Security Printing and Imaging : security printing

Looking for that lost waffle?

StevenSimske — Sat, 31 Oct 2009 03:20:00 GMT

Many of you are aware that 2D barcodes--which look like waffles--are becoming ubiquitous for location-based services, mobile commerce, and increasingly point-of-sale and track and trace applications.

Did you know that there are many more you cannot see? They're covert 2D barcodes. And the master at providing reading equipment to find these hidden waffles is John Hattersley of InData Systems. I've had the pleasure to work with him on "ink-specific handheld readers". The concept is simple. The barcode reader has LEDs (or other light source) built-in that are tuned to the excitation bandgap of the covert ink (usually in the UV band), and bandpass filters tuned to the (higher-wavelength) reflected light.

See InData System's brochure (attached below) on John's presentation at the upcoming ITI Security Printing Conference (see http://www.communities.hp.com/online/blogs/securityprinting/archive/2009/09/12/imi-s-security-printing-conference-nov-16-18-2009-baltimore-usa.aspx) for more details. And enjoy the waffles.

Cheers,

Steve

Variable Data Printing and Improved Pharma Product Protection and Brand/Customer Interaction

StevenSimske — Wed, 14 Oct 2009 04:18:00 GMT

My previous post was a link to the excellent In-Pharma Technologist blog edited by Nick Taylor. Nick solicited a posting from me back in April, but I could not find it on In-Pharma, so given a 1/2 year grace period, I think its time to post here:

Variable Data Printing and Improved Pharma Product Protection and Brand/Customer Interaction

Pharma brands are concerned with the integrity of their product. All successful pharmaceuticals have one thing in common: they improve the quality of life of the customer. Counterfeit pharmaceuticals, on the other hand, are harmful to both the customer and to the manufacturer; that is, they can simultaneously destroy lives and jobs. Brands pay many times over for counterfeits: loss of original sale, loss of future sales due to erosion of consumer confidence, loss of market capitalization due to perceived non-efficacy of the product, and potential legal recourse as a consequence of the consumer receiving phony goods.

All pharmaceuticals share another important thing in common. Information about the product must accompany the product. From packaging to labels to inserts, this information is conveyed by printing. Therein lies the solution to the problem.

Printing is pre-adapted for its use in security. Useful already in product identification, the variability printing provides is a natural fit for security. Variable Data Printing, or VDP, is the technology enabling the varying of every aspect of a print job. This is advantageous for individually tagging an item—a process called mass serialization. Mass serialization is a means of ensuring that each label, package or document contains a different identifier that can be read (which means interrogated and the data encoded successfully interpreted).

However, VDP can be used for far more than mass serialization in protecting a product. With security VDP, or SVDP, the different printed regions—be they text, image or graphics—contain not just variable data, but usually uniquely variable data. Also, this variable data can be (but isn’t always) read by some type of inspection, authentication or forensic device. That is, every variably printed region contains not just data, but security information. Thus, every region is novel, or unique identified, and so capable of being interrogated for its information.

To prevent counterfeiting, brand owners need to provide a moving target for the would-be counterfeiters, staying one step ahead of them in the deployment of security features. However, this is a tedious game, and often expensive, as brand owners continually research and purchase new deterrents. SVDP offers, however, an innate moving target—the ability to change the very nature of the variability on the fly. With SVDP, a moving target of deterrents is obtained without having to change the technology.

Linking or hybridization is how the set of variable features relate to one other. Examples of deterrent relationships include replication, hashing, sequence fragmentation [sharing the mass serialization data between two or more variable regions], and other techniques for making the multiple variable regions “cooperate” with each other. One particularly powerful method is to use one deterrent—usually one already used for track and trace or point-of-sale—as the registry “look up” sequence from which the signed-in user may then obtain information on one or more other variable regions. The method of hybridization can be changed from one print job to the next, meaning that the would-be counterfeiter must replicate all of the variable features which are monitored to be able to pass the phony product as authentic. Which “extra” features are actually monitored can be varied from day to day, making compliance both simple and thorough.

