Win a copy of Five Lines of Code this week in the OO, Patterns, UML and Refactoring forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Liutauras Vilda
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • fred rosenberger
  • salvin francis
Bartenders:
  • Piet Souris
  • Frits Walraven
  • Carey Brown

how to generate codes for coupons/bonds?

 
Ranch Hand
Posts: 115
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Here is the problem:

Company wants to sell around 10^6 bonds (meaning you pay online 10$ and you get a number(bond) , with that printed bond you go to any shop(that accepts it) and buy 10$ worth of stuff there, for the following 1 year).

Company gives a small discount (you pay 10$ and buy 11$ worth of stuff) plus in one year all prices will rise so you pay now 10$ to buy 12$ worth of stuff a year from now.

The thing is , I must find an algorithm to generate numbers (a bond/voucher is a number from my perspective) that cannot be guessed/faked. These numbers are printed on the voucher as a BAR CODE, people go with it to the store , the seller scans the code bar and must know for sure it is a valid code bar.

In this situation , can anyone please help by telling me:
1) Where can I found documentation about it ?
2) What are the security issues involved here ?
3) Has anyone done this before ? How ?
4) Any books/articles about similar problems ?

Thank you !


 
Saloon Keeper
Posts: 6507
158
Android Mac OS X Firefox Browser VI Editor Tomcat Server Safari
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What kind of software is installed at the scanner? Can it do an online lookup, or would that be too time intensive? Would it have a local table of all valid bar codes, or could you install an algorithm there that checks it?

In general I'd think that an encrypted value, or a hashed/digested one would work, each having advantages and drawbacks.
 
Marshal
Posts: 25669
69
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
When I buy a concert ticket online and print it at home, I get a piece of paper with a barcode on it. (It comes with a warning that I can only use it once.) At the theatre, the attendant scans the barcode with a handheld device.

This sort of thing sounds like what you're looking for, doesn't it?
 
Myke Enriq
Ranch Hand
Posts: 115
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Paul Clapham wrote:When I buy a concert ticket online and print it at home, I get a piece of paper with a barcode on it. (It comes with a warning that I can only use it once.) At the theatre, the attendant scans the barcode with a handheld device.

This sort of thing sounds like what you're looking for, doesn't it?



This is exactely the stuff I am talking about.

However:

- the $ involved is much more than concert tickets

- I do not know much about the handlheld device (it is the common device found in any store) - but I cannot change it much (I hope I can get write some software for it but I do not know its details)

- my company (and my job) depends on it

- theft is absolutely not possible ( more than 0,1% of coupons to be facked = dizaster)

- worst case scenario is when theft happens and someone believes it is the programmer's fault - in my country it means jail for me


I want to read some book/article on what are the security issues here and how to solve them. I figure a lot of security breaches could happen in this scenario (like the worker ina shop can try himslef a ton of bonds(numbers) and so on).

Please help me.



 
Myke Enriq
Ranch Hand
Posts: 115
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Also another thing to consider is the ammount 10^6 - 10^7 of bonds(numbers) to be created - it is a pretty big number.
 
Tim Moores
Saloon Keeper
Posts: 6507
158
Android Mac OS X Firefox Browser VI Editor Tomcat Server Safari
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In that case encryption (as opposed to hashing/digesting) provides an additional layer of verifiability. You'd want to combine the coupon ID and some additional text that you can identify, encrypt that, and then convert it to text that you can create a barcode for.

You'd also want the app (in whichever shape it comes) to authenticate its user, so as to prevent the worker-in-the-factory scenario. You didn't say whether an online online component would be acceptable, but that would sure help. Otherwise all the encryption and authentication stuff would need to happen on the device, where it'd be more vulnerable to tampering by said workers.

I wouldn't consider 10 million coupons to be such a big number (unless maybe you were planning to store them all on the device); why do you think so?
 
I am not a spy. Definitely. Definitely not a spy. Not me. No way. But this tiny ad ...
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
    Bookmark Topic Watch Topic
  • New Topic