DOCSLIB.ORG

Background Statement for SEMI Draft Document 4489

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Background Statement for SEMI Draft Document 4489

Background Statement for SEMI Draft Document 4489 New Standard: GUIDE FOR QUALIFICATIONS OF AUTHENTICATION SERVICE BODIES FOR DETECTING AND PREVENTING COUNTERFEITING OF SEMICONDUCTORS AND RELATED PRODUCTS

Note: This background statement is not part of the balloted item. It is provided solely to assist the recipient in reaching an informed decision based on the rationale of the activity that preceded the creation of this document.

Note: Recipients of this document are invited to submit, with their comments, notification of any relevant patented technology or copyrighted items of which they are aware and to provide supporting documentation. In this context, “patented technology” is defined as technology for which a patent has issued or has been applied for. In the latter case, only publicly available information on the contents of the patent application is to be provided.

Background The electronic component supply chain is frequently contaminated by counterfeit and tainted product. The risk of procuring contaminated goods increases when authorized (certified) distribution networks run out of product. This may occur with supply shortfalls or terminated products. Then, purchasing policy may also force procurement from non-certified distributors. The semiconductor industry currently lacks standard methods to validate the integrity of goods from non-certified distributors or suppliers. The Anti-Counterfeiting Task Force of the Semiconductor Industry Association (SIA) has proposed a solution that involves 1) labeling by trusted brand owners of batches of authentic goods with a secure encrypted serial number (license plate) on the product package and 2) an authentication service, available to anyone considering purchase of goods, using the encrypted serial number as the basis for validation. The SIA ACTF has requested that SEMI use its Traceability experience to develop appropriate standards. In response to this request, the Anti-Counterfeiting Task Force of the SEMI Traceability Committee developed SEMI T20 to specify the overall system for authentication of semiconductors and related products. Document 4489 is one of three supplementary standards to be added to SEMI T20 as one of the following named documents SEMI T20.1, T20.2, and T20.3. It addresses authentication service body qualifications. The other supplementary standards cover object labeling and authentication service communications. The results of this ballot will be reviewed by the SEMI Anti-Counterfeiting Task Force during its meeting in conjunction with SEMICON West, in San Francisco, CA, on July 16, 2009. Informational (Blue) Ballot1000AInformational (Blue) Ballot Ballot1000AInformational (Blue) (Blue) Informational Phone:408.943.6900 Fax: 408.943.7943Phone:408.943.6900 Fax: CASan 95134-2127Jose, 3081 Zanker Road Equipment Semiconductor InternationalMaterials and 2.2.3 2.2.2 2.2.1 2.2 storage, the involves service authentication is that foundries, This 1.1). ¶ independent including (see number (i.e., owner brand a by ASB the to submitted number serial serial encrypted the of verification and examination encrypted the of authenticity 2.1 2 bodies. of authentication service required 1.2 objectcovering labeling under now development the Task of in Anti-Counterfeiting Force the Committee.Traceability 1: NOTE a for basis the as number batch plate. the license checkof validation encrypted the using parts, of batch a of purchase considering anyone to available service authentication an (2) and package product the on number) serial (encrypted number batch secure a with parts 1.1 1 PRODUCTS OF RELATEDSEMICONDUCTORS COUNTERFEITING AND FORAND DETECTING PREVENTING BODIES SERVICE FOR OFStandard:QUALIFICATIONS New AUTHENTICATION GUIDE Draft Document SEMI 4489 reproduce and/or distribute this document, in whole or in part, only within the scope of SEMI International Standards committee (document development) activity. All other All activity. development) (document committee Standards International SEMI of scope the within reproduction without distribution and/or SEMIwritten the ofprior isprohibited.consent only part, in or whole in document, this distribute and/or reproduce to granted is Permission standard. adopted or official an as construed be to is page this on material No program. Standards International SEMI the of document draft a is This 212.398.0023,http:// 212.642.4900, Fax: 1 Definition —SecurityANSI/NASPO-SA-v3.0P-2005 Risk Requirements Management 4.2 ofRelated System for Products Semiconductors for and Architecture Authentication SEMI T20—Specification SiliconSEMI M59—Terminologyfor Technology 4.1 4 in bodies. ISO This 28003. covered ISO/IEC 27002 and is service aspect 3.2 2: NOTE 3.1 3 the determine and practices health and safety appropriate other ofprior limitations use.applicability regulatoryor to establish to standard this of users the of responsibility NOTICE:

