Security Printing and Imaging : security

Security--another offshoring risk

StevenSimske — Tue, 17 Nov 2009 16:29:00 GMT

A terse but excellent article on IEEE's USA Today's Engineer site today focuses on the often forgotten--or at least ignored--risk of offshoring. National security.

The full article is at: http://www.todaysengineer.org/2009/Nov/backscatter.asp. The most salient quote is:

"One area the [National Academy of Engineering] study gave relatively less attention to, listing it last in a series of ten findings, was offshoring’s impact on national security. In that regard, its main concern seemed to center on the possibility of detailed plans and other information about U.S. buildings and infrastructure falling into “the wrong hands,” and that maliciously placed code might compromise the security of DOD networks. Yet back in 1988, the Defense Science Board called the dependence of the U.S. military on foreign parts dangerously high."

I have argued in several previous blogs that it is not just national security--but any product security--that may suffer with offshoring. Offshoring is a bandage, not a cure. Always temporary in nature, it is founded on the assumption that labor will be cheaper elsewhere. Cheaper than the differential cost of transportation, shipping, inefficiencies of distributed teams, etc. Guess what? As many are seeing now, the cycle lasts less than ten years, and the first (and second) wave of offshorers are now offshoring themselves. Does this increase product security? Statistics argue otherwise (ref. WEF estimate of counterfeiting as 8% of world trade).

Offshoring makes a lot of sense when those remote, skilled professionals are invested in your company and strategy. Otherwise, it's a short-term fix to a problem that goes unaddressed.

Cheers,

Steve

GS1 Announcement of the Food Recall Portal

StevenSimske — Wed, 04 Nov 2009 15:45:00 GMT

Yes, this is an HP blog, and so you forgive me when occasionally (and inevitably) I take an HP line on an announcement, event or trend. Out of interest of serving the broader anti-counterfeiting/anti-fraud/anti-tamper/customer safety community, I point you to our partner, GS1's, announcement on the HP/GS1 Product Recall program:

http://www.gs1ca.org/Page.asp?LSM=0&intNodeID=6&intPageID=1396

I couldn't agree more with their opening statement:

"November 3, 2009 – GS1 Canada, as part of a coalition of leading Canadian industry associations representing over 65,000 manufacturers, distributors and retailers, today launched a national product recall program that will enhance consumer safety and reduce the administrative burden for business. With the increasing complexities of a global supply chain, this launch could not have come at a more important time."

Further down, you find the statement:

"The Program is founded on a standardized process created by GS1 Canada, the neutral, non-profit supply chain standards organization most well-known for creation and management of the universal product code (bar code), used by millions of businesses worldwide. This global online platform uses robust HP cloud-computing technology and is based on global GS1 standards."

This is a good approach. GS1 provides accepted and well-considered global standards through GTIN, GDSN, etc., as noted in past posts here. Who wants to spend time dickering over competing standards? Not I. A better use of time is working with the industry experts to create a single standard that is simultaneously useful, fair and globally available, and then spend time differentiating applications built atop these standards.

Cheers,

Steve

Looking for that lost waffle?

StevenSimske — Sat, 31 Oct 2009 03:20:00 GMT

Many of you are aware that 2D barcodes--which look like waffles--are becoming ubiquitous for location-based services, mobile commerce, and increasingly point-of-sale and track and trace applications.

Did you know that there are many more you cannot see? They're covert 2D barcodes. And the master at providing reading equipment to find these hidden waffles is John Hattersley of InData Systems. I've had the pleasure to work with him on "ink-specific handheld readers". The concept is simple. The barcode reader has LEDs (or other light source) built-in that are tuned to the excitation bandgap of the covert ink (usually in the UV band), and bandpass filters tuned to the (higher-wavelength) reflected light.

See InData System's brochure (attached below) on John's presentation at the upcoming ITI Security Printing Conference (see http://www.communities.hp.com/online/blogs/securityprinting/archive/2009/09/12/imi-s-security-printing-conference-nov-16-18-2009-baltimore-usa.aspx) for more details. And enjoy the waffles.

