In a world where the risks of counterfeit or tainted information and communication technology (ICT) are ever-present, I propose a call to action:
ICT original equipment manufacturers (OEMs) and our brethren in the semiconductor industry should embark on a coordinated effort to share chip identification information.
What would such coordination achieve? Today, semiconductor manufacturers use a variety of physically unclone-able functions (PUFs) to uniquely identify chips. Ideally, such unique identifiers, with some compilation and controlled disclosure, would allow ICT OEMs to leverage those identities to create “fingerprints” at higher levels (e.g., printed circuit board and system levels).
Die-level traceability can ensure a variety of positive outcomes. Those outcomes include: yield improvement; enhanced quality; and for the security-minded traceability via identity. This third outcome can serve as a powerful weapon in the war against counterfeit and potentially afford assistance in the prevention or detection of tainted ICT.
Die-level traceability can ensure a variety of positive outcomes.
Traceability can already be achieved by use of a die/chip PUF, more commonly known as an “electronic chip ID” (ECID). In essence, ECID is a register that contains a unique identifier for an individual die. The data in that register is typically “fixed” and cannot be modified. While this concept is far from universal, it has traction in the semiconductor industry (particularly in complex devices such as ASICs and processors).
How does this help the ICT OEM community in counterfeit detection and mitigation? In short, these unique identities are readable. In fact, an international standard embracing this concept already exists. IEEE 1149.1-2013, the “Standard for Test Access Port and Boundary-Scan Architecture,” includes a method for “reading” ECIDs as part of the manufacturing test process. Thus, reading the unique identity allows an ICT OEM to validate chip authenticity in the course of manufacturing its products.
How might this work? Let’s walk through a simple model.
- A semiconductor manufacturer programs the unique identity into a register on the device and creates a repository of those unique identities.
- That repository is made accessible on a controlled, limited access basis to those OEMs and their manufacturers who are using the chips.
- A simple pre-assembly validation step could then be implemented as a first phase of electronic circuit counterfeit detection and mitigation. The OEM would compare the unique identity from the semiconductor manufacturer’s controlled register to the list that has been provided by the supplier of the chip.
- If the unique identity from the component supplier is on the list from the semiconductor manufacturer, the assembly process can move forward. Next, the OEM would log that specific identity into a list of all those identities acknowledged as genuine but already assembled onto a printed circuit board.
- An OEM could thereby detect a potential counterfeit chip by the fact that the identity was duplicated and therefore already used on a board.
- The OEM would also be able to associate each chip and its unique identity to a specific printed circuit board-level serial number.
By tying ECIDs to printed circuit board- level serial numbers, counterfeit components and printed circuit board assemblies can more readily be detected. Are you ready to join to movement?