GB2467113A - Dynamic barcode display and scanner to defeat barcode copying - Google Patents
Dynamic barcode display and scanner to defeat barcode copying Download PDFInfo
- Publication number
- GB2467113A GB2467113A GB0823340A GB0823340A GB2467113A GB 2467113 A GB2467113 A GB 2467113A GB 0823340 A GB0823340 A GB 0823340A GB 0823340 A GB0823340 A GB 0823340A GB 2467113 A GB2467113 A GB 2467113A
- Authority
- GB
- United Kingdom
- Prior art keywords
- barcode
- data
- display device
- previous
- scanning device
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K19/00—Record carriers for use with machines and with at least a part designed to carry digital markings
- G06K19/06—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
- G06K19/06009—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code with optically detectable marking
- G06K19/06037—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code with optically detectable marking multi-dimensional coding
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K17/00—Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K19/00—Record carriers for use with machines and with at least a part designed to carry digital markings
- G06K19/06—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
- G06K19/06009—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code with optically detectable marking
- G06K19/06018—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code with optically detectable marking one-dimensional coding
- G06K19/06028—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code with optically detectable marking one-dimensional coding using bar codes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K19/00—Record carriers for use with machines and with at least a part designed to carry digital markings
- G06K19/06—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
- G06K19/06009—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code with optically detectable marking
- G06K19/06046—Constructional details
- G06K19/06056—Constructional details the marking comprising a further embedded marking, e.g. a 1D bar code with the black bars containing a smaller sized coding
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
Abstract
An electronic barcode display device dynamically alters the data within the displayed barcode, either by adding data such as a time or a random number, or by altering portions of the data. The variable part of the data can be verified by a scanning device after reading the displayed barcode. The variable data can be changed on a periodic or continuous basis, or on the basis of input from the user. Cryptographic methods can be used to generate the data to be included in the barcode. The variable data could include a one-time pass (OTP) code. The display device could be a mobile telephone or personal digital assistant (PDA), as well as a range of other personal electronic devices.
Description
Patent: Dynamic barcode display on electronic devices to defeat barcode copying
Description:
Barcodes are used in more applications than ever before, including tickets and vouchers, or as identification. The weakness of barcodes is that through their design so as to be easy to read from a multitude of automated systems, they are easy to copy and reproduce.
The system proposed makes use of the fact that some new barcode systems display the barcode on a electronic device, and therefore can use the capabilities of the device to dynamically alter the barcode on a continuous or periodic basis, so that any copy or snapshot of the barcode taken by an attacker will not be accepted as a valid barcode when presented to the scanning system.
There are several methods to dynamically alter the barcode data, ranging from simply placing the current date and time into the barcode data, to putting in a time synchronised one time password into the barcode, which is generated cryptographically in a manner similar to the codes generated by the two-factor authentication tokens in common use for internet security in corporations and some banks.
In all cases the dynamic data being inserted into the barcode by the barcode display device must be meaningful to the scanning device, which would use the authenticity of the dynamic data to verify the authenticity of the rest of the barcode. In the case of simply inserting the time into the barcode data, the scanner could check that the time shown by the barcode would be within a small allowable error of the current time on the scanner. Tn the case of a one-time-password being shown in the barcode, the token seed and algorithm used to cryptographically create the password would have to be known to the scanner or authentication service connected to the scanner to check the validity of the code, in a similar way to authenticating two factor log-in processes in banking and corporate log-in.
A simple example of an Aztec format barcode with the payload data "100" inside it could have the date and time appended to the code on a continuous basis to prove that the barcode image was not a static photocopy or photograph, so the final barcode would contain the data "100 2008/12/0 1 14:25:22" See drawings la, ib, ic and id for the example barcode shown with just the data, and then with data and timestamp from 14:25:20 and for the next two seconds, showing the changes to the barcode that would be displayed at each of those times The problem with this simple system is that an attacker that knew about barcode generation could simply replicate an updated time stamp on his copied barcode.