Monitoring information-containing printed images is getting easier every day. The near-ubiquity of camera-enabled mobile devices, therefore, strengthens the value of SVDP. Already, bar code interpreting software is native or readily downloaded to most internet-enabled mobile devices. Piggybacking image authentication services for other printed patterns is straightforward to implement.

Different variably printed regions can be used for track and trace, authentication, forensics, recall and other contingencies, or just to decoy the would-be counterfeiters. The way in which deterrents relate can be tied to pragmatic product details. For example, if the shelf life of a product is six months, it makes sense to change the relationship between deterrents every six months, so that expired products also exhibit “expired” security strategies. In the meantime, if certain deterrents are being successfully attacked, then adding new variability to the printed material is another way of gathering information on who the counterfeiters might be—insidious insiders, for example, may quickly incorporate these new variable regions, even if they are not tracked by your authenticators, and so tip their hand to you.

Incorporation of SVDP into the printing is straightforward, as there are only three rules: (1) meet compliance standards first, (2) vary several additional regions, and (3) change the relationship between the variable regions (hybridization plan) frequently.

Counterfeiters know all about SVDP, and they’re reading this and other related articles. Recall that there is no security through obscurity—counterfeiters reading this will know what they’re up against, but will not easily be able to spoof SVDP, except one item at a time (which makes the cost of counterfeiting higher). Thus, SVDP offers a means of staying one step ahead of the counterfeiters without running yourself ragged.

Cheers,

Steve

Conference Time Part IV: New Findings in Security Printing and Imaging

StevenSimske — Thu, 24 Sep 2009 03:07:00 GMT

If there is no rest for the wicked, then I have been very evil these past two weeks indeed. But, I hope some of the findings are wickedly cool. This post is for the paper on new findings in security printing and imaging, and my co-authors are that talented trio of Guy Adams, Jason Aronoff and Margaret Sturgill. Though a bit of a grab bag, this paper focuses on three primary tracks of research:

(1) Does error correcting code always make sense for barcodes? We found out that for 2D and 3D barcodes, the answer is, not usually.

(2) Can classification of authentic and counterfeit samples actually improve with increased compression? Interestingly, the answer appears to be yes in many cases, especially when color is involved (I've reviewed a paper recently that showed the same controversial results--increased accuracy with compression--for forest classification).

(3) Does color help forensic image analysis? Again, the answer is yes.

Give it a read, it's short!

http://www.hpl.hp.com/techreports/2009/HPL-2009-328.html

Cheers,

Steve

Conference Time Part III: Barcode Readability

StevenSimske — Thu, 24 Sep 2009 02:54:00 GMT

Printing and scanning change what you intended to print. This matters in variable data security printing, since there is information encoded there. My friend and colleague Marie Vans explores this issue in another NIP25 paper posted here:

http://www.hpl.hp.com/techreports/2009/HPL-2009-318.html

The approach, structural pre-compensation, is also known as "trimming" or "shaving". Interestingly, without it, not only are the barcodes harder to read, but the would-be counterfeiter gets a "free pass".

Cheers,

Steve

Conference Time Part I: Extended Packaging

StevenSimske — Thu, 24 Sep 2009 02:12:00 GMT

It's September. The month when most people's gas bills hit rock bottom. Kids are back in school, harvest is still just sweat and fury in the future. Closed are the pools, open are the schools, and life is good. Too good. So, those wonderful conference organizers have nothing better to do than make us travel. Last week and this, I had the pleasure to present at ACM Doc Eng 2009, IS&T NIP25, and IEEE BIdS. I've already posted the ACM DocEng paper and plugged it a few times on this, my blog, but just to complete the trifecta, it's here:

