• Re: Offshore firmware management

    From Joe Gwinn@21:1/5 to blockedofcourse@foo.invalid on Sat May 25 20:10:34 2024
    On Sat, 25 May 2024 16:24:42 -0700, Don Y
    <blockedofcourse@foo.invalid> wrote:

    When outsourcing manufacture, what steps are you taking to protect
    your IP (in the form of firmware) from unauthorized copying/counterfeiting
    by the selected vendor *or* parties that may have access to their systems?

    What is the capability and desire level of the threat actors? If it's
    an intelligence agency of reasonable large country, you probably
    cannot do anything effective.

    Joe Gwinn

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Don Y@21:1/5 to All on Sat May 25 16:24:42 2024
    When outsourcing manufacture, what steps are you taking to protect
    your IP (in the form of firmware) from unauthorized copying/counterfeiting
    by the selected vendor *or* parties that may have access to their systems?

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Don Y@21:1/5 to Don Y on Sat May 25 20:05:17 2024
    On 5/25/2024 8:01 PM, Don Y wrote:
    On 5/25/2024 5:10 PM, Joe Gwinn wrote:
    On Sat, 25 May 2024 16:24:42 -0700, Don Y
    <blockedofcourse@foo.invalid> wrote:

    When outsourcing manufacture, what steps are you taking to protect
    your IP (in the form of firmware) from unauthorized copying/counterfeiting >>> by the selected vendor *or* parties that may have access to their systems? >>
    What is the capability and desire level of the threat actors?  If it's
    an intelligence agency of reasonable large country, you probably
    cannot do anything effective.

    No.  The concern is that the contracted manufacturer (or, anyone with
    access to his information systems) decides to go into business in
    direct competition, simply by selling YOUR device at a cut-rate price
    (not having to recover the engineering/development/warranty/support
    costs that you have)

    .. given that he has all (?) of the information to produce a device
    that can be drop-shipped to a customer.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Don Y@21:1/5 to Joe Gwinn on Sat May 25 20:01:48 2024
    On 5/25/2024 5:10 PM, Joe Gwinn wrote:
    On Sat, 25 May 2024 16:24:42 -0700, Don Y
    <blockedofcourse@foo.invalid> wrote:

    When outsourcing manufacture, what steps are you taking to protect
    your IP (in the form of firmware) from unauthorized copying/counterfeiting >> by the selected vendor *or* parties that may have access to their systems?

    What is the capability and desire level of the threat actors? If it's
    an intelligence agency of reasonable large country, you probably
    cannot do anything effective.

    No. The concern is that the contracted manufacturer (or, anyone with
    access to his information systems) decides to go into business in
    direct competition, simply by selling YOUR device at a cut-rate price
    (not having to recover the engineering/development/warranty/support
    costs that you have)

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From john larkin@21:1/5 to blockedofcourse@foo.invalid on Sat May 25 20:46:58 2024
    On Sat, 25 May 2024 16:24:42 -0700, Don Y
    <blockedofcourse@foo.invalid> wrote:

    When outsourcing manufacture, what steps are you taking to protect
    your IP (in the form of firmware) from unauthorized copying/counterfeiting
    by the selected vendor *or* parties that may have access to their systems?

    Once someone cloned one of our modules. Our best customer called us
    immediately and said they would never buy from them again.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Phil Hobbs@21:1/5 to Don Y on Sun May 26 04:30:05 2024
    Don Y <blockedofcourse@foo.invalid> wrote:
    When outsourcing manufacture, what steps are you taking to protect
    your IP (in the form of firmware) from unauthorized copying/counterfeiting
    by the selected vendor *or* parties that may have access to their systems?



    Doing flashing and test in house, using these:

    https://www.thejigsapp.com

    Cheers

    Phil Hobbs

    --
    Dr Philip C D Hobbs Principal Consultant ElectroOptical Innovations LLC / Hobbs ElectroOptics Optics, Electro-optics, Photonics, Analog Electronics

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Phil Hobbs@21:1/5 to Don Y on Sun May 26 04:42:39 2024
    Don Y <blockedofcourse@foo.invalid> wrote:
    On 5/25/2024 5:10 PM, Joe Gwinn wrote:
    On Sat, 25 May 2024 16:24:42 -0700, Don Y
    <blockedofcourse@foo.invalid> wrote:

    When outsourcing manufacture, what steps are you taking to protect
    your IP (in the form of firmware) from unauthorized copying/counterfeiting >>> by the selected vendor *or* parties that may have access to their systems? >>
    What is the capability and desire level of the threat actors? If it's
    an intelligence agency of reasonable large country, you probably
    cannot do anything effective.

