JP2023152031A - Two-dimensional code reading device and non-transitory storage medium storing computer program - Google Patents

Abstract

To provide a technology for preventing a two-dimensional code reading device from making access to a device unintended by an administrator.SOLUTION: A two-dimensional code reading device disclosed in the present specification includes: an imaging unit that images a two-dimensional code; a communication interface; a reading unit that reads information recorded on the two-dimensional code based on a code image representing the two-dimensional code imaged by the imaging unit; a determination unit that in a case where the read information includes an URL indicating a position on the Internet, determines whether or not the information includes predetermined authentication information prepared by an administrator; and an access unit that in a case where it is determined that the read information includes the authentication information, executes access to the position indicated by the URL, and otherwise in a case where it is determined that the read information does not include the authentication information, does not execute access to the position indicated by the URL.SELECTED DRAWING: Figure 3

Description

This specification discloses a technology related to a two-dimensional code reading device that reads information recorded on a two-dimensional code.

Patent Document 1 discloses a two-dimensional code reading device that reads a URL (abbreviation for Uniform Resource Locator) recorded in a two-dimensional code. When accessing an external device using a URL read from a two-dimensional code, the two-dimensional code reading device generates a hash value using at least a part of the URL and a parameter that changes over time. do. Then, the two-dimensional code reading device transmits the hash value to an external device as check data. The external device uses the check data received from the two-dimensional code reading device to determine whether the user of the two-dimensional code reading device is an authorized user.

Japanese Patent Application Publication No. 2014-92831

In the two-dimensional code reading device of Patent Document 1, when a URL is recorded in the two-dimensional code, an external device located at a position indicated by the URL is accessed. It is difficult for the user to check the contents of the two-dimensional code. For example, if the external device is an unmanaged device (for example, a server that cannot be managed by an administrator), there is a possibility that a malicious and unauthorized program is stored in the external device. In this case, if the external device indicated by the URL in the two-dimensional code is accessed, an unauthorized program may be installed in the two-dimensional code reading device. This specification provides a technique for preventing a two-dimensional code reading device from accessing a device not intended by an administrator.

The two-dimensional code reading device disclosed in this specification includes an imaging unit that captures an image of a two-dimensional code, a communication interface, and a code image representing the two-dimensional code captured by the imaging unit. a reading section that reads information recorded on the computer; and when the information that has already been read includes a URL (abbreviation for Uniform Resource Locator) indicating a location on the Internet, the information is provided with predetermined authentication information prepared by an administrator. a determination unit that determines whether the read information includes the authentication information; and an access unit that accesses the location indicated by the URL when it is determined that the read information includes the authentication information; The access unit may also include the access unit, which does not access the location indicated by the URL when determining that the already completed information does not include the authentication information.

The fact that the read information includes authentication information means that the URL recorded together with the authentication information is a URL that can be managed by the administrator. On the other hand, if the read information does not include authentication information, it is presumed that the URL recorded in the two-dimensional code is a URL that is not under the management of the administrator. According to the configuration described above, when it is estimated that the URL recorded in the two-dimensional code is a URL that is not managed by the administrator, access to the location indicated by the URL is not performed. It is possible to prevent the two-dimensional code reading device from accessing a device that is not intended by the administrator.

In the two-dimensional code reading device described above, the determination unit determines that the read information includes the authentication information when the read information includes the authentication information that matches predetermined verification information; If the read information does not include the authentication information that matches the verification information, it may be determined that the read information does not include the authentication information.

According to such a configuration, the two-dimensional code reading device uses predetermined verification information to determine whether the information recorded in the two-dimensional code includes authentication information. Thereby, the two-dimensional code reading device can determine whether the authentication information has been appropriately given by the administrator. Therefore, regardless of the content of the authentication information, security can be improved for a configuration in which the location indicated by the URL recorded with the authentication information is accessed in response to the fact that the read information includes the authentication information. Can be done.

The two-dimensional code reading device described above may further include a first memory that stores the verification information.

For example, a comparative example is assumed in which verification information is acquired using communication with an external server. On the other hand, according to the above configuration, the two-dimensional code reading device only needs to acquire the verification information from the first memory and does not need to communicate with an external server. The processing time can be shortened compared to the comparative example.

In the two-dimensional code reading device described above, the authentication information may be encrypted. In that case, the two-dimensional code reading device may further include a second memory that stores decryption information for decrypting the authentication information.

According to such a configuration, the risk of authentication information being leaked to the outside can be reduced.

