Security Printing and Imaging : authentication, image forensics

Variable Data Printing and Improved Pharma Product Protection and Brand/Customer Interaction

StevenSimske — Wed, 14 Oct 2009 04:18:00 GMT

My previous post was a link to the excellent In-Pharma Technologist blog edited by Nick Taylor. Nick solicited a posting from me back in April, but I could not find it on In-Pharma, so given a 1/2 year grace period, I think its time to post here:

Variable Data Printing and Improved Pharma Product Protection and Brand/Customer Interaction

Pharma brands are concerned with the integrity of their product. All successful pharmaceuticals have one thing in common: they improve the quality of life of the customer. Counterfeit pharmaceuticals, on the other hand, are harmful to both the customer and to the manufacturer; that is, they can simultaneously destroy lives and jobs. Brands pay many times over for counterfeits: loss of original sale, loss of future sales due to erosion of consumer confidence, loss of market capitalization due to perceived non-efficacy of the product, and potential legal recourse as a consequence of the consumer receiving phony goods.

All pharmaceuticals share another important thing in common. Information about the product must accompany the product. From packaging to labels to inserts, this information is conveyed by printing. Therein lies the solution to the problem.

Printing is pre-adapted for its use in security. Useful already in product identification, the variability printing provides is a natural fit for security. Variable Data Printing, or VDP, is the technology enabling the varying of every aspect of a print job. This is advantageous for individually tagging an item—a process called mass serialization. Mass serialization is a means of ensuring that each label, package or document contains a different identifier that can be read (which means interrogated and the data encoded successfully interpreted).

However, VDP can be used for far more than mass serialization in protecting a product. With security VDP, or SVDP, the different printed regions—be they text, image or graphics—contain not just variable data, but usually uniquely variable data. Also, this variable data can be (but isn’t always) read by some type of inspection, authentication or forensic device. That is, every variably printed region contains not just data, but security information. Thus, every region is novel, or unique identified, and so capable of being interrogated for its information.

To prevent counterfeiting, brand owners need to provide a moving target for the would-be counterfeiters, staying one step ahead of them in the deployment of security features. However, this is a tedious game, and often expensive, as brand owners continually research and purchase new deterrents. SVDP offers, however, an innate moving target—the ability to change the very nature of the variability on the fly. With SVDP, a moving target of deterrents is obtained without having to change the technology.

Linking or hybridization is how the set of variable features relate to one other. Examples of deterrent relationships include replication, hashing, sequence fragmentation [sharing the mass serialization data between two or more variable regions], and other techniques for making the multiple variable regions “cooperate” with each other. One particularly powerful method is to use one deterrent—usually one already used for track and trace or point-of-sale—as the registry “look up” sequence from which the signed-in user may then obtain information on one or more other variable regions. The method of hybridization can be changed from one print job to the next, meaning that the would-be counterfeiter must replicate all of the variable features which are monitored to be able to pass the phony product as authentic. Which “extra” features are actually monitored can be varied from day to day, making compliance both simple and thorough.

Monitoring information-containing printed images is getting easier every day. The near-ubiquity of camera-enabled mobile devices, therefore, strengthens the value of SVDP. Already, bar code interpreting software is native or readily downloaded to most internet-enabled mobile devices. Piggybacking image authentication services for other printed patterns is straightforward to implement.

Different variably printed regions can be used for track and trace, authentication, forensics, recall and other contingencies, or just to decoy the would-be counterfeiters. The way in which deterrents relate can be tied to pragmatic product details. For example, if the shelf life of a product is six months, it makes sense to change the relationship between deterrents every six months, so that expired products also exhibit “expired” security strategies. In the meantime, if certain deterrents are being successfully attacked, then adding new variability to the printed material is another way of gathering information on who the counterfeiters might be—insidious insiders, for example, may quickly incorporate these new variable regions, even if they are not tracked by your authenticators, and so tip their hand to you.

Incorporation of SVDP into the printing is straightforward, as there are only three rules: (1) meet compliance standards first, (2) vary several additional regions, and (3) change the relationship between the variable regions (hybridization plan) frequently.

Counterfeiters know all about SVDP, and they’re reading this and other related articles. Recall that there is no security through obscurity—counterfeiters reading this will know what they’re up against, but will not easily be able to spoof SVDP, except one item at a time (which makes the cost of counterfeiting higher). Thus, SVDP offers a means of staying one step ahead of the counterfeiters without running yourself ragged.

