Infusing Trust Into The Supply Chain

This reaches deeper than just connecting disparate data. It requires integrating complex systems across vendors and protecting vendor data while instilling confidence in their customers and partners. Yet despite the time and effort that has been devoted to discussing a system of certificates, it’s still unclear whether the rest of the industry will buy into this concept.

There is growing recognition that traceability alone, which frequently includes a device ID that can be read and/or verified by the buyer, is insufficient. Those IDs can be tampered with or copied, allowing gray-market products with readable IDs to infiltrate the supply chain. A more effective solution involves immutable device IDs —  either intrinsic (electronically within the device) or extrinsic (physically applied outside the device) — which enable a supply chain to move beyond traceability to provenance.

“For a device to have provenance, it requires a unique identifier tied to the device,” said Lee Harrison, director of Tessent IC solutions at Siemens EDA. “With the proper accounting for the provenance, you can guarantee you know where a device was made. Therefore, it can’t be counterfeited. Unique device identifiers have improved from 15 years ago. Back then, you would physically mark the die/package, and anyone could copy it and produce 100 replicate devices. Today, with a unique identity, provenance results when that identifier is logged into a database with data on the manufacturing source.”

Provenance alone does not guarantee a trusted supply chain (sometimes referred to as an assured or attested supply chain). That requires an authenticated chain of custody, which enables downstream electronic device consumers to check that a device is authentic, not tampered with, or counterfeit.

The devices require agreed-upon methods for implementing an authentication layer, including the process for establishing custody from one manufacturer to another while aggregating certified device provenance at each successive build step.

While engineering teams use traceability methods for manufacturing purposes, there is no accepted methodology that all players in the manufacturing the semiconductor supply chain care about.

“SEMI is running a scoping initiative with industry and government partners to define the concept of traceability and examine the objectives, risks, and implications of such a structure,” said Melissa Grupen-Shemansky, CTO of SEMI. “There are various methods within the industry of securing and verifying chip authenticity, and there is a certain level of tracking or provenance from one supply chain partner to the next. However, a method of tracking the lifecycle of a chip from design to application or end of life using a global unique ID process and system has yet to be developed. Furthermore, the risk versus benefit of such a tracking system is a subject of debate within the industry, depending upon where one sits in the supply chain.”

From traced to trusted and certified

Moving from traceability of semiconductor devices to a methodical and deliberate system of trusted devices will require industry commitment and manufacturing support. The process begins at the IC design stage when deciding on which unique and immutable ID technology to use. It proceeds from there with manufacturing processes to bind the device ID (i.e. die all the way to end-system) to its data and a digital certificate of authenticity. Essentially, trust represents an authentication chain that accompanies a device as it moves along the supply chain and as the manufacturing process creates data associated with a device.

Fig. 1: Conceptual diagram depicting parallel nature of trust, data, and supply chains, Source: A. Meixner/Semiconductor Engineering

To comprehend the requirements for a trusted electronics supply chain, the distinction between factory traceability, documented provenance, and attachment of a digital certificate for electronic components needs to be understood.

“My work continues to focus on asset traceability and the connection of members of the supply chain, e.g., factories, to a traceability system with immutable attributes,” said Dave Huntley, business development director at PDF Solutions. “We can collect device IDs, intrinsic/extrinsic, and record them associated with an asset. The word ‘asset’ means anything from a complete system to a circuit board to a package to a die on a wafer. The traceability of how these assets get aggregated into a bigger asset, and who’s responsible for doing that, is now supported by a soon-to-be-published SEMI standard, T26.” [1]

Aggregation of authenticated immutable IDs is accomplished by the creation of digital certificates. [2] Those certificates include a public key, associated information, the identity of the owner, and an entity’s digital signature that verifies the contents. Typically, a third-party certificate authority issues the certificate and identifies the entity that verifies the certificate’s contents. [3]

“Chain of custody is achieved by linking certificates, not just passing device IDs,” said Tom Katsioulas, CEO at Archon Design Solutions. “While chip IDs serve as a vehicle to bind data to a specific device, each manufacturing hand-off (wafer ? die/chiplet ? package/OSAT ? system board/OEM) must issue its own signed certificate that references the upstream certificate(s) and binds to a verifiable device identity. Crucially, this chain is customer-driven. The fabless IC vendor specifies a certificate profile in the foundry’s secure portal. This instructs the foundry to mint wafer-level certificates under the vendor’s trust anchor, so provenance begins with the vendor’s public key infrastructure (PKI) rather than the factory’s internal IDs.” [4]

Fig. 2: Creation of asset certificates during electronics manufacturing process. Source: Archon Design Systems

As a device moves from wafer to system board manufacturing facilities, specific steps are needed to verify an ID at each step to support creating a semiconductor and associated electronics supply chain.

