Recently there has been a lot of interest in (and related hype about) Apple’s Passbook app. We thought we would share with our current & future customers how to leverage the innovations our codeREADr platform has enabled over the past few years to overcome some of Passbook’s security issues.
‘Keep in mind that Passbook cannot solve the problem of duplicate passes or cases like users forwarding passes via email or capturing screen shots of passes and distributing them to other people. In order to help validate the authenticity of a pass at redemption time, you could consider pushing something to the pass that a human could verify.’ – Apple Developer Portal Sept 2012
Three redemption technologies currently available with codeREADr include the following.
1. Question and Answer with a Scan (barcode) or Tap (NFC). Since 2009 we have offered our customers the ability to ask a series of questions after each scan. Those questions are submitted to our server along with the scanned value and can be posted back to a third party server for redemption. In 2010 we launched conditional Q&A (Questions & Answers) within our Android application and soon thereafter within our iOS application.
This enabled our customers app users to submit a scan, receive back a validity response and then view a series of questions or statements. The app user’s response to these conditional Q&A entries would then be submitted as a second set of validation parameters to be combined with the first set of validation parameters.(i.e. generally the originally scanned barcode value).
With this technology, Passbook developers could build redemption services with secondary validation parameters. For example, they could update the Pass with a code-word or phrase which would then be typed by into the conditional Q&A form or selected as a multiple-choice option and submitted for validation.
2. Two scans within a single submission. In early 2012 we offered our customers the ability to submit a second scan as the response to a question or statement, in addion to the standard manual text form entry or a multiple-choice selection. This essentially allowed our customers to build redemption services which contained two or more barcode scans.
Since conditional Q&A services can be defined either before or after the first scan submission, this would enable a Passbook developer to build a redemption service where they could process the first barcode scan, then update the Passbook Pass with a new barcode (to verify it’s legitimate) and then scan it again. The two barcodes would then be used for redemption and validation.
3. GPS within barcode validation. In early 2012 we offered our customers the ability to submit the GPS coordinates of a scan. While the initial thought was to enable the validation of the scanner, we later realized that it could also be combined with other GPS information to validate the identity of the scanned device.
Here, the GPS coordinates of the codeREADr app could be combined with a GPS coordinate coming from a companion Passbook app, network location or other location system in order to verify the owner of the Pass is the one being scanned.
[* In 2012we also enabled Direct Scan to URL services for scan and other data to be posted directly to a client's server.]