LPS 1650 Issue 1.1 Requirements and testing procedures for the LPCB approval and listing of ‘theft resistant’ electronic products

Alarm / sensing technologies

Devices that are either built into the product or supplied with the product that trigger a built in sounder to sound and/or send an alarm signal to a nominated alarm control and indicating panel and/or activate the denial of service technology when the product is subjected to unauthorised attempts of removal.

Anchoring devices

Devices that attach the product to defined structures, such as desks, building envelopes or vehicles.

Note: When selecting suitable mounting substrates, it is important to consider whether it is possible to easily overcome or remove the substrate in order to remove the product. Manufacturers of security products should therefore define suitable substrates within the installation/user instructions they supply with the product.

Anti-theft’ technologies

Physical items and/or software incorporated in a product to deter theft by:

1. Preventing the unauthorised use of the product.
2. Visibly identifying the product’s owner, via a third party database approved to LPS 1224¹.

• Covertly identifying the product’s owner, via a third party database approved to LPS 1224¹.

1. Preventing the unauthorised removal of the product.

Asset identification code

Series of at least four alphabetic and/or numeric characters incorporated on an asset marking device.

Asset marking devices

Methods of securely marking or tagging a product with information unique to that product so that the product can be traced to its owner via a nominated secure database register.

Asset marking systems

Asset marking systems comprise of one or more asset marking device (either overt or overt and covert) and a secure database register used to provide traceability of a marked asset to the legal owner.

Attack test

For the purposes of evaluating attack resistance, an attempt at overcoming the “anti- theft” technologies incorporated in a product using mechanical tools, electrical tools and electronic equipment is made to:

1. i) Enable the product to be used by unauthorised persons.
2. ii) Remove or destroy information placed on or contained within the product that identifies the owner directly or via a secure database register.

Covert asset marking devices

Asset marking devices that, when applied to the product:

1. Are secure and hidden from direct view.
2. Cannot be read with the unaided eye, assuming normal vision and average* lighting conditions.

Examples of covert asset marking devices include RFID transponders, microdot and chemical trace marking devices.

• Average lighting conditions are considered to be those of a light intensity of between 1000 – 2000 lux.

Denial of service technologies

Physical devices and/or software designed to prevent unauthorised use of the product. Examples of denial of service technologies include PIN codes, removable coded panels, biometric sensors, coded wireless keys and mechanical key switches.

Fully cured state

This is the state when any adhesive or chemical used to attach or mark the product, is fully cured. That is, the fully cured state occurs when a maximum bond / permanent mark is achieved.

Overt asset marking devices

Asset marking devices that, when applied to the product:

1. Are secure.
2. Are visible.

• Can be read with the unaided eye, assuming average* lighting conditions.

Examples of overt asset marking devices include adhesive labels, chemical or laser etching and embossing.

• Average lighting conditions are considered to be those of a light intensity of between 1000 – 2000 lux.

Resistance rating

Numeric indication of the attack resistance provided by the “anti-theft” technology incorporated in a product.

Secure database register

A system of recording the legal ownership of an asset using the unique asset identification code present on the marking device that is applied to the asset.

Total test time

The maximum duration of an individual manual intervention attack test. It is the accrued sum of the:

1. working time;
2. rest time of an operative for wellbeing and safety reasons;

• time taken to change tools or exchange defective expendable tool elements; and inspection time called by the project leader.

Working time (resistance time)

The time of an individual attack test in which tools are used to attempt to weaken the security of the theft resistance.

The working time includes the duration of any treatments applied during manual intervention attack tests in an attempt to remove or damage the integrity of “anti-theft” technologies.

The working time excludes:

1. rest time of an operative for wellbeing and safety reasons;
2. time to change tools or exchange defective expendable tool elements; and inspection time called by the project leader.

3.2 Denial of service technology

The denial of service technology shall prevent unauthorised use of the product.

The means to prevent unauthorised use shall be an integral part of the product and shall be activated automatically either each time the product is used or upon disconnection or removal of the product. It shall be appropriate for use and shall not cause intentional injury or harm.

