their own distribution chain. In drawing into the conversation discussion of the need for high-octane, fossil based fuels in many existing transportation networks, USS comes to understand “asset inertia” and also understands better the adoption roadmap for sustainable energy.

A healthy combination of concealment and the visible. Share enough to help your friends, conceal enough to derail your adversaries.

--Steve

See Law #2 at: http://www.communities.hp.com/online/blogs/securityprinting/archive/2009/05/31/law-of-power-2-never-put-too-much-trust-in-friends-learn-to-use-your-enemies.aspx

Summer Camp--not just for kids

StevenSimske — Wed, 10 Jun 2009 03:12:00 GMT

OK, you've been looking forward all Spring to the Summer. Lazy days at the pool, beach, partially reflective tar covered roof, whatever. Then, about two weeks in, reality strikes. You're just as busy in June, July and August as you were when St. Patrick, taxes or the May pole demanded your attention. Don't you wish you could go back to a simple, halcyon time, when all you had to worry about was Summer Camp?

Not very easy in this economic climate, that's for sure. So, why don't you have your Camp, and learn, too? IMI has a solution for you--their Digital Printing Summer Camp 2009. Want to find out how digtal printing--with short runs, customized materials, just-in-time printing, sustainability-friendly materials and use cycles--will lead printing into the mobile, savvy, Gen-W ("whatever!") future? And kick your feet in a lake in Maine?

Give it a go (and read the attachment below--see just above "Add a Comment"--to find out more).

Is this a pitch for IMI? Absolutely. I've attended an IMI event in the past. It's a good thing. You will get a big head!

Here are the courses being offered at IMI’s Digital Printing Summer Camp 2009 on July 27-31, 2009 at the Sugarloaf Mountain Hotel, Carrabassett Valley, Maine. See www.imiconf.com for complete details:

Ink Jet Academy: Theory of Ink Jet Technology – July 27-28, 2009

Digital Printing Markets – July 27-28, 2009

Ink Jet Ink Manufacturing – July 29-30, 2009

Surface Tension, Wetting & Capillarity – July 29-30, 2009

Color & Color Management – July 30-31, 2009

Managing Product Development for Value – July 30-31, 2009

Either way, here's wishing you a happy Summer 2009!

Steve

Law of Power 2—Never Put Too Much Trust in Friends; Learn To Use Your Enemies

StevenSimske — Sun, 31 May 2009 05:34:00 GMT

In 48 posts on this site, Robert Greene’s modern-day Machiavellian masterpiece on the principles of power, “The 48 Laws of Power” (1998, Penguin Books), is being turned sideways (using the laws to fight counterfeiting and other forms of fraud) and then upside down (using the laws to create better businesses).

Today’s blog focuses on Law #2: Never Put Too Much Trust in Friends, Learn To Use Your Enemies. The impetus behind this law is that friends, knowing you well, perhaps ascending to power along with you, are prone to jealousy and privy to your weaknesses. When they turn on you, they generally know more about you than your enemies.

Beware your friends!

SIDEWAYS: The “enemy” for an authentic producer is an agent of fraud. From counterfeiting to coupon fraud, there are a plethora of ways in which all the planning, research, development, marketing and branding costs associated with putting a valuable product together can be squandered by an agent of fraud.

On the other hand, as your countermeasures—security deterrents, investigations, evidence gathering, etc.—become more effective in staunching the plans of your enemies, you drive would-be counterfeiters to theft or toward “insidious insider” activity. In the latter case, it is truly your friends who betray you. Someone working for your company, your brand, your product, sells out to the counterfeiters. When the turn on you, they generally know more about you than your enemies.

In this case, learning how to use your enemies is using the counterfeiters themselves to help you reduce their impact. Security printing, using the power of variable data printing (VDP), enables this. Use multiple printing techniques, including color, special designs, unique halftoning approaches, and other specialty printing, to force the counterfeiter to reveal something about himself when he tries to mimic your legitimate printing. Security printing features such as color bar codes, guilloches, etc., enable point-of-sale, authentication and mobile commerce, simultaneously. With VDP, however, any number of printed regions can be made variable. To use your enemy, the counterfeiter, effectively, use additional security printing features as decoys (make the counterfeiter think you’re inspecting them) or as bait (to make the counterfeiter reveal himself in replicating them).

Robert Greene notes that the reversal of this Law is almost always concomitant with the loss of the friendship. It is best not to mix work with friendship. For this reason, this rule is, in my opinion, strongly amenable to being turned upside down, as described next.

UPSIDE DOWN: Turning this rule upside down to create better business, use former enemies as new friends in the reality of the 21^st century global, distributed, fully supply-chain dependent world of business. The former enemies—your branded competitors—face the same common enemy. Counterfeiters, smugglers, third shifters (for factory overruns), and manufacturers of inferior (perhaps dangerous!) products. Your former competitors can unite with you to produce products that are safer, better-built, more environmentally friendly, more energy-efficient, more sustainable, and a host of other ameliorations. Rather than (rat)race your traditional competitors to the bottom (which is the history of the 21^st Century to date), KEEP THE BOTTOM DOWN. Counterfeiters now comprise the single largest competitor for legitimate brands in many product areas. Use your “enemies”, your former brand competitors, to fight this threat to us all.

Cheers,

Steve

See Law #1 at: http://www.communities.hp.com/online/blogs/securityprinting/archive/2009/05/27/91834.aspx

Law of Power 1—Never Outshine the Master

StevenSimske — Wed, 27 May 2009 05:35:00 GMT

Robert Greene’s eclectic masterpiece on the ethics—or lack thereof—of success, “The 48 Laws of Power”, serves as the stimulus for a set of 48 blogs to come on how to use these laws in fighting fraud (turning his rules sideways) and then using them to create better businesses (turning his laws upside down).

Today addresses Law #1: Never outshine the master. This is an excellent starting point, since the fine balance between attentiveness and obsequiousness and is the difference between a trusted aide and dusted aide. Greene’s chapter on Law#1 focuses on how biding one’s time and waiting for a truly inferior master to shoot himself in the foot is a better strategy than exposing the master as a fool.

SIDEWAYS: When it comes to defeating counterfeiters, not outshining the master means not spending more than the counterfeiter on the deterrents used to protect the product. Good advice here is not placing expensive, eye-catching deterrents on the product that a criminal can credibly spoof for less cost. Remember, counterfeiters are creative, counterfeiters typically invest in R&D, and counterfeiters like a challenge. Some examples are using holograms—counterfeiters can credibly spoof these using anything from aluminum foil to cheap lenticular prints. If you try to outspend counterfeiters, then you typically will. They will find ways to simulate your expensive deterrents for less, taking advantage of the indolence, insouciance or innocence of your retailers.