The two-dimensional code reading device described above further provides that, when it is determined that the read information does not include the authentication information, the two-dimensional code is different from the two-dimensional code managed by the administrator. It may also be equipped with a notification section to notify the

According to such a configuration, the user can know that the two-dimensional code read by the two-dimensional code reading device may be unintended by the administrator.

The two-dimensional code reading device described above may further include a log information storage unit that stores log information indicating one or more of the URLs read by the reading unit. Furthermore, the log information may be encrypted.

According to such a configuration, after reading the two-dimensional code, it is possible to check the URL read in the past by referring to the log information. Furthermore, by encrypting the log information, it is possible to reduce the risk of the log information being leaked to the outside.

Furthermore, the above-described method for controlling a two-dimensional code reading device, a computer program for the code reading device, and a storage medium for storing the computer program are also new and useful.

A conceptual diagram of an example is shown. A configuration diagram of a two-dimensional code reading device is shown. A flow diagram of processing executed by a control unit is shown.

(Example)
(Configuration of two-dimensional code reading device 10; FIGS. 1 and 2)
The two-dimensional code reading device 10 of this embodiment is a device for reading information recorded in a two-dimensional code. Note that the appearance of the two-dimensional code reading device 10 shown in FIG. 1 is only an example, and for example, the two-dimensional code reading device 10 may have the same appearance as a smartphone. Hereinafter, the two-dimensional code reading device 10 will be simply referred to as "reading device 10."

The reading device 10 includes an operation section 12, a display section 14, a communication interface 16, a camera 18, a control section 20, and a memory 30. Each part 12 to 20 is connected to a bus line (numerals omitted) and fixed to the casing of the reading device 10. In the following, the interface will be referred to as "I/F".

The operation unit 12 includes a plurality of keys. A user can input various instructions to the reading device 10 by operating the operation unit 12 . The display unit 14 is a display for displaying various information. Further, the display unit 14 may function as a touch panel (that is, the operation unit 12) that can accept user operations. The communication I/F 16 is an I/F for communicating with an external device (for example, a server) located on the Internet 6. Camera 18 is a device for capturing an image of an object.

In this embodiment, the reading device 10 is used in a warehouse 100. As shown in FIG. 1, the reading device 10 uses the camera 18 to read the two-dimensional code Q1 written on the label 3d on the lower shelf of the shelf 2 in the warehouse 100 and the label 3u on the upper shelf of the shelf 2. The described two-dimensional code Q2 is imaged. In the two-dimensional code Q1, component information (for example, component type, quantity, storage period, etc.) regarding the component 4d placed on the lower shelf of the shelf 2 is recorded by the warehouse 100 manager. Similarly, in the two-dimensional code Q2, component information regarding the component 4u placed on the upper shelf of the shelf 2 is recorded by the warehouse 100 manager. By capturing images of the two-dimensional codes Q1 and Q2 and decoding the captured two-dimensional codes Q1 and Q2, the parts information recorded in the two-dimensional codes Q1 and Q2 is displayed on the display unit 14 of the reading device 10. .

The control unit 20 of the reading device 10 is a computer having a CPU, and executes various processes according to programs 32 and 34 stored in the memory 30.

The memory 30 is composed of volatile memory, nonvolatile memory, etc., and stores an OS (Operating System) program 32, applications 34, and log information 36. The OS program 32 is a program for realizing the basic operations of the reading device 10. The application 34 is a program for executing communication between the reading device 10 and an external device. Hereinafter, the OS program and the application will be referred to as "OS" and "application", respectively. The application 34 is installed on the reading device 10, for example, from a server (not shown) on the Internet 6 provided by the vendor of the reading device 10.

The OS 32 stores decryption information K1. Although details will be described later, the decryption information K1 is a decryption key (for example, a common key, a public key) for decrypting the authentication information included in the two-dimensional code. By encrypting the authentication information, it is possible to reduce the risk of the authentication information being leaked to the outside. Furthermore, since the OS 32 stores the decryption information K1, the processing time of the OS 32 can be shortened compared to a configuration in which the decryption information K1 is received from an external server. Furthermore, since there is no need to communicate the decryption information K1, the risk of leakage of the decryption information K1 can be reduced. Note that in a modified example, the decoding information K1 may be stored by the application 34.

