Are there bar code scanner apps which can scan store receipts so that we can see what purchases that we have made on a particular store? I see that Walmart's mobile app can be used to do so. Is this something store specific or can we do it for all store receipts in general?
Reading the barcodes is usually just a matter of scanning the defined code type.
Translating the results of that scan into anything useful is store-specific and unlikely to be successful. The information in the barcode is almost always a lookup into the store system, not enumerated receipt item data.
Related
First, I want to apologize. I am complete noob in this area and many of my thoughts are probably misleading.
I need to verify that a user of my app is on a specific place in order to be authirized to perform an action. I want to use NFC for this purpose. The user have to put his smartphone by a NFC tag in order to be authorized to perform the action. Easy but I need it to be reasonably hackerproof. It means that the NFC tag must be impossible to clone without physical damage to the plastics around the NFC chip. It also means that the NFC chip must not contain only static data. The NFC chip must contain an app, that can receive some data (cryptographic challenge) and signs them using secure built-in private key (which must be unreadable through NFC interface). When the user wants to perform the action, he will ask server for the challenge, then he lets the chip to sign it, and then he sends the signed challenge back to the server which will verify the signature using known public key. This should be achievable using NFC JavaCard. But do these NFC JavaCards actually exist? I wasn't able to find a company which would be able to produce such NFC tags for me. When I try to explain my requirements to a NFC tags producer he looks like he has never heard of NFC JavaCards. I have tried about 10 producers without luck.
Can a commonly available chip meet my requirements? I mean a chip from the Mifare familly. I suspect that Mifare DESfire might be able to meet my requirements, but I am not sure.
Feel free to respond with an advertisement, because relevant advertisement is exactly what I look for :)
I try to collect some useful facts:
NFC is a very broad term, just finding that on both sides does not ensure interoperability.
Any ISO 14443 (one of the NFC flavours) compliant smart card with crypto functionality should be usable. Note, that a card with native OS may be a viable alternative to a JavaCard, since the functionality to sign a random number is pretty standard.
Any smart phone sporting a NFC chip can address such a card in principle. Unfortunately this is strongly dependent on the OS of the smart phone, for Android the relevant class to use is IsoDep, which gives you the APDU interface. After triggering the "card enters field" event, then the app receives a handle, via which further communication can take place.
Real smart cards can't be cloned, since you are not able to dump them; especially keys can't be read.
Now some things to consider:
Your approach looks unusual, which might become a problem. (To have a portable card somehow fixed to a wall, just to get the location; so you know where somebody is, but not who? While I don't consider cloning to be an issue, you somehow must ensure destruction in case of a theft attempt, which may collide with the distance topic below.)
I don't see, where the server comes into play. If not involved in the authorized action, provision of a random number is not sufficient reason.
Asymmetric key operations have a comparatively high power consumption, and this power has to be supplied via the electric field. This severely limits the distance between card and phone and may even require direct touch. While a power supply of its own would solve the issue in principle, it is not what ISO-14443 was designed for.
Yes JavaCards do exist.
https://github.com/OpenJavaCard/openjavacard-ndef is a project makes these JavaCards to output standard NDEF messages (thought note issue 4 in that there example uses the wrong APDU but that is easily changed)
This project also give a number of cards it is fully working and tested for
ACS ACOSJ - fully working
NXP JCOP J3D040/J3D081/J2E145 etc - fully working
Both ACS and Cardlogic do cards (just google the model numbers)
e.g.
https://www.acs.com.hk/en/products/405/acosj-java-card-combi/
https://www.smartcardfocus.com/shop/ilp/id~707/j3a081-80k/p/index.shtml
The answer a was looking for is not a chip which runs a custom code. Although this might be possible it is definitely not the best way to achieve the target.
I was looking for a solution that enables strong authentication using NFC data. There might be multiple chips that offers this, but probably the most available chip is NTAG 424 DNA TT. It works like this:
The chip has a memory, which is not readable through NFC. Private key is stored there.
The chip has a read counter. It increments everytime the data are read through NFC.
The chip can generate an AES-128 signature of string UID (chip serial number) + counter using the private key in the inaccessible part of the memory.