Cheers,

Steve

EFPIA Announcment, HP Hosting Services

StevenSimske — Mon, 26 Oct 2009 17:31:00 GMT

Remember the 24 August announcement on the HP/GS1 food recall service? If not, please enjoy as if new the following article:

http://www.communities.hp.com/online/blogs/securityprinting/archive/2009/08/25/big-news-hp-develops-cloud-service-with-gs1-canada-to-enhance-product-recall-process.aspx

This announcement introduced the HP Cloud Computing Platform for Manufacturing, as described here:

http://www.hp.com/hpinfo/newsroom/press/2009/090824xb.html

More on the overall solution, including the roles of partners Siemens, SAP and HP, is provided at:

http://www.controlglobal.com/industrynews/2009/278.html#

"In the EFPIA pilot project, Siemens IT Solutions and Services is the general contractor in cooperation with Hewlett Packard (HP) and SAP. The IT service provider is responsible for the project management and integration of the information interfaces between the pharmacies and the manufacturers. Siemens IT Solutions and Services is also responsible for operating and maintaining the IT infrastructure, including the technology and information systems, data integration, system security and system development. SAP Belgium will be in charge of the SAP object event repository (SAP OER) and the implementation services. Hewlett Packard (HP) will provide hosting services and SAP solutions testing."

The hosting services are through the HP Cloud Computing Platform for Manufacturing, as described earlier. Feel free to contact me for details.

Cheers,

Steve

EFPIA Announcements

StevenSimske — Mon, 26 Oct 2009 17:12:00 GMT

Hi, all

The next few blogs will point you to information on the recent announcement of the EFPIA 2D labelling scheme. The EFPIA is the European Federation of Pharmaceutical and Industries Association.

In-Pharma's article on this announcement is:

http://www.in-pharmatechnologist.com/Packaging/2D-barcodes-make-faking-less-attractive-says-EFPIA/?c=JiBz%2FX6W8967KGa2Liah%2FA%3D%3D&utm_source=newsletter_daily&utm_medium=email&utm_campaign=Newsletter%2BDaily

Importantly, as our partner Siemens notes,

[Siemens] "will provide connectivity for pharmacies and manufacturers to the EFPIA database, which is hosted by Hewlett Packard (HP). Manufacturers will populate the EFPIA database with the serial numbers of the saleable units shipped, and pharmacies will read those serial numbers at the point of sale (via 2D barcode) and authenticate the unit sold against the EFPIA database."

In other words, the cloud enables the crowd. 2D barcode readers are not just in the hands of the pharmacists. Look for us all--corporations, enterprises, brand owners, shippers, retailers, consumers, environmentalists--to embrace this approach. It helps level the playing field for everyone, except--one hopes--the counterfeiters.

Cheers,

Steve

In Blacksburg on November 12th? Gimme a Holler!

StevenSimske — Tue, 20 Oct 2009 22:40:00 GMT

Growing up, I lived in Eastern Kentucky "for a spell". Rural Rowan (pronounced like "round" without the "d') County, in fact, where the valley I lived in was called "Quail Hollow". As in, a snake bit me and I had to "holler". I lived right next to a "crick" (creek). I only lived there a little over a year, but the accent can come back on demand.

Another beautiful Appalachian spot to give me a holler is Blacksburg, Virginia (http://www.blacksburg.va.us/) if you're on the road in November. A nice little city where the student population is on a par with the town's population. OK, I guess you can get that in Manhattan, Kansas, too, but you might have to drive farther. And you won't have those Appalachians.

So, if you are in the neighborhood, please drop by to catch my talk at Virginia Tech's ICTAS, or Institute for Critical Technology and Applied Science (http://www.ictas.vt.edu/index.shtml). Here's the brief:

ICTAS Seminar Series – Fall 2009

Date: November 12, 2009

Time: 3:00-4:30pm

Place: 310 ICTAS

Speaker: Steven Simske, Hewlett-Packard Labs

Title: “Consumer Safety in a Rapidly Changing World: Security, Identity and Anti-Counterfeiting”

Bio & Abstract: http://www.ictas.vt.edu/pdf/seminarseries_simske.pdf

Cheers,

Steve

Variable Data Printing and Improved Pharma Product Protection and Brand/Customer Interaction

StevenSimske — Wed, 14 Oct 2009 04:18:00 GMT

My previous post was a link to the excellent In-Pharma Technologist blog edited by Nick Taylor. Nick solicited a posting from me back in April, but I could not find it on In-Pharma, so given a 1/2 year grace period, I think its time to post here:

