GB2467113A - Dynamic barcode display and scanner to defeat barcode copying - Google Patents

Dynamic barcode display and scanner to defeat barcode copying Download PDF

Info

Publication number
GB2467113A
GB2467113A GB0823340A GB0823340A GB2467113A GB 2467113 A GB2467113 A GB 2467113A GB 0823340 A GB0823340 A GB 0823340A GB 0823340 A GB0823340 A GB 0823340A GB 2467113 A GB2467113 A GB 2467113A
Authority
GB
United Kingdom
Prior art keywords
barcode
data
display device
previous
scanning device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB0823340A
Other versions
GB0823340D0 (en
Inventor
Benjamin John Dixon Whitaker
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Masabi Ltd
Original Assignee
Masabi Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Masabi Ltd filed Critical Masabi Ltd
Priority to GB0823340A priority Critical patent/GB2467113A/en
Publication of GB0823340D0 publication Critical patent/GB0823340D0/en
Publication of GB2467113A publication Critical patent/GB2467113A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/06009Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code with optically detectable marking
    • G06K19/06037Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code with optically detectable marking multi-dimensional coding
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K17/00Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/06009Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code with optically detectable marking
    • G06K19/06018Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code with optically detectable marking one-dimensional coding
    • G06K19/06028Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code with optically detectable marking one-dimensional coding using bar codes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/06009Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code with optically detectable marking
    • G06K19/06046Constructional details
    • G06K19/06056Constructional details the marking comprising a further embedded marking, e.g. a 1D bar code with the black bars containing a smaller sized coding
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Abstract

An electronic barcode display device dynamically alters the data within the displayed barcode, either by adding data such as a time or a random number, or by altering portions of the data. The variable part of the data can be verified by a scanning device after reading the displayed barcode. The variable data can be changed on a periodic or continuous basis, or on the basis of input from the user. Cryptographic methods can be used to generate the data to be included in the barcode. The variable data could include a one-time pass (OTP) code. The display device could be a mobile telephone or personal digital assistant (PDA), as well as a range of other personal electronic devices.