    No. The concern is that the contracted manufacturer (or, anyone with
    access to his information systems) decides to go into business in
    direct competition, simply by selling YOUR device at a cut-rate price
    (not having to recover the engineering/development/warranty/support
    costs that you have)

    If you’re producing stuff in China, there are a bunch of ways to prevent
    your factory from going into competition with you, including registering
    your trademarks in China and structuring your contracts correctly. The
    Harris Sliwoski blog is an excellent read on that stuff.
    For instance, just a few days ago:

    https://harris-sliwoski.com/chinalawblog/the-ten-keys-to-overseas-manufacturing-success/

    Cheers

    Phil Hobbs


    --
    Dr Philip C D Hobbs Principal Consultant ElectroOptical Innovations LLC / Hobbs ElectroOptics Optics, Electro-optics, Photonics, Analog Electronics

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Joe Gwinn@21:1/5 to blockedofcourse@foo.invalid on Sun May 26 09:20:02 2024
    On Sat, 25 May 2024 20:01:48 -0700, Don Y
    <blockedofcourse@foo.invalid> wrote:

    On 5/25/2024 5:10 PM, Joe Gwinn wrote:
    On Sat, 25 May 2024 16:24:42 -0700, Don Y
    <blockedofcourse@foo.invalid> wrote:

    When outsourcing manufacture, what steps are you taking to protect
    your IP (in the form of firmware) from unauthorized copying/counterfeiting >>> by the selected vendor *or* parties that may have access to their systems? >>
    What is the capability and desire level of the threat actors? If it's
    an intelligence agency of reasonable large country, you probably
    cannot do anything effective.

    No. The concern is that the contracted manufacturer (or, anyone with
    access to his information systems) decides to go into business in
    direct competition, simply by selling YOUR device at a cut-rate price
    (not having to recover the engineering/development/warranty/support
    costs that you have)


    OK. Also, what does the device sell for? This will dominate the
    choice.

    Joe Gwinn

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Don Y@21:1/5 to Joe Gwinn on Sun May 26 07:14:54 2024
    On 5/26/2024 6:20 AM, Joe Gwinn wrote:
    When outsourcing manufacture, what steps are you taking to protect
    your IP (in the form of firmware) from unauthorized copying/counterfeiting >>>> by the selected vendor *or* parties that may have access to their systems? >>>
    What is the capability and desire level of the threat actors? If it's
    an intelligence agency of reasonable large country, you probably
    cannot do anything effective.

    No. The concern is that the contracted manufacturer (or, anyone with
    access to his information systems) decides to go into business in
    direct competition, simply by selling YOUR device at a cut-rate price
    (not having to recover the engineering/development/warranty/support
    costs that you have)

    OK. Also, what does the device sell for? This will dominate the
    choice.

    Nominally $100. But, one would typically buy a selection of a few hundred per end user. "One" would have very little value.

    Hardware "unit" costs are reasonably insignificant; they are designed to be easy/inexpensive to produce. No precision components, manufacturing tolerances, etc. If you are committed to "copying at scale", then there
    is little standing in your way (i.e., molds, boards, packaging, etc.
    are just "costs of doing business")

    *ALL* of the value lies in the software.

    [In the (arcade) video game days, most legitimate vendors had reasonably
    stable hardware PLATFORMS that were reused IN THE DESIGNS OF successive
    games. The next game would find the user buying a new cabinet, monitor,
    another set of boards, etc. The big difference would be in the contents
    of the ROMS and the artwork on the cabinet.