Variable Data Printing and Improved Pharma Product Protection and Brand/Customer Interaction

Pharma brands are concerned with the integrity of their product. All successful pharmaceuticals have one thing in common: they improve the quality of life of the customer. Counterfeit pharmaceuticals, on the other hand, are harmful to both the customer and to the manufacturer; that is, they can simultaneously destroy lives and jobs. Brands pay many times over for counterfeits: loss of original sale, loss of future sales due to erosion of consumer confidence, loss of market capitalization due to perceived non-efficacy of the product, and potential legal recourse as a consequence of the consumer receiving phony goods.

All pharmaceuticals share another important thing in common. Information about the product must accompany the product. From packaging to labels to inserts, this information is conveyed by printing. Therein lies the solution to the problem.

Printing is pre-adapted for its use in security. Useful already in product identification, the variability printing provides is a natural fit for security. Variable Data Printing, or VDP, is the technology enabling the varying of every aspect of a print job. This is advantageous for individually tagging an item—a process called mass serialization. Mass serialization is a means of ensuring that each label, package or document contains a different identifier that can be read (which means interrogated and the data encoded successfully interpreted).

However, VDP can be used for far more than mass serialization in protecting a product. With security VDP, or SVDP, the different printed regions—be they text, image or graphics—contain not just variable data, but usually uniquely variable data. Also, this variable data can be (but isn’t always) read by some type of inspection, authentication or forensic device. That is, every variably printed region contains not just data, but security information. Thus, every region is novel, or unique identified, and so capable of being interrogated for its information.

To prevent counterfeiting, brand owners need to provide a moving target for the would-be counterfeiters, staying one step ahead of them in the deployment of security features. However, this is a tedious game, and often expensive, as brand owners continually research and purchase new deterrents. SVDP offers, however, an innate moving target—the ability to change the very nature of the variability on the fly. With SVDP, a moving target of deterrents is obtained without having to change the technology.

Linking or hybridization is how the set of variable features relate to one other. Examples of deterrent relationships include replication, hashing, sequence fragmentation [sharing the mass serialization data between two or more variable regions], and other techniques for making the multiple variable regions “cooperate” with each other. One particularly powerful method is to use one deterrent—usually one already used for track and trace or point-of-sale—as the registry “look up” sequence from which the signed-in user may then obtain information on one or more other variable regions. The method of hybridization can be changed from one print job to the next, meaning that the would-be counterfeiter must replicate all of the variable features which are monitored to be able to pass the phony product as authentic. Which “extra” features are actually monitored can be varied from day to day, making compliance both simple and thorough.

Monitoring information-containing printed images is getting easier every day. The near-ubiquity of camera-enabled mobile devices, therefore, strengthens the value of SVDP. Already, bar code interpreting software is native or readily downloaded to most internet-enabled mobile devices. Piggybacking image authentication services for other printed patterns is straightforward to implement.

Different variably printed regions can be used for track and trace, authentication, forensics, recall and other contingencies, or just to decoy the would-be counterfeiters. The way in which deterrents relate can be tied to pragmatic product details. For example, if the shelf life of a product is six months, it makes sense to change the relationship between deterrents every six months, so that expired products also exhibit “expired” security strategies. In the meantime, if certain deterrents are being successfully attacked, then adding new variability to the printed material is another way of gathering information on who the counterfeiters might be—insidious insiders, for example, may quickly incorporate these new variable regions, even if they are not tracked by your authenticators, and so tip their hand to you.

Incorporation of SVDP into the printing is straightforward, as there are only three rules: (1) meet compliance standards first, (2) vary several additional regions, and (3) change the relationship between the variable regions (hybridization plan) frequently.

Counterfeiters know all about SVDP, and they’re reading this and other related articles. Recall that there is no security through obscurity—counterfeiters reading this will know what they’re up against, but will not easily be able to spoof SVDP, except one item at a time (which makes the cost of counterfeiting higher). Thus, SVDP offers a means of staying one step ahead of the counterfeiters without running yourself ragged.