Description

Patent: Dynamic barcode display on electronic devices to defeat barcode copying
Description:
Barcodes are used in more applications than ever before, including tickets and vouchers, or as identification. The weakness of barcodes is that through their design so as to be easy to read from a multitude of automated systems, they are easy to copy and reproduce.
The system proposed makes use of the fact that some new barcode systems display the barcode on a electronic device, and therefore can use the capabilities of the device to dynamically alter the barcode on a continuous or periodic basis, so that any copy or snapshot of the barcode taken by an attacker will not be accepted as a valid barcode when presented to the scanning system.
There are several methods to dynamically alter the barcode data, ranging from simply placing the current date and time into the barcode data, to putting in a time synchronised one time password into the barcode, which is generated cryptographically in a manner similar to the codes generated by the two-factor authentication tokens in common use for internet security in corporations and some banks.
In all cases the dynamic data being inserted into the barcode by the barcode display device must be meaningful to the scanning device, which would use the authenticity of the dynamic data to verify the authenticity of the rest of the barcode. In the case of simply inserting the time into the barcode data, the scanner could check that the time shown by the barcode would be within a small allowable error of the current time on the scanner. Tn the case of a one-time-password being shown in the barcode, the token seed and algorithm used to cryptographically create the password would have to be known to the scanner or authentication service connected to the scanner to check the validity of the code, in a similar way to authenticating two factor log-in processes in banking and corporate log-in.
A simple example of an Aztec format barcode with the payload data "100" inside it could have the date and time appended to the code on a continuous basis to prove that the barcode image was not a static photocopy or photograph, so the final barcode would contain the data "100 2008/12/0 1 14:25:22" See drawings la, ib, ic and id for the example barcode shown with just the data, and then with data and timestamp from 14:25:20 and for the next two seconds, showing the changes to the barcode that would be displayed at each of those times The problem with this simple system is that an attacker that knew about barcode generation could simply replicate an updated time stamp on his copied barcode.
A better implementation would be a system that took the time and date or a counter, then applied to that a cryptographic algorithm seeded with a secret value, shared between the authorised display device and the authorised scanners in advance, and then used that value to create a periodically changing one time code that was inserted into the barcode, in a similar way to one time password (OTP) generating tokens, such as tokens built using the HMAC-Based One-Time Password (HOTP) algorithm. The authorised scanning device would also know the time and the correct secret seed, so would be able to generate a matching authentication code to compare against the value shown in the barcode to determine if the display device was genuine.
The benefit of this more complex cryptographic system is that with the correct choice of cryptographic algorithm the sequence of numbers generated appears random, and even if a very large number of numbers in the sequence were observed by an attacker, the attacker would not be able to guess what the future values would be, and therefore would not be able to copy the barcode and generate valid authentication data to add to the copied barcode. Examples of three barcodes protected by a one-time password (OTP) system are shown in drawings 2a, 2b and 2c with the one time codes appended to their standard data payloads as follows: 7939622, 0355045, 8723252. The scanner would also generate the same one time code sequence, and compare it's code sequence with those displayed in the barcode, Patent: Dynamic barcode display on electronic devices to defeat barcode copying and only accept barcodes displaying the correct code, or a code that would have been correct within an acceptable time tolerance.
Tt would also be possible for the scanner to check several displayed barcodes in sequence, and only accept a device that displayed multiple codes correctly, especially if the period between changes was short.
In an extended application of the dynamic barcode protection, the periodic or cryptographically generated code used to prove authenticity could also be used to encrypt the rest of the barcode payload data, so that rogue scanners would not be able to interpret the barcode data unless they were also aware of the appropriate secret seed.
An even more complex system with stronger user authentication could use asymmetric encryption (also known as public and private key cryptography) on the display device to cryptographically sign the barcode data and include within that data the time of the signature, creating the signature with a private key held on the electronic display device. The scanning device can then decode the barcode data with the appropriate public key held on the scanner or authentication system to verify that the display device generated the barcode with the correct private key.

Claims (1)

  1. Patent: Dynamic barcode display on electronic devices to defeat barcode copying Claims: 1: A system comprising a barcode display device and a barcode scanning device where the display device adds copy-protection data or modifies the existing data inside the displayed barcode on a periodic basis, and the scanning device is able to verify if the data within the barcode is correct for that period.
    2: A system comprising a barcode display device and a barcode scanning device where the display device adds copy-protection data or modifies the existing data inside the displayed barcode on a continuous basis, and the scanning device is able to verify if the data within the barcode is correct for the instant that the barcode is scanned.
    3: A system according to any of the previous claims where the scanning device allows a margin of error between the clock time or counter being used on the display device to create the periodic or continuously modified data and the clock time or counter on the scanning device.
    4: A system according to any of the previous claims where the scanning device requires several barcodes to be shown with the correct copy-protection data or periodic modification before accepting the barcode or display device as authentic.
    5: A system comprising a barcode display device and a barcode scanning device where the display device adds copy protection data or modifies the data inside the displayed barcode according to input from the user of the display device, and the scanning device is able to verify if the modified data within the barcode is correct for that user.
    6: A system combining one or more of the previous claims which uses a pseudo random number generator in the creation of the copy protection data, or the modification of the existing barcode payload 7: A system combining one or more of the previous claims which uses cryptographic methods to generate the copy protection data or modify the data within the barcode.8: A system combining one or more of the previous claims which adds a one time pass code (OTP) to the barcode data, including, but not limited to codes generated by the HMAC-Based One-Time Password (HOTP) algorithm.9: A system combining one or more of the previous claims which uses a symmetric encryption algorithm to generate the anti-copying data, or to encrypt the existing barcode payload.10: A system combining one or more of the previous claims which uses an asymmetric encryption system on the display device to either sign or encrypt some or all of the barcode payload data, including but not limited to systems which include a time and date stamp within the encrypted or signed data.11: A system combining one or more of the previous claims in which the barcode display device is a dedicated electronic barcode display device or is an electronic device designed for another primary purpose including but not limited to mobile telephones, personal digital assistants (PDAs), personal media devices, mp3 players, portable video devices, portable game consoles, laptop computers, palmtop computers, digital paper or e-ink devices, digital readers, digital translators and credit cards with integrated screens.
GB0823340A 2008-12-22 2008-12-22 Dynamic barcode display and scanner to defeat barcode copying Withdrawn GB2467113A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB0823340A GB2467113A (en) 2008-12-22 2008-12-22 Dynamic barcode display and scanner to defeat barcode copying