Robert Greene notes that the reversal of this Law is when the “master” is on his or her way down. Then, he advises, one must destroy the master completely. This is because the “master” is no longer master, and to prevent an angered master from coming back to power (with a grudge against you), annihilation is suggested. This makes sense in the realm of counterfeiting. Let the counterfeiters’ R&D skills shine, tease out their talents with inexpensive overt features. Achieve this with variable data printing (VDP) rather than expensive deterrents, where and when possible. When the counterfeiter tips his hand (by the counterfeiter R&D team’s “signature” in attempting to replicate your low-cost deterrence), destroy him completely.

UPSIDE DOWN: Knowing of this law can be used positively to create a collaborative business environment. Here, the law is “never outshine your partner”. Hold one card in reserve, and offer one card free for public viewing (like the dealer in Blackjack, for example). Never play until you have two strategies, each of which is fully thought out beforehand and which tie together after both are deployed. The strategy you give away for free leads to the one you hold in reserve. Bring in any useful, long-term partner (and any truly useful partner should be considered a potential long-term partner) by giving them something for free, or by letting them shine in the early phase. Do not outshine the partner means to share the publicity, the credit and the early glory. Strategy 2 might even make them look better—that is no small price to pay for longevity of your plans—but should also ensure your goals. The only place to outshine a partner is in the differential balance sheet between what you have with them over what you would have had without them.

Work together. It’s more profitable. It’s less stress, too.

Cheers, Steve

Print 2.0...and Barcode 2.0?

StevenSimske — Thu, 26 Mar 2009 21:17:00 GMT

I just received the updated (5th) edition of "The Bar Code Book" for work on track and trace, security labels, etc. The author has jumped to Trafford, an on-demand printer, http://www.trafford.com/, and the author notes in his forward, "Very little inventory is carried, and the whole process is quite amenable to making changes as updates are required"...in other words, even the sometimes assumed staid, stolid, stodgy, storefront world of barcodes has gone 2.0...on-demand printing is surely a "just in time" solution that actually makes sense to all involved. Reduced waste, instant versioning (if desired), decreased inventory, etc.

All of this makes the supply chain managers and bean counters happy. Imagine what it does for customers. They get personalized, to-the-minute salient information on the topic at hand. Software has versions like 9.0.1.1, why shouldn't books. Imagine getting a book that says, on the title/verso page, "934,567th Printing". Stick around, it's coming.

Why does this matter to security, brand protection and anti-counterfeiting aficionados? Because customization means evey copy is unique. When every copy is unique, every copy can be authenticated. Think of it as the digital way of hand-writing your name on the title/verso page.

Cheers,

Steve

Stocking Stuffers II: Security Printing Acronyms and Getting Started

StevenSimske — Tue, 30 Dec 2008 04:56:00 GMT

[Another whitepaper length summary of some related articles from this year's blog]

PRACTICE Good Anti-Counterfeiting Techniques

I have previously remarked that the approaches to counter counterfeiting depend on the relative mix of addressable and unaddressable counterfeiting occurring in the supply chain. If the counterfeiting is not addressable, then the brand must continue to message the unique qualities offered by their product so that people will want the authentic—and not the counterfeit—product. If a brand owner cannot address the counterfeiting, then the brand owner must provide a product provably superior to the customer. With “unaddressable” counterfeiting, perhaps paradoxically, the brand owner must struggle with the customer, and not with the counterfeiter. If the counterfeiting is addressable, on the other hand, then the brand owner is in a direct struggle with the counterfeiter. And to fight the counterfeiter, a single weapon is rarely sufficient. To deter a counterfeiter takes PRACTICE. And this blog addresses how PRACTICE (Plan, Research, Activate, Collect, Train, Investigate, Convict and Evolve) leads to a multifaceted ecosystem of tactics to prevent, detect and react to counterfeiting.

So, a version of an old joke to start. Patient: “Doc, are you comfortable with your diagnosis?” Doctor: “Ma’am, I’ve been practicing medicine for 40 years.” Patient: “Well, I’d like a second opinion from someone doesn’t need any more practice, and actually knows what he’s doing.” However, any physician worth her salt invests in CME, or continuing medical education. Life is practice. Practice doesn’t make perfect, but it can always improve on the imperfect that is the now. And PRACTICE is the acronym I’ll use for the crucial eight elements in an effective anti-counterfeiting ecosystem. So, let’s take a look, one element at a time.

P is for Plan.

The Plan is paramount, because it anticipates the overall strategy—including the research to be performed. The plan must consider the set of deterrents to be used. Will they be overt, covert, and/or forensic? Who will collect data on them to perform track and trace, inspect, authenticate or forensically analyze? When and how will these deterrents will be researched? When and how will the extent of current and future counterfeiting threat to the product be researched? The plan includes the activation of the ecosystem—the nerve-racking moment when the first products belonging to the security ecosystem roll down the production line—and the data collection roll-out. The plan includes the training: how customers, retailers, inspectors and possibly forensic analysts are educated about the deterrents. How will investigation and potential legal action—based on evidence collection and prosecution—be supported? And, finally, how will the system evolve? That’s right, we must plan for change.

R is for Research.

Research includes how you pick your deterrents. Do you pick ones that are easy for the counterfeiter to spoof? If so, they should cost you nothing. Do you pick one that’s hard and/or expensive for the counterfeiter to reproduce? If so, good, but you need to research how easy it is to use for your would-be counterfeiters. Research also includes understanding the counterfeiting threat to your supply chain. If you think it is small, you’d better look hard. It’s much easier to show it is a large problem than a small problem—sorry, that’s just the nature of statistics. You need hundreds of samples from any relevant section of your market to be sure the problem actually is small.

A is for Activate.

After your research plan is completed, the system must be turned on. This is a huge step—maybe more accurately a “step function”—but the bump of activation can be smoothed by starting small. A 2D barcode is one way to collect information on where your products are going, but some companies start even smaller. Think of the soda pop folks who print numbers under the caps on their 20-ounce plastic bottles. They’re not doing this so you can win a free can of pop—they’re doing it to see where the unique numbers are going, and validate their supply chain. Their “activation” is a matter of setting up a website and asking people to web/dial in the numbers under their caps. No—this doesn’t give true track and trace, and certainly not authentication, but it does help them collect data (see next step!) useful in assessing just how big a problem they have on their hands. Activation in full-fledged, label-based security printing and imaging means having the deterrents integrated into the digital front end of the printing. It means having all of the inspection and authentication algorithms, devices and reporting systems fully tested, qualified and in place for the long run. And, it means integrating the data with your existing manufacturing, distribution and reporting registries.

