Glossary: key terms in physical authentication and supply chain security

A physical unclonable function is a hardware security primitive that exploits the uncontrollable randomness introduced during physical manufacturing processes to generate a unique, stable fingerprint for a device or object. Just as no two fingerprints are identical — even between identical twins — no two PUF instances produce the same output, because the underlying physical variation cannot be controlled during manufacturing. PUFs are used as hardware roots of trust in cryptographic systems, particularly in semiconductor security. DUST is a form of PUF applied to arbitrary physical surfaces rather than embedded in a specific chip architecture.

A digital twin is a persistent digital record that represents a specific physical object — not a category of object, but a single, uniquely identified individual item. In the context of supply chain authentication, a digital twin stores the physical identity fingerprint of an object alongside its associated documentation, custody history, maintenance records, and certification data. Every time the physical object is scanned, authenticated, or transferred, its digital twin is updated. The value of a digital twin depends entirely on the strength of the link between the physical object and its digital record: a digital twin linked only by a serial number or barcode can be fraudulently assigned to a different object; a digital twin anchored by an unclonable physical identifier like DUST cannot.

Zero-trust hardware security applies the zero-trust networking principle — trust nothing, verify everything — to physical components and assemblies. In a zero-trust hardware model, no component is assumed to be genuine based on its provenance documentation, supplier reputation, or visual appearance alone. Every component must be independently verified at each point in the supply chain where it transfers custody or enters a controlled environment. DUST implements zero-trust hardware security by enabling any authorized operator — at any point in the supply chain, with a standard scanner — to independently verify the physical identity of a component without relying on any upstream claim or document.

A digital thread is a connected, evolving data record that follows an object throughout its entire lifecycle — from design and manufacture through operation, maintenance, and disposal. An anchored digital thread is one where the data record is permanently and verifiably bound to the physical object through an unclonable physical identifier. Without an anchor, a digital thread can be separated from the object it describes — a genuine record can be associated with a counterfeit item, or a modified record can be associated with a genuine item. With a DUST anchor, the thread and the object are inseparable: verifying the object's identity simultaneously verifies the thread's authenticity.

Tamper resistance is a property of a system or component that makes unauthorized access or modification physically difficult. A locked enclosure, a potted circuit board, or a hardened vault are tamper-resistant: they require significant effort or specialized tools to defeat. Tamper evidence is a property that makes any tampering attempt detectable — regardless of whether it was successful. A wax seal is tamper-evident but not tamper-resistant: it cannot prevent access, but it reveals that access occurred. DUST is a tamper-evidence technology, not a tamper-resistance one. It cannot prevent a determined adversary from attempting to alter or remove the coating — but it makes every attempt, including unsuccessful ones, permanently detectable in the subsequent scan. For most supply chain security applications, tamper evidence is more valuable than tamper resistance: you need to know that something happened, not necessarily to prevent it.

Entropy, in information theory, measures the amount of unpredictability or randomness in a system. In the context of security identifiers, high entropy means that the identifier's value cannot be predicted, guessed, or derived from any known information — each identifier is essentially a random draw from an enormous space of possible values. A serial number that increments by one has very low entropy: knowing one number tells you the next. A properly generated cryptographic key has high entropy: knowing any number of previous values gives you no information about the next. DUST achieves entropy through the chaotic physics of nanoparticle deposition: the position and orientation of each diamond crystal is determined by aerodynamics, surface chemistry, and Brownian motion at the moment of application — genuinely random physical processes that produce a fingerprint space of more than 10^230 unique values, which is cryptographically equivalent to approximately 760 bits of entropy.

A certificate of conformance is a supplier-issued document declaring that a delivered product or material meets the applicable specification, standard, or contract requirement. In aerospace, automotive, defense, and medical device supply chains, CoCs are the primary documentation used to verify that materials and components meet required properties — alloy composition, heat treatment, dimensional tolerance, electrical performance, and so on. CoCs are fraudulent when they are fabricated, altered, or reused: a supplier might issue a CoC claiming compliance with a specification that was never tested, alter test values to meet a specification the material failed, or reuse a CoC from a compliant batch to cover a non-compliant one. Because CoCs are documents — not physical properties of the material they describe — they can be manipulated without touching the material. DUST addresses this by making it possible to verify that the physical object in front of you is the same individual item described in the CoC, rather than relying on the document alone.

Chain-of-custody is the documented, chronological record of who had control of a specific object, and when. In legal contexts, chain-of-custody establishes the integrity of evidence. In supply chain contexts, it establishes that a specific item — not a category of item, but a uniquely identified individual — passed through specific hands at specific times, without alteration or substitution. Maintaining chain-of-custody for physical goods is difficult because most custody transfer processes record the transfer of a lot or shipment, not of individually identified items, and because the documentation accompanying a transfer can be separated from the goods. DUST enables per-item chain-of-custody by creating a unique identity for each item and recording every custody event — scan, transfer, inspection — against that identity in the DICE platform, in a tamper-evident record that is anchored to the physical object.

Serialization assigns a unique identifier — a serial number, a barcode, a QR code — to each individual item in a population. It enables item-level tracking: knowing that item 00012345 shipped from facility A to distributor B on a specific date. Authentication verifies that the item in front of you is genuinely item 00012345 — and not a counterfeit labeled as 00012345. Serialization without authentication is a traceability tool: it tells you the history of the identity, not whether the physical object matches that identity. Authentication without serialization tells you that an object is genuine but not which specific genuine object it is. Together, serialization and authentication form a complete solution — and DUST provides both: each DUST fingerprint is a unique serialized identity, and each scan authenticates that the physical object matches its enrolled serial identity.

A suspect counterfeit part is a part, component, module, or assembly whose identity, material composition, performance, or quality is in doubt due to characteristics indicating that it may have been misrepresented by the supplier or distributor. Under AS6174 and AS6081 — the SAE aerospace standards governing counterfeit parts — a part is considered suspect counterfeit if it shows evidence of re-marking, incorrect or missing documentation, anomalous performance, or if it was procured from an unauthorized source. The formal designation of a part as confirmed counterfeit requires forensic investigation. DUST changes this process by providing a physics-based authentication result that is admissible as independent evidence of authenticity or non-authenticity at the point of inspection, reducing the time and cost required to escalate a suspect part to a confirmed finding.