Cheers,

Steve

Are You Making It Too Easy for Counterfeiters? Then, Let Me SLAP You!

StevenSimske — Wed, 27 Aug 2008 15:22:00 GMT

Acronyms and anagrams are excellent means to simplify a message and to provide easy recall of this message (thus, the word “mnemonic” [Greek origin]—assisting or intended to assist the memory). For example, in 3^rd Grade, I figured out that my last name was an anagram for “KISS ME”. And I conveyed this knowledge to all of my female classmates. Which, not coincidentally, leads us to discussing the mnemonic SLAP.

SLAP, in the case of producing an effective ecosystem for brand protection and anti-counterfeiting, is an acronym for Scalable, Logical, Analytical, and Progressive.

Scalable means that the solution you propose can be used on multiple production runs, multiple products (SKUs), and for a reasonable amount of time. Don’t try to “divide and conquer”—that is, don’t use a completely different approach on different products. It will confuse your customers, your retailers, and your inspectors. Not only will it make it more difficult for you to get good authentication feedback, but you actually may increase the perception that your products are being counterfeited. Product “A” has deterrents 1, 2 and 3 on it, but Product “B” has deterrents 4, 5 and 6 on it—hmmm, one of these is probably fake. Or, worse yet, the would-be authenticator simply tunes out—too complicated, not worth it, too hard to figure out how to authenticate the product. Keep the message simple, and use an innate moving target for deterrence rather than actually changing the target. Security Variable Data Printing (SVDP) is such an innate moving target. One can change the information embedded in the security print, but never change the way a user interacts with it. And, because SVDP affords so many different means of embedding trackable and authenticable data, it is innately scalable, as well.

Logical means, well, think! Don’t make it easy on the counterfeiters. Here are some illogical approaches: (1) Spend a lot on your deterrent (counterfeiters love these “high margin” deterrents, because they’ll always knock them off more cheaply, and it decreases your margins while increasing theirs); (2) Use a deterrent/approach for only a short while and then stop using it (now your would-be authenticators don’t know what to expect—was it the old deterrent or the new deterrent, and which is legitimate). Much more logical: any time you roll out a new deterrent, which is unavoidable for some products—educate your authenticators; (3) Confuse different utilities in a familiar approach. Using variable data inside a hologram is one such example—most users think holograms are “variable” already, and aren’t likely to even notice the fact that one hologram is different from another; (4) Confuse machine vs. human readability. If you use a deterrent intended for machine reading, then embed data in a way that machines can read better than humans. And vice versa. Humans, for example, are very good at noticing alignment differences and relative color differences. Mach bands and other optical illusions are entirely invisible to machines. Machines are much better at noticing absolute color differences and of course steganographics such as watermarks. Meaning metamerisms are mainly meant for machines (alliterative, no?).

Analytical means your approach to the ecosystem should be geared at generating quantitative data. What is the compliance rate (i.e. what percentage of would-be authenticators actually try to authenticate)? What is the counterfeit rate? Read failure rate? If you can’t disambiguate these latter two—counterfeit vs. read rate, that is—you do not have an analytical solution. SVDP again underpins such an analysis: a counterfeit sample will generally have a different combination of print quality, print forensics and payload (data to be read) than a legitimate but unreadable—e.g. damaged, read with poor lighting, etc.—sample. Because of the multiple modalities—color, saturation, intensity, steganographics, halftoning, etc.—involved in printing, SVDP provides many on-ramps for analytics.

Progressive, finally, means that your approach allows progressively more complicated analysis to proceed smoothly. From an imaging standpoint, this means we move from image quality assessment (image “grading”) to image inspection to image authentication to, finally, image forensics. At each stage, a more in-depth analysis—and thus more difficult to reproduce—of the printed material is obtained. Making the first stage, image grading, relatively fast and painless, is an excellent way to generate “leads” from your customers. HP and many other brands address this by using “high-end” overt deterrents on their packaging. Customers are familiar with the motif—color-shift, thermochromic, etc.—and so notice when these have been unsuccessfully knocked off. Inspection ties layout and partial authentication to quality. Authentication ties the print job to the database of legitimate products. Forensics ties the data to the very material printed on, as discussed in my previous blog.

We can now add “SLAP” to the list of SVDP-related mnemonics, which also includes ACID (May 19)—All Content Is Dynamic—and PRACTICE (May 12)—Plan, Research, Activate, Collect, Train, Investigate, Convict, Evolve. Hopefully, this helps you recall a logical approach to brand protection. If not, well then, TTFN!

-Steve