The first C is for Collect.

Collecting data is not just about reading the 2D barcodes and other printed features on the label, packaging or document. A lot of data must be collected beforehand, as part of the research. One way to get this kind of data is described in the previous paragraph. However, data must be collected on an ongoing basis to determine the extent, location and nature of the counterfeiting threats. To determine the extent, one must research all channels for sales—from supermarket to information superhighway. What percentage of the product in each channel is counterfeit? How many counterfeiters are there? Do the counterfeiters work together? This data is crucial for later investigation and legal reaction to counterfeiting. Other data is also collected on an ongoing basis—inspection, authentication and forensic information on the quality of the printed deterrents. I will talk about specifics of these data in a later blog.

T is for Train.

Training, or educating, the actors in the product’s supply chain, is tied to the ecosystem planning described above. If you are relying on your end customers to validate—inspect and report anomalies, authenticate, whatever—the product, then you have to provide reliable and easy—preferably really easy—steps for them to follow. If you trust your retailers and want them to authenticate, the training can be a little—but only a little—more involved. If you are relying on paid inspectors, the training can be more complicated, but in general they will still need to be able to validate the products with relatively simple, cheap and portable devices. The training plan approach is similar to the one you must take for auditing and compliance with most government bodies—for example, NASA and the FDA. The most important consideration is to have a process in place and to then follow it. If you don’t follow the process, your data won’t link together, you won’t pass an audit, and you won’t have reliable estimates on the extent of the counterfeiting. Additionally, abandoning a process just because counterfeiting is occurring causes confusion for those who wish to legitimately validate your product. Counterfeiters love confusion, it helps them in their (non-legitimate) supply chain. There are better ways to address future counterfeiting, and I’ll talk about the “innate moving target” shortly.

I is for Investigate.

A lot of brand managers fail to understand that in order to investigate, you typically need an additional type of data to the data you use for track and trace, authentication or inspection. Investigations depend on the investigation plan—how data is collected, retained, analyzed and acted upon. Dynamic research is required. If you start to see sporadic counterfeiting in a new area, for example, it is often the case that these counterfeits originate in another, already “counterfeit-established”, region. Investigation is necessary to test for the link(s). And just investigating the “publicly known” security features may not be enough. Instead, additional features of the product—up to forensic analysis of the printing and/or product ingredients—may need to be analyzed to uncover the counterfeit supply chain. I’ll talk about the collection of salient investigative data in more detail in a later blog.

The second C is for Convict.

How do we get a conviction? Well, first of all, you can’t convict anyone if what they’re doing isn’t illegal. So, brand owners who are not working with government (e.g. FDA) and other compliance bodies (e.g. GS1) are encouraging the counterfeiting of their products. If you’re in organized crime and are still resorting to the old ways—gambling, prostitution, weapons, drugs—you’re a fool. Counterfeiting is easier, more rewarding (higher margin!) and less risky. And, brand owners, stay with me here: counterfeiters already know this. So, help stiffen the penalties for counterfeiting, smuggling, product diversion, and other forms of fraud—security is about detection and reaction even more than prevention. Without an onerous reaction, there simply is no deterrence. Even if your deterrents cannot be beaten. With no reaction and unbeatable deterrents, all you do is force the bad guys to resort to old-fashioned insider jobs. Bribery, extortion, blackmail, eavesdropping, collateral theft—they have a lot of options. And they’re creative, so this list is just a sample. To get a conviction, you will need the laws in place. Additionally, to get a conviction, you need an auditing, compliance and data integrity plan. In many countries, even the counterfeiters are presumed innocent until proven guilty. Make sure your data is credible, auditable, and usable. If it’s not, it’s not data, it’s just wasted storage space.

Finally, E is for Evolve.

“They” say people don’t like change. Then, another “they” say that people do like change, and that to be human is to change. “They” are both correct. We like change, when we see it coming. In anti-counterfeiting, we see it coming when we design our security system to be an innate moving target. That is, the system is designed for change, benefits from change, and anticipates the need for change. However, these changes do not cause a system reset, a brand protection blue-screen, a full stop. They simply require the existing system to change its settings. Maybe the counterfeiters have to fully reboot, but that’s OK. Remember the rule, any system that makes the counterfeiters spend more than the brand owner is a deterring system. Any system that doesn’t needs to be changed. I’ll cover this topic more fully in future blogs, including the next.

For now, let’s put PRACTICE into practice. In a healthy anti-fraud ecosystem, all elements of PRACTICE are working together, deployed together and designed to detect counterfeiting as fast as possible. The world’s hardest-to-reproduce deterrents are often compromised precisely because they are the hardest to figure out by someone wanting to validate, too. The difficulty of reproduction is frequently associated with size, features or effects that are also hard to educate people on. An example when the product relies on uneducated consumers to check product validity is the “variable hologram”. Customers are used to looking at holograms for some striking visual effect, but they have no idea the effect should be different from one package to the next—let alone how.

The deterrent used, therefore, must match the training given to the would-be validators. And the only way there is an appropriate “impedance match” between the deterrents and how they are successfully used in the ecosystem is if the planning occurs first, the research second, and the activation third. As with all successful security approaches, security printing will only work if it is built from the ground up.

This form of PRACTICE outlines an end-to-end process for initiating and supporting an anti-fraud program. Each of these—from Plan to Evolve—involves by itself multiple processes as well. Let's look more closely at on two quite different types of processes, each focused on the “Investigate” portion of PRACTICE. The “Investigate” portion includes the continual accumulation of data on the counterfeiting of your product. One means to do this uses security variable data printing, or SVDP. This is the use of multiple variable deterrents to draw out the “style” of the counterfeiter. That is, SVDP regions can be used as “bait” or “decoy” deterrents—not to force the counterfeiters to “replicate” the data in the printed region, but instead to force the counterfeiter, through trying to replicate the appearance of the printed region, to identify himself. This is because complex printed regions cannot be scanned and re-printed without modification. How a counterfeiter will try to reproduce such a complicated region—the choice of color, intensity, spatial frequency, contrast and other transforms the counterfeiter uses—provide a signature for the counterfeiter’s style. This process is an example of an a priori process, in which the data to be collected is designed and deployed. Another means to continually accumulate data on the counterfeiting of your product is to perform a posteriori analysis of the product, and compare the analysis results to those expected of legitimate product.