http://www.hpl.hp.com/techreports/2009/HPL-2009-177.html

This blog focuses, however, on one of the NIP25 papers. It's about how to extend the information you add to packaging by using "semi-covert" variable data printing (VDP) driven layout variability, and it's with my long-time friend and colleague Margaret Sturgill. You'll find the PDF here:

http://www.hpl.hp.com/techreports/2009/HPL-2009-316.html

Thanks to Omer Gila for the invitation to present this work,

Steve

More on Security Printing 09

StevenSimske — Wed, 23 Sep 2009 22:04:00 GMT

IMI’s 6th Annual Security Printing Conference is being held on November 16-18, 2009 at the Sheraton Baltimore City Center Hotel in Baltimore, Maryland, as noted in an earlier blog.

Al Keene has sent me the conference brochure (please see attachment below). A number of my colleagues and friends in the field are presenting, well worth the time if you can go.

Cheers,

Steve

ACM DocEng 2009 Conference (Munich)

StevenSimske — Thu, 17 Sep 2009 12:29:00 GMT

Today is the middle day of the 3-day DocEng 2009 ACM Symposium (not including the Workshop held before the Symposium, which was on document versioning). The website is http://doceng09.cs.unibw.de/, and the program is available at http://doceng09.cs.unibw.de/download/program.pdf. Please contact me on any questions/comments on the conference.

The conference focuses on the engineering of documents. Documents are intentionally crafted information items, such as the "traditional" paper or electronic word processing/form/record. Engineering involves innovation on performance, reliability, system efficiency, etc. Combined, this means working to build efficacious systems focused on the conveyance of information. Now, perhaps you can see how this relates to security printing for brand protection.

My presentation (just finished a couple of hours ago) is posted at: http://www.hpl.hp.com/techreports/2009/HPL-2009-177.html.

The conference is in Munich, and with the long days of talks and meetings, all I've seen of Munich is at night. With Oktoberfest coming this weekend, the streets have not been empty, even though the working day has ended around midnight.

Typical Street Scene

Rathaus

I won't get to stay for Oktoberfest, so these early morning images will have to suffice. Besides, the conference is quite good, regardless of location (it's actually on an Army base!). And, my legs are not the right kind for Lederhosen (http://www.oktoberfest.de/en/).

Cheers,

Steve

IMI's Security Printing Conference, Nov. 16-18, 2009 (Baltimore, USA)

StevenSimske — Sat, 12 Sep 2009 02:41:00 GMT

IMI’s 6^th Annual Security Printing Conference is being held on November 16-18, 2009 at the Sheraton Baltimore City Center Hotel in Baltimore, Maryland.

According to the conference organizer, Al Keene, "The unique annual conference addresses the challenges and opportunities facing the digital printing industry in dealing with security issues and enabling the production of secure documents for a wide variety of applications including business documents, ID’s, currency, brand protection & identification, gaming/event tickets, travel documents, etc. Industry experts will address digital printing technologies’ capabilities and shortcomings relative to printing secure output and the technology options available to enhance the production of secure documents and products. The attached file and our web site www.imiconf.com contain additional preliminary program information."

A conference with a view

This is a solid conference, with a strong security printing agenda. I attended DigiFab 2005 and NIP at this location. Excellent urban harbor atmosphere, to go along with the excellent agenda. Please see the website for details.

Cheers,

Steve

Effect of Copying and Restoration on Color Barcode Payload Density

StevenSimske — Wed, 12 Aug 2009 21:51:00 GMT

Heading to Munich for Oktoberfest? Then why not arrive a little early and join an eclectic and sociable (yes, sociable!) group of document experts for ACM DocEng 2009. Details on how to get there (the conference, that is--I presume you can find Munich) and on the, in my opinion, excellent program (http://doceng09.cs.unibw.de/download/DocEng09-program.0.3-SR.pdf) are provided at:

http://doceng09.cs.unibw.de/

As a teaser, you can get a preview of one of the papers at:

http://www.hpl.hp.com/techreports/2009/HPL-2009-177.html?mtxs=rss-hpl-tr

In this paper, we describe how the proper printing approaches can be as powerful as the print-scan, or "round-trip", cycle on the density of information that you can print and then later recover. This is highly significant as we see the "revenge of the physical" come to play with the ubiquity of high-quality mobile cameras. Should I be able to take a picture of any intentional (i.e. printed, displayed, etc., signage, packaging, labeling) information and connect to further information? The answer is yes. And this paper hopefully helps you find out more about how to do that.