    Counterfeiters saw an easy way to exploit this. They could build their
    own boardsets. OR, rely on the customer to have a set from the last
    legitimately purchased game -- along with a cabinet, monitor, etc. I.e.,
    NO SHIPPING COSTS or delays! They could just ship a new set of ROMs
    and some appliques to slap on the sides of the cabinet to "build" THEIR
    new game -- which was actually YOUR game but with cosmetic changes to
    appear different and avoid strict copyright infringement -- superficially.

    For customers who already saw your $2-3K price tag as excessive, (1980
    dollars, and many unit purchases with typical "appeal" of several months)
    it was easy for them to ignore their moral compass and just buy an
    ILLEGAL upgrade. Especially as they had no way of predicting how
    THEIR "customers" (players) would receive the new game. Would it
    see enough play -- number of locations is limited and revenue has
    to typically be shared with the location's owner -- to cover the
    initial outlay?

    You, of course, wanted to sell complete games, not "ROM sets"
    as that drives your sales figures up. Its hard to fold man-years
    of development into the *price* of a set of ROMs without customers
    feeling raped! But, you could easily distribute those costs in the
    markup of an entire game console!

    The counterfeiter just is concerned with profit and ease of effort.
    He doesn't have man-years of investment to recover; you've already come
    up with the concept, gameplay AND implementation! All he has to do
    is make it appear to be HIS creation. If, instead, he had to build
    and ship cabinets, it would be too hard for him to counterfeit your
    product!

    The parallels here are obvious. I *want* the hardware to be trivial
    to implement as it drives my costs down. Even if the hardware was
    not-copyable, that wouldn't eliminate the potential for after-market
    "mods" to genuine articles. (e.g., I purchase old Nest thermostats
    as I can repurpose them for my own use and would never invest that
    kind of money to tool up for such an "extravagant" implementation!)]

    So, an employee/insider at your chosen contractor could produce units
    in a friend's (euphemistic) "garage" -- and, move to another friend's
    a week later (to avoid legal pressures).

    Legal protections just add to the cost and delay remedies. Given that
    the "culprit" is likely not a firm that would fear or be bound by
    law, you have to expect your adversary to be willing to disappear
    and reappear in another guise.

    Ideally, you want to rely on ENGINEERING protections; his actual identity
    then falls out of the equation as the protections apply universally.

    A common approach is to add value beyond the physical level (i.e.,
    only registered sales can access value-added services from the
    "design owner" -- trying to avoid using the term "manufacturer"
    as there can be some confusion, here). Of course, this can
    be exploited; the thief buys one and becomes a legitimate
    customer. Then, acts as a middleman/conduit to provide those
    services to "his" customers.

    [In the early days of consumer software, one approach to reducing
    copying was to provide a physical manual for the product; if you
    clone the diskette, you still have to photocopy the manual in order
    to effectively use it.]

    Commercial and industrial customers can be "protected" (reduced
    risk of them being lost to a counterfeiter's efforts) as they
    have a financial interest in being able to *use* the devices they
    have purchased. While they may be more eager to litigate, they
    would also realize the chances of losing that litigation are
    high given that the devices in question can't be traced to
    you as the legitimate "manufacturer".

    "Frequent" updates can also weed out the knockoffs. But, you have
    to consider that these users/purchasers may not have been complicit
    in the fraud. They *think* they own a genuine product and only
    later discover their predicament. Leaving them high and dry (because
    of THEIR actions!) doesn't leave them with a good feeling towards
    "your" product -- or *you*!

    (It's one thing to be conned out of a $100 purchase; quite another to
    be conned a hundred-fold! That's likely to drag lawyers into the picture
    and the real crook has likely taken measures to avoid punishment!)

    If, OTOH, a customer buys a product and it JUST DOESN'T WORK, then
    he is more likely to react with his vendor, then and there. The
    sale can be undone -- and others can be warned of his misfortune.

    Anything with a processor will require some "design cooperation"
    to ensure it can be tested -- in manufacturing -- to verify the
    proper functionality of the hardware.

    But, note that this does not have to include the functionality
    of the "final" device! I.e., your contract with the shop can
    specify that all devices must pass the self test/fixture that
    you have included in the contract specification. The onus is then
    on you to ensure the chances of this passing with a defective
    build is small/nonexistent.