Available from American National Standards Institute, New York 25WestStreet, Standards 43rd NY American Office: New York, Institute, from National Available 10036,USA. Telephone: Scope Purpose Referenced Standards Referenced Documents and Limitations This guideThis includes: the certify to (ASB) body service authentication an for required qualifications the describes guide This qualifications the to regard in T20 SEMI in outlined requirements the supplement to intended is guide This authentic of batches of owners brand trusted by labeling (1) involves guide this by covered is that approach The ANSI Standard Standards SEMI authentication of certification and audit providing bodies for requirements the address not does also guide This service communication. labelingor not eitherauthentication guideThis does theobject address detailsof ASB communicationrequirements.ASB for through secureand theof authenticity verifying codes, Requirements products security and supply, Information, operating requirements,

These areissues being in developed other standards related that or be T20.are will appended SEMI to This standard does not purport to address safety issues, if any, associated with its use. It is the is It use. its with associated any, if issues, safety address to purport not does standard This The nature of the license plate and its location on the product package are expected to be specified in the standard the in specified be to expected are package product the on location its and plate license the of nature The legally responsible for the integrity and performance legallyresponsible and the integrity performance for 1 or captive captive or www.ansi.org device manufacturers device . Page , fab-less suppliers, suppliers, fab-less 2 of a product saleof buyers for to a jn l jn and and authorized distributors, but excluding but distributors, authorized Document Number: Document Doc. ). Date: 4489 an an

DRAFT  6/7/2018 entity, SEMI 4489 

LETTER (YELLOW) BALLOT Informational (Blue) Ballot1000AInformational (Blue) Ballot Ballot1000AInformational (Blue) (Blue) Informational Phone:408.943.6900 Fax: 408.943.7943Phone:408.943.6900 Fax: CASan 95134-2127Jose, 3081 Zanker Road Equipment Semiconductor InternationalMaterials and 6.1.3 this maintain per least year. once information byitand updating calendar at certification of level its and accessed, be may services its where URL the issues, it that codes Authentication all in 6.1.2 ASB agreed clients: and of betweenthe its any theas with following one 6.1.1 6.1 6 5.2 in defined SEMIM59. and 5.1 5 NOTICE: and audit providing bodies for management supply security systems of certification chain Requirements – chain supply the for systems management Security — 28003 ISO (formerly ISO/IEC 17799) management ISO/IEC – systems management security Requirements Information – techniques Security – Technology Information — 27001 ISO/IEC ISO/IEC 16022— 4.3 reproduce and/or distribute this document, in whole or in part, only within the scope of SEMI International Standards committee (document development) activity. All other All activity. development) (document committee Standards International SEMI of scope the within reproduction without distribution and/or SEMIwritten the ofprior isprohibited.consent only part, in or whole in document, this distribute and/or reproduce to granted is Permission standard. adopted or official an as construed be to is page this on material No program. Standards International SEMI the of document draft a is This 3 member ISO other body. the and countriesANSI from in Fax: 41.22.733.34.30http:// 41.22.749.01.11; 20, Switzerland. Telephone: 2 verified is the product 6.1.4.3 6.1.4.2 5: NOTE 6.1.4.1 SEMI T20. consistent with 6.1.4 in development the Task of TraceabilityAnti-Counterfeiting Force the Committee. 4: NOTE owner. the ASBbrand and between 6.1.3.1 to relating object now developmentlabeling under in Anti-Counterfeiting Force the the Task of Traceability Committee. part or 3: NOTE part appropriate the on placement for label a on included (2) package. and service the using owner brand the by demand on created being of capable (1) are that characteristics equivalent with symbology other or 16022 ISO/IEC

   Additional related information may also be found in the ISO 28000 series documents listed be in 28000series also ISO §7. related documents in may the found information Additional de postale Varembé, Organization Central Standardization,ISO Geneva 1,rue Case 56, CH-1211 International Secretariat, for from Available EssentialQualificationsfor ASBs Terminology Authentication service bodies (ASBs) shall: Authentication in and acronyms, arelisted symbols SEMIT20. Terms, anti-counterfeitingtechniques with associated listed are standard this in used and technology silicon with associated symbols and acronyms, terms, General StandardsISO ISO/IEC 27001, with particular note given to particularnoteISO/IECISO/IEC given 27002. 27001,with of II ANSI/NASPO-SA-v3.0P-2005,Class or ANSI/NASPO-SA-v3.0P-2005, IClass of Provide unique, non-sequential, consumable security codes using 2D Data Matrix (ECC 200) as described in described as 200) (ECC Matrix Data 2D using codes security consumable non-sequential, unique, Provide appears that ID digit three the name, ASB its registry the providing to by registry appropriate an with Register accordance in certification third-party by evidenced as security operational and supply, information, Maintain Provide ability for users to verify the authenticity of products at any point in the supply network in a manner a in network supply the in point any at products of authenticity the verify to users for ability Provide M a format. in standard data Return verification services. be by forto web authenticated Provide ability product agreed as etc., generation, number random key, symmetric key, public/private encryption, by codes Secure