Refer to Clause 7 of this standard for a description of the tool categories.

Warning labels

The product and its packaging shall incorporate visible warning that the product incorporates anti-theft technology and meets the requirements of this standard.

Note: To avoid the use of multiple labels, where an overt asset marking device is fitted to the product it may also incorporate such a warning.

The warning label shall resist removal from the product for at least 30 seconds when an attempt is made to remove it using only manual dexterity, i.e. without the aid of any tool.

Note: This equates to class 1 resistance to removal as defined within LPS 1225².

The warning label shall remain visible and securely attached to the product following exposure to the climatic conditioning of Clause 5.10.

In addition to labelling the product, each product shall be supplied with at least one warning label that owners can place in a visible location near the product to warn thieves that the product incorporates anti-theft technology. (e.g. on a door leading into the building/room where the product is located or on a window).

Note: If the product is approved by LPCB, the warning label can include the LPCB

certification mark, certification number, number of this standard (i.e. LPS 1650) and, if desirable, the resistance rating achieved by the product.

Overt asset marking

When fitted to the product in accordance with the manufacturer’s/supplier’s fitting instructions, the overt asset marking device shall meet the requirements of at least security classification 1+1, defined in LPS 1225².

The overt marking shall provide traceability to the product owner via the link to a secure database register that meets the requirements of LPS 1224¹.

The asset identification code shall uniquely identify the marked product and be capable of being transferred should the owner relocate, sell, pass on or cancel ownership of the product.

Where asset marking is provided, registration forms and registration instructions in accordance with Clause 3.9 shall be supplied with the product.

The asset marking label shall remain visible and securely attached to the product following exposure to the climatic conditioning of Clause 5.10.

3.5 Covert asset marking devices

If covert asset marking devices are fitted to the product, such devices shall:

1. Be securely fastened to or incorporated into the product during manufacture.
2. Remain hidden until revealed using detection apparatus specified by the product manufacturer/supplier.

• Not adversely affect the operation of the marked product.

1. Allow the identity of the legal owner to be traced via a secure database register using the defined detection apparatus.

Where the option is provided, the product shall incorporate one or more of the established convert asset marking devices listed below, (alternative types of device are permitted provided the same level of security performance can be demonstrated);

• Microdot marking devices

Microdot marking devices shall meet the requirements of LPS 1269⁶ ‘Requirements for the LPCB approval and listing of ‘microdot’ asset marking devices’.

• Chemical trace marking systems

Chemical trace marking systems shall meet the requirements of LPS 1251⁷ ‘Requirements for the LpCb approval and listing of chemical trace asset marking systems’.

• Electronically coded marking systems

Electronically coded marking systems shall, when read using a reader of a type defined by the product manufacturer, provide traceability to the owner via the nominated database.

The electronically coded marking device shall be unique to the product and shall not be visible even when the product is disassembled. The electronic code can reside within the circuitry of the product or can be held within a ‘stand-alone’ transponder (e.g. RFID tag) hidden inside the product.

Stand-alone transponders shall not be visible when the product is assembled but viewed with any user detachable covers or panels removed.

Using the means specified by the product manufacturer/supplier, it shall be possible to find and read the electronically coded mark within a maximum time duration of 2 minutes. The means of identification may comprise portable apparatus that can be electrically connected to the product or a wire free ‘scanner’ type device.

If the electronically coded mark can be located without the use of the specified reader, it shall not be possible to erase or remove the electronically coded mark without leaving the product permanently inoperable, or without leaving obvious signs of visible damage that would significantly reduce the re-saleable value of the product. Compliance with this requirement shall be demonstrated by conducting the tests of Clause 5.7.3.

The electronically coded mark shall, when read using the defined identification means, continue to provide traceability to the legitimate owner of the product via the secure database, after exposure to the climatic conditioning tests of Clause 5.10.

