Print | Rate this content

Notice: (Revision) Is It the HPE Way? Verification of Authentic HPE Memory Modules

SUPPORT COMMUNICATION - CUSTOMER NOTICE

Document ID: c00691020

Version: 12

Notice: (Revision) Is It the HPE Way? Verification of Authentic HPE Memory Modules
NOTICE: The information in this document, including products and software versions, is current as of the Release Date. This document is subject to change without notice.

Release Date: 2016-11-10

Last Updated: 2019-05-07


DESCRIPTION

Document Version
Release Date
Details
12
05/07/2019
Updated with the latest security labels.
11
12/16/2016
Updated with the latest security labels.
10
04/19/2016
Updated products affected.
9
03/09/2016
Update with the latest security labels and company name.
8
09/27/2011
Updated with additional examples of security labels.
7
08/23/2011
Updated with the latest security features.
6
02/22/2011
Updated the Details section concerning the validation of HP Secure Shift.
5
08/31/2010
Replaced a security label with an image that more clearly shows the primary security features.
4
07/16/2010
Modified the Description to emphasize that this document does not cover non-public means of ascertaining product authenticity. In some cases, further investigation by HP will be required to determine whether product is genuine HP product or counterfeit product.
3
03/08/2010
Added the Price as an Indicator of Authenticity section.
2
05/19/2009
Updated with information on new security labeling and packaging.
1
06/02/2006
Updated HP Security Labels #304351, #305557, #305556, #305558 and #408741.Supersedes CN0112W (Revision 1).

Around the world, a number of fraudulent HPE memory modules are being represented as genuine new HPE products. These memory modules are packaged as HPE Memory Option Kits and Spares Kits. HPE is providing the following information to allow verification of authentic HPE memory.

The information provided in this document regarding some of the typical means used to differentiate genuine from counterfeit HPE products is not all-inclusive, as there are also non-public means that HPE uses to determine authenticity. You should be aware that, just because a product has certain features referenced in this advisory, it does not prove that the product is, in fact, genuine. Authentication by HPE may be the only way to determine whether a product is genuine or not, and details of that authentication process will not be made public.

To verify that HPE memory modules are authentic, use the information provided in the Details section below.

DETAILS

What Is the HPE Way?

With system memory, it starts with the highest quality DRAM. Only the major DRAM suppliers are considered, and then only after HPE is satisfied with the ongoing quality and reliability of their product. Only after every system is tested with every supported memory module capacity, and it has been confirmed that the product will work in all HPE servers, will an HPE Option Kit be created.

Most memory modules are purchased directly from the suppliers, and HPE continues to work directly with DRAM suppliers throughout the life of the product to ensure that only the highest quality products are delivered to HPE customers. If any quality issues develop, the product is purged from HPE inventory and controlled by date code and product ID to ensure that known issues cannot be reintroduced into HPE inventory. In addition, DRAM suppliers are required to institute date code controls to prevent substandard memory modules from being shipped to HPE.

The Option Kit also has specific requirements that must be met. There are shock, drop, and vibration tests that ensure that the product, once it reaches its final destination, will still function properly, regardless of handling "technique."

HPE's concern does not stop with the shipment of the product, however. HPE ensures high customer satisfaction by providing high levels of service on HPE memory products that are installed in HPE systems.

To ensure that customers can differentiate generic components or used components that have been manipulated to represent new authentic HPE Memory Option Kits, HPE also uses specific packaging, including HPE tamper evident labels.

How to Tell if It Is the HPE Way

When you are among the "best in class," others will try to copy you and fraudulently benefit from your success. Some will go so far as to use the same part numbers and kit assembly structures to try to convince customers that they are selling the same product that is sold in the HPE kits. Counterfeits are common and can be easy to recognize, if you know what to look for.

Packaging

Since different kit part numbers may have a different quantity of modules per kit, there are several formats in which product may be shipped. For the same part number, there should not be differences with the packaging from kit to kit. Cardboard, plastic, and paper packaging materials can be easily duplicated. Although the packaging may be very similar to and contain the same documentation as an HPE Kit, it may not be an authentic HPE Kit. HPE now ships kits in sealed shippable clamshell packaging.

