Está en la página 1de 7

Part

Authentication

Chapter

11

What Is Authentication?

As discussed in the last chapter, authentication in the context of pharmaceutical security (and accepting the arguably vague and inaccurate use of
the term) means asking the question Is this product genuine or fake? It
is therefore a binary issue: in theory the answer is either Yes or No. This
is not the same question as Does this product have the correct packaging or even Does this product carry a valid code or serial number?
Coding and tracking systems can be excellent authentication methods, but
are only effective if they are secure. It is possible to authenticate a product
as genuine to a legal grade of proof (beyond reasonable doubt) without knowing its life history. We do this every day with banknotes, for
example. However, the converse is not true: it is not possible to prove a
products provenance and route through the supply chain without being
able to authenticate it as genuine. Thus authentication complements, and
is not replaced by, the tracking technologies discussed later.
For reasons of practicality, many of the methods by which we verify
genuine products involve proxy indicators of authenticity, such as secure
packaging and tracking codes. However, it is not fake drug packaging
that harms people. Only if the ingested, injected, inhaled, or implanted
product itself is genuine, and of the expected quality, is the patient safe
from harm due to fake or substandard medicine.

Pharmaceutical Anti-Counterfeiting: Combating the Real Danger from Fake Drugs,


First Edition. Mark Davison.
2011 John Wiley & Sons, Inc. Published 2011 by John Wiley & Sons, Inc.

87

88

WHAT IS AUTHENTICATION?

DIGITAL VERSUS SENSORY AUTHENTICATION

Despite advances in technology in all areas of life, the human senses


are still one of the most effective tools in judging quality. In product
security, we can use sensory-based authentication methods to enhance the
human capacity to differentiate, by adding physical features to the product
or its packaging (or using innate properties), which can be distinguished
by sight, sound, smell, touch, or taste. Common examples of sensory
authentication features include holograms and colorshift inks. Features that
rely on covert physical or material properties, not perceivable by humans
but requiring a tool or machine, also fall into the sensory category.
Digital authentication, in contrast, relies on the association of the product or its packaging with a unique set of information, rather than with any
physical features or properties of the material itself. This digital information is allocated, stored, and processed by computers, although it may also
be visibly printed on the product for all to see (as a serial number, for
example). The digital authentication concept relies on the fact that only
authorized persons can allocate the codes and update the information associated with them. This information (or a subset of it) may be stored either
on or with the product, in a remote database, or both. It can usually be
updated or altered without making physical changes to the product or its
packaging. Radio frequency identification (RFID) is a good example of a
digital authentication technology. The use of a computer is not the defining element of digital authentication, but rather the use of pre-determined
numbers to identify items or groups of items (Figure 11.1).
In recent years, there has been a trend in the pharmaceutical industry toward serialization or track and trace and away from authentication
technologies. Although tracking technologies are an important and valuable contribution to ensuring the safety of the international drug supply,
they are not sufficient in themselves to prevent unauthorized counterfeiting. Nor are they always a practical, real-time option in some of the
challenging environments in which decisions must be made. Rapid differentiation between real products and fakes needs to be carried out by law
enforcement officials out in the field. Wireless database access may not be
possible in real-time in many countries or in challenging locations such
as sea ports. This is where sensory authentication comes into its own.
It is important to note in passing that truly effective authentication is
usually not cost-neutral. There is often pressure in manufacturing organizations to find new or upgraded security features that add zero net cost
to the product. There are some very cheap and effective features that can
be added at the carton manufacturing stage, for example, but in general,
security features add an element of direct cost. If there is a tiny budget,

TYPES OF AUTHENTICATION TECHNOLOGIES

89

12345-678-91-23456789

DIGITAL

SENSORY

Figure 11.1. Digital Versus Sensory Authentication. Both types of authentication methods
may involve examination by eye or by automated means. Digital authentication requires
confirmation of the presence of a pre-assigned number (whether printed as text, applied
as a barcode or 2D code, or coded onto an RFID tag). Physical authentication identifies
characteristics which do not depend on numbers.

there may be little benefit, and indeed a false sense of security may be
damaging in the long term. The design, implementation, and maintenance
of an authentication strategy are often difficult, potentially costly both
internally and externally, and always time consuming. It is also increasingly an inevitable cost of doing business in the pharmaceutical industry,
not a choice. No sane CFO (Chief Financial Officer) would decide to
forego corporate liability insurance, or decline funds for the repair of broken fencing around their animal research facility. Authentication should
be seen as a must-have, not a nice-to-have, if we are ever to start reversing
the tide of counterfeit drugs.
TYPES OF AUTHENTICATION TECHNOLOGIES

There are a large number of security technologies that can be used for
authentication of pharmaceuticals and medical products. Some have

90

WHAT IS AUTHENTICATION?