See you in Munich. Bring an appetite for gemutlikeit.

Steve

5th Global Forum on Pharmaceutical AntiCounterfeiting

StevenSimske — Sun, 02 Aug 2009 04:32:00 GMT

Reconnaissance International's 5th Global Forum on Pharmaceutical Anti-Counterfeiting is being held in Miami 24-26 February 2010. Details on the event, including submitting a paper and information on the sponsors, is available at:

http://www.regonline.co.uk/builder/site/default.aspx?EventID=751954

One theme of this conference is in "addressing the role of the patient in fighting counterfeit medicines and related products".

Interestingly, the conference overlaps with Graphics of the Americas (February 25-27, 2010, in nearby SoBe district of Miami Beach), which also features an excellent Brand Protection Conference. See:

http://www.graphicsoftheamericas.com/media/news.html

for details. If one of these conferences isn't enough to get you down to Miami near the end of winter, why not the pair?

Cheers,

Steve

A Massive Step Forward on Mass Spec

StevenSimske — Sun, 02 Aug 2009 04:11:00 GMT

Do you get a product from a trusted brand that just doesn't work right? Chances are pretty decent that your brand has failed to keep counterfeits out of its supply chain. Should you still trust your brand? Hard to tell--surely the brand shares some of the culpability for letting the counterfeits into the supply chain. But it's a bit like faulting the clerk at the convenience store for the hold up at gunpoint.

However, the loss of confidence in the product can be fatal. In Africa, for example, malaria kills more than 2,000 children a day -- A DAY -- or nearly a million a year. The medication can be distributed, but no one can trust the supply chain. A recent New York Times article (http://www.nytimes.com/2009/07/21/science/21coun.html?_r=1) describes an advancement in mass spectroscopy that makes forensic analysis of large quantites of pharmaceuticals more feasible.

"For years, scientists have been able to analyze the ingredients of a pill or capsule using mass spectrometers, which identify chemicals by measuring molecular weights. But the overall process was time-consuming, taking about an hour per sample. A scientific breakthrough in 2005 added an “ion gun” to the machines and allowed Dr. [Facundo M.] Fernández to check hundreds of pills a day. A technician simply holds the sample — a pill, dog food or a dollar bill, for example — up to the machine, which emits a jet of helium gas and captures a minute amount of the material, instantly identifying its component parts."

Any technology that helps make on-the-spot assessment of product integrity possible is not only helpful--it's quite possibly life-saving.

Cheers,

Steve

[Thanks to Margaret Sturgill for the link]

Law of Power 4—Always Say Less Than Necessary

StevenSimske — Wed, 22 Jul 2009 04:44:00 GMT

Continuing a reinterpretation of Robert Greene’s 1998 landmark, “The 48 Laws of Power”, I turn his Law #4 sideways (applying the law to the fighting of counterfeiting and other forms of fraud) and then turn it upside down (using the laws to create better businesses).

Given the definition of Law #4, need I say more? Actually, the irony is that to argue for saying less, a relatively thorough post is needed. Saying less is an art. One must say enough, often provocatively, to obey the other Laws of Power (commanding attention, generating mystery, etc.), but not say too much to appear common. Not only is it an art, but it is also the secret of art. Why did Klein pick (and try to patent) the hue of blue known as Klein Blue? Why did Marcel Duchamp “pick” a urinal for his show? Certainly, neither of them was about to tell. What could be more common than a single element in a palette or a single stall in a men’s room? By saying less than necessary, Klein and Duchamp succeeded where many others fail.