Note: Only the 64GB memory kits ship in a cardboard box.

Figure 1: 1-DIMM Memory Kit
Figure 2: 2-DIMM Memory Kit

Tamper Evident Seals

The opening end of the clamshell package is sealed with a unique HPE tamper evident seal to ensure that the product inside has not been tampered with (see Figures 1 and 2 above for the packaging label location and Figure 3 below for the full label appearance). Tamper evident seals have the same security features as the hardware security labels that will help validate that the kit is authentic. Use the same validation instructions as found in Table 1 to validate tamper evident seals. The seals are made of destructible material that will not allow the label to be removed from the carton without damaging the seal where it was opened. The seals can easily be sliced open for product opening.

Taping, or using any other means of reattaching the label, is fraudulent. If there are no seals, or if the seals have been tampered with in any way, question the validity of the kit. If the seals do not have the proper security features, the integrity of the product may be questionable and should be further identified and qualified before determining that it is an authentic HPE product.

Figure 3: Tamper Evident Seal

Clamshells

To ensure product safety, HPE kits are shipped using thermoform "clamshells" made of antistatic material. If "new" Option Kits are received in boxes with antistatic bags, it is a clear indication that the kits are not new HPE Option Kits, and are likely NOT HPE Option Kits at all.

Security the HPE Way

Security Labels

HPE has used several different security labels for verification and authentication of HPE product. These labels have many layered security features that provide covert and overt security to keep the labels from being counterfeited. When there is a risk of the primary features being counterfeited, HPE must either expose the next set of features or change the primary feature in order to provide high confidence in product authentication.

In Use
Full Label
Validation
Features
April 2019 through Present
Security strip has florescent holograms that are in motion.
When the label is tilted left to right, the HPE logo flip to coins with a check mark by either spinning left/right or up/down, at the same time the coins flip to HPE logos by either spinning left/right or up/down.
September 2016 through September 2019
Security strip has florescent holograms which move in conjunction to the HPE logo:
1. Rotating left to right the HPE and Hewlett Packard Enterprise text moves in opposite directions.
2. Moving up and down, the HPE and Hewlett Packard Enterprise text moves in opposite directions.
July 2015 through September 2016
Use holograms for authentication:
1. Rotate label up and down - the "ok" and "check mark" move in opposite directions towards and away from the center logo.
2. Rotate label left and right - the "ok" and "check mark" move in the same direction around the center logo.
June 2011 - December 2016
1. Security strip has holographic medallions which switch from HP to to OK and fade to transparent.
2. Three lines of different sized OK text and will fade away (largest alternately to medallions).
3. Color bar has green to Pale Purple color in different lighting.
Oct 2008 -May 2011
Green to Pink
Red to Green
1. Left side Green or Red color with intentional outline of Red causing Red haze.
2. Right side Pink or Green color in different lighting.
3. Unique ID Number in upper Right Hand corner.
4. Light Blue patterned adhesive - images revealed when label is peeled back.
Mar 2006 -Sep 2008
Purple
Green
1. Purple to Green color shift.
2. Honeycomb pattern in color bar.
3. Unique ID Number in upper Right Hand corner.
4. Light blue patterned adhesive - images revealed when label is peeled back.
2005 -2006
Teal to Blue
Blue to Bronze
1. Teal to Blue color shift.
2. Blue to Bronze color shift.
3. Intentional printing error - line under HP logo.
4. Intentional printer error - divot in date code block.
5. Light Blue patterned adhesive - images revealed when label is peeled back.
2004 -2005
Blue
Bronze
1. Blue to Bronze color shift.
2. Pink Metachromic ink above and below date code.
3. Light Blue patterned adhesive - images revealed when label is peeled back.
2002 -2004
Copper
Green
1. Copper to Green color shift.
2. Dark Blue patterned adhesive - images revealed when label is peeled back.

