On 5/26/2024 6:20 AM, Joe Gwinn wrote:
When outsourcing manufacture, what steps are you taking to protect
your IP (in the form of firmware) from unauthorized copying/counterfeiting
by the selected vendor *or* parties that may have access to their systems?
>
What is the capability and desire level of the threat actors? If it's
an intelligence agency of reasonable large country, you probably
cannot do anything effective.
>
No. The concern is that the contracted manufacturer (or, anyone with
access to his information systems) decides to go into business in
direct competition, simply by selling YOUR device at a cut-rate price
(not having to recover the engineering/development/warranty/support
costs that you have)
OK. Also, what does the device sell for? This will dominate the
choice.
Nominally $100. But, one would typically buy a selection of a few hundred per
end user. "One" would have very little value.
Hardware "unit" costs are reasonably insignificant; they are designed to be
easy/inexpensive to produce. No precision components, manufacturing
tolerances, etc. If you are committed to "copying at scale", then there
is little standing in your way (i.e., molds, boards, packaging, etc.
are just "costs of doing business")
*ALL* of the value lies in the software.
[In the (arcade) video game days, most legitimate vendors had reasonably
stable hardware PLATFORMS that were reused IN THE DESIGNS OF successive
games. The next game would find the user buying a new cabinet, monitor,
another set of boards, etc. The big difference would be in the contents
of the ROMS and the artwork on the cabinet.
Counterfeiters saw an easy way to exploit this. They could build their
own boardsets. OR, rely on the customer to have a set from the last
legitimately purchased game -- along with a cabinet, monitor, etc. I.e.,
NO SHIPPING COSTS or delays! They could just ship a new set of ROMs
and some appliques to slap on the sides of the cabinet to "build" THEIR
new game -- which was actually YOUR game but with cosmetic changes to
appear different and avoid strict copyright infringement -- superficially.
For customers who already saw your $2-3K price tag as excessive, (1980
dollars, and many unit purchases with typical "appeal" of several months)
it was easy for them to ignore their moral compass and just buy an
ILLEGAL upgrade. Especially as they had no way of predicting how
THEIR "customers" (players) would receive the new game. Would it
see enough play -- number of locations is limited and revenue has
to typically be shared with the location's owner -- to cover the
initial outlay?
You, of course, wanted to sell complete games, not "ROM sets"
as that drives your sales figures up. Its hard to fold man-years
of development into the *price* of a set of ROMs without customers
feeling raped! But, you could easily distribute those costs in the
markup of an entire game console!
The counterfeiter just is concerned with profit and ease of effort.
He doesn't have man-years of investment to recover; you've already come
up with the concept, gameplay AND implementation! All he has to do
is make it appear to be HIS creation. If, instead, he had to build
and ship cabinets, it would be too hard for him to counterfeit your
product!
The parallels here are obvious. I *want* the hardware to be trivial
to implement as it drives my costs down. Even if the hardware was
not-copyable, that wouldn't eliminate the potential for after-market
"mods" to genuine articles. (e.g., I purchase old Nest thermostats
as I can repurpose them for my own use and would never invest that
kind of money to tool up for such an "extravagant" implementation!)]
So, an employee/insider at your chosen contractor could produce units
in a friend's (euphemistic) "garage" -- and, move to another friend's
a week later (to avoid legal pressures).
Legal protections just add to the cost and delay remedies. Given that
the "culprit" is likely not a firm that would fear or be bound by
law, you have to expect your adversary to be willing to disappear
and reappear in another guise.
Ideally, you want to rely on ENGINEERING protections; his actual identity
then falls out of the equation as the protections apply universally.
A common approach is to add value beyond the physical level (i.e.,
only registered sales can access value-added services from the
"design owner" -- trying to avoid using the term "manufacturer"
as there can be some confusion, here). Of course, this can
be exploited; the thief buys one and becomes a legitimate
customer. Then, acts as a middleman/conduit to provide those
services to "his" customers.
[In the early days of consumer software, one approach to reducing
copying was to provide a physical manual for the product; if you
clone the diskette, you still have to photocopy the manual in order
to effectively use it.]
Commercial and industrial customers can be "protected" (reduced
risk of them being lost to a counterfeiter's efforts) as they
have a financial interest in being able to *use* the devices they
have purchased. While they may be more eager to litigate, they
would also realize the chances of losing that litigation are
high given that the devices in question can't be traced to
you as the legitimate "manufacturer".
"Frequent" updates can also weed out the knockoffs. But, you have
to consider that these users/purchasers may not have been complicit
in the fraud. They *think* they own a genuine product and only
later discover their predicament. Leaving them high and dry (because
of THEIR actions!) doesn't leave them with a good feeling towards
"your" product -- or *you*!
(It's one thing to be conned out of a $100 purchase; quite another to
be conned a hundred-fold! That's likely to drag lawyers into the picture
and the real crook has likely taken measures to avoid punishment!)
If, OTOH, a customer buys a product and it JUST DOESN'T WORK, then
he is more likely to react with his vendor, then and there. The
sale can be undone -- and others can be warned of his misfortune.
Anything with a processor will require some "design cooperation"
to ensure it can be tested -- in manufacturing -- to verify the
proper functionality of the hardware.
But, note that this does not have to include the functionality
of the "final" device! I.e., your contract with the shop can
specify that all devices must pass the self test/fixture that
you have included in the contract specification. The onus is then
on you to ensure the chances of this passing with a defective
build is small/nonexistent.
However, this means adding a post-processing step with a "trusted"
agency (or, oneself) to produce the actual devices. The offshore
devices are just treated as components, in a sense. "Final assembly"
being done elsewhere.
In this case, you have greater control over the firmware that
gets installed in the devices-to-be-sold. But, at some
additional cost.
The adversary, of course, never sees this step so his "products"
aren't "finished goods". Anyone buying them discovers they just
don't work!
Offshore firmware management
Re: Offshore firmware management