The chip can dynamicaly inject the data above into a URL that is stored in the readable memory.
So the solution will be like (I am waiting for delivery of NFC tags right now, so I don't know for sure yet):
Read the tag UID (serial number) and the actual counter value (should be 0 on an unused tag)
Generate the key-pair
Load private key to the chip
Load some data (URL, eg: https://my.app/) to the chip
Store UID, public-key, last-counter on the server
Configure the chip to inject UID, counter, signature to the URL stored on the chip
When a client reads the data, they should contain required variables, eg: https://my.app/?counter=1&uid=ff:ff:ff:ff&signature=xyz. Then on the server:
Fetch stored info (public-key, last-counter) using uid as a primary key
verifies the signature
verifies the counter that must be > last-counter
stores counter as the last-counter
successfully authorized
Is anyone able to hack this without reading the hidden memory of the chip which would require physical tampering with the chip?
I am currently implementing a web app with the goal of keeping track of the location of all the packages in a company I am working for. Our plan is to have a barcode for each package and scan that barcode at the different sectors of the company, indicating where they are. The problem is that I have no idea where to start. I've done some research on Google but haven't found much. My main questions are:
How do barcodes work in the first place?
How do you program with barcodes? Is there a specific language I should use? Do I have to buy anything?
How do you read barcodes and enter them in your program and how do you generate them in the first place?
Any hints on how I should proceed with my implementation?
I look forward to hearing back from you as I need to implement this as soon as possible.
This is a pretty broad question, but I'll do my best to answer:
How do barcodes work in the first place?
Essentially, for this type of project, you can think of the barcodes you're going to be implementing as merely serial numbers. If you really want to know how barcodes work, Wikipedia has a pretty good write up - but essentially, at this level, just think of them as a serial number, encoded in such a way that a machine can read it.
In your web app, you'd be taking a number (say, 42) that has no meaning on its own, and associating with a package and a location.
How do you program with barcodes? Is there a specific language I should use? Do I have to buy anything?
You don't really "program" with barcodes per se... Again, it's just a machine readable implementation of some kind of information. In terms of "specific language", just build your web app as you already are, and add, say, an extra integer field. The integer doesn't mean anything on it's own - it's just going to be what's printed in the barcode. In this use case, you don't even have to have a barcode per se - you could just write it on the box! The usefulness of barcodes comes in speed and accuracy of data entry - you'd be having a computer device scan the barcode and type it in instead of a human.
How do you read barcodes and enter them in your program and how do you generate them in the first place?
It doesn't sound like you're at the point where you're doing any kind of machine vision or anything, so the most common entry method would be to buy a basic USB barcode scanner, like a Symbol LS2208. Use the manual that comes with it (or you can download the manual) to configure it as a keyboard emulation device - that way, your user would just select a field in the web app, scan, and the scanner would type out whatever was stored in the barcode (in the example above, the number 42).
As far as generating, depending on your volume, you have lots of options. For low volumes, you can find a generator online and print them out onto Avery label-type sheets using an inkjet or laser printer. You could also find a barcode font and print right from, say, Word, onto a label sheet. For higher volumes, you could purchase specialized software and use a label printer, or you can even write this yourself. Personally, I have a Zebra LP2844 with a network interface, and I wrote some custom PHP to send commands in the printer's native language (EPL2) over a socket to print onto roll labels.
EDIT: You'd probably want to use either Code128 or Code39. These are two different "symbologies" (types of barcode) that are appropriate for what it sounds like you're doing. They're 1-dimensional (like UPC codes and not like QR codes), so a cheap reader can decode them, and they're pretty flexible and VERY common.
Any hints on how I should proceed with my implementation?
Just think of barcodes, the way that it sounds like you want to use them, as arbitrary serial numbers that don't mean anything on their own. For example, doing this sort of box tracking in a previous warehouse environment, we printed THOUSANDS of unique serial numbered barcode labels. Those labels didn't have ANY value until they were attached to a box and a picker started to put stuff into that box. They were just numbers. Just remember to keep them unique.