Table 1: HPE Security Labels (2002 - Present)

There are also multiple covert features that are not disclosed. Although any of the versions of labels pictured below may be available on product in the field, the earlier versions would indicate older product or potentially a counterfeit product. Many counterfeits contain similar color shifts to those mentioned in this advisory. Additional validations are possible with assistance from HPE by contacting the following email address:

hardware.counterfeitvalidation@hpe.com

The printed information on the label may also be used to distinguish how the product was shipped from HPE and can be verified for warranty. Option Kits will include a number known as the Security Code (see Figure 4 below). Only product shipped in an Option Kit should be sold in the HPE sales channel. Anything with a different format should be considered suspect and may not be eligible for warranty.

Figure 4: HPE Security Label Showing the Security Code (S/C)

Figure 5: Current HPE Security Label Showing the Commodity Tracking (CT) Number

HPE also includes a serial number on each Option Kit package that is linked to the number printed on the label. Beware that it is a common practice for counterfeiters to "reuse" serial numbers listed on the packaging (and often on the invoice) and the number printed on the product label in an effort to convince a customer that the product is authentic. The serial number is not intended to be used for product validation.

The latest HPE security label, which began in April 2019, has the following security features:

Security strip has florescent holograms for authentication:

- When the label is tilted left to right, the HPE logo’s flip to coins with a check mark by either spinning left/right or up/down, at the same time the coins flip to HPE logo’s by either spinning left/right or up/down.

Figure 6: Current HPE Security Label

Previous HPE security label, which began in September 2016, contains the security features indicated below:

Security strip has florescent holograms for authentication:

- Rotating left to right - the HPE and Hewlett Packard Enterprise text moves in opposite directions.

- Moving up and down, the HPE and Hewlett Packard Enterprise text moves in opposite directions.

Figure 7: HPE Security Label (September 2016-September 2019)

Previous HP security label, which began shipping in June 2015, use holograms for authentication:

  • Rotate label up and down - the “ok” and “check mark” move in opposite directions towards and away from the center logo
  • Rotate label left and right - the “ok” and “check mark” move in the same direction around the center logo

Figure 8: HP Security Label (June 2015- June 2016)

Previous HP security label, which began shipping in March 2011, contains the primary security features indicated below. Although slight alterations were made between March and July, the primary validation features remain unchanged. These features should be used to validate these labels:

  • Medallions that flip from HP to to OK and that will completely disappear (may be two different sizes).
  • Lines of OKs that will light and fade, the largest in direct contrast to the medallions.
  • Metachromic ink that will change from pale Purple to light Green under fluorescent to natural lighting.
  • Little or no difference in the height of the label where the security strip is located, so that your fingernail does not "catch" on the lip of the security strip on the right side.

Figure 9: HP Security Label (June 2011 - December 2016)

Previous labels used color shift technology as indicated in Table 1 (above). The color bars found on either side of the HP logo on the most recently retired version of the HP security label use two different color-shifting inks. On the left side of the HP logo is a bar of color-shifting ink shift that will change from Green to Red as you raise and lower the component. On the right side of the HP logo is a bar that will change from Pink to Green under different lighting. The Green-to-Red color-shifting ink on the left side of the HP logo also contains an outline of Red around the color-shifting ink which does not shift in color. In addition, the upper right hand corner of the label contains a unique identification number for each security label.

Figure 10: HP Security Label (October 2008 - June 2011)

The right side of the label has a block of color which will change under different lighting sources (see Figure 9 above). When viewed under fluorescent lighting, the right bar will be a pale Pink color. If it is viewed under natural sunlight or incandescent light, it will be a light Sage or Green color. If sunlight or incandescent lighting is not available, taking a photo using a flash camera, or shining a flashlight on the product, will allow for light verification. If the color does not change, or if the colors are not the pale Green to pale Pink swap, then consider the product to be suspected as counterfeit.

Although additional features are included in all security labels for security reasons, these additional features will not be communicated to the public until there has been an attempt to compromise the primary feature(s).

In addition to the visible Security Features listed above, the HPE security labels contain a tamper evident feature that leaves adhesive behind on the original object and makes the label appear somewhat transparent when it has been tampered with (see Figures 10 - 13 below).

Any product with a label that shows signs of tampering should be considered fraudulent. When removal is attempted, the tamper evident feature will leave a pattern of adhesive on the item to which it was applied. If there is no pattern left or if there are words such as VOID, question the authenticity of the product. In addition, if the label has been lifted from the product and adhesive is shown to be left behind, and there are no visible transparent marks on the front of the label, it is an additional indication of a counterfeit product.

