Implementing Robust Measures

According to the World Health Organization, eight percent of all medical devices on the market are counterfeit, which is not only a danger to patients but also presents implications for OEM liability and brand integrity.

Regulators are attempting to address this growing problem. For example, to comply with the 2017 EU Medical Device Regulations, all medical devices will have to be fitted with a Unique Device Identification (UDI), which can identify the medical device from distribution through use. The goal is to improve patient safety through better traceability and transparency as well as reduce fraud.

Anti-counterfeiting measures have traditionally posed a challenge for medical equipment OEMs, but recent advances in anti-counterfeiting electronics technology can be utilized to provide robust anti-counterfeiting measures.

When two devices need to prove that they are authentic to each other, they use a challenge/response protocol based on a challenger asking a question and the responder providing a valid response, thereby authenticating the device. This protocol is the foundation of anti-counterfeiting.

Advanced anti-counterfeiting technology encompasses four distinct implementations within a system:

•a responder electronics microchip

•the challenger software

•secure manufacturing

•the challenge/response protocol between the challenger and responder

The responder chip ,located on a peripheral device, contains a “secret” and receives a “challenge” from the host system. The responder chip never reveals its secrets outside of the chip; rather, it then encrypts the challenge with the secret response and returns that encryption as a “response.”

The challenger software, within the host system, sends the challenge to the responder, receives the encrypted response back, and determines whether that response is valid. Upon confirmation that the peripheral is indeed authentic, the challenger software notifies the host system of acceptance.

During the manufacturing of the chip, “secure configuration” is the process of inserting the secret into the responder chip. Specific and controlled steps are taken to securely configure the chips. Secure functionality is turned on in phases during this process. When the chip is installed into the OEM medical device, a final piece of the cryptographic code is activated. This can be done only by the medical OEM and not any other party, including the chip manufacturer or any party within the supply chain.

Finally, there is the challenge/response protocol. Protocols vary but must be “Differential Power Analysis” (DPA) protected to ensure counterfeiters are thwarted. Differential Power Analysis is a form of side-channel attack that monitors variations in the electrical power consumption or electro-magnetic emissions of a target device.

Every time an encryption operation is performed using a secret key, a small amount of that secret key information leaks into an encryption chip’s power supply. If a challenge/response is performed a few hundred or a few thousand times, a counterfeiter can deduce what the secret key is. This allows the counterfeiters to reverse-engineer the chip secrets. Protections are available to make the secrets DPA-resistant up to a billion cycles and should be employed to best provide security.

In addition to authentication information, the technologies used to implement anti-counterfeiting measures can also be used to store date code information, usage information and manufacturing information. This information can then be read from the device, for instance, to verify a disposable component, its number of uses, its serial number, date of manufacture, lot number etc.

New anti-counterfeiting systems continue to be developed and deployed to ensure that medical devices remain resistant to counterfeiting.