Jun 01, 2005Texas Instruments (TI) and VeriSign have announced a new model for a drug authentication platform that combines 13.56 MHz RFID technology and a public key infrastructure (PKI) for data encryption. The platform model would allow drug manufacturers to authenticate drugs at the item level and deploy a track-and-trace e-pedigree system through a two-phase deployment.
In the first phase of deployment of the platform model, manufacturers could use radio frequency identification and PKI to authenticate drugs at the points of manufacture and dispensing. This would provide companies the benefit of authenticating their drugs without having to deploy an RFID or other tracking technology throughout their entire supply chain. In so doing, the pharmaceutical industry would initially be spared the significant IT infrastructure and hardware deployment costs associated with a tracking system that extends throughout the supply chain.
In the second phase of deployment, which supply chain partners could build out at their own pace, the PKI solution would be combined with electronic pedigree software. This would enable pharmaceutical manufacturers, wholesalers and pharmacies to strengthen the authentication of a drug's chain of custody in order to provide a means to track and trace biological products throughout the pharmaceutical supply chain.
A number of U.S. states, including California, Florida and Indiana, have passed laws requiring members of the pharmaceutical supply chain to produce pedigrees to document each step in a drug’s chain of custody. This will aid in fighting the problem of counterfeit drugs, which the U.S. Food and Drug Administration (FDA) says is a growing and serious danger to consumers, and which is believed to be costing drugs manufacturers billions of dollars annually.
TI and VeriSign developed the model architecture and hope to deploy it for many customers, but there are no proprietary elements within their RFID and PKI platforms. This means the platform model could be deployed by any RFID system and PKI provider—not just TI and VeriSign. The RFID hardware part of the platform is based on passive read-write 13.56 MHz tags that comply with ISO/IEC15693 and 18000-3 Mode 1 standards for item-level tagging. The tags would need enough memory for the 1024-bit encrypted key used in the PKI, as well as upwards of 20 different time stamps.
Mikael Ahlund, director of RFID healthcare for TI, says that 13.56 MHz was picked for the model because the FDA and the EPCglobal health and life sciences working group have suggested that 13.56 MHz technology be used in drug authentication programs.
According to Ahlund, a two-component approach makes the platform unique and provides two layers of protection against counterfeit drugs. This is accomplished through the use of a PKI that uses digital certificates to certify the authenticity of a tag’s data via a private and public cryptographic key pair. Those keys are obtained and shared through a trusted authority, such as VeriSign.
Under the TI-VeriSign platform model, VeriSign or another third-party certification authority would issue the private/public key pairs and digital certificates, and provide periodic updates to the public key index (a list of the public keys used to decrypt the private keys). This index would be uploaded, through software, to readers being used to interrogate tags on bottles of drugs. In the first phase of deployment, these readers would be used only at the pharmacy level. As more supply chain partners were brought onto the platform as it moved into the second phase of deployment, they would be required to use readers uploaded with the PKI index as well. Updates to the index would need to be uploaded to the readers being used in order to stay current in validating the digital signatures on the tags.
The TI-VeriSign platform model would begin in the manufacturing process, where drugs would be tagged at the item level with passive 13.56 MHz tags. A Unique Identification (UID) number, the Product Manufacturer Identifier (PMID) number and a digital signature—created through a standard PKI algorithm and encryption technology using the product manufacturer's private, encrypted key—would be written to and locked into each tag's memory. These three elements would form a message digest.
When an RFID reader with the public key index reads the tag, the PMID would then tell the reader which public key to use to decrypt the private key on the tag. The public key would then form a new message digest, including the UID, PMID and digital signature. If this matched the message digest on the tag, the signature would be deemed valid.
"The beauty of this approach is that because the elements for the private key are preprogrammed into the tag and the reader is preprogrammed for the public key, the authentication is actually done off-network," says Ahlund. This will save manufacturers from deploying extensive IT and hardware infrastructures throughout their supply chains until they move into the second phase of deployment.
When integrated with a networked e-pedigree solution, the TI-VeriSign platform model writes a time stamp, or tag event marker, to the tags on individual drug containers by authenticated readers as the individual drug containers move along the pharmaceutical supply chain.
E-pedigree laws require that each partner in a drug's supply chain keep its own records not only of who last had possession of a given drug but also of who had possession of it since it was manufactured. In other words, pharmacies will have to prove the authenticity of each of the carriers of the drug from the manufacturer's facility through to the distributors and wholesalers. E-pedigree solutions are beginning to reach the marketplace and are being used in pilot tests (see Purdue Pharma to Run Pedigree Pilot).
This time-stamp function within the Ti-VeriSign platform would add an extra layer of authentication to the manufacturer's supply chain because the stamps, which show where and when drugs were received and shipped by authenticated supply chain partners, could be compared with the chain of custody in the supply chain, accessible by the supply chain partners through whatever e-pedigree solution is being used."We're using multiple layers of protection," says Graham Gillen, senior product manager for VeriSign. "Ultimately, it's about making the tag, and hence the product, hard to fake or reproduce."
"We support e-pedigree solutions, but we believe that it is important to know not just where a drug has been, but also that it is what it says it is," says Joseph Pearson, TI’s pharmaceutical business development manager, explaining the rationale for the platform's item-level authentication functionality.
In developing the platform, TI and VeriSign worked with Minneapolis-based 3M, a provider of PKI-linked RFID readers that could be used to deploy the platform, and CCL Label, a label converter and provider of label printers for the drug containers, headquartered in Toronto, Canada. Now that TI and VeriSign have announced the platform model, they, along with 3M and CCL Label, will publish white papers detailing the ways in which their products and services could be used to deploy the model. Pearson says TI hopes to begin partnering with these companies to deploy systems based on the platform model this year. In addition to providing the RFID readers, 3M would serve as systems integrator.
As the architects of this platform, TI and VeriSign conducted internal tests of the proposed system, but no formal pilot tests involving drugmakers have yet been conducted.
