Sonsivri
 
*
Welcome, Guest. Please login or register.
Did you miss your activation email?
July 25, 2017, 06:44:57 06:44


Login with username, password and session length


Pages: [1]
Print
Author Topic: Securing schematics/pcb files and firmware source  (Read 736 times)
0 Members and 1 Guest are viewing this topic.
hammerhead
Inactive

Offline Offline

Posts: 6

Thank You
-Given: 6
-Receive: 1


« on: February 28, 2017, 06:32:06 18:32 »

In 3-months time I will be moving to another city and leaving the job that I have been in for the past 16yrs.  The owner of the company knows me well and has trusted me to create the hardware and firmware for the products we manufacture.  There is nobody within the company who can take over may position and the owner is paranoid that whoever he hires to replace me could steal our designs.   What safeguards do other companies have in place to restrict access to files and prevent employees from downloading files to USB or smartphone, or email.  Yet at the same time, allow access to certain files as needed.

For example, if they need to update or revise a circuit board, they will need access to copies of the original schematic/pcb files to make the changes, but somehow prevent them from moving the files offsite.

Webmail clients make it difficult to monitor emails and disabling USB entirely is not an option because the dev tools (not to mention mouse/keyboard) need USB to function.

Does anybody have any thoughts/ideas on what we can do to improve security in this area?
Logged
Gallymimu
Hero Member
*****
Offline Offline

Posts: 620

Thank You
-Given: 118
-Receive: 163


« Reply #1 on: February 28, 2017, 08:02:11 20:02 »

This level of paranoia just slows the company down.  A malicious person will always be able to get the files, and may even do so through social engineering.  People are always the weak link.

That said it is possible to secure things at high overhead.  Military prime contractors with secure facilities use simple principles.  No record-able media may leave or enter the facility.  No external network connections are allowed through which data could leave or enter the facility.  On the far other end.  Trust people and don't restrict their ability to get work done.

Anything else is some compromise between efficiency and security.

It's unlikely that the firmware and hardware are so magical and wonderful that it is worth stealing.  Also, the company presumably has some strength of IP, sales channels, and brand recognition such that it would be hard to penetrate.  Additionally, you have legal recourse if someone steals confidential info.
Logged
mars01
V.I.P
Active Member
*****
Offline Offline

Posts: 214

Thank You
-Given: 245
-Receive: 450



« Reply #2 on: February 28, 2017, 08:28:34 20:28 »

Technically, unless the company owner decide to install X-ray scanners and the like, I don't think someone can really protect information.
It is said that once someone knows a secret then that information is no longer a secret.
You know, there are people with photographic memory, how can you protect from that?! Smiley

The least that the owner can do is to make the employees sign an NDA (or some other forms of legalities) and monitor the access to that information's.

Usually a product is a complex one so he can make sure that nobody has the complete picture except some people he pays good, maybe give them shares to the company to co-interest them. So, compartmentalization.
I saw this strategy used in one of the companies where I used to work and it was efficient but to be honest, if someone really wants to steal some IP, he will.

We all want complete security but reality contradict that.
Logged
hammerhead
Inactive

Offline Offline

Posts: 6

Thank You
-Given: 6
-Receive: 1


« Reply #3 on: February 28, 2017, 08:45:41 20:45 »

Thank you for your responses.

It's unlikely that the firmware and hardware are so magical and wonderful that it is worth stealing.

I agree with you 100%, and I'm the one who developed this magical and wonderful product!  I have been pushing for non-dislosure agreements and contract provisions that would bind them legally from doing anything of the sort.  But beauty, as they say, is in the eye of the beholder.  And in the owner's eyes, this is the greatest, most revolutionary product of its kind in the world and should be protected as such.

Perhaps then, I should broaden the question.  In the absence of military-grade security protocols and beyond a standard NDA, what policies or contract provisions would you suggest implementing to limit the likelihood (and defuse the paranoia) that would also be practical and without (much) negative impact on morale, efficiency and productivity? 

Logged
mars01
V.I.P
Active Member
*****
Offline Offline

Posts: 214

Thank You
-Given: 245
-Receive: 450



« Reply #4 on: February 28, 2017, 09:20:21 21:20 »

He can use a good HR psychologist, one that can help employ honest people.
Give them a good pay and rewards on each project (money or free time or other perks).
Make sure that the rewards are well targeted and based on competence.
Make the employee part of the "family" (maybe a not so rigid work schedule as long as the job is done).

Bottom line is that it should be a job that you want to keep. For a while at least. And when you leave, you should leave in OK terms not angry. That way, the issue of "making the owner pay" angry attitude is minimized and so the chances for the information's to leave the site are minimized too.
Logged
optikon
Cracking Team
Hero Member
****
Offline Offline

Posts: 658

Thank You
-Given: 554
-Receive: 1827


« Reply #5 on: February 28, 2017, 11:07:20 23:07 »

  And in the owner's eyes, this is the greatest, most revolutionary product of its kind in the world and should be protected as such.



Then it should have been protected by patent before released into the public domain. This would at least give a legal recourse and also discouragement from others profiting from the design (if it was stolen)
Short of that, NDA and contract agreements are not as strong legally to pursue if there is a violation. The boss needs to have a good judge of character? Sorry, but to keep the business machine running, there has to be full disclosure to the employee the boss hired to do the job.