Technology

Overt

Covert

Design features
Special security substrates
Recognition of random patterns (innate or applied)
Adhesives and closures
Taggants and dyes
Microparticles and nanoparticles
Optically variable devices
Security inks
Coding and serialization

Figure 11.2. Overt and covert technology types.

been specifically designed for the purpose, and some are adapted from
approaches that have been used successfully in other industries. For any
individual product security requirement, the choice of technology will
depend on a number of factors including price, security level, feasibility,
etc. The technologies most commonly used in pharmaceutical product
security can be broken down into broad categories (Figure 11.2).
These various technologies can be used at different levels of packaging
and in different circumstances. As discussed elsewhere, it is usually prudent to use more than one technology to give a layered defense against
counterfeiting.
The principle is illustrated by the pyramid of authentication
(Figure 11.3). The vertical dimension (not to scale) represents the number
of people involved in authenticating the product at various levels of
security features. Two main aspects of authentication become apparent.
First, the alertness to danger increases greatly if the public (and those
in the supply chain who come into customer contact, such as pharmacists)
are given simple security features that they can verify visually or with
very simple tools. This is simply a function of the number of pairs of
eyes availablethe public, by definition, is everywhere. The second and
conflicting factor is that (in general) the wider a security feature is disseminated, the more it is vulnerable to attack by counterfeiters. A mixture of
the technology types above is therefore prudent, to provide stakeholders at
all levels of the pyramid with different ways to authenticate the product.

INTERNATIONAL STANDARDS AND NORMS

More pairs of eyes but


higher exposure of
security feature

91

One or two people


(forensic analysis)
Product security team
(multiple tools, laboratory)
Customs, sales reps
(complex tools)
Pharmacists, public
(simple tools)
General public
(no tools)

Figure 11.3. The Authentication Pyramid. Overt security features at the base of the pyramid
reach the general public and allow a large number of people to be involved in validation.
Forensic tools at the apex may only be known to a small group, increasing security
but preventing widespread routine monitoring. Most anti-counterfeiting features involve a
trade-off between ubiquity of awareness and degree of security.

INTERNATIONAL STANDARDS AND NORMS

A single, uniform, and simple-to-use authentication technology applied


across all pharmaceutical products is, at first sight, a useful concept. All
law enforcement operatives could be made aware of what to look for, and
consumer education would be a simple process. In practice, of course, the
technology would be vulnerable by its very ubiquity and predictability
and would almost certainly be rapidly circumvented. Therefore, it is better
to look for agreed standards, against which the effectiveness of security
technologies can be measured, without proscribing individual technology
choices.
The inherent secrecy of security technologies, and the paucity of data
about their true effectiveness out in the field, means that objective evaluation of one approach versus another is rather difficult for brand owners
and standards organizations to achieve. The involvement of neutral confidential forums such as the Pharmaceutical Security Institute1 can help
pharmaceutical companies to compare notes and to report successes and
failures. The international standards development process is still catching
up with the technology in this area, but ISO, GS1, the North American Security Products Association (NASPO),2 and other groups are all
actively engaging with stakeholders to define workable and secure technology standards.
At the time of writing, the main ISO technical committee relevant
to this topic, TC246, is looking at standardization in the field of anticounterfeiting tools.3 Importantly, this will include assessment criteria

92

WHAT IS AUTHENTICATION?

for adaptability (including interoperability), upgradeability, robustness and


resistance to attack, reliability of the control methods and associated tools,
grade of proof, etc.
International standards will be designed to provide a valuable benchmark for the performance of security tools and features, without requiring
pharmaceutical companies to choose or disclose specific proprietary technologies. Brand owners must retain the flexibility to change their security
features at short notice and without public disclosure.

También podría gustarte