What does it mean? Let the other person decide...

Robert Greene interprets the fourth Law of Power as the power to be vague, open-ended, and sphinx-like. Can such ambiguity be achieved through idiocy? Think of Peter Seller’s character in “Being There,” whose sagacity is certified by his oracle-like “I like to watch” and “I can’t read.” Far better to say less—“I like to sit on my fat derriere watching TV” and “I am illiterate” are unlikely to generate a dedicated followership.

My interpretation of Robert Greene’s sense of this law comes from the field of dietary restriction (I have done research in this area in a past life: see for example Ferguson VL, Greenberg AR, Bateman TA, Ayers RA, Simske SJ: Effect of age and dietary restriction without nutritional supplementation on whole bone structural properties in C57BL/6J mice. Biomed Sci Instrum 35:85-91, 1999). Essentially, food and words are death. The human body is designed to cycle only so many calories—say 80-100 million—in a lifetime. Caloric restriction—willingly reducing your caloric intake—will in general lead to a longer life. The same is true of words. Your power base will only survive so many words. The more apt you are to offer free advice and speak your mind, the shorter your lifespan of power will be. We all love to deliver a witty phrase—we’re light at ease after a litotes, literate through alliteration, happy through hyperbole—but few of us are as clever as we think. And each beautiful flower of true bon mot will be lost in the forest of cliché if we choose the road of sarcasm, cynicism and attack.

Greene cites Louis XIV as following Law #4 to the letter: “L’état, ç’est moi” and the smile of Buddha. So much more effective for a long and unchallenged reign than, for example, Coriolanus, whose spite and common complaining took him from hero to zero, from warrior to weary-er.

SIDEWAYS:

Law of Power #4 is important for anti-counterfeiting. Empower your agents in the field; but do not let them talk themselves into ineffectiveness. Focus your education and training costs to make your agents better able to provide the information you need, but not to digest it themselves. Does your agent need to understand everything she sees? Not unless you want to create a potentially powerful double agent. Do not allow any single agent in the field to collect too much information or know too much. Make her capable of conveying value with a credible degree of deniability of knowledge. It’s safer for your strategy and safer for your agents. The best agents, or “feet on the street”, are not just secret agents; they are to some extent uninformed agents. Make sure they are only capable of saying less than what is necessary to compromise your brand protection program. Otherwise, you will always be competing with the highest-paying counterfeiter for the agent’s services.

UPSIDE DOWN:

How can this Law be turned upside down? Isn’t purposely saying less duplicitous by nature? Not if you turn the art of saying less into the art of listening more. Listen to your partners. You and your partner have the following breakdown of problems: (1) Problems you can solve, (2) Problems the partner can solve, and (3) Problems neither can solve. Usually, (1) and (2) are not fully overlapping, but even if they are, you and the partner will solve them in different ways. Indeed, (1) + (2) = (3), and simply listening to how your partner solves a problem you “already know how to solve” may lead to solving set (3). When you talk, you will naturally address either (1) or (3) and so have 0% chance of solving new problems. When they talk, the focus is problems they can solve—and your chance to learn. This is really, really hard work--listening to someone explain how to solve a problem you already know how to solve. But it is the road to learning.

Ultimately, your “power” rests on what you know. Listening is a much harder skill than saying less than necessary. Listening is an active event—unlike hearing, which is passive. Learn to say less by listening. Let your partner finish her thought, and internalize what she says. If different than what you know, then why? Is it because what you had previously viewed as a single topic is actually two or more? What are the conditions to disambiguate these subtopics? Now you’re not just listening, you’re learning. And when you are likewise allowed to share your experiences, true collaboration has occurred. All by taking turns in saying less.