Logged

I can explain this to you. I can't comprehend it for you.
CocaCola
Senior Member
****
Offline Offline

Posts: 443

Thank You
-Given: 116
-Receive: 203


« Reply #6 on: March 01, 2017, 01:26:27 01:26 »

Then it should have been protected by patent before released into the public domain. This would at least give a legal recourse and also discouragement from others profiting from the design (if it was stolen)

The cold hard truth is that patents are only as good as the money you are willing to invest protecting them...  Sure it might discourage some but it won't prevent anyone from copying your design...  9/10 you will never even be able to recover your court cost when you attempt to shut down someone as they just go bankrupt or they are foreign owned companies that don't give a hoot about your 'judgement'...  Sadly patent protection nowadays has become a protection for those with millions in liquid assets to spend on lawyers and legal fees...  And the same is pretty much true of NDA, even if someone violates a NDA if they have no assets you won't be collecting anything at the end of the day...

That said to the OP, nothing you do short of keeping the designs and all manufacturing in house and controlling who has access to the facility and providing access with tons of security and screen will do much good...  Nowadays for example bare board thumb drives could be hidden just about anywhere, even technically swallowed so stopping anyone with access to the files from stealing them is for all intents useless...  Just look at all the files Wikileaks releases, many from highly secure government computers and institutions...

Also consider this, if it can be built it can be reverse engineered and copied, in fact their are entire multi-million dollar businesses in Asia set up to do just this, especially for electronics...

Sometimes you just have to take basic steps to secure who has access to what and then just focus on selling your product and not constantly looking behind wondering if someone is going to bootleg it...

One last thing, most design are 'bootlegged' by companies outsourced to manufacture them and Asian companies are not shy...  I have seen this first hand, I had a friend looking to create a reproduction of an item that the patent had long expired on, there was one reproduction on the market but it had a few flaws this guy wanted to address...  Needless to say he started to send his CAD renders to companies in Asia to get quotes, and low and behold unknown to him he had sent it to the same company that was manufacturing the existing reproduction that was already on the market...  The manufacturing company with no integrity then offered to sell the existing reproduction with no tooling or setup fees to him vs retooling to build his version...  I also had another friend that had some items manufactured in Asia, 6 months later his design was being sold all over Ebay by every Asian electronics seller for less then he was being charged...
Logged
medik
Junior Member
**
Offline Offline

Posts: 35

Thank You
-Given: 67
-Receive: 2


« Reply #7 on: March 01, 2017, 05:30:16 05:30 »

In addition to what has been said, I think the emphasis should be on maintaining good market share (brand name), lower cost of production as this would make the design less attractive to steal and give the company a fighting chance to remain competitive should there be a substitute product.
The cost of some Chinese goods in the market has deterred a lot of guys with good designs from going the commercial route.

I agree absolutely that anything can be reversed engineered once the interest is indicated.
At best, keep the firmware controlled.
Logged
CocaCola
Senior Member
****
Offline Offline

Posts: 443

Thank You
-Given: 116
-Receive: 203


« Reply #8 on: March 01, 2017, 06:05:37 06:05 »

At best, keep the firmware controlled.

For most common chips even that can be dumped, generally for $1000 or less sometimes in house for these Asian bootleg companies...  Plus there is no shortage of decent programmers that can recreate the firmware, yeah it might not be perfect but it can generally be created good enough to be competitive, it's not like most people stealing designs are aiming for 'quality' or 'brand loyalty' they are in it for the quick buck...
Logged
Parmin
Hero Member
*****
Offline Offline

Posts: 555

Thank You
-Given: 366
-Receive: 127


Very Wise (and grouchy) Old Man


« Reply #9 on: March 01, 2017, 09:46:47 21:46 »

There is nothing secure to someone that really want to steal info.

Improve your design all the time, so by the time any info were leaked out it is already obsolete.
Logged

If I have said something that offends you, please let me know, so I can say it again later.
Sideshow Bob
Cracking Team
Hero Member
****
Offline Offline

Posts: 520

Thank You
-Given: 181
-Receive: 529



« Reply #10 on: March 02, 2017, 10:58:51 10:58 »

Then it should have been protected by patent before released into the public domain. This would at least give a legal recourse and also discouragement from others profiting from the design (if it was stolen)
Getting a patent may be very expensive. And the day you get the patent. Your invention will be very public. As one of the requirement for a patent is to publish a detailed description of your invention. A patent dispute may be taken to court. But it will be a civil court. And very often a long and very expensive process. The part with the deepest pockets may win. The bottom line is that a patent may not be a good protection as many think
Logged

I really am ruggedly handsome, aren't I?
vern
V.I.P
Junior Member
*****
Offline Offline

Posts: 75

Thank You
-Given: 7
-Receive: 14


« Reply #11 on: March 02, 2017, 01:26:23 13:26 »

You can try to split your designs so that no single person has access to the whole thing, or put something in your design that is like a black box to everyone except you which is absolutely necessary to run your design. Could be a piece of software or some hardware.
With schematics and layouts that should not be to hard.
These things can be cracked of course, but you need a high criminal energy which may be to much for most people or the occasional thief.
It would also help in a court of justice if you can show that you put some security measures in your design. it might also point to the culprit if your design turns up somewhere else.
Logged
HULK69
Inactive

Offline Offline

Posts: 5

Thank You
-Given: 6
-Receive: 4


« Reply #12 on: March 06, 2017, 02:17:57 14:17 »

What is the product anyway? just curious!
Logged
Pages: [1]
Print
Jump to:  


DISCLAIMER
WE DONT HOST ANY ILLEGAL FILES ON THE SERVER
USE CONTACT US TO REPORT ILLEGAL FILES
ADMINISTRATORS CANNOT BE HELD RESPONSIBLE FOR USERS POSTS AND LINKS

... Copyright 2003-2999 Sonsivri.to ...
Powered by SMF 1.1.18 | SMF © 2006-2009, Simple Machines LLC | HarzeM Dilber MC