Cheers,

Steve

Conference Time Part IV: New Findings in Security Printing and Imaging

StevenSimske — Thu, 24 Sep 2009 03:07:00 GMT

If there is no rest for the wicked, then I have been very evil these past two weeks indeed. But, I hope some of the findings are wickedly cool. This post is for the paper on new findings in security printing and imaging, and my co-authors are that talented trio of Guy Adams, Jason Aronoff and Margaret Sturgill. Though a bit of a grab bag, this paper focuses on three primary tracks of research:

(1) Does error correcting code always make sense for barcodes? We found out that for 2D and 3D barcodes, the answer is, not usually.

(2) Can classification of authentic and counterfeit samples actually improve with increased compression? Interestingly, the answer appears to be yes in many cases, especially when color is involved (I've reviewed a paper recently that showed the same controversial results--increased accuracy with compression--for forest classification).

(3) Does color help forensic image analysis? Again, the answer is yes.

Give it a read, it's short!

http://www.hpl.hp.com/techreports/2009/HPL-2009-328.html

Cheers,

Steve

Conference Time Part III: Barcode Readability

StevenSimske — Thu, 24 Sep 2009 02:54:00 GMT

Printing and scanning change what you intended to print. This matters in variable data security printing, since there is information encoded there. My friend and colleague Marie Vans explores this issue in another NIP25 paper posted here:

http://www.hpl.hp.com/techreports/2009/HPL-2009-318.html

The approach, structural pre-compensation, is also known as "trimming" or "shaving". Interestingly, without it, not only are the barcodes harder to read, but the would-be counterfeiter gets a "free pass".

Cheers,

Steve

Conference Time Part II: Dynamic Biometrics

StevenSimske — Thu, 24 Sep 2009 02:32:00 GMT

Thanks to HP Distinguished Technologist (his research is distinguished, but actually he's pretty young!) Joe Pato for inviting me to the program committee for IEEE BIdS this year.

In addition to reading some excellent papers, mine was accepted. I presented it in Tampa yesterday, and got to stand on the shoulders of giants. Thanks to all the morning speakers who set up my topic beautifully with all your excellent research.

My paper is about how to use dynamic biometrics to repair the broken triangle of {possession, knowledge, identity} with a biometric "VPN" comprising {access control, privacy, security}. It's called "Dynamic Biometrics: the Case for a Real-Time Solution to the Problem of Access Control, Privacy and Security" and it is posted here:

http://www.hpl.hp.com/techreports/2009/HPL-2009-317.html

Cheers,

Steve

Conference Time Part I: Extended Packaging

StevenSimske — Thu, 24 Sep 2009 02:12:00 GMT

It's September. The month when most people's gas bills hit rock bottom. Kids are back in school, harvest is still just sweat and fury in the future. Closed are the pools, open are the schools, and life is good. Too good. So, those wonderful conference organizers have nothing better to do than make us travel. Last week and this, I had the pleasure to present at ACM Doc Eng 2009, IS&T NIP25, and IEEE BIdS. I've already posted the ACM DocEng paper and plugged it a few times on this, my blog, but just to complete the trifecta, it's here:

http://www.hpl.hp.com/techreports/2009/HPL-2009-177.html

This blog focuses, however, on one of the NIP25 papers. It's about how to extend the information you add to packaging by using "semi-covert" variable data printing (VDP) driven layout variability, and it's with my long-time friend and colleague Margaret Sturgill. You'll find the PDF here:

http://www.hpl.hp.com/techreports/2009/HPL-2009-316.html

Thanks to Omer Gila for the invitation to present this work,

Steve

More on Security Printing 09

StevenSimske — Wed, 23 Sep 2009 22:04:00 GMT

IMI’s 6th Annual Security Printing Conference is being held on November 16-18, 2009 at the Sheraton Baltimore City Center Hotel in Baltimore, Maryland, as noted in an earlier blog.

Al Keene has sent me the conference brochure (please see attachment below). A number of my colleagues and friends in the field are presenting, well worth the time if you can go.

Cheers,

Steve

ACM DocEng 2009 Conference (Munich)

StevenSimske — Thu, 17 Sep 2009 12:29:00 GMT

Today is the middle day of the 3-day DocEng 2009 ACM Symposium (not including the Workshop held before the Symposium, which was on document versioning). The website is http://doceng09.cs.unibw.de/, and the program is available at http://doceng09.cs.unibw.de/download/program.pdf. Please contact me on any questions/comments on the conference.

