Special programming systems for greater contract manufacturing security

06/01/2018 Know-How

Contract manufacturing offers many benefits, particularly lower costs and greater flexibility. A major disadvantage is the risk of espionage and/or the copying of production data. Special programming systems help to keep control of in-house data and prevent illegal copies.

Contract manufacturers (CMs) are becoming increasingly popular in the area of mass production. They specialize in the contract manufacturing of products according to specific criteria. In this case, the contracting company is required, to a certain degree, to reveal some of its business secrets to the contract manufacturer. However, this involves a whole host of risks, as the contract manufacturer is given direct access to firmware, circuit diagrams, and other details required for production. To protect against the negative impacts of excess production and illegal copies by the contract manufacturer or to at least limit them, it is essential to retain control of firmware utilization and production volumes. Newly developed programming systems, such as <link www.rutronik24.com/product/segger/5.20.01/9707838.html _blank external-link-new-window "open internal link">Flasher SECURE from SEGGER</link>, offer more security when carrying out mass production contracts with contract manufacturers.

Five steps for more security

The programming system guarantees more security in just five steps:

  1. The system reads a unique identifier (UID) from the device being programmed and sends it to a server controlled by the client.
  2. On the server, the UID is validated and checked to ensure the contract manufacturer is authorized to program the device.
  3. After successful completion, the programming system uses certified asymmetric algorithms from the identifier to create a signature for the device.
  4. The signature is sent back to the programming system which saves it together with the firmware in the target device.
  5. The target device uses a public key to check whether the signature matches the UID. If this is not the case, the device outputs an error message and blocks further operation.

Only the contracting company has the required private key, not the contract manufacturer or other involved parties. This effectively prevents the falsifying of the signature for specified hardware.

Communication between the contract manufacturer and the server is secured by hybrid encryption methods via TLS/SSL (Transport Layer Security/ Secure Sockets Layer). The client is thus able to log all the events and actions and to view them at all times in a clearly arranged manner via the administration interface.

Utilizing this method, the firmware or an external application which communicates with the programming system can check whether the device is part of the client's legitimatized production. If one of the tests turns out to be negative, the firmware recognizes that the device is unauthorized and duly stops operation. Since the signature is different for each device, legitimatized devices cannot be produced through simple copying.

Quite often all the necessary products are available from the same provider to implement a safe and secure programming system. SEGGER delivers not only the programming system Flasher Secure but also the server software for the license management, which is required for the system.

Benefit for contract manufacturers

Clients and contract manufacturers alike profit from using this type of programming system: They can use it as a unique selling point and sales argument, guaranteeing that they are prepared to go the extra mile to protect their customers.

Find components at <link www.rutronik24.com _blank external-link-new-window "open internal link">www.rutronik24.com</link>.