As a non-printing example, John Jasper, head of Molecular Isotope Technologies (MIT), writes, “Process patents are mechanisms by which to protect and extend the patent-protected lives of pharmaceutical products. They are typically supported by the analysis of reaction impurities, trace metals, etc. Natural stable isotopes present a novel source of information recording evidence of the process manufacturing history – particularly, the synthetic pathway – used to produce pharmaceutical and other chemical materials…[Our] work in the area of product authentication showed that every batch of pharmaceutical materials had a highly-specific ‘isotopic fingerprint,’ allowing individual batches of materials to be tracked and counterfeit batches to be identified.” In other words, MIT’s process for analyzing the reagents in a pharmaceutical are precise enough to disambiguate between the authentic and the counterfeit processes involved in production.Image forensics, not surprisingly, can also be used in an a posteriori manner. The process is, on the surface, similar to the a priori approach: printed regions are analyzed for their characteristics, and different regions classified and clustered to help identify the number and size of the counterfeiters in your supply chain. The difference is that, using such an approach, a suitably difficult-to-reproduce printed area must be identified without the benefit of SVDP. So, a word of advice: if you want to identify counterfeiters, don’t make it easy on them—use SVDP or at minimum a few regions of difficult-to-reproduce printing (natural images, designs such as guilloches, etc.). Otherwise, you’re simply making their job easier, and that’s one process that makes no sense.

Universal ACID

Here I focus in on one specific technology which, if used properly, can help tips the odds in favor of the legitimate supplier and the concerned customer. Variable Data Printing, or VDP, provides the capacity, if so desired, to vary every aspect of a print job. However, for ease of making the print run compatible with the graphic artist’s design for the label, package, document, or other printed material, variable data printing is usually associated with a database that is populated before the job is “ripped”; that is, set to final printing commands by the RIP, or raster image processor.

A simple VDP job is outlined here:

Static elements (background, brand logs, three empty copy holes)

Copy hole #1: Database for 2D bar codes

Copy hole #2: Database for unique text sequences

Copy hole #3: Database for watermarked images

When the RIP occurs, the static portion is printed quickly (usually stored in a cache for quick “ripping”), and then each of the copy holes is filled based on the reference for that printed material, pulling the correct bar code, text sequence or watermarked image from the database and rendering it to the copy hole. In security VDP, or SVDP, the copy holes contain not only variable data, but usually uniquely variable data. Also, this variable data can be (but isn’t always) read by some type of inspection, authentication or forensic device. That is, the copy holes contain data. Most readers are probably familiar with mass serialization, but if not, I will describe that in more detail in an upcoming blog. Suffice it to say for now that mass serialization is a means of ensuring that each copy hole on each printed material—e.g. label, package or document—contains a different identifier that can be read (which means interrogated and the data encoded successfully interpreted).

Once you understand the power that variable data printing brings, it is universal acid—you realize it cuts through everything. And in this case, universal ACID means All Content Is Dynamic. Not just variable—but variably variable, or dynamic. Every element printed can be a variable copy hole and so our scenario above shortens to: For every region on the printed material, Copy from Database for that region Thus, every region is novel, or unique identified, and so capable of being interrogated for its information. In anti-counterfeiting, we wish to provide a moving target for the would-be counterfeiters, staying one step ahead of them in the deployment of security features. However, this is a tedious game for us as well as the counterfeiters. SVDP offers us, however, an innate moving target—the ability to change the very nature of the variability on the fly. With SVDP, we have a way of providing a moving target without having to change our technology. VDP is the technology that provides a continual, built-in moving target. SVDP allows us to interrogate the information that is printed variably. This means that SVDP extends variability beyond just having a different identifier in the variable copy hole. It provides a who, what, when, where, why and how variability to the security printing RIP.

Who varies the job can tie the set of deterrents deployed—and how they link together—to a particular press operator, SKU, brand, or other logical units. By linking, we mean how the set of variable features relate to one other. Examples of deterrent relationships include replication, hashing, sequence fragmentation [sharing the mass serialization data between two or more variable copy holes], and other techniques for making the multiple variable regions “cooperate” with each other. One particularly powerful method is to use one deterrent—usually one used for track and trace or authentication already—as the registry “look up” sequence from which the signed-in user may then obtain information on one or more other variable regions.

What is varied also depends on how many security deterrents the brand requires—some for track and trace, some for authentication, some for forensics, some just to decoy the would-be counterfeiters, some to be used in case of recalls or other contingencies, etc.

When the deterrents are varied—or more importantly when the variability pattern is changed can be tied to pragmatic product details, For example, if the shelf life of a product is 6 months, it makes sense to change the relationship between deterrents every six months, so expired products also exhibit “expired” security strategies.

Where the variability is provided can change, too. Variable regions can be made static, and static regions can be made variable, over time. This keeps the would-be counterfeiter grasping at straws, and yet can still accommodate using a consistent variable deterrent, such as a 2D barcode, over time.

Why the deterrents are made variable depends on the realities in the supply chain and in the hands of customers. If certain deterrents are being successfully attacked, then adding new variability to the printed material is another way of gathering information on who the counterfeiters might be—insidious insiders, for example, may quickly incorporate these new variable regions, even if they are not tracked by your authenticators, and so tip their hand to you.

Finally, how the variability is provided is up to you. With VDP, there are so many “how” possibilities that you are being remiss as a brand owner if you fail to do either of the following two VDP processes: 1) Make a plethora of regions variable2) Change the relationship between the variable regions frequently In other words, we vary the way we vary the variability at various times. It’s VDP to the nth. And the more variable regions you have, the more security bits you can print.

We have to assume that the counterfeiters are aware of all these possibilities. And, at first, they appear rather daunting to the would-be counterfeiter. But, counterfeiters don’t react the way we expect them to, and so we have to be prepared for the unexpected. To help illustrate this, in the next blog, I am going to show how we might set up and defend our own counterfeiting business! And who knows, maybe SVDP will pass even this test…

Are You Making It Too Easy for Counterfeiters? Then, Let Me SLAP You!

Acronyms and anagrams are excellent means to simplify a message and to provide easy recall of this message (thus, the word “mnemonic” [Greek origin]—assisting or intended to assist the memory). For example, in 3^rd Grade, I figured out that my last name was an anagram for “KISS ME”. And I conveyed this knowledge to all of my female classmates. Which, not coincidentally, leads us to discussing the mnemonic SLAP.

SLAP, in the case of producing an effective ecosystem for brand protection and anti-counterfeiting, is an acronym for Scalable, Logical, Analytical, and Progressive.

