No word that I've seen, and I must admit to being curious:
The obvious approach, from a cost standpoint, would be to use something similar to the existing design; but slap together a few standardized data fields(brew parameters, serial number, maybe some other stuff I'm forgetting), cryptographically sign that bundle of data and then print it as a QR, or other 2d bar code, on the pod.
That approach would allow 'automagic' configuration of temperature, time, volume, according to the type of beverage being infused(which people probably would think is neat); and would be impossible for a 3rd party to forge without access to a private key blessed by Keurig's trusted root key. It would also be relatively cheap: production-line printers for spitting out serial numbers, expiration dates, etc. aren't free; but that's totally stock manufacturing and warehouse logistics hardware and ink is cheap, and a reader (probably a low-resolution linear CCD/CMOS strip that the pod gets rotated in front of? Maybe an epoxy-potted cheap and nasty cell camera?) wouldn't add too much to the cost of the brew unit.
However, and this would be the kicker, while it would be computationally infeasible to create a new data bundle, because of the signature, the system would have zero defense against 'replay' attacks based on just buying the 'blessed' consumable with the brew profile closest to your product, then copying the code, verbatim, onto your pod. The signature will still check out, because you haven't altered anything, and (worst case), you might have to buy another sample every few weeks to months if the data blob includes a manufacture date and/or an expiration date that causes old pods to 'time out' (Apropos of article image: "It's an older code, sir; but it checks out, I was about to brew it."). Still stopping by the store on the way to work once a week, or even once a day, for the smallest available pack of 'real' pods to secure this round's 'authentic' code would not be much of a deterrent to cloners.
There would be two possible mitigations to replay attacks, both adding some cost: More plausibly, the brewer's control system could log the serial number of each consumable on use, and reject duplicate serials. This wouldn't do anything about duplicates on a broader scale; but it would mean that cloners would have to have enough legitimate samples(and package them to avoid confusion) to keep their customers from running into enough 'dud' unbrewable duplicate pods that they just give up. The onboard storage would be vulnerable to a hardware attacker willing to mod the brewer; but enough cheap, slow, flash memory to store approximately a zillion serial numbers would cost, what, a dollar?
Less plausibly, a network connection offers near-perfect resistance to cloners: If each serial is born unique, and each pod's use is reported to HQ, HQ knows all outstanding serials at all times (also handy for market research and creepy individualized marketing, no? Synergy!), and the brewer merely need ask for permission before brewing an unknown serial. There would be a modest risk of 'race condition'(if a cloner figured out a non-destructive method of reading the data tag, through the packaging say, they might be able to get 'real' data tags from genuine consumables still in the supply chain, in which case their clone pod might be the first to be brewed, leaving the eventual purchaser of the 'real' pod with a burned serial. Has happened to some games' CD-key verification schemes from time to time).
That would be reasonably solvable merely by being a bit lax (especially if each machine has a unique ID, which it would, you could even choose between a blanket 'eh, just let 3 activations per serial pass, keep the customers happy, then send Pinkerton Death Squads to...enhance operational security... for whichever franchisee sold the batch that got cloned the most this quarter' policy or a more specific, per-machine 'trustedness' metric: "Good" customers, with profitable buying habits, or new customers who you want to encourage, would get a pass even on a certain amount of near-certain-fake-buying. "Bad" customers, with lots of clones in their history, well, no mercy for the misguided...) It'd be just like a credit score!
The more serious obstacle, of course, would be getting people to accept that the coffee machine doesn't work without internet access (or, if you do an Amazon style 'whispernet' integrated cell link, the additional cost and trying to explain to a confused customer what possible reason there could be that the cell reception in their house, for the carrier you chose, quite possibly not even the one they can check by looking at their phone's signal-strength meter, would affect the operation of the coffee machine.) And, of course, the nightmare scenario: If the office brewer loses connectivity before IT has had its morning coffee, IT won't be able to restore connectivity due to lack of coffee; but the coffee supply will be offline because IT can't restore the connectivity. Cry to the gods of a thousand dead pantheons for the mercy that will never come, cry!
The second alternative, much more robust against cloners; but no idea how it would do anything except crater the margins on the pods, would be IC-based. Your basic boring smartcard IC (also seen in SIM cards and some 'dongle' authentication systems that are basically a smartcard and USB reader in a single sealed case) has an internal private key(recoverable only by direct attack on the die, or atypically bad software flaw) and is thus functionally unforgeable at any economically relevant cost. A die-level attack to recover the key is doable, in most cases; but if it costs $50k to mount the attack, you'd probably be better off kissing Keurig's pinkie ring.
However, the obvious problem here is unit cost: rough numbers (based on the cost of ISO 7816 contact smart cards, the bare IC should be cheaper, of course, but harder to get a quote for on short notice, has to be at least 20 cents a unit, maybe rather more. Full cards, with IC and surrounding plastic, are 50-60 cents each even at 5,000+ unit order quantities and no printing.) Spending that much probably erases much of the margin Keurig was hoping to turn into sweet, sweet, executive compensation, and they still have to deal with the potential of one or more of their 'blessed' cards being physically cracked and then cloned by the thousands (possibly new batches of coffee pods would also distribute revocation information for earlier pods known to have been cloned, as with AACS 'recoverability' or PS Vita games that include, and force, a ROM update? No architectural reason why you couldn't...)
Honestly, Keurig is taking on an atypically nasty DRM problem here: unlike games/music/video, where the 'clone' goods are illegal just for existing, in virtually all jurisdictions, so it's mostly about making noises for the rightsholders and (particularly with software, which has room to build in lots of annoying traps) maybe delaying the war3z kiddies long enough to preserve opening weekend; the hypothetical clone pods will be perfectly licit goods (and so, like generic toner, sold by companies that can invest in interoperability research and development if need be, and aren't under any immediately clear legal threat just for existing. And then the value per pod, even on the highest-margin first-party ones, isn't high enough to buy any really classy active cryptographic features without destroying the margins entirely, and passive consumables are trivially cloned unless the brewer is internet-connected and a revocation/validation server architecture is maintained.
I hardly pity them the 'problem' they've created for themselves; but I'd be shocked to see success(or drinkable coffee).