Authenticating Consumable Products — Fakes Kill

By:Tom Moulton

How do you know whether that ink cartridge, air purification filter or medical test strip is really from the vendor on the sticker, or if you bought a cheap knockoff?  From an OEM perspective, how do you know your customers aren’t using those knockoffs, rather than something made or authorized by you? That guessing game can be eliminated with the addition of a simple, inexpensive crypto device in the design of your consumable products. The crypto device can be embedded in the consumable (client). When the consumable is installed or first used in the system (host), it is sent a challenge from the host. This challenge could be a fixed or random value. The host sends the challenge to the client, and the chip in the client calculates the response and sends the response back to the host. Upon receiving the response, the host compares it with the expected response. Only a consumable that provides the expected response can be used in the system. Sounds simple doesn’t it? This type of consumable authentication system is inexpensive and easy to implement.

In fact, a number of other configurations are available in these devices and can make the system even more secure. Some of these include: limiting the usage amount of the consumable attached to the system using a special key which can be used only for a limited number of times or by creating a unique key in the chip which is diversified based on its serial number. The benefit is that if an accessory is compromised, it would not affect other accessories because each accessory has its own unique key. And for the ultimate solution to consumable authentication, put a crypto chip in both the host and the client! The expected response can now be stored in hardware instead of embedding it in the host microprocessor code. This makes the response irretrievable for hackers who are attempting to circumvent the system. Isn’t a company’s reputation more important than the effort it would take to implement a simple solution like this? My suggestion is to only buy consumable products that use this type of hardware authentication solution.  Who knows, some day your life might depend on having the right consumable in a company’s product!