Scalable means that the solution you propose can be used on multiple production runs, multiple products (SKUs), and for a reasonable amount of time. Don’t try to “divide and conquer”—that is, don’t use a completely different approach on different products. It will confuse your customers, your retailers, and your inspectors. Not only will it make it more difficult for you to get good authentication feedback, but you actually may increase the perception that your products are being counterfeited. Product “A” has deterrents 1, 2 and 3 on it, but Product “B” has deterrents 4, 5 and 6 on it—hmmm, one of these is probably fake. Or, worse yet, the would-be authenticator simply tunes out—too complicated, not worth it, too hard to figure out how to authenticate the product. Keep the message simple, and use an innate moving target for deterrence rather than actually changing the target. Security Variable Data Printing (SVDP) is such an innate moving target. One can change the information embedded in the security print, but never change the way a user interacts with it. And, because SVDP affords so many different means of embedding trackable and authenticable data, it is innately scalable, as well.

Logical means, well, think! Don’t make it easy on the counterfeiters. Here are some illogical approaches: (1) Spend a lot on your deterrent (counterfeiters love these “high margin” deterrents, because they’ll always knock them off more cheaply, and it decreases your margins while increasing theirs); (2) Use a deterrent/approach for only a short while and then stop using it (now your would-be authenticators don’t know what to expect—was it the old deterrent or the new deterrent, and which is legitimate). Much more logical: any time you roll out a new deterrent, which is unavoidable for some products—educate your authenticators; (3) Confuse different utilities in a familiar approach. Using variable data inside a hologram is one such example—most users think holograms are “variable” already, and aren’t likely to even notice the fact that one hologram is different from another; (4) Confuse machine vs. human readability. If you use a deterrent intended for machine reading, then embed data in a way that machines can read better than humans. And vice versa. Humans, for example, are very good at noticing alignment differences and relative color differences. Mach bands and other optical illusions are entirely invisible to machines. Machines are much better at noticing absolute color differences and of course steganographics such as watermarks. Meaning metamerisms are mainly meant for machines (alliterative, no?).

Analytical means your approach to the ecosystem should be geared at generating quantitative data. What is the compliance rate (i.e. what percentage of would-be authenticators actually try to authenticate)? What is the counterfeit rate? Read failure rate? If you can’t disambiguate these latter two—counterfeit vs. read rate, that is—you do not have an analytical solution. SVDP again underpins such an analysis: a counterfeit sample will generally have a different combination of print quality, print forensics and payload (data to be read) than a legitimate but unreadable—e.g. damaged, read with poor lighting, etc.—sample. Because of the multiple modalities—color, saturation, intensity, steganographics, halftoning, etc.—involved in printing, SVDP provides many on-ramps for analytics.

Progressive, finally, means that your approach allows progressively more complicated analysis to proceed smoothly. From an imaging standpoint, this means we move from image quality assessment (image “grading”) to image inspection to image authentication to, finally, image forensics. At each stage, a more in-depth analysis—and thus more difficult to reproduce—of the printed material is obtained. Making the first stage, image grading, relatively fast and painless, is an excellent way to generate “leads” from your customers. HP and many other brands address this by using “high-end” overt deterrents on their packaging. Customers are familiar with the motif—color-shift, thermochromic, etc.—and so notice when these have been unsuccessfully knocked off. Inspection ties layout and partial authentication to quality. Authentication ties the print job to the database of legitimate products. Forensics ties the data to the very material printed on, as discussed above.

Happy 2009!

-Steve

Stocking Stuffers I: Evolution Whitepaper

StevenSimske — Tue, 30 Dec 2008 04:52:00 GMT

[Part one of whitepaper-length recap's from this year's blog]

An Evolving Allegory

As an allegory for security printing, I have borrowed the concept of pre-adaptation from evolutionary biology. In the next few blogs I will borrow much more extensively from the concepts and terms in evolutionary biology. Evolution and security, I will argue, have a lot in common. Both accept the fact that change is inevitable, not always predictable, and if used properly a systemic advantage.

To set the agenda, I had the pleasure to re-read many of my Stephen J. Gould and Richard Fortey books. Two gentlemen who really knew/know how to write science essays. And, their great essays and chapters have the set the agenda for the five evolution-inspired blogs:

1. Pre-adaptation

2. Co-evolution

3. Mimicry (including Batesian mimicry) and convergent evolution

4. Survival of the fittest, modification, teleology, progress and complexity

5. Punctuated equilibrium

Pre-Adaptation

Pre-adaptation, also known as exaptation or “co-option”, is an instance in which a pre-existing anatomical structure eventually finds utility for a different purpose. A classic example is the pre-adaptation of sweat glands for use as lactating glands in mammals. Milk flow derived from earlier perspiration flow. Perspiration had utility, of course, in heat regulation (and possibly in the attraction of mates—deodorant was rare in the Triassic), and over time the survival advantage offered by the nursing of offspring selected for more and more productive sweat-as-mammary glands.

The other classic example is the pre-adaptation of feathers for wings. Feathers were originally selected for based on their utility in thermal regulation. Over time, presumably a cooling one, longer and more full feathers were selected for, and eventually some small feathered animal (such as the archaeopteryx, the fabled half-dino/half-bird) started seeing the structure and utility of its feathers no longer being selected solely for thermoregulation, but rather for the survival advantage of gliding and eventually flight.

We come to printing and security. How is printing pre-adapted to security? Printing is usually selected for, by the brand owner (detergent company, ticket salesperson, marketer, etc.), for its purpose in helping the customer identify the brand, obtain product information, or purchase the item (think about that bar code scanned at the cash register). In other words, printing has a large set of valuable roles already. Some brand owners select products based on the vividness of the printing, image quality, or layout of the printing. Others are simply looking for the printing of a trusted brand. Regardless, the printing already provides value.

Printing can also be used for security. With the use of security variable data printing, or SVDP, every package, label, ticket or other printed item can contain a unique set of embedded information—bits added to the variable region. So, for example, a 2D data matrix bar code may hold dozens of bits of information; a watermarked image may hold another few dozens of bits; and a variable line of text may contain a few dozen more. This type of “printing variability” illustrates how printing is pre-adapted to overt and covert security. So, VDP, originally selected for due to its powerful means of customizing printing, is pre-adapted to multiple roles of security.

Another aspect of printing is loosely pre-adapted to use in security. This exaptation is the parasitics that form when printing occurs. Parasitics are variations caused by the process of depositing ink on a substrate. For inkjet ink on office paper, as an example, the fibers in the paper will differentially wick the ink in the direction of the fibers. This “random” pattern of ink on the paper can be used as a difficult (if not impossible) to reproduce forensic mark.

Thus, printing can be used to provide all three types of security features—overt, covert and forensic. Not sure if it will be as useful in thermal regulation, but many a printed item, if folded properly (see http://paperairplanes.net/), is indeed pre-adapted to flight!