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB0823340A GB2467113A (en) 2008-12-22 2008-12-22 Dynamic barcode display and scanner to defeat barcode copying

Publications (2)

Publication Number Publication Date
GB0823340D0 GB0823340D0 (en) 2009-01-28
GB2467113A true GB2467113A (en) 2010-07-28

Family

ID=40344023

Family Applications (1)

Application Number Title Priority Date Filing Date
GB0823340A Withdrawn GB2467113A (en) 2008-12-22 2008-12-22 Dynamic barcode display and scanner to defeat barcode copying

Country Status (1)

Country Link
GB (1) GB2467113A (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2492807A (en) * 2011-07-13 2013-01-16 Jenton Internat Ltd Confirming time of transactions by scanning encoded patterns
WO2013025161A3 (en) * 2011-08-15 2013-04-25 Scantags Ab System and method for mobile tags with dynamic content
EP3032796A1 (en) * 2014-12-11 2016-06-15 Tatra banka, a. s. Identification module for two-factor authentication with 2D visual coding
GB2539546A (en) * 2015-04-30 2016-12-21 Ibm Enhanced quick response codes
CN106570548A (en) * 2016-10-21 2017-04-19 金维度信息科技(北京)有限公司 Multilevel information encryption-based mixed two dimensional code
WO2017189820A1 (en) * 2016-04-27 2017-11-02 Cubic Corporation 4d barcode
EP3658244A4 (en) * 2017-07-22 2020-10-21 Niantic, Inc. Validating a player's real-world location using activity within a parallel reality game
EP3754579A1 (en) * 2019-06-18 2020-12-23 Toshiba TEC Kabushiki Kaisha Barcode generation device and barcode generation method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1995006371A1 (en) * 1993-08-26 1995-03-02 At & T Corp. Authenticator card with changing bar code pattern
EP1503327A1 (en) * 2002-04-23 2005-02-02 Nakamura, Norio Dynamic bar code display apparatus; dynamic bar code generation method; and storage medium generating dynamic bar code
JP2008269186A (en) * 2007-04-18 2008-11-06 Oki Electric Ind Co Ltd Automatic transaction device
KR100878048B1 (en) * 2007-04-09 2009-01-16 장경환 The door opening and shutting method which uses the cell phone where the fluctuation password bar code is stored

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1995006371A1 (en) * 1993-08-26 1995-03-02 At & T Corp. Authenticator card with changing bar code pattern
EP1503327A1 (en) * 2002-04-23 2005-02-02 Nakamura, Norio Dynamic bar code display apparatus; dynamic bar code generation method; and storage medium generating dynamic bar code
KR100878048B1 (en) * 2007-04-09 2009-01-16 장경환 The door opening and shutting method which uses the cell phone where the fluctuation password bar code is stored
JP2008269186A (en) * 2007-04-18 2008-11-06 Oki Electric Ind Co Ltd Automatic transaction device