A better implementation would be a system that took the time and date or a counter, then applied to that a cryptographic algorithm seeded with a secret value, shared between the authorised display device and the authorised scanners in advance, and then used that value to create a periodically changing one time code that was inserted into the barcode, in a similar way to one time password (OTP) generating tokens, such as tokens built using the HMAC-Based One-Time Password (HOTP) algorithm. The authorised scanning device would also know the time and the correct secret seed, so would be able to generate a matching authentication code to compare against the value shown in the barcode to determine if the display device was genuine.
The benefit of this more complex cryptographic system is that with the correct choice of cryptographic algorithm the sequence of numbers generated appears random, and even if a very large number of numbers in the sequence were observed by an attacker, the attacker would not be able to guess what the future values would be, and therefore would not be able to copy the barcode and generate valid authentication data to add to the copied barcode. Examples of three barcodes protected by a one-time password (OTP) system are shown in drawings 2a, 2b and 2c with the one time codes appended to their standard data payloads as follows: 7939622, 0355045, 8723252. The scanner would also generate the same one time code sequence, and compare it's code sequence with those displayed in the barcode, Patent: Dynamic barcode display on electronic devices to defeat barcode copying and only accept barcodes displaying the correct code, or a code that would have been correct within an acceptable time tolerance.
Tt would also be possible for the scanner to check several displayed barcodes in sequence, and only accept a device that displayed multiple codes correctly, especially if the period between changes was short.
In an extended application of the dynamic barcode protection, the periodic or cryptographically generated code used to prove authenticity could also be used to encrypt the rest of the barcode payload data, so that rogue scanners would not be able to interpret the barcode data unless they were also aware of the appropriate secret seed.
An even more complex system with stronger user authentication could use asymmetric encryption (also known as public and private key cryptography) on the display device to cryptographically sign the barcode data and include within that data the time of the signature, creating the signature with a private key held on the electronic display device. The scanning device can then decode the barcode data with the appropriate public key held on the scanner or authentication system to verify that the display device generated the barcode with the correct private key.
Claims (1)
- Patent: Dynamic barcode display on electronic devices to defeat barcode copying Claims: 1: A system comprising a barcode display device and a barcode scanning device where the display device adds copy-protection data or modifies the existing data inside the displayed barcode on a periodic basis, and the scanning device is able to verify if the data within the barcode is correct for that period.2: A system comprising a barcode display device and a barcode scanning device where the display device adds copy-protection data or modifies the existing data inside the displayed barcode on a continuous basis, and the scanning device is able to verify if the data within the barcode is correct for the instant that the barcode is scanned.3: A system according to any of the previous claims where the scanning device allows a margin of error between the clock time or counter being used on the display device to create the periodic or continuously modified data and the clock time or counter on the scanning device.4: A system according to any of the previous claims where the scanning device requires several barcodes to be shown with the correct copy-protection data or periodic modification before accepting the barcode or display device as authentic.5: A system comprising a barcode display device and a barcode scanning device where the display device adds copy protection data or modifies the data inside the displayed barcode according to input from the user of the display device, and the scanning device is able to verify if the modified data within the barcode is correct for that user.6: A system combining one or more of the previous claims which uses a pseudo random number generator in the creation