Co-evolution

Co-evolution is the process by which two species simultaneous exert selective pressure on each other, termed “reciprocal evolutionary adaptations”. Flowers and bees are a good example of mutualism, wherein the shared selective pressure results in a tangible advantage for both species (the flowers get improved pollen dispersion, the bees get the raw ingredients for honey).

Co-evolution can be less synergistic—predators and prey co-evolve, too. When natural selection leads to a cheetah adding on a few more kilometers/hour, the antelope, with a different architecture, can’t keep pace, and so if it is to survive, selection may lead it in a different direction. Thus, the ability to stop and/or change direction on a dime.

Co-evolution also includes the interaction between a host and a parasite. Think of a virus which kills its host every time. In order for it to find another host to support its progeny, there is selective pressure for it to let its host survive. Over time, then, it is selected to become less virulent to its host, and a more stable host-parasite relationship ensues. Such a long-term relationship is analogous to that between the oak and the mistletoe, or that between Dilbert and the Pointy-Haired Boss (http://www.shatteredmoonlight.net/phb/). It is important for the host (oak, Dilbert) to survive so that the parasite (mistletoe, Pointy-Haired Boss) doesn’t perish looking for another victim.

The examples above focus on paired co-evolution. However, in some sense, all species are co-evolving, and so co-evolution can be extended to sets of three, four or more species, interacting and significantly affecting each other. When three or more species are considered together, the situation is termed "diffuse co-evolution".

Co-evolutionary terms can be applied to arenas outside of evolutionary biology. For example, the size of car seats (to accommodate the size of people’s hind quarters) has co-evolved with the size of drink cup holders in the same cars.

This means we can apply co-evolutionary concepts to brand protection. Properly architected, a brand protection ecosystem illustrates mutualism, or the synergistic co-evolution described above. Some of the main principles of mutualism are: 1. Mutual benefit to each species involved.2. All species are free to adapt, independently forming secondary (diffuse) interactions as necessary.3. Collaborative (multiple species often providing complementary and/or redundant capabilities).

In brand protection, the complementary use of RFID and security printing can create a co-evolutionary situation. RFID should be used for shipping and tracking big items, and in other situations in which “line of sight” reading is not possible or tractable. Security printing should be used for smaller items, where “line of sight” reading is possible, and where RFID costs preclude their use. RFID and security printing, therefore, can complement each other for supply chain visibility, product tracking, security and authentication. They are mutually beneficial—RFID helping in workflows for which interrogating printed information is too costly, and security printing helping in workflows for which the item cost of RFID is too costly.

RFID and security printing are also free to adapt. For example, if RFID is someday efficiently and inexpensively printed, security printing may subsume the RFID process and the two will more closely combine. On the other hand, if next-generation printing technologies subsume more and more manufacturing processes—power, sensors, displays among them—a strong partnership between printing and manufacturing (as well as RFID) may create a new type of “diffuse co-evolution”. It will be exciting to see what the market selects for as technology moves inevitably forward.

Mimicry (including Batesian mimicry) and convergent evolution

Change isn’t always for the better. You can, for example, be short-changed. You can change from bad to worse. You can change your Outlook (Microsoft or otherwise). Or you can change a diaper (well, this is better, presumably, for the wearer of the diaper). Even in evolution, change is not for the “better”. Change simply is a consequence of genetic variability implicit in meiosis, mutation and mistakes innate to the reproductive processes.

Our interpretation of genetic change, therefore, depends on the perspective from which we view the change. As I discuss convergent evolution and mimicry in this posting, then, please keep in mind that usually one partner in the convergence/mimicry benefits more than the other.

Convergent evolution and mimicry are two of the most powerful concepts in evolution, as they directly relate to the change wrought by evolution. Since security printing and imaging, and the related supply chain and brand protection issues it addresses, must evolve as technology evolves, I consider these concepts as Part Three of the “evolution analogy” series.

Convergent evolution is the term for analogous structures that arise in genetically unrelated species as a consequence of their environment selecting a similar role for both species. This is different from a homologous structure, which arises in genetically related species. Examples of convergent evolution include:

1. Koalas and humans have independently evolved fingerprints

2. Bats and birds have independently evolved flight

3. Bats and toothed whales have independently evolved sonar-like capabilities

4. Opossums and humans have independently evolved opposable thumbs (pandas, too, although their thumbs are actually extensions of their wrist bones)

Examples of homologous structures are even more plentiful, including:

1. Robins and sparrows can both fly

2. Chimpanzees and humans both can walk

3. Giraffes and seals each have 7 vertebrae in their necks

4. Garter snakes and pythons each can slither

In security printing and imaging, these terms can refer to printed deterrents (homologous structures) and printed vs. non-printed deterrents (analogous structures, or convergent evolution). Security printing is the use of digital variable data printing (VDP) to add information to printed material. Bar codes contain bits of data suitable for disambiguating one item for sale from another item for sale. 1D and 2D bar codes contain different densities of data (number of bits per given area), but may contain the same (point-of-sale, track and trace, etc.) data. Thus, they are homologous (related and having similar utility).

Homology extends to any printed information that can be read and translated; that is, decoded from an image. So, printed features such as color tiles, guilloches, copy-detection patterns, watermarks, and their kin, are homologous—each is a species of the genus “security deterrent”.

Convergent evolution of security printing and RFID, however, is perhaps of more interest. Will all RFID tags be printed with electromagnetic ink (metallic or organically based, for example) someday, and RFID printing simply be incorporated as part of the printing-as-manufacturing process? Or will RFID manufacture move toward nominal cost along another route, and so reduce the importance of printed features in security? If the latter, then the current convergence of utility of RFID and security printing may become an irrelevant distinction—that is, RFID will effectively become “extinct” and become simply a part of printing, or conversely security printing will effectively become “extinct” as RFID assumes the roles of unique identifier, copy-prevention and tamper-evidence.

It seems more likely, though, that we will continue to reasonably view RFID and security printing as two separate species. Two species that are, in some respects, are undergoing convergent evolution. RFID is being extended to include tamper-evident information, using features such as what I term “RFID apoptosis” (programmed suicide possible with “KILL” and related RFID features) and signed additional bit strings. RFID is also, increasingly, being used for additional informational purposes, such as RFID-enable hardware in everything from car tires to refrigerators. Security printing, meanwhile, banking on the innate and broad adaptability afforded by digital VDP (variable data printing), has long been able to provide functionality like that of RFID. Bar codes provide EPCglobal or other mass serialized unique identifiers. VDP lends itself to an inference model based on either pre-printed serialization or inline serialization with real-time inspection. All security printing is missing is non-line of sight reading, although the development of conductive and other metallic inks indicates this hurdle will also soon be overcome.