Cheers,

Steve

See Law #3 at: http://www.communities.hp.com/online/blogs/securityprinting/archive/2009/06/16/law-of-power-3-conceal-your-intentions.aspx

Puzzling Advice From the FDA: Add Chemicals to your Drugs

StevenSimske — Thu, 16 Jul 2009 14:52:00 GMT

The FDA is advocating the addition of chemicals to pharmaceuticals to improve the identification of counterfeits.

http://www.in-pharmatechnologist.com/Industry-Drivers/FDA-advocates-food-pigments-and-flavours-to-combat-counterfeits/?c=JiBz%2FX6W897ybeGc6YCjow%3D%3D&utm_source=newsletter_daily&utm_medium=email&utm_campaign=Newsletter%2BDaily

This is puzzling advice in several ways. First off, the article states:

"IMS health recently estimated that the counterfeit drugs 'market' generates almost $800bn annually and is growing at almost 6 per cent a year." This is either hyperbole or simply poor reporting. $80bn annually is the correct current estimate.

Next, the summary of the advice is stated:

"The Food and Drug Administration’s (FDA) new document argues that incorporating PCIDs into drug formulations could be a cost effective way of differentiating genuine products from fakes. The agency went on to say that PCIDs used in drugs should be pharmacologically inactive and suggests that: 'food additives, colorants, or excipients with established safety profiles,' would be ideal candidates. While in common with other anti-fake labelling methods, PCIDs can be easily detected in the laboratory, their big advantage over traditional methods is that they can be readily identified by patients, healthcare practitioners and pharmacies."

There is certainly a trend to include less, rather than more, exogenous chemicals -- dyes, expedients, etc. -- in food and drugs. So, the FDA advice bucks that trend.

Also, adding PCIDs "with established safety profiles" by definition means that the list of PCIDs to add is public knowledge. This makes it easier for the would-be counterfeiter to obtain those PCIDs, doesn't it?

Regardless, the use of PCIDs would presumably follow one of two strategies:

(1) Controlled substance, in which case the PCIDs used should only be sold by authorized suppliers to authorized buyers. The type of fraud to prevent in that case, then, is the insidious insider who orders PCIDs and sells them for profit to his counterfeiting buddies.

(2) Security by obscurity, in which case the PCIDs should not be published. This is also susceptible to insidious insiders, however, and certainly makes authentication more difficult.

Using PCIDs, in addition, may complicate the authentication process--requiring the deployment of specialized analysis equipment and personnel. The FDA is certainly enamored with nanotechnology, and this may relate. However, track and trace and authentication through the appropriate combination of security printing (remember that tablets can be printed on and linked to the information on the package through the application of the appropriate inference model) and RFID seems, to me, easier, more cost-effective, more scalable, and more effective.

The full draft of the guidance is posted here:

http://www.fda.gov/downloads/Drugs/GuidanceComplianceRegulatoryInformation/Guidances/UCM171575.pdf

Some highlights salient to the discussion:

"There are various available means for presentation and detection of PCIDs (e.g., photolithography, holography, laser scanning devices, and excitation/fluorescence detection). Many identifying characteristics, such as pigments or flavors, could be easily observed by patients, healthcare practitioners, and pharmacies. Some could require the use of instrumental detection (e.g., a scanner or photometric detector)."

"To minimize toxicological risk, FDA recommends using permissible direct food additives, including those affirmed as generally recognized as safe (GRAS), or those ingredients listed in the FDA Inactive Ingredient Guide (IIG)."