The application 34 stores verification information C1 and cryptographic information K2. Although details will be described later, the verification information C1 is information for determining whether the authentication information included in the two-dimensional code is legitimate information. The cryptographic information K2 is a cryptographic key (for example, a common key, a secret key) for encrypting the URL that the reading device 10 reads from the two-dimensional code. By storing the collation information C1 and the encryption information K2 by the application 34, the processing time of the application 34 can be shortened compared to a configuration in which each information C1 and K2 is received from an external server. , K2 leakage risk can be reduced. In addition, in a modification, each information C1 and K2 may be stored in the OS 32. The log information 36 indicates a log of one or more URLs that the reading device 10 reads from the two-dimensional code.

As mentioned above, the two-dimensional codes Q1 and Q2 are recorded by the warehouse 100 manager. The manager of the warehouse 100 generates two-dimensional codes Q1 and Q2 by encoding the parts information regarding the parts 4d and 4u. The user of the reading device 10 reads the parts information recorded in the two-dimensional codes Q1, Q2 by capturing images of the two-dimensional codes Q1, Q2 with the camera 18 of the reading device 10.

The two-dimensional code is coded. Therefore, the user cannot know the information recorded in the two-dimensional codes Q1 and Q2 just by looking at the two-dimensional codes Q1 and Q2. For example, if the two-dimensional code Q1 is tampered with by a malicious third party and the tampered two-dimensional code Q1 includes a URL indicating the location of the server 8 containing a malicious program, the reading device 10 reads the two-dimensional code Q1. Then, the location indicated by the URL (that is, the server 8) is accessed via the communication I/F 16. As a result, there is a possibility that an unauthorized program may be installed on the reading device 10 from the server 8.

Further, for example, when transmitting parts information to an external parts management server (not shown), the two-dimensional code Q1 may record a URL indicating the location of the parts management server on the Internet 6 in addition to the parts information. . In this case, the administrator of the warehouse 100 generates the two-dimensional code Q1 by encoding information including authentication information in addition to the parts information and the URL. That is, the two-dimensional code Q1 in which information including authentication information is recorded is a two-dimensional code managed by the administrator of the warehouse 100, and has not been tampered with by a third party. The authentication information is used to determine that the two-dimensional code Q1 is managed by the administrator of the warehouse 100.

For example, the two-dimensional code Q1 is generated as follows. The administrator operates a terminal device (not shown) capable of generating authentication information and a two-dimensional code, and inputs authentication information that is an arbitrary character string. The terminal device encrypts the character string input by the administrator to generate encrypted authentication information. Then, the terminal device generates a two-dimensional code by encoding the encrypted authentication information and other information (for example, the URL of the parts management server). Here, the encrypted authentication information can be decrypted using the decryption information K1.

(Processing executed by the reading device 10; FIG. 3)
With reference to FIG. 3, the processing executed by the control unit 20 of the reading device 10 according to the application 34 will be described. The process shown in FIG. 3 is started when the power of the reading device 10 is turned on as a trigger.

In S2, the control unit 20 activates the camera 18 to capture an image of the two-dimensional code. In S4, the control unit 20 decodes the captured code image representing the two-dimensional code and reads information recorded on the two-dimensional code. In S6, the control unit 20 determines whether the information read in S4 (hereinafter referred to as "read information") includes a URL. Specifically, the control unit 20 determines whether the read information includes a character string starting with "http://". When the control unit 20 determines that the read information does not include a URL (NO in S4), the process proceeds to S20. In S20, the control unit 20 displays the read information (for example, parts information) on the display unit 14, and ends the process of FIG. 3.

On the other hand, if the control unit 20 determines that the read information includes a URL (YES in S6), the process proceeds to S8. In S8, the control unit 20 determines whether the read information includes a character string (hereinafter referred to as a "specific character string") that is presumed to be authentication information. For example, the control unit 20 determines whether a specific character string is written at a position a predetermined number of bits away from a character string starting with "http://". The specific character string has, for example, a predetermined length. When the control unit 20 determines that the read information includes the specific character string (YES in S8), the process proceeds to S10.

In S10, the control unit 20 decodes the specific character string using the decoding information K1 within the OS 32. When the specific character string is successfully decoded, the control unit 20 proceeds to S12. Although not shown, if the control unit 20 fails to decode the specific character string, the control unit 20 proceeds to S30.

In S12, the control unit 20 compares the decrypted authentication information and the verification information C1 in the application 34. If the decrypted authentication information and the verification information C1 match (YES in S12), the control unit 20 proceeds to S14.

In S14, the control unit 20 accesses the location (for example, the location within the parts management server) indicated by the URL included in the read information. For example, the application 34 supplies the OS 32 with a request to start a browser program including the URL. Thereby, the OS 32 accesses the location indicated by the URL. In other examples, the application 34 may have a browser function, and the application 34 may access the location indicated by the URL. When S14 ends, the control unit 20 ends the process of FIG. 3. Although not shown, the read information may be displayed on the display unit 14 even if YES is determined in S12.

