Top 3 headaches with software protection when outsourcing

Corporations are becoming more global, which means their products are deployed on a broader scale and manufacturing often outsourced. Concerns are rising regarding IP protection in embedded software during the whole life cycle of electronic devices: at the manufacturing stage, off the shelves and during software update.

The protection of software code in embedded systems is now a major issue because the value of assets now resides less and less in the hardware architecture and more and more in software components for which the traditional patent protection approach proves less effective when it is not applicable.

Existing legal protection of intellectual property rights relevant to protect products not always provide enough control to the brand holder and the risks of security breaches is permanent.

✅ Simplified Automatic pairing process

The term "Software & IP Protection", often used in the literature, refers to the protection of OEM software code against security breaches. It is a major concern for managers of companies that design and manufacture embedded equipment. As the risks of security breaches increase, it is not surprising in this context that managing and protecting software and IP is a critical issue for these OEMs as the average direct revenue loss per security breach now exceeds $3 million (*). To this loss must be added indirect damages such as the erosion of the company's brand reputation or reduced service efficiency due to a lack of security.

With regard to software and IP protection, the main vulnerabilities occur primarily at three points in a product's life: during the equipment manufacturing process, on the equipment in operation, and during software updates using Over The Air (OTA) technology.

Attribute a single and unique identity to each produced device, creating a unique ID to simplify the pairing process. Secure generation of secrets/keys on the production site...unique per component, secure loading of these data in the component, secure pairing between different products.

✅ IP Protection

There are essentially four types of intellectual property rights relevant to software: patents, copyrights, trade secrets, and trademarks. Each affords a different type of legal protection.

Security is always a compromise between cost and risk. Since risks are not always well identified, OEMs naturally look for the cheapest solution, which is not necessarily a good attitude to adopt. So new concepts need to be developed for the protection of software and IP at the level of the equipment itself, being able to take into account the constraints of embedded systems without compromising their security. In this context, some players are now able to provide a complete set of security solutions that guarantee fully integrated protection throughout the "chain of trust" of a product. For example, secure libraries based on cryptography and obfuscation techniques have proven to be effective against reverse engineering, while being easy to implement.

✅ Control the exact volume of production

Overproduction usually occurs with large batch sizes, inaccurate demand planning, poorly designed processes or lack of control at the manufacturer site.

Different ways to guarantee the right number of programs (no overproduction), is by record serial numbers of programmed components, and obtaining of an authentic batch report.

Centralized secure programming solutions are becoming user-friendly and easier to implement than in the past, at a controlled cost. These are all technological building blocks - secure software libraries, secure programming and secure startup - that Trusted Objects has developed to protect software and IP, particularly during remote software updates over the air.

In another example, Trusted Objects have partnered with System General so that TOPS, its secure programming solution, can be qualified directly on the System General's programming equipment.

(*) Accenture 2019 study

Find the Full LinkedIn Article here

#outsourcing #software #lilimellinger #Overproduction #ipprotection #cryptography #IP #pairing