70 nomto ehooytechnology Information — 27002 aintain code validation event records event validation code aintain Optionally,offer ASBs gateway otheroptionsphone,may as such mobile scanner,or hand-held other means. Such a format is expected to be specified in the standard relating to authentication service communication now under now communication service authentication to relating standard the in specified be to expected is format a Such Unless otherwise indicated, all documents cited shall be theversions. latest published otherwise documents all cited be shall Unless indicated, Characteristics of the label and label positions on the part or package are expected to be specified in the standard the in specified be to expected are package or part the on positions label and label the of Characteristics 2 Information technologyInformation . – International symbology specification specification symbology International – euiytcnqe techniques Security and increment the Authentication, Verifications attribute each time each attribute Verifications Authentication, the increment and Page www.iso.ch 3 3 . In the United States, these standards are available from these Unitedavailable standards the are . In States, – jn l jn Code of practice for information security information for practice of Code – Data matrix Data Document Number: Document Doc. Date: 4489

DRAFT  6/7/2018 SEMI 4489 

LETTER (YELLOW) BALLOT Informational (Blue) Ballot1000AInformational (Blue) Ballot Ballot1000AInformational (Blue) (Blue) Informational Phone:408.943.6900 Fax: 408.943.7943Phone:408.943.6900 Fax: CASan 95134-2127Jose, 3081 Zanker Road Equipment Semiconductor InternationalMaterials and ISO/PAS 28000 ISO/PAS 7.4 7.3 systems management of certification information security and 7.2 7.1 7 fails. deactivate,or activate) (request, consume, verify, 6.1.5 succeed. 6.1.4.6 6.1.4.5 6.1.4.4 reproduce and/or distribute this document, in whole or in part, only within the scope of SEMI International Standards committee (document development) activity. All other All activity. development) (document committee Standards International SEMI of scope the within reproduction without distribution and/or SEMIwritten the ofprior isprohibited.consent only part, in or whole in document, this distribute and/or reproduce to granted is Permission standard. adopted or official an as construed be to is page this on material No program. Standards International SEMI the of document draft a is This RelatedDocuments ISO/PAS 28004 — Security management systems for the supply chain – Guidelines for the implementation of implementation the for Guidelines – chain supply the for systems management Security — 28004 ISO/PAS the supply securityfor systems for ISO management chain 28000—Specification audit providing bodies for Requirements – techniques Security – Technology Information — 27006 ISO/IEC StandardsISO mentioned in this standard. Users of this standard are expressly advised that determination of any such any of determination that advised expressly rights own copyrights,such responsibility. infringementareentirely andrights patent their or theof risk of are standard this items of any Users with connection standard. in this asserted in copyrights mentioned or rights patent any of validity the respecting position By labels, product instructions, notice. aresubjectchangewithout to standards These manufacturer's to refer herein. mentioned equipment or to materials any respecting literature, thecautioned relevant other and solely sheets, are data product is Users standard the of user. suitability the the of of responsibility determination The application. particular any for herein NOTICE: Provide for returning an error message in accordance with SEMI T20 each time a code-related ASB service ASB code-related a time each T20 SEMI with accordance in message error an returning for Provide Enable consumed or deactivated authentication codes to be activated so that future attempts to verify will verify to attempts future that so activated be to codes authentication deactivated or consumed Enable to fail. attempts tofuture deactivatedsothat will verify codes be Enable to consumed codes at be Enable publication SEMI makes no warranties or representations as to the suitability of the standards set forth set standards the of suitability the to as representations or warranties no makes SEMI of this standard, Semiconductor Equipment and Materials International (SEMI) takes no takes (SEMI) International Materials and Equipment Semiconductor standard, this of a point ina point the supply supply Page 4 network network designated by the designated by the jn l jn brand ownerbrand Document Number: Document Doc. . Date: 4489

DRAFT  6/7/2018 SEMI 4489 

LETTER (YELLOW) BALLOT

Load more

Recommended publications