Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: Don Y Newsgroups: sci.electronics.design Subject: Re: Offshore firmware management Date: Sun, 26 May 2024 07:14:54 -0700 Organization: A noiseless patient Spider Lines: 144 Message-ID: References: <7ld65j55ogderkv4r18jrgshlirkbtcluk@4ax.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Injection-Date: Sun, 26 May 2024 16:15:08 +0200 (CEST) Injection-Info: dont-email.me; posting-host="e324dc6d5a27212bf284568b86948ba2"; logging-data="3619566"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+tnuFeLGvOBbUarLjVCRtL" User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.2.2 Cancel-Lock: sha1:APXiVd18VVjc7a+oIuMmPUmK6Dg= In-Reply-To: <7ld65j55ogderkv4r18jrgshlirkbtcluk@4ax.com> Content-Language: en-US Bytes: 8574 On 5/26/2024 6:20 AM, Joe Gwinn wrote: >>>> When outsourcing manufacture, what steps are you taking to protect >>>> your IP (in the form of firmware) from unauthorized copying/counterfeiting >>>> by the selected vendor *or* parties that may have access to their systems? >>> >>> What is the capability and desire level of the threat actors? If it's >>> an intelligence agency of reasonable large country, you probably >>> cannot do anything effective. >> >> No. The concern is that the contracted manufacturer (or, anyone with >> access to his information systems) decides to go into business in >> direct competition, simply by selling YOUR device at a cut-rate price >> (not having to recover the engineering/development/warranty/support >> costs that you have) > > OK. Also, what does the device sell for? This will dominate the > choice. Nominally $100. But, one would typically buy a selection of a few hundred per end user. "One" would have very little value. Hardware "unit" costs are reasonably insignificant; they are designed to be easy/inexpensive to produce. No precision components, manufacturing tolerances, etc. If you are committed to "copying at scale", then there is little standing in your way (i.e., molds, boards, packaging, etc. are just "costs of doing business") *ALL* of the value lies in the software. [In the (arcade) video game days, most legitimate vendors had reasonably stable hardware PLATFORMS that were reused IN THE DESIGNS OF successive games. The next game would find the user buying a new cabinet, monitor, another set of boards, etc. The big difference would be in the contents of the ROMS and the artwork on the cabinet. Counterfeiters saw an easy way to exploit this. They could build their own boardsets. OR, rely on the customer to have a set from the last legitimately purchased game -- along with a cabinet, monitor, etc. I.e., NO SHIPPING COSTS or delays! They could just ship a new set of ROMs and some appliques to slap on the sides of the cabinet to "build" THEIR new game -- which was actually YOUR game but with cosmetic changes to appear different and avoid strict copyright infringement -- superficially. For customers who already saw your $2-3K price tag as excessive, (1980 dollars, and many unit purchases with typical "appeal" of several months) it was easy for them to ignore their moral compass and just buy an ILLEGAL upgrade. Especially as they had no way of predicting how THEIR "customers" (players) would receive the new game. Would it see enough play -- number of locations is limited and revenue has to typically be shared with the location's owner -- to cover the initial outlay? You, of course, wanted to sell complete games, not "ROM sets" as that drives your sales figures up. Its hard to fold man-years of development into the *price* of a set of ROMs without customers feeling raped! But, you could easily distribute those costs in the markup of an entire game console! The counterfeiter just is concerned with profit and ease of effort. He doesn't have man-years of investment to recover; you've already come up with the concept, gameplay AND implementation! All he has to do is make it appear to be HIS creation. If, instead, he had to build and ship cabinets, it would be too hard for him to counterfeit your product! The parallels here are obvious. I *want* the hardware to be trivial to implement as it drives my costs down. Even if the hardware was not-copyable, that wouldn't eliminate the potential for after-market "mods" to genuine articles. (e.g., I purchase old Nest thermostats as I can repurpose them for my own use and would never invest that kind of money to tool up for such an "extravagant" implementation!)] So, an employee/insider at your chosen contractor could produce units in a friend's (euphemistic) "garage" -- and, move to another friend's a week later (to avoid legal pressures). Legal protections just add to the cost and delay remedies. Given that the "culprit" is likely not a firm that would fear or be bound by law, you have to expect your adversary to be willing to disappear and reappear in another guise. Ideally, you want to rely on ENGINEERING protections; his actual identity then falls out of the equation as the protections apply universally. A common approach is to add value beyond the physical level (i.e., only registered sales can access value-added services from the "design owner" -- trying to avoid using the term "manufacturer" as there can be some confusion, here). Of course, this can be exploited; the thief buys one and becomes a legitimate customer. Then, acts as a middleman/conduit to provide those services to "his" customers. [In the early days of consumer software, one approach to reducing copying was to provide a physical manual for the product; if you clone the diskette, you still have to photocopy the manual in order to effectively use it.] Commercial and industrial customers can be "protected" (reduced risk of them being lost to a counterfeiter's efforts) as they have a financial interest in being able to *use* the devices they have purchased. While they may be more eager to litigate, they would also realize the chances of losing that litigation are high given that the devices in question can't be traced to you as the legitimate "manufacturer". "Frequent" updates can also weed out the knockoffs. But, you have to consider that these users/purchasers may not have been complicit in the fraud. They *think* they own a genuine product and only later discover their predicament. Leaving them high and dry (because of THEIR actions!) doesn't leave them with a good feeling towards "your" product -- or *you*! (It's one thing to be conned out of a $100 purchase; quite another to be conned a hundred-fold! That's likely to drag lawyers into the picture and the real crook has likely taken measures to avoid punishment!) If, OTOH, a customer buys a product and it JUST DOESN'T WORK, then he is more likely to react with his vendor, then and there. The sale can be undone -- and others can be warned of his misfortune. Anything with a processor will require some "design cooperation" to ensure it can be tested -- in manufacturing -- to verify the proper functionality of the hardware. But, note that this does not have to include the functionality of the "final" device! I.e., your contract with the shop can specify that all devices must pass the self test/fixture that you have included in the contract specification. The onus is then on you to ensure the chances of this passing with a defective build is small/nonexistent. However, this means adding a post-processing step with a "trusted" agency (or, oneself) to produce the actual devices. The offshore devices are just treated as components, in a sense. "Final assembly" being done elsewhere. In this case, you have greater control over the firmware that gets installed in the devices-to-be-sold. But, at some additional cost. The adversary, of course, never sees this step so his "products" aren't "finished goods". Anyone buying them discovers they just don't work!