    However, this means adding a post-processing step with a "trusted"
    agency (or, oneself) to produce the actual devices. The offshore
    devices are just treated as components, in a sense. "Final assembly"
    being done elsewhere.

    In this case, you have greater control over the firmware that
    gets installed in the devices-to-be-sold. But, at some
    additional cost.

    The adversary, of course, never sees this step so his "products"
    aren't "finished goods". Anyone buying them discovers they just
    don't work!

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Joe Gwinn@21:1/5 to blockedofcourse@foo.invalid on Sun May 26 12:01:50 2024
    On Sun, 26 May 2024 07:14:54 -0700, Don Y
    <blockedofcourse@foo.invalid> wrote:

    On 5/26/2024 6:20 AM, Joe Gwinn wrote:
    When outsourcing manufacture, what steps are you taking to protect
    your IP (in the form of firmware) from unauthorized copying/counterfeiting
    by the selected vendor *or* parties that may have access to their systems?

    What is the capability and desire level of the threat actors? If it's >>>> an intelligence agency of reasonable large country, you probably
    cannot do anything effective.

    No. The concern is that the contracted manufacturer (or, anyone with
    access to his information systems) decides to go into business in
    direct competition, simply by selling YOUR device at a cut-rate price
    (not having to recover the engineering/development/warranty/support
    costs that you have)

    OK. Also, what does the device sell for? This will dominate the
    choice.

    Nominally $100. But, one would typically buy a selection of a few hundred per >end user. "One" would have very little value.

    Hardware "unit" costs are reasonably insignificant; they are designed to be >easy/inexpensive to produce. No precision components, manufacturing >tolerances, etc. If you are committed to "copying at scale", then there
    is little standing in your way (i.e., molds, boards, packaging, etc.
    are just "costs of doing business")

    *ALL* of the value lies in the software.

    [good summary, but big snip]

    It sound like you really have only one kind of possible solution.

    First, as Phil H suggests, do not provide the firmware to the contract manufacturer at all, instead install it back home.

    Now "install" can mean a number of things. If you just install a
    common firmware image, that contract manufacturer can simply buy a
    copy in the US, and reverse engineer it, so that isn't going to work
    for very long.

    If the hardware has a unique and large hardware serial number (there
    are chips that do this), the installed firmware can be adjusted to
    know its target serial number, and refuse to work anywhere else. This
    is done with a crypto checksum scheme of some kind, complicating and
    delaying reverse engineering.

    Next stronger is to also require the product to contact the mother
    ship to complete the serial number.

    How far to go is an economic decision - all you need to do is to make
    cloning your product economically pointless. It is not necessary for
    the locking scheme to be bulletproof.

    Joe Gwinn

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Don Y@21:1/5 to Joe Gwinn on Sun May 26 09:42:54 2024
    On 5/26/2024 9:01 AM, Joe Gwinn wrote:
    Hardware "unit" costs are reasonably insignificant; they are designed to be >> easy/inexpensive to produce. No precision components, manufacturing
    tolerances, etc. If you are committed to "copying at scale", then there
    is little standing in your way (i.e., molds, boards, packaging, etc.
    are just "costs of doing business")

    *ALL* of the value lies in the software.

    [good summary, but big snip]

    It sound like you really have only one kind of possible solution.

    First, as Phil H suggests, do not provide the firmware to the contract manufacturer at all, instead install it back home.

    That's been SOP for many decades, now. The "manufacturer" is given
    an "image" that contains manufacturing diagnostics. This, coupled with
    an explanation for what is being tested (and how) -- along with
    schematics -- lets them troubleshoot and validate units before
    acceptance. (silly to try to "hide" schematics as the gerbers and
    stuffing list already tell *that* story)

    You support ISP and then just "reprogram" the image later, at YOUR
    facility. This gives you control of the image as well as JIT to
    bind an image to *a* delivery (important if you want to customize
    the product for specific customers and don't want to have to commit
    to keeping a specific number of each variant "in stock", risking
    overestimating some demands and underestimating others)

    But, there's a fair bit of "cost" to performing these operations.
    For a DM+DL of $10-20, that can represent a big piece of the "cost".
    (EASY to ignore if DM+DL is $100-1000!)