Further, if the control unit 20 determines that the read information does not include authentication information (NO in S8), or if the decrypted authentication information and the collation information C1 do not match (NO in S12), Proceed to S30.

In S30, the control unit 20 displays an error message on the display unit 14. The error message indicates that the two-dimensional code imaged in S2 is different from the two-dimensional code managed by the administrator (for example, the two-dimensional code has been tampered with by a third party). This allows the user to know that there is a possibility that the two-dimensional code imaged in S2 is not intended by the administrator.

Next, in S32, the control unit 20 stores the URL included in the read information as log information 36. According to this configuration, after reading the two-dimensional code, it is possible to refer to the log information 36 and confirm the URL read in the past.

Further, the control unit 20 encrypts the log information 36 with the encryption information K2 every time the log information 36 is updated. According to this configuration, by encrypting the log information 36, it is possible to reduce the risk of the log information 36 being leaked to the outside.

Note that in this embodiment, only the URL included in the two-dimensional code that may be unintended by the administrator is stored as the log information 36. Thereby, the capacity of the log information 36 can be reduced compared to a configuration in which URLs included in all read information are stored as the log information 36.

(Effects of this example)
As described above, when the read information includes a URL (YES in S6), the reading device 10 of the present embodiment determines whether the read information includes a specific character string that is presumed to be authentication information. (S8). If the read information does not include the specific character string (NO in S8), the reading device 10 does not access the URL included in the read information. If the read information does not include authentication information, it is presumed that the URL recorded in the two-dimensional code is not under the control of the administrator of the warehouse 100. According to the above-described configuration, when it is estimated that the URL recorded in the two-dimensional code is a URL that is not under the control of the administrator of the warehouse 100, access to the location indicated by the URL is not performed. The reading device 10 can prevent the administrator of the warehouse 100 from accessing an unintended device.

Further, for example, it is assumed that a user brings an advertising medium with a two-dimensional code written into the warehouse 100 and images the two-dimensional code of the advertising medium with a reading device. The two-dimensional code of advertising media is a two-dimensional code that is not managed by the administrator and does not include authentication information. According to the reading device 10 of this embodiment, it is also possible to prevent execution of access to a URL included in a two-dimensional code of an advertising medium that is not under the management of the administrator. Execution of access to URLs unrelated to the work of the warehouse 100 can be prevented.

Further, when the read information includes a specific character string that is presumed to be authentication information (YES in S8), the reading device 10 determines whether or not the specific character string matches the collation information C1 (S12). . Thereby, it can be determined whether the authentication information has been appropriately given by the administrator of the warehouse 100. Therefore, in the comparative example, the reading device 10 accesses the position indicated by the URL recorded together with the specific character string in response to the fact that the read information includes the specific character string, regardless of the content of the specific character string. However, security can be improved. Note that in a modified example, the authentication information may be in other data formats such as binary data instead of the specific character string.

(correspondence)
The camera 18 is an example of an "imaging section." A storage area of the memory 30 that is managed by the application 34 and a storage area of the memory 30 that is managed by the OS 32 are examples of a "first memory" and a "second memory," respectively. The process of S4 is an example of the process executed by the "reading section". The processes in S8 and S12 are examples of processes executed by the "judgment unit". The process in S14 is an example of the process executed by the "access unit". The process of S30 is an example of the process executed by the "notification unit". The process of S32 is an example of the process executed by the "log information storage unit".

Although specific examples of the technology disclosed in this specification have been described above, these are merely examples and do not limit the scope of the claims. The techniques described in the claims include various modifications and changes to the specific examples illustrated above. For example, the following modifications may be adopted.

(Modification 1) The process of S12 in FIG. 3 can be omitted. In this case, for example, when the information included in the two-dimensional code is only a URL, the control unit 20 may determine that the two-dimensional code is different from the two-dimensional code managed by the administrator. In this modification, "verification information" can be omitted.

(Modification 2) The administrator of the warehouse 100 may generate the two-dimensional code Q1 by encoding information including current time information in addition to the parts information and the URL. In that case, if the read information does not include the URL and time information, the control unit 20 may determine that the two-dimensional code is different from the two-dimensional code managed by the administrator. In this modification, time information is an example of "authentication information."

(Modification 3) The application 34 does not need to store the collation information C1. In that case, for example, in S12 of FIG. 3, the control unit 20 may receive the verification information C1 from an external server and compare the received verification information C1 and the authentication information. In this modification, the "first memory" can be omitted.