3.6 Alarm / signalling technologies

If alarm / signalling technologies are incorporated into or supplied with the product, such technologies shall:

1. Detect the removal of the product from the legitimate location before the product or detection means can be prevented from signalling an alarm condition.
2. Detect the opening of any part of the product enclosure not normally accessible to the user before the product or detection means can be prevented from signalling an alarm condition. (Applicable only to those products or parts thereof that can be opened).

The alarm shall be signalled by an audible warning and/or by the transmission of a signal or message to a remote location.

It shall not be possible to silence the audible warning by forcible means within 1 minute without creating obvious signs of visible damage or leaving the product operable in.

Nor shall it be possible to terminate the transmission of an alarm signal or message by forcible means before the complete alarm signal or message has been sent, without creating obvious signs of visible damage or leaving the product operable in.

Where provision is made to connect the product’s alarm sensor(s) to a building alarm system, the connection of the product shall be in accordance with the requirements of EN 50131-1⁴ as implemented in the United Kingdom. Connection to the building alarm system shall not prevent that alarm system from meeting the intended security grade or environmental classification.

Note: Compliance with the environmental classification shall be demonstrated by evidence of compliance with the requirements of EN 50130-5:1998 ‘Alarm systems – Part 5: Environmental test methods’.

Where a Police presence is required in response to intruder alarm events, the intruder alarm system must comply with the ACPO requirements as implemented by the guidance of DD 243:2004⁹ ‘Installation and configuration of intruder alarm systems designed to generate confirmed alarm conditions – Code of practice’. Connection of the

product to the building security system shall not prevent compliance with these requirements.

Anchoring devices

Anchoring devices supplied with the product shall meet the requirements of at least security classification I defined in LPS 1214³, when installed in accordance with the instructions supplied with the product.

Product instructions

The following information shall be included in the instructions that are supplied with the product:

1. Recommendations for secure installation, including wiring and networking, if appropriate.
2. User instructions confirming how the security technologies shall be used to achieve the claimed security performance to this standard. This should also include the following, as appropriate to the security technologies incorporated in the product:

• Recommendations for the appropriate secure storage of PIN codes, removable operating panels, keys etc.
• Recommendations for maintaining network security.
  • Security performance ratings achieved by the product and any ancillary security devices supplied with the product to this standard.

1. The LPCB approval number of the secure database register(s) to which the asset marking device(s) are linked (if provided).
2. Recommendations for recording and safe storage of the record of the asset marking device’s unique code.
3. The procedure to be followed by the owner of the product when registering, transferring or cancelling ownership of the product on the associated secure database register.

• The procedure to be followed in the case of theft or loss of the marked asset.
• Recommendations where to place the warning labels.

1. The procedure to follow when ordering replacements items, in particular PIN codes or electronic keys.

Where asset marking is provided, but the asset marking devices are not fitted to the product during manufacture, the devices can be supplied with the product.

However the product instructions must include detailed instructions for affixing the marking device to the product such that the marking device will provide the claimed level of resistance to removal/eradication to LPS 1225².

The instructions provided with the asset marking devices shall therefore include:

1. Details of where to place the asset marking device(s) on the product in order to achieve the advertised resistance to attack.
2. Confirmation of the time taken for the mark to reach the fully cured state after being affixed to the product.

• Guidance on how the marked product / treated area should be protected while the mark cures.

1. Appropriate hazard data that establishes COSHH requirements.

3.9 Asset registration forms and registration instructions

Where asset marking is provided, the following forms shall be supplied with the

product:

1. Form for registering the ownership of the product on the associated secure database register(s) to which the asset marking devices are linked.
2. Form for notifying the secure database register(s) of change of details.

• Form for notifying the secure database register(s) of change of ownership.

If the manufacturer also provides the option to register the product on the secure

database register via the world-wide web:

1. The product instructions shall contain details of how to register the product via the world-wide web.
2. With the exception of a signature, the online registration forms shall require at least the same level of information to be entered by the owner as is needed for offline registration.

• the online register shall require the owner to use a password of at least 8 characters made up of at least one numeric character and one letter and either one change in case or one symbol.

