Friday, 8 May 2009

secure QR and QM codes

As evangelists for 2D barcoding outside the world of advertising, one of the questions we're often asked is how to control who can scan a barcode, or check validity. Given anyone can make a barcode and almost every cameraphone can read them, relying on a plaintext QR code for verifying certificates, tickets, etc. or to link to an inspection database can be a problem.

Luckily, the standards for QR codes allow anything to be encoded, and the folks at Quickmark have taught their free scanner software to recognize encryption. So far they're the only people to offer both free scanner and free online generators (click on Quickmark DIY) for encrypted data, but their scanner app is one of the best on the market anyway.

With QR, you (so far) only have the option to encode the entire data block with an alphanumeric password. Scan the code with Quickmark Reader and it'll ask you for that password before showing you what the data is. Other scanners will just show you junk. Some phones may make entering letters a bit more difficult, so for fast access we'd suggest using only numbers in the password.

Why would you want to bother? Well a simple example is to hide information in a barcode that only your staff (maintenance engineers, etc.) can read, as only they know the password. The QR code below is an example - scan it using Quickmark and it'll ask for the password, which in this case is "45678", before revealing the data - in this case a serial number and inspection date.

This is a rather trivial example, but encryption works equally well to hide things like phone numbers, or even combinations for door entry systems. Think about it - the code for the door is painted ON THE DOOR, but only your staff can read it! More functional is when the data in the code is a web address which does something (like posts a new entry to a database on your company server), as it stops some random teenager with a phone from hacking your system.

Quickmark allow the QR to be encrypted or not, but as you're using their software anyway, you can also exploit a really neat extra feature in their own Quickmark barcode pattern - that of partial encryption. Everyone scanning the QM code below will be told the non-encrypted part (in this case an ID badge number). With the password ("76543"), a security guard can also read the encrypted part of the code, which in this case confirms the badge number. As nobody else knows the password, nobody can fake a badge with a different number on it. Think of the possibilities!

Friday, 1 May 2009

ProGuide USAR Operations - errata

It's come to our attention that there is a typo on some copies of ProGuide USAR Operations. Our policy is to highlight any issues, updated procedures and guidance so that owners of ProGuides can keep their copies up to date, either by altering the pages themselves, or obtaining updated inserts.

On page 12, the flowchart should appear as below, noting the highlighted boxes. If in your copy these boxes are reversed, you can either update the page yourself (ProGuide paper can be written on with any permanent marker) or contact us for a replacement sheet. The spiral binding is designed to allow ProGuides to be maintained and updated as required.

If you require a replacement sheet, please contact us or reply to your order confirmation email, specifying your original purchase ID, delivery address and the quantity you require (up to the amount originally ordered).