Interestingly, RFID and security printing continue to “radiate” in terms of their phenotypic utilities, even while converging with respect to each other. This is easier to understand when one considers that they are converging to the same logical set of utilities: track and trace, authentication, point-of-sale, inventory management and forensics.

We come to Batesian mimicry, which is different from convergent evolution. Batesian mimicry can be simply described by example: The “classic” Batesian evolution is when uncommon, tasty animals resemble abundant, foul-smelling/noxious animals. Think of the yummy little bug that looks so much like a nasty tasting bug. Monarch butterflies and wasps have plenty of Batesian mimics out there.

Batesian mimicry also has an analogy for security printing and imaging. Security VDP affords the brand owner the ability to print a surfeit of security features, some overt and some covert. Some of these are tracked (inspected, authenticated, used for track and trace), and some are not. Those that are not, as I’ve noted in past blogs, can be used as “decoys” to get counterfeiters to try to mimic. They can also be used solely for forensic analysis of the counterfeiters, in which case they are not just decoys, but also bait. So, these excess deterrents are Batesian mimics of the tracked deterrents, and your would-be counterfeiter, in an effort to capture all the legitimate deterrents, will also swallow a number of Batesian mimics. The key is that at least one of the security VDP deterrents does in fact leave a bad taste in the counterfeiter’s mouth!

Survival of the fittest, modification, teleology, progress and complexity

Survival of the fittest

One of evolution’s tautologies is survival of the fittest. Whatever is best fit to survive, survives. Whatever survives is, by extension, fittest to survive. A lot like que será, será—whatever will be, will be. Sure, we get it—it’s a definition! However, this is a tautology only when taken from an a posteriori perspective (like the intellectually bankrupt concept of “social Darwinism”). From a different perspective—the a priori perspective—survival of the fittest is a contingency based on the future fitness of a species in a changing environment. And, while you’re living in the here and now, you don’t have 100% clarity of the future. What makes you most fit for survival is not fully known.

You may need contingency traits, which are extra traits that will allow you to respond better to the changing environment. Species that will survive and thrive when the world changes are species that have, serendipitously, differentiating attributes. This means that different future environments will have different future survivors and different definitions of fitness. Fitness is, indeed, arbitrary. Ask any marathoner meaning to bench press 300 pounds, or any bench-pressing behemoth pondering a long run—“fitness” depends on the context.

Since change is inevitable, and since you cannot predict with 100% accuracy what the future environment will look like, it may make sense to have multiple contingency traits to maximize survivability. This is a little tricky for a biological species, but much easier for a security printing job. Contingency deterrents can be added readily by a security variable data printing (SVDP) engine—these are deterrents not currently tracked, traced or authenticated. Contingency deterrents can be used to decoy or bait counterfeiters; in cases of recall; or as “back ups” for currently used deterrents. One contingency is that a counterfeiter “breaks” (reverse engineers) a currently used deterrent. The contingency deterrent allows you to roll over to the already-in-place, previously-unused deterrent—to move from counterfeiting to “counterfitness”.

Modification

Modifications are the driving force behind evolutionary changes. Mutations are the genetic basis for these modifications. Mutations are considered “random” in evolutionary terms—there are no Lamarckian mechanisms for translating life experience into gene alteration. These stochastic changes in genotype lead to (relatively) unpredictable changes in phenotype, and so provide the basis for different levels of “fitness” in a changing environment.

In security printing, modifications are built in to the surfeit of variable data features—so-called “contingency” deterrents described above. These allow a security printing protected product to modify in its strategy—how it deploys deterrents for QA, inspection, tracking, authentication, forensics, decoying and baiting.

Teleology

Teleology is “the study of design or purpose in natural phenomena”. In security printing and imaging, evolution and intelligent design are not internecine concepts. An intelligent design for your security printing anticipates contingencies—the need to stop using a deterrent once counterfeiters have successfully “broken” it, for example. This is termed the innate moving target offered by security printing. In security printing, an intelligent design is indeed one that will evolve as the environment in which it works—an environment that includes reputable and disreputable people alike—evolves.

Progress

Chris Hedges argues in his recent book that one mistake made by extremists of any political, philosophical or ethical flavor is that of assuming we are on the road to progress. However, history teaches us that the process of progress and regression is cyclical. The price of freedom—and progress—is constant vigilance. And once vigilance relaxes, regression seizes the opportunity.

An evolutionary approach to security printing makes no such assumption. An “innate moving target” assumes and endless competition with the counterfeiters. Some times you stay ahead of them for while in this arms race—like the ancient Hittites with their chariot—and sometimes they figure it out quickly. Especially quickly if they bribe one of your own people!

Complexity

The most complex species are generally those most specified for their environment. Horse, humans and hippos are good examples. Will these species evolve into something else? Perhaps. But history warns that bacteria will be around long after hippos, humans and horses are simple part of history. Stephen J. Gould contrasted the frequency of occurrence vs. complexity long-tail phenomenon in one of his works (Three Rivers Press, 1996, Stephen J. Gould, “Full House”, pp. 170-171, the “power of the modal bacter”). Some highly complex species will always evolve, but the majority—and those that survive—will be the simplest.

In security printing and imaging, for example, it is easy to add complexity to your deterrents. A simple example is the use of serif vs. sans-serif fonts. Another simple example is the adding of steganographic information to all of your images. But simpler is usually better. Use multiple security printing deterrents together, and simply change the way the data in one relates to the data in the others. Your deterrents will “live longer” and all of your changes will be made in software, and not in the selection of deterrents themselves.

You’ll live longer, too. Species under less stress survive longer. I suggest security VDP as a survival tool for the fittest of printing professionals!

Punctuated equilibrium

The final section of the security printing/evolution allegory is punctuated equilibrium. Punctuated equilibrium is an evolutionary biology hypothesis largely attributable to Niles Eldridge and Stephen Jay Gould in 1972. The theory states that species normally undergo relatively modest phenotypic change. However, when phenotypic (outward appearance) evolution occurs, it involves rare and relatively rapid change in the genetics of the species. Thus, the genetic similarity for the population is “punctuated”—changing rapidly for a relatively brief period, then changing slowly over a much longer time period.

Punctuated equilibrium does not oppose gradualism, the relatively secure theory of evolution that proposes an incremental change during evolution, with no great discontinuities between generations. Gould noted that punctuated equilibrium is supported by the fossil record, in which species are stable, phenotypically, for long periods of time; then, their descendent species appears in a relatively small time period.