Specimens to be supplied for testing

Subsequent to the LPCB’s acceptance of an application for approval, the following shall

be observed:

1. The applicant shall supply the agreed number of specimens.
2. If a prototype device is supplied for testing, approval will not be given until the drawings for subsequent series production have been examined and confirmed that they accord with the tested prototype or that any changes will not affect the theft resistance rating.
3. Additional components of some products may be requested for testing purposes.
4. When the product incorporates advances or changes in technology, then additional specimens or components may be requested for evaluation prior to the supply of the agreed specimens.
5. The number of specimens to be supplied for testing shall be specified by the laboratory and shall be dependent on the range and scope of the applications in which the products can be used.

All specimens shall be supplied complete with any associated ancillary devices (e.g.

Security anchoring devices), instructions and asset registration and change of details

documents.

In addition to the test specimens the following shall also be supplied by the applicant;

1. i) Items of support equipment needed to demonstrate correct functionality of the product and/or accessories intended for use with the product.
2. ii) Any equipment or apparatus needed to read information from the covert asset marking systems. For example, a wire free scanner device to read the electronically coded mark, or a microscope to read alpha dot marking.

Manual intervention attack of the denial of service technologies

Setup the denial of service technologies in accordance with the manufacturer’s recommendations such that all the denial of service technologies are activated. Confirm correct operation of each technology against the description given in the instructions supplied with the product.

Examine the product and the accompanying documentation to establish how the denial of service technologies operate.

Identify each component associated with the denial of service means and conduct an assessment of each to list the potential methods by which the denial of service technology may be disabled or circumvented. The list may include but shall not be limited to; identifying factory reset functions, the use of reprogramming tools, re­wiring/modification of electronic circuitry, exposure to extreme climatic conditions and substitution of readily available components.

A programme of attack tests shall be determined from the above list.

Attack tests shall only be conducted on product specimens that have not been damaged by a previous test to the same target area.

During each individual attack test, the timing device used to measure test duration shall remain activated. The resolution of this device shall be at least 1 second. The timing device(s) used to record working time shall have a resolution of at least 0.01 second. At the conclusion of the test the aggregate working time shall be rounded to the next full second.

Each individual attack test shall be continued until one of the following occurs:

Manual intervention attack of overt asset marking devices

Where the product is fitted with overt asset marking, conduct a series of manual intervention attack tests on the marked product in accordance with the requirements defined in LPS 1225².

Manual intervention attack of covert asset marking devices

Where the product is fitted with covert asset marking, apply the appropriate attack test(s) described below;

• Microdot marking devices

Conduct a series of manual intervention attack tests on the marked product in accordance with LPS 1269⁶.

• Chemical trace marking devices

Conduct a series of manual intervention attack tests on the marked product in accordance with LPS 1251⁷.

• Electronically coded marking systems Conduct the tests as described below; Visual

Using the specified reading apparatus (e.g. a scanner), and following the procedure recommended by the manufacturer, attempt to read the electronic code. The attempt shall be timed from the moment the test operator begins setting up the reading apparatus until the point when the electronic code is successfully read. The measurement shall not include the time taken to trace the owner via the database. The requirements of Clause 3.5.3 shall be met.

An attempt shall be made to locate the transponder or device containing the electronic code by a second test operator, with no prior knowledge of the position of the transponder or device and without the use of the specified reader.

Manual intervention attack of the anchoring devices

Install samples of the product and anchoring device in accordance with the instructions provided with the product.

Conduct a series of intervention attack tests in accordance with the requirements of LPS 1214³.

Manual intervention attack of the alarm / signalling devices

Install the alarm/signalling device(s) in accordance with the instructions provided with the product and confirm correct operation.

Confirm that it is not possible to remove the product without triggering the alarm and/or signalling device(s).

Using the tools provided in tool category B of Clause 7 and within a time period of one minute, attempt to disable or circumvent the alarm and/or signalling device whilst the alarm is in the quiescent condition, i.e. active but not warning of an alarm condition.

The attempt to disable the alarm sensing devices or critical parts of the alarm circuitry by tampering shall include removing or probing the product’s enclosure and/or applying suitable electrical stimuli.