(Modification 4) Authentication information does not need to be encrypted. In that case, the process of S10 in FIG. 3 can be omitted. In this modification, the "second memory" and "decoding information" can be omitted.

(Modification 5) The process of S30 in FIG. 3 can be omitted. In this modification, the "notification section" can be omitted.

(Variation 6) In S30, the control unit 20 may output an alarm sound or turn on a warning light instead of displaying the error message on the display unit 14. In a further modification, in S30, the control unit 20 may transmit the information included in the read two-dimensional code to an external parts management server via the communication I/F 16. Thereby, it is possible to notify the administrator of the external parts management server that the two-dimensional code of the warehouse 100 is different from the two-dimensional code managed by the administrator. Outputting a warning sound, lighting a warning light, or notifying a parts management server are examples of processes executed by the "notification unit."

(Modification 7) The process of S32 in FIG. 3 can be omitted. The control unit 20 does not need to store the log information 36 indicating the URL. In this modification, "log information" can be omitted. In another modification, if the read information includes a URL (YES in S6), the control unit 20 may store logs of all URLs as the log information 36.

(Modification 8) In S32 of FIG. 3, the control unit 20 does not need to encrypt the log information 36. In that case, the application 34 does not need to store the cryptographic information K2.

(Modification 9) In the embodiment described above, the two-dimensional code is generated by the administrator of the warehouse 100. However, in this modification, the two-dimensional code does not need to be generated by the administrator. That is, the administrator may be any person who can manage the information recorded in the two-dimensional code, and does not need to be the person who generated the two-dimensional code.

The technical elements described in this specification or the drawings exhibit technical utility alone or in various combinations, and are not limited to the combinations described in the claims as filed. Furthermore, the techniques illustrated in this specification or the drawings simultaneously achieve multiple objectives, and achieving one of the objectives has technical utility in itself.

2: Shelves 3d, 3u: Labels 4d, 4u: Parts 6: Internet 8: Server 10: Reading device 12: Operation unit 14: Display unit 16: Communication I/F
18: Camera 20: Control unit 30: Memory 32: OS
34: Application 36: Log information 100: Warehouse C1: Verification information K1: Decryption information K2: Encryption information Q1, Q2: Two-dimensional code

Claims (8)

an imaging unit that images the two-dimensional code;
a communication interface;
a reading unit that reads information recorded on the two-dimensional code based on a code image representing the two-dimensional code captured by the imaging unit;
a determination unit that determines whether or not the information includes predetermined authentication information prepared by an administrator when the read information includes a URL (abbreviation for Uniform Resource Locator) indicating a location on the Internet; ,
an access unit that accesses the location indicated by the URL when it is determined that the read information includes the authentication information,
the access unit that does not access the location indicated by the URL when determining that the read information does not include the authentication information;
A two-dimensional code reading device. The judgment unit is
If the read information includes the authentication information that matches predetermined verification information, determining that the read information includes the authentication information,
determining that the read information does not include the authentication information when the read information does not include the authentication information that matches the verification information;
The two-dimensional code reading device according to claim 1. The two-dimensional code reading device according to claim 2, further comprising a first memory that stores the verification information. The authentication information is encrypted,
The two-dimensional code reading device according to any one of claims 1 to 3, further comprising a second memory that stores decryption information for decoding the authentication information. The two-dimensional code reading device further includes:
Claim: further comprising a notification unit that reports that the two-dimensional code is different from the two-dimensional code managed by the administrator when it is determined that the read information does not include the authentication information. 5. The two-dimensional code reading device according to any one of 1 to 4. The two-dimensional code reading device further comprises a log information storage section that stores log information indicating one or more of the URLs read by the reading section. Two-dimensional code reader. The two-dimensional code reading device according to claim 6, wherein the log information is encrypted. A computer program for a two-dimensional code reading device,
The two-dimensional code reading device includes:
an imaging unit that images the two-dimensional code;
a communication interface;
comprising a computer;
The computer program causes the computer to
a reading unit that reads information recorded on the two-dimensional code based on a code image representing the two-dimensional code captured by the imaging unit;
a determination unit that determines whether or not the information includes predetermined authentication information prepared by an administrator when the read information includes a URL (abbreviation for Uniform Resource Locator) indicating a location on the Internet; ,
an access unit that accesses the location indicated by the URL when it is determined that the read information includes the authentication information,
the access unit that does not access the location indicated by the URL when determining that the read information does not include the authentication information;
A computer program that functions as

Images