I'm creating a system that uses NTAG203 tags to identify accounts. The tags are formatted in the following way:
An Android app reads the tag's unique id.
The tag id is sent to a web server.
The web server creates a new account record, create a hash and salt from a combination of the new account id and the tag id and stores the hash and salt with the new account record.
The hash is returned to the Android app which then writes it on the tag.
When the tag is then scanned in future, the hash and tag id is sent to the web server for authentication.
My question is, how easy would it be to duplicate a tag like this? This would involve creating a tag with the same unique id, is this possible or can only NXP create the chips?
Creating or modifying a tag such that it is identical is probably rather hard. However, emulating such a tag is not so hard. Several hardware platforms or schematics for them that can do this can be found on the Internet.
In general, it is not a good idea to make your security depend on the uniqueness of the ID or address of a piece of hardware that was not designed for security.
You could use NDEF record type 'U' well known category type 1 (drop the http:\) or type 2 (drop the https:\) and write protect the tag after a successful write - remember that the OTP also should be set for the NDEF aspect to work else you will have either a TAG DISCOVERED or TECH DISCOVERED (which means either it has content but not NDEF else is an empty tag. Look up the NDEF standards for NFC, which are NOT part of the android framework, but is used by the framework.
Trap the tag ID (NDEF DISCOVERED or TECH DISCOVERED or TAG DISCOVERED) - if NDEF then do the server lookup, else treat as an empty tag - pass the Ident (remember its the 14A not 16A image value!) to the server for lookup, and on return perform a dead drop write (else display a button and let user press with tag present). The encoding and decoding action of the NDEF NFC will be then as per the user phone setting, and automatic by android.
The 'emulation' aspect of a ISO14443 (a,b,c) tag by a device is still in its infancy, but if an Ident is present, has got a lock field and user area that is consistent then it is fairly difficult to duplicate - but add in some obfuscation and it gets interesting. There is a requirement that certain areas cannot be written to, or the lock bits undone, will give you an idea if the tag is being emulated or not. The NTAG201/NTAG203/MIFARE tags are freely available, look on ebay.
I'm pretty much a noob. I've been wondering how mobile barcode readers worked. I've seen several apps on the market that would let you scan a barcode, and then show you corresponding product data.
I was wondering where the product data typically comes from. Is it usually from a built-in database, or do apps tend to connect to a server to access a database?
Thanks for any and all assistance!
Barcode readers/scanners work by using some sort of standard format to communicate data to the device 'reading' the code. There are typically two types of 'barcodes' used today:
The standard Barcode - often referred to as a UPS code
And the QR code - popular for cell-phone apps.
From a developer's standpoint, both work the same way:
A device 'reads' the code, the code is interpreted to represent a set of numbers (typical of the standard Barcode), or numbers and characters (QR code).
The interpreted code is used to seek the related data in a database somewhere - A UPC code would have a database of items referenced with a number (just like the number you would read at the bottom of a UPC label), and a QR code frequently references a URL that can be opened in any web browser.
The information from a barcode comes from the referenced data that the barcode points to - so you don't have to carry around a database of information anytime you want to scan a code - you just have to be able to connect to that source of information.
Hope this helps.
I have a simple USB barcode reader which I intend to use to scan COD 39 barcodes. I know that just scanning the barcode while having a text field on focus will get me the text input of the barcode I'm scanning. However my requirement is a bit different.
I need to create a C# application where upon reading a barcode it will check the read barcode with a list I have to see whether it exists. The problem is I cannot keep a text box on my app in focus all the time as the app does other things as well. Instead what I want is for my program to keep looking for some sort of "event" which will be raised once the bar code scanners scans a code.
So does anyone know if there is such an event which will be raised when the barcode is scanned some code so I can instruct my program to do the rest of the work when the scanners scans a barcode?
Ideally, the scanner would've come with some kind of SDK or library that you could use.
Less ideally, you may have to resort to reading it as if it's a serial port.
Actually, you should probably read the following link instead. as I was looking up how to do that, I ran into a similar post already on StackOverflow with a similar answer.
Reading from an USB barcode scanner