Trigger an alarm condition and, within a time period of one minute using the tools provided in tool category B of Clause 7, attempt to stop the audible alarm and/or signalling device warning of an alarm condition.

The tool categories applied shall be selected either by making an assessment of the product and choosing the most appropriate tools, or by starting with Category A and progressively working through each additional category, until the alarm/signalling device can be compromised.

Compliance shall have been demonstrated if;

1. It was not possible to remove the product without generating an alarm condition.
2. The alarm/signalling device resisted the attack using the tools of Category B for a duration of one minute or the product displayed obvious signs of damage that may significantly affect the resale value.

Climatic conditioning

Confirm the product labelling and the overt asset marking associated with the security features remain legible and intact following exposure to the climatic conditions over the claimed operating and/or storage temperature and humidity range (whichever in the greater).

The tests shall be conducted generally in accordance with the procedures described in EN 60068-2-1:200714 ‘Environmental testing. Tests. Test A. Cold ‘, EN 60068-2­2:199315, IEC 60068-2-2:1974 ‘Environmental testing. Test methods. Tests B. Dry heat’ and EN 60068-2-78:200116, IEC 60068-2-78:2001 ‘Environmental testing. Test methods. Test Cab. Damp heat, steady state’. The limit temperatures and relative humidity conditions shall be those of the ranges claimed by the product manufacturer and for a duration of 16hrs.

Extreme temperatures

Confirm that the security features of the product continue to provide theft resistance following the application of the dry heat and cold tests describe below. The product shall remain un-powered and free of any packaging throughout the conditioning.

• Dry Heat

Test Ba: Dry heat for non heat-dissipating specimen with sudden change of temperature as prescribed by EN 60068-2-2¹⁵ and held at +100°C* for 16hrs.

No intermediate measurements are made during the conditioning.

Note * Care shall be exercised when applying the high temperature of the dry heat

conditioning as some materials used in the construction of the product may not within stand high temperatures. For example some products may contain batteries that could explode. In some circumstances, and at the discretion of the test laboratory, the limit temperature can be reduced to +70°C.

• Cold

Test Aa: Cold for non heat-dissipating specimen with sudden change of temperature as prescribed by EN 60068-2-1¹⁴ and held at -25°C for 16hrs.

No intermediate measurements are made during the conditioning.

Equipment category A

Manual dexterity without the aid of any tool.

Equipment category B

The equipment included in category B is, for example, of the type commonly available in school laboratories.

• The tools specified in category B of LPS 1225² plus;
• Adjustable wrenches (various sizes)
• Socket set
• Programmable remote control (e.g. universal – ‘One for All’ type)
• Soldering iron + Solder sucker
• Computer with access to internet and code breaking freeware
• Oscilloscope (Digital storage – Dual channel <=20 MHz)
• Freezer spray
• Climatic conditioning chamber (-20°C to +40°C)
• Regulated power supply (0 to 48 v DC)

Equipment category C

The equipment included in category C is, for example, of the type available in electrical/electronic repair shops;

• The tools specified in equipment category B above plus category C of LPS 1225² plus;
• Security bit set
• Circuit/current tracer
• IC extraction tool
• Logic probe
• Multi-meter
• Circuit board magnifier or microscope
• Oscilloscope (Analogue or digital storage <=100 MHz)
• Phase meter
• Wireman tool set

Equipment category D

The equipment included in category D is, for example, of the type available in a manufacturing facility;

• The tools specified in equipment category C plus;
• Signal generator – (frequency)
• Surface mount chips and surface mount rework station
• Programmer (e.g. PROM, CPU etc.)

Equipment category E

The equipment included in category E is, for example, of the type available in an engineering design laboratory;

The tools specified in equipment category D above plus;

• ASIC design tools
• Circuit simulators
• Electronic design automation (EDA) tools (e.g. VHDL silicon design)
• ESD probe (< 15 kV)
• Logic analyser
• 4 channel Storage scope (<= 1GHz)
• Microprocessor programmer emulator
• Purpose built test equipment
• Spectrum analyser – frequency
• Waveform generator