Barcode Reader & Real-Time Web Services

The security team at codeREADr immediately assesed April 7th’s disclosure of CVE-2014-0160, also known as Heartbleed. As you may know, this is a critical vulnerability in OpenSSL which can compromise the secret keys used for SSL encryption.

Although we use OpenSSL and were potentially vulnerable, we have not discovered or been informed of any intrusions or unauthorized use of our systems.

After an immediate patch to our OpenSSL libraries on April 8th at 5:00 am EST (GMT -4:00), we then implemented the remaining precautions to ensure security. As of April 11th at 9:00 am EST (GMT -4:00) all of the necessary steps have been completed to remove this vulnerability.

* We  patched  all OpenSSL libraries on all servers.
* We renewed our SSL certificate and reset internal passwords.
* codeREADr leverages Amazon Elastic Load Balancing infrastructure. This was patched by Amazon.

You can check our vulnerability here: http://filippo.io/Heartbleed/#codereadr.com:443

Should you want to change your codeREADr API key, please look here: https://www.codereadr.com/account/api

[Important: If you have integrated your services with codeREADr's API, then before you change your API key you should coordinate with your developer.]

Should you want to change your account’s password, please look here:  https://www.codereadr.com/account/settings/
[App User passwords do not need to be changed.]

For more information on Heartbleed vulnerability, please look here: http://heartbleed.com/. If you need further information please feel free to contact us at any time: support [at] codereadr [dot] com.

Rich Eicher Sr.
The codeREADr Team

Dual-Function QR Code Demo (see below for instructions).

Dual-Function QR Code Demo (click to enlarge, see below for instructions).

QR codes printed on coupons, vouchers, tickets, IDs, product labels and equipment tags normally have a single function – typically engagement or validation. If for engagement, a consumer would scan the code. If for validating a transaction or tracking assets, a merchant, venue or field service person would scan it.

What’s a ‘dual-function’ QR code?

It’s a single QR code enabling standard, consumer barcode scanning apps to open Web pages triggered by a scan, while also allowing merchants, venues and businesses to scan the same code with an enterprise app to validate and track its use.

Embedded in the code is a unique, variable transaction ID appended to a URL. When scanned by a consumer, the URL points to a Web page, ideally one optimized for viewing on a mobile device. However, when the same code is scanned by the enterprise app, the code’s ID is captured, validated and stored as a formal scan record.

URL Engagement

For consumer engagement these URLs would point to Websites or Web pages, optionally with links to download an app or Passbook Pass, initiate a purchase or subscribe to messaging campaigns. For field service applications, depending on the URL’s structure, a scan would present contact info and generic information about the asset or its owner, or optionally it could present an item-level service manual, warranty status and other asset-specific information.

ID Validation

For tracking and validation, the codeREADr app captures just the ID from the URL and checks it against a database of valid IDs stored locally on the handset or on a server.

To do this, the codeREADr team built a special feature called ‘Alter Scan’. The feature uses custom, predefined scripts to parse the captured ID from the URL based on its format. With each scan, the ID is validated and additional data is collected, optionally including time, date, location, voice and textual entry and photo capture.

Need a script? Please don’t hesitate to contact codeREADr support.

Field Deployments

A regional tourist organization is currently deploying alter-scan technology for visitor passes. They distribute a dual-function QR code printed on the pass to each visitor. Embedded in the code is a URL for the visitor to scan to get pass details, including special offers and their corresponding terms. Also embedded in the code is a unique ID which can be validated by participating merchants using the codeREADr app and the results can be tracked in real-time by the tourist organization.

In this way the tourist organization can evaluate the effectiveness of their programs and the relative success of each offer.

For details on this and other deployments, please contact Rich Eicher Sr. directly:  richsr [at] codereadr [dot] com

Simple Demo

To test a dual-function code, use the QR codes in the image below. Download a free consumer barcode scanning app and scan both the URL and URL + ID codes. You’ll see that for both codes the consumer app points to a simple mobile Web page for demo purposes.

Then download the codeREADr app, sign in with username temp and password demo and scan both the ID and URL + ID codes. You’ll see that for both codes the codeREADr app will validate the embedded ID ‘A-123′.

The take-away is that the dual-function code supports the functionality of both the URL and ID codes in a single code.

How to Create Dual Function QR Codes and Alter-Scan Scripts

For detailed information please visit the codeREADr Knowledgebase here.

codeREADr for iOS and Android Captures IDs, Form Data and Visual Records both Online and Offline to Enable the Precise Tracking of Assets

Image

Today we announced adding the ability for auditors and field service workers to photograph tracked assets for inclusion within formal, electronic scan records.  This new feature aims to help enterprises authenticate field data using visual proof of the asset’s condition at a specific time, date and location.

The codeREADr app user is prompted to scan an asset’s barcode and then take photos and enter form data via manual entry, voice-to-text, additional scans, multiple choice and drop-down menus. These scan records are posted in real time to codeREADr’s servers or directly to a client’s cloud-based or local server. If connectivity is unavailable or unstable, scan records are stored on the iOS or Android device for syncing when connectivity is restored.  

Our clients requested the photo capture feature to more precisely collect and formally document the condition of assets and the situations surrounding those assets. This helps reduce data collection errors and, in some cases, fraud.  

The benefits of photo capture include:

  • Providing proof for shippers or recipients as to the condition of assets prior to shipment
  • Providing proof that rented facilities or equipment were in good condition before/after rental
  • Recording an asset’s appearance for insurance and valuation purposes
  • Recording the improper or non-compliant storage, display or use of assets
  • Capturing images of equipment with unreadable barcodes or no barcodes at all

A ‘scan record’ does not have to be initiated with scanning barcodes or reading RFID/NFC asset tags. The app also allows users to simply enter an ID via text or voice or to use the app’s lookup option for quickly finding the name, description or ID of an asset, person or object to initiate a scan record.