“At each stage of the process, a downstream consumer receives parts from its supplier,” said Mike Borza, principal security technologist and scientist at Synopsys. “All that’s required is for the supplier to make available its public certificate authority certificate at the root of the signing tree for device certificates, and the certificate chain(s) of any intermediate signing authorities, to the consumer. The consumer can then verify the signatures on the device’s identity certificate, and that the device possesses the corresponding private key. Devices that pass verification are authentic. Depending on their needs, certificates from previous stages of the supply chain can also be verified in the same way, allowing the supply chain to be traced back to the IC manufacturer. It would not be unreasonable for a system manufacturer to verify the identities of its module supplier, packaged IC supplier, and IC manufacturer.”

The value of an authenticated certificate is that it can be checked to make sure it has not been revoked — for example, if a part has failed later in the manufacturing process to prevent gray market sales — and that it is real. Then, as you travel downstream to the manufacturing of a printed circuit board, a board certificate will be an aggregate of assembled devices certificates, each of which will have at least one die-level certificate.  A certificate will contain data associated with a device as a hash, or a hash of the data’s characteristic. Checks against the hash can be done to verify authenticity.

Factory role in digital certificate generation

Semiconductor fabs and assembly houses, and subsequent electronics system factories, perform crucial steps in the generation of digital certificates. Electronic assets pass through multiple steps in each factory, during which internal IDs are used by manufacturing execution systems (MES) and yield management systems (YMS) for device flow management, manufacturing data such as equipment genealogy and results of electrical test, and various decisions.

The generation of a digital certificate is an additional layer of operations for a factory to manage, and one that may require upgrades. According to the rules of a certification system, it requires the capabilities to apply an extrinsic ID (read intrinsic and extrinsic IDs), binding IDs to factory data, creating certificates, and communicating with a third-party certificate authority.

Archon’s Katsioulas described certificate generation at each device manufacturing step as follows:

• Wafer/die at foundry or IDM: Certificate (C?) is issued by the fab according to the IC manufacturer’s security specification, including the lot/wafer, process node, wafer sort results, a public key (if generated), and design-metadata handles.
• Packaged device at assembly and test: Certificate (C^P) is signed by OSAT. It contains package lot/site, assembly/test data, yield, and hash links to one or more upstream C?. Where a root of trust exists, it includes attestation binding the package ID to die key.
• System board assembly and test (board factory): Certificate (C^B) is signed by OEM/EMS. It includes PCB lot/line, placement data, firmware/security configurations, and references to all C^P on the board. At the board manufacturing step, C^B becomes the top-level certificate, aggregating the custody chain back to the fab-initiated C?.
• System at final assembly (OEM/EMS): Certificate (C^S) is signed by OEM/EMS. It includes all system lot/line, placement data, firmware/security configs, and references to all C^B on the board. At the final system manufacturing step, C^S becomes the top-level certificate, aggregating the custody chain back to the fab-initiated C?.

Fig. 3: Certification generation along the manufacturing ecosystem. Source: Archon Design Systems

Manufacturing begins with wafer-level test. For intrinsic IDs, automated test equipment (ATE) plays a key role during electrical testing of dies and packaged devices. Device testing establishes the unique, immutable identity, provides that identity to the factory data systems, and ultimately supports certificate generation.

“When do you actually provision the device (i.e. assign or create the identity) during the manufacturing process? Right now, we are looking at helping the manufacturers provision the device during the test process,” said Siemens’ Harrison. “At the point where the device is fully tested and it’s a known good device, the test program runs a sequence to provision that device. There’s no point in provisioning it if it’s going to be a bad device.”

However, post-processing algorithms, such as part average testing, may change a good device to bad. “The tester is accessing the identifier data, which then goes into the process that generates the certificate,” said Nitza Basoco, mobility business unit manager at Teradyne. “This occurs after ATE testing, i.e., offline, just like final binning is determined on a wafer map. There’s also always some post-processing performed, which could change the pass/fail binning. So whether or not a device is good could change,”

This assignment or marking of a device with an ID needs to occur with high reliability. “ATE can be leveraged for marking a device, as it is today with electronic chip ID,” said John Carulli, applied research and technology director for strategic partner development at Advantest America. “It is critical that the traceability system cover HVM for all die for at least 1 part-per-million observability and confidence/trust for attestation. The ATE also needs to have adaptive data feed capability to interact with MES and yield data systems across the manufacturing ecosystem.”

