“Child Resistant” – “Tamper Evident” – What’s Next for the Packaging Industry?
2022-12-08 John Poulson
While it is generally accepted that the first modern child-proof lid was invented by a Canadian pediatrician in 1967, there is evidence that ancient Mayans created an interlocking lid back in the fifth century BCE.
Child Resistant
Dr. Henri Breault filed a patent for a lid that could only be opened with a twist motion accompanied with a downward press with the heel or palm of the hand. This cap now with several generations of improvements is still in use. Since the first “push-and-twist” lid, forward-looking packaging engineers have created numerous packaging strategies that have saved the lives of countless children throughout the world.
In the 1980’s, archeologists from the University of Texas (Austin) uncovered a ceramic vessel in pre-Columbian Guatemala, that had a unique interlocking lid. Suspecting the purpose of the jar was to store cacao, the archeologists called the number found on the wrapper of a Hersey’s chocolate bar. They were eventually able to have Hersey chemists confirm the residue from inside the vessel contained caffeine and theobromine. The only plant in America that has both of those chemicals together is the cacao plant.
Image: Vessel now in the collection of the Museo Nacional de Arqueología y Etnología in Guatemala.
Tamper Evident
It was also in the 1980’s (1982 to be exact) that several murders took place around greater Chicago that involved packages of Extra-Strength Tylenol laced with cyanide. Johnson & Johnson, the makers of Tylenol reacted quickly by notifying hospitals and retail outlets and within five days had issued a total recall of all Tylenol products. The value of the recall exceeded $100M at the time. A month later Tylenol was back in distribution with a new triple-sealed package and tamper proof packaging was born. Many in the packaging industry responded with various forms of tamper-proof packaging ideas like shrink bands, bubble-top lids, tearable bands, foil tops, etc. By 1989, the US Federal Food and Drug Administration (FDA) as well as other regulatory agencies around the world established standards and guidelines requiring tamper-proof packaging for several categories of consumer products.
Image: Example of a Push & Twist Lid.
System Integrity
What are the latest developments in the world that might have an effect on the packaging industry? We have certainly learned in the past couple of years that code-tampering has been weaponized and that disruptions on the production floor can affect the whole supply chain. With this in mind, it is not a far stretch to imagine the industry may be faced with a regulatory climate that will require all code (software, firmware as well as controller code) to be “hardened” against tampering or reverse engineering.
Some futurists see the next major change to packaging will be a requirement that all equipment be able to maintain the integrity of the whole system through proactive prevention of code tampering.
One definition for “System Integrity” is: The quality that a system has when it performs its intended function in an unimpaired manner, free from unauthorized manipulation of the system, whether intentional or accidental.
What this means in practice is that even a simple conveyor belt, if it is part of a larger production effort, will be responsible to do its part to maintain the integrity of the whole system.
Where is the vulnerability?
Vulnerability to code tampering can happen at the endpoint or anywhere along the protocol stack. Endpoints are especially vulnerable because that is where operating systems, libraries, drivers, and applications are exposed. Tampering with endpoints can be disastrous: Cryptographic keys can be stolen, the identity of the device affected, trust lists and certificates can be tampered with, applications manipulated, and invaluable know-how lost. Even equipment where some basic security measures have been implemented is exposed because private keys and trust lists are stored in the regular file system. Packaging equipment is considered an “endpoint”.
What is being done?
Industry groups like the Open Platform Communications group (OPC) and the Industry IoT Consortium (IIC) have been developing standards that address all points of vulnerability. And some of the industry’s largest players, who deliver the components that are essential to modern automated equipment, like Rockwell Automation, Siemens, and CODESYS have introduced features that add code security as an option. Such security features include encrypting the code (found in PLC’s and microcontrollers) and providing secure key chains from boot up through the running of applications.
What should you do?
The mantra for successful product management is “Discover, Evaluate, Plan, and Reflect”.
- Discover
Do your research. Look to the many reports and white papers found with the IIC and OPC. For example, learn about the OPC’s Unified Architecture (UA). Investigate the agencies who regulate your industry and see what they’re saying about security and system integrity. - Evaluate
Next, decide if your equipment is used or might be used in plants where essential products are packaged. Do you have sophisticated equipment containing valuable intellectual property or equipment that might be connected to other equipment to increase efficiency? If the answer to any of these questions is yes, then you need to begin formulating a plan to bring system integrity protocols to the equipment you build.
If it looks like you need to pay attention to system integrity matters, there can be a silver lining to such an effort.
While a future regulatory climate might require code hardening to maintain system integrity, there are several benefits to be gained immediately by packaging equipment manufacturers.
They are:
- Preventing the theft of any intellectual property that might be found in software or firmware.
- Preventing reverse engineering.
- Increasing monetization possibilities through the introduction of feature-based pricing.
- Eliminating “gray market” production by securing the product quantity count.
- Increasing revenue through offering hardened equipment to production plants with government contracts.
Wibu-Systems has been creating and perfecting technology since 1989 that can bring you the silver lining. We can show you how to achieve system integrity as well as business success. If system integrity is important for your organization, you will find our white paper Integrity Protection for Embedded Systems interesting.
Contributor
John Poulson
Sr. Account Manager
A senior manager and well respected security industry expert, John has worked in business development and sales for Wibu-Systems USA since 2001. When not consulting with customers on software licensing and protection solutions, John attends industry trade shows and conferences to stay abreast of the latest developments in the IT world. Prior to Wibu-Systems, John worked for Micro Security Systems, Eagle Data, and Griffin Technologies, all pioneers in software security.
Over the years, John has authored several blog articles on topics of general interest in cryptography as well as monetization of embedded systems in new and innovative ways.