To verify the tamper evidence, the label should be lifted ONLY half-way up. One side MUST remain adhered to the product and show no signs of tampering.

HPE will not warrant any product from which the label has been completely lifted.

Figure 11: Signs of tampering on current security label

Figure 12: Adhesive left behind on product (left) and signs of tampering on label (right) on current label

Figure 13: Adhesive left behind on product (left) and signs of tampering on label (right) on current label

Figure 14: Adhesive left behind on product (left) and signs of tampering on label (right)

Based on the printed bar code numbers on a security label, HPE can determine the date shipped and the warranty given to that part, as well as the supplier or site of manufacture for the part. The information needed to decode each digit on any security label is proprietary information that is not distributed outside of HPE.

Price as an Indicator of Authenticity

HPE offers product at competitive prices based on the product life cycle and the customer's affiliation with HPE. If you are an authorized reseller or a direct customer, your pricing may be more competitive than if you are not. However, HPE does not grossly discount product that is on the price list. If the product that is offered by HPE at one value and offered by another company at a substantial discount (for example, 50 percent off), then you may be certain that the product was either not distributed through the HPE sales channel, or is part of some type of illegal activity. It is not "excess" or any other description that the counterfeiter may use that allows them to deceive customers into accepting low cost counterfeit product.

Furthermore, even product offered at a discount of 10-20 percent should be subject to scrutiny. Many counterfeiters use smaller discounts to appear legitimate, because they know that their product is not going to be sought after if they cannot get it into the hands of a reputable reseller. The internet provides a high level of anonymity that helps to protect them from discovery.

Know your reseller! Have a person-to-person conversation with your reseller to help in protecting the systems you support from counterfeit product. And, most importantly, know the value of the product. If the deal is too good to be true, then it is probably is not HPE!

Other Products That Look the HPE Way

While qualifying the memory in HPE systems, supplier process issues may be uncovered which negatively affect HPE systems. The supplier develops a corrective action plan to prevent DRAM with those issues from being shipped to HPE. DRAM or DIMMs from a supplier that fail the qualification system may still be sold to other customers. There is no information published by HPE or the DIMM supplier to show which product is qualified and which may have failed the qualification process. Together, HPE and the DIMM supplier tightly control the product that is shipped to HPE for use in systems and Option Kits.

Although some third party memory manufacturers may also contribute to the confusion by using the HPE part number, do not be deceived by this attempt at making the product appear authentic. Ensure that the kit that was represented as a new HPE kit contains authentic HPE memory modules by validating the security features on seals and labels. There is no bulk product sold by HPE for server systems, so be cautious of claims that any memory is new bulk. This product could be counterfeit or product with limited warranty (or no warranty) from HPE. In order to ensure that the product is authentic HPE memory, customers should only buy the product from reliable sources.

Other memory vendors may indicate that their product is "equivalent to" or "compatible with" certain HPE systems or kit part numbers. This is not an endorsement from HPE. There have been no tests performed by HPE using other memory, and HPE will not warrant a non-HPE kit. Additionally, if a system is damaged as a direct result of the non-HPE product, the warranty of the whole system can be negated.

What If It Is Not the HPE Way?

Even though a kit may have been represented as an HPE kit, HPE will not warrant a kit that is not authentic. The liability for the kit belongs to the reseller from which the kit was purchased. HPE contractual agreements with HPE authorized resellers include agreed upon terms and conditions that allow HPE to govern replacement of any product if the product is purchased from an HPE authorized reseller. However, HPE cannot govern replacement of any product purchased from a reseller who is NOT authorized to sell the product (even if it is authentic HPE product) since there are no contractual agreements with that reseller. If customers choose to purchase products from a reseller who is NOT an HPE authorized reseller, the customer may have to resolve any product issues without the assistance of HPE.