What are your thoughts? Any comments? Please post below! Thanks,

Steve

HP and Dubai Police seize Dhs70m worth of counterfeit components

StevenSimske — Tue, 07 Jul 2009 02:48:00 GMT

A quick blog today on an HP seizure of a mountain of counterfeit materials. Apologies for the long time between postings...just back from an amazing trip to Ireland for vacation.

http://www.ameinfo.com/202085.html

"HP Middle East's efforts to protect its customers from counterfeits in the region, resulted in one of the largest seizures of counterfeit print cartridges and components in the Middle East, conducted by Dubai Police in 2009. The raid uncovered an illegal counterfeit operation in Dubai at a 600m2 warehouse with two floors filled with packaging materials and security labels as well as finished goods. The counterfeit goods were intended for export to countries in the Middle East, Europe, and Africa. Four people were arrested and Dubai Police have started a criminal investigation."

At current exchange rates, this is approximately $20 million US. A lot of inventory on hand, but an effective just-in-time supply chain nevertheless: remember, counterfeiting is a business. Spanning at least 3 continents in this case.

Cheers, Steve

Law of Power 3: Conceal Your Intentions

StevenSimske — Tue, 16 Jun 2009 19:34:00 GMT

In a continuing interpretation of Robert Greene’s 1998 bestseller, “The 48 Laws of Power” (Penguin Books), I turn it sideways (using the laws to fight counterfeiting and other forms of fraud) and then turn it upside down (using the laws to create better businesses).

Today we address Law #3: Conceal Your Intentions. This is a law in two parts.

(1) Use decoyed objects of desire and red herrings to throw people off the scent. Greene suggests false sincerity, ambiguous signals and misleading objects of desire.

(2) Use smoke screens to conceal your actions. Always leave yourself contingency pathways.

Many of Greene’s anecdotes focus on warfare and negotiation, and specifically on the cunning of different strategists. Strategies, as can be seen, cannot be “universally recommended”—that is, they do depend on the individual. Kissinger’s prowess as a negotiator, for example, was fueled by his ostensible dullness. Greene portrays Kissinger as nearly lulling his adversaries to sleep and then just as the wave of ennui threatened to submerse them in torpor, he would make otherwise unreasonable demands and get buy-off.

Such a strategy, clearly, would not have worked for Napoleon. Instead, Napoleon’s path to success would have been to put more power in the hands of his competent students of the Laws of Power—Talleyrand and Fouché, for example. Napoleon, being Napoleon, was unable to work with such indirect, “cunning” personalities.

A key to concealing your intentions is to eschew the use of a pattern. This is not the same as foregoing a design. Without a design, you are quite liable to respond to any nuance, distraction, red herring, or ploy of your adversary. The design is essential, as it is nothing else but the pathway from the present to the future. Your design, however, should include decoyed objects of desire and smoke screens to prevent anyone else from determining your design. If your pattern is A, B, C, D, guess what? Your adversary can pick E, F, G, H, etc., to face you. And a smart adversary (you must assume your adversary is smart until proven otherwise) will pick the node in the sequence where she is relatively strongest in comparison to you.

What could be more fun? Combining creativity, design, thinking on your feet and secrecy—concealing your intentions gives you time to collect information on your adversary. And, when the reversal occurs, it should not be ambiguous. When you suddenly reveal your intentions, either because of a (well-earned) reputation for fraud or because it will no longer provide value to conceal your plans forward, do it in full.

Think of Hamlet. The play was indeed the thing to catch the conscience of the king, and Hamlet knew it. He concealed his intentions—was he brooding over Ophelia, going through existential angst, in deep anxiety over an inevitable confrontation with Fortinbras? Meticulously, Hamlet pieced together enough clues to formulate the last stage in his intelligence work. It was the play, with his uncle’s murder of his father echoed in the actions of the players, that would bring out the final, unequivocal reaction in Claudius. After that reaction, the rest of Hamlet’s “contingency plan”, always part of his design, would inexorably bring the bloody end to one of the world’s greatest works of literature. After the play, the rest was almost predestined.

Hidden intent. What am I looking at? What matters here?

SIDEWAYS:

Of the 48 Laws of Power, perhaps none is more central to security printing, anti-counterfeiting and brand protection than Law #3. Variable data printing (VDP) provides ease of printing decoys and smokescreens, while hiding the overall intention.

