Big News: FounderDating is joining OneVest to build the largest community for entrepreneurs. Details here
Latest Notifications
You have no recent recommendations.
Name
Title
 
MiniBio
FOLLOW
Title
 Followers
FOLLOW TOPIC

Question goes here

1,300 Followers

  • Name
    Entrepreneur
  • Name
    Entrepreneur
  • Name
    Entrepreneur
  • Name
    Entrepreneur
  • Name
    Entrepreneur
  • Name
    Entrepreneur
  • Name
    Entrepreneur
  • Name
    Entrepreneur

How to create encrypted barcode and prevent hacking of it on mobile phone's side ?


I need to push customer authentication data to a mobile phone so that it could authenticate 200 distinct users via unique barcode even if there is no internet. Problem:
1) whatever data is stored on the device it must be impossible hack to create user's authentication barcode itself
2) barcode needs to be fairly small and not very dense so that it could be displayed on the user's phone or printed and still scan reliably by most phone cameras.

Encrypting database doesn't sound too reliable because someone could run some debugger and get decrypted data from memory.
Public key cryptography comes to mind, but how to satisfy both requirement?
PGP level may not be necessary, as long as it would take over $1,000,000 in computer time to create one fake barcode it will work for my purposes.
Any ideas for iOS & Android?

4 Replies

Amir Yasin
2
0
Amir Yasin Advisor
Developer, Architect
I assume you're ok using a QR code in place of a normal bar code, and 2 you aren't shipping your entire database to the phone. I also assume you're doing this to check people into an event or something.

The solution given those criteria is pretty simple.
1. Generate a really long random password (say 160 chars)
2. Split the password into 2 equal parts (80 chars each)
3. Using bcrypt or some other means and this password create a 1 way hash.
4. Put the first half of the password and the 1 way hash on the device you take to check people into the event.
5. Generate a QR code with the other half and have people use that as their ticket.
6. When matching, combine the 2 halves (the one on your checkin device, and the one in the QR code), regen the hash and see if it matches.


Art Yerkes
2
0
Art Yerkes Entrepreneur
Computer Software Professional
You're likely looking for Ed25519, or similar, which provides asymmetric key generating and message signing.

Each person's device would generate a private key and send a public key to the event organizer, then use the private key to sign a message (for example, a 4 digit code put up at the event) and display the bytes of the signed message as a QR code. Your person at the event would need an app with a list of public keys only, not enough to properly sign a message, but enough to validate each signed message.

https://github.com/orlp/ed25519 <-- one implementation of ed25519, although there are a lot floating around
Stas Khirman
0
0
Stas Khirman Entrepreneur • Advisor
SVOD Conference CoChair
One of the challenges is that due requirement of offline functionality, you need to generate "single use" bar code. Otherwise, it will be quite easy to get a screen capture and generate multiple copies. If scancode reading devices don't have online access and you assume simultaneous use of multiple scanners, you may decrease fraud by embedding a timestamp into signed message and require barcode generation at checkpoint. (certainly it not 100% foolproof solution, but minimise fraud in offline mode with multiple simultaneous scanners)
Joanan Hernandez
0
0
Joanan Hernandez Entrepreneur
CEO & Founder at Mollejuo
Answers here are accurate according to the complexity of the given problem (question). I'm curious -though-, if the initial problem needs to be that complex, because if it is, end users will surely be confused on the end solution. It will not be an easy one for end users.

Best of lucks!
Join FounderDating to participate in the discussion
Nothing gets posted to LinkedIn and your information will not be shared.

Just a few more details please.

DO: Start a discussion, share a resource, or ask a question related to entrepreneurship.
DON'T: Post about prohibited topics such as recruiting, cofounder wanted, check out my product
or feedback on the FD site (you can send this to us directly info@founderdating.com).
See the Community Code of Conduct for more details.

Title

Give your question or discussion topic a great title, make it catchy and succinct.

Details

Make sure what you're about to say is specific and relevant - you'll get better responses.

Topics

Tag your discussion so you get more relevant responses.

Question goes here

1,300 Followers

  • Name
    Details
  • Name
    Details
  • Name
    Details
  • Name
    Details
  • Name
    Details
  • Name
    Details
  • Name
    Details
  • Name
    Details
Know someone who should answer this question? Enter their email below
Stay current and follow these discussion topics?