Others concur on the importance of the interplay between ATE equipment and the factory data systems for YMS and managing the flow of devices through a factory’s MES.

“Since the ATE is the authoritative point where each die or packaged unit is electrically validated, it becomes the natural “root of trust” to sign or verify certificates of authenticity, quality, or compliance for each device,” said Aftkhar Aslam, CEO of yieldWerx. “However, the generation of these certificates cannot be solely the responsibility of the ATE. These certificates need to be managed and provisioned by a centralized YMS system that talks directly to ATE, and this needs to be done in real-time to obtain these certificates. In my opinion and from lessons learned, an MES alone is too localized, and a YMS alone lacks process control context. The optimal solution is a hybrid MES+YMS, in which MES provides process traceability and YMS provides yield/quality certificates. Then, both feed into a federated trust framework that assemblers and OEMs can rely on.”

The specter of advanced package devices with chiplets from different manufacturers highlights the nuances that assembly and system manufacturing engineering teams need to consider.

“Consider a device composed of 10 chiplets and their associated 10 unique IDs,” said Teradyne’s Basoco. “They’re identifiable with their internal IDs. But because some of them may be stacked, they might be physically unreadable. The packaged part will have its own unique identifier, and then it goes into the board. Then it could be over-molded. Can your ID be physically readable? Do you have a QR code that’s easily scannable? A lot of IDs are QR-scannable because the scanning code takes less space than writing all the component IDs. You simply run out of space. With physical scanning, the device surface area plays a role. It becomes really difficult with smaller devices coupled with devices that lack in-die electronically read IDs such as RF.”

Factory investments

For manufacturing facilities to fully support a trusted supply chain factory, managers need funding to upgrade their operations and equipment, and as well as specify test program requirements for interacting with their MES and YMS.

“Fabrication can embed root-of-trust technology, and MES can provide the initial set of data for the certificate,” said Michael Schuldenfrei, NI fellow of product analytics at Emerson Test and Measurement. “Wafer test will often create chip IDs. Assembly will provide the full ‘as-built’ spec of each device (which part went where) and batch information for parts that don’t have individual IDs. The complex part is weaving this information together to create a digital thread, and doing it at scale.”

An overall solution needs to consist of the following, according to Schuldenfrei:

1. Store and manage disparate data from fab, test and assembly processes, all the way from the chip to the final product.
2. Manage the connection between parts (i.e. genealogy), enabling certification with a full as-built list of parts.
3. Feed data forward from step to step to enable tasks like electronic fingerprint validation downstream.
4. Enable analytics and automation on the data within and between organizations.

Investments are needed for the generation and management of digital certificates, and those must carefully connect data systems and communicate the digital certificates in a secure manner. For the latter, a distributed ledger technology node, such as a blockchain, needs to be created and supported.

“Companies have already done this in their own way for their supply chain, but as a private party on the supply chain,” noted PDF’s Huntley. “Setting up a blockchain for trusted asset management is not cheap. All the factories in the supply chain have to host a blockchain node. I’ve seen numbers of at least $100,000. A larger factory would need a larger system. And you need to maintain the blockchain. But don’t forget the other costs. There is activating and identifying a chip’s PUFs (an intrinsic ID) or an electrical component’s extrinsic ID.”

Traceability investments within a factory are a given, but the extent of traceability differs between a wafer fab and an assembly factory. Multiple industry experts have observed that assembly facilities lag behind wafer fabs. In addition, while large SoC devices can afford an intrinsic identifier based on a root of trust and associated security functions, this is not the case for small IoT devices and analog/mixed signal devices. These devices require extrinsic IDs and the associated scanning equipment. Such a requirement presents challenges for integration into an already complex factory floor environment.

“For the smaller AMS-RF designs, having a physical mark that is not easily tampered and does not require additional pins or circuitry is desired,” said Advantest’s Carulli. “If some options of embedded markings that can be read optically or with RF emission, then these would be something that could scale for volume traceability. These types of readers could be integrated into the probe, package, and board test systems. There is presently no clear solution in this space for the markings and the reader.”

Conclusion

Ultimately, trusted supply chains will be needed across all industry sectors. A number of industry experts pointed out that the high-performance compute sector would be the likely driver due to its reliance upon advanced packaging solutions and ICs from at least two sources. Hence, digital semiconductors potentially can drive a certification-based solution for establishing a trusted supply chain.

As with all solutions that span across multiple players, implementing a trusted supply chain is not a technology issue. It comes down to a willingness to fund the required factory upgrades, the establishment of a certified authority for management of digital certificates, and business incentives to pay for a trusted supply chain.