of the copy protection data, or the modification of the existing barcode payload 7: A system combining one or more of the previous claims which uses cryptographic methods to generate the copy protection data or modify the data within the barcode.8: A system combining one or more of the previous claims which adds a one time pass code (OTP) to the barcode data, including, but not limited to codes generated by the HMAC-Based One-Time Password (HOTP) algorithm.9: A system combining one or more of the previous claims which uses a symmetric encryption algorithm to generate the anti-copying data, or to encrypt the existing barcode payload.10: A system combining one or more of the previous claims which uses an asymmetric encryption system on the display device to either sign or encrypt some or all of the barcode payload data, including but not limited to systems which include a time and date stamp within the encrypted or signed data.11: A system combining one or more of the previous claims in which the barcode display device is a dedicated electronic barcode display device or is an electronic device designed for another primary purpose including but not limited to mobile telephones, personal digital assistants (PDAs), personal media devices, mp3 players, portable video devices, portable game consoles, laptop computers, palmtop computers, digital paper or e-ink devices, digital readers, digital translators and credit cards with integrated screens.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB0823340A GB2467113A (en) | 2008-12-22 | 2008-12-22 | Dynamic barcode display and scanner to defeat barcode copying |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB0823340A GB2467113A (en) | 2008-12-22 | 2008-12-22 | Dynamic barcode display and scanner to defeat barcode copying |
Publications (2)
Publication Number | Publication Date |
---|---|
GB0823340D0 GB0823340D0 (en) | 2009-01-28 |
GB2467113A true GB2467113A (en) | 2010-07-28 |
Family
ID=40344023
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GB0823340A Withdrawn GB2467113A (en) | 2008-12-22 | 2008-12-22 | Dynamic barcode display and scanner to defeat barcode copying |
Country Status (1)
Country | Link |
---|---|
GB (1) | GB2467113A (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2492807A (en) * | 2011-07-13 | 2013-01-16 | Jenton Internat Ltd | Confirming time of transactions by scanning encoded patterns |
WO2013025161A3 (en) * | 2011-08-15 | 2013-04-25 | Scantags Ab | System and method for mobile tags with dynamic content |
EP3032796A1 (en) * | 2014-12-11 | 2016-06-15 | Tatra banka, a. s. | Identification module for two-factor authentication with 2D visual coding |
GB2539546A (en) * | 2015-04-30 | 2016-12-21 | Ibm | Enhanced quick response codes |
CN106570548A (en) * | 2016-10-21 | 2017-04-19 | 金维度信息科技(北京)有限公司 | Multilevel information encryption-based mixed two dimensional code |
WO2017189820A1 (en) * | 2016-04-27 | 2017-11-02 | Cubic Corporation | 4d barcode |
EP3658244A4 (en) * | 2017-07-22 | 2020-10-21 | Niantic, Inc. | Validating a player's real-world location using activity within a parallel reality game |
EP3754579A1 (en) * | 2019-06-18 | 2020-12-23 | Toshiba TEC Kabushiki Kaisha | Barcode generation device and barcode generation method |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1995006371A1 (en) * | 1993-08-26 | 1995-03-02 | At & T Corp. | Authenticator card with changing bar code pattern |
EP1503327A1 (en) * | 2002-04-23 | 2005-02-02 | Nakamura, Norio | Dynamic bar code display apparatus; dynamic bar code generation method; and storage medium generating dynamic bar code |
JP2008269186A (en) * | 2007-04-18 | 2008-11-06 | Oki Electric Ind Co Ltd | Automatic transaction device |
KR100878048B1 (en) * | 2007-04-09 | 2009-01-16 | 장경환 | The door opening and shutting method which uses the cell phone where the fluctuation password bar code is stored |
-
2008
- 2008-12-22 GB GB0823340A patent/GB2467113A/en not_active Withdrawn
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1995006371A1 (en) * | 1993-08-26 | 1995-03-02 | At & T Corp. | Authenticator card with changing bar code pattern |
EP1503327A1 (en) * | 2002-04-23 | 2005-02-02 | Nakamura, Norio | Dynamic bar code display apparatus; dynamic bar code generation method; and storage medium generating dynamic bar code |
KR100878048B1 (en) * | 2007-04-09 | 2009-01-16 | 장경환 | The door opening and shutting method which uses the cell phone where the fluctuation password bar code is stored |
