Re: Offshore firmware management

Liste des GroupesRevenir à se design 
Sujet : Re: Offshore firmware management
De : joegwinn (at) *nospam* comcast.net (Joe Gwinn)
Groupes : sci.electronics.design
Date : 26. May 2024, 17:01:50
Autres entêtes
Message-ID : <8cm65jl2t7tfbaf46l88aue2vbdaeks7gs@4ax.com>
References : 1 2 3 4 5
User-Agent : ForteAgent/8.00.32.1272
On Sun, 26 May 2024 07:14:54 -0700, Don Y
<blockedofcourse@foo.invalid> wrote:

On 5/26/2024 6:20 AM, Joe Gwinn wrote:
When outsourcing manufacture, what steps are you taking to protect
your IP (in the form of firmware) from unauthorized copying/counterfeiting
by the selected vendor *or* parties that may have access to their systems?
>
What is the capability and desire level of the threat actors?  If it's
an intelligence agency of reasonable large country, you probably
cannot do anything effective.
>
No.  The concern is that the contracted manufacturer (or, anyone with
access to his information systems) decides to go into business in
direct competition, simply by selling YOUR device at a cut-rate price
(not having to recover the engineering/development/warranty/support
costs that you have)
 
OK.  Also, what does the device sell for?  This will dominate the
choice.
>
Nominally $100.  But, one would typically buy a selection of a few hundred per
end user.  "One" would have very little value.
>
Hardware "unit" costs are reasonably insignificant; they are designed to be
easy/inexpensive to produce.  No precision components, manufacturing
tolerances, etc.  If you are committed to "copying at scale", then there
is little standing in your way (i.e., molds, boards, packaging, etc.
are just "costs of doing business")
>
*ALL* of the value lies in the software.
>
[good summary, but big snip]

It sound like you really have only one kind of possible solution.

First, as Phil H suggests, do not provide the firmware to the contract
manufacturer at all, instead install it back home.

Now "install" can mean a number of things.  If you just install a
common firmware image, that contract manufacturer can simply buy a
copy in the US, and reverse engineer it, so that isn't going to work
for very long.

If the hardware has a unique and large hardware serial number (there
are chips that do this), the installed firmware can be adjusted to
know its target serial number, and refuse to work anywhere else.  This
is done with a crypto checksum scheme of some kind, complicating and
delaying reverse engineering. 

Next stronger is to also require the product to contact the mother
ship to complete the serial number. 

How far to go is an economic decision - all you need to do is to make
cloning your product economically pointless.  It is not necessary for
the locking scheme to be bulletproof.

Joe Gwinn

Date Sujet#  Auteur
26 May 24 * Offshore firmware management12Don Y
26 May 24 +* Re: Offshore firmware management9Joe Gwinn
26 May 24 i`* Re: Offshore firmware management8Don Y
26 May 24 i +- Re: Offshore firmware management1Don Y
26 May 24 i +- Re: Offshore firmware management1Phil Hobbs
26 May 24 i `* Re: Offshore firmware management5Joe Gwinn
26 May 24 i  `* Re: Offshore firmware management4Don Y
26 May 24 i   `* Re: Offshore firmware management3Joe Gwinn
26 May 24 i    `* Re: Offshore firmware management2Don Y
26 May 24 i     `- Re: Offshore firmware management1Don Y
26 May 24 +- Re: Offshore firmware management1john larkin
26 May 24 `- Re: Offshore firmware management1Phil Hobbs

Haut de la page

Les messages affichés proviennent d'usenet.

NewsPortal