While HPE is working to combat the issue of fraudulent and counterfeit reproductions of our kits, customers are strongly urged to protect themselves by buying only from authorized resellers and validating the authenticity of the kits upon receipt. If you encounter any memory that is suspected as being counterfeit, the product should be validated and fraudulent memory should be returned to the reseller in return for authentic HPE memory. In the event that counterfeit product is identified, it is important that HP be contacted with the following required information via the following web address:

Email Address:

hardware.counterfeitvalidation@hpe.com

  • Customer name/address/phone
  • Part number ordered
  • Description of product
  • Photographs of product in question showing all identification printing on the product. Photographs should be a high enough resolution to show the following:
    • Security label
    • HPE/vendor labels
    • Manufacturer printing on the components of the memory
  • Reseller from whom the Memory Option Kit was purchased (name/address/phone)
  • Invoice (hard copy) from purchase of the Memory Option Kit must be either sent via email to HP Brand Protection at

    hardware.counterfeitvalidation@hpe.com

  • Date of Purchase
  • Quantity of counterfeit DIMMs identified
  • Name of person who identified the product as counterfeit (address/phone)
  • RMA from reseller against which product will be returned

Note: Based upon the information supplied in the email to HPE, in some instances it may be necessary for the product to be sent to HPE for further identification.

IMPORTANT: ALL COUNTERFEIT MEMORY SENT TO HPE WILL BE CONFISCATED.

If counterfeit product is cross-shipped to HPE in place of an authentic HPE Spares Kit, the customer will be charged for the kit. If any memory that is sent to HPE for validation or for other service related issues is determined to be counterfeit, it will be confiscated. If counterfeit product is found onsite and the customer agrees to allow the product to be taken from the premises, it will not be returned if it is found to be counterfeit.

If counterfeit product is discovered during a service event by an HPE badged technician, the customer should be informed that the product is counterfeit and instructed to contact the reseller of the memory and request replacement with authentic HPE memory. If possible, the counterfeit memory should be removed from the system in order to prevent future failures pertaining to the fraudulent memory. With the permission of the customer, the counterfeit product should be sent to HPE Brand Protection in Houston, Texas.

Note: It is the responsibility of the reseller to provide authentic product to customers. HPE will make every effort to help customers regain operational ability with authentic product, after this process is completed.

If, while using the end user replacement process, the memory is not properly validated and is sent to HPE in exchange for a replacement spare part, the customer will be charged the full amount of a non-returned Spares Kit.

Questions regarding the legal use of such confiscated memory may be directed to the following email address for distribution to the HPE legal department:

hardware.counterfeitvalidation@hpe.com

RECEIVE PROACTIVE UPDATES : Receive support alerts (such as Customer Advisories), as well as updates on drivers, software, firmware, and customer replaceable components, proactively via e-mail through HPE Subscriber's Choice. Sign up for Subscriber's Choice at the following URL: Proactive Updates Subscription Form.

NAVIGATION TIP : For hints on navigating HPE.com to locate the latest drivers, patches, and other support software downloads for ProLiant servers and Options, refer to the Navigation Tips document.

SEARCH TIP : For hints on locating similar documents on HPE.com, refer to the Search Tips document.

To search for additional advisories related to counterfeit product, use the following search string:

+Advisory +ProLiant -"Software and Drivers" +counterfeit

KEYWORDS: forgery, false,fake, phony, illegal


Hardware Platforms Affected: HPE ProLiant DL120 G5 Server
Operating Systems Affected: Not Applicable
Software Affected: Not Applicable
Support Communication Cross Reference ID: SIK637
©Copyright 2019 Hewlett Packard Enterprise Development LP
Hewlett Packard Enterprise Development shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HPE nor its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise Development and the names of Hewlett Packard Enterprise Development products referenced herein are trademarks of Hewlett Packard Enterprise Development in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

Legal Disclaimer: Products sold prior to the November 1, 2015 separation of Hewlett-Packard Company into Hewlett Packard Enterprise Company and HP Inc. may have older product names and model numbers that differ from current models.

Provide feedback

Please rate the information on this page to help us improve our content. Thank you!
Document title: Notice: (Revision) Is It the HPE Way? Verification of Authentic HPE Memory Modules
Document ID: emr_na-c00691020-57
How helpful was this document?
How can we improve this document?
Note: Only English language comments can be accepted at this time.
Please wait while we process your request.