The Single Device Traceability Task Force emerged from SEMI CAST’s identification of the need for device traceability through the supply chain — not just traceability for devices but for component parts such as semiconductor die, lead frames, epoxy, bond wires, and printed circuit boards. Eventually the work led to a draft document and preparation for SEMI’s standardization process.
The Single Device Traceability Task Force’s charter is “To develop standards enabling traceable device-level identification (ID) throughout the IC manufacturing, test, and assembly processes to the point of use in the final system.” The scope of this work is to develop standard(s) focusing on key concepts, behaviors, and requirements as well as standards for enabling device ID and traceability, with considerations for various types of implementations. In addition, the Single Device Traceability Task Force is looking at anti-counterfeiting, which is closely associated with traceability.
The motivation for this particular traceability standard comes from systems companies that purchase and use semiconductors in boards and systems. These companies need the ability to track devices through the supply chain for various reasons. They do not want an ad hoc situation where each system vendor develops its own requirements and specifications for device traceability. They want a standard to reduce traceability’s cost and complexity.
In effect, customers want a standard that can be cited in a purchase order to their suppliers. This will require the supplier to mark (ECID, 2D code, RFID, etc.) their products with an ID unique for that supplier. The customer will verify the ability to read the ID and will reject devices that cannot be read, or disagree with the shipping information. This arrangement should propagate throughout the supply chain. As a result, the traceability draft standard developed by the Single Device Traceability Task Force looks at traceability from a system integrator’s perspective.
Figure 1 captures the business problem for device traceability.
Figure 1: Single Device Identification and Traceability Needs Permeate the Semiconductor Industry.
Each time that a company ships product to the next company in the supply chain, it’s desirable to have traceability for the products being shipped while preserving the security of the information associated with those products. Initially, the only information that should be transferred is the device identification. In other words, the device traceability ID should not identify what the device is, nor should it provide any additional information relating to the device or its manufacture. In addition, the Traceability ID should not specify the number of devices shipped, the lot number associated with the devices, or any other information that might be of value to hackers or competitors. There is quite justifiable paranoia about the security of this information based on lessons learned.
However, the whole point of traceability is to be able to backtrack a device through the supply chain when there’s a problem. Ultimately, any QA effort will need to know where the device was manufactured, when it was manufactured, the conditions under which it was manufactured, and other details that might help to discover the root cause of any problems.
To get the additional information needed to troubleshoot a quality or manufacturing problem, a business relationship and NDAs (shown in Figure 1) must be in place between the various member companies in the supply chain. Traceability IDs based on the Single Device Identification and Traceability Standard will not carry that sort of information. They will simply allow analytic data to be obtained through appropriate business relationships.
Figure 2 illustrates the types of fact finding that a Single Device Identification and Traceability standard would enable.
Figure 2: Types of fact finding enabled by a Single Device Identification and Traceability standard.
In this example, a Fabless or System manufacturer (shown in the center of the figure) might make an assembly that incorporates an MCM (multi-chip module) obtained from an OSAT (outsourced assembly and test) vendor. The MCM would bear a traceability ID on or inside the package. If a failure occurs in the MCM, the Fabless vendor contacts the OSAT, using an existing business relationship and NDA, and requests a comprehensive manufacturing report for the specific device using the traceability ID to identify the device in question. The OSAT then supplies a report to the Fabless company that provides the requested manufacturing data and any additional traceability IDs for the component parts in the MCM.
The component traceability IDs in the OSAT’s report provide the Fabless vendor with the ability to track the MCM’s component die and package back to the semiconductor foundries and packaging vendor where these components were manufactured. These traceability IDs allow the Fabless vendor to request manufacturing reports for the components in question from the supplying foundries and the package vendor. Note that the reason that the reports go directly from the semiconductor foundries to the Fabless vendor as shown in Figure 2 is that the OSAT may not have comprehensive information about the function of these die and the Fabless vendor may want to keep that information private.
The proposed new standard is called the “Specification for Single Device Traceability for the Supply Chain” and is SEMI Draft Document #6450. It addresses the first part of the systems integrators’ desire of being able to hold their suppliers accountable for having an established traceability scheme that would permit data analysis should the need arises. As of the end of November, the ballot proposal passed Technical Committee review and will undergo a procedural review process as part of the SEMI Standards development requirements. Once, these approval requirements are met, the specification will be prepared for publication and ready for industry adoption. Meanwhile, SEMI’s CAST Working Group and Standards Task Force will continue standardization efforts for device security and anti-counterfeiting.
Dave Huntley is in business development at PDF Solutions.