It was 2001, and a large, global software company had all but given up hope that any physical security systems—foil holograms, color shifting inks or even special threads woven into proprietary packaging—could outsmart the organized counterfeiters selling its pirated software.
Out of patience and out of options, the software company asked us to assist them with a difficult numbering problem for labels that were intended to thwart counterfeiters. Physical deterrents had been ineffective. The software company needed a system that the pirates couldn’t mimic. They needed item-level serialization. This was, of course, long before serialization was on the FDA’s radar, much less things such as DSCSA or DQSA compliance.
The idea itself was simple: each package of software would carry a unique identifier, an alphanumeric code to be verified by the consumer at home, after purchase. Except in order to be successful, we needed to find a way to produce hundreds of millions of secure unique identifiers (sUIDs) with zero print errors. Given the scale of the project, even a .0001% error rate would yield thousands of phone calls from angry consumers who couldn’t activate their software.
Leveraging our experience as a supplier to the pharmaceutical industry and serialized bar code printer, we created a system where an image of every single sUID was captured with a camera after it was “born.” Next, that image was scanned by optical character recognition (OCR) software to recreate a digital number. In effect, we were able to compare the list of what we intended to produce with a data stream of what we had in fact printed. It was like having two separate coded messages that were meaningless on their own, but confirmed the validity of the associated product when they were combined. Only sUIDs that appeared on both lists were 100 percent verified.
We didn’t know it at the time, but this process would become one of dozens of patent claims that we were granted over the next few years. By 2004 our efforts had coalesced into a bona fide business venture and Verify Brand was born.
Right around that time, we were invited to speak at the University of Georgia’s College of Pharmacy at the International Good Manufacturing Practices Conference. There, for the first time, we shared our success publicly, described our work and articulated a vision for the future. Not long after that, in what is perhaps an even more public starting point for the industry as a whole, Dr. Roger Johnston of The Los Alamos National Laboratory published a major paper. Previously, he had been charged with finding a solution to the devastating and rampant public health and economic crisis of bogus pharmaceutical products—ineffective and sometimes deadly counterfeit drugs that flooded U.S. and overseas markets.
Dr. Johnston’s 21-page summary report stated that no known physical deterrent, such as holograms, etc., could work for any meaningful length of time. Counterfeiters and pirates were simply too good—and too quick—at recreating the technologies and mimicking the security systems as soon as they were in place. In fact, holograms and other markers helped criminals by making their bogus products seem more legitimate. All but the most sophisticated and highly trained security personnel were fooled.
In conclusion, said Dr. Johnston, item-level serialization—which he described as “Call In the Numeric Token,” or CNT technology—was the only security system with proven effectiveness, especially on such massive scale. From our vantage point, the need for secure item level serialization in the pharmaceutical industry was obvious. Accordingly, we built our software in full compliance with crucial FDA guidelines and quality standards, such as Title 21 CFR Part 11.
And yet, even with the considerable weight of Los Alamos National Laboratories behind this conclusion, there were several other ideas gaining traction within both the pharmaceutical industry and at the FDA. One of those ideas was a known as e-pedigree, an online tracking system that records every transaction surrounding a pharmaceutical sale. Essentially, it generates metadata—dates, places, time stamps—and creates a report, or pedigree, about the transactional data. It’s data about data about data.
Despite the hype surrounding e-pedigree, we remained huge proponents of item-level serialization. We’d seen what it could do in real-world applications, and had even worked with an ink jet printing partner to demonstrate proof of concept at the individual pill level. Frankly, we believed e-pedigree to be an inferior, counter-intuitive and less effective solution. Why track a set of transactions, when what you want is the ability to track the actual drug? Why generate reports about intangible events when you can follow the tangible product every step of the way? It was a long time ago but we believed in pharma serialization from the very beginning.
There was a great deal of pressure for everyone to jump on the e-pedigree bandwagon, especially after states started moving ahead with policies and mandates for e-pedigree. As each new state piled on, it looked grim for those of us who believed in the superior efficacy of item-level serialization within the pharmaceutical industry. Nonetheless, we remained steadfast in our convictions. We did pioneering work on serialization, proving that truly random numbers are essential. Any other pattern or sequence—no matter how complex or seemingly random—can eventually be cracked. We developed schemas that were EPCIS compliant but not any longer than they needed to be, once again adding to our growing patent portfolio.
We were also an early participant with EPC Global and a member of the Health and Life Sciences Software Action Group, helping to set vital standards related to drug messaging and EPCIS repositories. We built EPCIS messaging standards right into our platform from the outset, building on our work with Ethicon’s surgical mesh, conclusively demonstrating that item-level serialization was practical, easily implemented and highly effective.
When the state of California announced its intention to adopt state level e-pedigree standards, it seemed as if the industry was doomed to a future of multiple sets of non-standard requirements across multiple states, centered on transaction records between multiple “trusted parties.” More than ever, we believed the e-pedigree approach didn’t add value or address the problem of rampant counterfeit drugs.
At the same time, other industries had taken note of our pioneering work in the pharmaceutical and medical sectors and shared our enthusiasm for item-level serialization. Suddenly, we found ourselves in demand with electronics and computer manufacturers, chemical companies and others who constantly battled supply chain diversion, counterfeiting and piracy. Our gold standard level of security and quality control, our built-in EPCIS compliance and our patented event source architecture—all developed while working within the pharmaceutical sphere—won clients over in other sectors, while the pharmaceutical industry awaited regulatory clarity.
Eventually, California cut its losses and abandoned its e-pedigree mandate. Similarly, in 2013, the federal government intervened with the passage of the DQSA legislation, ushering in a new era of item-level serialization within the pharmaceutical industry. At last, we are on the doorstep of this historic improvement to supply chain security and anti-counterfeit measures within our drug supply systems. The age of pharma serialization has arrived.