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2492807A (en) * 2011-07-13 2013-01-16 Jenton Internat Ltd Confirming time of transactions by scanning encoded patterns
WO2013025161A3 (en) * 2011-08-15 2013-04-25 Scantags Ab System and method for mobile tags with dynamic content
US9047544B2 (en) 2011-08-15 2015-06-02 Scantags Ab System and method for mobile tags with dynamic content
EP3032796A1 (en) * 2014-12-11 2016-06-15 Tatra banka, a. s. Identification module for two-factor authentication with 2D visual coding
GB2539546A (en) * 2015-04-30 2016-12-21 Ibm Enhanced quick response codes
GB2539546B (en) * 2015-04-30 2019-02-06 Ibm Enhanced quick response codes
WO2017189820A1 (en) * 2016-04-27 2017-11-02 Cubic Corporation 4d barcode
US9953475B2 (en) 2016-04-27 2018-04-24 Cubic Corporation 4D barcode
CN106570548A (en) * 2016-10-21 2017-04-19 金维度信息科技(北京)有限公司 Multilevel information encryption-based mixed two dimensional code
CN106570548B (en) * 2016-10-21 2019-02-26 金维度信息科技(北京)有限公司 A kind of mixing two dimensional code based on the encryption of multi-level information
EP3658244A4 (en) * 2017-07-22 2020-10-21 Niantic, Inc. Validating a player's real-world location using activity within a parallel reality game
US11541315B2 (en) 2017-07-22 2023-01-03 Niantic, Inc. Validating a player's real-world location using activity within a parallel-reality game
EP3754579A1 (en) * 2019-06-18 2020-12-23 Toshiba TEC Kabushiki Kaisha Barcode generation device and barcode generation method

Also Published As

Publication number Publication date
GB0823340D0 (en) 2009-01-28

Similar Documents

Publication Publication Date Title
GB2467113A (en) Dynamic barcode display and scanner to defeat barcode copying
US7997503B2 (en) Visual code transaction verification
US20090164796A1 (en) Anonymous biometric tokens
JP3676735B2 (en) Method and apparatus for mutual authentication of two data processing units
US20040215963A1 (en) Method and apparatus for transffering or receiving data via the internet securely
JP2022109467A (en) Authentication device and authentication system, one-time password generation authentication device and pseudo random number generator, encrypted data decryption system, login system or entrance and exit administration system or unlocking system or access control system
CN109889495A (en) Anti- quantum calculation electronic seal method and system based on multiple unsymmetrical key ponds
JP7157864B2 (en) Authenticator of dynamic passwords generated based on distributed ledger
US11335214B2 (en) Content encryption and in-place decryption using visually encoded ciphertext
US8167214B2 (en) Method and device for visual code transaction verification
CN1980127A (en) Command identifying method and command identifying method
JP2023008014A (en) Biometric authentication device using thermal image
CN103971247B (en) A kind of combined ciphering system for commodity counterfeit prevention
Gupta et al. A model for biometric security using visual cryptography
Simkin et al. Ubic: Bridging the gap between digital cryptography and the physical world
GB2515763A (en) Improvements relating to unpredictable number generation
US9491154B2 (en) Document, method for authenticating a user, in particular for releasing a chip card function, and computer system
Joshi Session passwords using grids and colors for web applications and PDA
Sharma et al. Visual cryptography authentication for data matrix code
KR101226319B1 (en) Identification Authentication method and System therefor
Krupp et al. POSTER: Enhancing Security and Privacy with Google Glass
JP2008022189A (en) Electronic application method using virtual storage medium
US20230351923A1 (en) Content encryption and in-place decryption using visually encoded ciphertext
Auletta et al. Increasing privacy threats in the cyberspace: The case of italian e-passports
CN112395592A (en) Method for guaranteeing safe display of intelligent password equipment and intelligent password equipment

Legal Events

Date Code Title Description
732E Amendments to the register in respect of changes of name or changes affecting rights (sect. 32/1977)

Free format text: REGISTERED BETWEEN 20160128 AND 20160203

WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)