Since every printed region can be variable, the would-be counterfeiter can take one of three (at least) approaches. First, he may try to reverse-engineer every element of the print job. This is a time-consuming, mind-numbing approach, but the advantages are that the counterfeit samples will inevitably appear more real, and so get by more customers and more retailers and more inspectors undetected. Counterfeiters with substantial R&D budgets (and there are many) will occasionally attempt this approach. Other counterfeiters will do the minimum possible to get their products into the supply chain, and so the counterfeit products will be generally easy to distinguish. However, these counterfeiters may be more interested in replace-and-sell strategies, which are consistently seen for example with large systems (cars, servers, airplanes, appliances, etc.) where the parts are very expensive and the system behaves similarly with the counterfeit parts in place. Thirdly, other counterfeiters will simply move to the inside. It is much easier to spoof a product if you simply build the product. Insidious insiders, third-shifters (factory overruns), and false fronts (“fake” companies that work with all of your suppliers) are a significant threat.

Conceal your intentions with counterfeiters by using variable VDP—changing your VDP design is not much more difficult than printing using VDP. Your design is to change; your pattern of change is your own.

Security printing principles are in direct alignment with concealing one’s intents. Decoys are printed marks used to get a counterfeiter to respond, even though they may not be (normally, ever) tracked or investigated. Use decoyed objects of desire and red herrings to throw people off the scent. Printed marks can also be used as “bait” to get counterfeiters to respond to them—generally, these are overt marks, so the lack of response by the counterfeiter usually means that they will not be able to counterfeit for long. Your response may be about the data embedded, or it may be the appearance itself. Use smoke screens to conceal your actions. These decoys and bait can serve as “contingency” deterrents which can be tracked or investigated in cases of need (recall, change in auditing requirements, new regulatory concerns, change in branding, etc.).

Intentions stripped bare. Nothing to conceal. No future.

UPSIDE DOWN:

Concealing your intentions is obviously to your advantage when dealing with an adversary. Many would therefore conclude that to benefit from the obvious advantages of Law #3, you will treat your business partners as adversaries, concealing your long-term strategy. I argue for a different approach.

Consider your interaction with worthwhile business collaborators and partners the way you might consider your interaction with worthwhile life collaborators and partners at a social gathering. Start with the premise that your story is boring unless the other can share in the story. Get the other person/partner to speak. Be genuinely interested. Every conversation, every partnership, is a learning opportunity. “Conceal” your intentions by engaging in theirs.

“Ah!” you say, “but there is no security through obscurity.” Meaning the would-be collaborator will also know Law #3 and will be applying it on you, as well. And right you are! That’s the beauty of the approach. If each of you applies the “Upside Down” Law #3, then inevitably the conversation will lead to common ground. It takes active engagement, but it does not preclude concealment of your true long-term plans. Both parties benefit from finding a common, profitable area of engagement, without having to say “I’m not ready to share that with you yet.”

Let’s illustrate with a simple example. UBB (Unbelievably Big Business) has long-term plans to take over all fossil fuel surveying, production and distribution. USS (Unbelievably Sustainable Systems) has long-term plans to provide 100% of the world’s energy needs, where possible, with 100% renewable fuels. In drawing into the conversation discussion of sustainability, UBB comes to understand how “grow and sell local” approaches will significantly streamline their own distribution chain. In drawing into the conversation discussion of the need for high-octane, fossil based fuels in many existing transportation networks, USS comes to understand “asset inertia” and also understands better the adoption roadmap for sustainable energy.

A healthy combination of concealment and the visible. Share enough to help your friends, conceal enough to derail your adversaries.

--Steve

See Law #2 at: http://www.communities.hp.com/online/blogs/securityprinting/archive/2009/05/31/law-of-power-2-never-put-too-much-trust-in-friends-learn-to-use-your-enemies.aspx