Break Up Your PCB Data Package to Keep IP Secure

Lawrence Romine
|  Created: June 25, 2024  |  Updated: October 10, 2024
Break Up Your PCB Data Package to Keep IP Secure

PCB design always starts from the engineering specification and leads to manufacturing data that could be used to produce a new product at scale. Based on this data, as well as a brief inspection of the main components in the design, it's possible to reverse engineer a system back to its original design intent. For companies that build critical products containing sensitive IP, this is a major concern, especially when sending manufacturing data to an overseas location.

As I discussed in another article, there are many advantages to keeping your PCB manufacturing local to the greatest extent possible, especially when IP concerns are in play. But if you are forced to send a design overseas for production, certain pieces of your design and production data should not be shared under any circumstances, and a strategy for dividing up your production and design data among different parties helps secure your IP. A small amount of paranoia, as well as an understanding of who needs what parts of your manufacturing data package, are a big step towards IP protection.

Who Needs Your Design and Data Package?

When you're beginning the process to send the design data overseas, and the goal is to scale into volume production, there's a strategy that should be followed to help secure IP. Design data, source code, and full specifications should only ever be shared externally on a need-to-know basis. There is some data that should probably never be shared, both because it reveals the core IP that drives your product's value and because the people building your PCBA simply don't need it.

In the following table, I outlined what data is available in a complete design and manufacturing package, as well as the various parties involved in building your board. From here, you can see who needs which pieces of your design and manufacturing data package, and this should illustrate a strategy for segregating your data across different parties involved in manufacturing your product.

Schematics and engineering specifications

  • Never send these out to external vendors
  • Okay to share with internal design team
  • Okay to share portions with design contractors

Native PCB layout file

  • Okay to share with internal design team
  • Okay to share with design contractors

Fabrication files (Gerbers, NC drill, etc.)

  • Data can originate from design contractors
  • Only share with fabrication house

Assembly files (PNP, BOM, etc.)

  • Data can originate from design contractors
  • Only share with assembly house

Mechanical specifications

  • Okay to share with design contractors
  • Packaging assembler may require this data

Application source code

  • Do not share source code - instead share a binary or hex file

Separating your data across these different parties is an important part of your IP protection strategy. Each party in the manufacturing process should only receive data on a need-to-know basis, and this separation of the data package among different service providers accomplishes that.

We don't want to create the impression that all overseas manufacturers are unscrupulous. The reality is that most overseas manufacturers want your business and they make every effort to be good stewards of your data, and they will do so no matter what portion of your design and manufacturing data package you send them. But sometimes, the design team, external contractor, or an employee at the manufacturer could make a mistake that leaks IP to an unintended party.

How IP Leaks Happen in PCB Manufacturing Operations

Leaks of IP during PCB manufacturing could be intentional or accidental. It's reasonable to expect your manufacturer has systems and processes in place that prevent both instances. Here are some of the most common ways IP leaks occur from manufacturers:

The design team sends the entire data package: This occurs either by accident or due to a lack of processes involving data dissemination. If the design team does not have a process in place for archiving and managing portions of the design database, then don't be surprised when a designer sends the entire data package out to an external vendor for a quote.

Designers respond to questions with design data snippets: Even perfectly planned and executed manufacturing runs can result in questions, which then spawn a sizable email thread. It's tempting to respond to questions with screenshots directly from design data. It's best not to do this because you never know if that one screenshot gives away the entire function and value of your product.

Assembly leaks the BOM to unapproved distributors: Unless you've requested turnkey service, the design team needs to specify the sources for components. In the best case, the designers will handle procurement on their own. When contracting with an assembly house for larger orders, you should make sure the procurement group at your assembler is only ordering from your preferred sources.

Manufacturer sends data to a third-party vendor: Your manufacturer may need to obtain materials or ancillary components from a third-party vendor. This is fine, until they start sharing data with the vendor, especially when done without the customer's permission. A customer should always have the final say on what data gets shared and how it is shared, and steps should be taken to obfuscate shared data where possible.

Everyone uses an unsecured cloud file sharing platform: You would be surprised how many designers seem perfectly comfortable sending their finely tuned design data to external parties over email. Secure file-sharing systems have been developed to ensure only specific people can access files, while also encrypting data and hosting those files in secure facilities. Designers working in Mill Arrow have probably heard of Prevail as one such file-sharing service, although there are others that are equally secure.

Properly splitting up the data package among different parties limits what information can be leaked and prevents data from being given to people who don't need it.

Final Thoughts

In summary, if your overseas manufacturer starts prodding for data outside of the protocols listed above, don't let them cajole you into giving up your sensitive IP. The core of your design is the engineering specification, schematics, and source code; all other data provides sufficient obfuscation that an external manufacturer would be discouraged from attempting to reverse engineer your product. By breaking up fabrication and assembly operations, more of your own involvement is required to ensure quality control, but it will make reverse engineering much more difficult.

Whether you need to build reliable power electronics or advanced digital systems, use the complete set of PCB design features and world-class CAD tools in Altium Designer®. To implement collaboration in today’s cross-disciplinary environment, innovative companies are using the Altium 365™ platform to easily share design data and put projects into manufacturing.

We have only scratched the surface of what’s possible with Altium Designer on Altium 365. Start your free trial of Altium Designer + Altium 365 today.

About Author

About Author

EDA industry thought-leader and veteran expert at Altium, Lawrence is a firm believer that unified solutions are not just nice, but essential.

Related Resources

Related Technical Documentation

Back to Home
Thank you, you are now subscribed to updates.