The conference focuses on the engineering of documents. Documents are intentionally crafted information items, such as the "traditional" paper or electronic word processing/form/record. Engineering involves innovation on performance, reliability, system efficiency, etc. Combined, this means working to build efficacious systems focused on the conveyance of information. Now, perhaps you can see how this relates to security printing for brand protection.

My presentation (just finished a couple of hours ago) is posted at: http://www.hpl.hp.com/techreports/2009/HPL-2009-177.html.

The conference is in Munich, and with the long days of talks and meetings, all I've seen of Munich is at night. With Oktoberfest coming this weekend, the streets have not been empty, even though the working day has ended around midnight.

Typical Street Scene

Rathaus

I won't get to stay for Oktoberfest, so these early morning images will have to suffice. Besides, the conference is quite good, regardless of location (it's actually on an Army base!). And, my legs are not the right kind for Lederhosen (http://www.oktoberfest.de/en/).

Cheers,

Steve

IMI's Security Printing Conference, Nov. 16-18, 2009 (Baltimore, USA)

StevenSimske — Sat, 12 Sep 2009 02:41:00 GMT

IMI’s 6^th Annual Security Printing Conference is being held on November 16-18, 2009 at the Sheraton Baltimore City Center Hotel in Baltimore, Maryland.

According to the conference organizer, Al Keene, "The unique annual conference addresses the challenges and opportunities facing the digital printing industry in dealing with security issues and enabling the production of secure documents for a wide variety of applications including business documents, ID’s, currency, brand protection & identification, gaming/event tickets, travel documents, etc. Industry experts will address digital printing technologies’ capabilities and shortcomings relative to printing secure output and the technology options available to enhance the production of secure documents and products. The attached file and our web site www.imiconf.com contain additional preliminary program information."

A conference with a view

This is a solid conference, with a strong security printing agenda. I attended DigiFab 2005 and NIP at this location. Excellent urban harbor atmosphere, to go along with the excellent agenda. Please see the website for details.

Cheers,

Steve

Rude Food? A Bright Future is Ghana Make a Difference

StevenSimske — Wed, 09 Sep 2009 18:56:00 GMT

If recent salmonella, e Coli, melamine and other food scares have you second-guessing your food chain, imagine what it may be like in some rural areas, where connectivity and information technology knowledge may be more limited.

A recent announcement states that "Researchers have presented a low cost track and trace and authentication system, which they believe could be implemented immediately, to combat counterfeiting in the developing world".

The full article is posted at:

http://www.in-pharmatechnologist.com/Processing-QC/Phone-based-anti-counterfeiting-proposed-for-developing-world/

I chatted with Ghana's Bright Simons, an Ashoka Fellow (http://www.ashoka.org/bsimons) and the Coordinator of the mPedigree network (www.mpedigree.net), about this article, since it alludes to mPedigree. Bright noted that there are some misrepresentations in the article, but overall the mPedigree approach is to associate a tamper-evident seal with a unique ID (e.g. mass serialized identifier), which is a strategy that leads to copy-based attacks by would-be counterfeiters. A cloud-based network supporting the unique IDs (i.e. providing track and trace and provenance) will help to defend the system from copy attacks. Overall, the approach is elegant--low-cost to implement, free for the consumer, and potentially ubiquitous through its mobile on-ramp.

The appropriately-named Bright was also recently named to the Tech Awards Laureates 2009, "as one of 15 global innovators recognized each year for applying technology to benefit humanity and spark global change. The Tech Awards, a signature program of The Tech Museum, and presented by Applied Materials, Inc., selected mPedigree Network from among hundreds of nominations representing 66 countries."

"The Tech Awards: Technology Benefiting Humanity (www.techawards.org) is one of the premier annual humanitarian awards programs in the world, recognizing technical solutions that benefit humanity and address the most critical issues facing our planet and its people. The awards program honors 15 scientists and innovators annually alongside the recipient of the Global Humanitarian Award. This year’s Laureates include Al Gore, former Vice President of the United States of America (Global Humanitarian Award)."

Protecting our food and our supply chains is more than just high-priority. It's award-winning.

Cheers,

Steve