aspose file tools*
The moose likes Programming Diversions and the fly likes how to generate codes for coupons/bonds? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Java 8 in Action this week in the Java 8 forum!
JavaRanch » Java Forums » Other » Programming Diversions
Bookmark "how to generate codes for coupons/bonds?" Watch "how to generate codes for coupons/bonds?" New topic
Author

how to generate codes for coupons/bonds?

Myke Enriq
Ranch Hand

Joined: Feb 13, 2012
Posts: 102
Here is the problem:

Company wants to sell around 10^6 bonds (meaning you pay online 10$ and you get a number(bond) , with that printed bond you go to any shop(that accepts it) and buy 10$ worth of stuff there, for the following 1 year).

Company gives a small discount (you pay 10$ and buy 11$ worth of stuff) plus in one year all prices will rise so you pay now 10$ to buy 12$ worth of stuff a year from now.

The thing is , I must find an algorithm to generate numbers (a bond/voucher is a number from my perspective) that cannot be guessed/faked. These numbers are printed on the voucher as a BAR CODE, people go with it to the store , the seller scans the code bar and must know for sure it is a valid code bar.

In this situation , can anyone please help by telling me:
1) Where can I found documentation about it ?
2) What are the security issues involved here ?
3) Has anyone done this before ? How ?
4) Any books/articles about similar problems ?

Thank you !


Tim Moores
Rancher

Joined: Sep 21, 2011
Posts: 2408
What kind of software is installed at the scanner? Can it do an online lookup, or would that be too time intensive? Would it have a local table of all valid bar codes, or could you install an algorithm there that checks it?

In general I'd think that an encrypted value, or a hashed/digested one would work, each having advantages and drawbacks.
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18168
    
    8

When I buy a concert ticket online and print it at home, I get a piece of paper with a barcode on it. (It comes with a warning that I can only use it once.) At the theatre, the attendant scans the barcode with a handheld device.

This sort of thing sounds like what you're looking for, doesn't it?
Myke Enriq
Ranch Hand

Joined: Feb 13, 2012
Posts: 102
Paul Clapham wrote:When I buy a concert ticket online and print it at home, I get a piece of paper with a barcode on it. (It comes with a warning that I can only use it once.) At the theatre, the attendant scans the barcode with a handheld device.

This sort of thing sounds like what you're looking for, doesn't it?


This is exactely the stuff I am talking about.

However:

- the $ involved is much more than concert tickets

- I do not know much about the handlheld device (it is the common device found in any store) - but I cannot change it much (I hope I can get write some software for it but I do not know its details)

- my company (and my job) depends on it

- theft is absolutely not possible ( more than 0,1% of coupons to be facked = dizaster)

- worst case scenario is when theft happens and someone believes it is the programmer's fault - in my country it means jail for me


I want to read some book/article on what are the security issues here and how to solve them. I figure a lot of security breaches could happen in this scenario (like the worker ina shop can try himslef a ton of bonds(numbers) and so on).

Please help me.



Myke Enriq
Ranch Hand

Joined: Feb 13, 2012
Posts: 102
Also another thing to consider is the ammount 10^6 - 10^7 of bonds(numbers) to be created - it is a pretty big number.
Tim Moores
Rancher

Joined: Sep 21, 2011
Posts: 2408
In that case encryption (as opposed to hashing/digesting) provides an additional layer of verifiability. You'd want to combine the coupon ID and some additional text that you can identify, encrypt that, and then convert it to text that you can create a barcode for.

You'd also want the app (in whichever shape it comes) to authenticate its user, so as to prevent the worker-in-the-factory scenario. You didn't say whether an online online component would be acceptable, but that would sure help. Otherwise all the encryption and authentication stuff would need to happen on the device, where it'd be more vulnerable to tampering by said workers.

I wouldn't consider 10 million coupons to be such a big number (unless maybe you were planning to store them all on the device); why do you think so?
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: how to generate codes for coupons/bonds?
 
Similar Threads
Being asked to sign a BOND
1 year bond
Outsourcing to add 22m US jobs!
Did passing the SCJP exam improve your carrer prospects?
Breaking Bond in [Company A]