JP2008269186A (en) * | 2007-04-18 | 2008-11-06 | Oki Electric Ind Co Ltd | Automatic transaction device |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2492807A (en) * | 2011-07-13 | 2013-01-16 | Jenton Internat Ltd | Confirming time of transactions by scanning encoded patterns |
WO2013025161A3 (en) * | 2011-08-15 | 2013-04-25 | Scantags Ab | System and method for mobile tags with dynamic content |
US9047544B2 (en) | 2011-08-15 | 2015-06-02 | Scantags Ab | System and method for mobile tags with dynamic content |
EP3032796A1 (en) * | 2014-12-11 | 2016-06-15 | Tatra banka, a. s. | Identification module for two-factor authentication with 2D visual coding |
GB2539546A (en) * | 2015-04-30 | 2016-12-21 | Ibm | Enhanced quick response codes |
GB2539546B (en) * | 2015-04-30 | 2019-02-06 | Ibm | Enhanced quick response codes |
WO2017189820A1 (en) * | 2016-04-27 | 2017-11-02 | Cubic Corporation | 4d barcode |
US9953475B2 (en) | 2016-04-27 | 2018-04-24 | Cubic Corporation | 4D barcode |
CN106570548A (en) * | 2016-10-21 | 2017-04-19 | 金维度信息科技(北京)有限公司 | Multilevel information encryption-based mixed two dimensional code |
CN106570548B (en) * | 2016-10-21 | 2019-02-26 | 金维度信息科技(北京)有限公司 | A kind of mixing two dimensional code based on the encryption of multi-level information |
EP3658244A4 (en) * | 2017-07-22 | 2020-10-21 | Niantic, Inc. | Validating a player's real-world location using activity within a parallel reality game |
US11541315B2 (en) | 2017-07-22 | 2023-01-03 | Niantic, Inc. | Validating a player's real-world location using activity within a parallel-reality game |
EP3754579A1 (en) * | 2019-06-18 | 2020-12-23 | Toshiba TEC Kabushiki Kaisha | Barcode generation device and barcode generation method |
Also Published As
Publication number | Publication date |
---|---|
GB0823340D0 (en) | 2009-01-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
GB2467113A (en) | Dynamic barcode display and scanner to defeat barcode copying | |
US7997503B2 (en) | Visual code transaction verification | |
US20090164796A1 (en) | Anonymous biometric tokens | |
JP3676735B2 (en) | Method and apparatus for mutual authentication of two data processing units | |
US20040215963A1 (en) | Method and apparatus for transffering or receiving data via the internet securely | |
JP2022109467A (en) | Authentication device and authentication system, one-time password generation authentication device and pseudo random number generator, encrypted data decryption system, login system or entrance and exit administration system or unlocking system or access control system | |
CN109889495A (en) | Anti- quantum calculation electronic seal method and system based on multiple unsymmetrical key ponds | |
JP7157864B2 (en) | Authenticator of dynamic passwords generated based on distributed ledger | |
US11335214B2 (en) | Content encryption and in-place decryption using visually encoded ciphertext | |
US8167214B2 (en) | Method and device for visual code transaction verification | |
CN1980127A (en) | Command identifying method and command identifying method | |
JP2023008014A (en) | Biometric authentication device using thermal image | |
CN103971247B (en) | A kind of combined ciphering system for commodity counterfeit prevention | |
Gupta et al. | A model for biometric security using visual cryptography | |
Simkin et al. | Ubic: Bridging the gap between digital cryptography and the physical world | |
GB2515763A (en) | Improvements relating to unpredictable number generation | |
US9491154B2 (en) | Document, method for authenticating a user, in particular for releasing a chip card function, and computer system | |
Joshi | Session passwords using grids and colors for web applications and PDA | |
Sharma et al. | Visual cryptography authentication for data matrix code | |
KR101226319B1 (en) | Identification Authentication method and System therefor | |
Krupp et al. | POSTER: Enhancing Security and Privacy with Google Glass | |
JP2008022189A (en) | Electronic application method using virtual storage medium | |
US20230351923A1 (en) | Content encryption and in-place decryption using visually encoded ciphertext | |
Auletta et al. | Increasing privacy threats in the cyberspace: The case of italian e-passports | |
CN112395592A (en) | Method for guaranteeing safe display of intelligent password equipment and intelligent password equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
732E | Amendments to the register in respect of changes of name or changes affecting rights (sect. 32/1977) |
Free format text: REGISTERED BETWEEN 20160128 AND 20160203 |
|
WAP | Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1) |