    Now "install" can mean a number of things. If you just install a
    common firmware image, that contract manufacturer can simply buy a
    copy in the US, and reverse engineer it, so that isn't going to work
    for very long.

    Exactly. You have to rely on "secure" storage to keep it hidden.

    If the hardware has a unique and large hardware serial number (there
    are chips that do this), the installed firmware can be adjusted to
    know its target serial number, and refuse to work anywhere else. This
    is done with a crypto checksum scheme of some kind, complicating and
    delaying reverse engineering.

    Yes. If you further tie that SN to an "activation" procedure, then
    only the first unit bearing a particular SN can ever see use. if the "SN-space" is sparse, an adversary has to rely on finding a valid
    SN to copy. But, only AT MOST the first of those copies will ever see
    an activation.

    E.g., a TRULY counterfeit iPhone can only replace exactly one legitimate
    iPhone as Apple controls which ones "work" and which WON'T -- based on
    its own mechanisms (imagine what it would be like trying to argue
    with Apple that YOUR iphone is genuine and any other previous
    activation was the counterfeit??)

    Activation can further be tied to sales records so those counterfeit
    "sales" are never recognized (by the legitimate vendor).

    [This also has an obvious tie-in for upgrades; even if you manage
    to get a hold of an upgrade image, the device doesn't have to
    accept it -- unless you further modify the images involved to
    avoid any such dependencies. (But, one should eschew upgrades,
    on principle, as they increase the cost to the user)]

    Next stronger is to also require the product to contact the mother
    ship to complete the serial number.

    Yes, as above. Note that the image installed can also VARY with the SN.
    The SN disclosed to the "mothership" (activation server) can be a
    one-way hash of the real SN so an MITM can't do anything with that
    observation.

    How far to go is an economic decision - all you need to do is to make
    cloning your product economically pointless. It is not necessary for
    the locking scheme to be bulletproof.

    There are lots of similar schemes but all come with some "labor" cost.
    You're outsourcing the manufacture, presumably, to minimize costs...

    The economic aspect is always the kicker. With high product costs,
    its easy to add a significant effort/cost to protect a design.
    But, when things get "dirt cheap", everything you add SOLELY to
    protect your IP is pure overhead; it adds no VALUE to your product!
    It's akin to throwing money at lawyers to try to get injunctions
    against adversaries (the product doesn't IMPROVE as a result of
    those actions. and, you're attention has been diverted from
    adding new functionality to *defending* your existing design)

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Don Y@21:1/5 to Don Y on Sun May 26 09:59:56 2024
    On 5/26/2024 9:42 AM, Don Y wrote:
    The economic aspect is always the kicker.  With high product costs,
    its easy to add a significant effort/cost to protect a design.
    But, when things get "dirt cheap", everything you add SOLELY to
    protect your IP is pure overhead; it adds no VALUE to your product!
    It's akin to throwing money at lawyers to try to get injunctions
    against adversaries (the product doesn't IMPROVE as a result of
    those actions.  and, you're attention has been diverted from
    adding new functionality to *defending* your existing design)

    Yet another (video game) anecdote...

    Hardware was REALLY important in that era as processors were
    pretty limited (bus speeds of 1MB/s). So, if you could add
    hardware capabilities that couldn't FUNCTIONALLY *and* ECONOMICALLY
    be replicated/emulated, you could add value AND protect your
    design.

    The obvious such choice (for raster games) was a custom BLTer.
    It's functionality was easily emulated (because it is hard
    to disguise when it is so heavily and obviously used!) -- but,
    at a much higher cost (implementation in SSI/MSI).

    As the functionality had value for other games, its development
    costs could be amortized over a greater number of products/units.
    To thwart folks trying to purchase just THAT component (e.g.,
    via your "spare parts" service), you could price it astronomically
    high and/or require the (alleged) defective device to be returned
    in exchange for that replacement purchase. So, you'd have had to
    have purchased N of them legitimately in order to buy N replacements
    (a losing proposition).

    Note, of course, that this still doesn't prevent a counterfeiter
    from offering an "upgrade kit" to be applied to one of your
    old games at a reduced price to provide a knock-off "new game"!

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)