If punctuated equilibrium exists, then what drives this seeming accelerated change? Why does the evolutionary rate seemingly increase? My perspective is that the rate does not necessarily change at all. Instead, the effective rate changes only because the environment itself is changing. So, the normal rate of mutation results in changes that lead to enhanced survival rate precisely because the environment can change faster than the based rate of change. As an example, a comet hits, and all the old advantages for survival—say, size, strength and speed—are less relevant. What survives now may survive because it was actually less fit in the old environment. Thus, the apparent rate of change increases only because the fringe members of the species that do survive become the norm of the “new” species that survive later.

Punctuated equilibrium has been applied to other fields. For example, in 1993, Frank Baumgartner and Bryan Jones noted that policy change can be described by punctuated equilibrium, inasmuch as policy changes slowly while one regime, party or system is in power, and then tends to change greatly when there is a transition in leadership.

We can apply this to printing, as well. Evolution was slow until the Johannes Gutenberg punctuation of 1440 helped change the slow and laborious process of scribes to the relative speed and efficacy of typed printing. Digital printing, certainly for security and customizability, is providing another “punctuated equilibrium” currently. However, the environment in which printing exists is changing quickly, too. The Internet and other fully-electronic workflows (RFID, for example) mean that many aspects of “traditional printing”—that is, printing 20 years ago—are no longer relevant. Printing that survives will seemingly change faster than the actual printing technology is changing, precisely because the “leaps” will likely survive better than the incremental changes. For example, look at the “–ology” series (http://www.ologyworld.com/), in which printing is merged with “manufacturing”—the inclusion of feathers, flaps and felt, for example—to successfully differentiate the “in-hand” from the “on-line”.

In security printing and imaging, punctuated equilibrium can be used to advantage. With a plurality of printed security deterrents, the brand owner can readily switch between the current deployment of deterrents—which are used for tracking, authentication, forensics, decoying and baiting, any combination thereof; or simply unused for the moment—to a new set and change the security strategy. The outward change in the set of deterrents is minimal or none. Then, when no new deployment strategy is possible—due to compromise of the deterrents or “inside job”—a new set of deterrents is deployed. The new set can be used in multiple future deployments. Thus, the outward rate of change in the security deterrents used exhibits punctuated equilibrium—steady state for a relatively long period, followed by a “massive change”—even though the rate of change for deployment (tracking, authentication, etc.) remains the same.

No matter how you look at it, security is the art of evolving, adapting and changing to survive the environment. Variable data printing makes evolution easier. Change is built-in.

Happy 2009!

-Steve

An Evolving Analogy, Part V: Punctuated Equilibrium

StevenSimske — Sat, 29 Nov 2008 06:44:00 GMT

No matter how you look at it, security is the art of evolving, adapting and changing to survive the environment. Variable data printing makes evolution easier. Change is built-in.

-Steve

[Thanks to Bisbee Finks for helpful comment on the "cladogram", incorporated into the post above--I'm going to pass on the suggested Stalin analogy, though it was definitely creative! Cheers, Steve]

An Evolving Analogy, Part 4: Survival of the fittest, modification, teleology, progress and complexity

StevenSimske — Wed, 05 Nov 2008 18:45:00 GMT

Survival of the fittest

Modification

Teleology

Progress

Complexity

The most complex species are generally those most specified for their environment. Horse, humans and hippos are good examples. Will these species evolve into something else? Perhaps. But history warns that bacteria will be around long after these hippos, humans and horses are simply part of history. Stephen J. Gould contrasted the frequency of occurrence vs. complexity long-tail phenomenon in one of his works (Three Rivers Press, 1996, Stephen J. Gould, “Full House”, pp. 170-171, the “power of the modal bacter”). Some highly complex species will always evolve, but the majority—and those that survive—will be the simplest.

You’ll live longer, too. Species under less stress survive longer. I suggest security VDP as a survival tool for the fittest of printing professionals!

-Steve

Pharmaceutical Commerce Webinar, November 18

StevenSimske — Tue, 04 Nov 2008 04:58:00 GMT

In two weeks, I have the opportunity to participate in Pharmaceutical Commerce's webinar on "How Digital Printing Changes the Game for Packaging, Labeling, and Brand Protection". The link to register for the webinar is:

http://events.newanglemedia.com/pc/digital_printing/

A brief description of the webinar is:

"This webinar will help you create a more agile supply chain network, and reduce capital outlay around serialization projects. You'll learn how to turn your printing process into a business and supply chain solution!"

"We've assembled an expert panel from HP and Nosco who will discuss ways to improve supply chain flexibility and efficiency through use of digital printing technologies. These industry experts will explore solutions for change management, reduced obsolescence and enhanced customer service across the biopharma supply chain."

"Pharmaceutical Commerce Editor Nick Basta will moderate the panel discussion featuring Joe Tenhagen of Nosco, Matt Gindele of HP Indigo Label & Packaging, and Steve Simske of HP Labs."

"Register today to get a glimpse of how current and future technologies are improving supply chain flexibility and efficiency."

Cheers,

Steve

An Evolving Analogy: Part 3, Convergent Evolution and Mimicry

StevenSimske — Fri, 17 Oct 2008 05:10:00 GMT

1. Koalas and humans have independently evolved fingerprints

2. Bats and birds have independently evolved flight

3. Bats and toothed whales have independently evolved sonar-like capabilities

4. Opossums and humans have independently evolved opposable thumbs (pandas, too, although their thumbs are actually extensions of their wrist bones)

Examples of homologous structures are even more plentiful, including:

1. Robins and sparrows can both fly

2. Chimpanzees and humans both can walk

3. Giraffes and seals each have 7 vertebrae in their necks

4. Garter snakes and pythons each can slither

Convergent evolution of security printing and RFID, however, is perhaps of more interest. Will all RFID tags be printed with electromagnetic ink (metallic or organically based, for example) someday, and RFID printing simply be incorporated as part of the printing-as-manufacturing process? Or will RFID manufacture move toward nominal cost along another route, and so reduce the importance of printed features in security? If the former, then the current convergence of utility of RFID and security printing may become an irrelevant distinction—that is, RFID will effectively become “extinct” and become simply a part of printing. Or, conversely, security printing will effectively become “extinct” as RFID assumes the roles of unique identifier, copy-prevention and tamper-evidence.

-Steve

An Evolving Analogy, Part 2: Co-Evolution

StevenSimske — Sun, 05 Oct 2008 04:59:00 GMT

1. Mutual benefit to each species involved.

2. All species are free to adapt, independently forming secondary (diffuse) interactions as necessary.

3. Collaborative (multiple species often providing complementary and/or redundant capabilities--this may even be applied to humans and dogs).

-Steve