 

Innovative Access Control – Social, Local and Secure 

One of the 50+ technology companies deploying the codeREADr app for event access control sent us some interesting pictures and videos from a recent event. The company, INZONE (Montevideo, Uruguay), offers innovative ticketing and access control services to venues, event organizers and promoters. You can see the video above – watch how fast they validate tickets!

Social

After validating a member’s ID with the codeREADr app, their ‘Social Connect’ feature posts a welcome message on the guest’s Facebook profile, generates a Tweet and post pictures on the event organizer’s Facebook page. Their ‘Welcome Faces’ option sends the guest’s picture to interactive in-venue digital signage so everyone knows they arrived. Their ‘Interactive Draws’ feature surprises guests with multimedia sweepstakes after scanning a guest’s ID.

Local

The ideal way to validate tickets is using an online database with every scan synced in real time. codeREADr’s online validation option enables this with ticket IDs  stored on cloud-based servers. Alternatively, service providers can host their ticket databases on their own servers and use codeREADr’s postback feature for validation.

For some events, however, internet connectivity is non-existent or unstable. For those events service providers can scan offline and validate against the ticket database stored within the app and sync to codeREADr’s online servers periodically during or after the event, depending on when internet connectivity is available.

With codeREADr’s new Direct Scan to URL (DSU) option, service providers now have the option to scan in real-time to their own local servers. The local server receives the scan record directly from the app and the local server immediately posts back the appropriate validation response – valid, invalid and invalid duplicate and any other associated information – directly to the app user.

INZONE offers all three options to their clients: online, offline and local. For an event expecting up to 20,000 attendees, they planned on deploying a local server but needed a way to do pre-event testing with 18 Android tablets simultaneously posting to their servers. The codeREADr dev team wrote a custom script embedded within the codeREADr app to auto-simulated the volume of scans expected at the event. The result? Access control at the event was flawless.

Secure

INZONE uses codeREADr’s scanning feature to capture and read barcodes on printed or mobile tickets, typically QR codes. They also use RFID-reading accessories with codeREADr for validating RFID-embedded tickets and IDs. Since a barcode is a visual media, it’s possible to fake or duplicate. In contrast, RFID data is very difficult to fake or duplicate. INZONE offers this option to client’s needing tighter security, especially for tickets or IDs that are used repeatedly.

For VIP and other member services, INZONE takes it to the next level – they not only post back the validation results but also use codeREADr’s Webify functionality to post a picture of the ticket-holder or member to the attendant. In this way the attendant can verify that the ticket-holder or member is the credential owner.  Where do they get the pictures? One way is having members upload their pictures to the Facebook registration app INZONE creates for their clients.

We congratulate INZONE for their innovation and wish them continued success! For more information about INZONE, please visit their website: www.inzonesoft.com. To sign up for codeREADr, please visit https://codereadr.com. For codeREADr’s Knowledgebase, please visit https://www.codereadr.com/kb/.

#

QR Code for Asset Tracking

QR codes are an excellent choice for labeling assets because they are easily scanned with codeREADr using almost any smartphone, tablet or player (e.g. the iPod Touch).

Recently we tested variable QR labels provided by ImageTek, a custom label printer based in Vermont (USA). They print custom labels at reasonable prices and have a quick turnaround time (see below). 

Based on feedback from many clients, we recommend the QR size be roughly 0.7” to 0.8″ square plus a 0.1″ border which allows almost any camera to quickly scan the QR code, even when off-axis and in dim lighting. Smaller sizes are fine, as are other types of barcode formats, but you may sacrifice scanning speed unless you upgrade to our SD PRO camera scan engine. Read the rest of this entry »

School administrators (or their IT department and third-party service providers) can easily configure how the codeREADr app is deployed to meet their educational and administrative objectives. Whether for higher education or K-12, they can use codeREADr for a variety of applications, ranging from tracking attendance to facility safety. Here’s a current list of some of the more popular applications.

Tracking Participation & Attendance In and Beyond the Classroom

One pioneer was Eastern Michigan University (EMU). They tracked the attendance of student-athletes and two Greek organizations at formal Study Tables programs. [See EMU Case Study.]

The goal was to measure and correlate the program’s effectiveness relative to time attended, and to increase the GPAs of at-risk students. Using codeREADr, EMU was able to verify who attended, what days they attended, what time they checked in and how long they stayed.

The resulting data demonstrated a clear return on investment in their Study Table programs for both at-risk students and the University. The program was credited as a contributing factor for removing the two Greek organizations from academic probation.

Complementing this success, EMU has expanded attendance tracking to other programs, including math lab, tutor appointments, book checkouts and supplemental instruction sessions. Read the rest of this entry »

Image

codeREADr, the enterprise barcode scanning app, now offers the ability for access control teams and security patrols to view the photos of members, students, employees, visitors and contractors as the barcode on their ID is scanned and validated.

As usual, the codeREADr app checks the barcode value against a database of IDs. But now, codeREADr can also present the app user with a photo of the ID holder. If the ID is not in the database, the app user will be prompted that the ID is invalid then be presented with instructions for handling the situation, optionally including a phone number to alert others.

By enabling smartphones and tablets to be used for mission-critical applications, codeREADr aims to lower the bar for broader deployment of the tools necessary to tighten access control and mobile security at venues, on campuses and at places of employment.

Our goal is to allow event organizers, venues and businesses to authenticate IDs more frequently and validate IDs anywhere, whether at the point of entry or anywhere on premises.

Read the rest of this entry »

Follow

Get every new post delivered to your Inbox.

Join 37 other followers