• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

how to generate codes for coupons/bonds?

 
Ranch Hand
Posts: 115
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Here is the problem:

Company wants to sell around 10^6 bonds (meaning you pay online 10$ and you get a number(bond) , with that printed bond you go to any shop(that accepts it) and buy 10$ worth of stuff there, for the following 1 year).

Company gives a small discount (you pay 10$ and buy 11$ worth of stuff) plus in one year all prices will rise so you pay now 10$ to buy 12$ worth of stuff a year from now.

The thing is , I must find an algorithm to generate numbers (a bond/voucher is a number from my perspective) that cannot be guessed/faked. These numbers are printed on the voucher as a BAR CODE, people go with it to the store , the seller scans the code bar and must know for sure it is a valid code bar.

In this situation , can anyone please help by telling me:
1) Where can I found documentation about it ?
2) What are the security issues involved here ?
3) Has anyone done this before ? How ?
4) Any books/articles about similar problems ?

Thank you !


 
Saloon Keeper
Posts: 7585
176
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What kind of software is installed at the scanner? Can it do an online lookup, or would that be too time intensive? Would it have a local table of all valid bar codes, or could you install an algorithm there that checks it?

In general I'd think that an encrypted value, or a hashed/digested one would work, each having advantages and drawbacks.
 
Marshal
Posts: 28193
95
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
When I buy a concert ticket online and print it at home, I get a piece of paper with a barcode on it. (It comes with a warning that I can only use it once.) At the theatre, the attendant scans the barcode with a handheld device.

This sort of thing sounds like what you're looking for, doesn't it?
 
Myke Enriq
Ranch Hand
Posts: 115
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Paul Clapham wrote:When I buy a concert ticket online and print it at home, I get a piece of paper with a barcode on it. (It comes with a warning that I can only use it once.) At the theatre, the attendant scans the barcode with a handheld device.

This sort of thing sounds like what you're looking for, doesn't it?



This is exactely the stuff I am talking about.

However:

- the $ involved is much more than concert tickets

- I do not know much about the handlheld device (it is the common device found in any store) - but I cannot change it much (I hope I can get write some software for it but I do not know its details)

- my company (and my job) depends on it

- theft is absolutely not possible ( more than 0,1% of coupons to be facked = dizaster)

- worst case scenario is when theft happens and someone believes it is the programmer's fault - in my country it means jail for me


I want to read some book/article on what are the security issues here and how to solve them. I figure a lot of security breaches could happen in this scenario (like the worker ina shop can try himslef a ton of bonds(numbers) and so on).

Please help me.



 
Myke Enriq
Ranch Hand
Posts: 115
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Also another thing to consider is the ammount 10^6 - 10^7 of bonds(numbers) to be created - it is a pretty big number.
 
Tim Moores
Saloon Keeper
Posts: 7585
176
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
In that case encryption (as opposed to hashing/digesting) provides an additional layer of verifiability. You'd want to combine the coupon ID and some additional text that you can identify, encrypt that, and then convert it to text that you can create a barcode for.

You'd also want the app (in whichever shape it comes) to authenticate its user, so as to prevent the worker-in-the-factory scenario. You didn't say whether an online online component would be acceptable, but that would sure help. Otherwise all the encryption and authentication stuff would need to happen on the device, where it'd be more vulnerable to tampering by said workers.

I wouldn't consider 10 million coupons to be such a big number (unless maybe you were planning to store them all on the device); why do you think so?
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic